Create PentestGPT.txt #398
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adding my PentestGPT version 1 to the recon category This script automates the gathering of detailed system information and uses the OpenAI GPT-3.5 Turbo API to generate a pentesting report based on the collected information. Additionally, the script showcases an example of obfuscation to protect sensitive parts of the code and to evade basic detection mechanisms.
dallaswinger
reviewed
Jan 3, 2024
| REM Create PowerShell script to gather system information | ||
| DELAY 500 | ||
| STRING $system_info = @{ | ||
| ENTER |
There was a problem hiding this comment.
ENTER```
can be replaced with `STRINGLN`
dallaswinger
reviewed
Jan 3, 2024
| DELAY 500 | ||
| STRING 'OS' = $(Get-CimInstance Win32_OperatingSystem).Caption; | ||
| ENTER | ||
| DELAY 500 |
There was a problem hiding this comment.
Except on a very slow target system, (or from a device that isn't a real usb rubber ducky), these delays shouldn't be required.
dallaswinger
reviewed
Jan 3, 2024
| STRING "@ | ||
| ENTER | ||
| DELAY 500 | ||
| STRING Set-Content -Path $env:USERPROFILE\Desktop\Pentesting_Report.html -Value $htmlContent |
There was a problem hiding this comment.
this should likely be a DEFINE so payload user can supply their desired path
dallaswinger
reviewed
Jan 3, 2024
| STRING $htmlContent = @" | ||
| ENTER | ||
| DELAY 500 | ||
| STRING <html> |
There was a problem hiding this comment.
injecting code blocks can be made more readable by using string blocks:
https://docs.hak5.org/hak5-usb-rubber-ducky/ducky-script-basics/keystroke-injection#stringln-blocks
|
Thank you very much for the reviews. I will be applying them all as soon as I have access to my computer. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does my payload do?
This script serves a dual purpose:
Moreover, the script demonstrates a technique for obfuscating specific code sections, which can be instrumental in safeguarding sensitive code fragments and dodging rudimentary detection mechanisms.
How can others use it?
Requirements: