hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9 from jessiecrimsonhart/patch-1 

Canary Duck
pull/10/head
Marc 2021-07-21 01:15:25 +01:00 committed by GitHub
parent 44b99d3ef4 9604873d01
commit ee2372dc4c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
payloads/library/general/Canary Duck/payload.txt Normal file
View File

@ -0,0 +1,19 @@
# Title: Canary Duck
# Description: Opens hidden powershell and connects to canary webserver using Invoke-WebRequest alerting you to spies and snoops.
# Author: Jessie Crimson Hart
# Props: Hak5, Thinkst
# Version: 1.0
# Category: General
# Target: Windows 10 (Powershell)
# Attackmodes: HID
DELAY 1000
GUI r
DELAY 100
REM Run a hidden powershell
STRING powershell -windowstyle hidden
ENTER
REM make sure powershell is open by waiting for 1 second.
DELAY 1000
REM Open IE and connect to canary site. Replace the URL with the URL of your canary token from http://canarytokens.com
STRING powershell -NoP -NonI -W Hidden -Exec Bypass Invoke-WebRequest "[CANARY URL HERE]"
ENTER