From 97745c360dc48cf55a1dfac07841ca5b10d142df Mon Sep 17 00:00:00 2001 From: UberGuidoZ <57457139+UberGuidoZ@users.noreply.github.com> Date: Wed, 2 Oct 2024 10:32:49 -0700 Subject: [PATCH 1/7] Initial commit and upload --- .../1_Script_to_Rule_Them_All/payload.txt | 293 ++++++++++++++++++ 1 file changed, 293 insertions(+) create mode 100644 payloads/library/general/1_Script_to_Rule_Them_All/payload.txt diff --git a/payloads/library/general/1_Script_to_Rule_Them_All/payload.txt b/payloads/library/general/1_Script_to_Rule_Them_All/payload.txt new file mode 100644 index 0000000..d5435d2 --- /dev/null +++ b/payloads/library/general/1_Script_to_Rule_Them_All/payload.txt @@ -0,0 +1,293 @@ +REM Title: One Script To Rule Them All +REM Author: Korben and UberGuidoZ +REM Description: Attempt to detect OS then run conditional code based on result. +REM Target: Windows, macOS, Linux, iOS, ChromeOS, Android, plus custom OS. +REM Version: 1.6 +REM Category: All of them +REM Source: https://github.com/UberGuidoZ/Hak5-USBRubberducky-Payloads + +EXTENSION OS_DETECTION_UBER + REM VERSION 2.0 + REM AUTHOR: Korben and UberGuidoZ + + REM_BLOCK DOCUMENTATION + USB Rubber Ducky Host OS Detection (moving target, may fall) + Results may vary greatly depending on a combination of many variables: + - number of testing stages + - specific devices and versions tested against + - number of systems testing for (scope) + - detection techniques (passive/invisible/active/hybrid) + - overall speed + - overall accuracy + + If all you require is Windows vs detection, the PASSIVE_WINDOWS_DETECT extension is recommended over this one. + + TARGET: + DEFAULT - Windows, Mac, Linux + ADVANCED_DETECTION - Windows, Mac, Linux, iOS, ChromeOS, Android, custom defined OS + + USAGE: + Call DETECT_OS_UBER() anywhere in your payload after the extension. + Place this extension and the DETECT_OS_UBER() before you would like to first reference $_OS to execute payload code conditionally. + + FEEDBACK: + As mentioned above, this a moving target (especially for macOS). + Please report any issues identifying specific operating systems with as much detail as possible. + Your feedback will greatly help solidify the robustness of this extension and others based on it. + + DEBUGGING: + SET DEBUGGING_OUTPUT DEFINE to TRUE, deploy on a target with text editor open for debug output + END_REM + + REM CONFIGURATION + +REM For Debugging (use if troubleshooting or reporting issues): + DEFINE #DEBUGGING_OUTPUT FALSE + DEFINE #ADVANCED_DETECTION FALSE + +REM Timing fine tuning: + DEFINE #STARTUP_DELAY 1500 + DEFINE #RESTART_WAIT 1000 + DEFINE #EXECUTE_DELAY 2000 + DEFINE #CONNECT_WAIT 1000 + DEFINE #OS_DETECT_MODE HID +REM Define Apple keyboard to keep macOS happy + DEFINE #OS_DETECT_VID VID_05AC + DEFINE #OS_DETECT_PID PID_021E + DEFINE #WINDOWS_HOST_REQUEST_COUNT 2 + DEFINE #HOST_RESPONSE_TIMEOUT 1000 + +REM Start DETECT_OS function + FUNCTION DETECT_OS_UBER() + $_HOST_CONFIGURATION_REQUEST_COUNT = 0 + ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID + DELAY #STARTUP_DELAY + SAVE_HOST_KEYBOARD_LOCK_STATE + +REM Debugging if TRUE + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + IF_DEFINED_TRUE #ADVANCED_DETECTION + STRING ADVANCED OS DETECT + ELSE_DEFINED + STRING OS DETECT + END_IF_DEFINED + ENTER + STRING test caps + END_IF_DEFINED + + IF ($_CAPSLOCK_ON == FALSE) THEN + LED_R + CAPSLOCK + DELAY #HOST_RESPONSE_TIMEOUT + END_IF + LED_OFF + + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING test done + END_IF_DEFINED + + IF $_RECEIVED_HOST_LOCK_LED_REPLY THEN + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING received led response + END_IF_DEFINED + LED_G + IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Prediction: Windows + END_IF_DEFINED + $_OS = WINDOWS + ELSE + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Prediction: Linux + END_IF_DEFINED + $_OS = LINUX + END_IF + ELSE + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING No LED response + ENTER + STRING Prediciton: MacOS + END_IF_DEFINED + $_OS = MACOS + END_IF + + IF_DEFINED_TRUE #ADVANCED_DETECTION + IF ( $_OS == LINUX ) THEN + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Soft reconnect + END_IF_DEFINED + ATTACKMODE OFF + DELAY #RESTART_WAIT + ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID + DELAY #CONNECT_WAIT + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Reconnected + END_IF_DEFINED + IF ($_CAPSLOCK_ON == TRUE) THEN + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Caps LED on + ENTER + STRING Test numlock + END_IF_DEFINED + NUMLOCK + DELAY #HOST_RESPONSE_TIMEOUT + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Test done + END_IF_DEFINED + IF ($_NUMLOCK_ON == FALSE) THEN + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING No numlock LED + ENTER + STRING Prediciton: ChromeOS + END_IF_DEFINED + $_OS = CHROMEOS + ELSE + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Numlock LED on + ENTER + STRING Testing scrolllock + END_IF_DEFINED + SCROLLLOCK + DELAY #HOST_RESPONSE_TIMEOUT + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Test done + END_IF_DEFINED + IF ($_SCROLLLOCK_ON == TRUE) THEN + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Scrolllock LED on + ENTER + STRING Prediciton: Android + END_IF_DEFINED + $_OS = ANDROID + ELSE + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING No scrolllock reply + ENTER + STRING Prediction: Linux + END_IF_DEFINED + $_OS = LINUX + END_IF + END_IF + END_IF + ELSE IF ($_OS == MACOS) THEN + IF ($_CAPSLOCK_ON == TRUE) THEN + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Caps LED on + ENTER + STRING Prediction: iOS + END_IF_DEFINED + $_OS = IOS + ELSE + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING No caps reply + ENTER + STRING Prediction: MacOS + END_IF_DEFINED + $_OS = MACOS + END_IF + ELSE IF ($_OS == WINDOWS) THEN + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING Confident Windows Prediction + END_IF_DEFINED + $_OS = WINDOWS + END_IF + END_IF_DEFINED + + RESTORE_HOST_KEYBOARD_LOCK_STATE + + IF_DEFINED_TRUE #DEBUGGING_OUTPUT + ENTER + STRING OS_DETECT complete + ENTER + END_IF_DEFINED + END_FUNCTION +END_EXTENSION + +EXTENSION HELLO_OS_UBER + REM VERSION 2.0 + REM AUTHOR: Korben and UberGuidoZ + + REM_BLOCK DOCUMENTATION + USAGE: + For use with OS_DETECTION_UBERExtension, call HELLO_OS_UBER() + after DETECT_OS_UBER() prints the OS determination. Make sure + your custom conditional code is inserted below where commented. + END_REM + + REM Defining custom $_OS enums if desired + DEFINE #EXTRA_EXAMPLES FALSE + DEFINE #SOME_OTHER_OS 6 + DEFINE #ANOTHER_OS 7 + + FUNCTION HELLO_OS_UBER() + IF ($_OS == WINDOWS) THEN + REM Windows code starts here + DELAY 1000 + GUI r + DELAY 500 + STRINGLN notepad + DELAY 1000 + STRINGLN Legit DS3 on Windows + REM Windows code ends here + ELSE IF ($_OS == MACOS) THEN + REM macOS code starts here + DELAY 2000 + GUI SPACE + DELAY 500 + STRINGLN TextEdit + STRINGLN Legit DS3 on macOS + REM macOS code ends here + ELSE IF ($_OS == LINUX) THEN + REM Linux code starts here + DELAY 2000 + CTRL ALT t + DELAY 100 + STRINGLN nano + STRINGLN Legit DS3 on Linux + REM Linux code ends here + ELSE IF ($_OS == IOS) THEN + REM iOS code starts here + REM iOS code ends here + ELSE IF ($_OS == CHROMEOS) THEN + REM ChromeOS code starts here + REM ChromeOS code ends here + ELSE IF ($_OS == ANDROID) THEN + REM Android code starts here + REM Android code ends here + IF_DEFINED_TRUE #EXTRA_EXAMPLES + ELSE IF($_OS == #SOME_OTHER_OS) THEN + REM Custom Other OS code starts here + REM Custom Other OS code ends here + ELSE IF($_OS == #ANOTHER_OS) THEN + REM Another custom Other OS code starts here + REM Another custom Other OS code ends here + END_IF_DEFINED + ELSE + REM All else fails code starts here + REM All else fails code ends here + END_IF + END_FUNCTION +END_EXTENSION + +REM Do the do! Change delay at beginning if desired. + +DETECT_OS_UBER() +DELAY #EXECUTE_DELAY +HELLO_OS_UBER() \ No newline at end of file From b2c819409951d11da62b467b11a640cecdfd2dca Mon Sep 17 00:00:00 2001 From: UberGuidoZ <57457139+UberGuidoZ@users.noreply.github.com> Date: Wed, 2 Oct 2024 10:50:56 -0700 Subject: [PATCH 2/7] Create ReadMe.md --- payloads/library/general/1_Script_to_Rule_Them_All/ReadMe.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 payloads/library/general/1_Script_to_Rule_Them_All/ReadMe.md diff --git a/payloads/library/general/1_Script_to_Rule_Them_All/ReadMe.md b/payloads/library/general/1_Script_to_Rule_Them_All/ReadMe.md new file mode 100644 index 0000000..7b6aa18 --- /dev/null +++ b/payloads/library/general/1_Script_to_Rule_Them_All/ReadMe.md @@ -0,0 +1,5 @@ +## 1 Script to Rule Them All + +The purpose of this frankenstein mess is to use OS detection to run conditional code after, specific to the OS. + +It differs from just combining the two extensions in very few ways, but there are slight improvement tweaks from my own testing (hence the new name to avoid conflicts) and more documentation on the process within. From 467075df68b7aff02a731fd736f4c774904bd6a1 Mon Sep 17 00:00:00 2001 From: UberGuidoZ <57457139+UberGuidoZ@users.noreply.github.com> Date: Sun, 27 Oct 2024 14:38:05 -0700 Subject: [PATCH 3/7] Update payload.txt - Added DS3 ATTACKMODE for ease of use - Changed capital C to lowercase to appease DS3 - Fixed typo in batch --- payloads/library/prank/Rick_Rolling_Forever/payload.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/payloads/library/prank/Rick_Rolling_Forever/payload.txt b/payloads/library/prank/Rick_Rolling_Forever/payload.txt index b2000f2..122baaf 100644 --- a/payloads/library/prank/Rick_Rolling_Forever/payload.txt +++ b/payloads/library/prank/Rick_Rolling_Forever/payload.txt @@ -5,9 +5,10 @@ REM REM Description: Creates a batch file that opens a Rick Roll every 5 mins in default browser REM Notes: Creates batch file, starts batch file, minimizes the window REM Target: Windows but fairly easily modified to work on any OS with a browser -REM Version: 1.3 +REM Version: 1.5 REM Category: Prank REM Source: https://github.com/UberGuidoZ/OMG-Payloads +ATTACKMODE HID STORAGE DELAY 2000 GUI r DELAY 500 @@ -20,6 +21,7 @@ DELAY 1000 STRING copy con rr.bat ENTER STRING @ECHO OFF +ENTER STRING PING 127.0.0.1 -n 5 > NUL ENTER STRING :LOOP @@ -30,7 +32,7 @@ STRING PING 127.0.0.1 -n 300 > NUL ENTER STRING GOTO LOOP ENTER -CTRL C +CTRL c DELAY 1000 STRING cls && rr.bat ENTER From a94beb0c75f829046a0043e2391abebe140d5023 Mon Sep 17 00:00:00 2001 From: UberGuidoZ <57457139+UberGuidoZ@users.noreply.github.com> Date: Sun, 27 Oct 2024 14:40:11 -0700 Subject: [PATCH 4/7] Update payload.txt - Added DS3 ATTACKMODE for ease of use --- payloads/library/prank/The_Matrix-Wake_Up/payload.