Hello Ducky

Aperi'CTF 2019 - Physical (50 pts).

Aperi’CTF 2019 - Hello Ducky

Challenge details

Event Challenge Category Points Solves
Aperi’CTF 2019 Hello Ducky Physical 50 ???

Votre mission est de récupérer le fichier flag.txt situé à la racine du disque C:// du PC “Ducky”. L’exfiltration des données peut se faire à l’aide d’internet ou d’une clé USB classique (montage D:// par default). Le flag respecte le format APRK{…}.

TL;DR

Use xcopy Windows command with ducky script.

Methodology

We need to copy the file “C:\flag.txt” to our USB “D:" with only a Rubber Ducky HID key:

ducky.jpg

This key is a USB key which act like a keyboard: once plugged, it will type the payload we want. See this [Youtube Video](https://www.youtube.com/watch?v=kag1VsM-tzA&feature=youtu.be) for more explanation about Rubber Ducky.

To complete the challenge, we gonna run a command with “Win + R” (here: GUI + r) and run the command xcopy "C:\flag.txt" "D:\".

Here is the final ducky payload:

DELAY 3000
GUI r
DELAY 1000
STRING xcopy "C:\flag.txt" "D:\"
ENTER

After that, we compiled the script on ducktoolkit.com/encode with FR layout, put the file on the Micro SD using the adapter and plug the Rubber Ducky.

Once plugged, we got a “flag.txt” at the root of our USB: APRK{Th3_PoW3R_oF_dUckY_sCR!PT}.

Flag

APRK{Th3_PoW3R_oF_dUckY_sCR!PT}

Zeecka