Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/general/Canary_Duck/payload.txt
2968 views
1
REM Title:        Canary Duck

2
REM Description:   Opens hidden powershell and connects to canary webserver using Invoke-WebRequest alerting you to spies and snoops.

3
REM Author:        Jessie Crimson Hart

4
REM Props:         Hak5, Thinkst

5
REM Version:       1.0

6
REM Category:      General

7
REM Target:        Windows 10 (Powershell)

8
REM Attackmodes:   HID

9
DELAY 1000

10
GUI r

11
DELAY 100

12
REM Run a hidden powershell

13
STRING powershell -windowstyle hidden

14
ENTER

15
REM make sure powershell is open by waiting for 1 second.

16
DELAY 1000

17
REM Open IE and connect to canary site. Replace the URL with the URL of your canary token from http://canarytokens.com

18
STRING powershell -NoP -NonI -W Hidden -Exec Bypass Invoke-WebRequest "[CANARY URL HERE]"

19
ENTER

20


21