hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
usbrubberducky-payloads/payloads/library/remote_access/ReverseDuckyPolymorph
History
Dallas Winger f9c1d905cb
bump version, add to authors 		2023-02-04 04:40:25 -05:00
..
media Uploaded ReverseDuckyPolymorph 2022-12-19 22:09:33 +01:00
README.md bump version, add to authors 2023-02-04 04:40:25 -05:00
payload.txt bump version, add to authors 2023-02-04 04:40:25 -05:00

README.md

Title: ReverseDuckyPolymorph

Author: 0iphor13, Korben
OS: Windows
Version: 1.1
Requirements: DuckyScript 3.0, PayloadStudio v. 1.3.0 minimum

What is ReverseDuckyPolymorph?

One of the biggest problems when publishing payloads, exploits, POCs, etc. is static detection. If X hundred or thousand people use your script it's more than burned. So I created ReverseDuckyPolymorph to fight static detection. Everytime this payload will be used by your Ducky, the variables change and therefore are harder to pin point. This of course is no guarantee for bypassing every AV, but it may help to bypass certain protections for a longer time.

Instruction

Using ReverseDuckyPolymorph is easy and straight forward.

  • First, start a listener on your attacking machine via the tool of your choice.
  • Second, define the IP-Address and Port of your listening machine

alt text

  • Third, compile the payload, using payloadstudio in version 1.3.0 minimum, transfer it onto your Ducky and you are good to go.

Every session you will gain via this payload will result in a different ID to verify a different pattern. alt text

Credit for DS 3.0 implentation and ideas:

  • Korben
  • Nikhil Mittal