Work in progress :)
This commit is contained in:
Zarcolio
@@ -0,0 +1,88 @@
|
||||
# PowerShell script to convert file content to Base64, generate Ducky Script to open Notepad, type content, save, and decode it
|
||||
|
||||
param (
|
||||
[Parameter(Mandatory=$true)]
|
||||
[string]$FilePath,
|
||||
|
||||
[int]$ChunkSize = 500 # Default chunk size, adjustable via command line
|
||||
)
|
||||
|
||||
function Write-DuckyScript {
|
||||
param (
|
||||
[string]$OutputPath,
|
||||
[string[]]$Content
|
||||
)
|
||||
|
||||
try {
|
||||
[System.IO.File]::WriteAllLines($OutputPath, $Content)
|
||||
Write-Host "Ducky Script saved to: $OutputPath"
|
||||
} catch {
|
||||
Write-Error "Failed to save Ducky Script: $_"
|
||||
}
|
||||
}
|
||||
|
||||
# Ensure the file exists
|
||||
if (-Not (Test-Path $FilePath)) {
|
||||
Write-Error "File not found: $FilePath"
|
||||
exit
|
||||
}
|
||||
|
||||
# Read the file bytes
|
||||
$fileBytes = [System.IO.File]::ReadAllBytes($FilePath)
|
||||
|
||||
# Convert to Base64
|
||||
$base64String = [Convert]::ToBase64String($fileBytes)
|
||||
|
||||
# Generate the output file name for the .b64 file and original decoded file
|
||||
$InputFileName = [System.IO.Path]::GetFileNameWithoutExtension($FilePath)
|
||||
$InputFileExtension = [System.IO.Path]::GetExtension($FilePath)
|
||||
$B64FileName = "$InputFileName.b64"
|
||||
$OriginalFileName = "$InputFileName$InputFileExtension"
|
||||
|
||||
# Determine the current working directory to save the Ducky Script
|
||||
$CurrentDirectory = Get-Location
|
||||
$OutputFileName = "Create-$InputFileName.txt"
|
||||
$OutputFilePath = Join-Path -Path $CurrentDirectory -ChildPath $OutputFileName
|
||||
|
||||
# Initialize Ducky Script content with commands to open Notepad
|
||||
$duckyScriptContent = @(
|
||||
"DELAY 1000",
|
||||
"GUI r",
|
||||
"DELAY 500",
|
||||
"STRING notepad",
|
||||
"ENTER",
|
||||
"DELAY 1000"
|
||||
)
|
||||
|
||||
# Add the Base64 content to the Ducky Script
|
||||
$chunks = [Regex]::Matches($base64String, ".{1,$ChunkSize}")
|
||||
foreach ($chunk in $chunks) {
|
||||
$duckyScriptContent += "STRING $chunk"
|
||||
$duckyScriptContent += "DELAY 50"
|
||||
$duckyScriptContent += "BACKSPACE"
|
||||
$duckyScriptContent += "DELAY 100"
|
||||
}
|
||||
|
||||
# Append commands to save the file in Notepad
|
||||
$duckyScriptContent += "CTRL s"
|
||||
$duckyScriptContent += "DELAY 500"
|
||||
$duckyScriptContent += "STRING %USERPROFILE%\\$B64FileName"
|
||||
$duckyScriptContent += "ENTER"
|
||||
$duckyScriptContent += "DELAY 1000"
|
||||
$duckyScriptContent += "ALT F4"
|
||||
|
||||
# Append commands to open Command Prompt and execute certutil
|
||||
$duckyScriptContent += "DELAY 1000"
|
||||
$duckyScriptContent += "GUI r"
|
||||
$duckyScriptContent += "DELAY 500"
|
||||
$duckyScriptContent += "STRING cmd"
|
||||
$duckyScriptContent += "ENTER"
|
||||
$duckyScriptContent += "DELAY 1000"
|
||||
$duckyScriptContent += "STRING certutil -decode %USERPROFILE%\\$B64FileName %USERPROFILE%\\$OriginalFileName"
|
||||
$duckyScriptContent += "ENTER"
|
||||
$duckyScriptContent += "DELAY 1000"
|
||||
$duckyScriptContent += "STRING exit"
|
||||
$duckyScriptContent += "ENTER"
|
||||
|
||||
# Save the Ducky Script to the output file
|
||||
Write-DuckyScript -OutputPath $OutputFilePath -Content $duckyScriptContent
|
||||
Reference in New Issue
Block a user