syelle/Ducky
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ddbc422896bb258deec515649ef9353b6601eb5
Ducky/Demo.ps1
Stephan Yelle 1ddbc42289 Add Demo.ps1
2026-03-05 23:17:24 -05:00

203 lines
7.1 KiB
PowerShell
Raw Blame History

Add-Type -AssemblyName System.Drawing
Add-Type -TypeDefinition @"
using System;
using System.Runtime.InteropServices;
public class Wallpaper {
[DllImport("user32.dll", SetLastError=true)]
public static extern bool SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni);
}
"@
# ----------------------------
# Config
# ----------------------------
$clientName = "Ford"
# Use the RAW file URL from your repo
$logoUrl = "https://raw.githubusercontent.com/YOURORG/YOURREPO/main/assets/ford_logo.png"
# Optional local fallback if download fails
$fallbackLogo = "C:\Temp\ford_logo.png"
# Temp working directory
$workDir = Join-Path $env:TEMP "ClientAwarenessDemo"
New-Item -ItemType Directory -Path $workDir -Force | Out-Null
$downloadedLogo = Join-Path $workDir "ford_logo.png"
$logoPath = $null
# ----------------------------
# Download logo
# ----------------------------
try {
Invoke-WebRequest -Uri $logoUrl -OutFile $downloadedLogo -UseBasicParsing -ErrorAction Stop
if (Test-Path $downloadedLogo) {
$logoPath = $downloadedLogo
}
}
catch {
Write-Warning "Could not download logo from repo."
}
if (-not $logoPath -and (Test-Path $fallbackLogo)) {
$logoPath = $fallbackLogo
}
# ----------------------------
# Collect harmless live info
# ----------------------------
$hostName = $env:COMPUTERNAME
$userName = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
$ipconfigText = ipconfig | Out-String
$ipv4 = ([regex]::Matches($ipconfigText, 'IPv4 Address[^\:]*:\s*([0-9\.]+)') | Select-Object -First 1).Groups[1].Value
$gateway = ([regex]::Matches($ipconfigText, 'Default Gateway[^\:]*:\s*([0-9\.]+)') | Select-Object -First 1).Groups[1].Value
$dns = ([regex]::Matches($ipconfigText, 'DNS Servers[^\:]*:\s*([0-9\.]+)') | Select-Object -First 1).Groups[1].Value
if ([string]::IsNullOrWhiteSpace($ipv4)) { $ipv4 = "Not found" }
if ([string]::IsNullOrWhiteSpace($gateway)) { $gateway = "Not found" }
if ([string]::IsNullOrWhiteSpace($dns)) { $dns = "Not found" }
# ----------------------------
# Simulated file names only
# ----------------------------
$fakeFiles = @(
"Payroll_2025.xlsx",
"Client_Contracts.docx",
"VPN_Credentials.txt",
"InternalBudget.xlsx",
"HR_Employee_List.xlsx",
"ProjectRoadmap.pptx",
"AccountsReceivable.csv",
"ExecutiveNotes.docx",
"MFA_Recovery_Codes.txt",
"Confidential_Pricing.pdf"
)
# ----------------------------
# Create wallpaper canvas
# ----------------------------
$width = 1920
$height = 1080
$bmp = New-Object System.Drawing.Bitmap $width, $height
$g = [System.Drawing.Graphics]::FromImage($bmp)
$g.SmoothingMode = [System.Drawing.Drawing2D.SmoothingMode]::AntiAlias
$g.TextRenderingHint = [System.Drawing.Text.TextRenderingHint]::ClearTypeGridFit
# Colors
$bgColor = [System.Drawing.Color]::FromArgb(15,18,28)
$panelColor = [System.Drawing.Color]::FromArgb(25,30,45)
$accentColor = [System.Drawing.Color]::FromArgb(0,173,239)
$textColor = [System.Drawing.Color]::White
$mutedColor = [System.Drawing.Color]::FromArgb(190,190,190)
$warnColor = [System.Drawing.Color]::FromArgb(255,210,90)
$g.Clear($bgColor)
# Brushes / pens
$panelBrush = New-Object System.Drawing.SolidBrush $panelColor
$accentBrush = New-Object System.Drawing.SolidBrush $accentColor
$textBrush = New-Object System.Drawing.SolidBrush $textColor
$mutedBrush = New-Object System.Drawing.SolidBrush $mutedColor
$warnBrush = New-Object System.Drawing.SolidBrush $warnColor
$borderPen = New-Object System.Drawing.Pen $accentColor, 2
# Fonts
$titleFont = New-Object System.Drawing.Font("Segoe UI", 28, [System.Drawing.FontStyle]::Bold)
$headerFont = New-Object System.Drawing.Font("Segoe UI", 16, [System.Drawing.FontStyle]::Bold)
$bodyFont = New-Object System.Drawing.Font("Consolas", 15, [System.Drawing.FontStyle]::Regular)
$smallFont = New-Object System.Drawing.Font("Segoe UI", 12, [System.Drawing.FontStyle]::Regular)
# ----------------------------
# Draw logo
# ----------------------------
if ($logoPath -and (Test-Path $logoPath)) {
try {
$logo = [System.Drawing.Image]::FromFile($logoPath)
$g.DrawImage($logo, 60, 35, 240, 100)
$logo.Dispose()
}
catch {
Write-Warning "Logo could not be loaded."
