Jump to content

how to run cmd with Drive and the Switch position?


Manta
 Share

Recommended Posts

I'm trying to just display a BMP to the user when they plug in a USB. Its basically for Security awareness to accompany a Video I made about a found USB in the parking lot that someone plugged in and got all kind of things happen to them. 

I found this to determine the Drive letter using a WMIC command (Note: PS wont work because of security but WMIC will. ) how do I assign this variable to open a BMP? inside the ducky script. 

 for /f %%D in ('wmic volume get DriveLetter^, Label ^| find "yourLabel"') do set usb=%%D


 


I found this to determine the Drive letter using a WMIC command (note PS wont work because of security but WMIC will. ) how do I assign this variable to open a BMP? inside the ducky script. 

 for /f %%D in ('wmic volume get DriveLetter^, Label ^| find "BashBunny"') do set usb=%%D

Link to comment
Share on other sites

found my own answer through Google and trial and error . 

Here is a super easy script for everyone.. it uses the Bunny helper script and a command line to determine the Drive letter and position of the usb.

This can probably be used with any command at this point. you could possibly combine this with any other script. Just put the background.bmp file 

in the payload section. This does not use Powershell. there are other examples of that. But with my systems  I have disabled the ability to run PS automatically unless a specific configuration is met. 

#!/bin/bash
#
# Title:         Security Awareness BMP script
# Author:        Manta0101    
# Version:       1.0
# Target:        Windows

#This one is used to show what is possible when someone takes a USB and connects it to their system. 
# Displays a background.bmp file using the default program. and then writes to notepad a warning, closes all the windows (including the 'open Drive Dialog' that seems to continually
# pop up when i was testing ) 
# LED 
# --------------------------------------------------------------------
# purple/yellow, working. 
# green Finished.

LED SETUP

DEFAULT_DELAY 50
ATTACKMODE HID STORAGE
# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
source bunny_helpers.sh
LED ATTACK
Q  GUI r
#Q DELAY 100
Q STRING "CMD"
Q ENTER
Q  DELAY 200
Q STRING \@echo off
Q ENTER
Q STRING "for /f %D in ('wmic volume get DriveLetter^, Label ^| findstr BashBunny') do set DRIVE=%D"
Q ENTER
Q DELAY 50
Q STRING %DRIVE%\\payloads\\$SWITCH_POSITION\\background.bmp
Q ENTER
Q DELAY 3000
Q GUI r
Q STRING "notepad.exe"
Q ENTER
Q STRING " This was not malicious but most times things happen in the background and you would never see it.."

Q ENTER
Q STRING "even the picture you see on screen was not necessary. This was just for demonstration purposes"
Q DELAY 10000
Q ENTER 
Q STRING "Closing this window"
Q ENTER
Q DELAY 2000
Q ALT F4
Q STRING n
Q ALT F4
Q DELAY 1000
Q STRING exit
Q ENTER
Q ALT F4
LED FINISH
 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...