Kautilya and a German Keyboard Layout - "invalid character"

[Lorenz H.]

Hello everyone,

I am fairly new to Kautilya and I tried my best to resolve this problem myself, but I think I need help.

My problem is that the capslock check at least in the wifi-key and the keylogger payload always seems to fail with an "invalid character" error.

This is my configuration:

• Arduino 1.0.3 + Teensyduino 1.13
  
• USB type: "Keyboard + Mouse + Joystick"
  
• Keyboard Layout: "German"
• Latest Kautilya from trunk (rev 15) and kautilya 0.4.0
• Teensy 3.0

I've tracked the error down in the keylogger script and found this at line 226:

Keyboard.println("echo Set WshShell = WScript.CreateObject(\"WScript.Shell\"): WshShell.SendKeys \"{CAPSLOCK}\"' > %temp%\\capslock.vbs");

The character right behind "{CAPSLOCK}\" is an apostrophe in the source code. The capslock.vbs file created on the target computer however looks like this:

Set WshShell = WScript.CreateObject("WScript.Shell"): WshShell.SendKeys "{CAPSLOCK}"ï 

Notice that the apostrophe is a "ï" here hence making the script fail.

I just don't know what is going wrong here and I also don't know much about powershell... Is the apostrophe even supposed to be there, or is it a bug in the teensy libraries? Any help would be much appreciated...

[Nikhil "SamratAshok" Mittal]

Hi Lorenz,

Thanks for pointing this out. This seems to be a silly but serious bug in Kautilya. You are right, the apostrophe or single quote in below code is not required.

Keyboard.println("echo Set WshShell = WScript.CreateObject(\"WScript.Shell\"): WshShell.SendKeys \"{CAPSLOCK}\"' > %temp%\\capslock.vbs");

This seems to be a typo from my side as the double quote and single quote are on same key on my keyboard. Moreover, while using Enlgish (US) keyboard this extra single quote doesn't create any problem, that is why I (and other users) missed it :( This affects all Windows payloads as above code is shared by all of them.

Just remove this apostrophe from the generated sketch and it should be all right. Please let me know if this solves your problem.

I will run a few tests and commit the changes to the repo.

Regards,
Nikhil

[Lorenz H.]

Thank you for your quick response Nikhil, 

removing the apostrophe did the trick and everything seems to work fine now.

You are doing a great job by the way, Kautilya is a magnificent piece of software...

-Lorenz

[Lorenz H.]

I just had a look at the keylogger script after it seemed to fail and stumbled upon a very similar error...

$s = @ï 
[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] 
public static extern short GetAsyncKeyState(int virtualKeyCode); 
ï@ 

These are the four first lines of the kl.ps1 script created on the target machine. After replacing the "ï" in line 1 and 4 with quotation marks it seemed to work. However I was unable to come up with a solution for the generated sketch since every apostrophe turns into an "ï" on the target computer and quotation marks don't seem to work either...

Thank you very much for your help,

-Lorenz

[Nikhil "SamratAshok" Mittal]

Yes, the problem lies with Kautilya tested only on English (US) keyboard. I will replace apostrophe with double quotes wherever possible, some payloads just can't use double quotes in place of apostrophe. So replacing is a temp solution. In near future, Kautilya should move to ascii codes which will be keyboard layout independent.

[Lorenz H.]

Alright, thank you for your help and patience explaining everything to me.

[Lorenz H.]

I thought it might interest you that it turned out that there is a bug also or maybe solely in the teensy libraries regarding the apostrophe. I already created a bug report: http://forum.pjrc.com/threads/23688-Possible-bug-with-windows-and-a-German-keyboard-layout

Best regards,

Lorenz

[Nikhil Mittal]

Thank you. This is turning out to be interesting. Please let me know if I can be of any help.

--
You received this message because you are subscribed to the Google Groups "kautilya-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kautilya-user...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Lorenz H.]

Hi Nikhil,

I just wanted to tell you that the guys at PJRC released a fix and everything works fine now. Here's the Link to the thread in the forum where the fix was posted just in case someone else encounters similar problems. I also attached the fixed keylayouts library to this post.

Best regards, 

Lorenz

[Nikhil Mittal]

Hi Lorenz,

Great! Robin is good at responding to bugs. Thank you very much for reporting this and informing me! Are you on twitter? I would like to give a shout :)

Best regards, 

Lorenz

--

You received this message because you are subscribed to the Google Groups "kautilya-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kautilya-user...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
Regards,
Nikhil SamratAshok Mittal
nikhil_mitt
http://labofapenetrationtester.blogspot.com/

[Lorenz H.]

Thank you very much, but nope unfortunately I'm not - trying to maintain a low profile on the internet as far as possible, you know ;)