This PowerShell script opens a realistic looking window that asks for credentials. If the computer is part of a domain the credentials are validated. Afterwards, the loot is uploaded to Pastebin as a private paste. If the entered credentials are empty or wrong, the script will prompt the user again. This script was created with a "Bad USB" / HID / Ducky attack in mind.
You must set the following variables for the script to upload your loot to Pastebin:
$pastebin_username
is your Pastebin username$pastebin_password
is your Pastebin password$pastebin_dev_key
is your Pastebin API key (which can be found at https://pastebin.com/doc_api)
You can change the following variables:
$target
sets the "connection" name which is displayed in the message. (In the screenshot it`s "Microsoft Windows")$caption_XX
sets the title of the window$message_XX
sets the message body of the window
This script is based on https://github.com/Dviros/CredsLeaker.
This code is provided for educational use only. If you engage in any illegal activity the author does not take any responsibility for it. By using this code, you agree with these terms.