DuckyDude Posted July 29, 2015 Share Posted July 29, 2015 Hi there! I'm a fairly new Ducky user (3 months or so) and I'm trying to use it in a Social Engineering engagement. Unfortunately I'm struggling with the firmwares, specifically which one to use and if it's possible to do what I'm trying to do. Objective - have the Ducky run a executable from an externally mounted drive without user intevention. Ideally I'd like the Ducky to run in "twin duck" style mode so I don't have to insert the Ducky AND another USB stick into the victim machines. From what I understand, the "Twin Duck" or "Composite (C_duck.hex)" firmwares should allow the Ducky to work in both "keyboard" and "mass storage device" mode. Now I've found that the S001 firmware requires the user to press a key (CAPSLOCK/SCROLLLOCK/etC) a button to activate the payload. The S002 firmware requires that the user press the Ducky's button to kick off the firmware. Unfortunately my engagement means there will be zero engagement with the Ducky apart from the usb unknowingly plugging it in to the machine in the first place - so they won't be pressing random keys themselves. So my question is: Is there a firmware out there that will let me use the Ducky as BOTH a USB mass storage device AND a HID keyboard, which will mount the USB AND kick off the inject.bin upon insertion without requiring any keys or buttons to be pressed? My only other option is to run the Ducky in 'classic' mode and connect another USB storage device to the victim machine as well...but I'd rather not have to do anymore soldering.. :( Many thanks! Quote Link to comment Share on other sites More sharing options...
phpsystems Posted July 29, 2015 Share Posted July 29, 2015 Hi, So my question is: Is there a firmware out there that will let me use the Ducky as BOTH a USB mass storage device AND a HID keyboard, which will mount the USB AND kick off the inject.bin upon insertion without requiring any keys or buttons to be pressed? Yes, the composite firmware does this. Windows will autodetect the device, linux may require inject.bin to mount the files. There is also discussion in this forum about finding the mounted drive once plugged in (for windows). A quick search should point you in the right direction. Quote Link to comment Share on other sites More sharing options...
shamwow Posted July 30, 2015 Share Posted July 30, 2015 use c_duck_v2.1.hex. it's multi os, has mass storage ability and is faster. Quote Link to comment Share on other sites More sharing options...
DuckyDude Posted July 30, 2015 Author Share Posted July 30, 2015 Thanks both :) I had tried C_duck_v2.1 before but for some reason it's wasn't working. Annoyingly I've had to revert back to the original firmware though, I can't "eject" the USB part of the ducky in composite mode as the HID part of the ducky is still attached to the machine, so I'm going to need a 2nd USB device connected to the victim to get the payload off of and then eject from Windows. Quote Link to comment Share on other sites More sharing options...
shamwow Posted July 31, 2015 Share Posted July 31, 2015 Thanks both :) I had tried C_duck_v2.1 before but for some reason it's wasn't working. Annoyingly I've had to revert back to the original firmware though, I can't "eject" the USB part of the ducky in composite mode as the HID part of the ducky is still attached to the machine, so I'm going to need a 2nd USB device connected to the victim to get the payload off of and then eject from Windows. c_duck_v2.1.hex works for me. Quote Link to comment Share on other sites More sharing options...
ballinhard Posted July 31, 2015 Share Posted July 31, 2015 Where can you find c_duck_v2.1.hex? Quote Link to comment Share on other sites More sharing options...
barry99705 Posted August 1, 2015 Share Posted August 1, 2015 Where can you find c_duck_v2.1.hex? https://github.com/midnitesnake/USB-Rubber-Ducky/tree/master/Firmware/Images Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.