Jump to content

Trouble with key combo


bg-wa

Recommended Posts

I'm having trouble getting the following the key combo to work:

Left SHIFT + Left ALT + NUMLOCK

If I press these keys manually at the end of my payload I have mouse control with the keyboard on windows...

https://github.com/bg-wa/bashbunny-payloads/blob/windows_mouse_control/payloads/library/windows_mouse_control/payload.txt

I have tried the commands in different orders, and the ALT-SHIFT variation.

Edited by bg-wa
Link to comment
Share on other sites

What I would do to debug it is this:

Remove the hidden window style so you can see what is going on, and remove the ErrorAction SilentlyContinue parameters as well so you can see the actual error that is happening. It could be you mistyped one of the strings or it could be you aren't accessing the right Control Panel area. Could be anything.

Just allow yourself to see any errors and make sure it is all working first before you hide everything.

Link to comment
Share on other sites

Hi Dave, I've checked the registry entries and all edits are successfully being changed.  Just this one key combo is not being sent correctly.

For PR simplicity, I've removed my debugging helpers but I know the script succeeds at all points ACCEPT sending the above key combo.

https://github.com/bg-wa/bashbunny-payloads/blob/develop/payloads/library/bunny_debug_helpers.sh

Link to comment
Share on other sites

I wonder if you can execute two QUACKs one after the other and still register them as one combo?

E.g.

QUACK ALT
QUACK SHIFT NUMLOCK

Also, do you know if NUMLOCK is the correct term?

Another thing as well, maybe try quoting the whole 3 terms, because it might not like all 3.

Link to comment
Share on other sites

45 minutes ago, bg-wa said:

Got it form here:

wondering if I need to add another command to my json file....  Should that process be scripted or submitted in a PR?

@elkentaro any insight?

I'll have to look into it. The key would be to find out the byte array written to the /dev/hidg0 ,  in the ducky.py script . I'll take a look after I get done with some job-work. Although I suspect that if you add ["ALT-SHIFT-NUMLOCK " :"06,00,53"] to your language.json file it might work. Given that Alt-Shift is the modifier key code "06,00,00" and hence you would only need to add the num lock key to the modifier. 

 

Edited by elkentaro
  • Upvote 1
Link to comment
Share on other sites

36 minutes ago, elkentaro said:

I'll have to look into it. The key would be to find out the byte array written to the /dev/hidg0 ,  in the ducky.py script . I'll take a look after I get done with some job-work. Although I suspect that if you add ["ALT-SHIFT-NUMLOCK " :"06,00,53"] to your language.json file it might work. Given that Alt-Shift is the modifier key code "06,00,00" and hence you would only need to add the num lock key to the modifier. 

 

That would probably work.

Edited by Dave-ee Jones
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...