From b7e33c517d3a430c16f42fb2e5b3a5ab553f432f Mon Sep 17 00:00:00 2001 From: Dallas Winger Date: Thu, 19 Oct 2023 19:22:28 -0400 Subject: [PATCH] add some new extensions --- .../extensions/default_lock_key_states.txt | 26 ++++ payloads/extensions/detect_reflection.txt | 19 +++ .../extensions/random_variable_labels.txt | 121 ++++++++++++++++++ .../timed_wait_for_button_press.txt | 24 ++++ payloads/extensions/wait_for_button_hold.txt | 54 ++++++++ payloads/extensions/windows_only.txt | 20 +++ 6 files changed, 264 insertions(+) create mode 100644 payloads/extensions/default_lock_key_states.txt create mode 100644 payloads/extensions/detect_reflection.txt create mode 100644 payloads/extensions/random_variable_labels.txt create mode 100644 payloads/extensions/timed_wait_for_button_press.txt create mode 100644 payloads/extensions/wait_for_button_hold.txt create mode 100644 payloads/extensions/windows_only.txt diff --git a/payloads/extensions/default_lock_key_states.txt b/payloads/extensions/default_lock_key_states.txt new file mode 100644 index 0000000..e1740c7 --- /dev/null +++ b/payloads/extensions/default_lock_key_states.txt @@ -0,0 +1,26 @@ +EXTENSION DEFAULT_LOCK_KEY_STATES + REM VERSION: 1.0 + REM AUTHOR: Korben + + DEFINE #CAPS_ENABLED FALSE + DEFINE #NUM_ENABLED TRUE + DEFINE #SCROLL_ENABLED FALSE + + DEFINE #SAVE_ORIGINAL_STATE TRUE + + FUNCTION DEFAULT_LOCK_KEY_STATES() + IF_DEFINED_TRUE #SAVE_ORIGINAL_STATE + SAVE_HOST_KEYBOARD_LOCK_STATE + END_IF_DEFINED + + IF (($_CAPSLOCK_ON == #CAPS_ENABLED) == FALSE) THEN + CAPSLOCK + END_IF + IF (($_NUMLOCK_ON == #NUM_ENABLED) == FALSE) THEN + NUMLOCK + END_IF + IF (($_SCROLLLOCK_ON == #SCROLL_ENABLED) == FALSE) THEN + SCROLLLOCK + END_IF + END_FUNCTION +END_EXTENSION \ No newline at end of file diff --git a/payloads/extensions/detect_reflection.txt b/payloads/extensions/detect_reflection.txt new file mode 100644 index 0000000..3be4989 --- /dev/null +++ b/payloads/extensions/detect_reflection.txt @@ -0,0 +1,19 @@ +EXTENSION DETECT_REFLECTION + REM VERSION: 1.0 + REM AUTHOR: Korben + + DEFINE #RESPONSE_DELAY 100 + + FUNCTION DETECT_REFLECTION() + SAVE_HOST_KEYBOARD_LOCK_STATE + $CURRENT_CAPS = $_CAPSLOCK_ON + CAPSLOCK + DELAY #RESPONSE_DELAY + IF ($CURRENT_CAPS == $_CAPSLOCK_ON) THEN + RESTORE_HOST_KEYBOARD_LOCK_STATE + RETURN FALSE + END_IF + RESTORE_HOST_KEYBOARD_LOCK_STATE + RETURN TRUE + END_FUNCTION +END_EXTENSION \ No newline at end of file diff --git a/payloads/extensions/random_variable_labels.txt b/payloads/extensions/random_variable_labels.txt new file mode 100644 index 0000000..1eac0c4 --- /dev/null +++ b/payloads/extensions/random_variable_labels.txt @@ -0,0 +1,121 @@ +EXTENSION RANDOM_VARIABLE_LABELS + REM_BLOCK Documentation + This extension is used to generate 5 guaranteed random unique random strings or characters + + TARGET: + Any + + USAGE: + Place this extension at top of your payload. Replace usages of + static variable names within the code youre injecting with usages of + the function calls below - RANDOM_LABEL_N - where N is 1-5 + + CONFIGURATION: + To change the type of random label replace RANDOM_LABEL_TYPE