Manta Posted October 9, 2018 Share Posted October 9, 2018 I'm trying to just display a BMP to the user when they plug in a USB. Its basically for Security awareness to accompany a Video I made about a found USB in the parking lot that someone plugged in and got all kind of things happen to them. I found this to determine the Drive letter using a WMIC command (Note: PS wont work because of security but WMIC will. ) how do I assign this variable to open a BMP? inside the ducky script. for /f %%D in ('wmic volume get DriveLetter^, Label ^| find "yourLabel"') do set usb=%%D I found this to determine the Drive letter using a WMIC command (note PS wont work because of security but WMIC will. ) how do I assign this variable to open a BMP? inside the ducky script. for /f %%D in ('wmic volume get DriveLetter^, Label ^| find "BashBunny"') do set usb=%%D Link to comment Share on other sites More sharing options...
Manta Posted October 9, 2018 Author Share Posted October 9, 2018 found my own answer through Google and trial and error . Here is a super easy script for everyone.. it uses the Bunny helper script and a command line to determine the Drive letter and position of the usb. This can probably be used with any command at this point. you could possibly combine this with any other script. Just put the background.bmp file in the payload section. This does not use Powershell. there are other examples of that. But with my systems I have disabled the ability to run PS automatically unless a specific configuration is met. #!/bin/bash # # Title: Security Awareness BMP script # Author: Manta0101 # Version: 1.0 # Target: Windows # #This one is used to show what is possible when someone takes a USB and connects it to their system. # Displays a background.bmp file using the default program. and then writes to notepad a warning, closes all the windows (including the 'open Drive Dialog' that seems to continually # pop up when i was testing ) # LED # -------------------------------------------------------------------- # purple/yellow, working. # green Finished. LED SETUP DEFAULT_DELAY 50 ATTACKMODE HID STORAGE # Source bunny_helpers.sh to get environment variable SWITCH_POSITION source bunny_helpers.sh LED ATTACK Q GUI r #Q DELAY 100 Q STRING "CMD" Q ENTER Q DELAY 200 Q STRING \@echo off Q ENTER Q STRING "for /f %D in ('wmic volume get DriveLetter^, Label ^| findstr BashBunny') do set DRIVE=%D" Q ENTER Q DELAY 50 Q STRING %DRIVE%\\payloads\\$SWITCH_POSITION\\background.bmp Q ENTER Q DELAY 3000 Q GUI r Q STRING "notepad.exe" Q ENTER Q STRING " This was not malicious but most times things happen in the background and you would never see it.." Q ENTER Q STRING "even the picture you see on screen was not necessary. This was just for demonstration purposes" Q DELAY 10000 Q ENTER Q STRING "Closing this window" Q ENTER Q DELAY 2000 Q ALT F4 Q STRING n Q ALT F4 Q DELAY 1000 Q STRING exit Q ENTER Q ALT F4 LED FINISH Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.