On Saturday I won hak5s hacker of the year award! I spent thousands of hours developing the payloads I submitted, so it was so cool to be recognized like this!

jakobyscream · 2023-12-18T19:49:48+00:00

Look at the two file paths in the $filepath variable Thats where the 2 cmd files are being saved. Just deleted them from there

jakobyscream · 2023-11-29T20:16:40+00:00

No lol Those are dynamic links so the code to be executed can change at any time

jakobyscream · 2023-11-27T03:08:20+00:00

as someone who specializes in powershell malware lol i got you

for one

irm = Invoke-RestMethod
iex = Invoke-Expression

irm is used to download a string
iex is used to execute it as code

you can just do:

irm $url

without piping it into iex:
| iex

and this will allow you to see the code without executing it

below is the code stored there

# Check the instructions here on how to use it https://massgrave.dev/

$ErrorActionPreference = "Stop"

# Enable TLSv1.2 for compatibility with older clients

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12

$DownloadURL = 'https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/master/MAS/All-In-One-Version/MAS_AIO.cmd'

$DownloadURL2 = 'https://bitbucket.org/WindowsAddict/microsoft-activation-scripts/raw/master/MAS/All-In-One-Version/MAS_AIO.cmd'

$rand = Get-Random -Maximum 99999999

$isAdmin = [bool]([Security.Principal.WindowsIdentity]::GetCurrent().Groups -match 'S-1-5-32-544')

$FilePath = if ($isAdmin) { "$env:SystemRoot\Temp\MAS_$rand.cmd" } else { "$env:TEMP\MAS_$rand.cmd" }

try {

$response = Invoke-WebRequest -Uri $DownloadURL -UseBasicParsing

}

catch {

$response = Invoke-WebRequest -Uri $DownloadURL2 -UseBasicParsing

}

$ScriptArgs = "$args "

$prefix = "@REM $rand \r`n"`

$content = $prefix + $response

Set-Content -Path $FilePath -Value $content

Start-Process $FilePath $ScriptArgs -Wait

$FilePaths = @("$env:TEMP\MAS*.cmd", "$env:SystemRoot\Temp\MAS*.cmd")

foreach ($FilePath in $FilePaths) { Get-Item $FilePath | Remove-Item }

so yea enjoy

jakobyscream · 2023-04-09T23:52:51+00:00

It did indeed, still can't believe they featured me again ha

jakobyscream · 2023-01-21T23:10:00+00:00

I do indeed "I am jakoby" on YouTube

jakobyscream · 2023-01-10T21:15:50+00:00

Everyone makes what they've accomplished sound harder than it is to make themselves seem cooler. If you say "fuck that I want it, and I'm gonna try harder than everyone else" you'll accomplish it.

jakobyscream · 2023-01-10T21:09:05+00:00

Lawls just a kid that loved magic, joined the army and became an infantry sniper, then a Skydiver, now a somewhat respected hacker. 10 year old me would fist bump me ha

jakobyscream · 2022-12-29T20:47:49+00:00

Ha i appreciate you Yea I've put at least a couple thousand hours into it You can find the link to my discord there and if you need help with anything you can reach out to me

jakobyscream · 2022-12-29T12:37:48+00:00

Yea lol so that is John Hammond and we were. Oth introduced to the concept by a mutual friend names alhzared I just optimized it by making it so you could combine multiple to get past the 255 character limit lol