A.S.E - Advanced_System_Exfiltration #226
Conversation
LulzAnarchyAnon
changed the title
|
It is functionally complete, compiles properly, and will run. However, I would suggest some improvements that will help make it cleaner and more readable. There is also a lot of duplicate blocks of code with only simple changes. This would be a good candidate to create a function with a parameter. That way, all the unique code is only stored once, making it easier to maintain and adjust as needed, and then you simply call it via a function call like: gatherLoot(IP Address) There are quite a few places where you type out a string, and then have a single command “ENTER” on the next line. Finally, there are a lot of places that you could benefit by using one of the BLOCK commands, which allow you to do multi-line text as though it’s still a single command. Example: These also work for STRING, STRINGLN, and a variety of other commands. I personally enjoy using these as it allows for direct copy/paste of terminal commands for easier troubleshooting. There are examples to this in the Help menu, and our Wiki. Nothing that would prevent your payload from being accepted, but things that would likely make your life easier in the future, along with potentially letting you re-use some of this code for future scripts. |
|
Thank You Kalani, You're AWESOME!
…On Fri, May 24, 2024, 11:47 AM Kalani Helekunihi ***@***.***> wrote:
Merged #226 <#226> into master.
—
Reply to this email directly, view it on GitHub
<#226 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AY7QUUCQM4CQZ65F7D52NRTZD6DNPAVCNFSM6AAAAABH53OBW6VHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJSHEZDQNJTHE4TCNI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
This slow, and steady staged payload takes it's time and gleans detailed system information using powershell, Ducky script and notepad. First hidden powershells are opened in stages, and payloads are deployed to collect the target computers system information, Then a notepad.txt file named loot is created with all the gleaned information, and hidden in the Public Users folder C:\Users\Public\loot.txt The loot is then exfiltrated using a Discord webhook. In the final stage of the payload the loot.txt file, the recycling bin contents, the temp folder contents and powershell history are all deleted.