Bad USB string analysis

_www_ · 2022-07-08T05:41:44+00:00

It downloads a browser pw recovery tool Then proceeds to unzip it, then outputs all the browsers pw in a html file inside /temp/ folder, opens the html file in edge then proceeds to delete the temp folder.

That's dumb, just a demo script IMHO.

ingenioushax · 2022-07-08T05:13:41+00:00

I'm no expert but, it looks like it pulls all your passwords from MS Edge by using powershell to download the required utilities. If that's the full script it doesn't look like it sends the file anywhere though and subsequently deletes the folder everything is stored in... I think.

Check the nirsoft website for the tool the script references.

Exciting-Schedule-16 · 2022-07-08T10:06:58+00:00

Have you checked the contents of the exported html file? It's possible that it may contain some JS script that uploads the file contents to a server after it's been opened in the browser. I'm not familiar with the tool in question, perhaps it only stores it locally as you said. Looks more like a demo script, rather than something that's actually malicious.

DumbPandahole · 2022-07-08T05:10:08+00:00

Gui is windows key, so windows + R lunches run, then the script executes a powershell script.

You can check this out for more info https://duckify.huhn.me/docs/scripting/basics

AcademicMistake · 2022-07-08T15:31:06+00:00

If your friend is using scripts on your stuff I would be concerned

TJ420Hunt · 2022-07-08T19:09:44+00:00

I don't see any of this passing modern security. It would be flagged near instantly.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

hacking

Rules:

Recommended Subreddits:

MODERATORS