Comments

Overview

Comments are annotations added to source code of a payload for the purposes of describing the functionality and making it easier for humans to read and understand. This is especially helpful given the open source nature of DuckyScript payloads.

When sharing, or modifying a shared payload, comments are especially helpful for conveying important aspects, such as constants and variables which may be specific to each user's particular environment.

As an example, a remote access payload may specify the IP address of a reverse shell listener within a constant. This may be documented within a comment block at the beginning of the payload, or as a single line comment above the definition.

REM

Syntax

REM <comment>

The REM command does not perform any keystroke injection functions. REM gets its name from the word remark. While REM may be used to add vertical spacing within a payload, blank lines are also acceptable and will not be processed by the compiler.

Example

REM This is a comment block.
REM It can be as many lines as you wish, as long as they all begin with REM.
REM This block will not be compiled into the inject.bin file.
REM It will however help fellow DuckyScript programmers understand this payload..

Result

  • If encoded, this example payload will not perform any keystroke injection.

Example

REM Sometimes it's helpful to add single line comments above specific sections.

ATTACKMODE HID STORAGE
DELAY 2000

GUI r
DELAY 500

REM This executes d.cmd from the drive with the label DUCKY.
STRING powershell ".((gwmi win32_volume -f 'label=''DUCKY''').Name+'d.cmd')"
ENTER

Result

  • This payload executes a cmd file on the root of the USB Rubber Ducky MicroSD card.

  • The comment above the STRING powershell... line notes the necessity for the volume label of the MicroSD card to be "DUCKY".

REM_BLOCK

Defining a comment block is simple! Start the comment with REM_BLOCK and end the comment with END_REM; everything in between will be considered a comment without the need to prepend every new line with REM. Comment blocks can be especially useful when you have multiple lines to be included in a single comment or want to retain formatting.

Example

Below is an example taken from an EXTENSION describing its usage and intended targets.

REM_BLOCK DOCUMENTATION
        USAGE:
            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
            boot delay
    
        TARGETS:
            Any system that reflects CAPSLOCK will detect minimum required delay
            Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
END_REM

Proper indentation allows this comment block to be collapsed and out of the way after reading.

Best Practices

Payloads, especially those designed to be shared, should begin with a block of comments specifying the title of the payload, the author, and a brief description. Additionally, one may wish to describe the target (OS, version) and any credit or inspiration (commonly commented as props).

REM Title: Full Screen TREE Command
REM Author: Darren Kitchen
REM Description: Runs "tree" in fulll-screen green-on-black cmd window.
REM Target: Windows 95 - 11
REM Props: Korben

ATTACKMODE HID STORAGE
DELAY 2000
GUI r
DELAY 500
STRING cmd /K color a & tree c:\
ENTER
DELAY 500
ALT ENTER

While comments are saved in the plaintext source code of a payload (e.g. payload.txt) they are not saved when the payload is compiled into an inject.bin file.

Last updated