Jump to content

Bash Bunny Ducky Language


irnhax
 Share

Recommended Posts

Hi,

I'm trying to set a UK keyboard layout for ducky scripts using the bash bunny. My "\" is being run as "#" which prevents me from entering Windows dirs, etc.

I've run the payload for "DuckyInstall", which completed successfully and looking at the ducky template, setting the language should be as I have done in my script:

LED G
ATTACKMODE HID

# Set your language here
LANGUAGE='gb'

# Run Ducky Script
LED R B
QUACK switch2/ducky.txt

After this, no change (still seeing "#" instead of "\" in file paths) I connected to the bunny via serial to check the install of 'duckyinstall'. I found the "gb.json" in the following dir:

/root/tools/DuckToolKit/ducktoolkit/languages

I also copied this file to /root/tools/languages - so this dir now contains "us.json" and "gb.json". Tried the script again and no dice. Still getting "#" input instead of "\". 

Any pointers would be appreciated - thanks.

Link to comment
Share on other sites

5 hours ago, elkentaro said:

Cause, if you don't define its a Quack, the script would assume its a generic bash level attack I assume. Where as the SET_LANGUAGE is to a ducky script command to look for the defined keyboard layout.

I think its a bug, which can also be fixed with this pull request on GitHub:

https://github.com/hak5/bashbunny-payloads/pull/39/files

Link to comment
Share on other sites

3 minutes ago, Paulgommard said:

How do you copy your [language].json to tools/languages ?

I'm not sure what you mean with "your [language].json"... languages will be installed by running the DuckyInstall payload...

Link to comment
Share on other sites

Hello.

I have a problem.
My keyboard si ch-fr (Swiss-French), or, the ch.json file is for ch-de (Swiss-Deutch).
The fr.json is also not correct.
0123456789
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
Are ok.
But the specials caracters, not, nothing on screen :(

Link to comment
Share on other sites

  • 1 year later...

Would someone care to explain how I change the language to gb? I performed ducky install, then used the updater to get all of the language files, I then went to my config.txt and set it to "#!/bin/bash #This configuration file is used to set default variables DUCKY_LANG gb". I am trying to run the usb exfiltration payload on switch 2 and it will not even show a loot folder now. From what I have found on this forum switching the keyboard language seems to be it.

Link to comment
Share on other sites

  • 3 years later...
On 3/20/2017 at 11:45 AM, Zurix said:

Hello Zurix,
I'am from switzerland (Fribourg)
I have the same problem especially with the "\" normally written with "AltGr + \"

You found a solution yourself?

 

Link to comment
Share on other sites

Zurix will probably not monitor the forums since the post is almost 5 years old.

You press AltGr together with the key showing "<" and ">" to get the backslash "\", right? In other words, the key close to the left Shift key on the keyboard. The ch.json file seems to map the correct key for backslash specifically (other characters might be wrong though). In what way are you using backslash in your payload?

This will probably work
QUACK STRING "C:\test1\test2\test3\backslash.txt"
This might not
QUACK STRING C:\test1\test2\test3\backslash.txt

If you look at the ch.json file, backslash is defined together with the "<" and ">" chars.

    "<":"00,00,64",
    ">":"02,00,64",
    "\\":"40,00,64",

64 is the key itself and 00, 02 and 40 are the "states" or if a modifier key is used. "00" in position 1 is no modifier key at all. "02" means that the shift key is pressed together with the specific key ("64"). "40" should represent the AltGr key.

This means that if the backslash char is physically mapped to the key mentioned above, a backslash char should be produced when it is used in a payload specified with DUCKY_LANG ch

Any other characters might be wrong since swiss/fr and swiss/de isn't 100% similar. It should be possible to "re-map" the ch.json file to be supporting the french layout though. I have no extended knowledge at all about these specific keyboard layouts, but some Google results seems to show that there aren't that many differences between them (as it seems, just 3 keys that has flipped shift modes for 6 certain chars).

Edited by dark_pyrro
  • Upvote 1
Link to comment
Share on other sites

22 hours ago, dark_pyrro said:

Thanks a lot dark_pyrro for the time spent!

Sorry English is not my language 😬

You press AltGr together with the key showing "<" and ">" to get the backslash "\", right? Yes but the AltGr is the first key on right of SPACE
In other words, the key close to the left Shift key on the keyboard. The ch.json file seems to map the correct key for backslash specifically (other characters might be wrong though). In what way are you using backslash in your payload?

I'm trying with original ReverseBunny Script but the \ { are missing in the result...
The config.txt file is of course on DUCKY_LANG ch
I used the ReverseBunny where it is also registered DUCKY_LANG ch
Instead of launching powershell I put notepad.exe to retrieve the code.
The symbols are missing:
\ = AltGr and the key ><\
{ = AltGr and the key àä{

If you look at the ch.json file, backslash is defined together with the "<" and ">" chars.

    "<":"00,00,64",
    ">":"02,00,64",
    "\\":"40,00,64", Why two \\.... I wil try with only one \

I also tried to modify the ch.json (without resluts) because there is precisely the symbol \ which is weird :  "\"":"05,00,1f",If
Why does it appear in red in mousepad and not the others ????

I find a solution, I'll share it here! Otherwise I eat my bashbunny!

 

Link to comment
Share on other sites

26 minutes ago, Yvan said:

"\\":"40,00,64", Why two \\.... I wil try with only one \

It's most likely because the backslash needs to be escaped since it's a special character, it should be 2 following each other

26 minutes ago, Yvan said:

I also tried to modify the ch.json (without resluts) because there is precisely the symbol \ which is weird :  "\"":"05,00,1f",If

If you look closer, that line does not represent the backslash char. It's the quote char (") that is escaped by the backslash. First a " then a \ to escape the coming " char, then a " again, in other words:
" (leading quote char) + \ (to escape the upcoming actual quote char) + " (the actual char to process) + " (the trailing quote to close it all up)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...