Menu

      Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.

      PAYLOAD HUB
      Discover creative payloads from the Hak5 community with filtering by device and category.

      PAYLOAD STUDIO
      Unleash your hacking creativity with this full-featured web-based Payload development environment.

      PAYLOAD AWARDS
      Get your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!

      ADVANCED DUCKYSCRIPT COURSE
      Learn directly from the creators! Unlock your creative potential with this comprehensive online course.

      [PAYLOAD] SERIES
      Join Hak5 hosts and collaborators as we dive into the techniques and code that make great payloads!

      Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.

      Unleash your hacking creativity with the online payload editor: PayloadStudio

      Link to your collections, sales and even external links

      Add up to five columns

      "Microsoft Windows" SMB Backdoor

      🏆   by TW-D March 29, 2022

      OMG Remote Access

      1. Adds a user account (OMG_User:OMG_P@ssW0rD). 2. Adds this local user to local administrator group. 3. Shares "C:" directory (OMG_SHARE). 4. Adds a rule to...
      OMG-AwarenessTraining

      OMG-AwarenessTraining

      🏆   by 0iphor13 March 23, 2022

      General OMG

      A small message box, telling the user that he violated the security policy. The hostname of the user will be send to a webhook to report the incident. Fill i...

      ReverseCable II

      ReverseCable II

      by 0iphor13 February 01, 2022

      OMG Remote Access

      UDP Reverse shell, based on ReverseDuckyIII, executed in the background. Might create a firewall pop up, but will execute anyway.
      RemoteDeskCable

      RemoteDeskCable

      by 0iphor13 January 19, 2022

      OMG Remote Access

      The O.MG Cable is a powerfull tool and can be used as a remote HID, to even increase the power, RemoteDeskCable was released. - Get screen access! See what y...

      Install Reverse Shell APK

      Install Reverse Shell APK

      🏆   by @InfoSec_DrewZe January 14, 2022

      Mobile-Android OMG Remote Access

      Upload Malicious APK to Android Device with an OMG Cable. This script is for educational and pentesting purposes only! Use at your own risk!
      Android Meterpreter - APK Install

      Android Meterpreter - APK Install

      🏆   by int0x80 January 14, 2022

      Mobile-Android OMG Remote Access

      Download and install an APK on Android An OMG Cable payload which downloads and installs an APK onto an Android device. Here are the high-level notes. I wo...

      Windows Reverse Shell

      Windows Reverse Shell

      by Hug1n January 05, 2022

      OMG Remote Access

      This script is designed to get a reverse shell in Windows environments with a one liner powershell command, this bypasses almost all antivirus out there and ...
      ReverseCable

      ReverseCable

      by 0iphor13 January 05, 2022

      OMG Remote Access

      Reverse shell, based on ReverseDuckyII, executed in the background Fill in Attacker-IP and Port in Line 20

      OMG-Speak

      OMG-Speak

      by @keld_norman January 05, 2022

      OMG Prank

      Turn up the volume and play a message on a victim's computer using Windows build speech engine
      DNS-TXT-Run

      DNS-TXT-Run

      by @keld_norman January 05, 2022

      Execution OMG

      Use a DNS TXT record to get the commands you want to execute instead of typing them in An example of how you could use DNS TXT records to get the powershel...

      wifigrabber

      wifigrabber

      by poundplay January 05, 2022

      Credentials OMG

      I took my own code and found the other version already made. I combined them to make it better this is a modified version of https://github.com/MTK911/Attiny...
      Exfiltrate WiFi names & PSK over DNS, now with AES-256 encryption in transit

      Exfiltrate WiFi names & PSK over DNS, now with AES-256 encryption in transit

      by Keld Norman October 17, 2021

      Exfiltration OMG

      Building upon the earlier WiFi2DNS payload that uses stealthy DNS exfiltration, Keld Norman has applied AES-256 encryption for a much more secure transit of ...

      Exfiltrate WiFi names and PSKs over DNS

      Exfiltrate WiFi names and PSKs over DNS

      by @keld_norman October 12, 2021

      Exfiltration OMG

      WiFi names and PSK are exfiltrated over DNS.

      Leaderboard

      2022 Payload Heroes
      1. 🥇   I AM JAKOBY
      2. 🥈   0iphor13
      3. 🥉   atomiczsec

      Get Rewarded

      Get your payload in front of thousands. Enter to win over $2,000 in prizes in the Hak5 Payload Awards!

      Awarded Payloads

      2023

       

      2022

      Contribute

      Submit entries to a payload repository by pull request. New to github? See this Hak5 tutorial video.

      Collaborate

      Get inspired, showcase your work and receive helpful feedback on your payloads in the Hak5 Community!

      Caution

      Third-party payloads executing as root may cause damage and come AS-IS without warranty or guarantees.

      Disclaimer

      Payloads are for education and auditing where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 claims no responsibility for unauthorized or unlawful use.

      Stats

      542 featured payloads in this library. Hundreds more at GitHub.com/Hak5.

      DEVICES

      CATEGORIES


      Previous 1 8 9 10