From 785e5d2a754fe555c5f5d693f955b8da977eaa18 Mon Sep 17 00:00:00 2001 From: cribb-it <24548670+cribb-it@users.noreply.github.com> Date: Tue, 6 Jul 2021 20:02:27 +0100 Subject: [PATCH] Various small fixes (#435) * Add files via upload * Update readme.md * Update readme.md * Update payload.txt * Update readme.md * fix rebase errors * Fix for rebase * Fix for fewer details --- .../credentials/Win_PoSH_FakeLogin/readme.md | 2 +- .../poc/WIN_PoSH_MorseCode/payload.txt | 2 +- .../library/prank/hide-startbar/readme.md | 56 +++++++++---------- .../recon/Win_PoSH_WordReport/payload.txt | 3 + 4 files changed, 33 insertions(+), 30 deletions(-) diff --git a/payloads/library/credentials/Win_PoSH_FakeLogin/readme.md b/payloads/library/credentials/Win_PoSH_FakeLogin/readme.md index d5aedff1..ad6b63c6 100644 --- a/payloads/library/credentials/Win_PoSH_FakeLogin/readme.md +++ b/payloads/library/credentials/Win_PoSH_FakeLogin/readme.md @@ -30,7 +30,7 @@ $BGImg = [System.Drawing.Image]::FromStream($R.RawContentStream); ## To Do Adding a To Do section just in case someone (or me if I can be bothered) want to fix some issues: -- Fade between Time panel 1 and login panel 2 +- Fade between time panel 1 and login panel 2 - The beginnings of the code are there but has too much noticeable flicker. - Disable notifications as they display over the form: - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer, this Explorer needs to be created, Dword32 “DisableNotificationCenter”, value as 1. diff --git a/payloads/library/poc/WIN_PoSH_MorseCode/payload.txt b/payloads/library/poc/WIN_PoSH_MorseCode/payload.txt index 32f326ee..8f7f9095 100644 --- a/payloads/library/poc/WIN_PoSH_MorseCode/payload.txt +++ b/payloads/library/poc/WIN_PoSH_MorseCode/payload.txt @@ -19,4 +19,4 @@ LED ATTACK QUACK DELAY 200 RUN WIN "powershell .(powershell.exe -encodedCommand (gc((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\b.txt')))" -LED FINISH \ No newline at end of file +LED FINISH diff --git a/payloads/library/prank/hide-startbar/readme.md b/payloads/library/prank/hide-startbar/readme.md index 83e44fb6..097098a3 100644 --- a/payloads/library/prank/hide-startbar/readme.md +++ b/payloads/library/prank/hide-startbar/readme.md @@ -1,28 +1,28 @@ -# Hide Startbar -* Author: Cribbit -* Version: 1.0 -* Target: Windows 7+ (Powershell) -* Category: pranks -* Attackmode: HID -* Extensions used: Run - -## Change Log -| Version | Changes | -| ------- | ------------------------------| -| 1.0 | Initial release | - -## Description -Hides the Window Start bar - -## Configuration -Change hex to hide or show the startbar -``` -0x0080 = SWP_HIDEWINDOW, 0x0040 = SWP_SHOWWINDOW -``` - -## Colors -| Status | Color | Description | -| --------- | ------------------------------| ------------------------------------------------ | -| SETUP | Magenta solid | Setting attack mode, getting the switch position | -| ATTACK | Yellow single blink | Injecting Powershell script | -| FINISH | Green blink followed by SOLID | Script is finished | +# Hide Startbar +* Author: Cribbit +* Version: 1.0 +* Target: Windows 7+ (Powershell) +* Category: pranks +* Attackmode: HID +* Extensions: Run + +## Change Log +| Version | Changes | +| ------- | ------------------------------| +| 1.0 | Initial release | + +## Description +Hides the Window Start bar + +## Configuration +Change hex to hide or show the startbar +``` +0x0080 = SWP_HIDEWINDOW, 0x0040 = SWP_SHOWWINDOW +``` + +## Colors +| Status | Color | Description | +| --------- | ------------------------------| ------------------------------------------------ | +| SETUP | Magenta solid | Setting attack mode, getting the switch position | +| ATTACK | Yellow single blink | Injecting Powershell script | +| FINISH | Green blink followed by SOLID | Script is finished | diff --git a/payloads/library/recon/Win_PoSH_WordReport/payload.txt b/payloads/library/recon/Win_PoSH_WordReport/payload.txt index 4f581884..e6dbbb0c 100644 --- a/payloads/library/recon/Win_PoSH_WordReport/payload.txt +++ b/payloads/library/recon/Win_PoSH_WordReport/payload.txt @@ -17,6 +17,9 @@ Q DELAY 200 # Opens Task Manager Q CTRL-SHIFT ESC Q DELAY 100 +# Opens "More details" to show menu (can not use alt d as this toggle and my hide the menu if already open). +Q SHIFT TAB +Q SPACE # Selects "&File" Q ALT f # Selects "Run &new task"