hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/credentials/NoDefenseAgainstLaZagne
History
Rafa Guillermo f7cf46fd95
Update payload.ps1 
added missed $drivelabel reference
 		2024-09-30 20:21:11 +02:00
..
payload.ps1 Update payload.ps1 2024-09-30 20:21:11 +02:00
payload.txt updated payload to make drive label and switch generic 2024-09-30 13:14:28 +02:00
readme.md updated payload to make drive label and switch generic 2024-09-30 13:14:28 +02:00

readme.md

NoDefenseAgainstLaZagne

  • Author: rafa-guillermo
  • Creds: Hak5Darren, AlessandroZ, TeCHemically, dragmus13, RazerBlade, jdebetaz
  • Version: 1.0
  • Frimware support: 1.1 and higher
  • Target version: Windows 11
  • Tested on: Windows 11

Description

Disables Windows defender and runs LaZagne to grab passwords from the host system from apps like: chrome, internet explorer, firefox, filezilla and more. Wifi passwords and Win password hashes included. This payload is quick, but opens up an ugly PS terminal which can probably be obfuscated. This payload springboards off of AleZssandroZ's LaZagne password recovery tool as well as the Password Grabber by jdebetaz.

Full read here: LaZagne Repository Password grabber: Also in this repo

Configuration

  1. You need to download LaZagne from the LaZagne release page. Tested with LaZagne 2.2 but might work with newer versions too.
  2. Unzip the exe file and place it in the folder called 'tooling' on the root of the Bash Bunny. The payload folder should contain payload.ps1 and payload.txt, LaZagne.exe needs to be in a folder called tooling.
  3. Set up your Bash Bunny Drive Label (default is BashBunny, config is on line 22 of payload.txt and line 1 of payload.ps1)
  4. Plug your BashBunny and Enjoy

Info

rafa-guillermo: I've added a whole bunch of stuff to disable Windows Defender file scanner, smart screen and RTP before running LaZagne, I was having issues where otherwise it would immediately be quarantined. Defender will be enabled again after execution.

jdebetaz: I remake this playload with the Payload Best Practice / Style Guide

RazerBlade: By default the payload is identical to the Payload [usb_exfiltrator] but adds some commands to execute LaZagne and save the passwords to the loot folder.

Disclaimer

Hak5 and playload's contributors are not responsible for the execution of 3rd party binaries.

Led status

LED Status
Magenta solid Setup
Yellow single blink Attack
Green 1000ms VERYFAST blink followed by SOLID Finish