hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #486 from UberGuidoZ/master 

DS3 updates and a NEW PAYLOAD!
pull/487/head
Peaks 2024-10-27 18:11:58 -04:00 committed by GitHub
parent 44af31e74b a18f4561e2
commit a8c264c752
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 306 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
payloads/library/general/1_Script_to_Rule_Them_All/ReadMe.md Normal file
View File

@ -0,0 +1,5 @@
## 1 Script to Rule Them All
The purpose of this frankenstein mess is to use OS detection to run conditional code after, specific to the OS.
It differs from just combining the two extensions in very few ways, but there are slight improvement tweaks from my own testing (hence the new name to avoid conflicts) and more documentation on the process within.

293
payloads/library/general/1_Script_to_Rule_Them_All/payload.txt Normal file
View File

@ -0,0 +1,293 @@
REM Title: One Script To Rule Them All
REM Author: Korben and UberGuidoZ
REM Description: Attempt to detect OS then run conditional code based on result.
REM Target: Windows, macOS, Linux, iOS, ChromeOS, Android, plus custom OS.
REM Version: 1.6
REM Category: All of them
REM Source: https://github.com/UberGuidoZ/Hak5-USBRubberducky-Payloads
EXTENSION OS_DETECTION_UBER
REM VERSION 2.0
REM AUTHOR: Korben and UberGuidoZ
REM_BLOCK DOCUMENTATION
USB Rubber Ducky Host OS Detection (moving target, may fall)
Results may vary greatly depending on a combination of many variables:
- number of testing stages
- specific devices and versions tested against
- number of systems testing for (scope)
- detection techniques (passive/invisible/active/hybrid)
- overall speed
- overall accuracy
If all you require is Windows vs <any other os> detection, the PASSIVE_WINDOWS_DETECT extension is recommended over this one.
TARGET:
DEFAULT - Windows, Mac, Linux
ADVANCED_DETECTION - Windows, Mac, Linux, iOS, ChromeOS, Android, custom defined OS
USAGE:
Call DETECT_OS_UBER() anywhere in your payload after the extension.
Place this extension and the DETECT_OS_UBER() before you would like to first reference $_OS to execute payload code conditionally.
FEEDBACK:
As mentioned above, this a moving target (especially for macOS).
Please report any issues identifying specific operating systems with as much detail as possible.
Your feedback will greatly help solidify the robustness of this extension and others based on it.
DEBUGGING:
SET DEBUGGING_OUTPUT DEFINE to TRUE, deploy on a target with text editor open for debug output
END_REM
REM CONFIGURATION
REM For Debugging (use if troubleshooting or reporting issues):
DEFINE #DEBUGGING_OUTPUT FALSE
DEFINE #ADVANCED_DETECTION FALSE
REM Timing fine tuning:
DEFINE #STARTUP_DELAY 1500
DEFINE #RESTART_WAIT 1000
DEFINE #EXECUTE_DELAY 2000
DEFINE #CONNECT_WAIT 1000
DEFINE #OS_DETECT_MODE HID
REM Define Apple keyboard to keep macOS happy
DEFINE #OS_DETECT_VID VID_05AC
DEFINE #OS_DETECT_PID PID_021E
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #HOST_RESPONSE_TIMEOUT 1000
REM Start DETECT_OS function
FUNCTION DETECT_OS_UBER()
$_HOST_CONFIGURATION_REQUEST_COUNT = 0
ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID
DELAY #STARTUP_DELAY
SAVE_HOST_KEYBOARD_LOCK_STATE
REM Debugging if TRUE
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
IF_DEFINED_TRUE #ADVANCED_DETECTION
STRING ADVANCED OS DETECT
ELSE_DEFINED
STRING OS DETECT
END_IF_DEFINED
ENTER
STRING test caps
END_IF_DEFINED
IF ($_CAPSLOCK_ON == FALSE) THEN
LED_R
CAPSLOCK
DELAY #HOST_RESPONSE_TIMEOUT
END_IF
LED_OFF
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING test done
END_IF_DEFINED
IF $_RECEIVED_HOST_LOCK_LED_REPLY THEN
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING received led response
END_IF_DEFINED
LED_G
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Prediction: Windows
END_IF_DEFINED
$_OS = WINDOWS
ELSE
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Prediction: Linux
END_IF_DEFINED
$_OS = LINUX
END_IF
ELSE
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING No LED response
ENTER
STRING Prediciton: MacOS
END_IF_DEFINED
$_OS = MACOS
END_IF
IF_DEFINED_TRUE #ADVANCED_DETECTION
IF ( $_OS == LINUX ) THEN
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Soft reconnect
END_IF_DEFINED
ATTACKMODE OFF
DELAY #RESTART_WAIT
ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID
DELAY #CONNECT_WAIT
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Reconnected
END_IF_DEFINED
IF ($_CAPSLOCK_ON == TRUE) THEN
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Caps LED on
ENTER
STRING Test numlock
END_IF_DEFINED
NUMLOCK
DELAY #HOST_RESPONSE_TIMEOUT
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Test done
END_IF_DEFINED
IF ($_NUMLOCK_ON == FALSE) THEN
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING No numlock LED
ENTER
STRING Prediciton: ChromeOS
END_IF_DEFINED
$_OS = CHROMEOS
ELSE
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Numlock LED on
ENTER
STRING Testing scrolllock
END_IF_DEFINED
SCROLLLOCK
DELAY #HOST_RESPONSE_TIMEOUT
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Test done
END_IF_DEFINED
IF ($_SCROLLLOCK_ON == TRUE) THEN
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Scrolllock LED on
ENTER
STRING Prediciton: Android
END_IF_DEFINED
$_OS = ANDROID
ELSE
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING No scrolllock reply
ENTER
STRING Prediction: Linux
END_IF_DEFINED
$_OS = LINUX
END_IF
END_IF
END_IF
ELSE IF ($_OS == MACOS) THEN
IF ($_CAPSLOCK_ON == TRUE) THEN
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Caps LED on
ENTER
STRING Prediction: iOS
END_IF_DEFINED
$_OS = IOS
ELSE
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING No caps reply
ENTER
STRING Prediction: MacOS
END_IF_DEFINED
$_OS = MACOS
END_IF
ELSE IF ($_OS == WINDOWS) THEN
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING Confident Windows Prediction
END_IF_DEFINED
$_OS = WINDOWS
END_IF
END_IF_DEFINED
RESTORE_HOST_KEYBOARD_LOCK_STATE
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
ENTER
STRING OS_DETECT complete
ENTER
END_IF_DEFINED
END_FUNCTION
END_EXTENSION
EXTENSION HELLO_OS_UBER
REM VERSION 2.0
REM AUTHOR: Korben and UberGuidoZ
REM_BLOCK DOCUMENTATION
USAGE:
For use with OS_DETECTION_UBERExtension, call HELLO_OS_UBER()
after DETECT_OS_UBER() prints the OS determination. Make sure
your custom conditional code is inserted below where commented.
END_REM
REM Defining custom $_OS enums if desired
DEFINE #EXTRA_EXAMPLES FALSE
DEFINE #SOME_OTHER_OS 6
DEFINE #ANOTHER_OS 7
FUNCTION HELLO_OS_UBER()
IF ($_OS == WINDOWS) THEN
REM Windows code starts here
DELAY 1000
GUI r
DELAY 500
STRINGLN notepad
DELAY 1000
STRINGLN Legit DS3 on Windows
REM Windows code ends here
ELSE IF ($_OS == MACOS) THEN
REM macOS code starts here
DELAY 2000
GUI SPACE
DELAY 500
STRINGLN TextEdit
STRINGLN Legit DS3 on macOS
REM macOS code ends here
ELSE IF ($_OS == LINUX) THEN
REM Linux code starts here
DELAY 2000
CTRL ALT t
DELAY 100
STRINGLN nano
STRINGLN Legit DS3 on Linux
REM Linux code ends here
ELSE IF ($_OS == IOS) THEN
REM iOS code starts here
REM iOS code ends here
ELSE IF ($_OS == CHROMEOS) THEN
REM ChromeOS code starts here
REM ChromeOS code ends here
ELSE IF ($_OS == ANDROID) THEN
REM Android code starts here
REM Android code ends here
IF_DEFINED_TRUE #EXTRA_EXAMPLES
ELSE IF($_OS == #SOME_OTHER_OS) THEN
REM Custom Other OS code starts here
REM Custom Other OS code ends here
ELSE IF($_OS == #ANOTHER_OS) THEN
REM Another custom Other OS code starts here
REM Another custom Other OS code ends here
END_IF_DEFINED
ELSE
REM All else fails code starts here
REM All else fails code ends here
END_IF
END_FUNCTION
END_EXTENSION
REM Do the do! Change delay at beginning if desired.
DETECT_OS_UBER()
DELAY #EXECUTE_DELAY
HELLO_OS_UBER()

