Arno Posted August 15, 2022 Posted August 15, 2022 Assuming that no one is touching the keyboard, I have an idea to use WAIT_FOR_SCROLL_CHANGE to use the keyboard instead of a default delay to see if the ducky is ready. In the Keystroke Reflection Attack example the scroll lock key is used to indicate the end of the exfiltration. However I don't entirely understand its working. Does it assume that the windows command is still running when the WAIT_FOR_SCROLL_CHANGE line at the end of the example is processed? More important. My script would be something like: GUI r DELAY 100 REM Windows Powershell infinite loop to keep changing scroll lock (probably doesn't work, I dont have windows) STRING powershell "for ($i=1; $i -le 10; $i++) {[System.Windows.Forms.SendKeys]::SendWait('%{SCROLLLOCK}');}" WAIT_FOR_SCROLL_CHANGE STRING CTRL c REM Below this line will be the real code to be excuted It's just a though. My new Rubber ducky is on it's way so I can only go by the documentation. Does anyone have feedback about the use of this? Apart from the fact that you'd see the light flash on they keyboard 🙂
lightduty Posted August 16, 2022 Posted August 16, 2022 I don't have the technical expertise to answer your question but thanks for the powershell command.
dark_pyrro Posted August 16, 2022 Posted August 16, 2022 On 8/15/2022 at 8:47 AM, Arno said: Does it assume that the windows command is still running when the WAIT_FOR_SCROLL_CHANGE line at the end of the example is processed? My interpretation is that it gets triggered as soon as the scroll lock changes. So as soon as some iteration in that for loop has changed the scroll lock state, the Ducky script would continue. Any scroll lock change after the one that triggered the WAIT_FOR_SCROLL_CHANGE is something that the Ducky wouldn't listen to (unless it's used again further down the payload code).
Recommended Posts
Archived
This topic is now archived and is closed to further replies.