syelle/Ducky
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Demo.ps1

Browse Source
This commit is contained in:
Stephan Yelle
2026-03-05 23:33:11 -05:00
parent df3bac7529
commit 051a9f581b
1 changed files with 100 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
Demo.ps1
View File

@@ -1,3 +1,7 @@
$demoStart = Get-Date
Add-Type -AssemblyName System.Drawing Add-Type -AssemblyName System.Drawing
Add-Type -TypeDefinition @" Add-Type -TypeDefinition @"
using System; using System;
@@ -13,19 +17,22 @@ public class Wallpaper {
# ---------------------------- # ----------------------------
$clientName = "Ford" $clientName = "Ford"
# Use the RAW file URL from your repo # RAW URL from your repo
$logoUrl = "https://git.svstools.com/syelle/Ducky/raw/branch/main/Ford.png" $logoUrl = "https://git.svstools.com/syelle/Ducky/raw/branch/main/Ford.png"
# Optional local fallback if download fails # Optional local fallback if download fails
$fallbackLogo = "C:\Temp\ford_logo.png" $fallbackLogo = "C:\Temp\ford_logo.png"
# Temp working directory # Working folder
$workDir = Join-Path $env:TEMP "ClientAwarenessDemo" $workDir = Join-Path $env:TEMP "ClientAwarenessDemo"
New-Item -ItemType Directory -Path $workDir -Force | Out-Null New-Item -ItemType Directory -Path $workDir -Force | Out-Null
$downloadedLogo = Join-Path $workDir "ford_logo.png" $downloadedLogo = Join-Path $workDir "ford_logo.png"
$logoPath = $null $logoPath = $null
# How long before restoring the original wallpaper
$restoreDelaySeconds = 30
# ---------------------------- # ----------------------------
# Download logo # Download logo
# ---------------------------- # ----------------------------
@@ -43,6 +50,13 @@ if (-not $logoPath -and (Test-Path $fallbackLogo)) {
$logoPath = $fallbackLogo $logoPath = $fallbackLogo
} }
# ----------------------------
# Save current wallpaper
# ----------------------------
$originalWallpaper = (Get-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallPaper -ErrorAction SilentlyContinue).WallPaper
$originalWallpaperStyle = (Get-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -ErrorAction SilentlyContinue).WallpaperStyle
$originalTileWallpaper = (Get-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -ErrorAction SilentlyContinue).TileWallpaper
# ---------------------------- # ----------------------------
# Collect harmless live info # Collect harmless live info
# ---------------------------- # ----------------------------
@@ -59,10 +73,37 @@ if ([string]::IsNullOrWhiteSpace($ipv4)) { $ipv4 = "Not found" }
if ([string]::IsNullOrWhiteSpace($gateway)) { $gateway = "Not found" } if ([string]::IsNullOrWhiteSpace($gateway)) { $gateway = "Not found" }
if ([string]::IsNullOrWhiteSpace($dns)) { $dns = "Not found" } if ([string]::IsNullOrWhiteSpace($dns)) { $dns = "Not found" }
# Try to get the primary adapter
$adapterName = "Not found"
try {
$primaryAdapter = Get-NetIPConfiguration |
Where-Object { $_.IPv4Address -and $_.NetAdapter.Status -eq 'Up' } |
Select-Object -First 1
if ($primaryAdapter) {
$adapterName = $primaryAdapter.InterfaceAlias
if (-not $ipv4 -or $ipv4 -eq "Not found") {
$ipv4 = $primaryAdapter.IPv4Address.IPAddress
}
if (-not $gateway -or $gateway -eq "Not found") {
$gateway = $primaryAdapter.IPv4DefaultGateway.NextHop
}
if (-not $dns -or $dns -eq "Not found") {
$dnsServers = $primaryAdapter.DNSServer.ServerAddresses
if ($dnsServers) {
$dns = ($dnsServers -join ", ")
}
}
}
}
catch {
# fall back to parsed ipconfig values
}
# ---------------------------- # ----------------------------
# Simulated file names only # Simulated file names only
# ---------------------------- # ----------------------------
$fakeFiles = @( <#$fakeFiles = @(
"Payroll_2025.xlsx", "Payroll_2025.xlsx",
"Client_Contracts.docx", "Client_Contracts.docx",
"VPN_Credentials.txt", "VPN_Credentials.txt",
@@ -74,6 +115,18 @@ $fakeFiles = @(
"MFA_Recovery_Codes.txt", "MFA_Recovery_Codes.txt",
"Confidential_Pricing.pdf" "Confidential_Pricing.pdf"
) )
#>
$officeExtensions = @("*.doc","*.docx","*.xls","*.xlsx","*.ppt","*.pptx","*.pub","*.vsd","*.vsdx","*.one","*.rtf","*.csv")
$OfficeDocs = Get-ChildItem -Path $env:USERPROFILE -Recurse -File -Include $officeExtensions -ErrorAction SilentlyContinue |