4
payloads/library/prank/Hacker_Typer/payload.txt
View File

@ -3,10 +3,10 @@ REM Title: Hacker Typer
REM Author: UberGuidoZ
REM Description: Opens a harmless website and types like a hacker
REM Target: Windows but easily modified to work on any OS with a browser
REM Version: 1.0
REM Version: 1.1
REM Category: Prank
REM Source: https://github.com/UberGuidoZ/OMG-Payloads
REM
ATTACKMODE HID STORAGE
DELAY 1500
GUI r
DELAY 1000

6
payloads/library/prank/Rick_Rolling_Forever/payload.txt
View File

@ -5,9 +5,10 @@ REM
REM Description: Creates a batch file that opens a Rick Roll every 5 mins in default browser
REM Notes: Creates batch file, starts batch file, minimizes the window
REM Target: Windows but fairly easily modified to work on any OS with a browser
REM Version: 1.3
REM Version: 1.5
REM Category: Prank
REM Source: https://github.com/UberGuidoZ/OMG-Payloads
ATTACKMODE HID STORAGE
DELAY 2000
GUI r
DELAY 500
@ -20,6 +21,7 @@ DELAY 1000
STRING copy con rr.bat
ENTER
STRING @ECHO OFF
ENTER
STRING PING 127.0.0.1 -n 5 > NUL
ENTER
STRING :LOOP
@ -30,7 +32,7 @@ STRING PING 127.0.0.1 -n 300 > NUL
ENTER
STRING GOTO LOOP
ENTER
CTRL C
CTRL c
DELAY 1000
STRING cls && rr.bat
ENTER

3
payloads/library/prank/The_Matrix-Wake_Up/payload.txt
View File

@ -2,7 +2,8 @@ REM Title: The Matrix Wake Up
REM Description: Recreates the Wake Up Neo terminal scene in The Matrix
REM Author: UberGuidoZ
REM Target: Windows (including Powershell 2.0 or above)
REM Version: v1.1
ATTACKMODE HID STORAGE
DELAY 3000
GUI r
DELAY 750