Jump to content
NightStalker

[Help] Changing directories using Powershell and Ducky Script

Recommended Posts

Hello all, As part of a script I am writing I am trying to change directories using the find feature of the drive letter and the $SWITCH_POSITION variable. I tried using Set-Location in Powershell but could not get it to work with the variables needed to find the drive letter and the switch position. I came up with the below and it works in Powershell but not in Ducky Script on the Bash Bunny. I am sure it is because I am missing escapes for special characters (possible) but after hours of trying I could not get it to work. I am at the experts mercy here in the Hak5 Forums :)

The payload.txt has:

Q STRING $driveLetter = (gwmi win32_volume -f 'label=''BashBunny''').Name
Q ENTER
Q STRING $absPath = $driveLetter+'payloads\'+$SWITCH_POSITION+'\'
Q ENTER
Q STRING cd $absPath
Q ENTER

If I run in PowerShell it works:

PS C:\Users\NightStalker> $driveLetter = (gwmi win32_volume -f 'label=''BashBunny''').Name
PS C:\Users\NightStalker> $absPath = $driveLetter+'payloads\'+$SWITCH_POSITION+'\'
PS C:\Users\NightStalker> cd $absPath
PS G:\payloads\switch1>

I am open to other suggestions with the same effect. I appreciate the help in advance. On a side note can you pass variables from the payload.txt to other Powershell scripts the payload calls? If so that would solve my issue as well. :)

Thanks, NightStalker

Share this post


Link to post
Share on other sites

Thank you so much, I was able to finally get it after A LOT of trial and error :), I also found I had to enclose the $SWITCH_POSITION in single quotes to make it work correctly.

Q STRING \$driveLetter = \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\'\).Name
Q ENTER
Q STRING \$absPath = \$driveLetter\+\'payloads\\\'\+\'$SWITCH_POSITION\'\+\'\\\'
Q ENTER
Q STRING cd \$absPath

Q STRING \$driveLetter = \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\'\).Name
Q ENTER
Q STRING \$absPath = \$driveLetter\+\'payloads\\\'\+\'$SWITCH_POSITION\'\+\'\\\'
Q ENTER
Q STRING cd \$absPath

Thank you again, NightStalker

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...