Advanced Quack Commands

QUACK KEYCODE link

KEYCODE will inject an arbitrary keystroke from a three byte scan code. This may be useful when used in conjunction with HOLD, for language agnostics payloads, or when testing multimedia and other extended key functions not explicitly defined in the language file.

EXAMPLE link

  QUACK KEYCODE 00,00,56
  

QUACK ALTCODE link

ALTCODE allows the printing of alt-codes on Windows systems only.

EXAMPLES link

  QUACK ALTCODE 168
  

  QUACK ALTCODE 236
  

QUACK HOLD AND RELEASE link

HOLD will hold the specified key until QUACK RELEASE is issued. HOLD accepts either a KEYCODE or a STRING.

EXAMPLE link

  QUACK STRING G
QUACK HOLD STRING o
QUACK DELAY 1000
QUACK RELEASE
QUACK STRING d morning!
  

  QUACK HOLD KEYCODE 00,00,52
QUACK DELAY 1000
QUACK RELEASE
  

TECHNICAL DETAIL link

Each target interprets held keys differently. When holding the spacebar on your keyboard, the keyboard is not sending a multitude of spacebar scan codes – rather a single hold and release. As you watch your cursor cross the screen, the rate is determined by the operating system.

QUACK LOCK AND UNLOCK link

LOCK will prevent the attached keyboard from passing through keystrokes to the target. This may be useful in payloads which need to temporarily lock out the user while a sensitive keystroke injection attack is occuring. Keys pressed on the attached keyboard are not buffered while using LOCK and will not be typed once unlocked.

UNLOCK will allow the attached keyboard to pass through keystrokes to the target once more after the QUACK LOCK command is issued.

BASH CONSIDERATIONS FOR QUACK STRING link

The QUACK STRING command accepts strings interpreted by bash. Consider these key elements when using QUACK STRING.

QUACK STRING WITH QUOTES link

When using special characters, such as the apostrophe in the example below, wrap the string with quotes – otherwise bash will be expecting a second apostrophe to complete the quote, and the interpretation will not be what you expect.

  QUACK STRING "Isn't this a cool string"
  

QUACK STRING AND ESCAPING SPECIAL CHARACTERS link

Alternatively, special characters may be escaped rather than wrapping the string in quotes.

  QUACK STRING Isn\'t this a cool string
  

QUACK STRING WITH COMMAND SUBSTITUTION link

Since QUACK STRING is interpreted by bash, command substitution may be used. In this example, the Key Croc will inject the keystrokes containing the output of the ifconfig command.

  QUACK STRING "$(ifconfig usb0 | grep 'inet addr')"
  

Compare this to the following, without the $() command substitution directive, which actually injects the keystrokes of the command in question.

  QUACK STRING "ifconfig usb0 | grep 'inet addr'"