Menu

      Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.

      PAYLOAD HUB
      Discover creative payloads from the Hak5 community with filtering by device and category.

      PAYLOAD STUDIO
      Unleash your hacking creativity with this full-featured web-based Payload development environment.

      PAYLOAD AWARDS
      Get your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!

      ADVANCED DUCKYSCRIPT COURSE
      Learn directly from the creators! Unlock your creative potential with this comprehensive online course.

      [PAYLOAD] SERIES
      Join Hak5 hosts and collaborators as we dive into the techniques and code that make great payloads!

      Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.

      Unleash your hacking creativity with the online payload editor: PayloadStudio

      Link to your collections, sales and even external links

      Add up to five columns

      termBomb

      termBomb

      by drapl0n March 02, 2022

      Execution USB Rubber Ducky

      termBomb prompts message "!!!!!!YOU HAVE BEEN HACKED!!!!!!" and executes fork bomb on launching shell/terminal.
      PwnKit Vulnerability - Local Privilege Escalation - Compiled

      PwnKit Vulnerability - Local Privilege Escalation - Compiled

      🏆   by TW-D January 29, 2022

      Bash Bunny Execution

      This is a version of the PwnKit Vulnerability Local Privilege Escalation containing pre-compiled binaries for x86_64 Linux. If you don't want to use the p...


      PwnKit Vulnerability - Local Privilege Escalation

      PwnKit Vulnerability - Local Privilege Escalation

      🏆   by TW-D January 29, 2022

      Bash Bunny Execution

      The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every ma...

      DNS-TXT-Run

      DNS-TXT-Run

      by @keld_norman January 05, 2022

      Execution OMG

      Use a DNS TXT record to get the commands you want to execute instead of typing them in An example of how you could use DNS TXT records to get the powershel...

      DuckyHelper

      DuckyHelper

      by 0iphor13 January 05, 2022

      Execution USB Rubber Ducky

      UAC bypass for privilege escalation (Method FodHelper) AV will notify, but payload will still be executed Payload configured in line 19 & 21 (cmd.exe) : ...
      DUCKY_REAPER

      DUCKY_REAPER

      by JonnyBanana January 05, 2022

      Execution USB Rubber Ducky

      The script is a One-Liner and call an html page with a css webkit filter attack inside, this webpage crash the system webpage with the exploit here: https://...

      Win SSH server

      Win SSH server

      by Cribbit December 21, 2021

      Bash Bunny Execution

      Installs and runs a SSH Server on Windows.
      PshRevShell

      PshRevShell

      by cerebro11 September 30, 2021

      Execution Key Croc

      A fileless PowerShell reverse shell to the KeyCroc. A netcat listener should be ran on the KeyCroc before executing the payload (ex: "nc -nvlp 4444")

      $MFT-Duck-Crasher

      $MFT-Duck-Crasher

      by JonnyBanana September 28, 2021

      Execution USB Rubber Ducky

      A Simple Script for Rubber Ducky which Exploits Windows $MFT Vulnerability.

      Leaderboard

      2022 Payload Heroes
      1. 🥇   I AM JAKOBY
      2. 🥈   0iphor13
      3. 🥉   atomiczsec

      Get Rewarded

      Get your payload in front of thousands. Enter to win over $2,000 in prizes in the Hak5 Payload Awards!

      Awarded Payloads

      2023

       

      2022

      Contribute

      Submit entries to a payload repository by pull request. New to github? See this Hak5 tutorial video.

      Collaborate

      Get inspired, showcase your work and receive helpful feedback on your payloads in the Hak5 Community!

      Caution

      Third-party payloads executing as root may cause damage and come AS-IS without warranty or guarantees.

      Disclaimer

      Payloads are for education and auditing where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 claims no responsibility for unauthorized or unlawful use.

      Stats

      542 featured payloads in this library. Hundreds more at GitHub.com/Hak5.

      DEVICES

      CATEGORIES


      Previous 1 4 5 6