nik321 Posted June 24, 2017 Share Posted June 24, 2017 So I literally just finished copying this tutorial ... https://www.youtube.com/watch?v=fmRRX7-G4lc And everything went smoothly... Apart from when I plugged in the duck... Nothing happened on my Kali MSF... No shells were caught? I should first off mention that my target machine was actually a 64 bit windows, so i had to change the msfvenom -a to x64 and change the payload to windows/x64/meterpreter/reverse_tcp... But besides that everything went ok... So because the shell wasnt being caught, I decided to open up powershell my self, and manually type in the code that the ducky inject.bin is trying to run in powershell.... and i got this error... So I think the reason nothing happens when I plug the duck in, is because in the background (because obviously it is commanded to be hidden in the inject.bin) this is happening... making MSF not catch a shell... Please could anyone take a look at this and help me overcome this error please. I would be forever grateful! Thank you hak5 enthusiasts! <3 Quote Link to post Share on other sites
Lord_KamOS Posted June 24, 2017 Share Posted June 24, 2017 (edited) 59 minutes ago, nik321 said: I should first off mention that my target machine was actually a 64 bit windows x86 should work just fine on x64 Edited June 24, 2017 by Lord_KamOS Quote Link to post Share on other sites
nik321 Posted June 24, 2017 Author Share Posted June 24, 2017 3 minutes ago, Lord_KamOS said: x86 should works just fine on x64 Oh really? So I can still go ahead and make the payload for a 32 bit computer (like in the video) and still run it on a 64 bit machine? ok that is interesting. Thank you. I do know about 32 bit being cross compatible with 64, but not the other way around. But besides that. Is there a reason that the ducky script, once opened up in powershell, is not actually pulling my payload (website.com/bob.exe) or my vbs file (website.com/ggg.txt - As made in the video) from my website? (You also commented on my other help thread for the turtle. Thank you for being active and trying to help me with my endeavors.) Quote Link to post Share on other sites
Lord_KamOS Posted June 24, 2017 Share Posted June 24, 2017 56 minutes ago, nik321 said: But besides that. Is there a reason that the ducky script, once opened up in powershell, is not actually pulling my payload (website.com/bob.exe) or my vbs file (website.com/ggg.txt - As made in the video) from my website? I am not sure, and sadly i cant test it right now, but maybe you can look into the twinduck firmware. I find it more effective just mounting sd card and run the payload from the duck itself. Quote Link to post Share on other sites
nik321 Posted June 24, 2017 Author Share Posted June 24, 2017 11 minutes ago, Lord_KamOS said: I am not sure, and sadly i cant test it right now, but maybe you can look into the twinduck firmware. I find it more effective just mounting sd card and run the payload from the duck itself. This is something that also interested me! I would prefer to be able to host the payload on the pendrive as well as the inject.bin > I like the idea of it all being contained in its self. I will take a look a the twinduck firmware setup on YouTube. Thank you for this. Quote Link to post Share on other sites
Lord_KamOS Posted June 24, 2017 Share Posted June 24, 2017 Its pretty simple (at least from linux, haven't tried on windows.) https://github.com/hak5darren/USB-Rubber-Ducky/tree/master/ducky-flasher Quote Link to post Share on other sites
nik321 Posted June 24, 2017 Author Share Posted June 24, 2017 Ok so I did a bit of googling, and it turns out the powershell commands in the inject.bin are not real commands.. Is this because there might of been an update since the make of that video rendering those commands useless now? Quote Link to post Share on other sites
ThoughtfulDev Posted June 27, 2017 Share Posted June 27, 2017 The download command is right. the '%temp%/update.vbs is wrong. You want to run update.vbs right? try somehting like cd %temp%; ./update.vbs Note the './' Quote Link to post Share on other sites
nik321 Posted June 27, 2017 Author Share Posted June 27, 2017 2 hours ago, ThoughtfulDev said: The download command is right. the '%temp%/update.vbs is wrong. You want to run update.vbs right? try somehting like cd %temp%; ./update.vbs Note the './' I don't think its supposed to run it, rather save it as that name, rather than ggg.txt (as shown in image) Quote Link to post Share on other sites
ThoughtfulDev Posted June 28, 2017 Share Posted June 28, 2017 19 hours ago, nik321 said: I don't think its supposed to run it, rather save it as that name, rather than ggg.txt (as shown in image) I know the DownloadFile command runs just fine (remove everything after the ;). The file should then be in your temp folder (named update.vbs). The error is the line after the ';'. This line tries to run the update.vbs located in the temp folder but if you want to run a.exe in powershell you cant just type a.exe you have to use ./a.exe (you understand my point?) Quote Link to post Share on other sites
nik321 Posted June 29, 2017 Author Share Posted June 29, 2017 22 hours ago, ThoughtfulDev said: I know the DownloadFile command runs just fine (remove everything after the ;). The file should then be in your temp folder (named update.vbs). The error is the line after the ';'. This line tries to run the update.vbs located in the temp folder but if you want to run a.exe in powershell you cant just type a.exe you have to use ./a.exe (you understand my point?) Aaaagh!! Thank you so much friend! I am going to try this out! Your help has been amazing and I thank you for trying to help me overcome this. Big thanks to you mate! Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.