Jump to content

Using WAIT_FOR_SCROLL_CHANGE to check if the device is ready


Arno
 Share

Recommended Posts

Assuming that no one is touching the keyboard, I have an idea to use WAIT_FOR_SCROLL_CHANGE to use the keyboard instead of a default delay to see if the ducky is ready.

In the Keystroke Reflection Attack example the scroll lock key is used to indicate the end of the exfiltration. However I don't entirely understand its working. Does it assume that the windows command is still running when the WAIT_FOR_SCROLL_CHANGE line at the end of the example is processed?

More important. My script would be something like:

GUI r
DELAY 100
REM Windows Powershell infinite loop to keep changing scroll lock (probably doesn't work, I dont have windows)
STRING powershell "for ($i=1; $i -le 10; $i++) {[System.Windows.Forms.SendKeys]::SendWait('%{SCROLLLOCK}');}"
WAIT_FOR_SCROLL_CHANGE
STRING CTRL c
REM Below this line will be the real code to be excuted

It's just a though. My new Rubber ducky is on it's way so I can only go by the documentation. Does anyone have feedback about the use of this? Apart from the fact that you'd see the light flash on they keyboard 🙂

  • Like 1
Link to comment
Share on other sites

On 8/15/2022 at 8:47 AM, Arno said:

Does it assume that the windows command is still running when the WAIT_FOR_SCROLL_CHANGE line at the end of the example is processed?

My interpretation is that it gets triggered as soon as the scroll lock changes. So as soon as some iteration in that for loop has changed the scroll lock state, the Ducky script would continue. Any scroll lock change after the one that triggered the WAIT_FOR_SCROLL_CHANGE is something that the Ducky wouldn't listen to (unless it's used again further down the payload code).

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...