pwnhyve
  • Welcome
  • Getting Started
    • Hardware
    • Initial system setup
    • Downloading Pwnhyve
      • Download and setup Pwnhyve
      • Optional stuff
  • Usage
    • Using the interface
    • Built-in Plugins
      • Bluetooth
      • GPIO
      • Sub-Ghz
      • System
      • USB
      • WiFi
  • Plugin Documentation
    • Creating your own plugin
      • Creating plugin classes
      • Printing to the display
      • Managing keys pressed by user
      • GUI functions/classes
        • carouselMenu
        • keyLegend
        • setFloat
        • slider
        • menu
        • enterText
        • screenConsole
Powered by GitBook
On this page
  • File Exfiltration
  • Ducky Payloads
  • LOLBAS
  • Toggle USB Ethernet
  • Toggle Mass Storage
  • Hide USB device
  • Drive Stealer
  1. Usage
  2. Built-in Plugins

USB

File Exfiltration

Uses a slightly modified form of Hak5's keystroke reflection to exfiltrate data via Caps Lock, Scroll Lock, and Num Lock. A bit slow, but it works nonetheless.

Uses powershell to run the exfiltration command. Make sure Win+R and powershell is accessible on the target system before running.

This uses SDR data transfer instead of DDR - this will be changed in a later update, which should speed up the transfer process by ~100%

Ducky Payloads

Shows all DuckyScript payloads saved in ./payloads

Runs the payload when chosen.

LOLBAS

Shows all LOLBAS payloads saved in ./core/LOLBAS.

Some payloads use environment variables, while some do not. None of them will tell you that, though, so it's not recommended to use this yet. Here's the list of the environment variables that the scripts use:

The descrpitions of the environment variables are infact, non-descriptive. My fault

  • DS_FILE is used for a target file on the host

  • DS_IP is used for target IP address

  • DS_PORT is used for target port of a command

  • DS_WEBDAV is used for a web drive, ex: FTP drive for exfilling files

  • DS_EXECUTABLE is used for a target executable, to run on the host

  • DS_REVERSE_SHELL is used for a reverse shell on another host: example of this value is 10.10.10.10:8466

  • DS_INPUT is usually used for input files, like a prompt or etc.

  • DS_OUTPUT is usually used for output files, like logs

  • DS_SOURCE is used for a source url, to download payloads or etc.

  • DS_DIRECTORY is used for the directory of a file

  • DS_HEXFILE is rarely used but is used for certutil-hex.txt and more to come

  • DS_FAKEFILE is used for alt. data streams in cmd, and is used for running a file as a batch file

Toggle USB Ethernet

Turns on and off the RNDIS ethernet adapter gadget. On boot, it is enabled.

Toggle Mass Storage

Enable and disable the USB mass storage gadget. On boot, it is enabled. This also mounts it on Pwnhyve's linux system, so you can access files through SSH.

Hide USB device

Hides the entire USB gadget, and make the device look unplugged to the host system.

Drive Stealer

This requires a USB to microUSB adapter connected to the Pi.

When a USB drive is plugged in, this plugin will automatically scour the USB drive for valuable files - by default it's only document files, but it's editable in the main configuration of Pwnhyve.

By default, these file types are exfiltrated:

".xlsx",
".pdf",
".txt",
".docx",
".pptx",
".pptm",
".ppt",
".xps",
".potx",
".potm",
".pot",
".ppsx",
".ppsm",
".pps",
".mp4",
".jpg",
".png",
".bmp",
".html",
".mhtml",
".exe"

All found files are copied to /tmp/pwnhyveExtractedUsb.

PreviousSystemNextWiFi

Last updated 1 month ago