DelTex Posted April 23, 2018 Share Posted April 23, 2018 So I'm working on a script right now, and one of the functions I am trying to complete with my BB is: Q STRING cd AppData\Local\Google\Chrome\User Data\Default The issue I am having is with the backslash's "\". They don't get printed in the string when it is typed out, obviously causing an error when trying to "cd" via CMD. On github, hak5darren posted this and under STRING it talks about the parameters that are accepted. "/" is one of them. Also on github, Hak5 posted this and under QUACK it talks about how BB is compatible with Ducky Script. Yes, I do have the attack mode HID activated as well. Help? Thanks, ~DelTex Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted April 23, 2018 Share Posted April 23, 2018 try encapsulating string in double quotes. And since you have a space I would escape some quotes around the path. Q STRING "cd \"AppData\Local\Google\Chrome\User Data\Default\"" You have to escape the backslash with another backslash or encapsulate it all in double-quotes and then you only have to escape "$" if you do not want to output the value of an environment variable from the bunny and other double-quotes like I did above. Link to comment Share on other sites More sharing options...
DelTex Posted April 23, 2018 Author Share Posted April 23, 2018 22 minutes ago, PoSHMagiC0de said: try encapsulating string in double quotes. And since you have a space I would escape some quotes around the path. Q STRING "cd \"AppData\Local\Google\Chrome\User Data\Default\"" You have to escape the backslash with another backslash or encapsulate it all in double-quotes and then you only have to escape "$" if you do not want to output the value of an environment variable from the bunny and other double-quotes like I did above. This worked, thank you very much! Sorry for duping posts. I figured for one thing it could have done with some pictures, and secondly that it was just not getting responded to. I'm part of a few other forms and response time seems to be a little bit faster on them, however this is a very narrowly based topic I suppose. Thanks again man! I can give your handle props in the script if you would like. Link to comment Share on other sites More sharing options...
DelTex Posted April 23, 2018 Author Share Posted April 23, 2018 Actually, I'm still having an issue with the second STRING: I have tried the following: copy Login Data F:\loot\Login_Data "copy "Login Data"" F:\\loot\\Login_Data copy "Login Data" F:\\loot\\Login_Data "copy ""Login Data"" F:\\loot\\Login_Data" "copy "Login Data" F:\\loot\\Login_Data "copy Login Data F:\\loot\\Login_Data" I do need "'s around "Login Data" to correctly copy and paste the file to my BB. Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted April 24, 2018 Share Posted April 24, 2018 I guess an easier way to show this is if you where in a bash shell so you can see what is happening here. The above line actually suppose to read: Q STRING "copy \"Login Data\" F:\loot\Login_Data" In bash, double quotes starts a string so when you first use them they will not show up in the quack command like you would expect so I use them to encapsulate the string to send. This has extra advantages as it makes it so characters like "(" and "}" don't need escaping. The only thing that needs to be escaped so it can be typed out by quack are a set of double quotes inside the original double quotes like you see me escaping with "\" above and the "$" if you want it passed rather than using it as an inline environment variable for bash. The above should type out just fine with quotes around "Login Data". Link to comment Share on other sites More sharing options...
DelTex Posted April 24, 2018 Author Share Posted April 24, 2018 1 hour ago, PoSHMagiC0de said: I guess an easier way to show this is if you where in a bash shell so you can see what is happening here. The above line actually suppose to read: Q STRING "copy \"Login Data\" F:\loot\Login_Data" In bash, double quotes starts a string so when you first use them they will not show up in the quack command like you would expect so I use them to encapsulate the string to send. This has extra advantages as it makes it so characters like "(" and "}" don't need escaping. The only thing that needs to be escaped so it can be typed out by quack are a set of double quotes inside the original double quotes like you see me escaping with "\" above and the "$" if you want it passed rather than using it as an inline environment variable for bash. The above should type out just fine with quotes around "Login Data". Thanks again man. I actually eventually figured this out with plenty of trial and error yesterday, but I didn't understand it to the extent that you explained it just now. Thanks for being an active member of these forums. ? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.