nerdexam
GIAC

GCIH · Question #637

Which line in the following Ducky script is sent to approve the Windows UAC warning?

The correct answer is A. 8. In the referenced Ducky script, line 8 contains the keystroke sequence that programmatically approves the Windows User Account Control (UAC) dialog.

Vulnerability Exploitation & Privilege Escalation

Question

Which line in the following Ducky script is sent to approve the Windows UAC warning?

Options

  • A8
  • B10
  • C5
  • D6
  • E3

How the community answered

(35 responses)
  • A
    71% (25)
  • B
    6% (2)
  • C
    3% (1)
  • D
    17% (6)
  • E
    3% (1)

Why each option

In the referenced Ducky script, line 8 contains the keystroke sequence that programmatically approves the Windows User Account Control (UAC) dialog.

A8Correct

Line 8 of the script issues the key combination - typically ALT+Y or a directional key followed by ENTER - that simulates clicking 'Yes' on the UAC elevation prompt after the prompt has been triggered by an earlier line. Ducky scripts execute keystrokes sequentially, so the UAC approval command must appear at the specific point in the sequence after the dialog has been raised but before subsequent commands that require elevated privileges.

B10

Line 10 executes after the UAC dialog has already been handled, performing a later step in the payload sequence rather than the approval itself.

C5

Line 5 runs before the command that raises the UAC dialog, meaning it cannot be the line that dismisses the prompt.

D6

Line 6 is part of the pre-UAC portion of the script and performs a preparatory action, not the UAC approval keystroke.

E3

Line 3 appears very early in the injection sequence, well before the UAC prompt is triggered by the script.

Concept tested: USB Rubber Ducky script UAC approval keystrokes

Source: https://docs.hak5.org/hak5-usb-rubber-ducky/

Topics

#Rubber Ducky#UAC bypass#HID scripting#privilege escalation

Community Discussion

No community discussion yet for this question.

Full GCIH Practice