mechateka Posted December 18, 2022 Share Posted December 18, 2022 It just types an 'E' if I put SHIFT ENTER in my script. I'm wanting to type a full ps1 file and just hit enter to execute in full, but if I can't do shift enter, I won't be able to do that. Is this intended behavior of the ducky? Has anyone else had this problem? I saw a post from someone in April that had a similar issue with SHIFT RIGHTARROW and it was only typing R, but there was nothing helpful on that post. Any help would be greatly appreciated. Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 18, 2022 Share Posted December 18, 2022 Did you try using INJECT_MOD and HOLD/RELEASE shift? Link to comment Share on other sites More sharing options...
mechateka Posted December 18, 2022 Author Share Posted December 18, 2022 11 hours ago, dark_pyrro said: Did you try using INJECT_MOD and HOLD/RELEASE shift? I am new to this, so it's likely I'm just doing something wrong, but I've got the booklet and I've perused the larger book but haven't yet seen an answer. Here's a snippet from my code, and then the output. With INJECT_MOD it only adds to the problem. GUI r DELAY 1000 STRING powershell Start-Process powershell -Verb runAs ENTER DELAY 5000 STRING username TAB STRING password ENTER DELAY 5000 STRING net user administrator adminpass ENTER STRING net user administrator /active:yes ENTER STRING Clear-Host INJECT_MOD HOLD SHIFT ENTER Delay 300 RELEASE SHIFT PS C:\WINDOWS\system32> net user administrator adminpass The command completed successfully. PS C:\WINDOWS\system32> net user administrator /active:yes The command completed successfully. PS C:\WINDOWS\system32> Clear-HostIH Clear-HostIH : The term 'Clear-HostIH' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Clear-HostIH + ~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Clear-HostIH:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS C:\WINDOWS\system32> DR Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 18, 2022 Share Posted December 18, 2022 It clearly picks up the initial character, "IH" from INJECT_MOD and HOLD SHIFT, "DR" from Delay and RELEASE SHIFT (Delay needs to be DELAY btw) However, I can't seem to be able to reproduce the issues you are facing. I just made a simple payload using "SHIFT ENTER" and it works (without INJECT_MOD). What encoder are you using and are you using any specific language file when encoding your payload (if not US, but that should really not affect this specific scenario)? Link to comment Share on other sites More sharing options...
mechateka Posted December 18, 2022 Author Share Posted December 18, 2022 I am using the JSEncoder.html found at https://downloads.hak5.org/ducky I am copy pasting my code into from a text file directly into the text box. Is there a specific encoder everyone else is using? Where would I find that? Thanks so much for your help thus far Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 18, 2022 Share Posted December 18, 2022 https://payloadstudio.hak5.org/community/ Link to comment Share on other sites More sharing options...
mechateka Posted December 19, 2022 Author Share Posted December 19, 2022 2 hours ago, dark_pyrro said: https://payloadstudio.hak5.org/community/ Yep. Was the encoder then, thanks again. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.