DuckyScript for Packet Squirrel
Last updated
Last updated
DuckyScript is the payload language of Hak5 gear.
Originating on the Hak5 USB Rubber Ducky as a standalone language, the Packet Squirrel uses DuckyScript commands to bring the ethos of easy-to-use actions to the payload language.
DuckyScript commands are always in all capital letters to distinguish them from other system or script language commands. Typically, they take a small number of options (or sometimes no options at all).
Payloads can be constructed of DuckyScript commands alone, or combined with the power of bash scripting and system commands to create fully custom, advanced actions.
While the Packet Squirrel supports multiple languages for payloads (such as Python), all example use of the DuckyScript commands will be shown using a bash based payload. For other, custom payloads, the DuckyScript commands should be executed as system commands.
Ducky Script commands for the Packet Squirrel include:
| Command | Documentation | Description |
|---|---|---|
As an extremely simple demo of payload capabilities, this payload sets the LED color, waits for a button press, then changes the LED color:
BUTTON
Pauses the payload for the specified number of seconds or until the button is pressed.
C2EXFIL
Send a file via Cloud C²
C2NOTIFY
Send a notification via Cloud C²
C2WATCHDIR
Watch for new files in a directory and automatically send them to Cloud C²
DYNAMICPROXY
Create a dynamic man-in-the-middle TCP proxy to intercept traffic in NAT and BRIDGE modes.
KILLPORT
Kill any traffic seen on one or several ports by injecting TCP RST packets.
KILLSTREAM
Kill any streams on or several ports by injecting TCP RST packets.
LED
Control the RGB LED on the front of the Packet Squirrel; parameters include color and pattern.
MATCHPORT
Pause the payload until traffic is matched on one or more ports.
MATCHSTREAM
Pause the payload until traffic matching a regular expression is seen.
NETMODE
Set the network mode of the Packet Squirrel.
SELFDESTRUCT
Wipe the Packet Squirrel internal storage and attached USB, and reboot into lockdown mode with transparent bridging only.
SSH_START
Launch the SSH server
SSH_STOP
Stop the SSH server
SPOOFDNS
Overwrite DNS queries
SWITCH
Reports the current switch position. (This is NOT necessarily the payload currently running, if the switch was moved after boot!)
UI_START
Launch the Packet Squirrel web UI
UI_STOP
Stop the Packet Squirrel web UI
USB_FREE
Return how much USB storage is available, in bytes
USB_STORAGE
Detect if USB storage is present
USB_WAIT
Wait until USB storage is attached