Jump to content

Recommended Posts

Posted

Hey, I played around with the ducky for a while now and Windows Defender seems to be picking up the ducky right before it even GUI r's to power shell and download a malicious exe.

 

i plug it in. It's detected... 

 

nothing malicious is on that ducky at all, just the bin file that would run powershell but it doesn't even get to that stage to even get to download the exe (which would make sense to be picked up)

Posted
20 minutes ago, Sopyan said:

Hey, I played around with the ducky for a while now and Windows Defender seems to be picking up the ducky right before it even GUI r's to power shell and download a malicious exe.

 

i plug it in. It's detected... 

 

nothing malicious is on that ducky at all, just the bin file that would run powershell but it doesn't even get to that stage to even get to download the exe (which would make sense to be picked up)

Possibly need to change the VID/PID of the ducky, Maybe even a rename.

Posted
On 10/8/2017 at 12:04 PM, Just_a_User said:

Possibly need to change the VID/PID of the ducky, Maybe even a rename.

I did that, generated the vidpid.bin file and placed it in the sd. But somehow it doesn't run.. What am I doing wrong, is there any firmware update?

Posted
6 hours ago, Sopyan said:

is there any firmware update?

Im not sure which firmware your running, Maybe try a reflash with c_duck_v2.1.hex. From memory the 2.1's have the part that looks for the vidpid.bin. Alternativly there was a way to edit the vidpid directly on the firmware using a hex editor but i haven't done this myself.

  • 4 weeks later...
Posted
On ‎08‎/‎10‎/‎2017 at 10:41 AM, Sopyan said:

Hey, I played around with the ducky for a while now and Windows Defender seems to be picking up the ducky right before it even GUI r's to power shell and download a malicious exe.

 

i plug it in. It's detected... 

 

nothing malicious is on that ducky at all, just the bin file that would run powershell but it doesn't even get to that stage to even get to download the exe (which would make sense to be picked up)

From what you're saying here, I'm guessing you have firmware installed that allows the ducky to be read as a storage device as well as a HID.

Windows Defender is either finding your malicious exe on the ducky, or if it's not on the ducky then it recognises the URL that the malicious exe is being downloaded from as being potentially dodgy (if you've run it once before successfully, and then it started getting picked up after this, this is probably the case).

I'd set your ducky back to the original firmware and re-flash. If it still finds something malicious, try changing the URL the exe is located via.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...