Feature Request: USB Exfil Payloads Without Powershell

Question

Feature Request: USB Exfil Payloads Without Powershell

MatthewClarkMay opened this issue 7 years ago · 3 comments

I'm not sure if this is the place for this but it's more of a recommendation than an issue. Most of the payloads in this library use Powershell, but many companies block Powershell from running on most endpoints, or under normal user privilege. Anyone written any solid exfil / system info / loot collection payloads without using Powershell?

Thanks!

Answer 1 · 2017-08-29T14:50:13.000Z

I think you can use cmd but it will not be as stealthy and is limited. I'm gonna check if its possible later today!

Answer 2 · 2017-09-28T15:10:28.000Z

Just noticed this. I wrote one that you might want to try. I call it by powershell but you could call direct. Depends on .net which most of my tested targets have.

https://github.com/saintcrossbow/SmartFileExtract

Answer 3 · 2018-01-23T19:20:55.000Z

Write a small Golang binary that is easily copyable to %TEMP%