Documentation Payloads Community Support

DuckyScript for Packet Squirrel

DuckyScript is the payload language of Hak5 gear.

Originating on the Hak5 USB Rubber Ducky as a standalone language, the Packet Squirrel uses DuckyScript commands to bring the ethos of easy-to-use actions to the payload language.

DuckyScript commands are always in all capital letters to distinguish them from other system or script language commands. Typically, they take a small number of options (or sometimes no options at all).

Payloads can be constructed of DuckyScript commands alone, or combined with the power of bash scripting and system commands to create fully custom, advanced actions.

While the Packet Squirrel supports multiple languages for payloads (such as Python), all example use of the DuckyScript commands will be shown using a bash based payload. For other, custom payloads, the DuckyScript commands should be executed as system commands.

Ducky Script commands for the Packet Squirrel include:

CommandDocumentationDescription

BUTTON

BUTTON

Pauses the payload for the specified number of seconds or until the button is pressed.

C2EXFIL

C2EXFIL

Send a file via Cloud C²

C2NOTIFY

C2NOTIFY

Send a notification via Cloud C²

C2WATCHDIR

C2WATCHDIR

Watch for new files in a directory and automatically send them to Cloud C²

DYNAMICPROXY

DYNAMICPROXY

Create a dynamic man-in-the-middle TCP proxy to intercept traffic in NAT and BRIDGE modes.

KILLPORT

KILLPORT

Kill any traffic seen on one or several ports by injecting TCP RST packets.

KILLSTREAM

KILLSTREAM

Kill any streams on or several ports by injecting TCP RST packets.

LED

LED

Control the RGB LED on the front of the Packet Squirrel; parameters include color and pattern.

MATCHPORT

MATCHPORT

Pause the payload until traffic is matched on one or more ports.

MATCHSTREAM

MATCHSTREAM

Pause the payload until traffic matching a regular expression is seen.

NETMODE

NETMODE

Set the network mode of the Packet Squirrel.

SELFDESTRUCT

SELFDESTRUCT

Wipe the Packet Squirrel internal storage and attached USB, and reboot into lockdown mode with transparent bridging only.

SSH_START

SSH_START

Launch the SSH server

SSH_STOP

SSH_STOP

Stop the SSH server

SPOOFDNS

SPOOFDNS

Overwrite DNS queries

SWITCH

SWITCH

Reports the current switch position. (This is NOT necessarily the payload currently running, if the switch was moved after boot!)

UI_START

UI_START

Launch the Packet Squirrel web UI

UI_STOP

UI_STOP

Stop the Packet Squirrel web UI

USB_FREE

USB_FREE

Return how much USB storage is available, in bytes

USB_STORAGE

USB_STORAGE

Detect if USB storage is present

USB_WAIT

USB_WAIT

Wait until USB storage is attached

A simple payload

As an extremely simple demo of payload capabilities, this payload sets the LED color, waits for a button press, then changes the LED color:

#!/bin/bash

# Title: Basic demo one
#
# Description: A simple payload that waits for a button to be pressed

# Set the netmode to NAT, otherwise there is no connectivity at all
NETMODE NAT

# Set the LED to blinking cyan
LED C SINGLE

# Wait forever until the button is tapped
BUTTON

# Set the LED to blink blue in a triple pattern
LED B TRIPLE

Last updated