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/prank/The_Matrix-Wake_Up/payload.txt b/payloads/library/prank/The_Matrix-Wake_Up/payload.txt index fd7de21..2dd6819 100644 --- a/payloads/library/prank/The_Matrix-Wake_Up/payload.txt +++ b/payloads/library/prank/The_Matrix-Wake_Up/payload.txt @@ -2,7 +2,7 @@ REM Title: The Matrix Wake Up REM Description: Recreates the Wake Up Neo terminal scene in The Matrix REM Author: UberGuidoZ REM Target: Windows (including Powershell 2.0 or above) - +ATTACKMODE HID STORAGE DELAY 3000 GUI r DELAY 750 From 8c3110d8f1832136adaff69b404531eae9ca8129 Mon Sep 17 00:00:00 2001 From: UberGuidoZ <57457139+UberGuidoZ@users.noreply.github.com> Date: Sun, 27 Oct 2024 14:40:40 -0700 Subject: [PATCH 5/7] Update payload.txt - Added DS3 ATTACKMODE for ease of use --- payloads/library/prank/Hacker_Typer/payload.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/prank/Hacker_Typer/payload.txt b/payloads/library/prank/Hacker_Typer/payload.txt index e5b2f42..df728b8 100644 --- a/payloads/library/prank/Hacker_Typer/payload.txt +++ b/payloads/library/prank/Hacker_Typer/payload.txt @@ -6,7 +6,7 @@ REM Target: Windows but easily modified to work on any OS with a browser REM Version: 1.0 REM Category: Prank REM Source: https://github.com/UberGuidoZ/OMG-Payloads -REM +ATTACKMODE HID STORAGE DELAY 1500 GUI r DELAY 1000 From ad644d88492edb3c9630b615c955e1580dd9fc8d Mon Sep 17 00:00:00 2001 From: UberGuidoZ <57457139+UberGuidoZ@users.noreply.github.com> Date: Sun, 27 Oct 2024 14:48:18 -0700 Subject: [PATCH 6/7] Update payload.txt - Increased version for good measure --- payloads/library/prank/Hacker_Typer/payload.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/prank/Hacker_Typer/payload.txt b/payloads/library/prank/Hacker_Typer/payload.txt index df728b8..ee210fa 100644 --- a/payloads/library/prank/Hacker_Typer/payload.txt +++ b/payloads/library/prank/Hacker_Typer/payload.txt @@ -3,7 +3,7 @@ REM Title: Hacker Typer REM Author: UberGuidoZ REM Description: Opens a harmless website and types like a hacker REM Target: Windows but easily modified to work on any OS with a browser -REM Version: 1.0 +REM Version: 1.1 REM Category: Prank REM Source: https://github.com/UberGuidoZ/OMG-Payloads ATTACKMODE HID STORAGE From a18f4561e2a5544aab72c067f2b50cc3942c528f Mon Sep 17 00:00:00 2001 From: UberGuidoZ <57457139+UberGuidoZ@users.noreply.github.com> Date: Sun, 27 Oct 2024 14:49:00 -0700 Subject: [PATCH 7/7] Update payload.txt - Increased version for good measure --- payloads/library/prank/The_Matrix-Wake_Up/payload.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/payloads/library/prank/The_Matrix-Wake_Up/payload.txt b/payloads/library/prank/The_Matrix-Wake_Up/payload.txt index 2dd6819..b61c4b5 100644 --- a/payloads/library/prank/The_Matrix-Wake_Up/payload.txt +++ b/payloads/library/prank/The_Matrix-Wake_Up/payload.txt @@ -2,6 +2,7 @@ REM Title: The Matrix Wake Up REM Description: Recreates the Wake Up Neo terminal scene in The Matrix REM Author: UberGuidoZ REM Target: Windows (including Powershell 2.0 or above) +REM Version: v1.1 ATTACKMODE HID STORAGE DELAY 3000 GUI r