DuckyScript for Packet Squirrel
DuckyScript is the payload language of Hak5 gear.
Originating on the Hak5 USB Rubber Ducky as a standalone language, the Packet Squirrel uses DuckyScript commands to bring the ethos of easy-to-use actions to the payload language.
DuckyScript commands are always in all capital letters to distinguish them from other system or script language commands. Typically, they take a small number of options (or sometimes no options at all).
Payloads can be constructed of DuckyScript commands alone, or combined with the power of
bash scripting and system commands to create fully custom, advanced actions.While the Packet Squirrel supports multiple languages for payloads (such as Python), all example use of the DuckyScript commands will be shown using a
bash based payload. For other, custom payloads, the DuckyScript commands should be executed as system commands.Ducky Script commands for the Packet Squirrel include:
Command | Documentation | Description |
|---|---|---|
BUTTON | Pauses the payload for the specified number of seconds or until the button is pressed. | |
C2EXFIL | Send a file via Cloud C² | |
C2NOTIFY | Send a notification via Cloud C² | |
C2WATCHDIR | Watch for new files in a directory and automatically send them to Cloud C² | |
DYNAMICPROXY | Create a dynamic man-in-the-middle TCP proxy to intercept traffic in NAT and BRIDGE modes. | |
KILLPORT | Kill any traffic seen on one or several ports by injecting TCP RST packets. | |
KILLSTREAM | Kill any streams on or several ports by injecting TCP RST packets. | |
LED | Control the RGB LED on the front of the Packet Squirrel; parameters include color and pattern. | |
MATCHPORT | Pause the payload until traffic is matched on one or more ports. | |
MATCHSTREAM | Pause the payload until traffic matching a regular expression is seen. | |
NETMODE | ||
SELFDESTRUCT | Wipe the Packet Squirrel internal storage and attached USB, and reboot into lockdown mode with transparent bridging only. | |
SSH_START | Launch the SSH server | |
SSH_STOP | Stop the SSH server | |
SPOOFDNS | Overwrite DNS queries | |
SWITCH | Reports the current switch position.
(This is NOT necessarily the payload currently running, if the switch was moved after boot!) | |
UI_START | Launch the Packet Squirrel web UI | |
UI_STOP | Stop the Packet Squirrel web UI | |
USB_FREE | Return how much USB storage is available, in bytes | |
USB_STORAGE | Detect if USB storage is present | |
USB_WAIT | Wait until USB storage is attached |
As an extremely simple demo of payload capabilities, this payload sets the LED color, waits for a button press, then changes the LED color:
#!/bin/bash
# Title: Basic demo one
#
# Description: A simple payload that waits for a button to be pressed
# Set the netmode to NAT, otherwise there is no connectivity at all
NETMODE NAT
# Set the LED to blinking cyan
LED C SINGLE
# Wait forever until the button is tapped
BUTTON
# Set the LED to blink blue in a triple pattern
LED B TRIPLE
Last modified 5mo ago