Removing the CapsLock Error

payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/README.md

@@ -33,7 +33,6 @@ An immediate solution to the problem is to reboot the system, which would close
 
 The payload.txt file contains DuckyScript code that enables you to create a Shell script that periodically performs the Cisco-suggested verification to determine if the machine has been attacked. The script defines three variables: the script name, the superuser (sudo) password, and the file path. The only variable that must be modified is the sudo password because it varies from user to user. The other two variables can be changed but aren't strictly necessary for the payload's functionality. They represent the desired script name and the default path (the current folder).
 
-To minimize downtime, the Hak5 Detect Ready extension has been used. When the Shell is opened, the payload executes a series of commands that involve writing the contents of a file, allowing the creation of a script on the machine that will be automatically executed by the operating system.
 
 Once the file is created, it's automatically saved at the end of the execution, and the payload proceeds to enable execution permissions using the permissions granted by the sudo+chmod command.
 
@@ -132,4 +131,4 @@ In this specific case, we are using the `-x` parameter, which signifies the exec
     </td>
   </tr>
 </table>
-</div>
+</div>

payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt

@@ -1,10 +1,10 @@
 REM #############################################################################################
 REM #                                                                                           #
-REM # Title     : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273   #
-REM # Author	  : Aleff                                                                         #
-REM # Version	  : 1.0                                                                           #
+REM # Title		: Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273   #
+REM # Author	: Aleff                                                                         #
+REM # Version	: 1.0                                                                           #
 REM # Category	: incident-response                                                             #
-REM # Target	  : Cisco IOS XE                                                                  #
+REM # Target	: Cisco IOS XE                                                                  #
 REM #                                                                                           #
 REM #############################################################################################
 
@@ -18,34 +18,8 @@ DEFINE #SUDO-PSWD example
 REM Here you chould define the script path, if you don't change it is selected the default path, so the home path. If, for istance, you have a specific path where you put some stuff like this you can edit thi DuckyScript variable with the correct path
 DEFINE #PATH-TO-SCRIPT ./
 
-EXTENSION DETECT_READY
-    REM VERSION 1.1
-    REM AUTHOR: Korben
-
-    REM_BLOCK DOCUMENTATION
-        USAGE:
-            Extension runs inline (here)
-            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
-            boot delay
-
-        TARGETS:
-            Any system that reflects CAPSLOCK will detect minimum required delay
-            Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
-    END_REM
-
-    REM CONFIGURATION:
-    DEFINE #RESPONSE_DELAY 25
-    DEFINE #ITERATION_LIMIT 120
-
-    VAR $C = 0
-    WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
-        CAPSLOCK
-        DELAY #RESPONSE_DELAY
-        $C = ($C + 1)
-    END_WHILE
-    CAPSLOCK
-END_EXTENSION
 
+DELAY 2000
 CTRL-ALT t
 DELAY 1000