From ce77d83e9904219cc159882b997c4b08c81b64ae Mon Sep 17 00:00:00 2001 From: cribb-it <24548670+cribb-it@users.noreply.github.com> Date: Thu, 17 Aug 2023 20:20:24 +0100 Subject: [PATCH] New Payload - Invisable Folder --- .../payload.txt | 91 +++++++++++++++++++ .../Win_HID_InvisableDesktopFolder/readme.md | 38 ++++++++ 2 files changed, 129 insertions(+) create mode 100644 payloads/library/execution/Win_HID_InvisableDesktopFolder/payload.txt create mode 100644 payloads/library/execution/Win_HID_InvisableDesktopFolder/readme.md diff --git a/payloads/library/execution/Win_HID_InvisableDesktopFolder/payload.txt b/payloads/library/execution/Win_HID_InvisableDesktopFolder/payload.txt new file mode 100644 index 0000000..e39b409 --- /dev/null +++ b/payloads/library/execution/Win_HID_InvisableDesktopFolder/payload.txt @@ -0,0 +1,91 @@ +REM Title: Invisible Desktop Folder +REM Author: Cribbit +REM Description: Creates a some what invisible folder on the desktop. +REM Target: Windows 10 with english language +ATTACKMODE HID + +EXTENSION DETECT_READY + REM VERSION 1.1 + REM AUTHOR: Korben + + REM_BLOCK DOCUMENTATION + USAGE: + Extension runs inline (here) + Place at beginning of payload (besides ATTACKMODE) to act as dynamic + boot delay + + TARGETS: + Any system that reflects CAPSLOCK will detect minimum required delay + Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms + END_REM + + REM CONFIGURATION: + DEFINE #RESPONSE_DELAY 25 + DEFINE #ITERATION_LIMIT 120 + + VAR $C = 0 + WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT)) + CAPSLOCK + DELAY #RESPONSE_DELAY + $C = ($C + 1) + END_WHILE + CAPSLOCK +END_EXTENSION + +DELAY 1000 +REM Minimize all windows +GUI m +DELAY 100 +MENU +DELAY 100 +REM Select Ne_w +w +REM Select _Folder +f +DELAY 100 +REM hold ALT and type 255 on keypad. +INJECT_MOD +HOLD ALT +KPAD_2 +KPAD_5 +KPAD_5 +INJECT_MOD +RELEASE ALT +ENTER +DELAY 100 +MENU +DELAY 100 +REM Select _Open +o +REM Select Pr_operties +o +DELAY 100 +ENTER +DELAY 100 +REM Move to tabs across the top +SHIFT TAB +SHIFT TAB +DELAY 100 +REM Go across to customise +RIGHTARROW +RIGHTARROW +RIGHTARROW +RIGHTARROW +REM Select Change _Icon +ALT i +DELAY 100 +REM Move to selection window +TAB +TAB +DELAY 100 +REM move right 13 time to select the clear icon. +REM please check on your system that this is the case. +VAR $MOVERIGHT = 13 +WHILE ( $MOVERIGHT > 0 ) + RIGHTARROW + $MOVERIGHT = ( $MOVERIGHT - 1 ) +END_WHILE +DELAY 100 +REM Click OK twice +ENTER +ENTER \ No newline at end of file diff --git a/payloads/library/execution/Win_HID_InvisableDesktopFolder/readme.md b/payloads/library/execution/Win_HID_InvisableDesktopFolder/readme.md new file mode 100644 index 0000000..20ca771 --- /dev/null +++ b/payloads/library/execution/Win_HID_InvisableDesktopFolder/readme.md @@ -0,0 +1,38 @@ +# :mag: Invisible Desktop Folder +* Author: Cribbit +* Version: 1 +* Target: Windows 10 (English) +* Category: Execution +* Attackmode: HID + +## :book: Description +Creates a somewhat invisible folder on the desktop. +Uses an invisible character for the name and a transparent icon. +This targets the English version of Windows. as it uses the underlined letters to select menu items and buttons. + +## :musical_note: Notes +You will need the define KPAD_2 and KPAD_5 in your language file: +```JSON + "KPAD_SLASH":"00,00,54", + "KPAD_ASTERISK":"00,00,55", + "KPAD_MINUS":"00,00,56", + "KPAD_PLUS":"00,00,57", + "KPAD_ENTER":"00,00,58", + "KPAD_1":"00,00,59", + "KPAD_2":"00,00,5a", + "KPAD_3":"00,00,5b", + "KPAD_4":"00,00,5c", + "KPAD_5":"00,00,5d", + "KPAD_6":"00,00,5e", + "KPAD_7":"00,00,5f", + "KPAD_8":"00,00,60", + "KPAD_9":"00,00,61", + "KPAD_0":"00,00,62", + "KPAD_DOT":"00,00,63", +``` + + +## :page_facing_up: Change Log +| Version | Changes | +| ------- | ------------------------------| +| 1.0 | Initial release | \ No newline at end of file