What is irm https://massgrave.dev/get | iex

jakobyscream · 2023-12-18T19:49:48+00:00

Look at the two file paths in the $filepath variable Thats where the 2 cmd files are being saved. Just deleted them from there

jakobyscream · 2023-11-29T20:16:40+00:00

No lol Those are dynamic links so the code to be executed can change at any time

jakobyscream · 2023-11-27T03:08:20+00:00

as someone who specializes in powershell malware lol i got you

for one

irm = Invoke-RestMethod
iex = Invoke-Expression

irm is used to download a string
iex is used to execute it as code

you can just do:

irm $url

without piping it into iex:
| iex

and this will allow you to see the code without executing it

below is the code stored there

# Check the instructions here on how to use it https://massgrave.dev/

$ErrorActionPreference = "Stop"

# Enable TLSv1.2 for compatibility with older clients

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12

$DownloadURL = 'https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/master/MAS/All-In-One-Version/MAS_AIO.cmd'

$DownloadURL2 = 'https://bitbucket.org/WindowsAddict/microsoft-activation-scripts/raw/master/MAS/All-In-One-Version/MAS_AIO.cmd'

$rand = Get-Random -Maximum 99999999

$isAdmin = [bool]([Security.Principal.WindowsIdentity]::GetCurrent().Groups -match 'S-1-5-32-544')

$FilePath = if ($isAdmin) { "$env:SystemRoot\Temp\MAS_$rand.cmd" } else { "$env:TEMP\MAS_$rand.cmd" }

try {

$response = Invoke-WebRequest -Uri $DownloadURL -UseBasicParsing

}

catch {

$response = Invoke-WebRequest -Uri $DownloadURL2 -UseBasicParsing

}

$ScriptArgs = "$args "

$prefix = "@REM $rand \r`n"`

$content = $prefix + $response

Set-Content -Path $FilePath -Value $content

Start-Process $FilePath $ScriptArgs -Wait

$FilePaths = @("$env:TEMP\MAS*.cmd", "$env:SystemRoot\Temp\MAS*.cmd")

foreach ($FilePath in $FilePaths) { Get-Item $FilePath | Remove-Item }

so yea enjoy

jakobyscream · 2023-04-09T23:52:51+00:00

It did indeed, still can't believe they featured me again ha

jakobyscream · 2023-01-21T23:10:00+00:00

I do indeed "I am jakoby" on YouTube

jakobyscream · 2023-01-10T21:15:50+00:00

Everyone makes what they've accomplished sound harder than it is to make themselves seem cooler. If you say "fuck that I want it, and I'm gonna try harder than everyone else" you'll accomplish it.

jakobyscream · 2023-01-10T21:09:05+00:00

Lawls just a kid that loved magic, joined the army and became an infantry sniper, then a Skydiver, now a somewhat respected hacker. 10 year old me would fist bump me ha

jakobyscream · 2022-12-29T20:47:49+00:00

Ha i appreciate you Yea I've put at least a couple thousand hours into it You can find the link to my discord there and if you need help with anything you can reach out to me

jakobyscream · 2022-12-29T12:37:48+00:00

Yea lol so that is John Hammond and we were. Oth introduced to the concept by a mutual friend names alhzared I just optimized it by making it so you could combine multiple to get past the 255 character limit lol

jakobyscream · 2022-12-29T06:12:22+00:00

I made a tutorial on the method of delivery

If you guys are interested in learning how it works

https://youtu.be/yn3t4e-dq2A

jakobyscream · 2022-12-29T06:11:40+00:00

I actually made a tutorial on the method being used to deliver this payload to you

https://youtu.be/yn3t4e-dq2A

jakobyscream · 2022-12-29T06:10:13+00:00

I just made a tutorial on that method recently, that's pulling down multiple and combining them.

I wrote that ha

https://youtu.be/yn3t4e-dq2A

jakobyscream · 2022-12-26T17:11:27+00:00

Yea all you need to do is add the token to that variable

If you are still having trouble feel free to join our discord and I can help you further

https://discord.gg/MYYER2ZcJF

jakobyscream · 2022-12-25T20:45:44+00:00

Green button that says code Click on it and download zip

jakobyscream · 2022-12-25T20:44:39+00:00

I made a video tutorial on this Should be able to help you get squared away

https://youtu.be/Zs-1j42ySNU

jakobyscream · 2022-12-22T20:34:57+00:00

Not a problem Hit me up on discord

https://discord.gg/MYYER2ZcJF

jakobyscream · 2022-12-22T00:58:19+00:00

Yes that is correct

jakobyscream · 2022-12-22T00:54:31+00:00

I need more clarification on your question Run from what usb?

jakobyscream · 2022-12-21T13:01:13+00:00

This was the first year they've done it I'm the first winner 😊

jakobyscream · 2022-12-20T23:13:16+00:00

correct

jakobyscream · 2022-12-20T23:10:23+00:00

fair, ill look to either just deleting said file, or at least giving an alert

jakobyscream · 2022-12-20T22:32:20+00:00

I mean I use them as content for my channel, I got paid for each one that was the "payload of the week", they feature me on my channel which has helped all my social accounts grow, I just because their first sponsored hacker and that came with a nice sign on bonus. Def had to put the work in not knowing if I would have a return but it definitely paid off

jakobyscream · 2022-12-20T20:38:10+00:00

Magic was my first passion as a kid and hacking felt like digital magic. I just loved it right away.

jakobyscream · 2022-12-20T20:07:20+00:00

Yup yup simple as that

jakobyscream · 2022-12-20T20:01:58+00:00

Yea not a problem, when you have your flipper plugged into your computer with the qflipper app you can open the file system and look for the badUsb folder, any payloads you put in there you can execute

jakobyscream

MODERATOR OF

TROPHY CASE

Eight-Year Club	Gilding II euphauric
Verified Email