usbrubberducky-payloads/payloads/extensions/os_detect.txt

EXTENSION OS_DETECTION
    REM VERSION 1.1
    REM AUTHOR: Korben

    REM_BLOCK DOCUMENTATION
        USB Rubber Ducky Host OS Detection
        Generic OS detection at a high view is a moving target
        results may vary greatly depending
        on a combination of many variables:
         - number of testing stages
         - specific devices and versions tested against
         - number of systems testing for (scope)
         - detection techniques (passive/invisible/active/hybrid)
         - overall speed
         - overall accuracy

        If all you require is windows vs <anything other os> detection, the
        PASSIVE_WINDOWS_DETECT extension is recommended over this extension.

        TARGET:
            DEFAULT - Windows, Mac, Linux
            ADVANCED_DETECTION - Windows, Mac, Linux, iOS, ChromeOS, Android

        USAGE:
            Uncomment the function call below to run this extension inline (here)
            or call DETECT_OS() anywhere in your payload after the extension
            Place this extension and the DETECT_OS() before
            you would like to first reference $_OS to execute payload code conditionally

        FEEDBACK:
            As mentioned above, this a moving target (especially for mac systems)
            Please report any issues identifying specific operating systems.
            Your feedback will greatly help solidify the robustness of this extension

        DEBUGGING:
            SET DEBUGGING_OUTPUT DEFINE to TRUE, deploy on a target with text editor open for debug output
    END_REM

    REM CONFIGURATION:
    REM For Debugging:
    DEFINE #DEBUGGING_OUTPUT FALSE
    DEFINE #ADVANCED_DETECTION FALSE
    REM Timing fine tuning:
    DEFINE #STARTUP_DELAY 1500
    DEFINE #RESTART_WAIT 1000
    DEFINE #CONNECT_WAIT 1000
    DEFINE #OS_DETECT_MODE HID
    DEFINE #OS_DETECT_VID VID_05AC
    DEFINE #OS_DETECT_PID PID_021E
    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
    DEFINE #HOST_RESPONSE_TIMEOUT 1000

    FUNCTION DETECT_OS()
        $_HOST_CONFIGURATION_REQUEST_COUNT = 0
        ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID
        DELAY #STARTUP_DELAY
        SAVE_HOST_KEYBOARD_LOCK_STATE

        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
            IF_DEFINED_TRUE #ADVANCED_DETECTION
                STRING ADVANCED OS DETECT
            ELSE_DEFINED
                STRING OS DETECT
            END_IF_DEFINED

            ENTER
            STRING test caps
        END_IF_DEFINED

        IF ($_CAPSLOCK_ON == FALSE) THEN
            LED_R
            CAPSLOCK
            DELAY #HOST_RESPONSE_TIMEOUT
        END_IF
        LED_OFF

        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
            ENTER
            STRING test done
        END_IF_DEFINED

        IF $_RECEIVED_HOST_LOCK_LED_REPLY THEN
            IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                ENTER
                STRING received led response
            END_IF_DEFINED
            LED_G
            IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
                IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                    ENTER
                    STRING prediction: Windows
                END_IF_DEFINED
                $_OS = WINDOWS
            ELSE
                IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                    ENTER
                    STRING prediction: Linux
                END_IF_DEFINED
                $_OS = LINUX
            END_IF
        ELSE
            IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                ENTER
                STRING no led response
                ENTER
                STRING prediciton: MacOS
            END_IF_DEFINED
            $_OS = MACOS
        END_IF