with + one of the following: + $_RANDOM_LETTER_KEYCODE + $_RANDOM_CHAR_KEYCODE + $_RANDOM_NUMBER_KEYCODE + WARNING: be sure to choose something that is a valid variable name in + the language you intend to use this with + + + If you only need 5 or less random variable names and would prefer + injection performance and reduced payload size, set SINGLE_CHAR_MODE + to TRUE + + If you need MORE than 5 random variable names, use the template at + the end of this extension to generate as many unique strings as + needed with the 5 base variables: $random_label_1 through $random_label_5 + note: if this is the case you will need to keep SINGLE_CHAR_MODE FALSE + + END_REM + + + DEFINE #RANDOM_LABEL_TYPE $_RANDOM_LETTER_KEYCODE + + DEFINE #SINGLE_CHAR_MODE FALSE + + VAR $random_label_1 = #RANDOM_LABEL_TYPE + VAR $random_label_2 = #RANDOM_LABEL_TYPE + WHILE ($random_label_1 == $random_label_2) + $random_label_2 = #RANDOM_LABEL_TYPE + END_WHILE + VAR $random_label_3 = #RANDOM_LABEL_TYPE + WHILE (($random_label_1 == $random_label_3) || ($random_label_2 == $random_label_3)) + $random_label_3 = #RANDOM_LABEL_TYPE + END_WHILE + VAR $random_label_4 = #RANDOM_LABEL_TYPE + WHILE (($random_label_1 == $random_label_4) || ($random_label_2 == $random_label_3) || ($random_label_3 == $random_label_4)) + $random_label_4 = #RANDOM_LABEL_TYPE + END_WHILE + VAR $random_label_5 = #RANDOM_LABEL_TYPE + WHILE (($random_label_1 == $random_label_5) || ($random_label_2 == $random_label_5) || ($random_label_3 == $random_label_5) || ($random_label_4 == $random_label_5)) + $random_label_5 = #RANDOM_LABEL_TYPE + END_WHILE + + + FUNCTION RANDOM_LABEL_1() + INJECT_VAR $random_label_1 + IF_NOT_DEFINED_TRUE #SINGLE_CHAR_MODE + INJECT_VAR $random_label_2 + INJECT_VAR $random_label_3 + INJECT_VAR $random_label_4 + INJECT_VAR $random_label_5 + END_IF_DEFINED + END_FUNCTION + + FUNCTION RANDOM_LABEL_2() + INJECT_VAR $random_label_2 + IF_NOT_DEFINED_TRUE #SINGLE_CHAR_MODE + INJECT_VAR $random_label_1 + INJECT_VAR $random_label_3 + INJECT_VAR $random_label_4 + INJECT_VAR $random_label_5 + END_IF_DEFINED + END_FUNCTION + + FUNCTION RANDOM_LABEL_3() + INJECT_VAR $random_label_3 + IF_NOT_DEFINED_TRUE #SINGLE_CHAR_MODE + INJECT_VAR $random_label_2 + INJECT_VAR $random_label_1 + INJECT_VAR $random_label_4 + INJECT_VAR $random_label_5 + END_IF_DEFINED + END_FUNCTION + + FUNCTION RANDOM_LABEL_4() + INJECT_VAR $random_label_4 + IF_NOT_DEFINED_TRUE #SINGLE_CHAR_MODE + INJECT_VAR $random_label_3 + INJECT_VAR $random_label_2 + INJECT_VAR $random_label_1 + INJECT_VAR $random_label_5 + END_IF_DEFINED + END_FUNCTION + + FUNCTION RANDOM_LABEL_5() + INJECT_VAR $random_label_5 + IF_NOT_DEFINED_TRUE #SINGLE_CHAR_MODE + INJECT_VAR $random_label_3 + INJECT_VAR $random_label_4 + INJECT_VAR $random_label_2 + INJECT_VAR $random_label_1 + END_IF_DEFINED + END_FUNCTION + + REM_BLOCK + REM Template; if you need more than 5 variable names + + FUNCTION RANDOM_LABEL_^() + INJECT_VAR $random_label_2 + INJECT_VAR $random_label_3 + INJECT_VAR $random_label_4 + INJECT_VAR $random_label_5 + INJECT_VAR $random_label_1 + END_FUNCTION + + END_REM + +END_EXTENSION