usbrubberducky-payloads/payloads/library/exfiltration/ProtonVPN-config
aleff-github ec0979eaf6 Update 2023-06-25 00:40:23 +02:00
..
ProtonVPN-config.ps1 Upload PowerShell script 2023-01-13 08:22:42 +01:00
README.md Update 2023-06-25 00:40:23 +02:00
payload.txt Update DEFINEs 2023-03-04 08:14:22 +01:00

README.md

ProtonVPN config file

A script used to stole target ProtonVPN config file.

Category: Credentials, Exfiltration

Description

This script will stole target ProtonVPN config file.

Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook. In the config file you can find a lot information about the user like:

  • UserUid
  • UserAccessToken
  • UserRefreshToken
  • UserAuthenticationPublicKey
  • UserAuthenticationSecretKey
  • UserAuthenticationCertificatePem
  • UserCertificationServerPublicKey
  • and so on...

Then it cleans up traces of what you have done after.

Getting Started

Dependencies

  • ProtonVPN user logged at least one time
  • An internet connection
  • Windows 10,11

Executing program

  • Plug in your device
  • Invoke Get-Content for get in plaintext the ProtonVPN .config content
  • Invoke-WebRequest will be entered in the Run Box to send the content

Credits

Aleff :octocat:


Github

Linkedin