        IF_DEFINED_TRUE #ADVANCED_DETECTION
            IF ( $_OS == LINUX ) THEN
                IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                    ENTER
                    STRING soft reconnect
                END_IF_DEFINED
                ATTACKMODE OFF
                DELAY #RESTART_WAIT
                ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID
                DELAY #CONNECT_WAIT
                IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                    ENTER
                    STRING reconnected
                END_IF_DEFINED
                IF ($_CAPSLOCK_ON == TRUE) THEN
                    IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                        ENTER
                        STRING caps led on
                        ENTER
                        STRING test numlock
                    END_IF_DEFINED
                    NUMLOCK
                    DELAY #HOST_RESPONSE_TIMEOUT
                    IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                        ENTER
                        STRING test done
                    END_IF_DEFINED
                    IF ($_NUMLOCK_ON == FALSE) THEN
                        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                            ENTER
                            STRING no numlock led
                            ENTER
                            STRING prediciton: ChromeOS
                        END_IF_DEFINED
                        $_OS = CHROMEOS
                    ELSE
                        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                            ENTER
                            STRING numlock led on
                            ENTER
                            STRING testing scrolllock
                        END_IF_DEFINED
                        SCROLLLOCK
                        DELAY #HOST_RESPONSE_TIMEOUT
                        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                            ENTER
                            STRING test done
                        END_IF_DEFINED
                        IF ($_SCROLLLOCK_ON == TRUE) THEN
                            IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                                ENTER
                                STRING scrolllock led on
                                ENTER
                                STRING prediciton: Android
                            END_IF_DEFINED
                            $_OS = ANDROID
                        ELSE
                            IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                                ENTER
                                STRING no scrolllock reply
                                ENTER
                                STRING prediction: Linux
                            END_IF_DEFINED
                            $_OS = LINUX
                        END_IF
                    END_IF
                END_IF
            ELSE IF ($_OS == MACOS) THEN
                IF ($_CAPSLOCK_ON == TRUE) THEN
                    IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                        ENTER
                        STRING caps led on
                        ENTER
                        STRING prediction: iOS
                    END_IF_DEFINED
                    $_OS = IOS
                ELSE 
                    IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                        ENTER
                        STRING no caps reply
                        ENTER
                        STRING prediction: MacOS
                    END_IF_DEFINED
                    $_OS = MACOS
                END_IF
            ELSE IF ($_OS == WINDOWS) THEN
                IF_DEFINED_TRUE #DEBUGGING_OUTPUT
                    ENTER
                    STRING Confident Windows Prediction
                END_IF_DEFINED
                $_OS = WINDOWS
            END_IF
        END_IF_DEFINED

        RESTORE_HOST_KEYBOARD_LOCK_STATE

        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
            ENTER
            STRING OS_DETECT complete
            ENTER
        END_IF_DEFINED
    END_FUNCTION

    REM Uncomment the function call below to run this extension inline (here)
    REM or call DETECT_OS() anywhere in your payload after the extension
    REM DETECT_OS()
END_EXTENSION
Add New DuckyScript 3.0 Examples and Extensions 2022-08-19 22:26:02 +00:00			`EXTENSION OS_DETECTION`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`REM VERSION 1.1`
			`REM AUTHOR: Korben`

			`REM_BLOCK DOCUMENTATION`
			`USB Rubber Ducky Host OS Detection`
			`Generic OS detection at a high view is a moving target`
			`results may vary greatly depending`
			`on a combination of many variables:`
			`- number of testing stages`
			`- specific devices and versions tested against`
			`- number of systems testing for (scope)`
			`- detection techniques (passive/invisible/active/hybrid)`
			`- overall speed`
			`- overall accuracy`

			`If all you require is windows vs <anything other os> detection, the`
			`PASSIVE_WINDOWS_DETECT extension is recommended over this extension.`

			`TARGET:`
			`DEFAULT - Windows, Mac, Linux`
			`ADVANCED_DETECTION - Windows, Mac, Linux, iOS, ChromeOS, Android`

			`USAGE:`
			`Uncomment the function call below to run this extension inline (here)`
			`or call DETECT_OS() anywhere in your payload after the extension`
			`Place this extension and the DETECT_OS() before`
			`you would like to first reference $_OS to execute payload code conditionally`

			`FEEDBACK:`
			`As mentioned above, this a moving target (especially for mac systems)`
			`Please report any issues identifying specific operating systems.`
			`Your feedback will greatly help solidify the robustness of this extension`

			`DEBUGGING:`
			`SET DEBUGGING_OUTPUT DEFINE to TRUE, deploy on a target with text editor open for debug output`
			`END_REM`
Add New DuckyScript 3.0 Examples and Extensions 2022-08-19 22:26:02 +00:00
add languages, update extensions 2022-09-29 06:06:15 +00:00			`REM CONFIGURATION:`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`REM For Debugging:`
			`DEFINE #DEBUGGING_OUTPUT FALSE`
			`DEFINE #ADVANCED_DETECTION FALSE`
			`REM Timing fine tuning:`
			`DEFINE #STARTUP_DELAY 1500`
			`DEFINE #RESTART_WAIT 1000`
			`DEFINE #CONNECT_WAIT 1000`
			`DEFINE #OS_DETECT_MODE HID`
			`DEFINE #OS_DETECT_VID VID_05AC`
			`DEFINE #OS_DETECT_PID PID_021E`
			`DEFINE #WINDOWS_HOST_REQUEST_COUNT 2`
			`DEFINE #HOST_RESPONSE_TIMEOUT 1000`
Add New DuckyScript 3.0 Examples and Extensions 2022-08-19 22:26:02 +00:00
			`FUNCTION DETECT_OS()`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`$_HOST_CONFIGURATION_REQUEST_COUNT = 0`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID`
			`DELAY #STARTUP_DELAY`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`SAVE_HOST_KEYBOARD_LOCK_STATE`

