addc4f30c8
added REM statements before # |
||
|---|---|---|
| .. | ||
| Version 01 | ||
| ReadMe.md | ||
| payload.txt | ||
ReadMe.md
About:
- Title: Browser-Passwords-Dropbox-Exfiltration
- Description: Opens PowerShell hidden, grabs Chrome passwords, saves as a cleartext file and exfiltrates info via Dropbox.
- Then it cleans up traces of what you have done after.
- AUTHOR: DIYS.py
- Version: 1.0
- Category: Credentials, Exfiltration
- Target: Windows 10
- Attackmodes: HID
Features:
- Reasonably stelathy
- Fairly quick
Workflow:
- Encoding payload and injecting on target's system.
- Checks Chrome files and obtains the stored browser credentials
- Saves a plaintext file of all of the usernames, passwords, websites
- Deletes the Temp files, recycle bin, Run and PowerShell history
Usage Version 01:
- Follow the instructions on the link enclosed in the PowerShell script to create the correct API access credentials for your Dropbox account.
- Obtain your Authentication Token and add it to the PowerShell script, upload that script to your dropbox and add the link to it in the payload file.
- Encode payload.txt and inject into target's system.
- Check your Dropbox for the files.
Possible Issues:
- AVG detected this was trying to access Chrome info and blocked it from working some of the time.
DIYSpy on Twitter