Jump to content
Hak5 Forums
Sign in to follow this  
Skynet2018

USB Rubber Ducky can do this ?

Recommended Posts

Posted (edited)
1 hour ago, Skynet2018 said:

Hello I have a question. Can the ducky auto correct himself, if something is going wrong. Like this  https://www.offensive-security.com/movies/teensy-offsec-payload.mp4

No the ducky is just replaying the script with no real feedback other than keypress check before running the script (twin duck style). The Bashbunny however can do logic with the possibility of fedback and error checking/correcting.

Im just reading about that peensy and seeing how its doing it, e.g. it downl;oads a file to check Internet connectivity, bashbunny can do that for sure. It seems to use num/scroll/caps keys once a command is successful by checking keyboard LED status. I don't know if that already exists in a bashbunny payload but seems like it should be something achievable by the bash bunny also.

Interesting stuff, thanks for sharing

Edited by Just_a_User

Share this post


Link to post
Share on other sites

I see some ducky payloads that show as the command it was executed, by the caps lock led. For example If I want to run GUI D after I can put a cmd to show me that command was executed. So if I do that then it will be like this when I put in my ducky it execute the GUI D and after the caps lock blinks one time or 2 times. I wander, if we can do this with the duck why we can't do an if statement if the caps lock blink 2 times then go to the next command but if not blink then run the GUI D command again. I think there is a way to do this but I'm not sure how to do it.  An example: make a new text document and add this code

 start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')"

save it to .bat and execute it. You well see caps lock will blink 2 times.  Now if you add this command after GUI R STRING cmd ENTER it will work. But if we can put some commands to repeat the first commands if the caps lock not blink. Than it will work I think. 

Share this post


Link to post
Share on other sites

This is the code for arduino 

bool secure_prompt(int reps, int millisecs)
{
make_sure_numlock_is_off();

... initialise SD card, DIP switches
... open a command prompt
... write a vbscipt that turns on numlock and execute it.

check_for_numlock_sucess_teensy(reps,millisecs);
}

// loop (repeat) times for (speed) milliseconds
bool check_for_numlock_sucess_teensy(int reps, int millisecs)
{
int i = 0;
do
{
delay(millisecs);
if (is_num_on())
{
make_sure_numlock_is_off();
delay(700);
return true;
}
i++;
} while (!is_num_on() && (i>reps));
return false;
}

I found a website that convert ducky code to arduino but I don't found how to convert from arduino to ducky.  It would be nice if we could convert somehow from arduino to ducky

Share this post


Link to post
Share on other sites
6 minutes ago, Skynet2018 said:

I see some ducky payloads that show as the command it was executed, by the caps lock led.

For the ducky? or for the bashbunny?

AFAIK I think the ducky can check for a keypress before running a script but once that script is running theres no stopping it for logic. In the ducky the logic is in firmware not payload. So would require a firmware mod and then im not sure of available space etc.

Share this post


Link to post
Share on other sites

Please view this: 

you can skip the first 10 min. You probably will understand better or maybe I did not understand well

Share this post


Link to post
Share on other sites

OK but thats slightly different, thats using the ducky as a first stage to launch a second stage powershell script. Darren does say the Caps/Num/Scroll lock LEDs state is stored on the computer and not the keyboard so could potentially can be read but im not sure the ducky could do this itself - at least not with standard firmwares. But in the powershell script it could read LED status and base logic off of that im sure. But if the first stage script fails the second may never run. at least thats how i see it, maybe someone else will add to this thread with more details.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×