1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
			`IF_DEFINED_TRUE #ADVANCED_DETECTION`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`STRING ADVANCED OS DETECT`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`ELSE_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`STRING OS DETECT`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00
			`ENTER`
			`STRING test caps`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00
			`IF ($_CAPSLOCK_ON == FALSE) THEN`
			`LED_R`
			`CAPSLOCK`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`DELAY #HOST_RESPONSE_TIMEOUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`END_IF`
			`LED_OFF`

1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING test done`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00
			`IF $_RECEIVED_HOST_LOCK_LED_REPLY THEN`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING received led response`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`LED_G`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN`
			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING prediction: Windows`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`$_OS = WINDOWS`
			`ELSE`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING prediction: Linux`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`$_OS = LINUX`
			`END_IF`
			`ELSE`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING no led response`
			`ENTER`
			`STRING prediciton: MacOS`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`$_OS = MACOS`
			`END_IF`

1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #ADVANCED_DETECTION`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`IF ( $_OS == LINUX ) THEN`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING soft reconnect`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ATTACKMODE OFF`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`DELAY #RESTART_WAIT`
			`ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID`
			`DELAY #CONNECT_WAIT`
			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING reconnected`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`IF ($_CAPSLOCK_ON == TRUE) THEN`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING caps led on`
			`ENTER`
			`STRING test numlock`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`NUMLOCK`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`DELAY #HOST_RESPONSE_TIMEOUT`
			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING test done`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`IF ($_NUMLOCK_ON == FALSE) THEN`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING no numlock led`
			`ENTER`
			`STRING prediciton: ChromeOS`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`$_OS = CHROMEOS`
			`ELSE`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING numlock led on`
			`ENTER`
			`STRING testing scrolllock`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`SCROLLLOCK`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`DELAY #HOST_RESPONSE_TIMEOUT`
			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING test done`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`IF ($_SCROLLLOCK_ON == TRUE) THEN`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING scrolllock led on`
			`ENTER`
			`STRING prediciton: Android`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`$_OS = ANDROID`
			`ELSE`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING no scrolllock reply`
			`ENTER`
			`STRING prediction: Linux`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`$_OS = LINUX`
			`END_IF`
			`END_IF`
			`END_IF`
			`ELSE IF ($_OS == MACOS) THEN`
			`IF ($_CAPSLOCK_ON == TRUE) THEN`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING caps led on`
			`ENTER`
			`STRING prediction: iOS`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`$_OS = IOS`
			`ELSE`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING no caps reply`
			`ENTER`
			`STRING prediction: MacOS`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`$_OS = MACOS`
			`END_IF`
			`ELSE IF ($_OS == WINDOWS) THEN`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING Confident Windows Prediction`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`$_OS = WINDOWS`
			`END_IF`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
add languages, update extensions 2022-09-29 06:06:15 +00:00
			`RESTORE_HOST_KEYBOARD_LOCK_STATE`

1.3.0 updates 2023-03-14 22:19:57 +00:00			`IF_DEFINED_TRUE #DEBUGGING_OUTPUT`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`ENTER`
			`STRING OS_DETECT complete`
			`ENTER`
1.3.0 updates 2023-03-14 22:19:57 +00:00			`END_IF_DEFINED`
Add New DuckyScript 3.0 Examples and Extensions 2022-08-19 22:26:02 +00:00			`END_FUNCTION`
add languages, update extensions 2022-09-29 06:06:15 +00:00
Add New DuckyScript 3.0 Examples and Extensions 2022-08-19 22:26:02 +00:00			`REM Uncomment the function call below to run this extension inline (here)`
			`REM or call DETECT_OS() anywhere in your payload after the extension`
			`REM DETECT_OS()`
add languages, update extensions 2022-09-29 06:06:15 +00:00			`END_EXTENSION`