Jump to content

Run EXE From Ducky


Recommended Posts

Diskpart does not work correctly on machines which are not running as administrator. There are about 2 or 3 different methods of parsing the attached drives on a system, they all should be out there on the website you link to.

REM The highly specific and in my opinion better version. 
for /f %%d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set myd=%%d

REM A simple example of a more brute force approach, will work every time. You need to modify. 
for %%d in (A, B, C) do echo %d:\

You may need to do a little modification, but here is where you start, and provided you look at some of the examples on the ducky payloads page you should be able to hash it out. When learning batch just remember, one % is in the regular command prompt, two %% is in a batch file, ! is used when you reference a variable twice in a specific statement and you have enabled delayed expansion. One technique for not having to get the drive's label is to place a file or folder on the ducky and see if it exists. Just found this today;


Edited by overwraith
Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...