USB
File Exfiltration
Uses a slightly modified form of Hak5's keystroke reflection to exfiltrate data via Caps Lock, Scroll Lock, and Num Lock. A bit slow, but it works nonetheless.
Ducky Payloads
Shows all DuckyScript payloads saved in ./payloads
Runs the payload when chosen.
LOLBAS
Shows all LOLBAS payloads saved in ./core/LOLBAS.
Some payloads use environment variables, while some do not. None of them will tell you that, though, so it's not recommended to use this yet. Here's the list of the environment variables that the scripts use:
DS_FILEis used for a target file on the hostDS_IPis used for target IP addressDS_PORTis used for target port of a commandDS_WEBDAVis used for a web drive, ex: FTP drive for exfilling filesDS_EXECUTABLEis used for a target executable, to run on the hostDS_REVERSE_SHELLis used for a reverse shell on another host: example of this value is 10.10.10.10:8466DS_INPUTis usually used for input files, like a prompt or etc.DS_OUTPUTis usually used for output files, like logsDS_SOURCEis used for a source url, to download payloads or etc.DS_DIRECTORYis used for the directory of a fileDS_HEXFILEis rarely used but is used forcertutil-hex.txtand more to comeDS_FAKEFILEis used foralt. data streamsincmd, and is used for running a file as a batch file
Toggle USB Ethernet
Turns on and off the RNDIS ethernet adapter gadget. On boot, it is enabled.
Toggle Mass Storage
Enable and disable the USB mass storage gadget. On boot, it is enabled. This also mounts it on Pwnhyve's linux system, so you can access files through SSH.
Hide USB device
Hides the entire USB gadget, and make the device look unplugged to the host system.
Drive Stealer
When a USB drive is plugged in, this plugin will automatically scour the USB drive for valuable files - by default it's only document files, but it's editable in the main configuration of Pwnhyve.
By default, these file types are exfiltrated:
All found files are copied to /tmp/pwnhyveExtractedUsb.
Last updated