Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/general/HostinfoGenerator/payload.txt
2971 views
1
REM_BLOCK DOCUMENTATION

2
    Title: Hostinfo Generator

3
    Author: str3tch @ Vegas 2.0 | dc702 | PHS (https://github.com/PacketHouse)

4
    Description: This payload generates random hostnames, IPs, and MACs

5
    Target: Windows, Ubuntu

6
    Version: 1.0

7
    Category: General

8
END_REM

9


10
EXTENSION PASSIVE_WINDOWS_DETECT

11
    REM VERSION 1.1

12
    REM AUTHOR: Korben

13


14
    REM_BLOCK DOCUMENTATION

15
        Windows fully passive OS Detection and passive Detect Ready

16
        Includes its own passive detect ready.

17
        Does not require additional extensions.

18


19
        USAGE:

20
            Extension runs inline (here)

21
            Place at beginning of payload (besides ATTACKMODE) to act as dynamic

22
            boot delay

23
            $_OS will be set to WINDOWS or NOT_WINDOWS

24
            See end of payload for usage within payload

25
    END_REM

26


27
    REM CONFIGURATION:

28
    DEFINE #MAX_WAIT 150

29
    DEFINE #CHECK_INTERVAL 20

30
    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2

31
    DEFINE #NOT_WINDOWS 7

32


33
    $_OS = #NOT_WINDOWS

34


35
    VAR $MAX_TRIES = #MAX_WAIT

36
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))

37
        DELAY #CHECK_INTERVAL

38
        $MAX_TRIES = ($MAX_TRIES - 1)

39
    END_WHILE

40
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN

41
        $_OS = WINDOWS

42
    END_IF

43


44
    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION

45
        IF ($_OS == WINDOWS) THEN

46
            STRING HELLO WINDOWS!

47
        ELSE

48
            STRING HELLO WORLD!

49
        END_IF

50
    END_REM

51
END_EXTENSION

52


53


54
EXTENSION HOSTINFO_GENERATOR

55
    REM VERSION 1.0

56
    REM AUTHOR: str3tch @ Vegas 2.0 | dc702 | PHS (https://github.com/PacketHouse)

57


58
    REM_BLOCK DOCUMENTATION

59
        Random data generator

60


61
        USAGE:

62
            Place at beginning of payload (besides ATTACKMODE) to make data

63
            generator functions available for use in payload.

