DuckyScript Post-Exploitation module

[dru1d-foofus]

I have taken the time to expand the original module source and follow the Metasploit community guidelines.

Please reference #17314 for initial commit and documentation.

This module was designed to serve as a wrapper around keyboard_send and keyevent_send and parses configuration files similar in syntax to the USB Rubber Ducky.

[Tweeks-va]

Super cool dru1d! So does this parse \n and send 0x0A or \r and 0x0D ? I think windows expect the 0x0D (dec 13) for "ENTER".

[dru1d-foofus]

Super cool dru1d! So does this parse \n and send 0x0A or \r and 0x0D ? I think windows expect the 0x0D (dec 13) for "ENTER".

@Tweeks-va - Right now if you wanted to send a return, it would use keycode 13 as per https://learn.microsoft.com/en-us/dotnet/api/system.windows.forms.keys?view=windowsdesktop-7.0

The STRINGLN command will automatically submit a carriage return at the end of your string; this is preferable if you were sending commands to something like powershell.exe for example. STRING would just send the printable characters in your command as a string. Maybe if you wanted to write a fake ransom note in a notepad, for example.

[bwatters-r7]

Could we maybe scan/preprocess the file to verify everything in the file is readable/actionable before we send commands? For example, it would be bad if we've sent 5 commands and the 6th is invalid and crashes everything halfway through. One option might be to add a fail on commands it does not support and loop through twice- once with a flag like send_command that's set to false, then if everything succeeds, setting the send_command to true and loop back.

[cdelafuente-r7]

Thanks for this great contribution @dru1d-foofus ! This module looks like a great addition to Metasploit and we would like to have it landed soon. That said, before moving forward (last round of review and testing), I would like to ask if you plan to implement @bwatters-r7 and @adfoster-r7 suggestions about command validation or make any other changes to the code?

[dru1d-foofus]

Thanks for this great contribution @dru1d-foofus ! This module looks like a great addition to Metasploit and we would like to have it landed soon. That said, before moving forward (last round of review and testing), I would like to ask if you plan to implement @bwatters-r7 and @adfoster-r7 suggestions about command validation or make any other changes to the code?

I do! I've just been very busy with Q4, holidays, and all that. I plan to return to this as soon as I can. Sorry for the lack of movement on my end.

[github-actions[bot]]

Thanks for your contribution to Metasploit Framework! We've looked at this pull request, and we agree that it seems like a good addition to Metasploit, but it looks like it is not quite ready to land. We've labeled it attic and closed it for now.

What does this generally mean? It could be one or more of several things:

• It doesn't look like there has been any activity on this pull request in a while
• We may not have the proper access or equipment to test this pull request, or the contributor doesn't have time to work on it right now.
• Sometimes the implementation isn't quite right and a different approach is necessary.

We would love to land this pull request when it's ready. If you have a chance to address all comments, we would be happy to reopen and discuss how to merge this!