hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
usbrubberducky-payloads/payloads/library/exfiltration/Win_PoSH_MorseCode
History
cribb-it d9dc3c81a5 New Payload - Morse Code 2023-02-24 15:25:57 +00:00
..
MorseCodeFileExfiltration.ps1 New Payload - Morse Code 2023-02-24 15:25:57 +00:00
b.txt New Payload - Morse Code 2023-02-24 15:25:57 +00:00
payload.txt New Payload - Morse Code 2023-02-24 15:25:57 +00:00
readme.md New Payload - Morse Code 2023-02-24 15:25:57 +00:00

readme.md

🔦 Morse Code File Exfiltration

  • Author: Cribbit
  • Version: 1.2
  • Target: Windows (Powershell 5.1+)
  • Category: Exfiltration
  • Attackmode: HID & Storage

📖 Description

Reads all txt files in "my documents" and flashes the scroll lock on and off to represent Morse code of the English alphanumeric characters (0..9 A..Z) For characters outside the Morse code 0..9 A..Z it now flash one long pulse then the chars ordinal value i.e. (@ = 64 = -.... ....-)

🎵 Note

This is not a very useful payload with limitation of morse code but I thought it was fun to create.

The payload uses a base64 encode version of the payload (b.txt) to get round the Script Execution Policy. There is a non-base64 version in the file (MorseCodeFileExfiltration.ps1) so you can see what it is doing.

Please check the encoded payload before execution, to make sure it has not been replaced with something more malicious.

If you do not want to use the base64 version you could change the payload to: RUN WIN "powerShell -Noni -NoP -W h -EP Bypass .((gwmi win32_volume -f 'label=''DUCKY''').Name+'payloads\\$SWITCH_POSITION\MorseCodeFileExfiltration.ps1')"

📄 Change Log

Version Changes
1.2 Ported from BashBunny Repo