Alleckz Posted January 7, 2015 Posted January 7, 2015 Hello Rubberducky forum! I just got my fist ducky and i love it! Thanks for the great project Darren and the team keep up the great work! I have a question if this is implemented (or if its not implemented I would love if someone implemented it in some way): Is there a way to do "if/else" commands on the rubberducky? let me explain my self. My idé is if you insert your ducky and its going to to run "wallpaper prank" on a victim computer and he/she got a program running on the computer but you want to get to the desktop so you run "GUI d" in the start of the document. That is going to work fine if all the computers you are targeting are running a program on the screen every time you insert the ducky into it. But all the outer machines that you my run the same program against, maybe the user pressed "GUI d" before he left his workstation and if you run the program your going to bring all the programs back and not get the desktop and that is going to mess whit your program. Do you see my problem and my idé of some more automation in the software, because this can be useful in so many ways. One more ide is if you have your script and in the script you have a section for windows, mac and linux and the specific code runs depending on the os. Am just curios if this is possible? Im pretty new to the hole hacking community and not that good at coding anything else then html and css. /Alleckz PS. (sorry if my spelling is not 100% i'm not native American and I did not use google translate today to check because i'm lazy! i'm a SWEDISH! :D) Quote
Mr-Protocol Posted January 8, 2015 Posted January 8, 2015 The rubber ducky is more a launcher. You can have it run a scrip that will do your if/else statements. Dependant on OS, change wallpaper. Windows uses the registry, so have the script download a file or something, then change the registry values with commandline. That way the script exits the terminal, no windows for programs are disturbed, and the result is there. Gummi ducky är mer en bärraket. Du kan ha den köra en ränsel som kommer att göra dina if / else uttalanden. Beroende på OS, ändra bakgrundsbild. Windows använder registret, så har skriptet ladda ner en fil eller något, ändrar registervärdena med command sedan. På så sätt skriptet avslutats terminalen, finns inga fönster för program störs, och resultatet är där. Sorry in advance if this does not translate 100%. Ledsen i förväg om detta inte översätta 100%. Quote
Broti Posted January 9, 2015 Posted January 9, 2015 I'd use a deployed Visual Basic 5 exe if I'm in need of checking kernel dependences like admin rights or internet connectibity (e.g. FTP upload) Quote
Oli Posted January 11, 2015 Posted January 11, 2015 There is a way, but ducky doesn't support it out of the box - I suppose it could with modified firmware but not really with the effort. You can use keyboard lights to set and then check the results of any "questions" that you ask via the script. The script turns off all caps/num/scroll lock lights and then sets them to appropriate values - the duck can then read back those values. This method can be used for (very slowly!) exfiltrating data too. Quote
SPy109 Posted January 13, 2015 Posted January 13, 2015 There is a way, but ducky doesn't support it out of the box - I suppose it could with modified firmware but not really with the effort. You can use keyboard lights to set and then check the results of any "questions" that you ask via the script. The script turns off all caps/num/scroll lock lights and then sets them to appropriate values - the duck can then read back those values. This method can be used for (very slowly!) exfiltrating data too. I would be interested in seeing a simple ducky script example of this method when you get time. Quote
Oli Posted January 13, 2015 Posted January 13, 2015 I use a Peensy based approach using a Teensy: https://www.offensive-security.com/offsec/advanced-teensy-penetration-testing-payloads/ I don't have a duck anymore so no point in me customizing the firmware or augmenting its sub-optimal ducky scripting language :) Quote
SPy109 Posted January 15, 2015 Posted January 15, 2015 Ah that is a pretty interesting device. I will read up on it... Thnx for the info Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.