hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
usbrubberducky-payloads/payloads/library/exfiltration/ExfiltrateSSHKeys
History
Thomas Gruebl f134a9bd65 making requested changes 2024-05-18 10:16:58 +02:00
..
README.md making requested changes 2024-05-18 10:16:58 +02:00
payload.txt making requested changes 2024-05-18 10:16:58 +02:00

README.md

ExfiltrateSSHKeys

Author: thomasgruebl
OS: Windows (fully functional), macOS (fully functional), Linux (partly functional)
Version: 1.0
Requirements: DuckyScript 3.0, PayloadStudio v1.3.1

Description

The ExfiltrateSSHKeys payload can be used to check for the existence of the ~/.ssh directory and exfiltrate its contents to the USB Rubber Ducky. In addition, the payload performs a recursive search on a pre-defined parent directory, looking for any private key files and subsequently exfiltrating them.

Settings

  • You must define the parent directory to perform the recursive search (e.g. Desktop):

    DEFINE #PARENT_DIR Desktop

  • You must define your ducky drive label:

    DEFINE #DUCKY_DRIVE_LABEL DUCKY

  • You can switch between operating systems by changing the following bools:

    DEFINE #WINDOWS TRUE

    DEFINE #MACOS FALSE

    DEFINE #LINUX FALSE

    Only set ONE definition at the time to TRUE (e.g. DEFINE #WINDOWS TRUE). DEFINE #WINDOWS TRUE, DEFINE #MACOS TRUE, and DEFINE #LINUX TRUE won't function.