Standard Phishing Campaign

Standard Phishing Campaign
Download Copy
Title: Standard Phishing Campaign
Author: Aleff

A script used to exfiltrate the Standard username and password by a phishing campaign. This DuckyScript code performs several actions related to downloading and unzipping a file from a specified link. The script creates a new random directory, downloads a zip file from the specified URL, and unzips it. It also opens a login page. This payload was created and tested on Linux but since the HTML markup code and JavaScript language are cross platform it will certainly be usable on machines running Windows or MacOS as well. However, it is essential to modify the DuckyScript script appropriately according to the terminal emulator used (PowerShell for Windows, Shell MacOS for Macs) since the commands are often not the same. To make it easier to use below you can find the various tested configurations, at the moment it is not available for macOS because since I do not have one it cannot be tested and therefore I cannot give the certainty that it works, however I hope that in the Hak5 community there may be someone who can contribute to this payload by completing it with this missing part.

🏆   Recognized with a Payload Award in September 2023

 

Phishing is a popular technique for gaining access to a target. Generally, phishing is a digitally delivered social engineering method. Phishing techniques may use a wide net, or specifically target one role or individual — known as spearphishing. Many phishing campaigns involve tricking a target into divulging confidential information, such as by mimicking a known-trusted source — be it a website or person. See all phishing payloads.

This payload is for the USB Rubber Ducky — a "flash drive" that types keystroke injection payloads into unsuspecting computers at incredible speeds. It's no wonder this little quacker has made appearances on Mr. Robot, FBI, Blacklist, National Geography and more!

Submit your own payload, or browse more featured USB Rubber Ducky Payloads.

 

 

Related Payloads

Uninstall Signal
Uninstall Signal
A script used to uninstall signal-desktop app on Windows users. Open a PowerShell, stop the Signal proccess if it runs
Read More
Starting a PowerShell with administrator permissions in Windows 10/11
Starting a PowerShell with administrator permissions in Windows 10/11
This script can be considered by people who are new to the world of scripts written in DuckyScript so that they can unde
Read More
Change the password of the windows user
Change the password of the windows user
Through this script you will be able to change windows user's password super fast. A PowerShell with administrator perm
Read More