08e8d462fe
RED PILL 🔴 💊
14 lines
682 B
Text
14 lines
682 B
Text
rule hacktool_windows_rdp_cmd_delivery
|
|
{
|
|
meta:
|
|
description = "Delivers a text payload via RDP (rubber ducky)"
|
|
reference = "https://github.com/nopernik/mytools/blob/master/rdp-cmd-delivery.sh"
|
|
author = "@fusionrace"
|
|
strings:
|
|
$s1 = "Usage: rdp-cmd-delivery.sh OPTIONS" ascii wide
|
|
$s2 = "[--tofile 'c:\\test.txt' local.ps1 #will copy contents of local.ps1 to c:\\test.txt" ascii wide
|
|
$s3 = "-cmdfile local.bat #will execute everything from local.bat" ascii wide
|
|
$s4 = "To deliver powershell payload, use '--cmdfile script.ps1' but inside powershell console" ascii wide
|
|
condition:
|
|
any of them
|
|
}
|