}
}
# ----------------------------
# Header text
# ----------------------------
$g.DrawString("$clientName Security Awareness Demonstration", $titleFont, $accentBrush, 60, 155)
$g.DrawString("This workstation accepted commands in seconds.", $headerFont, $textBrush, 60, 210)
$g.DrawString("Simulation only. No files were accessed, searched, copied, or transmitted.", $headerFont, $warnBrush, 60, 245)
# ----------------------------
# Left panel: real harmless info
# ----------------------------
$leftRect = New-Object System.Drawing.Rectangle 60, 310, 760, 460
$g.FillRectangle($panelBrush, $leftRect)
$g.DrawRectangle($borderPen, $leftRect)
$g.DrawString("Live harmless reconnaissance", $headerFont, $accentBrush, 80, 330)
$y = 385
$lineGap = 42
$g.DrawString("Hostname : $hostName", $bodyFont, $textBrush, 90, $y); $y += $lineGap
$g.DrawString("User : $userName", $bodyFont, $textBrush, 90, $y); $y += $lineGap
$g.DrawString("IPv4 : $ipv4", $bodyFont, $textBrush, 90, $y); $y += $lineGap
$g.DrawString("Gateway : $gateway", $bodyFont, $textBrush, 90, $y); $y += $lineGap
$g.DrawString("DNS : $dns", $bodyFont, $textBrush, 90, $y); $y += $lineGap + 10
$g.DrawString("Commands used:", $smallFont, $mutedBrush, 90, $y)
$g.DrawString("hostname whoami ipconfig", $bodyFont, $textBrush, 90, $y + 30)
# ----------------------------
# Right panel: simulated file targets
# ----------------------------
$rightRect = New-Object System.Drawing.Rectangle 870, 310, 980, 560
$g.FillRectangle($panelBrush, $rightRect)
$g.DrawRectangle($borderPen, $rightRect)
$g.DrawString("Simulated attacker targets", $headerFont, $accentBrush, 890, 330)
$g.DrawString("Examples of the kinds of files a bad actor would likely search for:", $smallFont, $mutedBrush, 890, 370)
$y2 = 420
foreach ($file in $fakeFiles) {
$g.DrawString("$file", $bodyFont, $textBrush, 900, $y2)
$y2 += 38
}
# ----------------------------
# Footer
# ----------------------------
$footerText = "Takeaway: brief physical access to an unlocked session can expose important information fast."
$g.DrawString($footerText, $headerFont, $warnBrush, 60, 965)
# ----------------------------
# Save wallpaper
# ----------------------------
$outPath = Join-Path $workDir "Client_Awareness_Wallpaper.bmp"
$bmp.Save($outPath, [System.Drawing.Imaging.ImageFormat]::Bmp)
# ----------------------------
# Cleanup GDI objects
# ----------------------------
$g.Dispose()
$bmp.Dispose()
$panelBrush.Dispose()
$accentBrush.Dispose()
$textBrush.Dispose()
$mutedBrush.Dispose()
$warnBrush.Dispose()
$borderPen.Dispose()
$titleFont.Dispose()
$headerFont.Dispose()
$bodyFont.Dispose()
$smallFont.Dispose()
# ----------------------------
# Set wallpaper style and apply
# ----------------------------
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -Value "10"
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -Value "0"
[Wallpaper]::SystemParametersInfo(20, 0, $outPath, 3) | Out-Null
Reference in New Issue View Git Blame Copy Permalink