diff --git a/payloads/extensions/timed_wait_for_button_press.txt b/payloads/extensions/timed_wait_for_button_press.txt new file mode 100644 index 0000000..816cf6b --- /dev/null +++ b/payloads/extensions/timed_wait_for_button_press.txt @@ -0,0 +1,24 @@ +EXTENSION TIMED_WAIT_FOR_BUTTON_PRESS + REM VERSION: 1.0 + REM AUTHOR: Korben + + DEFINE #MAX_WAIT 10000 + DEFINE #CHECK_INTERVAL 100 + + FUNCTION TIMED_WAIT_FOR_BUTTON_PRESS() + VAR $MAX_WAIT = #MAX_WAIT + VAR $CURRENT_WAIT = 0 + VAR $CONTINUE = TRUE + VAR $HELD_FOR = 0 + + WHILE ($CURRENT_WAIT > $MAX_WAIT) + DELAY #CHECK_INTERVAL + IF ($_BUTTON_PUSH_RECEIVED) THEN + RETURN $CURRENT_WAIT + END_IF + $_BUTTON_PUSH_RECEIVED = FALSE + $CURRENT_WAIT = ($CURRENT_WAIT + #CHECK_INTERVAL) + END_WHILE + RETURN 0 + END_FUNCTION +END_EXTENSION diff --git a/payloads/extensions/wait_for_button_hold.txt b/payloads/extensions/wait_for_button_hold.txt new file mode 100644 index 0000000..06b44a7 --- /dev/null +++ b/payloads/extensions/wait_for_button_hold.txt @@ -0,0 +1,54 @@ +EXTENSION WAIT_FOR_BUTTON_HOLD + REM VERSION: 1.0 + REM AUTHOR: Korben + + REM_BLOCK DOCUMENTATION + USAGE: + Call WAIT_FOR_BUTTON_HOLD() - RETURNS TRUE if button held before timeout, FALSE if not + + CONFIGURATION: + MAX_WAIT - number of ms requried before execution continues + regardless of button press - set to 0 to block forever until button hold + + HOLD_LENGTH - number of ms required to regsiter button activity as a valid hold + + CHECK_INTERVAL - number of ms interval to check button status + END_REM + + REM set #MAX_WAIT to 0 for no timeout -- wait forever + DEFINE #MAX_WAIT 10000 + REM amount of time required to be considered a hold in ms + DEFINE #HOLD_LENGTH 3000 + REM how frequently we check that the button is continuously being held + DEFINE #CHECK_INTERVAL 100 + + FUNCTION WAIT_FOR_BUTTON_HOLD() + VAR $MAX_WAIT = #MAX_WAIT + VAR $CURRENT_WAIT = 0 + VAR $CONTINUE = TRUE + VAR $HELD_FOR = 0 + + WHILE ($CONTINUE) + DELAY #CHECK_INTERVAL + IF ($_BUTTON_PUSH_RECEIVED) THEN + $HELD_FOR = ($HELD_FOR + #CHECK_INTERVAL) + IF ($HELD_FOR >= #HOLD_LENGTH) THEN + $MAX_WAIT = 0 + REM button held target met + RETURN TRUE + END_IF + ELSE + $HELD_FOR = 0 + END_IF + $_BUTTON_PUSH_RECEIVED = FALSE + $CURRENT_WAIT = ($CURRENT_WAIT + #CHECK_INTERVAL) + + REM check to see if we have timed out, if non-0 + IF (($MAX_WAIT > 0) && ($CURRENT_WAIT > $MAX_WAIT)) THEN + $CONTINUE = FALSE + END_IF + END_WHILE + + RETURN FALSE + END_FUNCTION +END_EXTENSION \ No newline at end of file diff --git a/payloads/extensions/windows_only.txt b/payloads/extensions/windows_only.txt new file mode 100644 index 0000000..7b619ba --- /dev/null +++ b/payloads/extensions/windows_only.txt @@ -0,0 +1,20 @@ +EXTENSION WINDOWS_ONLY + REM VERSION 1.0 + REM AUTHOR: Korben + + DEFINE #FAILURE_LED TRUE + DEFINE #FAILURE_LED_MODE LED_R + DEFINE #FAILURE_ATTACKMODE ATTACKMODE OFF + + IF (($_OS == WINDOWS) == FALSE) THEN + IF_DEFINED_TRUE #FAILURE_LED + #FAILURE_LED_MODE + DELAY 500 + #FAILURE_LED_MODE + DELAY 500 + #FAILURE_LED_MODE + END_IF_DEFINED + #FAILURE_ATTACKMODE + STOP_PAYLOAD + END_IF +END_EXTENSION