From 87354048c86683b32da57078d6b9b8ac563bd17d Mon Sep 17 00:00:00 2001
From: Aleff <alessandro.greco.1@protonmail.com>
Date: Sat, 22 Jul 2023 09:43:23 +0200
Subject: [PATCH] QUACKed

---
 .../payload.txt                               | 93 ++++++++++---------
 1 file changed, 47 insertions(+), 46 deletions(-)

diff --git a/payloads/library/Incident_Response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt b/payloads/library/Incident_Response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt
index e9bb3d46..d336110a 100644
--- a/payloads/library/Incident_Response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt
+++ b/payloads/library/Incident_Response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt
@@ -28,58 +28,59 @@ REM It is recommended to implement these protective measures to prevent potentia
 
 REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
 
-DELAY 1000
-GUI x
-DELAY 500
-STRING a
-DELAY 500
-LEFTARROW
-DELAY 500
-ENTER
+QUACK DELAY 1000
+QUACK GUI x
+QUACK DELAY 500
+QUACK STRING a
+QUACK DELAY 500
+QUACK LEFTARROW
+QUACK DELAY 500
+QUACK ENTER
 
 REM Sets the path to the registry key
-STRINGLN $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION"
+QUACK STRING $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION"
+QUACK ENTER
 
 REM Array of application names
-STRING $applicationNames = @(
-ENTER
-STRING "Excel.exe",
-ENTER
-STRING "Graph.exe",
-ENTER
-STRING "MSAccess.exe",
-ENTER
-STRING "MSPub.exe",
-ENTER
-STRING "Powerpnt.exe",
-ENTER
-STRING "Visio.exe",
-ENTER
-STRING "WinProj.exe",
-ENTER
-STRING "WinWord.exe",
-ENTER
-STRING "Wordpad.exe"
-ENTER
-STRING )
+QUACK STRING $applicationNames = @(
+QUACK ENTER
+QUACK STRING "Excel.exe",
+QUACK ENTER
+QUACK STRING "Graph.exe",
 ENTER
+QUACK STRING "MSAccess.exe",
+QUACK ENTER
+QUACK STRING "MSPub.exe",
+QUACK ENTER
+QUACK STRING "Powerpnt.exe",
+QUACK ENTER
+QUACK STRING "Visio.exe",
+QUACK ENTER
+QUACK STRING "WinProj.exe",
+QUACK ENTER
+QUACK STRING "WinWord.exe",
+QUACK ENTER
+QUACK STRING "Wordpad.exe"
+QUACK ENTER
+QUACK STRING )
+QUACK ENTER
 
 REM Create the registry key if it does not already exist
-STRING if (!(Test-Path $registryPath)) {
-ENTER
-STRING New-Item -Path $registryPath -Force | Out-Null
-ENTER
-STRING echo "Registry key created"
-ENTER
-STRING }
-ENTER
+QUACK STRING if (!(Test-Path $registryPath)) {
+QUACK ENTER
+QUACK STRING New-Item -Path $registryPath -Force | Out-Null
+QUACK ENTER
+QUACK STRING echo "Registry key created"
+QUACK ENTER
+QUACK STRING }
+QUACK ENTER
 
 REM Add the values to the registry key
-STRING foreach ($appName in $applicationNames) {
-ENTER
-STRING Set-ItemProperty -Path $registryPath -Name $appName -Value 1 -Type DWORD -Force | Out-Null
-ENTER
-STRING echo "[+] $appName"
-ENTER
-STRING }
-ENTER
+QUACK STRING foreach ($appName in $applicationNames) {
+QUACK ENTER
+QUACK STRING Set-ItemProperty -Path $registryPath -Name $appName -Value 1 -Type DWORD -Force | Out-Null
+QUACK ENTER
+QUACK STRING echo "[+] $appName"
+QUACK ENTER
+QUACK STRING }
+QUACK ENTER