QUACK" commands – named in honor of the Rubber Ducky that invented the keystroke injection attack.
QUACK, in a payload the attack mode must contain the
HIDoption. This is the default attack mode on boot. See the ATTACKMODE section for information on additional attack mode options.
/root/udisk) – the
DUCKY_LANGoption configures the keyboard layout to be used in keystroke injection attacks. This is important to note as different computers and keyboards use different layouts around the world.
DUCKY_LANGis set to the US. Additional keyboard layouts are available from the languages directory on the Key Croc's USB Flash Disk (udisk). Language key maps are specified using the two letter country code.
Qis an alias for
QUACKthat may be used as shorthand substitution anywhere that QUACK may be used.
Qdoes not have any further meaning and is otherwise not very impressive.
QUACK y" will type "
y", and "
QUACK ENTER" will press enter. Likewise, "
QUACK CTRL-c" will hold the
Controlkey and press
c. Additionally, "
QUACK N" will hold
n– since there is no capital N key on a keyboard.
DUCKY_LANG. Any single key or key combination may be specified. Here are a few choice examples:
QUACKwill use the modifiers on the left side of the keyboard when injecting keystrokes. This behavior may be changed, either by modifying the language file or by using the keycode option with a specific modifier scan code. Both left and right side modifiers are specified in the language file for any given key combination/ The first instance is given priority.
STRINGprocesses the text following taking special care to auto-shift.
STRINGcan accept a single or multiple characters. There will be no
ENTERor Carriage return key at the end of a
STRING– so if one is desired it must be specified with its own
STRINGwill automatically use
SHIFTto capitalize a character.
STRINGas it relates to quotes and escaping special bash characters.
DELAYcreates a momentary pause in the ducky script. It is quite handy for creating a moment of pause between sequential commands that may take the target computer some time to process.
DELAYtime is specified in milliseconds from 1 to 10000. Multiple
DELAYcommands can be used to create longer delays.