Jump to content

Ducky Script & BB issues?


DelTex
 Share

Recommended Posts

So I'm working on a script right now, and one of the functions I am trying to complete with my BB is:

Q STRING cd AppData\Local\Google\Chrome\User Data\Default

The issue I am having is with the backslash's "\". They don't get printed in the string when it is typed out, obviously causing an error when trying to "cd" via CMD.

On github, hak5darren posted this and under STRING it talks about the parameters that are accepted. "/" is one of them.

Also on github, Hak5 posted this and under QUACK it talks about how BB is compatible with Ducky Script. Yes, I do have the attack mode HID activated as well.

Help? Thanks,

~DelTex

Link to comment
Share on other sites

try encapsulating string in double quotes.

And since you have a space I would escape some quotes around the path.

 

Q STRING "cd \"AppData\Local\Google\Chrome\User Data\Default\""

You have to escape the backslash with another backslash or encapsulate it all in double-quotes and then you only have to escape "$" if you do not want to output the value of an environment variable from the bunny and other double-quotes like I did above.

 

  • Upvote 1
Link to comment
Share on other sites

22 minutes ago, PoSHMagiC0de said:

try encapsulating string in double quotes.

And since you have a space I would escape some quotes around the path.

 


Q STRING "cd \"AppData\Local\Google\Chrome\User Data\Default\""

You have to escape the backslash with another backslash or encapsulate it all in double-quotes and then you only have to escape "$" if you do not want to output the value of an environment variable from the bunny and other double-quotes like I did above.

 

This worked, thank you very much! Sorry for duping posts. I figured for one thing it could have done with some pictures, and secondly that it was just not getting responded to. I'm part of a few other forms and response time seems to be a little bit faster on them, however this is a very narrowly based topic I suppose. Thanks again man! I can give your handle props in the script if you would like.

Link to comment
Share on other sites

Actually, I'm still having an issue with the second STRING:

Capture3.png

I have tried the following:

copy Login Data F:\loot\Login_Data

"copy "Login Data"" F:\\loot\\Login_Data 
copy "Login Data" F:\\loot\\Login_Data
"copy ""Login Data"" F:\\loot\\Login_Data"
"copy "Login Data" F:\\loot\\Login_Data
"copy Login Data F:\\loot\\Login_Data"

I do need "'s around "Login Data" to correctly copy and paste the file to my BB.

Link to comment
Share on other sites

I guess an easier way to show this is if you where in a bash shell so you can see what is happening here.

The above line actually suppose to read:

Q STRING "copy \"Login Data\" F:\loot\Login_Data"

In bash, double quotes starts a string so when you first use them they will not show up in the quack command like you would expect so I use them to encapsulate the string to send.  This has extra advantages as it makes it so characters like "(" and "}" don't need escaping.  The only thing that needs to be escaped so it can be typed out by quack are a set of double quotes inside the original double quotes like you see me escaping with "\" above and the "$" if you want it passed rather than using it as an inline environment variable for bash.

The above should type out just fine with quotes around "Login Data".

Link to comment
Share on other sites

1 hour ago, PoSHMagiC0de said:

I guess an easier way to show this is if you where in a bash shell so you can see what is happening here.

The above line actually suppose to read:


Q STRING "copy \"Login Data\" F:\loot\Login_Data"

In bash, double quotes starts a string so when you first use them they will not show up in the quack command like you would expect so I use them to encapsulate the string to send.  This has extra advantages as it makes it so characters like "(" and "}" don't need escaping.  The only thing that needs to be escaped so it can be typed out by quack are a set of double quotes inside the original double quotes like you see me escaping with "\" above and the "$" if you want it passed rather than using it as an inline environment variable for bash.

The above should type out just fine with quotes around "Login Data".

Thanks again man. I actually eventually figured this out with plenty of trial and error yesterday, but I didn't understand it to the extent that you explained it just now. Thanks for being an active member of these forums. ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...