What do you use the bad usb for?

Im an ethical hacker i pretty much use flipper zero to download my files, and my pip modules on any windows / linux machine. Im working on it now to the point any machine i touch can be configured with the flipper zero to work as a pentesting machine for clients.

1 Like

My first BadUSB try was something for the flipper itself: U2F - Not working - #13 by LupusE

I am using it mostly for automation tasks, but open BadUSB, search script, press play ā€¦ Most times I am faster manual.

1 Like

Good question. I found that smart TVs respond well to keyboards and there are many keyboard shortcut commands. I used Bad USB to do a RickRoll on my Fire TV. I think I can do a better one on the Roku TV because the USB port does not power on until the TV does. In theory the Flipper could wait in the background till the TV is turned on and surprise the user. :rofl:

So far as practical applications Iā€™m in the same place as you. The Flipper can be good to do automated setup. I think I might be able to do a script for a quick shutdown of my NAS as well. I would love to see remote BadUSB made possible with the Flipper.

Kiosk mode bruteforce to get access to OS/Command Line/Whatever on machines displaying only the main application and locked as kiosk mode.

1 Like

At work I set up scripts to run Windows Autopilot enrollment and another to run Windows updates from the OOBE area on a computer that is fresh out of the box and not signed into yet.

Nothing else yet, but I am on the lookout for other useful automations to do with it.

1 Like

Iā€™ve recently set up a super simple script to hold down the ā€œcraftā€ button so that Arthur Morgan can make hundreds of split point bullets without me having to hold down the A button forever in Red Dead Redemption 2.

4 Likes

Can you send me these scripts?
I deploy autopilot as well and iā€™ve been having a hell of a time trying to convert my ps1 script to ducky.

Would really appreciate it!

Sometime ago, I created a PS1 to Ducky converter, have a look at it: https://github.com/Zarcolio/flipperzero/blob/main/BadUSB/Ducky%20Script%20Powershell/Useful/Convert-Ps2Ducky.ps1
Let me know it it works for you :grinning:

2 Likes

I created a script that injected regular messages into live chat on YouTube as a Joke but I could imagine someone using it as a simple replacement for Nightbot.

The script looks nice. Clean and simple.
Maybe there is a way to transform PS Starr-Sleep to ducky sleep?
Or give a warning when interactive (readā€“host) elements appear.

Just as little improvements.

1 Like

Thanks!
Warning about Read-Host sounds like a really good idea!
But Iā€™m wondering what would replacing the Powershell Start-Sleep command with the Ducky script counterpart bring? Especially when useful cases are non-conditional, IMHO.
Thanks for thinking along!

My thought is, that a standalone Start-Sleep in PowerShell will have more overhead than doing it on the Flipper. Because the command needs to be transferred and does nothing.
The advantage is, the code will be still send to target while the logic sleeps.

I try to avoid sleeps in general and use event based pause conditions. So I have no real exampleā€¦ I will come back here if I find any.

But you are right, this is only valid for an unconditional Start-Sleep, not within a loop.

In the end it is up to you. I just give the thought. Maybe an over thought.

2 Likes

Iā€™ll think it over.
Maybe Iā€™ll add an replace if an unconditional Start-Sleep is found.

Sorry for the late reply, just saw this. Hopefully what I have made is somewhat helpful at least. I did find that Win11 leaves the CMD window out of focus in OOBE so the part I have that loads CMD and starts typing is failing on Win11 devices, but running again once clicking in CMD seems to work ok.

I included a reboot at the end to finish things off. Feel free to tweak any of the delays, I was just following the layout of the example ducky scripts that came with the flipper. I also made one to run Windows Updates from PowerShell if you want it as well :slight_smile:

DELAY 500
SHIFT F10
DELAY 1000
STRING powershell
ENTER
DELAY 1000
STRING set-executionpolicy unrestricted; install-script -name get-windowsautopilotinfo; get-windowsautopilotinfo.ps1 -online; set-executionpolicy restricted
DELAY 500
ENTER
DELAY 2000
STRING y
ENTER
DELAY 500
STRING y
ENTER
DELAY 500
STRING y
ENTER
STRING shutdown /r /t 0
ENTER

I donā€™t know what the current setup is but rumor was manual checking for updates can get you beta releases. I have heard people complain that caused them issues and some claimed they even had to opt out of beta updates afterward. I havenā€™t looked into this at length and the conversation was very old so take it with a grain of salt. Do your own research if that might be a problem for you. Iā€™m not a Windows user anymore so itā€™s not a topic I stayed on top of.

Are you using a script to check and/or join devices to join Entra/Intune or some fancy zero touch deployment? We are moving that direction from imaging, but in the end I wonā€™t have to touch anything as Iā€™m the king of remote automation in my enterprise environment. Prob a mix of Intune + Company Portal + Chocolatey for packages.

One good use though I do know is for the datacenter, but would be better with a UsbNinja as it supports wireless activation. But thereā€™s a server with a particular issue every blue moon 1 of 3 servers (basically they push a 1 of 3 $50,000 each *nix servers to the max in research and calculations, usually petabytes of data processing) has an issue where they use all the memory/resources and it crashes remote access. Only a local account can restore (and though I gave them a way to do it themselves, both in script and local account vs AD, they always ask me to do it). Now I can press a button from my office and have the ā€˜USBNinjaā€™ do the work for me.

Again, thatā€™s just for kicks and having fun, because it takes me about 10 seconds to login remotely via ssh and run the same command. But maybe it will be a good alternative for co-workers who donā€™t wish to learn command-line/Ubuntu Server (which is gui-less). Also if I wanted to reduce 10 seconds to 1-2 seconds, I would normally just automate it into a PS module. But again, itā€™s faster just at 10 seconds (unless itā€™s a boring day, hence the USBNinja lol).

We use it to enroll devices into Autopilot. I think it just calls out to some generic MS stuff to kick off gathering the data to make the hardware hash it needs, then has you sign in with an admin account that has the Intune role assigned, to then upload it to Intune and enroll the device in Autopilot.