64
            See end of payload for usage within payload

65
    END_REM

66


67
    REM CONFIGURATION:

68
    REM length of numerical portion of hostname (ABC-D12345 = 5)

69
    DEFINE #HOST_NUM_LEN 5

70
    REM set to 0 for random first octet, or specify your own (e.g. 10 for 10.x)

71
    VAR $IP_FIRST_OCTET = 0

72
    REM set one of these to TRUE to add a separator

73
    VAR $MAC_USE_COLON = FALSE

74
    VAR $MAC_USE_HYPHEN = FALSE

75
    VAR $MAC_USE_DOT = FALSE

76


77
    REM Change at your own risk

78
    DEFINE #VALUE_6 6543

79
    DEFINE #VALUE_5 5432

80
    DEFINE #VALUE_4 4321

81
    DEFINE #VALUE_3 3210

82
    DEFINE #VALUE_2 2345

83
    DEFINE #VALUE_1 1234

84
    DEFINE #VALUE_0 0123

85


86
    REM Don't change these

87
    DEFINE #MAC_LEN 12

88
    VAR $GET_NUM = FALSE

89
    VAR $HEX_VALUE = 0

90
    VAR $OCTET = 0

91


92


93
    FUNCTION GET_RANDOM_HEX_VALUE()

94
        REM Generate a random decimal or hexadecimal value based on $GET_NUM

95
        $_RANDOM_MIN = 0

96
        IF ($GET_NUM == TRUE) THEN

97
            $_RANDOM_MAX = 9

98
        ELSE

99
            $_RANDOM_MAX = 15

100
        END_IF

101
        RETURN $_RANDOM_INT

102
    END_FUNCTION

103


104


105
    REM Print $HEX_VALUE

106
    FUNCTION PRINT_HEX_VALUE()

107
        IF ($HEX_VALUE == 0) THEN

108
            STRING 0

109
        ELSE IF ($HEX_VALUE == 1) THEN

110
            STRING 1

111
        ELSE IF ($HEX_VALUE == 2) THEN

112
            STRING 2

113
        ELSE IF ($HEX_VALUE == 3) THEN

114
            STRING 3

115
        ELSE IF ($HEX_VALUE == 4) THEN

116
            STRING 4

117
        ELSE IF ($HEX_VALUE == 5) THEN

118
            STRING 5

119
        ELSE IF ($HEX_VALUE == 6) THEN

120
            STRING 6

121
        ELSE IF ($HEX_VALUE == 7) THEN

122
            STRING 7

123
        ELSE IF ($HEX_VALUE == 8) THEN

124
            STRING 8

125
        ELSE IF ($HEX_VALUE == 9) THEN

126
            STRING 9

127
        ELSE IF ($HEX_VALUE == 10) THEN

128
            STRING A

129
        ELSE IF ($HEX_VALUE == 11) THEN

130
            STRING B

131
        ELSE IF ($HEX_VALUE == 12) THEN

132
            STRING C

133
        ELSE IF ( $HEX_VALUE == 13 ) THEN

134
            STRING D

135
        ELSE IF ( $HEX_VALUE == 14 ) THEN

136
            STRING E

137
        ELSE IF ( $HEX_VALUE == 15 ) THEN

138
            STRING F

139
        END_IF

140
    END_FUNCTION

141


142


143
    FUNCTION PRINT_OCTET_VALUE()

144
        REM Print 100s position

145
        IF ($OCTET >= 100) THEN

146
            $HEX_VALUE = ($OCTET / 100)

147
            PRINT_HEX_VALUE()

148


149
            REM Remove 100s

150
            $OCTET = ($OCTET % 100)

151
        END_IF

152


153
        REM Print 10s position

154
        IF ($OCTET >= 10) THEN

155
            $HEX_VALUE = ($OCTET / 10)

156
            PRINT_HEX_VALUE()

157
        END_IF

158


159
        REM Print 1s position

160
        $HEX_VALUE = ($OCTET % 10)

161
        PRINT_HEX_VALUE()

162
    END_FUNCTION

163


164


165
    REM Generate a random IPv4 address

166
    FUNCTION PRINT_RANDOM_IP()

167
        REM Generate the first octet

168
        IF ($IP_FIRST_OCTET > 0) THEN

169
            $OCTET = $IP_FIRST_OCTET

170
        ELSE

171
            REM Avoiding possible network and broadcast addresses

172
            REM TODO: Do something about other reserved IPs? (e.g. 239., 169.)

173
            $_RANDOM_MIN = 1

174
            $_RANDOM_MAX = 254

175
            $OCTET = $_RANDOM_INT

176
        END_IF

177
        PRINT_OCTET_VALUE()

178
        STRING .

179


180
        REM Second octet

181
        $_RANDOM_MIN = 0

182
        $_RANDOM_MAX = 255

183
        $OCTET = $_RANDOM_INT

184
        PRINT_OCTET_VALUE()

185
        STRING .

186


187
        REM Third octet

188
        $OCTET = $_RANDOM_INT

189
        PRINT_OCTET_VALUE()

190
        STRING .

191


192
        REM Fourth octet, avoiding possible network and broadcast addresses

193
        $_RANDOM_MIN = 1

194
        $_RANDOM_MAX = 254

195
        $OCTET = $_RANDOM_INT

196
        PRINT_OCTET_VALUE()

197
    END_FUNCTION

198


199


200
    FUNCTION PRINT_RANDOM_MAC()

201
        REM_BLOCK DOCUMENTATION

202
        Generates a random MAC address with support for separators

203
            # Format commonly seen in Forescout

204
            NONE: FEEDDEADBEEF (default)

205
            

206
            # Format commonly seen in Linux/Unix

207
            $MAC_USE_COLON: FE:ED:DE:AD:BE:EF

208
            

209
            # Foremat commonly seen in Windows

210
            $MAC_USE_HYPHEN: FE-ED-DE-AD-BE-EF

211
            

212
            # Format commonly seen in network devices

213
            $MAC_USE_DOT: FEED.DEAD.BEEF

214
        END_REM

215


216
        VAR $MAC_POS = 0

217
        $GET_NUM = FALSE

218
        WHILE ($MAC_POS < #MAC_LEN)

219
            $MAC_POS = ($MAC_POS + 1)

220
            $HEX_VALUE = GET_RANDOM_HEX_VALUE()

