Jump to content

Ducky is armed, but payload only opens task manager


Go to solution Solved by dark_pyrro,

Recommended Posts

Hello all,

I just purchased a rubber ducky and am slowly working through the quick start guide.  I began with Hello World (https://docs.hak5.org/hak5-usb-rubber-ducky/ducky-script-basics/hello-world) which worked fine in the notepad.  I then upgraded to the 'slightly more advanced "hello world", but whenever I plug in, the task manager loads, the graphics control panel opens, and a Microsoft 365 sign in window opens.  

Trying on another machine, task manager opened and 4 tabs for logging into Microsoft 365. 

I only copy and pasted the code into the inject.bin file (code below)

REM A slightly more advanced "Hello, World!" for Windows
DELAY 3000
REM Open the Run dialog
WINDOWS r
DELAY 1000
REM Open powershell with our message
STRING powershell "echo 'Hello, World!'; pause"
ENTER

 

Thank you for any help!

Link to comment
Share on other sites

Hello!

I misspoke in the post.  I did not paste the code into the inject file, I pasted it into the payload studio and created the file that way, then replaced the existing inject.bin file in my duck.

I hope that gives more detail.

Link to comment
Share on other sites

  • Solution

If you correctly encode/compile the payload using Payload Studio, I can't see why that code wouldn't be working. I used the same code (although a bit tweaked according to what's available in Ducky Script 3.0), and it works as expected. Maybe try to increase the initial delay a bit (or use an extension that takes care of that).

Link to comment
Share on other sites

Hmmmm, maybe that is it?  

 

I tried this and I think it worked, so maybe I messed it up from before?   

 

I completely deleted the inject.bin file from the ducky (instead of replacing it with the new one).  I then used the same code as above in payload studio, and then clicked Generate Payload.   I moved over the resulting file into the ducky, confirmed it was exactly inject.bin   and it seemed to run!   

 

Now I just need to deep dive which should be my default code that runs, and if I can make a folder of prefered codes on the ducky to store for later.  

Thank you for your help!

Link to comment
Share on other sites

You can store the payloads in a folder (and subfolders) on the Ducky storage, but I would suggest storing it all in some more secure place. Micro SD cards isn't that reliable. Also remember to store the actual code, and not the inject.bin, since you can't reverse it if you need to re-use/change the original payload code. Store the code and compile it when needed using Payload Studio.

  • Thanks 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...