Time
2 hours 25 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
and last few videos, I showed you how to set up no pat plus plus and how to use the USB rubber ducky
00:06
in the next few videos. I'll be showing you ducky script. I'll be showing you how it works and all the different commands you could use. A Ducky script.
00:14
Ducky script is a scripting language that does anything a keyboard can do.
00:18
It's a fairly straightforward language that really you can get the hang of very quickly. It just takes a little bit of practice.
00:25
Now is he may notice. All the commands are capitalized, and this is required in the scripting language. But what? I always will find it helpful to differentiate command from the rest of the line. So first, let's talk about the default delay R D fell. Underscore DeLay
00:42
Now in Ducky script Delays Air Very important because you can't have commands on top of the other, just running one right at the other because sometimes you'll need ah, pause and the script in order for things to happen, maybe for like, a window to pop up.
00:57
So these delays air very important. That script.
01:00
Now, in the beginning of the script, you can define what the default delayed to be throughout the script. And so, for instance, if you say ah, default delay of 500 that it doesn't milliseconds. So I'll actually be half a second
01:17
If you do, Ah, default delay 1000. That will be a full second.
01:21
And then throughout the script, if you just say delay without anything after it, it'll do that default delay You set up at the beginning of the script. So let's just take a look real quick and see how we type that out
01:33
so way have to do all capitalizations. So will do
01:37
default. You could do underscore
01:40
delay.
01:42
And if you said 1000 that will be a full second.
01:46
You can also do,
01:48
Uh oh, and one
01:51
one word.
01:53
Excuse me.
01:57
And actually, I typed it out Wrong. As you could see, I wanted to show you here. If you type it out wrong and you have, ah, the language
02:06
pack enabled and you're no pad plus Plus, it will not show up correctly. So as you could see, since I typed it out wrong here,
02:15
it's, uh, it's not showing up as it should, So if we spell it correctly. Bam! There it is. And that's that's one reason I like using no pet plus plus. So you can also write this out as default DeLay 1000. That's the same thing as the one above it.
02:32
Okay, now we have the regular delay.
02:36
Um, Now, if, for instance, you don't have the default delay on you, put delay within your code, you will need to do find how many milliseconds after that. But if you have the default delay,
02:47
you can just put delay within the code.
02:51
If, however, you want to override the default delay, you could just put DeLay and then whatever milliseconds you want after that
02:58
now, a lot of times I see people that don't use the default delay because a lot of times the code really has different delays throughout it. So just putting ah, delay with the specific milliseconds I find myself is a lot is a lot easier.
03:15
Um,
03:16
so let's switch back over here, and this one is just simple again. Just
03:23
delay and then we'll say 500. And that will be for half a second. And as you could see some red so we interdict correctly.
03:30
So let's head back over.
03:34
Okay, now we have R E m.
03:36
And this This doesn't actually, uh, isn't actually processed by the script. Ah, what this does it allows for commenting, and that could be helpful. Say, if you write a script and you don't really have any information in it, you could put it within the script itself. So you know exactly what the script is.
03:54
Um, so let's take a look at that. So if we say r e m
04:00
and that'll that'll highlight a different color from the other commands. It's, like, sort of, ah, green. And once you say r e m, you could take whatever you want,
04:11
it's ripped,
04:12
Does this, and the
04:15
when it processes, it just won't won't run it. So you don't have to worry about anything happening there.
04:23
Okay,
04:25
Okay. Next we have the string command.
04:28
Now this command is used. When you need, you need to enter some sort of texts afterwards. This is probably one of the most used commands. That and with throughout the code.
04:36
And it's very simple. You'll just simply enter string and say you're in a command, prompt our command window. You know you need to enter some sort of command. And once you get there, you're gonna want to use this and say you want to open the power shows. Maybe you do something like this you need actually enter the word power. Shel don t x c
04:58
and so you will use the string command for that.
05:01
Next we have the GeoEye or Windows Key.
05:05
Now this is the key on your keyboard that has the Windows emblem,
05:10
another's number. Reasons You want to hit this key cause there's a number of short cuts you want to use.
05:15
Um,
05:16
I find myself using this to open a lot of things like command windows or power shell. So it's very useful, uh, button to use. And, uh,
05:27
it's very simple again. It could be either gear. I turn blue or windows, and that is the same command.
05:35
All righty.
05:38
Next we have the APP or menu command. This command imitates the context Menu key. If you're not familiar with that key, it looks like this.
05:46
If you don't know what it does, let's go over no pad plus plus Take a look
05:51
farmer to push that key. It's gonna bring up this menu
05:56
and you can get this menu up in other ways by right clicking,
05:59
but we don't have the option to right click. So if you need to bring up a menu like this, you will need to use that key or that command.
06:05
Now, these these ah menus differ depending on what programmer using. But they could be a very useful when using ducky script because they can cut down a lot of time if you need to do something that would be specifically in this menu.
06:20
Next we have the shift key. And as you know, the shift key can do a lot. It could be actually used in conjunction with other commands so you could save shift leader, shift home or shift page up or page down. There's a number of commands that can used in conjunction with this.
06:39
So, for example, if I say
06:43
shift will say shift tab and that could be used in a single command.
06:54
Okay, Now we have some very straightforward commands for Ducky script.
06:58
We have, ah, the delete command, which will imitate the leaky, and that's very useful because ah, you know, Windows machines need to use control. Delete went unlocking the computer
07:09
then we have the home key, which are, Excuse me, the Home Command, which will imitate the home key. And that's also important because it saves your type, not some texts, and you hit that key. It'll take you beginning the text or, if you're like on a Web page, will take it to the top of the page.
07:26
Then we have the answer. Command will to do the M Tates, the insert key on the page up command, which will,
07:32
uh, to the page up key page down. Commander says the page down
07:36
now, the arrow keys. You can either do, for example, a pair. We do a barrel or up work, works in the same both ways and imitates that barrel that we have down, arrow down, left our left and then right over right
07:50
Then we have the tab key type he I find is very important. If you say open a window
07:58
within a ducky script and you need to get to certain check box or something within that window, find Tab is very useful for that

Up Next

USB Drop Attack

Malicious devices are everywhere these days, whether you can see them or not.

Instructed By

Instructor Profile Image
Shawn Briere
Information Security Analyst
Instructor