Flipper/BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation2-cleanup.txt

63 lines
2.2 KiB
Plaintext

REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This is a follow-up script to the RansomwareSimulation %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Running this renames all extensions back to their original, full path- making them usable %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This can be ran multiple times if necessary %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
GUI r
DELAY 2000
STRING powershell
ENTER
REM increased delays to make sure each command can go through even on slower computers
DELAY 6000
REM Define the locations using correct SpecialFolder enumerations
STRING $folders = @(
DELAY 1000
ENTER
DELAY 1000
STRING [System.Environment+SpecialFolder]::Desktop,
DELAY 1000
ENTER
DELAY 2000
STRING [System.Environment+SpecialFolder]::MyPictures,
DELAY 1000
ENTER
DELAY 2000
STRING [System.Environment+SpecialFolder]::MyMusic,
DELAY 1000
ENTER
DELAY 2000
STRING [System.Environment+SpecialFolder]::Downloads
DELAY 1000
ENTER
DELAY 2000
STRING )
DELAY 1000
ENTER
DELAY 3000
REM Iterate over each location
STRING foreach ($folder in $folders) {
DELAY 1000
ENTER
DELAY 1000
STRING $path = [Environment]::GetFolderPath($folder)
DELAY 1000
ENTER
DELAY 4000
REM Get all .locked files in the path and rename them back
STRING Get-ChildItem -Path $path -File | Where-Object { $_.Name.EndsWith('.locked') } | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name -replace '\.locked$', '') }
DELAY 2000
ENTER
DELAY 5000
STRING }
DELAY 1000
ENTER
DELAY 4000
STRING exit
DELAY 1000
ENTER
REM Check out github.com/MarkCyber for more badusb scripts, malware and pen testing stuff