Select-Object FullName, Name, Extension, Length, LastWriteTime
# ----------------------------
# Timing text
# ----------------------------
$elapsedSeconds = [math]::Round(((Get-Date) - $demoStart).TotalSeconds, 1)
$timingText = "Demonstration completed in $elapsedSeconds seconds"
# ---------------------------- # ----------------------------
# Create wallpaper canvas # Create wallpaper canvas
@@ -93,6 +146,7 @@ $accentColor = [System.Drawing.Color]::FromArgb(0,173,239)
$textColor = [System.Drawing.Color]::White $textColor = [System.Drawing.Color]::White
$mutedColor = [System.Drawing.Color]::FromArgb(190,190,190) $mutedColor = [System.Drawing.Color]::FromArgb(190,190,190)
$warnColor = [System.Drawing.Color]::FromArgb(255,210,90) $warnColor = [System.Drawing.Color]::FromArgb(255,210,90)
$successColor = [System.Drawing.Color]::FromArgb(110,255,180)
$g.Clear($bgColor) $g.Clear($bgColor)
@@ -102,6 +156,7 @@ $accentBrush = New-Object System.Drawing.SolidBrush $accentColor
$textBrush = New-Object System.Drawing.SolidBrush $textColor $textBrush = New-Object System.Drawing.SolidBrush $textColor
$mutedBrush = New-Object System.Drawing.SolidBrush $mutedColor $mutedBrush = New-Object System.Drawing.SolidBrush $mutedColor
$warnBrush = New-Object System.Drawing.SolidBrush $warnColor $warnBrush = New-Object System.Drawing.SolidBrush $warnColor
$successBrush = New-Object System.Drawing.SolidBrush $successColor
$borderPen = New-Object System.Drawing.Pen $accentColor, 2 $borderPen = New-Object System.Drawing.Pen $accentColor, 2
# Fonts # Fonts
@@ -109,6 +164,7 @@ $titleFont = New-Object System.Drawing.Font("Segoe UI", 28, [System.Drawing.Font
$headerFont = New-Object System.Drawing.Font("Segoe UI", 16, [System.Drawing.FontStyle]::Bold) $headerFont = New-Object System.Drawing.Font("Segoe UI", 16, [System.Drawing.FontStyle]::Bold)
$bodyFont = New-Object System.Drawing.Font("Consolas", 15, [System.Drawing.FontStyle]::Regular) $bodyFont = New-Object System.Drawing.Font("Consolas", 15, [System.Drawing.FontStyle]::Regular)
$smallFont = New-Object System.Drawing.Font("Segoe UI", 12, [System.Drawing.FontStyle]::Regular) $smallFont = New-Object System.Drawing.Font("Segoe UI", 12, [System.Drawing.FontStyle]::Regular)
$timingFont = New-Object System.Drawing.Font("Segoe UI", 14, [System.Drawing.FontStyle]::Bold)
# ---------------------------- # ----------------------------
# Draw logo # Draw logo
@@ -130,20 +186,22 @@ if ($logoPath -and (Test-Path $logoPath)) {
$g.DrawString("$clientName Security Awareness Demonstration", $titleFont, $accentBrush, 60, 155) $g.DrawString("$clientName Security Awareness Demonstration", $titleFont, $accentBrush, 60, 155)
$g.DrawString("This workstation accepted commands in seconds.", $headerFont, $textBrush, 60, 210) $g.DrawString("This workstation accepted commands in seconds.", $headerFont, $textBrush, 60, 210)
$g.DrawString("Simulation only. No files were accessed, searched, copied, or transmitted.", $headerFont, $warnBrush, 60, 245) $g.DrawString("Simulation only. No files were accessed, searched, copied, or transmitted.", $headerFont, $warnBrush, 60, 245)
$g.DrawString($timingText, $timingFont, $successBrush, 60, 278)
# ---------------------------- # ----------------------------
# Left panel: real harmless info # Left panel: real harmless info
# ---------------------------- # ----------------------------
$leftRect = New-Object System.Drawing.Rectangle 60, 310, 760, 460 $leftRect = New-Object System.Drawing.Rectangle 60, 320, 760, 490
$g.FillRectangle($panelBrush, $leftRect) $g.FillRectangle($panelBrush, $leftRect)
$g.DrawRectangle($borderPen, $leftRect) $g.DrawRectangle($borderPen, $leftRect)
$g.DrawString("Live harmless reconnaissance", $headerFont, $accentBrush, 80, 330) $g.DrawString("Live harmless reconnaissance", $headerFont, $accentBrush, 80, 340)
$y = 385 $y = 395
$lineGap = 42 $lineGap = 42
$g.DrawString("Hostname : $hostName", $bodyFont, $textBrush, 90, $y); $y += $lineGap $g.DrawString("Hostname : $hostName", $bodyFont, $textBrush, 90, $y); $y += $lineGap
$g.DrawString("User : $userName", $bodyFont, $textBrush, 90, $y); $y += $lineGap $g.DrawString("User : $userName", $bodyFont, $textBrush, 90, $y); $y += $lineGap
$g.DrawString("Adapter : $adapterName", $bodyFont, $textBrush, 90, $y); $y += $lineGap
$g.DrawString("IPv4 : $ipv4", $bodyFont, $textBrush, 90, $y); $y += $lineGap $g.DrawString("IPv4 : $ipv4", $bodyFont, $textBrush, 90, $y); $y += $lineGap
$g.DrawString("Gateway : $gateway", $bodyFont, $textBrush, 90, $y); $y += $lineGap $g.DrawString("Gateway : $gateway", $bodyFont, $textBrush, 90, $y); $y += $lineGap
$g.DrawString("DNS : $dns", $bodyFont, $textBrush, 90, $y); $y += $lineGap + 10 $g.DrawString("DNS : $dns", $bodyFont, $textBrush, 90, $y); $y += $lineGap + 10
@@ -154,15 +212,15 @@ $g.DrawString("hostname whoami ipconfig", $bodyFont, $textBrush, 90, $y +
# ---------------------------- # ----------------------------
# Right panel: simulated file targets # Right panel: simulated file targets
# ---------------------------- # ----------------------------
$rightRect = New-Object System.Drawing.Rectangle 870, 310, 980, 560 $rightRect = New-Object System.Drawing.Rectangle 870, 320, 980, 560
$g.FillRectangle($panelBrush, $rightRect) $g.FillRectangle($panelBrush, $rightRect)
$g.DrawRectangle($borderPen, $rightRect) $g.DrawRectangle($borderPen, $rightRect)
$g.DrawString("Simulated attacker targets", $headerFont, $accentBrush, 890, 330) $g.DrawString("Simulated attacker targets", $headerFont, $accentBrush, 890, 340)
$g.DrawString("Examples of the kinds of files a bad actor would likely search for:", $smallFont, $mutedBrush, 890, 370) $g.DrawString("Examples of the kinds of files a bad actor would likely search for:", $smallFont, $mutedBrush, 890, 380)
$y2 = 420 $y2 = 430
foreach ($file in $fakeFiles) { foreach ($file in $OfficeDocs) {
$g.DrawString("$file", $bodyFont, $textBrush, 900, $y2) $g.DrawString("$file", $bodyFont, $textBrush, 900, $y2)
$y2 += 38 $y2 += 38
} }
@@ -171,7 +229,9 @@ foreach ($file in $fakeFiles) {
# Footer # Footer
# ---------------------------- # ----------------------------
$footerText = "Takeaway: brief physical access to an unlocked session can expose important information fast." $footerText = "Takeaway: brief physical access to an unlocked session can expose important information fast."
$g.DrawString($footerText, $headerFont, $warnBrush, 60, 965) $restoreText = "Original wallpaper will be restored in $restoreDelaySeconds seconds."
$g.DrawString($footerText, $headerFont, $warnBrush, 60, 935)
$g.DrawString($restoreText, $smallFont, $mutedBrush, 60, 975)
# ---------------------------- # ----------------------------
# Save wallpaper # Save wallpaper
@@ -189,15 +249,41 @@ $accentBrush.Dispose()
$textBrush.Dispose() $textBrush.Dispose()
$mutedBrush.Dispose() $mutedBrush.Dispose()
$warnBrush.Dispose() $warnBrush.Dispose()
$successBrush.Dispose()
$borderPen.Dispose() $borderPen.Dispose()
$titleFont.Dispose() $titleFont.Dispose()
$headerFont.Dispose() $headerFont.Dispose()
$bodyFont.Dispose() $bodyFont.Dispose()
$smallFont.Dispose() $smallFont.Dispose()
$timingFont.Dispose()
# ---------------------------- # ----------------------------
# Set wallpaper style and apply # Apply wallpaper
# ---------------------------- # ----------------------------
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -Value "10" Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -Value "10"
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -Value "0" Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -Value "0"
[Wallpaper]::SystemParametersInfo(20, 0, $outPath, 3) | Out-Null [Wallpaper]::SystemParametersInfo(20, 0, $outPath, 3) | Out-Null
# ----------------------------
# Restore original wallpaper
# ----------------------------
if (-not [string]::IsNullOrWhiteSpace($originalWallpaper) -and (Test-Path $originalWallpaper)) {
Start-Job -ScriptBlock {
param($delay, $wallpaper, $style, $tile)
Start-Sleep -Seconds $delay
Add-Type -TypeDefinition @"
using System;
using System.Runtime.InteropServices;
public class WallpaperRestore {
[DllImport("user32.dll", SetLastError=true)]
public static extern bool SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni);
}
"@
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -Value $style
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -Value $tile
[WallpaperRestore]::SystemParametersInfo(20, 0, $wallpaper, 3) | Out-Null
} -ArgumentList $restoreDelaySeconds, $originalWallpaper, $originalWallpaperStyle, $originalTileWallpaper | Out-Null
}