Bountyhunter50 Posted May 6, 2014 Share Posted May 6, 2014 Hi guys! So I'm deplyoing my Duck at work , and I have a script (Thanks to DuckToolKit) that saves the user and hardware info of their computer. We're doing an inventory basically. The output of the script saves it as a Report.zip, but I have about 200 computers to go through. Is it possible to have an IF 'Report.zip'=EXIST Then EXIST +1 Basically if Report.zip exists , rename the file to Report1, and so on so the final will have Report, Report1, Report 2, etc. Thanks!! I'll attach my script below: DELAY 1650 GUI r DELAY 1650 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1650 STRING ADMINUSERNAME DELAY 1650 TAB STRING DUMBPASSWORD DELAY 1650 ENTER DELAY 1650 ALT y DELAY 1650 ENTER ALT SPACE DELAY 1650 STRING m DELAY 1650 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $SysBootTime = Get-WmiObject Win32_OperatingSystem ENTER STRING $BootTime = $SysBootTime.ConvertToDateTime($SysBootTime.LastBootUpTime)| ConvertTo-Html datetime ENTER STRING $SysSerialNo = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $env:COMPUTERNAME) ENTER STRING $SerialNo = $SysSerialNo.SerialNumber ENTER STRING $SysInfo = Get-WmiObject -class Win32_ComputerSystem -namespace root/CIMV2 | Select Manufacturer,Model ENTER STRING $SysManufacturer = $SysInfo.Manufacturer ENTER STRING $SysModel = $SysInfo.Model ENTER STRING $OS = (Get-WmiObject Win32_OperatingSystem -computername $env:COMPUTERNAME ).caption ENTER STRING $disk = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='C:'" ENTER STRING $HD = [math]::truncate($disk.Size / 1GB) ENTER STRING $FreeSpace = [math]::truncate($disk.FreeSpace / 1GB) ENTER STRING $SysRam = Get-WmiObject -Class Win32_OperatingSystem -computername $env:COMPUTERNAME | Select TotalVisibleMemorySize ENTER STRING $Ram = [Math]::Round($SysRam.TotalVisibleMemorySize/1024KB) ENTER STRING $SysCpu = Get-WmiObject Win32_Processor | Select Name ENTER STRING $Cpu = $SysCpu.Name ENTER STRING $HardSerial = Get-WMIObject Win32_BIOS -Computer $env:COMPUTERNAME | select SerialNumber ENTER STRING $HardSerialNo = $HardSerial.SerialNumber ENTER STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select Name ENTER STRING $graphicsCard = gwmi win32_VideoController |select Name ENTER STRING $graphics = $graphicsCard.Name ENTER STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select -first 1 ENTER STRING $DriveLetter = $CDDrive.Drive ENTER STRING $DriveName = $CDDrive.Caption ENTER STRING $Disk = $DriveLetter + '' + $DriveName ENTER STRING $Firewall = New-Object -com HNetCfg.FwMgr ENTER STRING $FireProfile = $Firewall.LocalPolicy.CurrentProfile ENTER STRING $FireProfile = $FireProfile.FirewallEnabled ENTER STRING $Report = $Report + "<div id=left><h3>Computer Information</h3><br><table><tr><td>Operating System</td><td>$OS</td></tr><tr><td>OS Serial Number:</td><td>$SerialNo</td></tr><tr><td>Current User:</td><td>$env:USERNAME </td></tr><tr><td>System Uptime:</td><td>$BootTime</td></tr><tr><td>System Manufacturer:</td><td>$SysManufacturer</td></tr><tr><td>System Model:</td><td>$SysModel</td></tr><tr><td>Serial Number:</td><td>$HardSerialNo</td></tr><tr><td>Firewall is Active:</td><td>$FireProfile</td></tr></table></div><div id=right><h3>Hardware Information</h3><table><tr><td>Hardrive Size:</td><td>$HD GB</td></tr><tr><td>Hardrive Free Space:</td><td>$FreeSpace GB</td></tr><tr><td>System RAM:</td><td>$Ram GB</td></tr><tr><td>Processor:</td><td>$Cpu</td></tr><td>CD Drive:</td><td>$Disk</td></tr><tr><td>Graphics Card:</td><td>$graphics</td></tr></table></div>" ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = 'C:\Windows\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING $usbPresent = 'False' ENTER STRING do { ENTER STRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'HP16GB' } | Measure ENTER STRING if ($present.Count -ge 1){ ENTER STRING $usbPresent = 'True' }Else { ENTER STRING $usbPresent = 'False'}} ENTER STRING until ($usbPresent -eq 'True') ENTER STRING $driveLetter = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCK' } | select Name ENTER STRING move-item c:\Windows\Report.zip $driveLetter.Name ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 1650 STRING C:\Windows\config-47bc5.ps1 ENTER DELAY 1650 ALT F4 DELAY 1650 GUI r DELAY 1650 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 1650 STRING ADMINUSERNAME DELAY 1650 TAB STRING ADMINLAMEPASS DELAY 1650 ENTER DELAY 1650 DELAY 1650 ALT y DELAY 1650 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 1650 STRING m DELAY 1650 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 1650 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER Quote Link to comment Share on other sites More sharing options...
Merlintime Posted May 6, 2014 Share Posted May 6, 2014 Are these systems networked? If you have 200 systems, it may be better to utilize PowerShell to reach out remotely to pull the information? That would save you the effort of walking to each system and putting your Ducky in each system. Quote Link to comment Share on other sites More sharing options...
