Screen-Shock

Screen-Shock
Download Copy
Title: Screen-Shock
Author: atomiczsec

This payload is meant to exfiltrate screenshots of all monitors and sends to a dropbox every 15 seconds. (This setting can be changed in the c.ps1 file) This payload uses iwr to download 2 files I.bat c.ps1 I.bat is downloaded to the startup folder to maintain persistence and execute c.ps1 on reboot/startup c.ps1 will sit in AppData\Roaming folder, taking a screenshot of all monitors every 15 seconds Then the contents will then be sent to the DropBox for viewing pleasure

Exfiltration is an involuntary backup. It's a technique for obtaining data from a network. Once obtained, the data may be removed using a number of methods. These may include traversing the network to a command and control server, such as Cloud C². The content is typically encrypted or obfuscated. In the case of physical access, a bring-your-own-network element may be included to evade detection. See all exfiltration payloads.

This payload is for OMG — a platform built for covert field-use with features that enhance remote execution, stealth and forensics evasion, all while being able to quickly change your tooling on the fly.

Submit your own payload, or browse more featured OMG Payloads.

 

 

Related Payloads

Global Powershell Logging and Transcription
Global Powershell Logging and Transcription
This payload executes a script that logs all PowerShell input and output to a text file in the documents folder.
Read More
USB Poison
USB Poison
This payload executes a script that waits for new USB flash storage devices to be connected. When a new device connects,
Read More
Execute commands as NT AUTHORITY\SYSTEM with TrustedInstaller privileges
Execute commands as NT AUTHORITY\SYSTEM with TrustedInstaller privileges
This payload launches a new cmd.exe process with elevated privileges under TrustedInstaller, by setting the TrustedInsta
Read More