PowerShell Pranks – Making Work Fun with Creepy Voices!

In every IT office I have worked in pulling pranks co-workers has been a standard. They tend to be low tech; co-worker leaves computer unlocked you change their background, maybe change their Windows sound affects. They tend to be small and easy to revert.

Over the summer in our office we had an intern program and a specific intern who wasn’t very wise when it came to locking his computer. We got him probably 10-15 times with picture of David Hasselhoff in a thong. We also installed some fun Google Chrome add-ons that would change every image on the page to something else.

These got boring; which is very unusual when making someone have a sexy background. However because we became so board with it we decided to take it a step further. We thought, wouldn’t it be cool to automate this with PowerShell? So our initial idea was changing the background to a random image. Looking through the ways of doing that was semi-complicated and I was feeling lazy. So we ditched the idea and it was on the back burner for a long time.

p0d3l

One evening I came home from work and stumbled upon this amazing post on the PowerShell Sub-Reddit “A fun script for Friday – make your friend’s computer start talking to him/her.” To sum it up, it’ll use Text to Speech to have the computer talk. In the example that was posted it used PowerShell Remoting. Using PowerShell Remoting for such a malicious intent may cross a line, depends on who the target is and how much you abuse it. In my case the computers were not domain joined and so I couldn’t use that as easily. So I decided to take my Friday night and make it quite a bit more “portable.”

Step 1: The Idea

So the first step had been achieved thanks to Sinisterly on the PowerShell Sub-Reddit.

Step 1: Writing the Script

Now writing the script was going to be easy, it was almost already written for me a few tweaks here and there and boom done. The first iteration of this script read from a file I copied to the system when initially deploying it. I decided that wasn’t nearly as much fun as controlling it remotely. So the current version when executed will download the newest phrase file from a web service and save to burried directory on the file system. Knowing the majority of my targets were male and the phrases I’d be using would have extra affect coming from a male voice I decided to add a Voice Hint of Male.

So we have the voice script written but we need the phrases! So I spent a fair amount of time on these and probed a couple of my friends to help pitch in for this effort and I am quite happy with the list we have. All you need to do is toss these onto a web server (Skydrive works great too!) make sure it is publicly accessible and move to the next step. Please read over it, depending on who you are targeting some of them may cause a sexual harassment concern with HR.

Now that the majority of the script was written I needed a way for it to repeat. I was aware of PowerShell Jobs, but I had never set one up and wasn’t 100% sure on how to do it. This was probably the most time consuming aside from writing the phrases. I had quite a bit to learn but I was able to throw together what to the target would seem to be random, but to me I know the exact time it executes and I can make sure I am around the area when it runs.

 

Step 3: Implementing the Script

So I had a solid script written now I was down to how it would be delivered. As I had said above I wasn’t going to use PowerShell Remoting so it was going to need to be easy to deliver, I could plop it onto our network somewhere and copy it down but that requires a lot of manual labor; so back to the whole lazy thing I figured a Flash Drive would be best. Copying the files manually and executing the scripts also affects that lazy thing so I figured I had a few things to accomplish that I don’t want to do manually.

  1. Change Execution Policy
  2. Copy Files to local system
  3. Execute the prankschedule.ps1 file

Those are simple enough right? Let’s just write a quick PowerShell Script to copy our files and run the schedule script.

Well great we have our files copied but I still have to open PowerShell and change the Execution Policy. We will just write a batch file to fix that! The thing I ran into is I was feeling so lazy I don’t want to right click, so UAC is going to be an issue. Luckily with some quick Google…. I mean Binging! I was able to find a fantastic answer on StackOverflow. Once the whole UAC thing was bypassed it was a simple call Powershell.exe and pass an argument that runs a cmdlet. Please note that I am also doing some fancy stuff with the directory the file is executing from, I have no idea where I found that but it was some easy searching that found that too.

(Bonus) Step 4: Going Further with Automation

I had this script written and running one the primary target and a few extra systems, it worked great. I then attended DerbyCon which is a security conference in Louisville, KY. While here I decided to obtain a device called a USB Rubber Ducky, I had heard of this device before; but at the time didn’t really have a use for it… until now.

What this device does is emulate a keyboard and is used as a keystroke injection device. So with a bit of automation I was able to skip that whole opening a directory and published some scripts to a web service, customized a payload to download it and let it run. I have tested this on one system thus far, it runs flawlessly and without me touching the mouse or keyboard executes in about 10 seconds. I yank the device out and go about my business.

Buy your very own USB Rubber Ducky!

Wrapping it up

It was quite a simplistic approach, I’ll toss voice.ps1 and prankSchedule.ps1 in a directory called voice on the Flash Drive then I’ll put the prankInstall.ps1 and prankInstall.bat file in the root of the Flash Drive. Next time the computer is unlocked I will toss drive into an open USB port, I’ll view the directory in Explorer and double click the batch file. Click Yes on the UAC prompt and it does the rest from there.

Please note: No interns were harmed in the development or testing of this script… he was full time by the time I wrote it and deployed it. It wasn’t all my doing, it was a team effort to distract him when he went into the break room.

Be Sociable, Share!
  1. You could also use Get-Random to randomize the times. That would be an easy way to loop through for each hour, randomly setting the minutes X times.

    It looks like there might be a typo in the voice.ps1 script. In your Invoke-WebRequest line, you reference $PSHOME\bin\TTVphrases.txt. In the next line, you reference $HOME\bin\prankphrases.txt.

    • Thanks for the feedback, I have corrected that typo. Please note I am not hosting these files so you will need to change the URL to a web server you are hosting the files on.

  2. I love it!

    Here’s some fun addons to the function. A Random voice and speed :)

    $Sex=GET-RANDOM “Microsoft David Desktop”,”Microsoft Hazel Desktop”,”Microsoft Zira Desktop”
    $Speed=(GET-RANDOM 10)-5
    $object.SelectVoice($Sex)
    $object.rate=$Speed
    $object.Speak($phrase)

    Sean
    The EnergizedTech

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">