Jump to content

Advanced Ducky Script Course Exercise 1


Recommended Posts

Hello, I am brand new to the Advanced Ducky Script Course and am using this forum to check my work on the exercises presented. I had some troubles with the first exercise because I'm big dumb and this is an entirely new concept to me. Bellow is the exercises presented along with my answers. While I am still waiting on USB Rubber Ducky to come in the mail, I am trying to get a head start on the course content. Any feedback would be greatly appreciated.

 

Exercise 1-1

Write and deploy a payload for the target operating system of your choice which will:

  • Open the target operating system’s terminal.
  • Run commands to show a listing of files and directories.
  • Pause for 5 seconds.
  • Close the terminal window.

 

REM Title: Exposed
REM Author: Ehvanz
REM Description: List all Files and Directories
DELAY 2000
GUI r
STRING powershell
ENTER
DELAY 1000
STRING ls
ENTER 
DELAY 5000
STRING exit

 

Exercise 1-2

Modify the payload written in exercise 1-1 to minimize the terminal window after the 5 second pause, rather than closing it.

 

REM Title: Exposed
REM Author: Ehvanz
REM Description: List all Files and Directories then minimize the terminal
DELAY 2000
GUI r
STRING powershell
ENTER
DELAY 1000
STRING ls
ENTER 
DELAY 5000
STRING ALT SPACE n
ENTER

Exercise 1-3

Modify the payload written in exercise 1-1 to copy the contents of the terminal window after the 5 second pause, then open a new plaintext document and paste the clipboard.

 

REM Title: Exposed
REM Author: Ehvanz
REM Description: List all Files and Directories, copy the contents
REM then paste into a text document
DELAY 2000
GUI r
STRING powershell
ENTER
DELAY 1000
STRING ls
ENTER 
DELAY 5000
STRING CTRL SHIFT a
ENTER
DELAY 1000
GUI r
STRING notepad.exe
ENTER
STRING CTRL c
ENTER

 

Link to comment
Share on other sites

Haven't read all of the code, but for 1-1 at least, you could do the following tweaks:

- Increase the intitial delay, or better yet, use the PASSIVE_WINDOWS_DETECT extension to totally eliminate the need of any initial delay (it will speed up the execution as well and make sure the payload starts when Windows has enumerated the Ducky and is ready for input)

- I would most likely use a longer delay after PowerShell has been started since it can take quite a while from when the command has been issued to when the PowerShell window is ready for input, it's PC specific though

- Instead of using STRING followed by an ENTER, use the DuckyScript 3.0 command STRINGLN which doesn't need ENTER, it will make the code more "readable" and keep the line count down (the last STRING is missing an ENTER, but it can also be solved by using STRINGLN)

  • Thanks 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...