Stealing Secrets (like Passwords) from Windows 10 with a vanilla shell

Today’s post was going to be about reverse shells with .vcf, what I had in mind (lolbin shells) did not work based on filtering/search but I will try some work arounds, in the meantime check this nice post out with a variant on exploiting with .vcf with msfvenom payload…Exploiting Windows PC using Malicious Contact VCF file
A huge shoutout to cyber security researcher John Page for bringing this vulnerability into the internet’s eye on 15th…

Since what I had in mind did not work (was fun lab testing at least), today’s post is short and sweet…

So, you got that vanilla web shell…Day 24: Windows Post Exploitation Shells and File Transfer with Netcat for Windows

Now what? Steal all the passwords and secrets on the clipboard, just one of many things you can do…

powershell.exe Get-Clipboard

That’s it, literally! Put this in a nice loop, along with screenshots of Desktop and you will be left with a lot of juicy login creds, guaranteed!

Mac Clipboard Dump



As far as I know, all solutions are third part installs, way I usually dump this is from memory. Anyone have native command line ways to dump any Linux os clipboard?