Bountyhunter50 Posted May 6, 2014 Author Share Posted May 6, 2014 They are all actually networked. Is that possible? O-o I may have to walk around anyways, 40% of the users have personal printers I need to manage too, but i'm prepping for one project at a time. Depending on how the inventory goes, will judge how I handle printers :-) Quote Link to comment Share on other sites More sharing options...
Bountyhunter50 Posted May 6, 2014 Author Share Posted May 6, 2014 So wait, that rename syntax: Would I apply that to just before the last ADMIN auth? Quote Link to comment Share on other sites More sharing options...
Bountyhunter50 Posted May 6, 2014 Author Share Posted May 6, 2014 They are all actually networked. Is that possible? O-o I may have to walk around anyways, 40% of the users have personal printers I need to manage too, but i'm prepping for one project at a time. Depending on how the inventory goes, will judge how I handle printers :-) I have not had a lot of experience with PowerShell , I discovered it actually from a Duck Script honestly Quote Link to comment Share on other sites More sharing options...
Merlintime Posted May 6, 2014 Share Posted May 6, 2014 They are all actually networked. Is that possible? O-o I may have to walk around anyways, 40% of the users have personal printers I need to manage too, but i'm prepping for one project at a time. Depending on how the inventory goes, will judge how I handle printers :-) I'm am by no means a PowerShell expert, just starting to work with it actually. I've used VBScript heavily in the past but PowerShell appears to be much better to work with. Below is an example of a script which can pull PC information remotely. I imagine the script can be modified to pull the information you are looking for and to take it's input (the computers from which you want to pull the information) from a file. An output file can be generated for each PC (if you want). http://gallery.technet.microsoft.com/scriptcenter/2a8a008c-ee30-4b50-a81a-1b7545ef3436 Anything that I could automate with a script made my life much easier (especially if this task will need to be performed periodically). The link below has some tutorials to get familiar with PowerShell. http://www.powershellpro.com/powershell-tutorial-introduction/ Quote Link to comment Share on other sites More sharing options...
Bountyhunter50 Posted May 7, 2014 Author Share Posted May 7, 2014 forgive me for asking a potentially dumb question; That code makes complete sense to me actually. Thanks for that post! My question is: Would I be able to save that as a .VBS script or bust open Visual Studio and hurl that into the compiler there and see what it barfs out? Quote Link to comment Share on other sites More sharing options...
Merlintime Posted May 7, 2014 Share Posted May 7, 2014 forgive me for asking a potentially dumb question; That code makes complete sense to me actually. Thanks for that post! My question is: Would I be able to save that as a .VBS script or bust open Visual Studio and hurl that into the compiler there and see what it barfs out? PowerShell scripts end with a .PS1 extension. The PowerShell ISE editor is normally the default editor but I imagine you can use your editor of choice. I don't believe the code would need to be run through Visual Studio. Quote Link to comment Share on other sites More sharing options...
411Hall Posted May 7, 2014 Share Posted May 7, 2014 Hi guys! So I'm deplyoing my Duck at work , and I have a script (Thanks to DuckToolKit) that saves the user and hardware info of their computer. We're doing an inventory basically. The output of the script saves it as a Report.zip, but I have about 200 computers to go through. Is it possible to have an IF 'Report.zip'=EXIST Then EXIST +1 Basically if Report.zip exists , rename the file to Report1, and so on so the final will have Report, Report1, Report 2, etc. Thanks!! I'll attach my script below: In response to this yes that wouldn't be a problem at all. I will probably append a time stamp to the report name so 'Report 08:00:00 07.05.2014.zip' That work for you? I will make the changes over the next weekend. As for PowerShell as Merlintime has pointed out its incredibly powerful and there are loads of ways you can remotely administer machines. When i was writing the Toolkit i discovered loads of awesome uses for it but i decided to leave remotely networked machines out of the scope as there are certain variables i wouldn't know. Anyway i have all of my PowerShell scripts minus the Duck code stored somewhere so if you want them let me know. Also let me know if you write anything you think could be a good payload. Im always looking for new scripts! 411. Quote Link to comment Share on other sites More sharing options...
Bountyhunter50 Posted May 7, 2014 Author Share Posted May 7, 2014 (edited) In response to this yes that wouldn't be a problem at all. I will probably append a time stamp to the report name so 'Report 08:00:00 07.05.2014.zip' That work for you? I will make the changes over the next weekend. As for PowerShell as Merlintime has pointed out its incredibly powerful and there are loads of ways you can remotely administer machines. When i was writing the Toolkit i discovered loads of awesome uses for it but i decided to leave remotely networked machines out of the scope as there are certain variables i wouldn't know. Anyway i have all of my PowerShell scripts minus the Duck code stored somewhere so if you want them let me know. Also let me know if you write anything you think could be a good payload. Im always looking for new scripts! 411. Any help would be forever appreciated! :-) Yeah if that wouldn't be too much trouble to send those over, I would appreciate that very much! I'm not completely familiar with Powershell outside of Duck scripts (unfortunately) so I'd like to use my duck till I'm comfortable learning about the full capabilites (I know that doesn't completely add up, as I'll need some knowledge to write a Duck Script, but as an Isolated program I'm a fish out of water) By the way 411, GREAT work on the Toolkit! Eversince I found that it's been a prime go-to for me. :-) Not sure if you use Bitmessage, but If that's a convenient method for you, I use that almost every day. LOL Edited May 7, 2014 by Bountyhunter50 Quote Link to comment Share on other sites More sharing options...
Bountyhunter50 Posted May 7, 2014 Author Share Posted May 7, 2014 Oh see, this is good im discovering things! That powershell script is fantastic! I had to make a little editing to read keys but that's minor :-) Problem IS that our admin network has ping disabled. SOO Ducky to the rescue! haha Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.