221
            PRINT_HEX_VALUE()

222


223
            REM Print separator

224
            IF (($MAC_POS < #MAC_LEN) && (($MAC_POS % 2) == 0)) THEN

225
                IF ($MAC_USE_COLON) THEN

226
                    STRING :

227
                ELSE IF ($MAC_USE_HYPHEN) THEN

228
                    STRING -

229
                ELSE IF (($MAC_USE_DOT) && (($MAC_POS % 4) == 0)) THEN

230
                    STRING .

231
                END_IF

232
            END_IF

233
        END_WHILE

234
    END_FUNCTION

235


236


237
    FUNCTION PRINT_RANDOM_SITE_CODE()

238
        REM_BLOCK DOCUMENTATION

239
        Generates a random site code:

240
            RUB = Playa Grande, Guatemala

241
            BER = Schönefeld, Brandenburg

242
            DUC = Duncan, Oklahoma

243
            KIE = Kieta, Papua New Guinea

244
            CAN = Baiyun-Huadu, Guangzhou, Guangdong, China

245
            HAK = Lingshan Town, Meilan District, Haikou, Hainan, China

246
        END_REM

247


248
        $_RANDOM_MIN = 0

249
        $_RANDOM_MAX = #VALUE_6

250
    

251
        VAR $SITE_NUM = $_RANDOM_INT

252
        IF ($SITE_NUM > #VALUE_5) THEN

253
            STRING RUB

254
        ELSE IF ($SITE_NUM > #VALUE_4) THEN

255
            STRING BER

256
        ELSE IF ($SITE_NUM > #VALUE_3) THEN

257
            STRING DUC

258
        ELSE IF ($SITE_NUM > #VALUE_2) THEN

259
            STRING KIE

260
        ELSE IF ($SITE_NUM > #VALUE_1) THEN

261
            STRING CAN

262
        ELSE

263
            STRING HAK

264
        END_IF

265
    END_FUNCTION

266


267


268
    FUNCTION PRINT_RANDOM_HOST_TYPE()

269
        REM_BLOCK DOCUMENTATION

270
        Generates a random device type:

271
            L = Laptop

272
            V = Virtual

273
            S = Server

274
            T = Tablet

275
            D = Desktop

276
        END_REM

277


278
        $_RANDOM_MIN = 0

279
        $_RANDOM_MAX = #VALUE_5

280
        VAR $HOST_NUM = $_RANDOM_INT

281
        IF ($HOST_NUM > #VALUE_4) THEN

282
            STRING L

283
        ELSE IF ($HOST_NUM > #VALUE_3) THEN

284
            STRING V

285
        ELSE IF ($HOST_NUM > #VALUE_2) THEN

286
            STRING S

287
        ELSE IF ($HOST_NUM > #VALUE_1) THEN

288
            STRING T

289
        ELSE

290
            STRING D

291
        END_IF

292
    END_FUNCTION

293


294


295
    REM Print a random hostname

296
    FUNCTION PRINT_RANDOM_HOSTNAME()

297
        PRINT_RANDOM_SITE_CODE()

298
        DELAY 100

299
        

300
        STRING -

301
        

302
        PRINT_RANDOM_HOST_TYPE()

303
        DELAY 100

304
        

305
        $COUNT = 0

306
        $GET_NUM = TRUE

307
        WHILE ($COUNT < #HOST_NUM_LEN)

308
            $HEX_VALUE = GET_RANDOM_HEX_VALUE()

309
            PRINT_HEX_VALUE()

310
            $COUNT = ($COUNT + 1)

311
        END_WHILE

312
    END_FUNCTION

313


314


315
    REM_BLOCK EXAMPLE EXTENSION USAGE

316
        STRINGLN Host,IP Address,MAC Address

317
        PRINT_RANDOM_HOSTNAME()

318
        STRING ,

319
        PRINT_RANDOM_IP()

320
        STRING ,

321
        $MAC_USE_COLON = TRUE

322
        PRINT_RANDOM_MAC()

323
        ENTER

324
    END_REM

325
END_EXTENSION

326


327


328
REM CONFIGURATION:

329
REM number of fake host entries to generate

330
DEFINE #HOST_COUNT 10

331
$MAC_USE_DOT = TRUE

332


333
REM Impersonate a Logitech DeLuxe 250 Keyboard

334
ATTACKMODE HID VID_046D PID_C312 MAN_Logitech PROD_DeLuxe250 SERIAL_8013509

335
DELAY #VALUE_2

336


337
REM Launch a text editor

338
IF ($_OS == WINDOWS) THEN

339
    REM Open the Run dialog

340
    GUI r

341
    DELAY #VALUE_1

342
    STRINGLN notepad.exe

343
ELSE

344
    REM launch the Text Editor app

345
    INJECT_MOD WINDOWS

346
    DELAY #VALUE_1

347
    STRING text

348
    DELAY #VALUE_1

349
    ENTER

350
END_IF

351


352
$_RANDOM_MIN = #VALUE_1

353
$_RANDOM_MAX = #VALUE_3

354
DELAY $_RANDOM_INT

355


356
REM CSV header

357
REM broken up in STRINGs vs STRINGLN due to some chars missing during testing

358
STRING Host,

359
STRING IP Address,

360
STRING MAC Address

361
ENTER

362


363
VAR $NUM = 0

364
WHILE ($NUM < #HOST_COUNT)

365
    REM CSV entry

366
    PRINT_RANDOM_HOSTNAME()

367
    STRING ,

368
    PRINT_RANDOM_IP()

369
    STRING ,

370
    $MAC_USE_COLON = TRUE

371
    PRINT_RANDOM_MAC()

372
    ENTER

373


374
    $NUM = ($NUM + 1)

375


376
    REM Random sleep between CSV entries

377
    $_RANDOM_MIN = #VALUE_0

378
    $_RANDOM_MAX = #VALUE_1

379


380
    REM Stop running if CAPSLOCK is turned on

381
    IF ($_CAPSLOCK_ON) THEN

382
        RETURN 0

383
    END_IF

384
END_WHILE

385